From 61c46fe32615943961c5380b36697b9842c2402b Mon Sep 17 00:00:00 2001
From: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com>
Date: Sat, 14 Jan 2023 23:52:31 +0100
Subject: [PATCH] Bumped chart version and added missing configuration value

---
 helm/oauth2-proxy/Chart.yaml                | 2 +-
 helm/oauth2-proxy/README.md                 | 1 +
 helm/oauth2-proxy/templates/deployment.yaml | 3 +++
 helm/oauth2-proxy/values.yaml               | 1 +
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
index 62f707a3..5328f511 100644
--- a/helm/oauth2-proxy/Chart.yaml
+++ b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 6.7.3
+version: 6.7.4
 apiVersion: v2
 appVersion: 7.4.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/
diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md
index 22f110a8..9c20db38 100644
--- a/helm/oauth2-proxy/README.md
+++ b/helm/oauth2-proxy/README.md
@@ -111,6 +111,7 @@ Parameter | Description | Default
 `customLabels` | Custom labels to add into metadata | `{}` |
 `config.google.adminEmail` | user impersonated by the google service account | `""`
 `config.google.useApplicationDefaultCredentials` | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account json | `false`
+`config.google.targetPrincipal` | service account to use/impersonate | `""`
 `config.google.serviceAccountJson` | google service account json contents | `""`
 `config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil`
 `config.google.groups` | restrict logins to members of these google groups | `[]`
diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml
index 744f6e08..811bff3c 100644
--- a/helm/oauth2-proxy/templates/deployment.yaml
+++ b/helm/oauth2-proxy/templates/deployment.yaml
@@ -102,6 +102,9 @@ spec:
         {{- else }}
           - --google-service-account-json=/google/service-account.json
         {{- end }}
+        {{- if .targetPrincipal }}
+          - --google-target-principal={{ .targetPrincipal }}
+        {{- end }}
         {{- end }}
         {{- if .groups }}
         {{- range $group := .groups }}
diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
index 8d640e8f..3815ce5c 100644
--- a/helm/oauth2-proxy/values.yaml
+++ b/helm/oauth2-proxy/values.yaml
@@ -23,6 +23,7 @@ config:
   google: {}
     # adminEmail: xxxx
     # useApplicationDefaultCredentials: true
+    # targetPrincipal: xxxx
     # serviceAccountJson: xxxx
     # Alternatively, use an existing secret (see google-secret.yaml for required fields)
     # Example: