diff --git a/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml b/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml index b99df7421..bae51d70d 100644 --- a/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml +++ b/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml @@ -2,29 +2,31 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - k8s-app: passbook-gatekeeper + app.kubernetes.io/name: passbook-gatekeeper name: passbook-gatekeeper namespace: kube-system spec: replicas: 1 selector: matchLabels: - k8s-app: passbook-gatekeeper + app.kubernetes.io/name: passbook-gatekeeper template: metadata: labels: - k8s-app: passbook-gatekeeper + app.kubernetes.io/name: passbook-gatekeeper spec: containers: - args: - --upstream=file:///dev/null env: - name: OAUTH2_PROXY_CLIENT_ID - value: {{ provider.client.client_id }} + value: "{{ provider.client.client_id }}" - name: OAUTH2_PROXY_CLIENT_SECRET - value: {{ provider.client.client_secret }} + value: "{{ provider.client.client_secret }}" - name: OAUTH2_PROXY_COOKIE_SECRET - value: {{ cookie_secret }} + value: "{{ cookie_secret }}" + - name: OAUTH2_PROXY_OIDC_ISSUER_URL + value: "{{ issuer }}" image: beryju/passbook-gatekeeper:{{ version }} imagePullPolicy: Always name: passbook-gatekeeper @@ -36,7 +38,7 @@ apiVersion: v1 kind: Service metadata: labels: - k8s-app: passbook-gatekeeper + app.kubernetes.io/name: passbook-gatekeeper name: passbook-gatekeeper namespace: kube-system spec: @@ -46,7 +48,7 @@ spec: protocol: TCP targetPort: 4180 selector: - k8s-app: passbook-gatekeeper + app.kubernetes.io/name: passbook-gatekeeper --- apiVersion: extensions/v1beta1 kind: Ingress diff --git a/passbook/providers/app_gw/views.py b/passbook/providers/app_gw/views.py index 9f6191384..fdaee6567 100644 --- a/passbook/providers/app_gw/views.py +++ b/passbook/providers/app_gw/views.py @@ -6,9 +6,10 @@ from urllib.parse import urlparse from django.contrib.auth.mixins import LoginRequiredMixin from django.db.models import Model from django.http import HttpRequest, HttpResponse -from django.shortcuts import get_object_or_404, render, reverse +from django.shortcuts import get_object_or_404, render from django.views import View from guardian.shortcuts import get_objects_for_user +from oidc_provider.lib.utils.common import get_issuer, get_site_url from structlog import get_logger from yaml import safe_dump @@ -37,14 +38,13 @@ class DockerComposeView(LoginRequiredMixin, View): def get_compose(self, provider: ApplicationGatewayProvider) -> str: """Generate docker-compose yaml, version 3.5""" - full_issuer_user = self.request.build_absolute_uri( - reverse("passbook_providers_oidc:authorize") - ) + site_url = get_site_url(request=self.request) + issuer = get_issuer(site_url=site_url, request=self.request) env = { "OAUTH2_PROXY_CLIENT_ID": provider.client.client_id, "OAUTH2_PROXY_CLIENT_SECRET": provider.client.client_secret, "OAUTH2_PROXY_REDIRECT_URL": f"{provider.external_host}/oauth2/callback", - "OAUTH2_PROXY_OIDC_ISSUER_URL": full_issuer_user, + "OAUTH2_PROXY_OIDC_ISSUER_URL": issuer, "OAUTH2_PROXY_COOKIE_SECRET": get_cookie_secret(), "OAUTH2_PROXY_UPSTREAMS": provider.internal_host, } @@ -85,6 +85,8 @@ class K8sManifestView(LoginRequiredMixin, View): "passbook_providers_app_gw.view_applicationgatewayprovider", pk=provider_pk, ) + site_url = get_site_url(request=self.request) + issuer = get_issuer(site_url=site_url, request=self.request) return render( request, "app_gw/k8s-manifest.yaml", @@ -92,6 +94,7 @@ class K8sManifestView(LoginRequiredMixin, View): "provider": provider, "cookie_secret": get_cookie_secret(), "version": __version__, + "issuer": issuer, }, content_type="text/yaml", )