From f32bd170136127afe5396846d7f5a9674096f5ca Mon Sep 17 00:00:00 2001 From: Sheppy Date: Sun, 15 Jan 2023 22:46:43 +0100 Subject: [PATCH] feat: skip auth paths --- group_vars/all.yaml | 10 +++++++++ roles/web1/handlers/main.yaml | 19 +++++++++++++++++ roles/web1/tasks/main.yaml | 21 ++++++++++++------- .../oauth-standalone-docker-compose.yaml | 6 ++++++ 4 files changed, 48 insertions(+), 8 deletions(-) create mode 100644 roles/web1/handlers/main.yaml diff --git a/group_vars/all.yaml b/group_vars/all.yaml index f4abe33..b199077 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -41,6 +41,13 @@ keycloak_clients: keycloak_id: "00000000-0000-0000-0000-000000000001" groups: "images" master_address: "https://images.atlantishq.de" + skips: + - "/m/" + - "/media/" + - "/image/" + - "/images/" + - "/picture/" + - "/pictures/" simple-log-server: party_secret : "HISTORY_PURGED_SECRET" @@ -52,6 +59,8 @@ keycloak_clients: keycloak_id: "00000000-0000-0000-0000-000000000002" groups: "monitoring" master_address: "https://sls.atlantishq.de" + skips: + - "/submit" soundlib-interface: party_secret : "HISTORY_PURGED_SECRET" @@ -63,3 +72,4 @@ keycloak_clients: keycloak_id: "00000000-0000-0000-0000-000000000003" groups: "soundlib" master_address: "https://sounds.atlantishq.de" + skips: diff --git a/roles/web1/handlers/main.yaml b/roles/web1/handlers/main.yaml new file mode 100644 index 0000000..a2981e3 --- /dev/null +++ b/roles/web1/handlers/main.yaml @@ -0,0 +1,19 @@ +- name: systemctl restart image-factory + systemd: + name: image-factory + state: restarted + +- name: systemctl restart serien-ampel + systemd: + name: serien-ampel + state: restarted + +- name: systemctl restart simple-log-server + systemd: + name: simple-log-server + state: restarted + +- name: systemctl restart soundlib-interface + systemd: + name: soundlib-interface + state: restarted diff --git a/roles/web1/tasks/main.yaml b/roles/web1/tasks/main.yaml index 4b32342..c289f3b 100644 --- a/roles/web1/tasks/main.yaml +++ b/roles/web1/tasks/main.yaml @@ -83,13 +83,6 @@ - simple-log-server - soundlib-interface -- name: Deploy OAuth2Proxy - community.docker.docker_compose: - project_src: /opt/oauth2proxy/{{ item }}/ - pull: true - with_items: - - soundlib-interface - - name: Template Systemd Units template: src: "waitress-systemd-unit.j2" @@ -97,13 +90,25 @@ with_items: - { name : "image-factory", path : "/var/www/python-flask-picture-factory" } - { name : "serien-ampel", path : "/var/www/serien-ampel" } - - { name : "simple-log-server", path : "/var/www/simple-log-server" } + - { name : "simple-log-server", path : "/var/www/simple-log-server", external_oidc : true } - { name : "soundlib-interface", path : "/var/www/soundlib-interface", external_oidc : true } notify: - daemon reload + - systemctl restart image-factory + - systemctl restart serien-ampel + - systemctl restart simple-log-server + - systemctl restart soundlib-interface - meta: flush_handlers +- name: Deploy OAuth2Proxy + community.docker.docker_compose: + project_src: /opt/oauth2proxy/{{ item }}/ + pull: true + with_items: + - soundlib-interface + - simple-log-server + - name: Enable and Start Systemd Units systemd: name: "{{ item }}" diff --git a/templates/oauth-standalone-docker-compose.yaml b/templates/oauth-standalone-docker-compose.yaml index 3bc0027..d4e4ef5 100644 --- a/templates/oauth-standalone-docker-compose.yaml +++ b/templates/oauth-standalone-docker-compose.yaml @@ -7,6 +7,12 @@ services: depends_on: - redis command: +{% if keycloak_clients[item].get("skips") %} +{% for route in keycloak_clients[item].skips %} + - --skip-auth-route + - {{ route }} +{% endfor %} +{% endif %} - --http-address - 0.0.0.0:{{ services[item].port }} ports: