[ENHANCEMENT] Allow users to configure security/cookie settings (#18)

Add the Cookie security settings to the config schema and set the defaults the same way as described in the documentation. Signed-off-by: Ronny Trommer <[email protected]>
perses · Aug 14, 2024 · 14cc255 · 14cc255
1 parent b40788e
commit 14cc255
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 1 deletion.
diff --git a/charts/perses/README.md b/charts/perses/README.md
@@ -29,16 +29,18 @@ helm delete my-release
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | annotations | object | `{}` | Statefulset Annotations |
-| config | object | `{"annotations":{},"database":{"file":{"extension":"json","folder":"/perses"},"sql":{}},"important_dashboards":[],"provisioning":{"folders":["/etc/perses/datasources"]},"schemas":{"datasources_path":"/etc/perses/cue/schemas/datasources","interval":"5m","panels_path":"/etc/perses/cue/schemas/panels","queries_path":"/etc/perses/cue/schemas/queries","variables_path":"/etc/perses/cue/schemas/variables"},"security":{"enableAuth":false,"readOnly":false}}` | Perses configuration file ref: https://github.com/perses/perses/blob/main/docs/user-guides/configuration.md |
+| config | object | `{"annotations":{},"database":{"file":{"extension":"json","folder":"/perses"},"sql":{}},"important_dashboards":[],"provisioning":{"folders":["/etc/perses/datasources"]},"schemas":{"datasources_path":"/etc/perses/cue/schemas/datasources","interval":"5m","panels_path":"/etc/perses/cue/schemas/panels","queries_path":"/etc/perses/cue/schemas/queries","variables_path":"/etc/perses/cue/schemas/variables"},"security":{"cookie":{"same_site":"lax","secure":false},"enableAuth":false,"readOnly":false}}` | Perses configuration file ref: https://github.com/perses/perses/blob/main/docs/user-guides/configuration.md |
 | config.annotations | object | `{}` | Annotations for config |
 | config.database | object | `{"file":{"extension":"json","folder":"/perses"},"sql":{}}` | Database config based on data base type |
 | config.database.file | object | `{"extension":"json","folder":"/perses"}` | file system configs |
 | config.database.sql | object | `{}` | SQL Config |
 | config.important_dashboards | list | `[]` | Important dashboards list |
 | config.provisioning | object | `{"folders":["/etc/perses/datasources"]}` | provisioning config |
 | config.schemas | object | `{"datasources_path":"/etc/perses/cue/schemas/datasources","interval":"5m","panels_path":"/etc/perses/cue/schemas/panels","queries_path":"/etc/perses/cue/schemas/queries","variables_path":"/etc/perses/cue/schemas/variables"}` | Schemas paths |
+| config.security.cookie | object | `{"same_site":"lax","secure":false}` | cookie config |
 | config.security.enableAuth | bool | `false` | Enable Authentication |
 | config.security.readOnly | bool | `false` | Configure Perses instance as readonly |
+| datasources | list | `[]` | Configure datasources ref: https://github.com/perses/perses/blob/90beed356243208f14cf2249bebb6f6222cb77ae/docs/datasource.md |
 | fullnameOverride | string | `""` | Override fully qualified app name |
 | image.name | string | `"persesdev/perses"` | Perses image repository and name |
 | image.pullPolicy | string | `"IfNotPresent"` | Default image pull policy |

diff --git a/charts/perses/templates/config.yaml b/charts/perses/templates/config.yaml
@@ -13,6 +13,10 @@ data:
     security:
       readonly: {{ .Values.config.security.readOnly }}
       enable_auth: {{ .Values.config.security.enableAuth }}
+      {{- with .Values.config.security.cookie }}
+      cookie:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
 
     database:
       {{- with .Values.config.database.file }}

diff --git a/charts/perses/values.schema.json b/charts/perses/values.schema.json
@@ -102,6 +102,23 @@
               "type": "boolean",
               "default": false
             },
+            "cookie": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "same_site": {
+                  "type": "string",
+                  "enum": [
+                    "strict",
+                    "lax",
+                    "none"
+                  ]
+                },
+                "secure": {
+                  "type": "boolean"
+                }
+              }
+            },
             "enableAuth": {
               "type": "boolean",
               "default": false

diff --git a/charts/perses/values.yaml b/charts/perses/values.yaml
@@ -98,6 +98,13 @@ config:
     readOnly: false
     # -- Enable Authentication
     enableAuth: false
+    # -- cookie config
+    cookie:
+      same_site: lax
+      secure: false
+      # [ same_site: < enum | possibleValue = 'strict' | 'lax' | 'none' > | default = lax ]
+      # Set to true if you host Perses behind HTTPS. Default is false
+      # [ secure: <boolean> | default = false ]
 
   # -- Schemas paths
   schemas: