Unicorn: omniauth.allowSingleSignOn handling is poorly implemented and documented
Summary
gitlab.unicorn.omniauth.allowSingleSignOn is documented as defaulting to false
, while the values.yaml
sets ['saml']
, as is shown in OmniAuth header of the documentation. The documentation also does not show the array syntax.
The problem here is that the templating of allowSingleSignOn
does not take into account the actual default value behaviors.
Details
Technically correct answers in gitlab.yml
:
false
true
['saml', 'google_oauth2']
Templating via allow_single_sign_on: {{ .Values.omniauth.allowSingleSignOn }}
is a simple and direct route to providing any of the valid values, as an array will be stringified when presented.
properties (--set ) |
output |
---|---|
omniauth.allowSingleSignOn=false |
allow_single_sign_on: false |
omniauth.allowSingleSignOn=true |
allow_single_sign_on: true |
omniauth.allowSingleSignOn[0]=saml |
allow_single_sign_on: [saml] |
omniauth.allowSingleSignOn=[] |
allow_single_sign_on: [] |
omniauth.allowSingleSignOn=[saml] |
allow_single_sign_on: [saml] |
omniauth.allowSingleSignOn=[saml,google] |
Error: failed parsing --set data: key "google]" has no value |
Discussion point
Should we switch to explicitly handling this property as an array, treating []
as false
and ['*']
as true
at the time of the template, or continue with the possibility of the property having two modes of operation (boolean or array)?
cc @rmarshall per discussion