diff --git a/.gitignore b/.gitignore index 601791d1..2cbc1812 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ local/* .helm tilt_modules/ .idea/ +.DS_Store diff --git a/charts/tidepool/Chart.yaml b/charts/tidepool/Chart.yaml index 3b7a8f88..5269b573 100644 --- a/charts/tidepool/Chart.yaml +++ b/charts/tidepool/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart for Tidepool name: tidepool -version: 0.14.5 +version: 0.14.6 maintainers: - name: Todd Kazakov email: todd@tidepool.org diff --git a/charts/tidepool/charts/auth/README.md b/charts/tidepool/charts/auth/README.md index 7f41e6b5..e2baccad 100644 --- a/charts/tidepool/charts/auth/README.md +++ b/charts/tidepool/charts/auth/README.md @@ -14,6 +14,9 @@ Helm chart for the Tidepool auth service | configmap.data_.AppleDeviceCheckKeyId | string | `"B542R658GF"` | | | configmap.data_.AppleDeviceCheckKeyIssuer | string | `"75U4X84TEG"` | used for checking generating jwts, which are required for checking the validity of apple device tokens during the insulet authorization flow. | | configmap.data_.AppleDeviceCheckUseDevelopment | string | `"true"` | | +| configmap.data_.AppValidationUseDevelopment | string | `"true"` | | +| configmap.data_.AppValidationAppleAppIDs | string | `"75U4X84TEG.org.tidepool.coastal.Loop,75U4X84TEG.org.tidepool.Loop"` | | +| configmap.data_.AppValidationChallengeSize | string | `"16"` | | | deployment.image | string | `"tidepool/platform-auth:master-latest"` | auth Docker image | | deployment.replicas | int | `1` | number of replicas to deploy | | hpa.enabled | bool | `false` | whether to create a horizontal pod autoscalers for all pods of given deployment | diff --git a/charts/tidepool/charts/auth/templates/0-configmap.yaml b/charts/tidepool/charts/auth/templates/0-configmap.yaml index 8a9e4ed7..297ef045 100644 --- a/charts/tidepool/charts/auth/templates/0-configmap.yaml +++ b/charts/tidepool/charts/auth/templates/0-configmap.yaml @@ -11,4 +11,7 @@ data: AppleDeviceCheckKeyId: {{ .AppleDeviceCheckKeyId | default "" }} AppleDeviceCheckKeyIssuer: {{ .AppleDeviceCheckKeyIssuer | default "" }} AppleDeviceCheckUseDevelopment: "{{ .AppleDeviceCheckUseDevelopment | default "true" }}" + AppValidationUseDevelopment: "{{ .AppValidationUseDevelopment | default "true" }}" + AppValidationAppleAppIDs: "{{ .AppValidationAppleAppIDs | default "" }}" + AppValidationChallengeSize: "{{ .AppValidationChallengeSize | default "16" }}" {{- end }} \ No newline at end of file diff --git a/charts/tidepool/charts/auth/templates/1-deployment.yaml b/charts/tidepool/charts/auth/templates/1-deployment.yaml index bea129ec..d3ad9346 100644 --- a/charts/tidepool/charts/auth/templates/1-deployment.yaml +++ b/charts/tidepool/charts/auth/templates/1-deployment.yaml @@ -120,6 +120,24 @@ spec: name: auth key: AppleDeviceCheckUseDevelopment optional: true + - name: TIDEPOOL_APPVALIDATION_USE_DEVELOPMENT + valueFrom: + configMapKeyRef: + name: auth + key: AppValidationUseDevelopment + optional: true + - name: TIDEPOOL_APPVALIDATION_APPLE_APP_IDS + valueFrom: + configMapKeyRef: + name: auth + key: AppValidationAppleAppIDs + optional: true + - name: TIDEPOOL_APPVALIDATION_CHALLENGE_SIZE + valueFrom: + configMapKeyRef: + name: auth + key: AppValidationChallengeSize + optional: true image: "{{ .Values.deployment.image }}" securityContext: {{- .Values.podSecurityContext | toYaml | nindent 10 }} diff --git a/charts/tidepool/charts/auth/values.yaml b/charts/tidepool/charts/auth/values.yaml index 017d32dc..aaa2bbd6 100644 --- a/charts/tidepool/charts/auth/values.yaml +++ b/charts/tidepool/charts/auth/values.yaml @@ -10,6 +10,10 @@ configmap: AppleDeviceCheckKeyIssuer: "75U4X84TEG" AppleDeviceCheckKeyId: "B542R658GF" AppleDeviceCheckUseDevelopment: "true" + # -- used for app attestation to determine if an app is a valid instance of an IOS app. + AppValidationUseDevelopment: "true" + AppValidationAppleAppIDs: "75U4X84TEG.org.tidepool.coastal.Loop,75U4X84TEG.org.tidepool.Loop" + AppValidationChallengeSize: "16" deployment: # -- auth Docker image image: tidepool/platform-auth:master-latest