Skip to content

Commit 7295f1c

Browse files
duanhongyiduanhongyi
committed
chore(controller): simplified passport config
1 parent e54fee4 commit 7295f1c

2 files changed

Lines changed: 45 additions & 29 deletions

File tree

charts/controller/templates/_helpers.tpl

Lines changed: 3 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -125,32 +125,18 @@ env:
125125
value: "amqp://$(DRYCC_RABBITMQ_USERNAME):$(DRYCC_RABBITMQ_PASSWORD)@drycc-rabbitmq.{{$.Release.Namespace}}.svc.{{$.Values.global.clusterDomain}}:5672/drycc"
126126
{{- end }}
127127
{{- if eq .Values.global.passportLocation "on-cluster"}}
128-
- name: "DRYCC_PASSPORT_DOMAIN"
128+
- name: "DRYCC_PASSPORT_URL"
129129
{{- if .Values.global.certManagerEnabled }}
130130
value: https://drycc-passport.{{ .Values.global.platformDomain }}
131131
{{- else }}
132132
value: http://drycc-passport.{{ .Values.global.platformDomain }}
133133
{{- end }}
134-
- name: "SOCIAL_AUTH_DRYCC_AUTHORIZATION_URL"
135-
value: "$(DRYCC_PASSPORT_DOMAIN)/oauth/authorize/"
136-
- name: "SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL"
137-
value: "$(DRYCC_PASSPORT_DOMAIN)/oauth/token/"
138-
- name: "SOCIAL_AUTH_DRYCC_ACCESS_API_URL"
139-
value: "$(DRYCC_PASSPORT_DOMAIN)"
140-
- name: "SOCIAL_AUTH_DRYCC_USERINFO_URL"
141-
value: "$(DRYCC_PASSPORT_DOMAIN)/oauth/userinfo/"
142-
- name: "SOCIAL_AUTH_DRYCC_JWKS_URI"
143-
value: "$(DRYCC_PASSPORT_DOMAIN)/oauth/.well-known/jwks.json"
144-
- name: "SOCIAL_AUTH_DRYCC_OIDC_ENDPOINT"
145-
value: "$(DRYCC_PASSPORT_DOMAIN)/oauth"
146-
- name: "LOGIN_REDIRECT_URL"
147-
value: "$(DRYCC_PASSPORT_DOMAIN)/user/login/done/"
148-
- name: SOCIAL_AUTH_DRYCC_CONTROLLER_KEY
134+
- name: SOCIAL_AUTH_DRYCC_KEY
149135
valueFrom:
150136
secretKeyRef:
151137
name: passport-creds
152138
key: social-auth-drycc-controller-key
153-
- name: SOCIAL_AUTH_DRYCC_CONTROLLER_SECRET
139+
- name: SOCIAL_AUTH_DRYCC_SECRET
154140
valueFrom:
155141
secretKeyRef:
156142
name: passport-creds

rootfs/api/settings/production.py

Lines changed: 42 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,6 @@
123123
GUARDIAN_GET_INIT_ANONYMOUS_USER = 'api.models.base.get_anonymous_user_instance'
124124
ANONYMOUS_USER_NAME = os.environ.get('ANONYMOUS_USER_NAME', 'AnonymousUser')
125125
LOGIN_URL = '/v2/auth/login/'
126-
LOGIN_REDIRECT_URL = '/'
127126

128127
# Security settings
129128
CORS_ORIGIN_ALLOW_ALL = True
@@ -409,15 +408,47 @@
409408
APP_URL_REGEX = '[a-z0-9-]+'
410409

