From adcb18b8f1137a90efcd5cddb32781fa7941f166 Mon Sep 17 00:00:00 2001 From: Sira Kantana Date: Fri, 1 May 2026 17:01:54 +0200 Subject: [PATCH 1/3] fix: add missing auth.oidc validation --- helm/optio/templates/_helpers.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/optio/templates/_helpers.tpl b/helm/optio/templates/_helpers.tpl index 71897217..6da003ed 100644 --- a/helm/optio/templates/_helpers.tpl +++ b/helm/optio/templates/_helpers.tpl @@ -47,9 +47,9 @@ Called from secrets.yaml to fail early on misconfiguration. {{- if not .Values.publicUrl -}} {{- fail "publicUrl is required when auth is enabled. Set to the externally-reachable URL (e.g. https://optio.example.com)." -}} {{- else -}} - {{- $hasProvider := or .Values.auth.github.clientId (or .Values.auth.google.clientId .Values.auth.gitlab.clientId) -}} + {{- $hasProvider := or .Values.auth.github.clientId (or .Values.auth.google.clientId (or .Values.auth.gitlab.clientId .Values.auth.oidc.clientId)) -}} {{- if not $hasProvider -}} - {{- fail "At least one OAuth provider must be configured when auth is enabled. Set auth.github.clientId, auth.google.clientId, or auth.gitlab.clientId (with corresponding clientSecret)." -}} + {{- fail "At least one OAuth provider must be configured when auth is enabled. Set auth.github.clientId, auth.google.clientId, auth.gitlab.clientId, or auth.oidc.clientId (with corresponding clientSecret/issuerUrl as needed)." -}} {{- end -}} {{- end -}} {{- end -}} From 03b7981baab3b17dfa56db21300aab8051406ad6 Mon Sep 17 00:00:00 2001 From: Sira Kantana Date: Mon, 4 May 2026 13:04:01 +0200 Subject: [PATCH 2/3] fix: update _helpers.tpl for oidc with issuerUrl --- helm/optio/templates/_helpers.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/optio/templates/_helpers.tpl b/helm/optio/templates/_helpers.tpl index 6da003ed..f917424e 100644 --- a/helm/optio/templates/_helpers.tpl +++ b/helm/optio/templates/_helpers.tpl @@ -47,9 +47,9 @@ Called from secrets.yaml to fail early on misconfiguration. {{- if not .Values.publicUrl -}} {{- fail "publicUrl is required when auth is enabled. Set to the externally-reachable URL (e.g. https://optio.example.com)." -}} {{- else -}} - {{- $hasProvider := or .Values.auth.github.clientId (or .Values.auth.google.clientId (or .Values.auth.gitlab.clientId .Values.auth.oidc.clientId)) -}} + {{- $hasProvider := or .Values.auth.github.clientId (or .Values.auth.google.clientId (or .Values.auth.gitlab.clientId .Values.auth.oidc.issuerUrl)) -}} {{- if not $hasProvider -}} - {{- fail "At least one OAuth provider must be configured when auth is enabled. Set auth.github.clientId, auth.google.clientId, auth.gitlab.clientId, or auth.oidc.clientId (with corresponding clientSecret/issuerUrl as needed)." -}} + {{- fail "At least one OAuth provider must be configured when auth is enabled. Set auth.github.clientId, auth.google.clientId, auth.gitlab.clientId, or auth.oidc.issuerUrl (with corresponding clinetId, clientSecret as needed)." -}} {{- end -}} {{- end -}} {{- end -}} From 52dcb422b9f0f54a124a171ef94d3894bf7ccb28 Mon Sep 17 00:00:00 2001 From: Sira Kantana Date: Tue, 5 May 2026 11:39:43 +0200 Subject: [PATCH 3/3] fix: typo clientId --- helm/optio/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/optio/templates/_helpers.tpl b/helm/optio/templates/_helpers.tpl index f917424e..0e09ef31 100644 --- a/helm/optio/templates/_helpers.tpl +++ b/helm/optio/templates/_helpers.tpl @@ -49,7 +49,7 @@ Called from secrets.yaml to fail early on misconfiguration. {{- else -}} {{- $hasProvider := or .Values.auth.github.clientId (or .Values.auth.google.clientId (or .Values.auth.gitlab.clientId .Values.auth.oidc.issuerUrl)) -}} {{- if not $hasProvider -}} - {{- fail "At least one OAuth provider must be configured when auth is enabled. Set auth.github.clientId, auth.google.clientId, auth.gitlab.clientId, or auth.oidc.issuerUrl (with corresponding clinetId, clientSecret as needed)." -}} + {{- fail "At least one OAuth provider must be configured when auth is enabled. Set auth.github.clientId, auth.google.clientId, auth.gitlab.clientId, or auth.oidc.issuerUrl (with corresponding clientId, clientSecret as needed)." -}} {{- end -}} {{- end -}} {{- end -}}