From cc31ab5091aee16f30d68954fbaca044dda56a36 Mon Sep 17 00:00:00 2001 From: William Petit Date: Thu, 7 Dec 2023 08:59:45 +0100 Subject: [PATCH] feat: add oidc-test app component --- components/oidc-test/kustomization.yaml | 20 ++++++ .../oidc-test/resources/deployment.yaml | 39 +++++++++++ .../oidc-test}/resources/oauth2-client.yaml | 10 +-- components/oidc-test/resources/service.yaml | 15 +++++ examples/authenticated-app/kustomization.yaml | 19 ++++-- .../patches/oidc-test-oauth2-client.yaml | 6 ++ .../authenticated-app/patches/oidc-test.yaml | 9 +++ examples/authenticated-app/resources/app.yaml | 66 ------------------- .../authenticated-app/resources/ingress.yaml | 2 +- kustomization.yaml | 12 ---- overlays/base/kustomization.yaml | 11 ++++ overlays/full/kustomization.yaml | 16 +++++ 12 files changed, 136 insertions(+), 89 deletions(-) create mode 100644 components/oidc-test/kustomization.yaml create mode 100644 components/oidc-test/resources/deployment.yaml rename {examples/authenticated-app => components/oidc-test}/resources/oauth2-client.yaml (62%) create mode 100644 components/oidc-test/resources/service.yaml create mode 100644 examples/authenticated-app/patches/oidc-test-oauth2-client.yaml create mode 100644 examples/authenticated-app/patches/oidc-test.yaml delete mode 100644 examples/authenticated-app/resources/app.yaml delete mode 100644 kustomization.yaml create mode 100644 overlays/base/kustomization.yaml create mode 100644 overlays/full/kustomization.yaml diff --git a/components/oidc-test/kustomization.yaml b/components/oidc-test/kustomization.yaml new file mode 100644 index 0000000..59aa830 --- /dev/null +++ b/components/oidc-test/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - ./resources/deployment.yaml + - ./resources/service.yaml + - ./resources/oauth2-client.yaml + +configMapGenerator: + - name: oidc-test + literals: + - LOG_LEVEL=0 + - HTTP_ADDRESS=0.0.0.0:8080 + - OIDC_CLIENT_ID=oidc-test + - OIDC_CLIENT_SECRET=NotSoSecret + - OIDC_ISSUER_URL=http://hydra:4444 + - OIDC_REDIRECT_URL=https://example.net/oauth2/callback + - OIDC_POST_LOGOUT_REDIRECT_URL=https://example.net + - OIDC_SKIP_ISSUER_VERIFICATION="true" + - OIDC_INSECURE_SKIP_VERIFY="true" \ No newline at end of file diff --git a/components/oidc-test/resources/deployment.yaml b/components/oidc-test/resources/deployment.yaml new file mode 100644 index 0000000..402d61e --- /dev/null +++ b/components/oidc-test/resources/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: oidc-test + name: oidc-test +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: oidc-test + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: oidc-test + spec: + containers: + - image: reg.cadoles.com/cadoles/oidc-test:2023.12.6-stable.1502.ebfd504 + name: oidc-test + ports: + - containerPort: 8080 + resources: {} + envFrom: + - configMapRef: + name: oidc-test + env: + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: oidc-test-oauth2-client + key: client_id + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: oidc-test-oauth2-client + key: client_secret + restartPolicy: Always diff --git a/examples/authenticated-app/resources/oauth2-client.yaml b/components/oidc-test/resources/oauth2-client.yaml similarity index 62% rename from examples/authenticated-app/resources/oauth2-client.yaml rename to components/oidc-test/resources/oauth2-client.yaml index 7b786c5..8bbc030 100644 --- a/examples/authenticated-app/resources/oauth2-client.yaml +++ b/components/oidc-test/resources/oauth2-client.yaml @@ -1,9 +1,9 @@ apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client metadata: - name: app-oauth2-client + name: oidc-test-oauth2-client spec: - clientName: "app" + clientName: "oidc-test" tokenEndpointAuthMethod: "client_secret_basic" grantTypes: - authorization_code @@ -11,8 +11,8 @@ spec: responseTypes: - code scope: "openid email" - secretName: app-oidc-secret + secretName: oidc-test-oauth2-client redirectUris: - - https://ssokustom/oauth2/callback + - https://example.net/oauth2/callback postLogoutRedirectUris: - - https://ssokustom + - https://example.net diff --git a/components/oidc-test/resources/service.yaml b/components/oidc-test/resources/service.yaml new file mode 100644 index 0000000..b4e5883 --- /dev/null +++ b/components/oidc-test/resources/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: oidc-test + name: oidc-test +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/name: oidc-test +status: + loadBalancer: {} \ No newline at end of file diff --git a/examples/authenticated-app/kustomization.yaml b/examples/authenticated-app/kustomization.yaml index 80aba5f..969383f 100644 --- a/examples/authenticated-app/kustomization.yaml +++ b/examples/authenticated-app/kustomization.yaml @@ -2,20 +2,19 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../resources/hydra - - ../../resources/hydra-dispatcher - - ./resources/app.yaml + - ../../overlays/base - ./resources/ingress.yaml - - ./resources/oauth2-client.yaml - ./resources/saml-idp.yaml - ./resources/self-signed-issuer.yaml - ./resources/port-forwarder.yaml components: - ../../components/hydra-cnpg-database + - ../../components/oidc-test #- ../../components/hydra-oidc - ../../components/hydra-saml + patchesJson6902: - target: version: v1 @@ -36,4 +35,14 @@ patchesJson6902: version: v1 kind: Secret name: hydra-secret - path: patches/hydra-secret.yaml \ No newline at end of file + path: patches/hydra-secret.yaml + - target: + version: v1 + kind: Secret + name: oidc-test + path: patches/oidc-test.yaml + - target: + version: v1alpha1 + kind: OAuth2Client + name: oidc-test-oauth2-client + path: patches/oidc-test-oauth2-client.yaml \ No newline at end of file diff --git a/examples/authenticated-app/patches/oidc-test-oauth2-client.yaml b/examples/authenticated-app/patches/oidc-test-oauth2-client.yaml new file mode 100644 index 0000000..5181e6e --- /dev/null +++ b/examples/authenticated-app/patches/oidc-test-oauth2-client.yaml @@ -0,0 +1,6 @@ +- op: replace + path: "/spec/redirectUris/0" + value: https://ssokustom/oauth2/callback +- op: replace + path: "/spec/postLogoutRedirectUris/0" + value: https://ssokustom/oauth2/callback \ No newline at end of file diff --git a/examples/authenticated-app/patches/oidc-test.yaml b/examples/authenticated-app/patches/oidc-test.yaml new file mode 100644 index 0000000..a182bba --- /dev/null +++ b/examples/authenticated-app/patches/oidc-test.yaml @@ -0,0 +1,9 @@ +- op: replace + path: "/data/LOG_LEVEL" + value: 0 +- op: replace + path: "/data/OIDC_REDIRECT_URL" + value: https://ssokustom/oauth2/callback +- op: replace + path: "/data/OIDC_POST_LOGOUT_REDIRECT_URL" + value: https://ssokustom diff --git a/examples/authenticated-app/resources/app.yaml b/examples/authenticated-app/resources/app.yaml deleted file mode 100644 index 1da36c9..0000000 --- a/examples/authenticated-app/resources/app.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - io.kompose.service: app - name: app -spec: - replicas: 1 - selector: - matchLabels: - io.kompose.service: app - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: app - spec: - containers: - - image: reg.cadoles.com/cadoles/oidc-test:2023.11.6-stable.1557.e16b905 - name: app - ports: - - containerPort: 8080 - resources: {} - env: - - name: LOG_LEVEL - value: "0" - - name: HTTP_ADDRESS - value: 0.0.0.0:8080 - - name: OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: app-oidc-secret - key: client_id - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: app-oidc-secret - key: client_secret - - name: OIDC_ISSUER_URL - value: http://hydra:4444 - - name: OIDC_REDIRECT_URL - value: https://ssokustom/oauth2/callback - - name: OIDC_POST_LOGOUT_REDIRECT_URL - value: https://ssokustom - - name: OIDC_SKIP_ISSUER_VERIFICATION - value: "true" - - name: OIDC_INSECURE_SKIP_VERIFY - value: "true" - restartPolicy: Always ---- -apiVersion: v1 -kind: Service -metadata: - labels: - io.kompose.service: app - name: app -spec: - ports: - - name: http - port: 8080 - targetPort: 8080 - selector: - io.kompose.service: app -status: - loadBalancer: {} diff --git a/examples/authenticated-app/resources/ingress.yaml b/examples/authenticated-app/resources/ingress.yaml index 1ab37dc..76212ba 100644 --- a/examples/authenticated-app/resources/ingress.yaml +++ b/examples/authenticated-app/resources/ingress.yaml @@ -20,7 +20,7 @@ spec: pathType: Prefix backend: service: - name: app + name: oidc-test port: name: http --- diff --git a/kustomization.yaml b/kustomization.yaml deleted file mode 100644 index 60bbd7a..0000000 --- a/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- ./resources/hydra -- ./resources/hydra-dispatcher - -components: -- ./components/hydra-cnpg-database -- ./components/hydra-oidc -- ./components/hydra-saml -- ./components/hydra-sql diff --git a/overlays/base/kustomization.yaml b/overlays/base/kustomization.yaml new file mode 100644 index 0000000..b85a923 --- /dev/null +++ b/overlays/base/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../resources/hydra +- ../../resources/hydra-dispatcher + +labels: + - pairs: + app.kubernetes.io/part-of: sso-kustom + app.kubernetes.io/component: auth diff --git a/overlays/full/kustomization.yaml b/overlays/full/kustomization.yaml new file mode 100644 index 0000000..ee85210 --- /dev/null +++ b/overlays/full/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../base + +labels: + - pairs: + app.kubernetes.io/part-of: sso-kustom + app.kubernetes.io/component: auth + +components: +- ../../components/hydra-cnpg-database +- ../../components/hydra-oidc +- ../../components/hydra-saml +- ../../components/hydra-sql \ No newline at end of file