411410
# Oauth settings
412-
LOGIN_REDIRECT_URL = os.environ.get('LOGIN_REDIRECT_URL', '/admin/')
413-
SOCIAL_AUTH_DRYCC_AUTHORIZATION_URL = os.environ.get('SOCIAL_AUTH_DRYCC_AUTHORIZATION_URL')
414-
SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL = os.environ.get('SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL')
415-
SOCIAL_AUTH_DRYCC_ACCESS_API_URL = os.environ.get('SOCIAL_AUTH_DRYCC_ACCESS_API_URL')
416-
SOCIAL_AUTH_DRYCC_USERINFO_URL = os.environ.get('SOCIAL_AUTH_DRYCC_USERINFO_URL')
417-
SOCIAL_AUTH_DRYCC_JWKS_URI = os.environ.get('SOCIAL_AUTH_DRYCC_JWKS_URI')
418-
SOCIAL_AUTH_DRYCC_OIDC_ENDPOINT = os.environ.get('SOCIAL_AUTH_DRYCC_OIDC_ENDPOINT')
419-
SOCIAL_AUTH_DRYCC_KEY = os.environ.get('SOCIAL_AUTH_DRYCC_CONTROLLER_KEY')
420-
SOCIAL_AUTH_DRYCC_SECRET = os.environ.get('SOCIAL_AUTH_DRYCC_CONTROLLER_SECRET')
411+
412+
DRYCC_PASSPORT_URL = os.environ.get('DRYCC_PASSPORT_URL', 'https://127.0.0.1:8000')
413+
414+
LOGIN_REDIRECT_URL = os.environ.get(
415+
'LOGIN_REDIRECT_URL',
416+
f'{DRYCC_PASSPORT_URL}/user/login/done/',
417+
)
418+
419+
SOCIAL_AUTH_DRYCC_AUTHORIZATION_URL = os.environ.get(
420+
'SOCIAL_AUTH_DRYCC_AUTHORIZATION_URL',
421+
f'{DRYCC_PASSPORT_URL}/oauth/authorize/',
422+
)
423+
SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL = os.environ.get(
424+
'SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL',
425+
f'{DRYCC_PASSPORT_URL}/oauth/token/'
426+
)
427+
SOCIAL_AUTH_DRYCC_ACCESS_API_URL = os.environ.get(
428+
'SOCIAL_AUTH_DRYCC_ACCESS_API_URL',
429+
f'{DRYCC_PASSPORT_URL}'
430+
)
431+
SOCIAL_AUTH_DRYCC_USERINFO_URL = os.environ.get(
432+
'SOCIAL_AUTH_DRYCC_USERINFO_URL',
433+
f'{DRYCC_PASSPORT_URL}/oauth/userinfo/'
434+
)
435+
SOCIAL_AUTH_DRYCC_JWKS_URI = os.environ.get(
436+
'SOCIAL_AUTH_DRYCC_JWKS_URI',
437+
f'{DRYCC_PASSPORT_URL}/oauth/.well-known/jwks.json'
438+
)
439+
SOCIAL_AUTH_DRYCC_OIDC_ENDPOINT = os.environ.get(
440+
'SOCIAL_AUTH_DRYCC_OIDC_ENDPOINT',
441+
f'{DRYCC_PASSPORT_URL}/oauth'
442+
)
443+
SOCIAL_AUTH_DRYCC_KEY = os.environ.get(
444+
'SOCIAL_AUTH_DRYCC_KEY',
445+
'BZUsBnW8hoSOrWfGs7EEVKSPjvE6PJdc9869v82o'
446+
)
447+
SOCIAL_AUTH_DRYCC_SECRET = os.environ.get(
448+
'SOCIAL_AUTH_DRYCC_SECRET',
449+
'bQpNjR3YkNqE1W7ohNXVAWuTmYbeKyQKRDelkd8JcsbksoJSHs0igox52frNuz6L'
450+
)
451+
421452
SOCIAL_AUTH_JSONFIELD_ENABLED = True
422453
SOCIAL_AUTH_PIPELINE = (
423454
'social_core.pipeline.social_auth.social_details',
@@ -430,8 +461,7 @@
430461
'social_core.pipeline.social_auth.load_extra_data',
431462
'social_core.pipeline.user.user_details',
432463
)
433-
AUTHENTICATION_BACKENDS = ("api.backend.DryccOIDC",) + \
434-
AUTHENTICATION_BACKENDS
464+
AUTHENTICATION_BACKENDS = ("api.backend.DryccOIDC", ) + AUTHENTICATION_BACKENDS
435465
OAUTH_CACHE_USER_TIME = int(os.environ.get('OAUTH_CACHE_USER_TIME', 30 * 60))
436466

437467
# Redis Configuration

0 commit comments

Comments
 (0)