Puppet Class: profile::oauth2_proxy::oidc

Defined in:
modules/profile/manifests/oauth2_proxy/oidc.pp

Overview

Parameters:

  • upstreams (Array[String[1]])
  • client_id (String[1])
  • client_secret (Sensitive[String[1]])
  • cookie_secret (Sensitive[String[1]])
  • cookie_domain (String[1])
  • redirect_url (Stdlib::HTTPSUrl)
  • email_domain (String[1]) (defaults to: 'wikimedia.org')
  • issuer_url (Stdlib::HTTPSUrl) (defaults to: 'https://idp.wikimedia.org/oidc')
  • listen_address (String[1]) (defaults to: '127.0.0.1:4180')


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'modules/profile/manifests/oauth2_proxy/oidc.pp', line 5

class profile::oauth2_proxy::oidc (
    # lint:ignore:wmf_styleguide
    Array[String[1]] $upstreams,
    String[1] $client_id,
    Sensitive[String[1]] $client_secret,
    Sensitive[String[1]] $cookie_secret,
    String[1] $cookie_domain,
    Stdlib::HTTPSUrl $redirect_url,
    String[1] $email_domain = 'wikimedia.org',
    Stdlib::HTTPSUrl $issuer_url = 'https://idp.wikimedia.org/oidc',
    String[1] $listen_address = '127.0.0.1:4180',
    # lint:endignore
) {
    class { 'oauth2_proxy::oidc':
        upstreams      => $upstreams,
        client_id      => $client_id,
        client_secret  => $client_secret,
        cookie_secret  => $cookie_secret,
        cookie_domain  => $cookie_domain,
        redirect_url   => $redirect_url,
        email_domain   => $email_domain,
        issuer_url     => $issuer_url,
        listen_address => $listen_address,
    }

    $match_idp_location = {
        'header' => 'location',
        'regexp' => '^https://idp.wikimedia.org/oidc/oidcAuthorize.*',
    }

    prometheus::blackbox::check::http { $cookie_domain:
        server_name    => $cookie_domain,
        status_matches => [ 302 ],
        header_matches => [ $match_idp_location ],
        port           => 443,
    }
}