chore(passport): support init app config

Author: duanhongyi

charts/passport/templates/_helpers.tpl

@@ -16,6 +16,43 @@ rbac.authorization.k8s.io/v1
 env:
 - name: "TZ"
   value: {{ .Values.time_zone | default "UTC" | quote }}
+{{- if (.Values.initGrafanaKey) }}
+- name: "DRYCC_GRAFANA_DOMAIN"
+{{- if .Values.global.certManagerEnabled }}
+  value: https://drycc-monitor-grafana.{{ .Values.global.platformDomain }}
+{{- else }}
+  value: http://drycc-monitor-grafana.{{ .Values.global.platformDomain }}
+{{- end }}
+- name: DRYCC_PASSPORT_GRAFANA_KEY
+  valueFrom:
+    secretKeyRef:
+      name: passport-creds
+      key: drycc-passport-grafana-key
+- name: DRYCC_PASSPORT_GRAFANA_SECRET
+  valueFrom:
+    secretKeyRef:
+      name: passport-creds
+      key: drycc-passport-grafana-secret
+{{- end }}
+{{- if (.Values.initManagerKey) }}
+- name: "DRYCC_MONITOR_MANAGER_DOMAIN"
+{{- if .Values.global.certManagerEnabled }}
+  value: https://drycc-manager.{{ .Values.global.platformDomain }}
+{{- else }}
+  value: http://drycc-manager.{{ .Values.global.platformDomain }}
+{{- end }}
+- name: DRYCC_PASSPORT_MANAGER_KEY
+  valueFrom:
+    secretKeyRef:
+      name: passport-creds
+      key: drycc-passport-manager-key
+- name: DRYCC_PASSPORT_MANAGER_SECRET
+  valueFrom:
+    secretKeyRef:
+      name: passport-creds
+      key: drycc-passport-manager-secret
+{{- end }}
+{{- if (.Values.initControllerKey) }}
 - name: "DRYCC_CONTROLLER_DOMAIN"
 {{- if .Values.global.certManagerEnabled }}
   value: https://drycc.{{ .Values.global.platformDomain }}
@@ -37,6 +74,7 @@ env:
     secretKeyRef:
       name: passport-creds
       key: drycc-passport-controller-secret
+{{- end }}
 - name: WORKFLOW_NAMESPACE
   valueFrom:
     fieldRef:
@@ -47,26 +85,6 @@ env:
   value: {{ .Values.adminPassword | default "admin" | quote }}
 - name: ADMIN_EMAIL
   value: {{ .Values.adminEmail | default "admin@email.com" | quote }}
-{{- if eq .Values.global.grafanaLocation "on-cluster" }}
-- name: "DRYCC_MONITOR_GRAFANA_DOMAIN"
-{{- if .Values.global.certManagerEnabled }}
-  value: https://drycc-monitor-grafana.{{ .Values.global.platformDomain }}
-{{- else }}
-  value: http://drycc-monitor-grafana.{{ .Values.global.platformDomain }}
-{{- end }}
-- name: GRAFANA_ON_CLUSTER
-  value: "true"
-- name: DRYCC_PASSPORT_GRAFANA_KEY
-  valueFrom:
-    secretKeyRef:
-      name: passport-creds
-      key: drycc-passport-grafana-key
-- name: DRYCC_PASSPORT_GRAFANA_SECRET
-  valueFrom:
-    secretKeyRef:
-      name: passport-creds
-      key: drycc-passport-grafana-secret
-{{- end }}
 {{- if (.Values.databaseUrl) }}
 - name: DRYCC_DATABASE_URL
   valueFrom:

charts/passport/templates/passport-secret-creds.yaml

@@ -16,8 +16,16 @@ data:
   {{- end }}
   django-secret-key: {{ randAscii 64 | b64enc }}
   oidc-rsa-private-key: "{{genPrivateKey "rsa" | b64enc}}"
+  {{- if (.Values.initGrafanaKey) }}
   drycc-passport-grafana-key: {{ randAlphaNum 40 | b64enc }}
   drycc-passport-grafana-secret: {{ randAlphaNum 64 | b64enc }}
+  {{- end }}
+  {{- if (.Values.initManagerKey) }}
+  drycc-passport-manager-key: {{ randAlphaNum 40 | b64enc }}
+  drycc-passport-manager-secret: {{ randAlphaNum 64 | b64enc }}
+  {{- end }}
+  {{- if (.Values.initControllerKey) }}
   drycc-passport-controller-key: {{ randAlphaNum 40 | b64enc }}
   drycc-passport-controller-secret: {{ randAlphaNum 64 | b64enc }}
+  {{- end }}
 {{- end }}

charts/passport/values.yaml

@@ -66,6 +66,11 @@ adminUsername: "admin"
 adminPassword: "admin"
 adminEmail: "admin@email.com"
 
+# The following configurations represent whether to initialize oauth2 application key
+initGrafanaKey: true
+initManagerKey: false
+initControllerKey: true
+
 # Service
 service:
   # Provide any additional service annotations

rootfs/api/management/commands/create_oauth2_application.py

@@ -10,16 +10,22 @@ class Command(BaseCommand):
     """Management command for create Oauth2 application"""
 
     def handle(self, *args, **options):
-        app_list = [{
-            "name": "CONTROLLER",
-            "redirect_uri": f"{os.environ.get('DRYCC_CONTROLLER_DOMAIN')}/v2/complete/drycc/"  # noqa
-        }]
-        if os.environ.get('GRAFANA_ON_CLUSTER') == "true":
+        app_list = []
+        if os.environ.get('DRYCC_GRAFANA_DOMAIN'):
             app_list.append({
                 "name": "GRAFANA",
-                 "redirect_uri": f"{os.environ.get('DRYCC_MONITOR_GRAFANA_DOMAIN')}/login/generic_oauth"  # noqa
+                 "redirect_uri": f"{os.environ.get('DRYCC_GRAFANA_DOMAIN')}/login/generic_oauth"  # noqa
+            })
+        if os.environ.get('DRYCC_MANAGER_DOMAIN'):
+            app_list.append({
+                "name": "MANAGER",
+                 "redirect_uri": f"{os.environ.get('DRYCC_MANAGER_DOMAIN')}/v1/complete/drycc/"  # noqa
+            })
+        if os.environ.get('DRYCC_CONTROLLER_DOMAIN'):
+            app_list.append({
+                "name": "CONTROLLER",
+                "redirect_uri": f"{os.environ.get('DRYCC_CONTROLLER_DOMAIN')}/v2/complete/drycc/"  # noqa
             })
-
         for app in app_list:
             client_id = os.environ.get(
                 f'DRYCC_PASSPORT_{app["name"]}_KEY') if os.environ.get(
@@ -33,7 +39,7 @@ def handle(self, *args, **options):
             user = User.objects.filter(is_superuser=True).first()
             if not user:
                 self.stdout.write("Cannot create because there is no superuser")
-            application, updated = Application.objects.update_or_create(
+            _, updated = Application.objects.update_or_create(
                 name='Drycc ' + app["name"].title(),
                 defaults={
                     'client_id': client_id,

rootfs/requirements.txt

@@ -1,5 +1,5 @@
 # Drycc passport requirements
-django==4.1
+django==4.1.2
 pytz==2022.2.1
 django-auth-ldap==3.0.0
 django-cors-headers==3.7.0