Puppet Class: oauth2_proxy::oidc

Defined in:
modules/oauth2_proxy/manifests/oidc.pp

Overview

Parameters:

  • upstreams (Array[String[1]])
  • client_id (String[1])
  • client_secret (Sensitive[String[1]])
  • cookie_secret (Sensitive[String[1]])
  • cookie_domain (String[1])
  • redirect_url (Stdlib::HTTPSUrl)
  • email_domain (String[1]) (defaults to: '*')
  • issuer_url (Stdlib::HTTPSUrl) (defaults to: 'https://idp.wikimedia.org/oidc')
  • listen_address (String[1]) (defaults to: '127.0.0.1:4180')
  • skip_auth_routes (Array[String]) (defaults to: []) 


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'modules/oauth2_proxy/manifests/oidc.pp', line 16

class oauth2_proxy::oidc (
    Array[String[1]] $upstreams,
    String[1] $client_id,
    Sensitive[String[1]] $client_secret,
    Sensitive[String[1]] $cookie_secret,
    String[1] $cookie_domain,
    Stdlib::HTTPSUrl $redirect_url,
    String[1] $email_domain = '*',
    Stdlib::HTTPSUrl $issuer_url = 'https://idp.wikimedia.org/oidc',
    String[1] $listen_address = '127.0.0.1:4180',
    Array[String] $skip_auth_routes = [],
) {
    ensure_packages(['oauth2-proxy'])

    if ! ($cookie_secret.unwrap.length in [16, 24, 32]) {
        fail('Cookie secret length must be 16, 24 or 32 bytes')
    }

    service { 'oauth2-proxy':
        ensure => running,
    }

    file { '/etc/oauth2-proxy.cfg':
        ensure    => present,
        owner     => 'oauth2-proxy',
        group     => 'root',
        mode      => '0440',
        content   => template('oauth2_proxy/oidc.erb'),
        notify    => Service['oauth2-proxy'],
        show_diff => false,
        require   => Package['oauth2-proxy'],
    }
}