search

solo-io / workshops

Apache License 2.0
127 stars 72 forks source link

Add quotes in the appUrl definitation to fix copy and paste issue. #126

Closed pszeto closed 1 year ago

pszeto commented 2 years ago

The copy and paste when creating a ExtAuthPolicy in the Securing the access with OAuth ends up creating a ExtAuthPolicy without the correctly substitued value for the ENDPOINT_HTTPS_GW_CLUSTER1 appUrl.

k get ExtAuthPolicy --context $CLUSTER1 -n httpbin httpbin -oyaml                                                                                                                      ✔ │ at pszeto-cluster1-gke ⎈ │ at 02:19:00 PM 
apiVersion: security.policy.gloo.solo.io/v2
kind: ExtAuthPolicy
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"security.policy.gloo.solo.io/v2","kind":"ExtAuthPolicy","metadata":{"annotations":{},"name":"httpbin","namespace":"httpbin"},"spec":{"applyToRoutes":[{"route":{"labels":{"oauth":"true"}}}],"config":{"glooAuth":{"configs":[{"oauth2":{"oidcAuthorizationCode":{"appUrl":"https://$\\{ENDPOINT_HTTPS_GW_CLUSTER1\\}","callbackPath":"/callback","clientId":"eeb5c2e9-4a47-4fcf-97df-cca192913668","clientSecretRef":{"name":"oauth","namespace":"httpbin"},"headers":{"idTokenHeader":"jwt"},"issuerUrl":"http://34.121.47.249:8080/auth/realms/master/","scopes":["email"],"session":{"failOnFetchFailure":true,"redis":{"cookieName":"keycloak-session","options":{"host":"redis:6379"}}}}}},{"opaAuth":{"modules":[{"name":"allow-solo-email-users","namespace":"httpbin"}],"query":"data.test.allow == true"}}]},"server":{"cluster":"cluster1","name":"ext-auth-server","namespace":"httpbin"}}}}
  creationTimestamp: "2022-06-24T17:45:49Z"
  generation: 9
  name: httpbin
  namespace: httpbin
  resourceVersion: "804787"
  uid: a9b921c1-36c0-4f9a-93ed-ffbd4d6364f2
spec:
  applyToRoutes:
  - route:
      labels:
        oauth: "true"
  config:
    glooAuth:
      configs:
      - oauth2:
          oidcAuthorizationCode:
            appUrl: https://$\{ENDPOINT_HTTPS_GW_CLUSTER1\}
            callbackPath: /callback
            clientId: eeb5c2e9-4a47-4fcf-97df-cca192913668
            clientSecretRef:
              name: oauth
              namespace: httpbin
            headers:
              idTokenHeader: jwt
            issuerUrl: http://34.121.47.249:8080/auth/realms/master/
            scopes:
            - email
            session:
              failOnFetchFailure: true
              redis:
                cookieName: keycloak-session
                options:
                  host: redis:6379
      - opaAuth:
          modules:
          - name: allow-solo-email-users
            namespace: httpbin
          query: data.test.allow == true
    server:
      cluster: cluster1
      name: ext-auth-server
      namespace: httpbin
status:
  global:
    state: ACCEPTED
  selectedRoutes:
  - routeName: httpbin-httpbin
    routeTable:
      cluster: cluster1
      name: httpbin
      namespace: httpbin
jmunozro commented 1 year ago

Closed as this code is now in master (it was probably included in another code change?)