Bump chart

README.md

@@ -36,6 +36,13 @@ config:
   auth:
     hmac_key: a-very-strong-key
     cookies_key: another-strong-key
+    allow_email_login: true
+    registration_approval: true
+
+adminUser:
+  create: true
+  email: [email protected]
+  password: your-super-secret-password
 ```
 
 In order to expose your TFStater instance you also need to enable the Ingress resource:
@@ -72,7 +79,7 @@ config:
     bucket: my-s3-bucket
     access_key: ""
     secret_key: ""
-    path_prefix: terraform/states
+    # path_prefix: terraform/states
 ```
 
 For S3-compatible providers, you might need to specify the endpoint:
@@ -122,6 +129,9 @@ Create an OAuth application within your Github organization. Set the callback ur
 
 ```yaml
 config:
+  auth:
+    allow_email_login: false
+
   idp:
     github:
       client_id: your-gh-app-client-id
@@ -144,7 +154,42 @@ config:
 
 #### Use email login
 
-*Feature still in development*
+TFStater provides also a standard email signup flow. In order to verify new signups, you have 2 options: manual approval, and email verification.
+
+In order to setup manual approval, you also need to create your fist user:
+
+```yaml
+config:
+  auth:
+    allow_email_login: true
+    registration_approval: true
+
+adminUser:
+  create: true
+  email: [email protected]
+  password: your-super-secret-password
+```
+
+using this configuration, you can manually approve users through the settings page.
+
+The email verification flow requires domain restriction and to setup an smtp server to allow TFStater to send verifications:
+
+```yaml
+config:
+  auth:
+    allow_email_login: true
+    registration_verification: true
+    restrict_email_domain: "@my.tld"
+
+  smtp:
+    sender: [email protected]
+    server: smtp.my.tld
+    username: tfstater
+    password: super-secret-password
+    # port: 25
+    # use_tls: false
+    # use_ssl: false
+```
 
 ## Usage
 

charts/tfstater/Chart.yaml

@@ -3,8 +3,8 @@ type: application
 name: tfstater
 description: An HTTP Terraform state backend with locking support
 
-version: 0.1.4
-appVersion: 0.1.2
+version: 0.2.0
+appVersion: 0.2.0
 kubeVersion: ">=1.14.0-0"
 
 home: https://github.com/gi0baro/tfstater

charts/tfstater/templates/secret.yaml

@@ -46,6 +46,14 @@ stringData:
       path_prefix: {{ $objStoreConfig.path_prefix | quote }}
       encrypt_data: {{ $objStoreConfig.encrypt_data }}
 
-    auth: {{ .Values.config.auth | toYaml | nindent 6 }}
+    {{ with .Values.config.auth -}}
+    auth: {{ . | toYaml | nindent 6 }}
+    {{- end }}
 
-    idp: {{ .Values.config.idp | toYaml | nindent 6 }}
+    {{ with .Values.config.smtp -}}
+    smtp: {{ . | toYaml | nindent 6 }}
+    {{- end }}
+
+    {{ with .Values.config.idp -}}
+    idp: {{ . | toYaml | nindent 6 }}
+    {{- end }}

charts/tfstater/values.yaml

@@ -137,13 +137,6 @@ config:
     password: ""
     pool_size: 10
 
-  auth:
-    hmac_key:
-    cookies_key:
-    allow_email_login: true
-    restrict_email_domain:
-    registration_verification: true
-
   object_storage:
     access_key:
     secret_key:
@@ -152,19 +145,36 @@ config:
     path_prefix:
     encrypt_data: false
 
-  idp:
-    github:
-      # client_id:
-      # client_secret:
-      # organization:
-      # claim_roles: []
-      # claim_teams: []
-      # match_role:
-      #   admin: maintainer
-      # match_teams:
-      #   team: maintainer
+  auth:
+    hmac_key:
+    cookies_key:
+    allow_email_login: false
+    restrict_email_domain:
+    registration_approval: false
+    registration_verification: false
+
+  smtp: {}
+    # sender: "[email protected]"
+    # server: ""
+    # port: 25
+    # username: tfstater
+    # password: ""
+    # use_tls: false
+    # use_ssl: false
+
+  idp: {}
+    # github:
+    #   client_id:
+    #   client_secret:
+    #   organization:
+    #   claim_roles: []
+    #   claim_teams: []
+    #   match_role:
+    #     admin: maintainer
+    #   match_teams:
+    #     team: maintainer
 
 adminUser:
   create: false
-  email: ""
-  password: ""
+  # email: ""
+  # password: ""