Compare commits

..

No commits in common. "636a3a10d7911148acd2cfd06e9210e1a4af9928" and "49d5ec1b3dab2e74d2247c3353994a324a663a77" have entirely different histories.

12 changed files with 2 additions and 21 deletions

View File

@ -34,6 +34,7 @@ haproxy_oidc_test_base_path: /auth/test
haproxy_forwarded_proto: https haproxy_forwarded_proto: https
haproxy_forwarded_host: "%[req.hdr(Host)]" haproxy_forwarded_host: "%[req.hdr(Host)]"
haproxy_forwarded_port: "%[dst_port]"
# Hydra OIDC configuration # Hydra OIDC configuration

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
--name 'cadoles-pod-hydra-dispatcher-v1' \ --name 'cadoles-pod-hydra-dispatcher-v1' \
--replace \ --replace \
@ -18,5 +17,4 @@ PODMAN_ARGS="\
-e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \ -e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \
-e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \ -e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \
-e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \ -e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
" "

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
--name 'cadoles-pod-hydra-oidc-v1' \ --name 'cadoles-pod-hydra-oidc-v1' \
--replace \ --replace \
@ -18,5 +17,4 @@ PODMAN_ARGS="\
-e 'OIDC_SCOPE={{ hydra_oidc_scope }}' \ -e 'OIDC_SCOPE={{ hydra_oidc_scope }}' \
-e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \ -e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \
-e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \ -e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
" "

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
-p 127.0.0.1:3001:3000 \ -p 127.0.0.1:3001:3000 \
--network=slirp4netns:allow_host_loopback=true \ --network=slirp4netns:allow_host_loopback=true \

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
-p 127.0.0.1:3003:80 \ -p 127.0.0.1:3003:80 \
--network=slirp4netns:allow_host_loopback=true \ --network=slirp4netns:allow_host_loopback=true \

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
--name 'cadoles-pod-hydra-v1' \ --name 'cadoles-pod-hydra-v1' \
--replace \ --replace \

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
PODMAN_ARGS="\ PODMAN_ARGS="\
-p 127.0.0.1:3002:80 \ -p 127.0.0.1:3002:80 \
--network=slirp4netns:allow_host_loopback=true \ --network=slirp4netns:allow_host_loopback=true \

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
global global
log /dev/log local0 log /dev/log local0
log /dev/log local1 notice log /dev/log local1 notice
@ -73,6 +72,7 @@ option forwardfor
http-request set-header X-Forwarded-Proto {{ haproxy_forwarded_proto }} http-request set-header X-Forwarded-Proto {{ haproxy_forwarded_proto }}
http-request set-header X-Forwarded-Host {{ haproxy_forwarded_host }} http-request set-header X-Forwarded-Host {{ haproxy_forwarded_host }}
http-request set-header X-Forwarded-Port {{ haproxy_forwarded_port }}
# Backend Hydra # Backend Hydra
backend hydra backend hydra
@ -85,8 +85,6 @@ backend hydra_dispatcher
balance roundrobin balance roundrobin
# Suppression du préfixe /auth/dispatcher dans l'URL # Suppression du préfixe /auth/dispatcher dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_hydra_dispatcher_base_path }}/,/)] http-request set-path %[path,regsub(^{{ haproxy_hydra_dispatcher_base_path }}/,/)]
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_dispatcher_base_path }}
server hydra-login-dispatcher 127.0.0.1:3000 check server hydra-login-dispatcher 127.0.0.1:3000 check
{% if enable_hydra_passwordless %} {% if enable_hydra_passwordless %}
@ -95,8 +93,6 @@ backend hydra_passwordless
balance roundrobin balance roundrobin
# Suppression du préfixe /auth/passwordless dans l'URL # Suppression du préfixe /auth/passwordless dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_hydra_passwordless_base_path }},)] http-request set-path %[path,regsub(^{{ haproxy_hydra_passwordless_base_path }},)]
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_passwordless_base_path }}
server hydra-login-passwordless 127.0.0.1:3001 check server hydra-login-passwordless 127.0.0.1:3001 check
{%- endif %} {%- endif %}
@ -106,8 +102,6 @@ backend hydra_oidc
balance roundrobin balance roundrobin
# Suppression du préfixe /auth/oidc dans l'URL # Suppression du préfixe /auth/oidc dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)] http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)]
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_oidc_base_path }}
server hydra-login-oidc 127.0.0.1:3004 check server hydra-login-oidc 127.0.0.1:3004 check
{%- endif %} {%- endif %}
@ -123,7 +117,5 @@ backend oidc_test
balance roundrobin balance roundrobin
# Suppression du préfixe /auth/test dans l'URL # Suppression du préfixe /auth/test dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)] http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)]
http-request set-header X-Forwarded-Prefix {{ haproxy_oidc_test_base_path }}
server oidc-test 127.0.0.1:8080 check server oidc-test 127.0.0.1:8080 check
{% endif %} {% endif %}

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
hydra: hydra:
apps: apps:
{% if enable_hydra_passwordless %} {% if enable_hydra_passwordless %}

View File

@ -1,4 +1,3 @@
# {{ ansible_managed }}
remote_user: remote_user:
subject_header: "{{ hydra_saml_subject_header }}" subject_header: "{{ hydra_saml_subject_header }}"
headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }} headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}

View File

@ -1,4 +1,3 @@
<!-- {{ ansible_managed }} -->
{% for item in saml_attributes %} {% for item in saml_attributes %}
<Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}> <Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}>
{% if item.attributeDecoder is defined %} {% if item.attributeDecoder is defined %}

View File

@ -1,4 +1,3 @@
<!-- {{ ansible_managed }} -->
{%- macro xmlnode(node) -%} {%- macro xmlnode(node) -%}
<{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}> <{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}>
{% if node.children is defined %} {% if node.children is defined %}