feat: skip auth paths

2025-12-09 15:58:34 +01:00 · 2023-01-15 22:46:43 +01:00
parent 98aaa561c5
commit f32bd17013
4 changed files with 48 additions and 8 deletions
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -41,6 +41,13 @@ keycloak_clients:
        keycloak_id: "00000000-0000-0000-0000-000000000001"
        groups: "images"
        master_address: "https://images.atlantishq.de"
+        skips:
+            - "/m/"
+            - "/media/"
+            - "/image/"
+            - "/images/"
+            - "/picture/"
+            - "/pictures/"

    simple-log-server:
        party_secret : "HISTORY_PURGED_SECRET"
@@ -52,6 +59,8 @@ keycloak_clients:
        keycloak_id: "00000000-0000-0000-0000-000000000002"
        groups: "monitoring"
        master_address: "https://sls.atlantishq.de"
+        skips:
+            - "/submit"

    soundlib-interface:
        party_secret : "HISTORY_PURGED_SECRET"
@@ -63,3 +72,4 @@ keycloak_clients:
        keycloak_id: "00000000-0000-0000-0000-000000000003"
        groups: "soundlib"
        master_address: "https://sounds.atlantishq.de"
+        skips:
--- a/roles/web1/handlers/main.yaml
+++ b/roles/web1/handlers/main.yaml
@@ -0,0 +1,19 @@
+- name: systemctl restart image-factory
+  systemd:
+    name: image-factory
+    state: restarted
+
+- name: systemctl restart serien-ampel
+  systemd:
+    name: serien-ampel
+    state: restarted
+
+- name: systemctl restart simple-log-server
+  systemd:
+    name: simple-log-server
+    state: restarted
+
+- name: systemctl restart soundlib-interface
+  systemd:
+    name: soundlib-interface
+    state: restarted
--- a/roles/web1/tasks/main.yaml
+++ b/roles/web1/tasks/main.yaml
@@ -83,13 +83,6 @@
    - simple-log-server
    - soundlib-interface

- name: Deploy OAuth2Proxy
-  community.docker.docker_compose:
-    project_src: /opt/oauth2proxy/{{ item }}/
-    pull: true
-  with_items:
-    - soundlib-interface
-
 - name: Template Systemd Units
  template:
    src: "waitress-systemd-unit.j2"
@@ -97,13 +90,25 @@
  with_items:
    - { name : "image-factory",      path : "/var/www/python-flask-picture-factory" }
    - { name : "serien-ampel",       path : "/var/www/serien-ampel" }
-    - { name : "simple-log-server",  path : "/var/www/simple-log-server" }
+    - { name : "simple-log-server",  path : "/var/www/simple-log-server", external_oidc : true }
    - { name : "soundlib-interface", path : "/var/www/soundlib-interface", external_oidc : true }
  notify:
    - daemon reload
+    - systemctl restart image-factory
+    - systemctl restart serien-ampel
+    - systemctl restart simple-log-server
+    - systemctl restart soundlib-interface

 - meta: flush_handlers

+- name: Deploy OAuth2Proxy
+  community.docker.docker_compose:
+    project_src: /opt/oauth2proxy/{{ item }}/
+    pull: true
+  with_items:
+    - soundlib-interface
+    - simple-log-server
+
 - name: Enable and Start Systemd Units
  systemd:
    name: "{{ item }}"
--- a/templates/oauth-standalone-docker-compose.yaml
+++ b/templates/oauth-standalone-docker-compose.yaml
@@ -7,6 +7,12 @@ services:
    depends_on:
      - redis
    command:
+{% if keycloak_clients[item].get("skips") %}
+{% for route in keycloak_clients[item].skips %}
+      - --skip-auth-route
+      - {{ route }}
+{% endfor %}
+{% endif %}
      - --http-address
      - 0.0.0.0:{{ services[item].port }}
    ports: