@@ -778,66 +778,69 @@ func (as *AmaltheaSession) Secret() v1.Secret {
778778 return secret
779779 }
780780
781- pathPrefix := as .ingressPathPrefix ()
782- sessionURL := as .GetURL ()
783- pathPrefixURL := url.URL {Host : sessionURL .Host , Path : pathPrefix , Scheme : sessionURL .Scheme }
784- cookieSecret := make ([]byte , 32 )
785- _ , err := rand .Read (cookieSecret )
786- if err != nil {
787- // NOTE: Read cannot panic except for on legacy Linux systems
788- // See: https://pkg.go.dev/crypto/rand#Read
789- panic (err )
790- }
791- oldConfigLines := []string {
792- "session_cookie_minimal = true" ,
793- "skip_provider_button = true" ,
794- fmt .Sprintf ("redirect_url = \" %s\" " , pathPrefixURL .JoinPath ("oauth2/callback" ).String ()),
795- fmt .Sprintf ("cookie_path = \" %s\" " , pathPrefix ),
796- fmt .Sprintf ("proxy_prefix = \" %soauth2\" " , pathPrefix ),
797- "authenticated_emails_file = \" /authorized_emails\" " ,
798- fmt .Sprintf ("cookie_secret = \" %s\" " , base64 .URLEncoding .EncodeToString (cookieSecret )),
799- }
800- upstreamPort := secondProxyPort
801- upstreamConfig := map [string ]any {
802- "upstreams" : []map [string ]any {
803- {
804- "id" : "amalthea-upstream" ,
805- "path" : pathPrefix ,
806- "uri" : fmt .Sprintf ("http://127.0.0.1:%d" , upstreamPort ),
807- "insecureSkipTLSVerify" : true ,
808- "passHostHeader" : true ,
809- "proxyWebSockets" : true ,
781+ // Skip the 'oidc' configuration if it is not needed
782+ if as .Spec .Authentication .Type == Oidc {
783+ pathPrefix := as .ingressPathPrefix ()
784+ sessionURL := as .GetURL ()
785+ pathPrefixURL := url.URL {Host : sessionURL .Host , Path : pathPrefix , Scheme : sessionURL .Scheme }
786+ cookieSecret := make ([]byte , 32 )
787+ _ , err := rand .Read (cookieSecret )
788+ if err != nil {
789+ // NOTE: Read cannot panic except for on legacy Linux systems
790+ // See: https://pkg.go.dev/crypto/rand#Read
791+ panic (err )
792+ }
793+ oldConfigLines := []string {
794+ "session_cookie_minimal = true" ,
795+ "skip_provider_button = true" ,
796+ fmt .Sprintf ("redirect_url = \" %s\" " , pathPrefixURL .JoinPath ("oauth2/callback" ).String ()),
797+ fmt .Sprintf ("cookie_path = \" %s\" " , pathPrefix ),
798+ fmt .Sprintf ("proxy_prefix = \" %soauth2\" " , pathPrefix ),
799+ "authenticated_emails_file = \" /authorized_emails\" " ,
800+ fmt .Sprintf ("cookie_secret = \" %s\" " , base64 .URLEncoding .EncodeToString (cookieSecret )),
801+ }
802+ upstreamPort := secondProxyPort
803+ upstreamConfig := map [string ]any {
804+ "upstreams" : []map [string ]any {
805+ {
806+ "id" : "amalthea-upstream" ,
807+ "path" : pathPrefix ,
808+ "uri" : fmt .Sprintf ("http://127.0.0.1:%d" , upstreamPort ),
809+ "insecureSkipTLSVerify" : true ,
810+ "passHostHeader" : true ,
811+ "proxyWebSockets" : true ,
812+ },
810813 },
811- },
812- }
813- newConfig := map [string ]any {
814- "providers" : [] map [ string ] any {
815- {
816- "clientID " : "${OIDC_CLIENT_ID }" ,
817- "clientSecret " : "${OIDC_CLIENT_SECRET} " ,
818- "id " : "amalthea- oidc" ,
819- "provider " : "oidc" ,
820- "oidcConfig " : map [ string ] any {
821- "insecureSkipNonce " : false ,
822- "issuerURL " : "${OIDC_ISSUER_URL }" ,
823- "insecureAllowUnverifiedEmail " : "${ALLOW_UNVERIFIED_EMAILS} " ,
824- "emailClaim " : "email" ,
825- "audienceClaims" : [] string { "aud" },
814+ }
815+ newConfig := map [ string ] any {
816+ "providers" : [] map [string ]any {
817+ {
818+ "clientID" : "${OIDC_CLIENT_ID}" ,
819+ "clientSecret " : "${OIDC_CLIENT_SECRET }" ,
820+ "id " : "amalthea-oidc " ,
821+ "provider " : " oidc" ,
822+ "oidcConfig " : map [ string ] any {
823+ "insecureSkipNonce " : false ,
824+ "issuerURL " : "${OIDC_ISSUER_URL}" ,
825+ "insecureAllowUnverifiedEmail " : "${ALLOW_UNVERIFIED_EMAILS }" ,
826+ "emailClaim " : "email " ,
827+ "audienceClaims " : [] string { "aud" } ,
828+ },
826829 },
827830 },
828- },
829- "server" : map [string ]string {
830- "bindAddress" : fmt .Sprintf ("0.0.0.0:%d" , authenticatedPort ),
831- },
832- "upstreamConfig" : upstreamConfig ,
833- }
834- newConfigStr , err := yaml .Marshal (newConfig )
835- if err != nil {
836- panic (err )
837- }
831+ "server" : map [string ]string {
832+ "bindAddress" : fmt .Sprintf ("0.0.0.0:%d" , authenticatedPort ),
833+ },
834+ "upstreamConfig" : upstreamConfig ,
835+ }
836+ newConfigStr , err := yaml .Marshal (newConfig )
837+ if err != nil {
838+ panic (err )
839+ }
838840
839- secret .StringData ["oauth2-proxy-alpha-config.yaml" ] = string (newConfigStr )
840- secret .StringData ["oauth2-proxy-config.yaml" ] = strings .Join (oldConfigLines , "\n " )
841+ secret .StringData ["oauth2-proxy-alpha-config.yaml" ] = string (newConfigStr )
842+ secret .StringData ["oauth2-proxy-config.yaml" ] = strings .Join (oldConfigLines , "\n " )
843+ }
841844
842845 if tunnelSecret != "" {
843846 secret .StringData ["WSTUNNEL_SECRET" ] = tunnelSecret
0 commit comments