Feat: prepare for the 1.6.0-beta.1 version

Signed-off-by: barnettZQG <[email protected]>

addons/dex/config-templates/dex-connector.cue

@@ -0,0 +1,136 @@
+import (
+	"encoding/json"
+)
+
+metadata: {
+	scope:       "system"
+	name:        "dex-connector"
+	alias:       "Dex Connector"
+	description: "Configure the connectors for the Dex"
+	sensitive:   false
+}
+
+template: {
+	output: {
+		apiVersion: "v1"
+		kind:       "Secret"
+		metadata: {
+			name:      context.name
+			namespace: context.namespace
+			labels: {
+				"config.oam.dev/sub-type": parameter.type
+			}
+		}
+		type: "Opaque"
+
+		if parameter.type == "github" && parameter.github != _|_ {
+			stringData: github: json.Marshal(parameter.github)
+		}
+		if parameter.type == "ldap" && parameter.ldap != _|_ {
+			stringData: ldap: json.Marshal(parameter.ldap)
+		}
+		if parameter.type == "oidc" && parameter.oidc != _|_ {
+			stringData: oidc: json.Marshal(parameter.oidc)
+		}
+		if parameter.type == "gitlab" && parameter.gitlab != _|_ {
+			stringData: gitlab: json.Marshal(parameter.gitlab)
+		}
+		if parameter.type == "saml" && parameter.saml != _|_ {
+			stringData: saml: json.Marshal(parameter.saml)
+		}
+		if parameter.type == "google" && parameter.google != _|_ {
+			stringData: google: json.Marshal(parameter.google)
+		}
+	}
+	parameter: {
+		// +usage=Connetor type
+		type: *"github" | "ldap" | "gitlab" | "oidc" | "saml" | "google"
+		// +usage=GitHub connector
+		github?: {
+			// +usage=GitHub client ID
+			clientID: string
+			// +usage=GitHub client secret
+			clientSecret: string
+			// +usage=GitHub redirect URI
+			redirectURI: string
+		}
+		// +usage=LDAP connector
+		ldap?: {
+			// +usage=Host and optional port of the LDAP server in the form "host:port".
+			host: string
+			// +usage=The DN and password for an application service account. The connector uses these credentials to search for users and groups. Not required if the LDAP server provides access for anonymous auth.
+			bindDN?: string
+			// +usage=The password of the DN
+			bindPW?: string
+			// +usage=This field is required if the LDAP host is not using TLS (port 389).
+			insecureNoSSL: *true | bool
+			// +usage=If a custom certificate isn't provide, this option can be used to turn on
+			insecureSkipVerify?: bool
+			// +usage=If unspecified, connections will use the ldaps:// protocol
+			startTLS?: bool
+			// +usage=Path to a trusted root certificate file. Default: use the host's root CA.
+			rootCA?: string
+			// +usage=The attribute to display in the provided password prompt. If unset, will display "Username"
+			usernamePrompt?: string
+			// +usage=User search maps a username and password entered by a user to a LDAP entry.
+			userSearch: {
+				// +usage=BaseDN to start the search from. It will translate to the query "(&(objectClass=person)(uid=<username>))".
+				baseDN: string
+				// +usage=username attribute used for comparing user entries. This will be translated and combined with the other filter as "(<attr>=<username>)".
+				username: *"uid" | string
+				// +usage=The following three fields are direct mappings of attributes on the user entry. String representation of the user.
+				idAttr: *"uid" | string
+				// +usage=Attribute to map to Email.
+				emailAttr: *"mail" | string
+				// +usage=Maps to display name of users. No default value.
+				nameAttr: *"uid" | string
+				// +usage=Optional filter to apply when searching the directory.
+				filter?: string
+			}
+		}
+		// +usage=GitLab connector
+		gitlab?: {
+			// +usage=default to https://gitlab.com
+			baseURL?: string
+			// +usage=GitLab client ID
+			clientID: string
+			// +usage=GitLab client secret
+			clientSecret: string
+			// +usage=GitLab redirect URI
+			redirectURI: string
+		}
+		// +usage=OIDC connector
+		oidc?: {
+			// +usage=Canonical URL of the provider, also used for configuration discovery. This value MUST match the value returned in the provider config discovery. See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
+			issuer: string
+			// +usage=OIDC client ID
+			clientID: string
+			// +usage=OIDC client secret
+			clientSecret: string
+			// +usage=OIDC redirect URI
+			redirectURI: string
+		}
+		// +usage=Google connector
+		google?: {
+			// +usage=Google client ID
+			clientID: string
+			// +usage=Google client secret
+			clientSecret: string
+			// +usage=Google redirect URI
+			redirectURI: string
+		}
+		// +usage=SAML connector
+		saml?: {
+			// +usage=SSO URL used for POST value.
+			ssoURL: string
+			// +usage=CA to use when validating the signature of the SAML response.
+			ca: string
+			// +usage=SAML redirect URI
+			redirectURI: string
+			// +usage=Name of attributes in the returned assertions to map to ID token claims.
+			usernameAttr: string
+			// +usage=Email of attributes in the returned assertions to map to ID token claims.
+			emailAttr: string
+		}
+	}
+}

