From d2e03ee9a7401c4f532e4b1b5aba27149face8fb Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 30 Jan 2024 11:02:42 +0000
Subject: [PATCH] fix: add support for custom istio gateways (#623)

---
 .../gluu/charts/casa/templates/casa-virtual-services.yaml | 6 ++++++
 .../charts/fido2/templates/fido2-virtual-services.yaml    | 8 +++++++-
 .../charts/gluu-istio-ingress/templates/gluu-gateway.yaml | 3 ++-
 .../charts/oxauth/templates/oxauth-virtual-services.yaml  | 8 +++++++-
 .../oxpassport/templates/oxpassport-virtual-services.yaml | 6 ++++++
 .../oxtrust/templates/oxtrust-virtual-services.yaml       | 6 ++++++
 .../gluu/charts/scim/templates/scim-virtual-services.yaml | 8 +++++++-
 pygluu/kubernetes/templates/helm/gluu/values.yaml         | 4 ++++
 8 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml
index 6b197fc81..6af092a4a 100644
--- a/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml
+++ b/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml
@@ -18,7 +18,13 @@ metadata:
 {{- end }}
 spec:
   gateways:
+{{- if .Values.global.istio.gateways }}
+{{- with .Values.global.istio.gateways }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- else }}
   - {{ .Release.Name }}-global-gtw
+{{- end }}
   hosts:
   - {{ .Values.global.domain }}
   http:
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml
index 65f6ee5d8..bb6233fe0 100644
--- a/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml
+++ b/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml
@@ -20,7 +20,13 @@ spec:
   hosts:
   - {{ .Values.global.domain }}
   gateways:
-  - {{ .Release.Name }}-global-gtw 
+{{- if .Values.global.istio.gateways }}
+{{- with .Values.global.istio.gateways }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- else }}
+  - {{ .Release.Name }}-global-gtw
+{{- end }}
   http:
   - name: {{ .Release.Name }}-istio-fido2-configuration
     match:
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/gluu-istio-ingress/templates/gluu-gateway.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/gluu-istio-ingress/templates/gluu-gateway.yaml
index e85cc3001..601b0660a 100644
--- a/pygluu/kubernetes/templates/helm/gluu/charts/gluu-istio-ingress/templates/gluu-gateway.yaml
+++ b/pygluu/kubernetes/templates/helm/gluu/charts/gluu-istio-ingress/templates/gluu-gateway.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.global.istio.gateways }}
 apiVersion: networking.istio.io/v1alpha3
 kind: Gateway
 metadata:
@@ -33,4 +34,4 @@ spec:
     tls:
       mode: SIMPLE # enable https on this port
       credentialName: tls-certificate # fetch cert from k8s secret
-  
\ No newline at end of file
+{{- end }}
\ No newline at end of file
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/oxauth-virtual-services.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/oxauth-virtual-services.yaml
index 3e7104fa1..4c510e80a 100644
--- a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/oxauth-virtual-services.yaml
+++ b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/oxauth-virtual-services.yaml
@@ -20,7 +20,13 @@ spec:
   hosts:
   - {{ .Values.global.domain }}
   gateways:
-  - {{ .Release.Name }}-global-gtw # can omit the namespace if gateway is in same namespace as virtual service.
+{{- if .Values.global.istio.gateways }}
+{{- with .Values.global.istio.gateways }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- else }}
+  - {{ .Release.Name }}-global-gtw
+{{- end }} # can omit the namespace if gateway is in same namespace as virtual service.
   http:
   - name: "{{ .Release.Name }}-istio-openid-config"
     match:
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-virtual-services.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-virtual-services.yaml
index 64f02e3fd..5bf1f047d 100644
--- a/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-virtual-services.yaml
+++ b/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-virtual-services.yaml
@@ -19,7 +19,13 @@ spec:
   hosts:
   - {{ .Values.global.domain }}
   gateways:
+{{- if .Values.global.istio.gateways }}
+{{- with .Values.global.istio.gateways }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- else }}
   - {{ .Release.Name }}-global-gtw
+{{- end }}
   http:
   - name: {{ .Release.Name }}-istio-passport
     match:
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxtrust/templates/oxtrust-virtual-services.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/oxtrust/templates/oxtrust-virtual-services.yaml
index 2d8e45961..04a7470cb 100644
--- a/pygluu/kubernetes/templates/helm/gluu/charts/oxtrust/templates/oxtrust-virtual-services.yaml
+++ b/pygluu/kubernetes/templates/helm/gluu/charts/oxtrust/templates/oxtrust-virtual-services.yaml
@@ -19,7 +19,13 @@ spec:
   hosts:
   - {{ .Values.global.domain }}
   gateways:
+{{- if .Values.global.istio.gateways }}
+{{- with .Values.global.istio.gateways }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- else }}
   - {{ .Release.Name }}-global-gtw
+{{- end }}
   http:
   - name: "{{ .Release.Name }}-istio-base"
     match:
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml
index 974396289..0c4260275 100644
--- a/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml
+++ b/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml
@@ -20,7 +20,13 @@ spec:
   hosts:
   - {{ .Values.global.domain }}
   gateways:
-  - {{ .Release.Name }}-global-gtw # can omit the namespace if gateway is in same namespace as virtual service.
+{{- if .Values.global.istio.gateways }}
+{{- with .Values.global.istio.gateways }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- else }}
+  - {{ .Release.Name }}-global-gtw
+{{- end }} # can omit the namespace if gateway is in same namespace as virtual service.
   http:
   - name: {{ .Release.Name }}-istio-scim-config
     match:
diff --git a/pygluu/kubernetes/templates/helm/gluu/values.yaml b/pygluu/kubernetes/templates/helm/gluu/values.yaml
index c2ed40a51..09f01df83 100644
--- a/pygluu/kubernetes/templates/helm/gluu/values.yaml
+++ b/pygluu/kubernetes/templates/helm/gluu/values.yaml
@@ -14,6 +14,10 @@ global:
     ingress: false
     # -- Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.
     enabled: false
+    # -- Custom istio gateways name to be used for Gluu. This is only used when global.istio.enabled is set to true and a gateway has been created in the environment outside this helm chart lifecycle.
+    #gateways:
+    #  - "gluu-gateway"
+    gateways: []
     # -- The namespace istio is deployed in. The is normally istio-system.
     namespace: istio-system
     # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"}