Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: have OAuth2 Proxy refresh the access token before it expires #173

Merged
merged 3 commits into from
Nov 19, 2024
Merged

feat: have OAuth2 Proxy refresh the access token before it expires #173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
816c04f
feat: have OAuth2 Proxy refresh the access token before it expires
steveherrin Nov 19, 2024
c195c44
chore: Update README/Schema for changed charts
steveherrin Nov 19, 2024
e33e28b
Update oidc_test.yaml
jakeyheath Nov 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions stack/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ A Helm chart for deploying an Argus stack.
| `global.oidcProxy.annotations` | Annotations to add to the OIDC proxy | `{}` |
| `global.oidcProxy.volumeMounts` | Volume mounts for the OIDC proxy | `[]` |
| `global.oidcProxy.skipAuth` | Paths to skip authentication | `[]` |
| `global.oidcProxy.cookieRefresh` | Refresh tokens and cookies after this period | `59m` |
| `global.oidcProxy.extraArgs` | Extra arguments to pass to the OIDC proxy | `[]` |
| `global.oidcProxy.resources.limits.cpu` | CPU limit | `2` |
| `global.oidcProxy.resources.limits.memory` | Memory limit | `4Gi` |
Expand Down
1 change: 1 addition & 0 deletions stack/templates/oidc_proxy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ spec:
- --pass-authorization-header=true
- --reverse-proxy
- --skip-jwt-bearer-tokens
- --cookie-refresh={{ .Values.oidcProxy.cookieRefresh }}

{{- range $allOIDCProtectedServces }}
- --upstream={{ . }}
Expand Down
10 changes: 8 additions & 2 deletions stack/tests/oidc_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
# nudge
suite: oidc proxy deployment
templates:
- oidc_proxy.yaml
Expand Down Expand Up @@ -101,6 +102,7 @@ tests:
global:
oidcProxy:
enabled: true
cookieRefresh: 1h23m45s
skipAuth:
- method: GET
path: "/v1/api/docs2"
Expand All @@ -127,7 +129,7 @@ tests:
- documentIndex: 0
lengthEqual:
path: spec.template.spec.containers[0].args
count: 17
count: 18
- documentIndex: 0
contains:
path: spec.template.spec.containers[0].args
Expand All @@ -140,6 +142,10 @@ tests:
contains:
path: spec.template.spec.containers[0].args
content: "--skip-auth-route=/v1/api/security/access_token"
- documentIndex: 0
contains:
path: spec.template.spec.containers[0].args
content: "--cookie-refresh=1h23m45s"
- it: overwrites the name
set:
global:
Expand Down Expand Up @@ -421,7 +427,7 @@ tests:
- documentIndex: 0
lengthEqual:
path: spec.template.spec.containers[0].args
count: 21
count: 22
- documentIndex: 0
contains:
path: spec.template.spec.containers[0].args
Expand Down
5 changes: 5 additions & 0 deletions stack/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -589,6 +589,11 @@
"default": [],
"items": {}
},
"cookieRefresh": {
"type": "string",
"description": "Refresh tokens and cookies after this period",
"default": "59m"
},
"extraArgs": {
"type": "array",
"description": "Extra arguments to pass to the OIDC proxy",
Expand Down
3 changes: 2 additions & 1 deletion stack/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,8 @@ global:
# skipAuth:
# - path: "/healthz"
# method: GET

## @param global.oidcProxy.cookieRefresh Refresh tokens and cookies after this period
cookieRefresh: "59m"
## @param global.oidcProxy.extraArgs Extra arguments to pass to the OIDC proxy
extraArgs: []
# extraArgs:
Expand Down
Loading