Add clientId existing secret option (minio#18768)

thomaspetit · harshavardhana · commit 09b0e7133ddc · 2024-03-03T09:50:39.000-08:00
diff --git a/helm/minio/templates/deployment.yaml b/helm/minio/templates/deployment.yaml
@@ -118,7 +118,14 @@ spec:
             - name: MINIO_IDENTITY_OPENID_CONFIG_URL
               value: {{ .Values.oidc.configUrl }}
             - name: MINIO_IDENTITY_OPENID_CLIENT_ID
+            {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientIdKey }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.oidc.existingClientSecretName }}
+                  key: {{ .Values.oidc.existingClientIdKey }}
+            {{- else }}
               value: {{ .Values.oidc.clientId }}
+            {{- end }}
             - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
             {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }}
               valueFrom:
diff --git a/helm/minio/templates/statefulset.yaml b/helm/minio/templates/statefulset.yaml
@@ -156,7 +156,14 @@ spec:
             - name: MINIO_IDENTITY_OPENID_CONFIG_URL
               value: {{ .Values.oidc.configUrl }}
             - name: MINIO_IDENTITY_OPENID_CLIENT_ID
+            {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientIdKey }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.oidc.existingClientSecretName }}
+                  key: {{ .Values.oidc.existingClientIdKey }}
+            {{- else }}
               value: {{ .Values.oidc.clientId }}
+            {{- end }}
             - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
             {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }}
               valueFrom:
diff --git a/helm/minio/values.yaml b/helm/minio/values.yaml
@@ -486,8 +486,9 @@ oidc:
   configUrl: "https://identity-provider-url/.well-known/openid-configuration"
   clientId: "minio"
   clientSecret: ""
-  # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientSecret`
+  # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientId` and/or `clientSecret``
   existingClientSecretName: ""
+  existingClientIdKey: ""
   existingClientSecretKey: ""
   claimName: "policy"
   scopes: "openid,profile,email"
