feat(init): first commit

2023-06-05 15:24:42 +02:00
parent 1ee84e57a5
commit b13a5e892f
37 changed files with 926 additions and 2 deletions
--- a/files/alpine/sp-oidc/base/Dockerfile
+++ b/files/alpine/sp-oidc/base/Dockerfile
@ -0,0 +1,14 @@
+FROM reg.cadoles.com/proxy_cache/library/alpine:edge
+#FROM reg.cadoles.com/proxy_cache/library/httpd:alpine3.18
+
+# Adding testing repo
+RUN echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
+
+RUN apk update && apk add apache-mod-auth-openidc
+
+COPY files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf /etc/apache2/conf.d/mod-auth-openidc.conf
+COPY files/alpine/sp-oidc/base/conf.d/default-vhost.conf /etc/apache2/conf.d/default-vhost.conf
+COPY files/alpine/sp-oidc/base/scripts/httpd-foreground /usr/local/bin/
+
+
+CMD ["httpd-foreground"]
--- a/files/alpine/sp-oidc/base/conf.d/Dockerfile
+++ b/files/alpine/sp-oidc/base/conf.d/Dockerfile
@ -0,0 +1,14 @@
+FROM reg.cadoles.com/proxy_cache/library/alpine:edge
+#FROM reg.cadoles.com/proxy_cache/library/httpd:alpine3.18
+
+# Adding testing repo
+RUN echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
+
+RUN apk update && apk add apache-mod-auth-openidc
+
+COPY conf.d/mod-auth-openidc.conf /etc/apache2/conf.d/mod-auth-openidc.conf
+COPY conf.d/default-vhost.conf /etc/apache2/conf.d/default-vhost.conf
+COPY scripts/httpd-foreground /usr/local/bin/
+
+CMD ["httpd-foreground"]
+
--- a/files/alpine/sp-oidc/base/conf.d/default-vhost.conf
+++ b/files/alpine/sp-oidc/base/conf.d/default-vhost.conf
@ -0,0 +1,29 @@
+<VirtualHost _default_:80>
+  ServerName ${SP_SERVER_NAME}:80
+
+  DocumentRoot /var/www/html
+
+  CustomLog /proc/self/fd/1 common
+
+  ErrorDocument 400 /error/
+  ErrorDocument 401 /error/
+  ErrorDocument 403 /error/
+  ErrorDocument 404 /error/
+  ErrorDocument 500 /error/
+  ErrorDocument 502 /error/
+  ErrorDocument 503 /error/
+  ErrorDocument 504 /error/
+
+  <FilesMatch "\.(cgi|shtml|phtml|php)$">
+      SSLOptions +StdEnvVars
+  </FilesMatch>
+  <Directory /usr/lib/cgi-bin>
+      SSLOptions +StdEnvVars
+  </Directory>
+
+  <Location /error>
+    AllowOverride All
+    Options +Indexes
+    Require all granted
+  </Location>
+</VirtualHost>
--- a/files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf
+++ b/files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf
@ -0,0 +1,14 @@
+LoadModule auth_openidc_module modules/mod_auth_openidc.so
+
+OIDCProviderMetadataURL ${SP_OIDC_PROVIDER_METADATA_URL} #http://portal.mse.local:8000/auth/.well-known/openid-configuration
+OIDCClientID ${SP_OIDC_CLIENT_NAME} #mse
+OIDCClientSecret ${SP_OIDC_CLIENT_SERCRET} #$mse&123456$
+OIDCProviderTokenEndpointAuth client_secret_basic
+OIDCCookieSameSite On
+OIDCSessionType client-cookie
+OIDCXForwardedHeaders X-Forwarded-Host
+# OIDCRedirectURI is a vanity URL that must point to a path protected by this module but must NOT point to any content
+OIDCRedirectURI  ${SP_OIDC_REDIRECT_URI} #http://portal.mse.local:8000/protected/redirect_uri
+OIDCCryptoPassphrase ${SP_OIDC_CRYPTO_PASSPHRASE} #$mse&123456$
+OIDCOAuthAcceptTokenAs header
+OIDCUnAutzAction 302 ${SP_OIDC_ERROR_URI} #http://portal.mse.local:8000/erreur?msg=mod_auth_fail
--- a/files/alpine/sp-oidc/base/conf.d/scripts/httpd-foreground
+++ b/files/alpine/sp-oidc/base/conf.d/scripts/httpd-foreground
@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+# Apache gets grumpy about PID files pre-existing
+rm -f /run/apache2/httpd.pid
+
+exec httpd -DFOREGROUND "$@"
--- a/files/alpine/sp-oidc/base/conf.d/test_alpine-sp-oidc.sh
+++ b/files/alpine/sp-oidc/base/conf.d/test_alpine-sp-oidc.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+
+SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]:-$0}"; )" &> /dev/null && pwd 2> /dev/null; )";
+
+source "$SCRIPT_DIR/lib.sh"
+
+# Test reg.cadoles.com/cadoles/symfony:alpine-php-7.4-standalone with Symfony 4.4
+test_alpine_sp_oidc() {
+    # FIXME 
+    
+    local container_name=$(run_symfony_app_container "4.4" "7.4" "alpine-php-7.4-standalone")
+    local image_name=$(docker inspect -f '{{.Config.Image}}' ${container_name})
+
+    trap_add "docker kill ${container_name}" EXIT
+    trap_add "docker rmi -f ${image_name}" EXIT
+    
+    local app_url="http://$(docker port ${container_name} 8080/tcp)"
+
+    # Check that application is responding as expected
+    local page_content=$(curl -s "${app_url}" | pandoc -f html -t plain)
+
+    assert_matches 'Welcome to Symfony 4\.4\.*' "${page_content}" "Could not find Symfony default welcome message !"
+}
--- a/files/alpine/sp-oidc/base/scripts/httpd-foreground
+++ b/files/alpine/sp-oidc/base/scripts/httpd-foreground
@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+# Apache gets grumpy about PID files pre-existing
+rm -f /run/apache2/httpd.pid
+
+exec httpd -DFOREGROUND "$@"