From e4080620acfd0fb34b5335c616e41ef3490cc4f2 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Thu, 5 Dec 2019 16:51:44 +0100
Subject: [PATCH] Add job to create oauth2 client
---
helmchart/single-sign-on/requirements.yaml | 2 +-
.../templates/deployment-consent.yaml | 2 +-
.../templates/deployment-login.yaml | 2 +-
.../templates/deployment-userfrontend.yaml | 4 +-
.../job-create-oauth2-client-userpanel.yaml | 66 +++++++++++++++++++
.../templates/oauth2client-user-panel.yaml | 13 ----
.../secret-oauth2-client-userpanel.yaml | 8 +++
helmchart/single-sign-on/values.yaml | 2 +
8 files changed, 81 insertions(+), 18 deletions(-)
create mode 100644 helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml
delete mode 100644 helmchart/single-sign-on/templates/oauth2client-user-panel.yaml
create mode 100644 helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml
diff --git a/helmchart/single-sign-on/requirements.yaml b/helmchart/single-sign-on/requirements.yaml
index f03d08f..62e9238 100644
--- a/helmchart/single-sign-on/requirements.yaml
+++ b/helmchart/single-sign-on/requirements.yaml
@@ -1,6 +1,6 @@
dependencies:
- name: hydra
- version: 0.0.46
+ version: 0.0.47
repository: "@ory"
tags:
- single-sign-on
diff --git a/helmchart/single-sign-on/templates/deployment-consent.yaml b/helmchart/single-sign-on/templates/deployment-consent.yaml
index c2c8b1f..69a8926 100644
--- a/helmchart/single-sign-on/templates/deployment-consent.yaml
+++ b/helmchart/single-sign-on/templates/deployment-consent.yaml
@@ -20,7 +20,7 @@ spec:
imagePullPolicy: Always
env:
- name: HYDRA_ADMIN_URL
- value: http://{{ .Release.Name }}-admin:4445
+ value: http://{{ .Release.Name }}-hydra-admin:4445
- name: GRAPHQL_URL
value: http://{{ include "single-sign-on.fullname" . }}-userbackend/graphql
ports:
diff --git a/helmchart/single-sign-on/templates/deployment-login.yaml b/helmchart/single-sign-on/templates/deployment-login.yaml
index 8910ee7..e91f9e9 100644
--- a/helmchart/single-sign-on/templates/deployment-login.yaml
+++ b/helmchart/single-sign-on/templates/deployment-login.yaml
@@ -20,7 +20,7 @@ spec:
imagePullPolicy: Always
env:
- name: HYDRA_ADMIN_URL
- value: http://{{ .Release.Name }}-admin:4445
+ value: http://{{ .Release.Name }}-hydra-admin:4445
- name: GRAPHQL_URL
value: http://{{ include "single-sign-on.fullname" . }}-userbackend/graphql
ports:
diff --git a/helmchart/single-sign-on/templates/deployment-userfrontend.yaml b/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
index 1aa814a..2b0e845 100644
--- a/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
+++ b/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
@@ -38,12 +38,12 @@ spec:
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
- name: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel
+ name: userpanel-oauth2-client
key: client_id
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
- name: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel
+ name: userpanel-oauth2-client
key: client_secret
ports:
- name: userpanel
diff --git a/helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml b/helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml
new file mode 100644
index 0000000..3abecb3
--- /dev/null
+++ b/helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml
@@ -0,0 +1,66 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "single-sign-on.fullname" . }}-create-oauth2-client
+ labels:
+{{ include "single-sign-on.labels" . | indent 4 }}
+ annontations:
+ "helm.sh/hook": post-install
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/managed-by: {{.Release.Service | quote }}
+ app.kubernetes.io/instance: {{.Release.Name | quote }}
+ helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: user-panel
+ image: "open.greenhost.net:4567/openappstack/user-panel/backend:minimal-frontend"
+ env:
+ - name: CLIENT_ID
+ valueFrom:
+ secretKeyRef:
+ name: userpanel-oauth2-client
+ key: client_id
+ - name: CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: userpanel-oauth2-client
+ key: client_secret
+ - name: CLIENT_NAME
+ value: user-panel
+ - name: REDIRECT_URI
+ value: "https://{{ .Values.userpanel.ingress.host }}/callback"
+ - name: SCOPES
+ value: "openid profile email openappstack_roles"
+ - name: CLIENT_URI
+ value: "https://{{ .Values.userpanel.ingress.host }}"
+ - name: CLIENT_LOGO_URI
+ value: "https://{{ .Values.userpanel.ingress.host }}/favicon.ico"
+ - name: TOKEN_ENDPOINT_AUTH_METHOD
+ value: client_secret_basic
+ - name: RESPONSE_TYPES
+ value: token
+ - name: GRANT_TYPES
+ value: implicit
+ command: ["/bin/bash", "-c"]
+ args:
+ - >
+ curl http://{{ .Release.Name }}-hydra-admin:4445/clients &&
+ curl --header "Content-Type: application/json" \
+ --request POST \
+ --data "{\"client_id\": \"$CLIENT_ID\",
+ \"client_name\": \"$CLIENT_NAME\",
+ \"client_secret\": \"$CLIENT_SECRET\",
+ \"client_uri\": \"$CLIENT_URI\",
+ \"logo_uri\": \"$CLIENT_LOGO_URI\",
+ \"redirect_uris\": [\"$REDIRECT_URI\"],
+ \"scope\": \"$SCOPES\",
+ \"grant_types\": [\"$GRANT_TYPES\"],
+ \"response_types\": [\"$RESPONSE_TYPES\"],
+ \"token_endpoint_auth_method\": \"client_secret_post\"}" \
+ http://{{ .Release.Name }}-hydra-admin:4445/clients
diff --git a/helmchart/single-sign-on/templates/oauth2client-user-panel.yaml b/helmchart/single-sign-on/templates/oauth2client-user-panel.yaml
deleted file mode 100644
index b8c0a0d..0000000
--- a/helmchart/single-sign-on/templates/oauth2client-user-panel.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: hydra.ory.sh/v1alpha1
-kind: OAuth2Client
-metadata:
- name: user-panel
- labels:
-{{ include "single-sign-on.labels" . | indent 4 }}
-spec:
- grantTypes: ["implicit"]
- responseTypes: ["token"]
- scope: "opeind profile email openappstack_roles"
- redirectUris: [ "https://{{ .Values.userpanel.ingress.host }}/callback" ]
- tokenEndPointAuthMethod: "client_secret_basic"
- secretName: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel
diff --git a/helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml b/helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml
new file mode 100644
index 0000000..4ec2358
--- /dev/null
+++ b/helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: userpanel-oauth2-client
+type: Opaque
+data:
+ client_id: {{ uuidv4 | b64enc }}
+ client_secret: {{ randAlphaNum 32 | b64enc }}
diff --git a/helmchart/single-sign-on/values.yaml b/helmchart/single-sign-on/values.yaml
index 0aeb2d2..73e2b83 100644
--- a/helmchart/single-sign-on/values.yaml
+++ b/helmchart/single-sign-on/values.yaml
@@ -10,6 +10,8 @@ userbackend:
password: "postgres"
hydra:
+ maester:
+ enabled: false
hydra:
dangerousForceHttp: true
config:
--
GitLab