From 63d3dec59b9e95a8d597aecf0b98f0a6d4a67bff Mon Sep 17 00:00:00 2001
From: "Shiba, Sidney" <sidney.shiba@ericsson.com>
Date: Thu, 17 Jun 2021 20:16:50 +0000
Subject: [PATCH] Multi-tenant - Dex-aio workload-target phase

This patchset adds the deployment of dex-aio (with HelmRelease) for
multi-tenant type during the workload-target phase.

This is required for deploying the Target cluster through multi-tenant
type.

NOTE: Not to be confused with deploying a multi-tenant/subcluster, which
is addressed by a different PS.

Change-Id: Ifc33a6f751af24bf6db3e20a87d32ee67965c2c3
---
 .../target/workload/dex-aio/README.md         | 17 +++++++++++++++++
 .../workload/dex-aio/dex-aio-helm-patch.yaml  | 19 +++++++++++++++++++
 .../target/workload/kustomization.yaml        |  4 ++++
 .../workload/replacements/kustomization.yaml  |  1 +
 4 files changed, 41 insertions(+)
 create mode 100644 manifests/type/multi-tenant/target/workload/dex-aio/README.md
 create mode 100644 manifests/type/multi-tenant/target/workload/dex-aio/dex-aio-helm-patch.yaml

diff --git a/manifests/type/multi-tenant/target/workload/dex-aio/README.md b/manifests/type/multi-tenant/target/workload/dex-aio/README.md
new file mode 100644
index 000000000..6ea40dcef
--- /dev/null
+++ b/manifests/type/multi-tenant/target/workload/dex-aio/README.md
@@ -0,0 +1,17 @@
+# DEX-AIO Workload Service
+
+The "*kustomization*" of dex-aio service is achieved through replacement transformer and patches.
+The rationale for supporting two different kustomization approaches is values for Dex service are shared with its corresponding API server.
+The replacement transformer/catalogue avoids duplication of variables/values avoiding configuration errors (DRY: Don't Repeat Yourself principle).
+The LDAP values are only used for the LDAP backend so supporting through patchesStrategyMerge avoids "complexity", e.i., the need to support a catalog + replacement rules.
+
+## Dex Dependent Variables/Values
+Dex dependent values are collected in a catalogue located at *manifests/function/treasuremap-base-catalogues/utility.yaml*.
+Some of these values are common to the Dex service and API Server/OIDC flags (DRY principle).
+
+Dex values are substituted using replacement transformer and the replacement rules for the Dex service can be found in *manifests/function/dex-aio/replacements*.
+
+> NOTE: The replacement transformer is invoked in *treasuremap/manifests/type/multi-tenant/target/workload/replacements/kustomization.yaml*.
+
+## LDAP Dependent Variables/Values
+The LDAP dependent values are kustomized through the *patchesStrategyMerge* and the values for the LDAP backend can be found in *./dex-aio-helm-patch.yaml*.
\ No newline at end of file
diff --git a/manifests/type/multi-tenant/target/workload/dex-aio/dex-aio-helm-patch.yaml b/manifests/type/multi-tenant/target/workload/dex-aio/dex-aio-helm-patch.yaml
new file mode 100644
index 000000000..4c31ba722
--- /dev/null
+++ b/manifests/type/multi-tenant/target/workload/dex-aio/dex-aio-helm-patch.yaml
@@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: dex-aio
+  namespace: default
+spec:
+  values:
+    params:
+      ldap:
+        bind_password: "your LDAP bind password"
+        name: "LDAP TEST SERVICES - MULTI-TENANT"
+        config:
+          host: "your LDAP FQDN"
+          bind_dn: "your LDAP bind username"
+          username_prompt: SSO Username
+          user_search:
+            base_dn: dc=testservices,dc=test,dc=com
+          group_search:
+            base_dn: ou=groups,dc=testservices,dc=test,dc=com
diff --git a/manifests/type/multi-tenant/target/workload/kustomization.yaml b/manifests/type/multi-tenant/target/workload/kustomization.yaml
index a3df3b125..7379fe276 100644
--- a/manifests/type/multi-tenant/target/workload/kustomization.yaml
+++ b/manifests/type/multi-tenant/target/workload/kustomization.yaml
@@ -7,3 +7,7 @@ resources:
   - ../../../../function/helm-chart-repository/
   - ../../../../function/local-storage
   - ../../../../composite/lma-infra
+  - ../../../../function/dex-aio
+
+patchesStrategicMerge:
+- dex-aio/dex-aio-helm-patch.yaml
diff --git a/manifests/type/multi-tenant/target/workload/replacements/kustomization.yaml b/manifests/type/multi-tenant/target/workload/replacements/kustomization.yaml
index e0859a6a6..7006c84dc 100644
--- a/manifests/type/multi-tenant/target/workload/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/target/workload/replacements/kustomization.yaml
@@ -1,6 +1,7 @@
 resources:
   - ../../../../../composite/storage-cluster/replacements
   - ../../../../../function/ingress/replacements
+  - ../../../../../function/dex-aio/replacements
   - ../../../../../function/sip/replacements
   - ../../../../../function/synclabeller/replacements
   - ../../../../../function/vino/replacements