From a26e1e9c1fbcf6da4b98213b5534e6055c301fa9 Mon Sep 17 00:00:00 2001
From: Kurt <10924313+Kurt108@users.noreply.github.com>
Date: Tue, 13 Oct 2020 14:40:25 +0200
Subject: [PATCH] Feature/thumbor basic auth (#14)

enable the option to set a basic auth for thumbor
---
 charts/thumbor/Chart.yaml                |  2 +-
 charts/thumbor/README.md                 | 31 ++++++++++++----------
 charts/thumbor/templates/NOTES.txt       |  1 -
 charts/thumbor/templates/deployment.yaml |  2 +-
 charts/thumbor/templates/ingress.yaml    |  5 +++-
 charts/thumbor/templates/secrets.yaml    | 18 +++++++++++++
 charts/thumbor/values.yaml               | 33 ++++++++++++++----------
 7 files changed, 61 insertions(+), 31 deletions(-)
 create mode 100644 charts/thumbor/templates/secrets.yaml

diff --git a/charts/thumbor/Chart.yaml b/charts/thumbor/Chart.yaml
index d3d0147..f800bba 100755
--- a/charts/thumbor/Chart.yaml
+++ b/charts/thumbor/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: thumbor
 icon: https://camo.githubusercontent.com/8add159463b5ef31481d1e0cc9fb590cd662fe62/68747470733a2f2f73332e65752d776573742d322e616d617a6f6e6177732e636f6d2f6d696e696d616c2d636f6d706163742f696d616765732f6d632d7468756d626f722e706e67
-version: 1.0.4
+version: 1.0.5
 appVersion: "6.7.5"
 description: A chart containing Thumbor
 home: http://thumbor.org/
diff --git a/charts/thumbor/README.md b/charts/thumbor/README.md
index f1906dc..5b91275 100644
--- a/charts/thumbor/README.md
+++ b/charts/thumbor/README.md
@@ -5,7 +5,7 @@
 =======
 A chart containing Thumbor
 
