Add 2.11.7 upstream chart

helm/1password-scim-bridge/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: op-scim-bridge
+  repository: ""
+  version: 2.11.7
+digest: sha256:e45626ac423c2472e3cc0f862197f688bc24e0b96a796f746d9243f96ae7e37a
+generated: "2024-12-19T18:11:22.744711729-05:00"

helm/1password-scim-bridge/Chart.yaml

@@ -14,4 +14,4 @@ annotations:
   application.giantswarm.io/team: "shield"
 dependencies:
   - name: op-scim-bridge
-    # version: 0.1.0-alpha.1
+    version: 2.11.7

helm/1password-scim-bridge/charts/op-scim-bridge/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 20.6.0
+- name: common
+  repository: https://charts.bitnami.com/bitnami
+  version: 2.27.0
+digest: sha256:de7f240531402b2d3f6bddca4f7e343202b4f5dbb7c85bccaacccfbffea98630
+generated: "2024-12-16T14:38:33.452735-05:00"

helm/1password-scim-bridge/charts/op-scim-bridge/Chart.yaml

@@ -0,0 +1,28 @@
+apiVersion: v2
+name: op-scim-bridge
+version: 2.11.7
+description: A Helm chart for deploying the 1Password SCIM bridge
+keywords:
+  - "1Password"
+  - "1Password SCIM bridge"
+  - "SCIM"
+  - "automated provisioning"
+  - "Azure Active Directory"
+  - "JumpCloud"
+  - "Okta"
+  - "OneLogin"
+  - "Rippling"
+home: https://support.1password.com/scim
+maintainers:
+  - name: 1Password Provisioning Team
+    email: [email protected]
+icon: https://1password.com/img/logo-v1.svg
+appVersion: v2.9.9
+dependencies:
+  - name: redis
+    version: ~20
+    repository: https://charts.bitnami.com/bitnami
+    condition: redis.enabled
+  - name: common
+    version: ~2
+    repository: https://charts.bitnami.com/bitnami

