Solved oauth2 bugs and deactivated health-csp role temporary

2025-08-29 15:06:26 +02:00 · 2025-05-13 14:34:16 +02:00
parent 687f9b0703
commit dc4964eda1
14 changed files with 38 additions and 82 deletions
--- a/roles/docker-oauth2-proxy/tasks/main.yml
+++ b/roles/docker-oauth2-proxy/tasks/main.yml
@@ -1,6 +1,6 @@
- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.volumes}}"
+- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{(path_docker_compose_instances | get_docker_compose(oauth2_proxy_application_id)).directories.volumes}}"
  template:
    src: oauth2-proxy-keycloak.cfg.j2
-    dest: "{{docker_compose.directories.volumes}}{{applications[application_id].configuration_file}}"
+    dest: "{{(path_docker_compose_instances | get_docker_compose(oauth2_proxy_application_id)).directories.volumes}}{{applications[application_id].configuration_file}}"
  notify:
    - docker compose project setup
--- a/roles/docker-oauth2-proxy/templates/container.yml.j2
+++ b/roles/docker-oauth2-proxy/templates/container.yml.j2
@@ -1,11 +1,11 @@
 {% if applications | is_feature_enabled('oauth2',application_id) %}
  oauth2-proxy:
-    image: quay.io/oauth2-proxy/oauth2-proxy:{{applications.oauth2_proxy.version}}
+    image: quay.io/oauth2-proxy/oauth2-proxy:{{applications['oauth2-proxy'].version}}
    restart: {{docker_restart_policy}}
    command: --config /oauth2-proxy.cfg
    hostname: oauth2-proxy
    ports:
      - {{ports.localhost.oauth2_proxy[application_id]}}:4180/tcp
    volumes:
-      - "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
+      - "{{docker_compose.directories.volumes}}{{applications['oauth2-proxy'].configuration_file}}:/oauth2-proxy.cfg"
 {% endif %}
--- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -3,18 +3,18 @@ cookie_secret           =   "{{ applications[oauth2_proxy_application_id].creden
 email_domains           =   "{{ primary_domain }}"
 cookie_secure           =   "true"                                                  # True is necessary to force the cookie set via https
 upstreams               =   "http://{{ applications[oauth2_proxy_application_id].oauth2_proxy.application }}:{{ applications[oauth2_proxy_application_id].oauth2_proxy.port }}"
-cookie_domains          =   ["{{ domain }}", "{{ domains.keycloak }}"]                  # Required so cookie can be read on all subdomains.
+cookie_domains          =   ["{{ domains[oauth2_proxy_application_id] }}", "{{ domains.keycloak }}"]                  # Required so cookie can be read on all subdomains.
 whitelist_domains       =   [".{{ primary_domain }}"]                                 # Required to allow redirection back to original requested target.

 # keycloak provider
 client_secret           =   "{{ oidc.client.secret }}"
 client_id               =   "{{ oidc.client.id }}"
-redirect_url            =   "{{ web_protocol }}://{{domain}}/oauth2/callback"
+redirect_url            =   "{{ web_protocol }}://{{domains[oauth2_proxy_application_id]}}/oauth2/callback"
 oidc_issuer_url         =   "{{ oidc.client.issuer_url }}"
 provider                =   "oidc"
 provider_display_name   =   "Keycloak"

 # role restrictions
 #cookie_roles           =   "realm_access.roles"
-#allowed_groups         =   "{{ applications[oauth2_proxy_application_id].allowed_roles }}"           # This is not correct here. needs to be placed in applications @todo move there when implementing
+#allowed_groups         =   "{{ applications[application_id].allowed_roles }}"           # This is not correct here. needs to be placed in applications @todo move there when implementing
 # @see https://chatgpt.com/share/67f42607-bf68-800f-b587-bd56fe9067b5