feat: add hydra-saml component

2023-02-01 16:18:47 +01:00 · 2023-02-01 16:18:47 +01:00 · d2960e3be2
parent f93ae0b4ba
commit d2960e3be2
8 changed files with 147 additions and 1 deletions
--- a/components/hydra-saml/files/hydra/saml.yaml
+++ b/components/hydra-saml/files/hydra/saml.yaml
@ -0,0 +1,12 @@
 hydra:
  apps:
    - id: saml
      title: 
        fr: Connexion SAML
        en: Login SAML
      description: 
        fr: Authentification avec SAML
        en: Authentication with SAML
      login_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGIN_URL)%"
      consent_url: "%env(string:HYDRA_DISPATCHER_SAML_CONSENT_URL)%"
      logout_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGOUT_URL)%"
--- a/components/hydra-saml/kustomization.yaml
+++ b/components/hydra-saml/kustomization.yaml
@ -0,0 +1,38 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
 resources:
  - ./resources/hydra-saml-service.yaml
  - ./resources/hydra-saml-shibboleth-sp-deployment.yaml
  - ./resources/hydra-saml-remote-user-deployment.yaml
  - ./resources/hydra-saml-remote-user-service.yaml
 configMapGenerator:
  - name: hydra-saml-env
    literals:
      # Hydra Remote User environment variables
      - APP_ENV=prod
      - APP_DEBUG=false
      - HTTP_BASE_URL=http://hydra-saml
      - COOKIE_PATH=/
      - HYDRA_ADMIN_BASE_URL=http://hydra:4445/admin
      - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR
      - LOGOUT_REDIRECT_URL_PATTERN=http://hydra-saml/Shibboleth.sso/Logout?return=%s'
      # Shibboleth SP environment variables
      - SP_ENTITY_ID=http://hydra-saml-shibboleth-sp
      - IDP_ENTITY_ID=http://saml-idp
      - IDP_METADATA_URL=http://saml-idp/metadata
      - APACHE_BACKEND_URL=http://hydra-saml-remote-user
      - APACHE_FORCE_HTTPS=false
      - SP_HANDLER_BASE_PATH=/
  - name: hydra-dispatcher-apps
    behavior: merge
    files:
      - ./files/hydra/saml.yaml
 patchesJson6902:
  - target:
      version: v1
      kind: ConfigMap
      name: hydra-dispatcher-env
    path: patches/hydra-dispatcher-env.yaml
--- a/components/hydra-saml/patches/hydra-dispatcher-env.yaml
+++ b/components/hydra-saml/patches/hydra-dispatcher-env.yaml
@ -0,0 +1,9 @@
 - op: replace
  path: "/data/HYDRA_DISPATCHER_SAML_LOGIN_URL"
  value: http://hydra-saml-shibboleth-sp/login
 - op: replace
  path: "/data/HYDRA_DISPATCHER_SAML_CONSENT_URL"
  value: http://hydra-saml-shibboleth-sp/consent
 - op: replace
  path: "/data/HYDRA_DISPATCHER_SAML_LOGOUT_URL"
  value: http://hydra-saml-shibboleth-sp/logout
--- a/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml
+++ b/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml
@ -0,0 +1,29 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    io.kompose.service: hydra-saml-remote-user
  name: hydra-saml-remote-user
 spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: hydra-saml-remote-user
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        io.kompose.service: hydra-saml-remote-user
    spec:
      containers:
        - name: hydra-saml-remote-user
          image: reg.cadoles.com/cadoles/hydra-remote-user-v1:v0.0.0-159-gd91e77b
          envFrom:
            - configMapRef:
                name: hydra-saml-env
          ports:
            - containerPort: 80
          resources: {}
      restartPolicy: Always
--- a/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml
+++ b/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml
@ -0,0 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    io.kompose.service: hydra-saml-remote-user
  name: hydra-saml-remote-user
 spec:
  ports:
    - name: hydra-saml-remote-user
      port: 80
  selector:
    io.kompose.service: hydra-saml-remote-user
 status:
  loadBalancer: {}
--- a/components/hydra-saml/resources/hydra-saml-service.yaml
+++ b/components/hydra-saml/resources/hydra-saml-service.yaml
@ -0,0 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    io.kompose.service: hydra-saml
  name: hydra-saml
 spec:
  ports:
    - name: hydra-saml-shibboleth-sp
      port: 80
  selector:
    io.kompose.service: hydra-saml-shibboleth-sp
 status:
  loadBalancer: {}
--- a/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml
+++ b/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml
@ -0,0 +1,29 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    io.kompose.service: hydra-saml-shibboleth-sp
  name: hydra-saml-shibboleth-sp
 spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: hydra-saml-shibboleth-sp
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        io.kompose.service: hydra-saml-shibboleth-sp
    spec:
      containers:
        - name: hydra-saml-shibboleth-sp
          image: reg.cadoles.com/cadoles/shibboleth-sp-v3:v0.0.0-159-gd91e77b
          envFrom:
            - configMapRef:
                name: hydra-saml-env
          ports:
            - containerPort: 80
          resources: {}
      restartPolicy: Always
--- a/kustomization.yaml
+++ b/kustomization.yaml
@ -7,4 +7,5 @@ resources:
 components:
  - ./components/hydra-cnpg-database
-  - ./components/hydra-oidc
+  - ./components/hydra-oidc
  - ./components/hydra-saml