From 14cc25546f9bc8a11cd60d218a1cd3728431fd70 Mon Sep 17 00:00:00 2001
From: Ronny Trommer <ronny@no42.org>
Date: Wed, 14 Aug 2024 08:54:02 +0200
Subject: [PATCH] [ENHANCEMENT] Allow users to configure security/cookie
 settings (#18)

Add the Cookie security settings to the config schema and set the defaults the same way as described in the
documentation.

Signed-off-by: Ronny Trommer <ronny@no42.org>
---
 charts/perses/README.md             |  4 +++-
 charts/perses/templates/config.yaml |  4 ++++
 charts/perses/values.schema.json    | 17 +++++++++++++++++
 charts/perses/values.yaml           |  7 +++++++
 4 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/charts/perses/README.md b/charts/perses/README.md
index 846e4e8..9bb085d 100644
--- a/charts/perses/README.md
+++ b/charts/perses/README.md
@@ -29,7 +29,7 @@ helm delete my-release
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | annotations | object | `{}` | Statefulset Annotations |
-| config | object | `{"annotations":{},"database":{"file":{"extension":"json","folder":"/perses"},"sql":{}},"important_dashboards":[],"provisioning":{"folders":["/etc/perses/datasources"]},"schemas":{"datasources_path":"/etc/perses/cue/schemas/datasources","interval":"5m","panels_path":"/etc/perses/cue/schemas/panels","queries_path":"/etc/perses/cue/schemas/queries","variables_path":"/etc/perses/cue/schemas/variables"},"security":{"enableAuth":false,"readOnly":false}}` | Perses configuration file ref: https://github.com/perses/perses/blob/main/docs/user-guides/configuration.md |
+| config | object | `{"annotations":{},"database":{"file":{"extension":"json","folder":"/perses"},"sql":{}},"important_dashboards":[],"provisioning":{"folders":["/etc/perses/datasources"]},"schemas":{"datasources_path":"/etc/perses/cue/schemas/datasources","interval":"5m","panels_path":"/etc/perses/cue/schemas/panels","queries_path":"/etc/perses/cue/schemas/queries","variables_path":"/etc/perses/cue/schemas/variables"},"security":{"cookie":{"same_site":"lax","secure":false},"enableAuth":false,"readOnly":false}}` | Perses configuration file ref: https://github.com/perses/perses/blob/main/docs/user-guides/configuration.md |
 | config.annotations | object | `{}` | Annotations for config |
 | config.database | object | `{"file":{"extension":"json","folder":"/perses"},"sql":{}}` | Database config based on data base type |
 | config.database.file | object | `{"extension":"json","folder":"/perses"}` | file system configs |
@@ -37,8 +37,10 @@ helm delete my-release
 | config.important_dashboards | list | `[]` | Important dashboards list |
 | config.provisioning | object | `{"folders":["/etc/perses/datasources"]}` | provisioning config |
 | config.schemas | object | `{"datasources_path":"/etc/perses/cue/schemas/datasources","interval":"5m","panels_path":"/etc/perses/cue/schemas/panels","queries_path":"/etc/perses/cue/schemas/queries","variables_path":"/etc/perses/cue/schemas/variables"}` | Schemas paths |
+| config.security.cookie | object | `{"same_site":"lax","secure":false}` | cookie config |
 | config.security.enableAuth | bool | `false` | Enable Authentication |
 | config.security.readOnly | bool | `false` | Configure Perses instance as readonly |
+| datasources | list | `[]` | Configure datasources ref: https://github.com/perses/perses/blob/90beed356243208f14cf2249bebb6f6222cb77ae/docs/datasource.md |
 | fullnameOverride | string | `""` | Override fully qualified app name |
 | image.name | string | `"persesdev/perses"` | Perses image repository and name |
 | image.pullPolicy | string | `"IfNotPresent"` | Default image pull policy |
diff --git a/charts/perses/templates/config.yaml b/charts/perses/templates/config.yaml
index 24f5222..d863195 100644
--- a/charts/perses/templates/config.yaml
+++ b/charts/perses/templates/config.yaml
@@ -13,6 +13,10 @@ data:
     security:
       readonly: {{ .Values.config.security.readOnly }}
       enable_auth: {{ .Values.config.security.enableAuth }}
+      {{- with .Values.config.security.cookie }}
+      cookie:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
 
     database:
       {{- with .Values.config.database.file }}
diff --git a/charts/perses/values.schema.json b/charts/perses/values.schema.json
index 872f7a7..f0b5e1e 100644
--- a/charts/perses/values.schema.json
+++ b/charts/perses/values.schema.json
@@ -102,6 +102,23 @@
               "type": "boolean",
               "default": false
             },
+            "cookie": {
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "same_site": {
+                  "type": "string",
+                  "enum": [
+                    "strict",
+                    "lax",
+                    "none"
+                  ]
+                },
+                "secure": {
+                  "type": "boolean"
+                }
+              }
+            },
             "enableAuth": {
               "type": "boolean",
               "default": false
diff --git a/charts/perses/values.yaml b/charts/perses/values.yaml
index 413aec3..fd574e8 100644
--- a/charts/perses/values.yaml
+++ b/charts/perses/values.yaml
@@ -98,6 +98,13 @@ config:
     readOnly: false
     # -- Enable Authentication
     enableAuth: false
+    # -- cookie config
+    cookie:
+      same_site: lax
+      secure: false
+      # [ same_site: < enum | possibleValue = 'strict' | 'lax' | 'none' > | default = lax ]
+      # Set to true if you host Perses behind HTTPS. Default is false
+      # [ secure: <boolean> | default = false ]
 
   # -- Schemas paths
   schemas: