From 09b0e7133ddcb2e2a26a36f2caed59a7b7bc7c88 Mon Sep 17 00:00:00 2001
From: Thomas Petit <thomas.marc.petit@gmail.com>
Date: Sun, 3 Mar 2024 17:17:00 +0100
Subject: [PATCH] Add clientId existing secret option (#18768)

---
 helm/minio/templates/deployment.yaml  | 7 +++++++
 helm/minio/templates/statefulset.yaml | 7 +++++++
 helm/minio/values.yaml                | 3 ++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/helm/minio/templates/deployment.yaml b/helm/minio/templates/deployment.yaml
index bb7fd90ec..d7b405aef 100644
--- a/helm/minio/templates/deployment.yaml
+++ b/helm/minio/templates/deployment.yaml
@@ -118,7 +118,14 @@ spec:
             - name: MINIO_IDENTITY_OPENID_CONFIG_URL
               value: {{ .Values.oidc.configUrl }}
             - name: MINIO_IDENTITY_OPENID_CLIENT_ID
+            {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientIdKey }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.oidc.existingClientSecretName }}
+                  key: {{ .Values.oidc.existingClientIdKey }}
+            {{- else }}
               value: {{ .Values.oidc.clientId }}
+            {{- end }}
             - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
             {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }}
               valueFrom:
diff --git a/helm/minio/templates/statefulset.yaml b/helm/minio/templates/statefulset.yaml
index 1837d7190..938148ea2 100644
--- a/helm/minio/templates/statefulset.yaml
+++ b/helm/minio/templates/statefulset.yaml
@@ -156,7 +156,14 @@ spec:
             - name: MINIO_IDENTITY_OPENID_CONFIG_URL
               value: {{ .Values.oidc.configUrl }}
             - name: MINIO_IDENTITY_OPENID_CLIENT_ID
+            {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientIdKey }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.oidc.existingClientSecretName }}
+                  key: {{ .Values.oidc.existingClientIdKey }}
+            {{- else }}
               value: {{ .Values.oidc.clientId }}
+            {{- end }}
             - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
             {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }}
               valueFrom:
diff --git a/helm/minio/values.yaml b/helm/minio/values.yaml
index 5783b5c09..b7129da54 100644
--- a/helm/minio/values.yaml
+++ b/helm/minio/values.yaml
@@ -486,8 +486,9 @@ oidc:
   configUrl: "https://identity-provider-url/.well-known/openid-configuration"
   clientId: "minio"
   clientSecret: ""
-  # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientSecret`
+  # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientId` and/or `clientSecret``
   existingClientSecretName: ""
+  existingClientIdKey: ""
   existingClientSecretKey: ""
   claimName: "policy"
   scopes: "openid,profile,email"