Skip to content

fix: add no-config legacy mode for external config management#404

Open
pierluigilenoci wants to merge 7 commits intooauth2-proxy:mainfrom
pierluigilenoci:fix/no-config-mode-external-secrets
Open

fix: add no-config legacy mode for external config management#404
pierluigilenoci wants to merge 7 commits intooauth2-proxy:mainfrom
pierluigilenoci:fix/no-config-mode-external-secrets

Conversation

@pierluigilenoci
Copy link
Copy Markdown
Member

@pierluigilenoci pierluigilenoci commented Mar 29, 2026

Summary

  • Add no-config legacy-config mode: when alphaConfig.enabled=false and forceLegacyConfig=false, skip ConfigMap generation, volume mount, and --config flag
  • This restores support for users managing oauth2-proxy configuration via external means (e.g., CSI SecretStore Driver) that was broken by feat: add forceLegacyConfig flag for alphaConfig compatibility #385
  • Add CI test values file for the no-config scenario
  • Update values.yaml documentation

Fixes the issue reported in #385 (comment)

Test plan

  • helm template with no-config-values.yaml produces no ConfigMap, no --config flag, no config volume mount
  • helm template with default-values.yaml still generates ConfigMap and --config flag (no regression)
  • helm lint passes for all CI value files (24/24 pass)
  • Verify external config management via CSI SecretStore Driver works with config.forceLegacyConfig: false

@pierluigilenoci
fix: add no-config legacy mode for external config management
37b40ad 
When alphaConfig.enabled=false and forceLegacyConfig=false, the chart
now skips ConfigMap generation, volume mount, and --config flag entirely.
This restores support for users managing oauth2-proxy configuration via
external means (e.g., CSI SecretStore Driver) that was broken by oauth2-proxy#385.

Closes oauth2-proxy#385 (discussion_r3001082837)

Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
@pierluigilenoci pierluigilenoci force-pushed the fix/no-config-mode-external-secrets branch from ff8095d to 37b40ad Compare March 29, 2026 15:12
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a “no-config” legacy mode to the Helm chart so users can fully manage oauth2-proxy configuration externally (e.g., CSI SecretStore), by preventing the chart from generating/mounting a legacy ConfigMap and omitting the --config flag.

Changes:

  • Introduces no-config as a new legacy-config mode and updates templates to skip legacy ConfigMap generation/mounting and the --config arg in that mode.
  • Adds a CI values file to exercise the no-config scenario.
  • Updates values.yaml documentation to describe the no-config behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
helm/oauth2-proxy/values.yaml Documents the new no-config behavior and how it relates to alphaConfig.enabled / forceLegacyConfig.
helm/oauth2-proxy/templates/deployment.yaml Conditionally omits --config and the legacy config volume/mount when in no-config mode; adjusts checksum behavior accordingly.
helm/oauth2-proxy/templates/configmap.yaml Skips legacy ConfigMap rendering when in no-config mode (or using an existing ConfigMap).
helm/oauth2-proxy/templates/_helpers.tpl Adds no-config to the legacy-config mode helper logic.
helm/oauth2-proxy/ci/no-config-values.yaml Adds CI coverage for the no-config values scenario.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pierluigilenoci pierluigilenoci mentioned this pull request Mar 29, 2026
Open
5 tasks
@pierluigilenoci
fix: bump chart version and fix documentation per Copilot review
0b8ceb3 
- Bump chart version to 10.4.3 with changelog entry
- Fix helper doc comment to accurately describe all legacy-config modes
- Clarify that no-config mode only applies when neither configFile
  nor existingConfig are set (those always take precedence)

Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
@pierluigilenoci pierluigilenoci requested a review from Copilot March 29, 2026 15:25
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pierluigilenoci
Copy link
Copy Markdown
Member Author

pierluigilenoci commented Mar 29, 2026
edited
Loading

Re: Copilot comment on _helpers.tpl line 173

Fixed in 77b50d6: updated the doc comment to accurately reflect that config.existingConfig and config.configFile are ignored when alphaConfig.enabled=true and forceLegacyConfig=false (first branch takes precedence). Each bullet now clearly states under which conditions it applies.

@pierluigilenoci
docs: clarify legacy-config mode resolution for alphaConfig override
77b50d6 
The doc comment now accurately reflects that config.existingConfig and
config.configFile are ignored when alphaConfig.enabled=true and
forceLegacyConfig=false (first branch takes precedence).

Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
@pierluigilenoci pierluigilenoci requested a review from Copilot March 29, 2026 15:55
@pierluigilenoci
chore: bump chart version to 10.5.0 (minor, new feature)
739cefd 
This is a new feature (no-config mode), not a bug fix,
so it warrants a minor version bump per semver.

Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pierluigilenoci pierluigilenoci mentioned this pull request Mar 29, 2026
Open
4 tasks
@pierluigilenoci
fix(ci): add minimum required args to no-config CI test
b601763 
Without a config file, oauth2-proxy needs email-domain and upstream
passed via extraArgs to start successfully.

Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
@pierluigilenoci pierluigilenoci requested a review from Copilot March 29, 2026 17:47
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pierluigilenoci pierluigilenoci requested a review from Copilot March 29, 2026 18:33
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pierluigilenoci
docs: update forceLegacyConfig description to cover no-config mode
ca0992a 
The flag now also has an effect when alphaConfig.enabled=false: setting
forceLegacyConfig=false disables config generation entirely.

Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
@pierluigilenoci pierluigilenoci requested a review from Copilot March 29, 2026 19:15
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pierluigilenoci
docs: replace ambiguous 'option 3' reference with 'no-config mode'
4294558 
Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
@pierluigilenoci pierluigilenoci requested a review from Copilot March 29, 2026 20:55
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

MattiasGees
MattiasGees approved these changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

@MattiasGees MattiasGees left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tuunit tuunit Awaiting requested review from tuunit

+1 more reviewer

@MattiasGees MattiasGees MattiasGees approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pierluigilenoci @MattiasGees