mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 19:44:21 +00:00
feat: set env vars for http proxy (#2379)
This commit is contained in:
parent
f39ff13acb
commit
0f9a939f44
@ -19,6 +19,7 @@ type Configuration struct {
|
|||||||
DNS *DNS `yaml:"dns"`
|
DNS *DNS `yaml:"dns"`
|
||||||
ClusterDNS string `yaml:"clusterdns"`
|
ClusterDNS string `yaml:"clusterdns"`
|
||||||
AssetStorage *AssetStorage `yaml:"assetStorage,omitempty"`
|
AssetStorage *AssetStorage `yaml:"assetStorage,omitempty"`
|
||||||
|
Proxy *Proxy `yaml:"proxy,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Configuration) Validate() (err error) {
|
func (c *Configuration) Validate() (err error) {
|
||||||
@ -142,3 +143,11 @@ type Cache struct {
|
|||||||
ShortMaxAge string `yaml:"shortMaxAge,omitempty"`
|
ShortMaxAge string `yaml:"shortMaxAge,omitempty"`
|
||||||
ShortSharedMaxAge string `yaml:"shortSharedMaxAge,omitempty"`
|
ShortSharedMaxAge string `yaml:"shortSharedMaxAge,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Proxy struct {
|
||||||
|
NoProxy []string `yaml:"noProxy,omitempty"`
|
||||||
|
HTTP *secret.Secret `yaml:"http,omitempty"`
|
||||||
|
HTTPS *secret.Secret `yaml:"https,omitempty"`
|
||||||
|
ExistingHTTP *secret.Existing `yaml:"existingHTTP,omitempty"`
|
||||||
|
ExistingHTTPS *secret.Existing `yaml:"existingHTTPS,omitempty"`
|
||||||
|
}
|
||||||
|
@ -111,6 +111,9 @@ func literalsConfigMap(
|
|||||||
literalsConfigMap["ZITADEL_ASSET_STORAGE_BUCKET_PREFIX"] = desired.AssetStorage.BucketPrefix
|
literalsConfigMap["ZITADEL_ASSET_STORAGE_BUCKET_PREFIX"] = desired.AssetStorage.BucketPrefix
|
||||||
literalsConfigMap["ZITADEL_ASSET_STORAGE_MULTI_DELETE"] = strconv.FormatBool(desired.AssetStorage.MultiDelete)
|
literalsConfigMap["ZITADEL_ASSET_STORAGE_MULTI_DELETE"] = strconv.FormatBool(desired.AssetStorage.MultiDelete)
|
||||||
}
|
}
|
||||||
|
if desired.Proxy != nil {
|
||||||
|
literalsConfigMap["NO_PROXY"] = strings.Join(desired.Proxy.NoProxy, ",")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sentryEnv, _, doIngest := mntr.Environment()
|
sentryEnv, _, doIngest := mntr.Environment()
|
||||||
@ -197,6 +200,22 @@ func literalsSecretVars(k8sClient kubernetes.ClientInt, desired *Configuration)
|
|||||||
literalsSecretVars["ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY"] = value
|
literalsSecretVars["ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY"] = value
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if desired.Proxy != nil {
|
||||||
|
if desired.Proxy.HTTP != nil || desired.Proxy.ExistingHTTP != nil {
|
||||||
|
value, err := read.GetSecretValue(k8sClient, desired.Proxy.HTTP, desired.Proxy.ExistingHTTP)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
literalsSecretVars["HTTP_PROXY"] = value
|
||||||
|
}
|
||||||
|
if desired.Proxy.HTTPS != nil || desired.Proxy.ExistingHTTPS != nil {
|
||||||
|
value, err := read.GetSecretValue(k8sClient, desired.Proxy.HTTPS, desired.Proxy.ExistingHTTPS)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
literalsSecretVars["HTTPS_PROXY"] = value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
_, dsns, doIngest := mntr.Environment()
|
_, dsns, doIngest := mntr.Environment()
|
||||||
zitadelDsn := ""
|
zitadelDsn := ""
|
||||||
|
@ -80,6 +80,11 @@ var (
|
|||||||
Location: "",
|
Location: "",
|
||||||
BucketPrefix: "",
|
BucketPrefix: "",
|
||||||
},
|
},
|
||||||
|
Proxy: &Proxy{
|
||||||
|
NoProxy: nil,
|
||||||
|
HTTP: &secret.Secret{Value: ""},
|
||||||
|
HTTPS: &secret.Secret{Value: ""},
|
||||||
|
},
|
||||||
ClusterDNS: "",
|
ClusterDNS: "",
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -148,6 +153,14 @@ var (
|
|||||||
Location: "location",
|
Location: "location",
|
||||||
BucketPrefix: "bucketprefix",
|
BucketPrefix: "bucketprefix",
|
||||||
},
|
},
|
||||||
|
Proxy: &Proxy{
|
||||||
|
NoProxy: []string{
|
||||||
|
"test.com",
|
||||||
|
"10.0.0.0/16",
|
||||||
|
},
|
||||||
|
HTTP: &secret.Secret{Value: "http://username:passwor@proxy:80"},
|
||||||
|
HTTPS: &secret.Secret{Value: "https://username:passwor@proxy:443"},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
desiredFullExisting = &Configuration{
|
desiredFullExisting = &Configuration{
|
||||||
Tracing: &Tracing{
|
Tracing: &Tracing{
|
||||||
@ -214,6 +227,14 @@ var (
|
|||||||
Location: "location",
|
Location: "location",
|
||||||
BucketPrefix: "bucketprefix",
|
BucketPrefix: "bucketprefix",
|
||||||
},
|
},
|
||||||
|
Proxy: &Proxy{
|
||||||
|
NoProxy: []string{
|
||||||
|
"test.com",
|
||||||
|
"10.0.0.0/16",
|
||||||
|
},
|
||||||
|
ExistingHTTP: &secret.Existing{"httpproxy", "httpproxy", "httpproxy"},
|
||||||
|
ExistingHTTPS: &secret.Existing{"httpsproxy", "httpsproxy", "httpsproxy"},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -295,6 +316,7 @@ func TestConfiguration_LiteralsConfigMap(t *testing.T) {
|
|||||||
"ZITADEL_ASSET_STORAGE_LOCATION": "",
|
"ZITADEL_ASSET_STORAGE_LOCATION": "",
|
||||||
"ZITADEL_ASSET_STORAGE_BUCKET_PREFIX": "",
|
"ZITADEL_ASSET_STORAGE_BUCKET_PREFIX": "",
|
||||||
"ZITADEL_ASSET_STORAGE_MULTI_DELETE": "false",
|
"ZITADEL_ASSET_STORAGE_MULTI_DELETE": "false",
|
||||||
|
"NO_PROXY": "",
|
||||||
"SENTRY_ENVIRONMENT": "",
|
"SENTRY_ENVIRONMENT": "",
|
||||||
"SENTRY_USAGE": "false",
|
"SENTRY_USAGE": "false",
|
||||||
}
|
}
|
||||||
@ -382,6 +404,7 @@ func TestConfiguration_LiteralsConfigMapFull(t *testing.T) {
|
|||||||
"ZITADEL_ASSET_STORAGE_LOCATION": "location",
|
"ZITADEL_ASSET_STORAGE_LOCATION": "location",
|
||||||
"ZITADEL_ASSET_STORAGE_BUCKET_PREFIX": "bucketprefix",
|
"ZITADEL_ASSET_STORAGE_BUCKET_PREFIX": "bucketprefix",
|
||||||
"ZITADEL_ASSET_STORAGE_MULTI_DELETE": "false",
|
"ZITADEL_ASSET_STORAGE_MULTI_DELETE": "false",
|
||||||
|
"NO_PROXY": "test.com,10.0.0.0/16",
|
||||||
"SENTRY_ENVIRONMENT": "",
|
"SENTRY_ENVIRONMENT": "",
|
||||||
"SENTRY_USAGE": "false",
|
"SENTRY_USAGE": "false",
|
||||||
}
|
}
|
||||||
@ -463,6 +486,8 @@ func TestConfiguration_LiteralsSecretVars(t *testing.T) {
|
|||||||
"ZITADEL_TWILIO_SID": "",
|
"ZITADEL_TWILIO_SID": "",
|
||||||
"ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID": "",
|
"ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID": "",
|
||||||
"ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY": "",
|
"ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY": "",
|
||||||
|
"HTTPS_PROXY": "",
|
||||||
|
"HTTP_PROXY": "",
|
||||||
"SENTRY_DSN": "",
|
"SENTRY_DSN": "",
|
||||||
}
|
}
|
||||||
literals, err := literalsSecretVars(client, desiredEmpty)
|
literals, err := literalsSecretVars(client, desiredEmpty)
|
||||||
@ -480,6 +505,8 @@ func TestConfiguration_LiteralsSecretVarsFull(t *testing.T) {
|
|||||||
"ZITADEL_TWILIO_SID": "sid",
|
"ZITADEL_TWILIO_SID": "sid",
|
||||||
"ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID": "accesskeyid",
|
"ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID": "accesskeyid",
|
||||||
"ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY": "secretaccesskey",
|
"ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY": "secretaccesskey",
|
||||||
|
"HTTP_PROXY": "http://username:passwor@proxy:80",
|
||||||
|
"HTTPS_PROXY": "https://username:passwor@proxy:443",
|
||||||
"SENTRY_DSN": "",
|
"SENTRY_DSN": "",
|
||||||
}
|
}
|
||||||
literals, err := literalsSecretVars(client, desiredFull)
|
literals, err := literalsSecretVars(client, desiredFull)
|
||||||
@ -497,6 +524,8 @@ func TestConfiguration_LiteralsSecretVarsExisting(t *testing.T) {
|
|||||||
sid := "sid"
|
sid := "sid"
|
||||||
akid := "accesskeyid"
|
akid := "accesskeyid"
|
||||||
sak := "secretaccesskey"
|
sak := "secretaccesskey"
|
||||||
|
httpProxy := "http://username:passwor@proxy:80"
|
||||||
|
httpsProxy := "https://username:passwor@proxy:443"
|
||||||
/* TODO: incomment!!!
|
/* TODO: incomment!!!
|
||||||
client.EXPECT().GetSecret(namespace, desiredFullExisting.Notifications.Email.ExistingAppKey.Name).Return(&corev1.Secret{
|
client.EXPECT().GetSecret(namespace, desiredFullExisting.Notifications.Email.ExistingAppKey.Name).Return(&corev1.Secret{
|
||||||
StringData: map[string]string{
|
StringData: map[string]string{
|
||||||
@ -538,6 +567,8 @@ func TestConfiguration_LiteralsSecretVarsExisting(t *testing.T) {
|
|||||||
"ZITADEL_TWILIO_SID": sid,
|
"ZITADEL_TWILIO_SID": sid,
|
||||||
"ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID": akid,
|
"ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID": akid,
|
||||||
"ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY": sak,
|
"ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY": sak,
|
||||||
|
"HTTP_PROXY": httpProxy,
|
||||||
|
"HTTPS_PROXY": httpsProxy,
|
||||||
"SENTRY_DSN": "",
|
"SENTRY_DSN": "",
|
||||||
}
|
}
|
||||||
literals, err := literalsSecretVars(client, desiredFull)
|
literals, err := literalsSecretVars(client, desiredFull)
|
||||||
|
@ -125,5 +125,28 @@ func getSecretsMap(desiredKind *DesiredV0) (
|
|||||||
secrets[secretKey] = conf.AssetStorage.SecretAccessKey
|
secrets[secretKey] = conf.AssetStorage.SecretAccessKey
|
||||||
existing[secretKey] = conf.AssetStorage.ExistingSecretAccessKey
|
existing[secretKey] = conf.AssetStorage.ExistingSecretAccessKey
|
||||||
|
|
||||||
|
if conf.Proxy == nil {
|
||||||
|
conf.Proxy = &configuration.Proxy{}
|
||||||
|
}
|
||||||
|
if conf.Proxy.HTTP == nil {
|
||||||
|
conf.Proxy.HTTP = &secret.Secret{}
|
||||||
|
}
|
||||||
|
if conf.Proxy.ExistingHTTP == nil {
|
||||||
|
conf.Proxy.ExistingHTTP = &secret.Existing{}
|
||||||
|
}
|
||||||
|
if conf.Proxy.HTTPS == nil {
|
||||||
|
conf.Proxy.HTTPS = &secret.Secret{}
|
||||||
|
}
|
||||||
|
if conf.Proxy.ExistingHTTPS == nil {
|
||||||
|
conf.Proxy.ExistingHTTPS = &secret.Existing{}
|
||||||
|
}
|
||||||
|
httpProxy := "httpproxy"
|
||||||
|
secrets[httpProxy] = conf.Proxy.HTTP
|
||||||
|
existing[httpProxy] = conf.Proxy.ExistingHTTP
|
||||||
|
|
||||||
|
httpsProxy := "httpsproxy"
|
||||||
|
secrets[httpsProxy] = conf.Proxy.HTTPS
|
||||||
|
existing[httpsProxy] = conf.Proxy.ExistingHTTPS
|
||||||
|
|
||||||
return secrets, existing
|
return secrets, existing
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user