helm/1password-scim-bridge/charts/op-scim-bridge/README.md

@@ -0,0 +1,133 @@
+# 1Password SCIM bridge
+
+This repository defines the Helm chart for the 1Password SCIM bridge application.
+
+We intend to use this as a repository that can be referenced in our various kubernetes marketplace solutions. It may also be used outside of that context with an appropriate deployment script.
+
+**Homepage:** https://support.1password.com/scim
+
+## Maintainers
+
+| Name | Email |
+| ---- | ----- |
+| 1Password Provisioning Team | [email protected] |
+
+## Dependencies
+
+| Repository | Name | Version |
+| ---------- |------|---------|
+| [bitnami](https://github.com/bitnami/charts) | [redis](https://github.com/bitnami/charts/tree/master/bitnami/redis) | 12.0.0 |
+
+## Prerequisites
+
+You will need Helm installed to use this chart. Get the latest [Helm](https://github.com/kubernetes/helm#install) release.
+
+## Installation
+
+### Add repository
+
+```shell
+helm repo add 1password https://1password.github.io/op-scim-helm
+helm repo update
+```
+
+### Install chart
+
+```shell
+helm install my-release 1password/op-scim-bridge
+```
+
+### Uninstall chart
+
+```shell
+helm uninstall my-release
+```
+
+## Values
+
+The values are split into two sections:
+- [scim](#scim) options
+- [redis](#redis) options
+
+### scim
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| name | string | `op-scim-bridge` | SCIM bridge name. |
+| version | string | `major.minor.patch` | SCIM bridge verion. |
+| credentialsVolume | object | `{}` | Use a volume for the SCIM bridge credentials. See [credentialsVolume](#credentialsVolume) for details. |
+| credentialsSecrets | object | `{}` | Use a secret for the SCIM bridge credentials. See [credentialsSecrets](#credentialsSecrets) for details. |
+| imageRepository | string | `1password/scim` | 1Password SCIM bridge image. |
+| imagePullPolicy | string | `Always` | Image pull policy. |
+| imagePullSecrets | list | `[]` | Image pull secrets. |
+| httpPort | int | `8080` | HTTP port. |
+| httpsPort | int | `8443` | HTTPS port. |
+| service | object | `{ "enabled": true, "type": "LoadBalancer" }` | Service configuration. |
+| ingress | object | `{}` | Ingress configuration.  |
+| probes | object | `{ "liveness": { "enabled": true, "path": "/ping" } }` | Liveness probe that uses the `GET /ping` endpoint for health checks. |
+| config | object | `{}` | SCIM bridge config options. See [config](#config) for details. |
+| resources | object | `{}` | Resource requests and/or limits for the SCIM bridge pod. |
+| annotations | object | `{}` | Additional annotations. |
+| labels | object | `{}` | Additional labels. |
+| podAnnotations | object | `{}` | Annotations for SCIM bridge pod. |
+| podLabels | object | `{}` | Labels for SCIM bridge pod. |
+| nodeSelector | object | `{}` | Node selector for SCIM bridge pod. |
+| affinity | object | `{ "podAntiAffinity": {} }` | Affinity for SCIM bridge pod. By default we configure pod anti-affinity to ensure redis and SCIM bridge pods are not scheduled on the same node. |
+| tolerations | list | `[]` | Tolerations for SCIM bridge pod. |
+| initContainers | object | `{}` | Configuration options for init containers. |
+| replicaCount | int | `1` | Number of replicas in deployment. |
+| autoscaling | object | `{}` | Configuration for `HorizontalPodAutoscaler` resource. Will override `replicaCount` when set. |
+| podDisruptionBudget | object | `{}` | Configuration for `PodDisruptionBudget` resource. Requires more than 1 replica or `autoscaling` to be enabled to be effective. |
+| serviceAccount | object | `{}` | Service account configuration. Default service account is used when disabled. |
+| serviceMonitor | object | `{}` | Service monitor for Prometheus Operator. See [getting started](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md) guide.  |
+
+#### config
+
+These values set available SCIM bridge configuation options. For details on the options see the help output of the `op-scim` binary (`./op-scim --help`).
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| redisURL | string | `redis://op-scim-bridge-redis-master:6379` | Redis connection URL. |
+| domain | string | unset | Allowed 1Password sign in URL. Not set by default. |
+| tlsDomain | string | unset | Domain to attempt to get a certificate for via Let's Encrypt. Not set by default. |
+| debug | bool | `false` | Enable `DEBUG` log level instead of the default `INFO` level. |
+| jsonLogs | bool | `false` | Enable JSON log output. |
+| prettyLogs | bool | `false` | Enable colorized log output. |
+
+
+#### credentialsVolume
+
+Note that you should configure accessing the SCIM bridge credentials through either the `credentialsVolume` or the `credentialsSecrets`, and not both.
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| name | string | `op-scim-bridge-credentials` | Volume name. |
+| files | object | `{ "scimFile": "scimsession", "workspaceSettingsFile": "workspace-settings.json", "workspaceKeyFile":"workspace-credentials.json" }` | File names for SCIM bridge credentials. |
+| accessModes | list | `[ReadWriteOnce]` | Access modes. |
+| resources | object | `{ "requests": { "storage": "1Gi" } }` | The default storage request is `1Gi`. |
+| storageClass | string | unset | Storage class. Set to `"—"` to set value to `""` in resulting application. `do-block-storage` is recommended for Digital Ocean. |
+
+#### credentialsSecrets
+
+Note that you should configure accessing the SCIM bridge credentials through either the `credentialsVolume` or the `credentialsSecrets`, and not both.
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| scimsession | object | `{ “name”:”op-scim-bridge-credentials”, “key”: “scimsession”, “value_json”: “{}”, “value_base64”: “base64 encoded scimsession file” }` | scimsession secret definition. |
+| workspaceSettings | object | `{ “name”:”op-scim-bridge-workspace-settings”, “key”: “workspace-settings”, “value_json”: “{}”, “value_base64”: “base64 encoded workspace settings file” }` | workspace settings secret definition. |
+| workspaceCredentials | object | `{ “name”:”op-scim-bridge-workspace-credentials”, “key”: “workspace-credentials”, “value_json”: “{}”, “value_base64”: “base64 encoded workspace credentials file” }` | workspace credentials secret definition. |
+
+
+### redis
+
+This is a small subset of possible the values that you can configure for Redis. See the [bitnami/redis](https://github.com/bitnami/charts/tree/master/bitnami/redis) chart documentation for more details.
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| enabled | bool | `true` | Controls whether redis is deployed with the SCIM bridge. |
+| image | object | `{ "registry": "docker.io", "repository": "bitnami/redis", "tag": "latest", "pullPolicy": "IfNotPreset" }` | Use the latest `bitnami/redis` image from `docker.io` and pull the image if it is not present. |
+| cluster | object | `{"enabled": false }` | Redis cluster is disabled by default. |
+| usePassword | bool | `false` | Use password is disabled by default. |
+| master.affinity | object | `{ "affinity": "podAntiAffinity": {} }` | Master affinity. By default we configure pod anti-affinity to ensure redis and SCIM bridge pods are not scheduled on the same node. Note that this configuration should be duplicated for the slave when not running redis in standalone mode. |
+| master.resources | object | `{}` | Master resource requests and limits. |
+| master.extraFlags | object | `{}` | Master extra flags. By default set a maximum memory limit and define the policy to use when key eviction is required. |

