From be3ba04046353c63c923b149436409ede6dfbe7a Mon Sep 17 00:00:00 2001 From: Bruno Oliveira da Silva <bruno@abstractj.org> Date: Wed, 12 Dec 2018 12:15:10 -0200 Subject: [PATCH] [KEYCLOAK-9071] Move kube and Dockerfile content from Gatekeeper repository --- Dockerfile | 15 -------------- doc.go | 6 +++--- kube/forward.yml | 36 -------------------------------- kube/reverse.yml | 54 ------------------------------------------------ 4 files changed, 3 insertions(+), 108 deletions(-) delete mode 100644 Dockerfile delete mode 100644 kube/forward.yml delete mode 100644 kube/reverse.yml diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 081fa17..0000000 --- a/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM alpine:3.7 - -LABEL Name=keycloak-gatekeeper \ - Release=https://github.com/keycloak/keycloak-gatekeeper \ - Url=https://github.com/keycloak/keycloak-gatekeeper \ - Help=https://github.com/keycloak/keycloak-gatekeeper/issues - -RUN apk add --no-cache ca-certificates - -ADD templates/ /opt/templates -ADD bin/keycloak-gatekeeper /opt/keycloak-gatekeeper - -WORKDIR "/opt" - -ENTRYPOINT [ "/opt/keycloak-gatekeeper" ] diff --git a/doc.go b/doc.go index abedb0e..ca1d97d 100644 --- a/doc.go +++ b/doc.go @@ -35,8 +35,8 @@ var ( const ( prog = "keycloak-gatekeeper" - author = "Rohith Jayawardene" - email = "gambol99@gmail.com" + author = "Keycloak" + email = "keycloak-user@lists.jboss.org" description = "is a proxy using the keycloak service for auth and authorization" authorizationHeader = "Authorization" @@ -287,7 +287,7 @@ type Config struct { // EncryptionKey is the encryption key used to encrypt the refresh token EncryptionKey string `json:"encryption-key" yaml:"encryption-key" usage:"encryption key used to encryption the session state" env:"ENCRYPTION_KEY"` - // InvalidAuthRedirectsWith303 will make requests with invalid auth headers redirect using HTTP 303 instead of HTTP 307. See github.com/gambol99/keycloak-gatekeeper/issues/292 for context. + // InvalidAuthRedirectsWith303 will make requests with invalid auth headers redirect using HTTP 303 instead of HTTP 307. See github.com/keycloak/keycloak-gatekeeper/issues/292 for context. InvalidAuthRedirectsWith303 bool `json:"invalid-auth-redirects-with-303" yaml:"invalid-auth-redirects-with-303" usage:"use HTTP 303 redirects instead of 307 for invalid auth tokens"` // NoRedirects informs we should hand back a 401 not a redirect NoRedirects bool `json:"no-redirects" yaml:"no-redirects" usage:"do not have back redirects when no authentication is present, 401 them"` diff --git a/kube/forward.yml b/kube/forward.yml deleted file mode 100644 index 027ee05..0000000 --- a/kube/forward.yml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: proxy -spec: - replicas: 1 - template: - metadata: - labels: - name: proxy - annotations: - repository: https://github.com/keycloak/keycloak-gatekeeper - spec: - containers: - - name: proxy - image: docker.io/jboss/keycloak/keycloak-gatekeeper:latest - imagePullPolicy: Always - args: - - --config /etc/secrets/forwarding.yml - - --discovery-url https://sso.example.com/auth/realms/hod-test - - --client-id broker - - --client-secret - - --listen 127.0.0.1:3000 - - --enable-forwarding=true - - --forwarding-username=username - - --forwarding-password=password - - --enable-logging=true - - --enable-json-logging true - - --verbose true - volumeMounts: - - name: secrets - mountPath: /etc/secrets - volumes: - - name: secrets - secret: - secretName: config diff --git a/kube/reverse.yml b/kube/reverse.yml deleted file mode 100644 index ab06a73..0000000 --- a/kube/reverse.yml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: proxy -spec: - replicas: 1 - template: - metadata: - labels: - name: proxy - annotations: - repository: https://github.com/keycloak/keycloak-gatekeeper - spec: - securityContext: - fsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - volumes: - - name: certs - secret: - secretName: tls - containers: - - name: proxy - image: docker.io/jboss/keycloak/keycloak-gatekeeper:latest - imagePullPolicy: Always - args: - - --client-id=broker - - --discovery-url=https://sso.example.com/auth/realms/hod-test - - --enable-default-deny=false - - --enable-json-logging=true - - --enable-logging=true - - --enable-request-id=true - - --enable-security-filter=true - - --http-only-cookie=true - - --listen=127.0.0.1:3000 - - --preserve-host=true - - --redirection-url=https://www.example.com - - --resources=uri=/admin/*|roles=admin - - --skip-client-id=true - - --tls-cert=/certs/tls.pem - - --tls-private-key=/certs/tls-key.pem - - --upstream-url=http://127.0.0.1:8080 - env: - - name: PROXY_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: openid - key: client.secret - securityContext: - readOnlyRootFilesystem: true - volumeMounts: - - name: certs - mountPath: /certs - readOnly: true -- GitLab