addons/dex/metadata.yaml

@@ -1,5 +1,5 @@
 name: dex
-version: 0.6.5
+version: 0.6.6
 description: Enable dex for login
 icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/dex/horizontal/color/dex-horizontal-color.png
 
@@ -12,4 +12,4 @@ dependencies:
   - name: fluxcd
 
 system:
-  vela: ">=v1.3.0-beta.1"
+  vela: ">=v1.6.0-beta.1"

addons/dex/readme.md

@@ -6,3 +6,9 @@ Dex is an identity service that uses [OpenID Connect](https://openid.net/connect
 Dex acts as a portal to other identity providers through [“connectors.”](https://dexidp.io/docs/connectors/) This lets Dex defer authentication to LDAP servers, SAML providers, or established identity providers like GitHub, Google, and Active Directory. Clients write their authentication logic once to talk to Dex, then Dex handles the protocols for a given backend.
 
 Please refer to [Dex's Website](https://dexidp.io/docs/) for more details.
+
+## Versions
+
+* 0.6.6
+
+Change the dex-connector component definition to the config template.

addons/dex/schemas/component-uischema-config-dex-connector.yaml → addons/dex/schemas/config-uischema-dex-connector.yaml

@@ -68,14 +68,22 @@
   subParameters:
     - jsonKey: issuer
       sort: 1
+      style:
+        colSpan: 12
     - jsonKey: clientID
       uiType: Password
       sort: 3
+      style:
+        colSpan: 12
     - jsonKey: clientSecret
       uiType: Password
       sort: 5
+      style:
+        colSpan: 12
     - jsonKey: redirectURI
       sort: 7
+      style:
+        colSpan: 12
 - jsonKey: saml
   sort: 11
   uiType: Ignore
@@ -85,6 +93,26 @@
     - jsonKey: type
       op: "=="
       value: "saml"
+  subParameters:
+    - jsonKey: usernameAttr
+      sort: 10
+      style:
+        colSpan: 12
+    - jsonKey: emailAttr
+      sort: 12
+      style:
+        colSpan: 12
+    - jsonKey: redirectURI
+      sort: 14
+      style:
+        colSpan: 12
+    - jsonKey: ssoURL
+      sort: 16
+      style:
+        colSpan: 12
+    - jsonKey: ca
+      sort: 18
+
 - jsonKey: ldap
   sort: 13
   uiType: Ignore

addons/fluxcd/definitions/config-helm-repository.cue → addons/fluxcd/config-templates/helm-repository.cue

@@ -1,16 +1,9 @@
-"config-helm-repository": {
-	annotations: {
-		"alias.config.oam.dev": "Helm Repository"
-	}
-	attributes: workload: type: "autodetects.core.oam.dev"
+metadata: {
+	name:        "helm-repository"
+	alias:       "Helm Repository"
 	description: "Config information to authenticate helm chart repository"
-	labels: {
-		"ui-hidden":                    "true"
-		"catalog.config.oam.dev":       "velacore-config"
-		"multi-cluster.config.oam.dev": "true"
-		"type.config.oam.dev":          "helm-repository"
-	}
-	type: "component"
+	sensitive:   false
+	scope:       "project"
 }
 
 template: {

addons/fluxcd/metadata.yaml

@@ -10,4 +10,4 @@ tags:
   - Helm
 
 system:
-  vela: ">=1.5.0"
+  vela: ">=v1.6.0-beta.1"