From fcb68e061822fea653932930262a800a30cb22c7 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Thu, 9 Apr 2020 18:14:16 +0200
Subject: [PATCH] Add cronjob to recreate oauth clients
Signed-off-by: Mark <mark@openappstack.net>
---
.../cronjob-create-oauth-clients.yaml | 75 +++++++++++++++++++
1 file changed, 75 insertions(+)
create mode 100644 helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml
diff --git a/helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml b/helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml
new file mode 100644
index 0000000..fb6f07e
--- /dev/null
+++ b/helmchart/single-sign-on/templates/cronjob-create-oauth-clients.yaml
@@ -0,0 +1,75 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: {{ include "single-sign-on.fullname" . }}-recreate-oauth2-clients
+ labels:
+{{ include "single-sign-on.labels" . | indent 4 }}
+spec:
+ schedule: "*/5 * * * *"
+ jobTemplate:
+ metadata:
+ labels:
+ app.kubernetes.io/managed-by: {{.Release.Service | quote }}
+ app.kubernetes.io/instance: {{.Release.Name | quote }}
+ helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
+ spec:
+ restartPolicy: OnFailure
+ containers:
+ {{- range .Values.oAuthClients }}
+ - name: {{ .clientName | quote }}
+ image: {{ $.Values.userbackend.image.repository }}:{{ $.Values.userbackend.image.tag }}
+ imagePullPolicy: {{ $.Values.userbackend.image.pullPolicy }}
+ env:
+ - name: CLIENT_ID
+ valueFrom:
+ secretKeyRef:
+ name: oauth2-clients
+ key: {{ .clientName }}_client_id
+ - name: CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: oauth2-clients
+ key: {{ .clientName }}_client_secret
+ - name: CLIENT_NAME
+ value: {{ .clientName | quote }}
+ - name: REDIRECT_URI
+ value: {{ .redirectUri | quote }}
+ - name: SCOPES
+ value: {{ .scopes | quote }}
+ - name: CLIENT_URI
+ value: {{ .clientUri | quote }}
+ - name: CLIENT_LOGO_URI
+ value: {{ .clientLogoUri | quote }}
+ - name: TOKEN_ENDPOINT_AUTH_METHOD
+ value: {{ .tokenEndpointAuthMethod | quote }}
+ - name: RESPONSE_TYPES
+ value: "{{- range .responseTypes }}\"{{ . }}\",{{- end }}"
+ - name: GRANT_TYPES
+ value: "{{- range .grantTypes }}\"{{ . }}\",{{- end }}"
+ command: ["/bin/bash", "-c"]
+ args:
+ - >
+ curl http://{{ $.Release.Name }}-hydra-admin:4445/clients/$CLIENT_NAME \
+ --silent \
+ --write-out "\n%{http_code}\n" \
+ | tail -1 \
+ | grep -v 200 &&
+ curl --header "Content-Type: application/json" \
+ --request POST \
+ --data "{\"client_id\": \"$CLIENT_ID\",
+ \"client_name\": \"$CLIENT_NAME\",
+ \"client_secret\": \"$CLIENT_SECRET\",
+ \"client_uri\": \"$CLIENT_URI\",
+ \"logo_uri\": \"$CLIENT_LOGO_URI\",
+ \"redirect_uris\": [\"$REDIRECT_URI\"],
+ \"scope\": \"$SCOPES\",
+ \"grant_types\": [$GRANT_TYPES\"\"],
+ \"response_types\": [$RESPONSE_TYPES\"\"],
+ \"token_endpoint_auth_method\": \"client_secret_post\"}" \
+ http://{{ $.Release.Name }}-hydra-admin:4445/clients \
+ --silent \
+ --write-out "\n%Creating oauth client $CLIENT_ID: HTTP(%{http_code})\n" \
+ | tail -1 \
+ | grep 201 &&
+ echo "Successfully created $CLIENT_ID"
+ {{- end }}
--
GitLab