flask-oidc: Copying/reusing test-auth deployment config files

Signed-off-by: David Kirwan <dkirwan@redhat.com>
Signed-off-by: Aurelien Bompard <abompard@redhat.com>

roles/openshift-apps/flask-oidc-dev/files/service.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: flask-oidc-dev
+  labels:
+    app: flask-oidc-dev
+spec:
+  ports:
+    - name: web
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: flask-oidc-dev
+    deploymentconfig: flask-oidc-dev

roles/openshift-apps/flask-oidc-dev/templates/buildconfig.yml

@@ -0,0 +1,41 @@
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  name: flask-oidc-dev
+  labels:
+    app: flask-oidc-dev
+    build: flask-oidc-dev
+spec:
+  runPolicy: Serial
+  source:
+    type: Git
+    git:
+      uri: https://github.com/abompard/test-auth.git
+{% if env == "staging" %}
+      ref: main
+{% else %}
+      ref: stable
+{% endif %}
+    contextDir: /
+  strategy:
+    type: Source
+    sourceStrategy:
+      from:
+        kind: ImageStreamTag
+        name: python:3.6
+        namespace: openshift
+  output:
+    to:
+      kind: ImageStreamTag
+      name: flask-oidc-dev:latest
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange
+  - type: GitHub
+{% if test_auth_stg_github_secret is defined and env == 'staging' %}
+    github:
+      secret: "{{ test_auth_stg_github_secret }}"
+{% elif test_auth_github_secret is defined and env == 'production' %}
+    github:
+      secret: "{{ test_auth_github_secret }}"
+{% endif %}

roles/openshift-apps/flask-oidc-dev/templates/client_secrets.json

@@ -0,0 +1,17 @@
+{
+    "web": {
+        "auth_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization",
+        "client_id": "flask-oidc-dev",
+{% if env == 'staging' %}
+        "client_secret": "{{ flask_oidc_dev_stg_oidc_client_secret }}",
+{% else %}
+        "client_secret": "{{ flask_oidc_dev_oidc_client_secret }}",
+{% endif %}
+        "issuer": "https://id{{env_suffix}}.fedoraproject.org/openidc/",
+        "redirect_uris": [
+            "https://app-flask-oidc-dev.apps.ocp{{env_suffix}}.fedoraproject.org/oidc/oidc_callback"
+        ],
+        "token_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token",
+        "userinfo_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"
+    }
+}

roles/openshift-apps/flask-oidc-dev/templates/config.py

@@ -0,0 +1,18 @@
+#
+# This is the config file for Test Auth as intended to be used in OpenShift
+#
+
+
+# Deployed to a subpath
+# APPLICATION_ROOT = '/test-auth/'
+
+# Cookies
+SECRET_KEY = "{{ flask_oidc_dev_session_secret }}"
+SESSION_COOKIE_NAME = 'flask-oidc-dev'
+SESSION_COOKIE_HTTPONLY = True
+SESSION_COOKIE_SECURE = True
+
+# Auth
+OIDC_CLIENT_SECRETS = "/etc/flask-oidc-dev/oidc.json"
+OPENID_ENDPOINT = "https://id{{ env_suffix }}.fedoraproject.org/openid/"
+FAS_OPENID_ENDPOINT = "https://id{{ env_suffix }}.fedoraproject.org/openid/"

roles/openshift-apps/flask-oidc-dev/templates/configmap.yml

@@ -0,0 +1,17 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: List
+metadata: {}
+items:
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: flask-oidc-dev-config
+    labels:
+      app: flask-oidc-dev
+  data:
+    flask-oidc-dev.cfg: |-
+      {{ load_file('config.py') | indent(6) }}
+    oidc.json: |-
+      {{ load_file('client_secrets.json') | indent(6) }}

roles/openshift-apps/flask-oidc-dev/templates/deploymentconfig.yml

@@ -0,0 +1,59 @@
+apiVersion: apps.openshift.io/v1
+kind: DeploymentConfig
+metadata:
+  name: flask-oidc-dev
+  labels:
+    app: flask-oidc-dev
+spec:
+  replicas: 1
+  selector:
+    app: flask-oidc-dev
+    deploymentconfig: flask-oidc-dev
+  strategy:
+    type: Rolling
+    activeDeadlineSeconds: 21600
+    rollingParams:
+      intervalSeconds: 1
+      maxSurge: 25%
+      maxUnavailable: 25%
+      timeoutSeconds: 600
+      updatePeriodSeconds: 1
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: flask-oidc-dev
+        deploymentconfig: flask-oidc-dev
+    spec:
+      containers:
+        - name: flask-oidc-dev
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+              #protocol: TCP
+          #resources: {}
+          #terminationMessagePath: /dev/termination-log
+          #terminationMessagePolicy: File
+          volumeMounts:
+            - name: flask-oidc-dev-config-volume
+              mountPath: "/etc/flask-oidc-dev"
+              readOnly: true
+          env:
+            - name: TESTAUTH_SETTINGS
+              value: "/etc/flask-oidc-dev/flask-oidc-dev.cfg"
+            # - name: SCRIPT_NAME
+            #   value: "/flask-oidc-dev"
+      volumes:
+        - name: flask-oidc-dev-config-volume
+          configMap:
+            name: flask-oidc-dev-config
+  triggers:
+    - imageChangeParams:
+        automatic: true
+        containerNames:
+          - flask-oidc-dev
+        from:
+          kind: ImageStreamTag
+          name: flask-oidc-dev:latest
+      type: ImageChange
+    - type: ConfigChange

roles/openshift-apps/flask-oidc-dev/templates/secret-webhook.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test-auth-github-webhook-secret
+data:
+  WebHookSecretKey: "{{ (env == 'production')|ternary(test_auth_github_secret, test_auth_stg_github_secret) }}"
+type: Opaque