samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2026-03-31 21:30:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refine OVIS CA file handling and logging in setup script

Browse Source 
Updated the ovis-setup.sh script to support both .crt and .pem certificate files for OIDC providers. Enhanced validation of CA candidates with improved logging to indicate skipped non-certificate files and clarified messages regarding the presence of valid CA files. This ensures better feedback during the OVIS module initialization process.
This commit is contained in:
tm16-medma
2026-03-26 16:28:09 +01:00
parent 875ce8d71a
commit d010ad8bcb
1 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ccp/modules/ovis-setup.sh
View File

@@ -18,14 +18,27 @@ if [ -n "$ENABLE_OVIS" ]; then
if [ -d "$TRUSTED_CA_DIR" ]; then
shopt -s nullglob
ca_cert_candidates=("$TRUSTED_CA_DIR"/*.crt)
ca_candidates=("$TRUSTED_CA_DIR"/*.crt "$TRUSTED_CA_DIR"/*.pem)
shopt -u nullglob
if [ ${#ca_cert_candidates[@]} -gt 0 ]; then
OVIS_OAUTH2_PROXY_PROVIDER_CA_FILES="$(IFS=,; printf '%s' "${ca_cert_candidates[*]}")"
log INFO "OVIS oauth2-proxy will trust OIDC provider CA files from $TRUSTED_CA_DIR (*.crt)."
if [ ${#ca_candidates[@]} -gt 0 ]; then
valid_ca_files=()
for candidate in "${ca_candidates[@]}"; do
if [ -f "$candidate" ] && grep -q "BEGIN CERTIFICATE" "$candidate"; then
valid_ca_files+=("$candidate")
else
log WARN "Skipping non-certificate OIDC CA candidate: $candidate"
fi
done
if [ ${#valid_ca_files[@]} -gt 0 ]; then
OVIS_OAUTH2_PROXY_PROVIDER_CA_FILES="$(IFS=,; printf '%s' "${valid_ca_files[*]}")"
log INFO "OVIS oauth2-proxy will trust OIDC provider CA files from $TRUSTED_CA_DIR (*.crt/*.pem certificates only)."
else
log INFO "No valid OIDC CA certificate files found in $TRUSTED_CA_DIR; oauth2-proxy will use system trust store only."
fi
else
log INFO "No *.crt files found in $TRUSTED_CA_DIR; oauth2-proxy will use system trust store only."
log INFO "No OIDC CA candidates (*.crt/*.pem) found in $TRUSTED_CA_DIR; oauth2-proxy will use system trust store only."
fi
else
log INFO "Trusted CA directory $TRUSTED_CA_DIR is missing; oauth2-proxy will use system trust store only."