Verified Commit 551ea5e2 authored Aug 04, 2025 by João Capucho

fix: Remove oauth client secret values

These values despite the name don't actually configure client secrets
for use in openslice but instead the client secret displayed in the API
documentation. So at best they are not useful and at worst a terrible
footgun to leak client secrets.

parent 14ff4048

kubernetes/helm/openslice/templates/mcp-server.yaml

+0 −2

Original line number	Diff line number	Diff line
		@@ -40,8 +40,6 @@ spec:
		"spring.security.oauth2.resourceserver.jwt.issuer-uri": "{{ .Values.rooturl }}/auth/realms/openslice",
		"springdoc.oAuthFlow.authorizationUrl": "{{ .Values.rooturl }}/auth/realms/openslice/protocol/openid-connect/auth",
		"springdoc.oAuthFlow.tokenUrl": "{{ .Values.rooturl }}/auth/realms/openslice/protocol/openid-connect/token",
		"springdoc.oauth.client-id": "osapiWebClientId",
		"springdoc.oauth.clientsecret": "{{ .Values.mcpserver.springdoc.clientSecret }}",
		"spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false",
		"logging.level.org.springframework": "{{ .Values.mcpserver.spring.logLevel \| default "INFO" }}"
		}

kubernetes/helm/openslice/templates/oasapi.yaml

+0 −2

Original line number	Diff line number	Diff line
		@@ -50,8 +50,6 @@ spec:
		"spring.security.oauth2.resourceserver.jwt.issuer-uri": "{{ .Values.rooturl }}/auth/realms/openslice",
		"springdoc.oAuthFlow.authorizationUrl": "{{ .Values.rooturl }}/auth/realms/openslice/protocol/openid-connect/auth",
		"springdoc.oAuthFlow.tokenUrl": "{{ .Values.rooturl }}/auth/realms/openslice/protocol/openid-connect/token",
		"springdoc.oauth.client-id" : "osapiWebClientId",
		"springdoc.oauth.clientsecret" : "{{ .Values.spring.oauthClientSecret }}",
		"spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false",
		"logging.level.org.springframework" : "{{ .Values.oasapi.spring.logLevel \| default "INFO" }}",
		"server.forward-headers-strategy":"FRAMEWORK"

kubernetes/helm/openslice/templates/osportalapi.yaml

+0 −2

Original line number	Diff line number	Diff line
		@@ -51,8 +51,6 @@ spec:
		"spring.security.oauth2.resourceserver.jwt.issuer-uri": "{{ .Values.rooturl }}/auth/realms/openslice",
		"springdoc.oAuthFlow.authorizationUrl": "{{ .Values.rooturl }}/auth/realms/openslice/protocol/openid-connect/auth",
		"springdoc.oAuthFlow.tokenUrl": "{{ .Values.rooturl }}/auth/realms/openslice/protocol/openid-connect/token",
		"springdoc.oauth.client-id" : "osapiWebClientId",
		"springdoc.oauth.clientsecret" : "{{ .Values.spring.oauthClientSecret }}",
		"spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false",
		"logging.level.org.springframework" : "{{ .Values.portalapi.spring.logLevel \| default "INFO" }}",
		"logging.level.org.etsi.osl.portal.api": "{{ .Values.portalapi.logLevel \| default "INFO" }}",

kubernetes/helm/openslice/templates/osscapi.yaml

+0 −2

Original line number	Diff line number	Diff line
		@@ -51,8 +51,6 @@ spec:
		"spring.security.oauth2.resourceserver.jwt.jwk-set-uri":"{{ .Values.rooturl }}/auth/realms/openslice/.well-known/openid-configuration",
		"springdoc.oAuthFlow.authorizationUrl":"{{ .Values.rooturl }}/auth/realms/openslice/protocol/openid-connect/auth",
		"springdoc.oAuthFlow.tokenUrl":"{{ .Values.rooturl }}/auth/realms/openslice/protocol/openid-connect/token",
		"springdoc.oauth.client-id":"osapiWebClientId",
		"springdoc.oauth.clientsecret" : "{{ .Values.spring.oauthClientSecret }}",
		"spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false",
		"logging.level.org.springframework": "{{ .Values.osscapi.spring.logLevel \| default "INFO" }}",
		"kroki.serverurl":"{{ .Values.rooturl }}/kroki",

kubernetes/helm/openslice/values.yaml

+0 −5

Original line number	Diff line number	Diff line
		@@ -119,9 +119,6 @@ oscreds:
		username: metricouser
		password: "12345"

		spring:
		oauthClientSecret: secret

		mysql:
		storage: 10Gi

		@@ -165,8 +162,6 @@ osscapi:

		mcpserver:
		enabled: true
		springdoc:
		clientSecret: secret
		spring:
		logLevel: INFO