From 5a6322fcaaea66dbcf46be2209d4f7d761149508 Mon Sep 17 00:00:00 2001 From: janskiba Date: Thu, 14 Mar 2024 11:50:08 +0000 Subject: [PATCH] refactor: Move oauth2 proxy related things to datashield setup --- ccp/modules/datashield-setup.sh | 5 +++++ ccp/vars | 3 --- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ccp/modules/datashield-setup.sh b/ccp/modules/datashield-setup.sh index 7674ecf..4d7489c 100644 --- a/ccp/modules/datashield-setup.sh +++ b/ccp/modules/datashield-setup.sh @@ -4,6 +4,11 @@ if [ "$ENABLE_DATASHIELD" == true ]; then # HACK: This only works because exporter-setup.sh and teiler-setup.sh are sourced after datashield-setup.sh ENABLE_EXPORTER=true ENABLE_TEILER=true + + OAUTH2_CALLBACK=/oauth2/callback + OAUTH2_PROXY_SECRET="$(echo \"This is a salt string to generate one consistent encryption key for the oauth2_proxy. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 32)" + add_private_oidc_redirect_url "${OAUTH2_CALLBACK}" + log INFO "DataSHIELD setup detected -- will start DataSHIELD services." OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml" EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")" diff --git a/ccp/vars b/ccp/vars index 33f3e26..fa3f5a2 100644 --- a/ccp/vars +++ b/ccp/vars @@ -17,10 +17,7 @@ OIDC_REALM="${OIDC_REALM:-master}" OIDC_URL="https://login.verbis.dkfz.de" OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}" OIDC_GROUP_CLAIM="groups" -OAUTH2_CALLBACK=/oauth2/callback -OAUTH2_PROXY_SECRET="$(echo \"This is a salt string to generate one consistent encryption key for the oauth2_proxy. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 32)" -add_private_oidc_redirect_url "${OAUTH2_CALLBACK}" POSTGRES_TAG=15.6-alpine for module in $PROJECT/modules/*.sh