djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow passing multiple redirect URIs to Dex

Browse Source 
We need this in CI when we want to configure Dex with the redirect URI for both
primary and secondary deploys at one time (since we only stand up Dex once).

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Ryan Richard 2021-01-20 17:06:50 -05:00 committed by Andrew Keesler
parent 33f4b671d1
commit b5cbe018e3
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hack/lib/tilt/Tiltfile
View File

@ -25,7 +25,7 @@ local_resource(
# Render the IDP installation manifest using ytt. # Render the IDP installation manifest using ytt.
k8s_yaml(local(['ytt', k8s_yaml(local(['ytt',
'--file', '../../../test/deploy/dex', '--file', '../../../test/deploy/dex',
'--data-value', 'supervisor_redirect_uri=https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback', '--data-value-yaml', 'supervisor_redirect_uris=[https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback]',
])) ]))
# Tell tilt to watch all of those files for changes. # Tell tilt to watch all of those files for changes.
watch_file('../../../test/deploy/dex') watch_file('../../../test/deploy/dex')

2
hack/prepare-for-integration-tests.sh
View File

@ -185,7 +185,7 @@ if ! tilt_mode; then
log_note "Deploying Dex to the cluster..." log_note "Deploying Dex to the cluster..."
ytt --file . >"$manifest" ytt --file . >"$manifest"
ytt --file . \ ytt --file . \
--data-value "supervisor_redirect_uri=https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback" \ --data-value-yaml "supervisor_redirect_uris=[https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback]" \
>"$manifest" >"$manifest"
kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema. kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema.

6
test/deploy/dex/dex.yaml
View File

@ -1,4 +1,4 @@
#! Copyright 2020 the Pinniped contributors. All Rights Reserved. #! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0 #! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data") #@ load("@ytt:data", "data")
@ -27,8 +27,7 @@ staticClients:
- id: pinniped-supervisor - id: pinniped-supervisor
name: 'Pinniped Supervisor' name: 'Pinniped Supervisor'
secret: pinniped-supervisor-secret secret: pinniped-supervisor-secret
redirectURIs: redirectURIs: #@ data.values.supervisor_redirect_uris
- #@ data.values.supervisor_redirect_uri
enablePasswordDB: true enablePasswordDB: true
staticPasswords: staticPasswords:
- username: "pinny" - username: "pinny"
@ -114,4 +113,3 @@ spec:
- name: https - name: https
port: 443 port: 443
targetPort: 8443 targetPort: 8443

6
test/deploy/dex/values.yaml
View File

@ -1,4 +1,4 @@
#! Copyright 2020 the Pinniped contributors. All Rights Reserved. #! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0 #! SPDX-License-Identifier: Apache-2.0
#@data/values #@data/values
@ -16,4 +16,6 @@ ports:
#! our Kind configuration which maps 127.0.0.1:12346 to port 31235 on the Kind worker node. #! our Kind configuration which maps 127.0.0.1:12346 to port 31235 on the Kind worker node.
local: 12346 local: 12346
supervisor_redirect_uri: "" #! supervisor_redirect_uris is an array of redirect uris that dex will use for its pinniped-supervisor client.
#! usage: --data-value-yaml "supervisor_redirect_uris=[some-redirect.com,some-other-redirect.com]"
supervisor_redirect_uris: []