feat: use haproxy to access oidc-test app

2022-08-02 11:57:18 +02:00 · 2022-08-02 11:57:18 +02:00 · a74635f6cf
parent 9401ca6adc
commit a74635f6cf
3 changed files with 20 additions and 4 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -26,6 +26,7 @@ haproxy_public_base_url: http://{{ ansible_default_ipv4.address | default(ansibl
 haproxy_hydra_dispatcher_base_path: /auth/dispatcher
 haproxy_hydra_passwordless_base_path: /auth/passwordless
 haproxy_hydra_saml_base_path: /auth/saml
+haproxy_oidc_test_base_path: /auth/oidc-test

 haproxy_forwarded_proto: https
 haproxy_forwarded_host: "%[req.hdr(Host)]"
@ -92,6 +93,6 @@ saml_attributes:
 # OIDC Test configuration

 enable_oidc_test_app: yes
-oidc_test_app_public_base_url: http://{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }}:8080
 oidc_test_app_client_id: oidc-test
 oidc_test_app_client_secret: '$oidc-test&123456$'
+oidc_test_app_public_base_url: "{{ haproxy_public_base_url }}{{ haproxy_oidc_test_base_path }}"
--- a/tasks/oidc-test.yml
+++ b/tasks/oidc-test.yml
@ -18,7 +18,7 @@
 - name: Start oidc-test app
  containers.podman.podman_container:
    name: oidc-test
-    image: docker.io/bornholm/oidc-test:v0.0.0-3-g5beae19
+    image: docker.io/bornholm/oidc-test:v0.0.0-4-gd786d3a
    state: started
    network: host
    recreate: yes
@ -30,5 +30,6 @@
      OIDC_INSECURE_SKIP_VERIFY: true
      OIDC_REDIRECT_URL: "{{ oidc_test_app_public_base_url }}" 
      OIDC_POST_LOGOUT_REDIRECT_URL: "{{ oidc_test_app_public_base_url }}"
-      HTTP_ADDRESS: 0.0.0.0:8080
+      HTTP_ADDRESS: 127.0.0.1:8080
+      HTTP_PUBLIC_BASE_URL: "{{ oidc_test_app_public_base_url }}"
  become: true
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@ -46,6 +46,9 @@ frontend http-in
 {% if enable_hydra_saml %}
    acl login_saml path_beg -i {{ haproxy_hydra_saml_base_path }}
 {% endif %}
+{% if enable_oidc_test_app %}
+    acl oidc_test path_beg -i {{ haproxy_oidc_test_base_path }}
+{% endif %}

    use_backend hydra_dispatcher if login_dispatcher
 {% if enable_hydra_passwordless %}
@ -53,6 +56,9 @@ frontend http-in
 {% endif %}
 {% if enable_hydra_saml %}
    use_backend hydra_saml if login_saml
+{% endif %}
+{% if enable_oidc_test_app %}
+    use_backend oidc_test if oidc_test
 {% endif %}
    use_backend hydra

@ -89,3 +95,11 @@ backend hydra_saml
    balance roundrobin
    server hydra-login-saml 127.0.0.1:3002 check
 {%- endif %}
+
+{% if enable_oidc_test_app %}
+backend oidc_test
+    balance roundrobin
+    # Suppression du préfixe /auth/oidc-test dans l'URL
+    http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},)]
+    server oidc-test 127.0.0.1:8080 check
+{% endif %}