Luke Granger-Brown
04c3a8431b
This is a small "library" for wrapping binaries with magic OAuth authentication based on the automatically-injected k8s service account tokens and OpenShift's OAuth service. There's an example of this deployed at https://example-lukegb-openshiftauth-test.apps.k8s.lukegb.tech/. The main pieces of setup that need to happen is: * Set "serviceAccount" in pod definition * Add Route for pod * Edit serviceaccount and add metadata.annotations, e.g.: serviceaccounts.openshift.io/oauth-redirectreference.first: >- {"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"example"}}
28 lines
869 B
Nix
28 lines
869 B
Nix
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
{ depot, ... }: {
|
|
openshiftauth = depot.third_party.buildGo.package {
|
|
name = "hg.lukegb.com/lukegb/depot/go/openshiftauth";
|
|
srcs = [ ./openshiftauth.go ];
|
|
deps = with depot.third_party; [
|
|
gopkgs."github.com".dghubble.gologin.v2
|
|
gopkgs."github.com".dghubble.gologin.v2.oauth2
|
|
gopkgs."github.com".dgrijalva.jwt-go
|
|
gopkgs."github.com".gorilla.mux
|
|
gopkgs."github.com".gorilla.securecookie
|
|
gopkgs."github.com".gorilla.sessions
|
|
gopkgs."golang.org".x.oauth2
|
|
];
|
|
};
|
|
|
|
example = depot.third_party.buildGo.program {
|
|
name = "example";
|
|
srcs = [ ./example/example.go ];
|
|
deps = with depot.third_party; [
|
|
depot.go.openshiftauth.openshiftauth
|
|
gopkgs."github.com".gorilla.mux
|
|
];
|
|
};
|
|
}
|