Add cronjob to recreate oauth clients

Signed-off-by: Mark <mark@openappstack.net>

Add cronjob to recreate oauth clients
Signed-off-by: Mark <mark@openappstack.net>
fcb68e06 · Mark · 8a3bc3d5 · fcb68e06
Commit fcb68e06 authored 4 years ago by Mark
--- a/helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml
+++ b/helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: {{ include "single-sign-on.fullname" . }}-recreate-oauth2-clients
+  labels:
+{{ include "single-sign-on.labels" . | indent 4 }}
+spec:
+  schedule: "*/5 * * * *"
+  jobTemplate:
+    metadata:
+      labels:
+        app.kubernetes.io/managed-by: {{.Release.Service | quote }}
+        app.kubernetes.io/instance: {{.Release.Name | quote }}
+        helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      {{- range .Values.oAuthClients }}
+      - name: {{ .clientName | quote }}
+        image: {{ $.Values.userbackend.image.repository }}:{{ $.Values.userbackend.image.tag }}
+        imagePullPolicy: {{ $.Values.userbackend.image.pullPolicy }}
+        env:
+        - name: CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: oauth2-clients
+              key: {{ .clientName }}_client_id
+        - name: CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: oauth2-clients
+              key: {{ .clientName }}_client_secret
+        - name: CLIENT_NAME
+          value: {{ .clientName | quote }}
+        - name: REDIRECT_URI
+          value: {{ .redirectUri | quote }}
+        - name: SCOPES
+          value: {{ .scopes | quote }}
+        - name: CLIENT_URI
+          value: {{ .clientUri | quote }}
+        - name: CLIENT_LOGO_URI
+          value: {{ .clientLogoUri | quote }}
+        - name: TOKEN_ENDPOINT_AUTH_METHOD
+          value: {{ .tokenEndpointAuthMethod | quote }}
+        - name: RESPONSE_TYPES
+          value: "{{- range .responseTypes }}\"{{ . }}\",{{- end }}"
+        - name: GRANT_TYPES
+          value: "{{- range .grantTypes }}\"{{ . }}\",{{- end }}"
+        command: ["/bin/bash", "-c"]
+        args:
+        - >
+          curl http://{{ $.Release.Name }}-hydra-admin:4445/clients/$CLIENT_NAME \
+               --silent \
+               --write-out "\n%{http_code}\n"  \
+               | tail -1  \
+               | grep -v 200 &&
+          curl --header "Content-Type: application/json" \
+               --request POST \
+               --data "{\"client_id\": \"$CLIENT_ID\",
+                        \"client_name\": \"$CLIENT_NAME\",
+                        \"client_secret\": \"$CLIENT_SECRET\",
+                        \"client_uri\": \"$CLIENT_URI\",
+                        \"logo_uri\": \"$CLIENT_LOGO_URI\",
+                        \"redirect_uris\": [\"$REDIRECT_URI\"],
+                        \"scope\": \"$SCOPES\",
+                        \"grant_types\": [$GRANT_TYPES\"\"],
+                        \"response_types\": [$RESPONSE_TYPES\"\"],
+                        \"token_endpoint_auth_method\": \"client_secret_post\"}" \
+               http://{{ $.Release.Name }}-hydra-admin:4445/clients \
+               --silent \
+               --write-out "\n%Creating oauth client $CLIENT_ID: HTTP(%{http_code})\n" \
+               | tail -1  \
+               | grep 201 &&
+          echo "Successfully created $CLIENT_ID"
+      {{- end }}