feat: hydra-oidc deployment

templates/cadoles-pod-hydra-dispatcher-v1.conf.j2

@@ -12,6 +12,9 @@ PODMAN_ARGS="\
     -e HYDRA_REWRITE_ISSUER=no \
     -e 'HYDRA_ORIGINAL_ISSUER={{ haproxy_public_base_url }}' \
     -e 'HYDRA_NEW_ISSUER={{ haproxy_public_base_url }}' \
-    -e 'ASSETS_BASE_URL={{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}' \
+    -e 'BASE_URL={{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}' \
     -e 'COOKIE_PATH={{ hydra_dispatcher_cookie_path }}' \
+    -e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \
+    -e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \
+    -e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \
 "

templates/cadoles-pod-hydra-oidc-v1.conf.j2

@@ -0,0 +1,20 @@
+PODMAN_ARGS="\
+    --name 'cadoles-pod-hydra-oidc-v1' \
+    --replace \
+    --network=slirp4netns:allow_host_loopback=true \
+    --tz=local \
+    -p 127.0.0.1:3004:80 \
+    -e APP_ENV=prod \
+    -e 'APP_DEBUG={{ hydra_oidc_debug }}' \
+    -e 'HYDRA_ADMIN_BASE_URL=http://10.0.2.2:4445' \
+    -e 'COOKIE_PATH={{ hydra_oidc_cookie_path }}' \
+    -e 'URL_FRANCE_CONNECT_AUTHORIZE={{ hydra_oidc_authorize_endpoint }}' \
+    -e 'URL_FRANCE_CONNECT_TOKEN={{ hydra_oidc_token_endpoint }}' \
+    -e 'URL_FRANCE_CONNECT_USERINFO={{ hydra_oidc_userinfo_endpoint }}' \
+    -e 'LOGOUT_REDIRECT_URL_PATTERN={{ hydra_oidc_logout_url_pattern }}' \
+    -e 'POST_LOGOUT_REDIRECT_URL={{ hydra_oidc_post_logout_redirect_url }}' \
+    -e 'BASE_URL={{ haproxy_public_base_url }}{{ haproxy_hydra_oidc_base_path }}' \
+    -e 'SCOPE_FRANCE_CONNECT={{ hydra_oidc_scope }}' \
+    -e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \
+    -e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \
+"

templates/haproxy.cfg.j2

@@ -46,6 +46,9 @@ frontend http-in
 {% if enable_hydra_saml %}
     acl login_saml path_beg -i {{ haproxy_hydra_saml_base_path }}
 {% endif %}
+{% if enable_hydra_oidc %}
+    acl login_oidc path_beg -i {{ haproxy_hydra_oidc_base_path }}
+{% endif %}
 {% if enable_oidc_test_app %}
     acl oidc_test path_beg -i {{ haproxy_oidc_test_base_path }}
 {% endif %}
@@ -57,6 +60,9 @@ frontend http-in
 {% if enable_hydra_saml %}
     use_backend hydra_saml if login_saml
 {% endif %}
+{% if enable_hydra_oidc %}
+    use_backend hydra_oidc if login_oidc
+{% endif %}
 {% if enable_oidc_test_app %}
     use_backend oidc_test if oidc_test
 {% endif %}
@@ -90,6 +96,15 @@ backend hydra_passwordless
     server hydra-login-passwordless 127.0.0.1:3001 check
 {%- endif %}
 
+{% if enable_hydra_oidc %}
+# Backend Hydra OIDC
+backend hydra_oidc
+    balance roundrobin
+    # Suppression du préfixe /auth/oidc dans l'URL
+    http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)]
+    server hydra-login-oidc 127.0.0.1:3004 check
+{%- endif %}
+
 {% if enable_hydra_saml %}
 # Backend Hydra SAML
 backend hydra_saml
@@ -100,7 +115,7 @@ backend hydra_saml
 {% if enable_oidc_test_app %}
 backend oidc_test
     balance roundrobin
-    # Suppression du préfixe /auth/oidc-test dans l'URL
-    http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},)]
+    # Suppression du préfixe /auth/test dans l'URL
+    http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)]
     server oidc-test 127.0.0.1:8080 check
 {% endif %}

templates/hydra-dispatcher-apps.yml.j2

@@ -2,8 +2,10 @@ hydra:
   apps:
 {% if enable_hydra_passwordless %}
     - id: passwordless
-      title: "{{ hydra_passwordless_app_title }}"
-      description: "{{ hydra_passwordless_app_description }}"
+      title:
+        fr: "{{ hydra_passwordless_app_title }}"
+      description: 
+        fr: "{{ hydra_passwordless_app_description }}"
       login_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_passwordless_base_path }}/login"
       consent_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_passwordless_base_path }}/consent"
       logout_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_passwordless_base_path }}/logout"
@@ -12,11 +14,25 @@ hydra:
 {% endif %}
 {% if enable_hydra_saml %}
     - id: saml
-      title: "{{ hydra_saml_app_title }}"
-      description: "{{ hydra_saml_app_description }}"
+      title: 
+        fr: "{{ hydra_saml_app_title }}"
+      description: 
+        fr: "{{ hydra_saml_app_description }}"
       login_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}/login"
       consent_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}/consent"
       logout_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}/logout"
       attributes_rewrite_rules: {{ hydra_saml_attributes_rewrite_rules | to_json }}
       icon_url: "{{ hydra_saml_app_icon_url }}"
+{% endif %}
+{% if enable_hydra_oidc %}
+    - id: oidc
+      title: 
+        fr: "{{ hydra_oidc_app_title }}"
+      description: 
+        fr: "{{ hydra_oidc_app_description }}"
+      login_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_oidc_base_path }}/login"
+      consent_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_oidc_base_path }}/consent"
+      logout_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_oidc_base_path }}/logout"
+      attributes_rewrite_rules: {{ hydra_oidc_attributes_rewrite_rules | to_json }}
+      icon_url: "{{ hydra_oidc_app_icon_url }}"
 {% endif %}