From b5cbe018e31d1353c2d2181e10e18020f4e12efe Mon Sep 17 00:00:00 2001
From: Ryan Richard <richardry@vmware.com>
Date: Wed, 20 Jan 2021 17:06:50 -0500
Subject: [PATCH] Allow passing multiple redirect URIs to Dex

We need this in CI when we want to configure Dex with the redirect URI for both
primary and secondary deploys at one time (since we only stand up Dex once).

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
---
 hack/lib/tilt/Tiltfile                | 2 +-
 hack/prepare-for-integration-tests.sh | 2 +-
 test/deploy/dex/dex.yaml              | 6 ++----
 test/deploy/dex/values.yaml           | 6 ++++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hack/lib/tilt/Tiltfile b/hack/lib/tilt/Tiltfile
index c1c40bf7..f97b8e5c 100644
--- a/hack/lib/tilt/Tiltfile
+++ b/hack/lib/tilt/Tiltfile
@@ -25,7 +25,7 @@ local_resource(
 # Render the IDP installation manifest using ytt.
 k8s_yaml(local(['ytt',
     '--file', '../../../test/deploy/dex',
-    '--data-value', 'supervisor_redirect_uri=https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback',
+    '--data-value-yaml', 'supervisor_redirect_uris=[https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback]',
 ]))
 # Tell tilt to watch all of those files for changes.
 watch_file('../../../test/deploy/dex')
diff --git a/hack/prepare-for-integration-tests.sh b/hack/prepare-for-integration-tests.sh
index 21e99aa4..8eb07b54 100755
--- a/hack/prepare-for-integration-tests.sh
+++ b/hack/prepare-for-integration-tests.sh
@@ -185,7 +185,7 @@ if ! tilt_mode; then
   log_note "Deploying Dex to the cluster..."
   ytt --file . >"$manifest"
   ytt --file . \
-    --data-value "supervisor_redirect_uri=https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback" \
+    --data-value-yaml "supervisor_redirect_uris=[https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback]" \
     >"$manifest"
 
   kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema.
diff --git a/test/deploy/dex/dex.yaml b/test/deploy/dex/dex.yaml
index 9f7e4c41..624e14c9 100644
--- a/test/deploy/dex/dex.yaml
+++ b/test/deploy/dex/dex.yaml
@@ -1,4 +1,4 @@
-#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
+#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
 #! SPDX-License-Identifier: Apache-2.0
 
 #@ load("@ytt:data", "data")
@@ -27,8 +27,7 @@ staticClients:
 - id: pinniped-supervisor
   name: 'Pinniped Supervisor'
   secret: pinniped-supervisor-secret
-  redirectURIs:
-  - #@ data.values.supervisor_redirect_uri
+  redirectURIs: #@ data.values.supervisor_redirect_uris
 enablePasswordDB: true
 staticPasswords:
 - username: "pinny"
@@ -114,4 +113,3 @@ spec:
   - name: https
     port: 443
     targetPort: 8443
-
diff --git a/test/deploy/dex/values.yaml b/test/deploy/dex/values.yaml
index 8bb90da5..56e72c36 100644
--- a/test/deploy/dex/values.yaml
+++ b/test/deploy/dex/values.yaml
@@ -1,4 +1,4 @@
-#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
+#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
 #! SPDX-License-Identifier: Apache-2.0
 
 #@data/values
@@ -16,4 +16,6 @@ ports:
   #! our Kind configuration which maps 127.0.0.1:12346 to port 31235 on the Kind worker node.
   local: 12346
 
-supervisor_redirect_uri: ""
\ No newline at end of file
+#! supervisor_redirect_uris is an array of redirect uris that dex will use for its pinniped-supervisor client.
+#! usage: --data-value-yaml "supervisor_redirect_uris=[some-redirect.com,some-other-redirect.com]"
+supervisor_redirect_uris: []