From 1aed93ecd1e8557db2b59b76ff2060989149fdca Mon Sep 17 00:00:00 2001 From: Jake Heath <76011913+jakeyheath@users.noreply.github.com> Date: Fri, 25 Oct 2024 11:26:26 -0700 Subject: [PATCH 1/2] fix: trailing slash on upstreams https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#upstreams-configuration --- stack/templates/oidc_proxy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/templates/oidc_proxy.yaml b/stack/templates/oidc_proxy.yaml index e7ba65b..3195eb9 100644 --- a/stack/templates/oidc_proxy.yaml +++ b/stack/templates/oidc_proxy.yaml @@ -13,7 +13,7 @@ {{ range $i, $path := .ingress.paths }} {{- $allOIDCProtectedServces = append $allOIDCProtectedServces - (printf "http://%s.%s.svc.cluster.local:%d%s" (include "service.fullname" $serviceScope) $global.Release.Namespace ($values.service.port | int) ($path.path)) + (printf "http://%s.%s.svc.cluster.local:%d%s/" (include "service.fullname" $serviceScope) $global.Release.Namespace ($values.service.port | int) ($path.path)) -}} {{- end -}} From ff7702123e574e0a51823fed0706a7f59b4fd3eb Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Fri, 25 Oct 2024 11:35:16 -0700 Subject: [PATCH 2/2] tests --- stack/templates/oidc_proxy.yaml | 7 +++++++ stack/tests/oidc_test.yaml | 16 +++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/stack/templates/oidc_proxy.yaml b/stack/templates/oidc_proxy.yaml index 3195eb9..44e84ee 100644 --- a/stack/templates/oidc_proxy.yaml +++ b/stack/templates/oidc_proxy.yaml @@ -11,10 +11,17 @@ {{ $serviceScope := dict "Chart" $global.Chart "Release" $global.Release "Capabilities" $global.Capabilities "Values" .}} {{- if .ingress.oidcProtected -}} {{ range $i, $path := .ingress.paths }} + {{- if (eq $path.pathType "Exact") -}} + {{- $allOIDCProtectedServces = append + $allOIDCProtectedServces + (printf "http://%s.%s.svc.cluster.local:%d%s" (include "service.fullname" $serviceScope) $global.Release.Namespace ($values.service.port | int) ($path.path)) + -}} + {{- else -}} {{- $allOIDCProtectedServces = append $allOIDCProtectedServces (printf "http://%s.%s.svc.cluster.local:%d%s/" (include "service.fullname" $serviceScope) $global.Release.Namespace ($values.service.port | int) ($path.path)) -}} + {{- end -}} {{- end -}} {{ range $i, $rule := .ingress.rules }} diff --git a/stack/tests/oidc_test.yaml b/stack/tests/oidc_test.yaml index 3ff94a7..dbb9172 100644 --- a/stack/tests/oidc_test.yaml +++ b/stack/tests/oidc_test.yaml @@ -216,7 +216,13 @@ tests: oidcProtected: true paths: - path: /test2 - pathType: Prefix + pathType: Exact + service3: + ingress: + oidcProtected: true + paths: + - path: /test3 + pathType: ImplementationSpecific asserts: - documentIndex: 0 equal: @@ -225,11 +231,15 @@ tests: - documentIndex: 0 contains: path: spec.template.spec.containers[0].args - content: --upstream=http://release-name-stack-service1.NAMESPACE.svc.cluster.local:4123/test1 + content: --upstream=http://release-name-stack-service1.NAMESPACE.svc.cluster.local:4123/test1/ - documentIndex: 0 contains: path: spec.template.spec.containers[0].args content: --upstream=http://release-name-stack-service2.NAMESPACE.svc.cluster.local:2222/test2 + - documentIndex: 0 + contains: + path: spec.template.spec.containers[0].args + content: --upstream=http://release-name-stack-service3.NAMESPACE.svc.cluster.local:2222/test3/ - documentIndex: 0 equal: path: spec.template.spec.containers[0].volumeMounts[0].name @@ -434,7 +444,7 @@ tests: oidcProtected: true paths: - path: "/service2" - pathType: Prefix + pathType: Exact rules: - host: "app2.someparent.domain" asserts: