Skip to content

GitLab

P
paas2-auth-sidecar
Commit 04f17008 authored by Sigmund Augdal's avatar Sigmund Augdal
Browse files
Options

Use environment variables directly from lua rather than envsubst-ing then into nginx variables 

Also gets rid of the need for a server_name variable
parent 57b7051d
Pipeline #1626 passed with stage
    in 2 minutes and 26 seconds
    Hide whitespace changes
    Inline Side-by-side
    Showing with 18 additions and 13 deletions
    Dockerfile
    View file @ 04f17008
    FROM uninett-docker-uninett.bintray.io/jessie/minbase
    RUN install_packages.sh nginx-extras gettext lua-cjson
    RUN install_packages.sh nginx-extras lua-cjson
    COPY lua /usr/local/share/lua/5.1/
    COPY nginx /etc/nginx/
    COPY nginx/nginx.conf /etc/nginx/
    COPY nginx/site.conf /etc/nginx/sites-enabled/default
    COPY entrypoint.sh /entrypoint.sh
    ENTRYPOINT ["/entrypoint.sh"]
    ENV memcache=memcache
    ......
    entrypoint.sh
    View file @ 04f17008
    #! /bin/sh
    export dollar='$'
    export namespace="$(cat /run/secrets/kubernetes.io/serviceaccount/namespace)"
    cat /etc/nginx/site.conf|envsubst>/etc/nginx/sites-enabled/default
    exec "$@"
    lua/auth.lua 0 → 100644
    View file @ 04f17008
    local returnTo = ngx.req.get_uri_args().ReturnTo
    if not returnTo then
    returnTo = ngx.var.scheme .. '://' .. ngx.var.host .. '/'
    end
    local authServer = os.getenv('auth_server')
    local action = ngx.var.action
    ngx.redirect('https://' .. authServer .. '/sp/' .. action .. '/?ReturnTo=' .. returnTo)
    lua/feide.lua
    View file @ 04f17008
    ......@@ -72,8 +72,8 @@ function memcGetMultiple(hosta, hostb, port, key)
    end
    function memcache_server(index)
    local domain = '.' .. ngx.var.namespace .. '.svc.cluster.local'
    local memcache_service = ngx.var.memcache
    local domain = '.' .. os.getenv('namespace') .. '.svc.cluster.local'
    local memcache_service = os.getenv('memcache')
    return memcache_service .. '-' .. index .. '.' .. memcache_service .. domain
    end
    ......@@ -122,7 +122,7 @@ clearHeaders()
    local feide_data = userData()
    if not feide_data then
    if ngx.var.feide_mode == 'info' then
    if os.getenv('feide_mode') == 'info' then
    return
    else
    local res = ngx.req.set_uri("/login", true)
    ......
    nginx/site.conf
    View file @ 04f17008
    server {
    listen 80 default_server;
    server_name ${server_name};
    resolver 172.16.0.10;
    set_by_lua $upstream_port 'return os.getenv("upstream_port")';
    location / {
    proxy_pass http://localhost:${upstream_port};
    set ${dollar}feide_mode '${feide_mode}';
    set ${dollar}namespace '${namespace}';
    set ${dollar}memcache '${memcache}';
    rewrite_by_lua_file /usr/local/share/lua/5.1/feide.lua;
    }
    ......@@ -15,10 +12,12 @@ server {
    }
    location /logout {
    return 303 https://${auth_server}/sp/logout/?ReturnTo=https://${server_name}/;
    set $action 'logout';
    rewrite_by_lua_file /usr/local/share/lua/5.1/auth.lua;
    }
    location /login {
    return 303 https://${auth_server}/sp/login/?ReturnTo=https://${server_name}/;
    set $action 'login';
    rewrite_by_lua_file /usr/local/share/lua/5.1/auth.lua;
    }
    }
    Markdown is supported
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment