Puppet Class: profile::oauth2_proxy::oidc

Defined in:

modules/profile/manifests/oauth2_proxy/oidc.pp

Overview

Parameters:

• upstreams (Array[String[1]])
• client_id (String[1])
• client_secret (Sensitive[String[1]])
• cookie_secret (Sensitive[String[1]])
• cookie_domain (String[1])
• redirect_url (Stdlib::HTTPSUrl)
• email_domain (String[1]) (defaults to: '*')
• issuer_url (Stdlib::HTTPSUrl) (defaults to: 'https://idp.wikimedia.org/oidc')
• listen_address (String[1]) (defaults to: '127.0.0.1:4180')
• skip_auth_routes (Array[String]) (defaults to: [])

# File 'modules/profile/manifests/oauth2_proxy/oidc.pp', line 5

class profile::oauth2_proxy::oidc (
    # lint:ignore:wmf_styleguide
    Array[String[1]] $upstreams,
    String[1] $client_id,
    Sensitive[String[1]] $client_secret,
    Sensitive[String[1]] $cookie_secret,
    String[1] $cookie_domain,
    Stdlib::HTTPSUrl $redirect_url,
    String[1] $email_domain = '*',
    Stdlib::HTTPSUrl $issuer_url = 'https://idp.wikimedia.org/oidc',
    String[1] $listen_address = '127.0.0.1:4180',
    Array[String] $skip_auth_routes = [],
    # lint:endignore
) {
    class { 'oauth2_proxy::oidc':
        upstreams        => $upstreams,
        client_id        => $client_id,
        client_secret    => $client_secret,
        cookie_secret    => $cookie_secret,
        cookie_domain    => $cookie_domain,
        redirect_url     => $redirect_url,
        email_domain     => $email_domain,
        issuer_url       => $issuer_url,
        listen_address   => $listen_address,
        skip_auth_routes => $skip_auth_routes,
    }

    $match_idp_location = {
        'header' => 'location',
        'regexp' => '^https://idp.wikimedia.org/oidc/oidcAuthorize.*',
    }

    prometheus::blackbox::check::http { $cookie_domain:
        server_name    => $cookie_domain,
        status_matches => [ 302 ],
        header_matches => [ $match_idp_location ],
        port           => 443,
    }
}