From 49d0ae71df92c5a06e599496f65a91979e2aaaa0 Mon Sep 17 00:00:00 2001 From: pgvishnuram <81585115+pgvishnuram@users.noreply.github.com> Date: Mon, 24 Jun 2024 00:16:09 +0530 Subject: [PATCH] remove auth headers for dag server auth sidecar (#508) * create new location for dag server * update test data * use common headers for reusable headers --- templates/_helpers.yaml | 13 ++++++++----- templates/flower/flower-auth-sidecar-configmap.yaml | 1 + .../webserver/webserver-auth-sidecar-configmap.yaml | 2 +- .../test_data/dag-server-authsidecar-nginx.conf | 6 ------ 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/templates/_helpers.yaml b/templates/_helpers.yaml index 79336bed..5e707ab6 100644 --- a/templates/_helpers.yaml +++ b/templates/_helpers.yaml @@ -129,17 +129,20 @@ proxy_ssl_server_name on; proxy_pass_request_headers on; {{ end }} -{{ define "default_nginx_settings_location" }} -auth_request /auth; -auth_request_set $auth_status $upstream_status; -auth_request_set $auth_cookie $upstream_http_set_cookie; -add_header Set-Cookie $auth_cookie; +{{ define "default_nginx_auth_headers" }} auth_request_set $authHeader0 $upstream_http_authorization; proxy_set_header 'authorization' $authHeader0; auth_request_set $authHeader1 $upstream_http_username; proxy_set_header 'username' $authHeader1; auth_request_set $authHeader2 $upstream_http_email; proxy_set_header 'email' $authHeader2; +{{ end }} + +{{ define "default_nginx_settings_location" }} +auth_request /auth; +auth_request_set $auth_status $upstream_status; +auth_request_set $auth_cookie $upstream_http_set_cookie; +add_header Set-Cookie $auth_cookie; error_page 401 = @401_auth_error; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'connection_upgrade'; diff --git a/templates/flower/flower-auth-sidecar-configmap.yaml b/templates/flower/flower-auth-sidecar-configmap.yaml index 78e3b7a4..a4ed5ce4 100644 --- a/templates/flower/flower-auth-sidecar-configmap.yaml +++ b/templates/flower/flower-auth-sidecar-configmap.yaml @@ -43,6 +43,7 @@ data: location ~* "^/{{ .Release.Name }}/flower(/|$)(.*)" { {{ include "default_nginx_settings_location" . | indent 8 }} +{{ include "default_nginx_auth_headers" . | indent 8 }} if ($host = '{{ .Values.platform.release }}-flower.{{ .Values.ingress.baseDomain }}' ) { rewrite ^ https://deployments.{{ .Values.ingress.baseDomain }}/{{ .Release.Name }}/flower permanent; diff --git a/templates/webserver/webserver-auth-sidecar-configmap.yaml b/templates/webserver/webserver-auth-sidecar-configmap.yaml index 8561c570..980311d6 100644 --- a/templates/webserver/webserver-auth-sidecar-configmap.yaml +++ b/templates/webserver/webserver-auth-sidecar-configmap.yaml @@ -49,7 +49,7 @@ data: location / { {{ include "default_nginx_settings_location" . | indent 8 }} - +{{ include "default_nginx_auth_headers" . | indent 8 }} #proxy_set_header X-Original-URI $request_uri; if ($host = '{{ .Values.platform.release }}-airflow.{{ .Values.ingress.baseDomain }}' ) { diff --git a/tests/chart/test_data/dag-server-authsidecar-nginx.conf b/tests/chart/test_data/dag-server-authsidecar-nginx.conf index 0f17b910..0a02b2d2 100644 --- a/tests/chart/test_data/dag-server-authsidecar-nginx.conf +++ b/tests/chart/test_data/dag-server-authsidecar-nginx.conf @@ -52,12 +52,6 @@ http { auth_request_set $auth_status $upstream_status; auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; - auth_request_set $authHeader0 $upstream_http_authorization; - proxy_set_header 'authorization' $authHeader0; - auth_request_set $authHeader1 $upstream_http_username; - proxy_set_header 'username' $authHeader1; - auth_request_set $authHeader2 $upstream_http_email; - proxy_set_header 'email' $authHeader2; error_page 401 = @401_auth_error; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'connection_upgrade';