helm/1password-scim-bridge/charts/op-scim-bridge/ci/with-scim-values.yaml

@@ -0,0 +1,23 @@
+scim:
+
+  credentials:
+    volume:
+      enabled: false
+    secret:
+      scimsession:
+        key: scimsession
+        value_json: '{}'
+      workspaceSettings:
+        key: workspace-settings
+        value_json: '{}'
+      workspaceCredentials:
+        key: workspace-credentials
+        value_json: '{}'
+  service:
+    enabled: true
+    type: NodePort
+  probes:
+    liveness:
+      enabled: false
+  config:
+    redisURL: "redis://{{ .Release.Namespace }}-redis-master:6379"

helm/1password-scim-bridge/charts/op-scim-bridge/templates/_helpers.tpl

@@ -0,0 +1,56 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "op-scim-bridge.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "op-scim-bridge.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "op-scim-bridge.labels" -}}
+helm.sh/chart: {{- include "op-scim-bridge.chart" . -}}
+{{- include "op-scim-bridge.selectorLabels" . -}}
+{{- if .Chart.AppVersion -}}
+app.kubernetes.io/version: {{- .Chart.AppVersion | quote -}}
+{{- end -}}
+app.kubernetes.io/managed-by: {{- .Release.Service -}}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "op-scim-bridge.selectorLabels" -}}
+app.kubernetes.io/name: {{- include "op-scim-bridge.name" . -}}
+app.kubernetes.io/instance: {{- .Release.Name -}}
+{{- end -}}
+
+
+{{- define "helm-toolkit.utils.joinListWithComma" -}}
+{{- $local := dict "first" true -}}
+{{- range $k, $v := . -}}{{- if not $local.first -}},{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}}
+{{- end -}}
+
+{{- define "op-scim-bridge.port" -}}
+{{- if .Values.scim.tls.enabled -}}
+{{- .Values.scim.httpsPort  -}}
+{{- else -}}
+{{- .Values.scim.httpPort  -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "op-scim-bridge.url" -}}
+{{- if .Values.scim.tls.enabled -}}
+https://{{- tpl .Values.scim.name . -}}-svc
+{{- else -}}
+http://{{- tpl .Values.scim.name . -}}-svc
+{{- end -}}
+{{- end -}}