keycloak: fix logs oauth2 cookie secret
This commit is contained in:
parent
b9383c9709
commit
7a9cf1df98
@ -2,7 +2,7 @@
|
|||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
name: logs-oidc-secret-ensure-1
|
name: logs-oidc-secret-ensure-2
|
||||||
namespace: sso
|
namespace: sso
|
||||||
spec:
|
spec:
|
||||||
backoffLimit: 0
|
backoffLimit: 0
|
||||||
@ -74,10 +74,17 @@ spec:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if kubectl -n logging get secret oauth2-proxy-logs-oidc >/dev/null 2>&1; then
|
if kubectl -n logging get secret oauth2-proxy-logs-oidc >/dev/null 2>&1; then
|
||||||
exit 0
|
current_cookie="$(kubectl -n logging get secret oauth2-proxy-logs-oidc -o jsonpath='{.data.cookie_secret}' 2>/dev/null || true)"
|
||||||
|
if [ -n "${current_cookie}" ]; then
|
||||||
|
decoded="$(printf '%s' "${current_cookie}" | base64 -d 2>/dev/null || true)"
|
||||||
|
length="$(printf '%s' "${decoded}" | wc -c | tr -d ' ')"
|
||||||
|
if [ "${length}" = "16" ] || [ "${length}" = "24" ] || [ "${length}" = "32" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
COOKIE_SECRET="$(openssl rand -base64 32 | tr -d '\n')"
|
COOKIE_SECRET="$(openssl rand -hex 16 | tr -d '\n')"
|
||||||
kubectl -n logging create secret generic oauth2-proxy-logs-oidc \
|
kubectl -n logging create secret generic oauth2-proxy-logs-oidc \
|
||||||
--from-literal=client_id="logs" \
|
--from-literal=client_id="logs" \
|
||||||
--from-literal=client_secret="${CLIENT_SECRET}" \
|
--from-literal=client_secret="${CLIENT_SECRET}" \
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user