Add environment variables related to Apple App Attestation.

.gitignore

@@ -7,3 +7,4 @@ local/*
 .helm
 tilt_modules/
 .idea/
+.DS_Store

charts/tidepool/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: A Helm chart for Tidepool
 name: tidepool
-version: 0.14.5
+version: 0.14.6
 maintainers:
   - name: Todd Kazakov
     email: [email protected]

charts/tidepool/charts/auth/README.md

@@ -14,6 +14,9 @@ Helm chart for the Tidepool auth service
 | configmap.data_.AppleDeviceCheckKeyId | string | `"B542R658GF"` |  |
 | configmap.data_.AppleDeviceCheckKeyIssuer | string | `"75U4X84TEG"` | used for checking generating jwts, which are required for checking the validity of apple device tokens during the insulet authorization flow.  |
 | configmap.data_.AppleDeviceCheckUseDevelopment | string | `"true"` |  |
+| configmap.data_.AppValidationUseDevelopment | string | `"true"` |  |
+| configmap.data_.AppValidationAppleAppIDs | string | `"75U4X84TEG.org.tidepool.coastal.Loop,75U4X84TEG.org.tidepool.Loop"` |  |
+| configmap.data_.AppValidationChallengeSize | string | `"16"` |  |
 | deployment.image | string | `"tidepool/platform-auth:master-latest"` | auth Docker image |
 | deployment.replicas | int | `1` | number of replicas to deploy |
 | hpa.enabled | bool | `false` | whether to create a horizontal pod autoscalers for all pods of given deployment |

charts/tidepool/charts/auth/templates/0-configmap.yaml

@@ -11,4 +11,7 @@ data:
   AppleDeviceCheckKeyId: {{ .AppleDeviceCheckKeyId | default "" }}
   AppleDeviceCheckKeyIssuer: {{ .AppleDeviceCheckKeyIssuer | default "" }}
   AppleDeviceCheckUseDevelopment: "{{ .AppleDeviceCheckUseDevelopment | default "true" }}"
+  AppValidationUseDevelopment: "{{ .AppValidationUseDevelopment | default "true" }}"
+  AppValidationAppleAppIDs: "{{ .AppValidationAppleAppIDs | default "" }}"
+  AppValidationChallengeSize: "{{ .AppValidationChallengeSize | default "16" }}"
 {{- end }}

charts/tidepool/charts/auth/templates/1-deployment.yaml

@@ -120,6 +120,24 @@ spec:
               name: auth
               key: AppleDeviceCheckUseDevelopment
               optional: true
+        - name: TIDEPOOL_APPVALIDATION_USE_DEVELOPMENT
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppValidationUseDevelopment
+              optional: true
+        - name: TIDEPOOL_APPVALIDATION_APPLE_APP_IDS
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppValidationAppleAppIDs
+              optional: true
+        - name: TIDEPOOL_APPVALIDATION_CHALLENGE_SIZE
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppValidationChallengeSize
+              optional: true
         image: "{{ .Values.deployment.image }}"
         securityContext:
           {{- .Values.podSecurityContext | toYaml | nindent 10 }}

charts/tidepool/charts/auth/values.yaml

@@ -10,6 +10,10 @@ configmap:
     AppleDeviceCheckKeyIssuer: "75U4X84TEG"
     AppleDeviceCheckKeyId: "B542R658GF"
     AppleDeviceCheckUseDevelopment: "true"
+    # -- used for app attestation to determine if an app is a valid instance of an IOS app.
+    AppValidationUseDevelopment: "true"
+    AppValidationAppleAppIDs: "75U4X84TEG.org.tidepool.coastal.Loop,75U4X84TEG.org.tidepool.Loop"
+    AppValidationChallengeSize: "16"
 deployment:
   # -- auth Docker image
   image: tidepool/platform-auth:master-latest