remove auth headers for dag server auth sidecar (#508)

* create new location for dag server * update test data * use common headers for reusable headers
astronomer · Jun 23, 2024 · 49d0ae7 · 49d0ae7
1 parent 813d2df
commit 49d0ae7
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 12 deletions.
diff --git a/templates/_helpers.yaml b/templates/_helpers.yaml
@@ -129,17 +129,20 @@ proxy_ssl_server_name       on;
 proxy_pass_request_headers  on;
 {{ end }}
 
-{{ define "default_nginx_settings_location" }}
-auth_request     /auth;
-auth_request_set $auth_status $upstream_status;
-auth_request_set $auth_cookie $upstream_http_set_cookie;
-add_header       Set-Cookie $auth_cookie;
+{{ define "default_nginx_auth_headers" }}
 auth_request_set $authHeader0 $upstream_http_authorization;
 proxy_set_header 'authorization' $authHeader0;
 auth_request_set $authHeader1 $upstream_http_username;
 proxy_set_header 'username' $authHeader1;
 auth_request_set $authHeader2 $upstream_http_email;
 proxy_set_header 'email' $authHeader2;
+{{ end }}
+
+{{ define "default_nginx_settings_location" }}
+auth_request     /auth;
+auth_request_set $auth_status $upstream_status;
+auth_request_set $auth_cookie $upstream_http_set_cookie;
+add_header       Set-Cookie $auth_cookie;
 error_page 401 = @401_auth_error;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection 'connection_upgrade';

diff --git a/templates/flower/flower-auth-sidecar-configmap.yaml b/templates/flower/flower-auth-sidecar-configmap.yaml
@@ -43,6 +43,7 @@ data:
 
         location ~* "^/{{ .Release.Name }}/flower(/|$)(.*)"  {
 {{ include "default_nginx_settings_location" . | indent 8  }}
+{{ include "default_nginx_auth_headers" . | indent 8 }}
 
           if ($host = '{{ .Values.platform.release }}-flower.{{ .Values.ingress.baseDomain }}' ) {
             rewrite ^ https://deployments.{{ .Values.ingress.baseDomain }}/{{ .Release.Name }}/flower permanent;

diff --git a/templates/webserver/webserver-auth-sidecar-configmap.yaml b/templates/webserver/webserver-auth-sidecar-configmap.yaml
@@ -49,7 +49,7 @@ data:
 
         location / {
 {{ include "default_nginx_settings_location" . | indent 8  }}
-
+{{ include "default_nginx_auth_headers" . | indent 8 }}
 
           #proxy_set_header X-Original-URI        $request_uri;
           if ($host = '{{ .Values.platform.release }}-airflow.{{ .Values.ingress.baseDomain }}' ) {

diff --git a/tests/chart/test_data/dag-server-authsidecar-nginx.conf b/tests/chart/test_data/dag-server-authsidecar-nginx.conf
@@ -52,12 +52,6 @@ http {
     auth_request_set $auth_status $upstream_status;
     auth_request_set $auth_cookie $upstream_http_set_cookie;
     add_header       Set-Cookie $auth_cookie;
-    auth_request_set $authHeader0 $upstream_http_authorization;
-    proxy_set_header 'authorization' $authHeader0;
-    auth_request_set $authHeader1 $upstream_http_username;
-    proxy_set_header 'username' $authHeader1;
-    auth_request_set $authHeader2 $upstream_http_email;
-    proxy_set_header 'email' $authHeader2;
     error_page 401 = @401_auth_error;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'connection_upgrade';