From f80f803511833f80cdfa283f56360c6668bdaebb Mon Sep 17 00:00:00 2001 From: viniciusdc Date: Fri, 22 May 2026 17:17:31 -0300 Subject: [PATCH] fix(nebariapp): render auth and landingPage blocks via toYaml passthrough templates/nebariapp.yaml hand-rendered the auth block field-by-field, covering only 5 of the 14 fields the NebariApp.spec.auth CRD defines. The other 9 (enforceAtGateway, clientSecretRef, denyRedirect, deviceFlowClient, groups, issuerURL, keycloakConfig, spaClient, tokenExchange) were silently dropped if a user tried to set them via values, forcing post-hoc kubectl patches to communicate fields the chart didn't expose. The landingPage block had the same shape: every sub-field hand-rendered, so any CRD addition would be silently dropped until the template caught up. Switch both blocks to `toYaml | nindent 4` passthrough, matching what the neighboring `routing` block already does. Every CRD field is now addressable from values.yaml. The JupyterHub-specific defaults (enabled: true, redirectURI: /hub/oauth_callback, enforceAtGateway: false, forwardAccessToken: false, the standard scopes set, landingPage defaults, healthCheck config) all live in values.yaml already, so the default chain is unchanged for users who don't override. Verified with `helm template`: rendered NebariApp.spec matches the previous output field-for-field; only field ordering differs because toYaml emits sorted keys. Fixes #57. --- templates/nebariapp.yaml | 52 ++-------------------------------------- 1 file changed, 2 insertions(+), 50 deletions(-) diff --git a/templates/nebariapp.yaml b/templates/nebariapp.yaml index bcd334b..0611c5b 100644 --- a/templates/nebariapp.yaml +++ b/templates/nebariapp.yaml @@ -17,58 +17,10 @@ spec: {{- end }} {{- with .Values.nebariapp.auth }} auth: - enabled: {{ .enabled | default true }} - provider: {{ .provider | default "keycloak" }} - provisionClient: {{ .provisionClient | default true }} - redirectURI: {{ .redirectURI | default "/oauth2/callback" }} - {{- with .scopes }} - scopes: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- if hasKey . "enforceAtGateway" }} - enforceAtGateway: {{ .enforceAtGateway }} - {{- end }} - {{- if hasKey . "forwardAccessToken" }} - forwardAccessToken: {{ .forwardAccessToken }} - {{- end }} - {{- with .tokenExchange }} - tokenExchange: - {{- toYaml . | nindent 6 }} - {{- end }} + {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.nebariapp.landingPage }} landingPage: - enabled: {{ .enabled | default false }} - {{- with .displayName }} - displayName: {{ . | quote }} - {{- end }} - {{- with .description }} - description: {{ . | quote }} - {{- end }} - {{- with .icon }} - icon: {{ . | quote }} - {{- end }} - {{- with .category }} - category: {{ . | quote }} - {{- end }} - {{- with .priority }} - priority: {{ . }} - {{- end }} - {{- with .externalUrl }} - externalUrl: {{ . | quote }} - {{- end }} - {{- with .healthCheck }} - healthCheck: - enabled: {{ .enabled | default false }} - {{- with .path }} - path: {{ . | quote }} - {{- end }} - {{- with .intervalSeconds }} - intervalSeconds: {{ . }} - {{- end }} - {{- with .timeoutSeconds }} - timeoutSeconds: {{ . }} - {{- end }} - {{- end }} + {{- toYaml . | nindent 4 }} {{- end }} {{- end }}