-Current chart version is `1.0.4`
+Current chart version is `1.0.5`
 
 ## Based on
 
@@ -32,20 +32,23 @@ NAME: my-release
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| auth.enabled | bool | `true` |  |
+| auth.password | string | `"$1$nwVVjM_Y$VeLOyr0CIIMXQajJL2pXT1"` |  |
+| auth.username | string | `"thumbor"` |  |
 | conf.allowedSources | string | `"'http://domain_or_wildcard', 'comma_seperated'"` |  |
-| env.ALLOW_UNSAFE_URL | string | `"True"` |  |
-| env.AUTO_WEBP | string | `"True"` |  |
-| env.CORS_ALLOW_ORIGIN | string | `"*"` |  |
-| env.HEALTHCHECK_ROUTE | string | `"/healthcheck"` |  |
-| env.LOG_LEVEL | string | `"error"` |  |
-| env.MAX_AGE | string | `"3600"` |  |
-| env.MAX_AGE_TEMP_IMAGE | string | `"300"` |  |
-| env.RESULT_STORAGE | string | `"thumbor.result_storages.no_storage"` |  |
-| env.RESULT_STORAGE_EXPIRATION_SECONDS | string | `"31536000"` |  |
-| env.RESULT_STORAGE_STORES_UNSAFE | string | `"True"` |  |
-| env.STORAGE | string | `"thumbor.storages.file_storage"` |  |
-| env.THUMBOR_NUM_PROCESSES | string | `"1"` |  |
-| env.THUMBOR_PORT | string | `"80"` |  |
+| env.open.ALLOW_UNSAFE_URL | string | `"True"` |  |
+| env.open.AUTO_WEBP | string | `"True"` |  |
+| env.open.CORS_ALLOW_ORIGIN | string | `"*"` |  |
+| env.open.HEALTHCHECK_ROUTE | string | `"/healthcheck"` |  |
+| env.open.LOG_LEVEL | string | `"error"` |  |
+| env.open.MAX_AGE | string | `"3600"` |  |
+| env.open.MAX_AGE_TEMP_IMAGE | string | `"300"` |  |
+| env.open.RESULT_STORAGE | string | `"thumbor.result_storages.no_storage"` |  |
+| env.open.RESULT_STORAGE_EXPIRATION_SECONDS | string | `"31536000"` |  |
+| env.open.RESULT_STORAGE_STORES_UNSAFE | string | `"True"` |  |
+| env.open.STORAGE | string | `"thumbor.storages.file_storage"` |  |
+| env.open.THUMBOR_NUM_PROCESSES | string | `"1"` |  |
+| env.open.THUMBOR_PORT | string | `"80"` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"registry.hub.docker.com/minimalcompact/thumbor"` |  |
 | image.tag | string | `"6.7.5"` |  |
diff --git a/charts/thumbor/templates/NOTES.txt b/charts/thumbor/templates/NOTES.txt
index d669de9..e69de29 100755
--- a/charts/thumbor/templates/NOTES.txt
+++ b/charts/thumbor/templates/NOTES.txt
@@ -1 +0,0 @@
-notes.txt
\ No newline at end of file
diff --git a/charts/thumbor/templates/deployment.yaml b/charts/thumbor/templates/deployment.yaml
index 3430f05..9656f2e 100755
--- a/charts/thumbor/templates/deployment.yaml
+++ b/charts/thumbor/templates/deployment.yaml
@@ -38,7 +38,7 @@ spec:
         env:
         - name: THUMBOR_PORT
           value: {{ .Values.service.internalPort | quote }}
-{{- range $name, $value := .Values.env }}
+{{- range $name, $value := .Values.env.open }}
 {{- if not (empty $value) }}
         - name: {{ $name | quote }}
           value: {{ $value | quote }}
diff --git a/charts/thumbor/templates/ingress.yaml b/charts/thumbor/templates/ingress.yaml
index 04873c4..d07965b 100755
--- a/charts/thumbor/templates/ingress.yaml
+++ b/charts/thumbor/templates/ingress.yaml
@@ -4,9 +4,12 @@ apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: {{ $fullName }}
-{{- if .Values.ingress.annotations }}
+  {{- if or (.Values.ingress.annotations) (.Values.auth.enabled) }}
   annotations:
 {{ toYaml .Values.ingress.annotations | indent 4 }}
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: {{ template "thumbor.name" . }}-auth
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - Thumbor'
 {{- end }}
   labels:
     app: {{ template "thumbor.name" . }}
diff --git a/charts/thumbor/templates/secrets.yaml b/charts/thumbor/templates/secrets.yaml
new file mode 100644
index 0000000..d06a6a0
--- /dev/null
+++ b/charts/thumbor/templates/secrets.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.auth.enabled -}}
+{{- if not .Values.auth.existingSecret -}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "thumbor.fullname" . }}-auth
+  labels:
+    chart: {{ template "thumbor.name" . }}
+    app: {{ template "thumbor.name" . }}
+    chart: {{ template "thumbor.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}   
+type: Opaque
+data:
+  auth: {{ print .Values.auth.username ":" .Values.auth.password | b64enc }}
+{{ end }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/thumbor/values.yaml b/charts/thumbor/values.yaml
index 9f67edc..5e4a85d 100755
--- a/charts/thumbor/values.yaml
+++ b/charts/thumbor/values.yaml
@@ -1,18 +1,25 @@
 replicaCount: 1
 env:
-  THUMBOR_NUM_PROCESSES: "1"
-  CORS_ALLOW_ORIGIN: "*"
-  AUTO_WEBP: "True"
-  RESULT_STORAGE: "thumbor.result_storages.no_storage"
-  RESULT_STORAGE_STORES_UNSAFE: "True"
-  STORAGE: "thumbor.storages.file_storage"
-  HEALTHCHECK_ROUTE: "/healthcheck"
-  THUMBOR_PORT: "80"
-  MAX_AGE: "3600"
-  MAX_AGE_TEMP_IMAGE: "300"
-  RESULT_STORAGE_EXPIRATION_SECONDS: "31536000"
-  ALLOW_UNSAFE_URL: "True"
-  LOG_LEVEL: "error"
+  open:
+    THUMBOR_NUM_PROCESSES: "1"
+    CORS_ALLOW_ORIGIN: "*"
+    AUTO_WEBP: "True"
+    RESULT_STORAGE: "thumbor.result_storages.no_storage"
+    RESULT_STORAGE_STORES_UNSAFE: "True"
+    STORAGE: "thumbor.storages.file_storage"
+    HEALTHCHECK_ROUTE: "/healthcheck"
+    THUMBOR_PORT: "80"
+    MAX_AGE: "3600"
+    MAX_AGE_TEMP_IMAGE: "300"
+    RESULT_STORAGE_EXPIRATION_SECONDS: "31536000"
+    ALLOW_UNSAFE_URL: "True"
+    LOG_LEVEL: "error"
+
+auth:
+  enabled: true
+  username: "thumbor"   # Username
+  password: "$1$nwVVjM_Y$VeLOyr0CIIMXQajJL2pXT1"   # Password generated via htpasswd (password)
+  # existingSecret: specify the name of a existing secret
 
 # Some Configs should be set via config-file and not as environment variable
 conf: