Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update aws-authservice #669

Merged
merged 2 commits into from
Apr 12, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion awsconfigs/common/aws-authservice/base/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ resources:
images:
- name: public.ecr.aws/c9e4w0g3/cognito/aws-authservice
newName: public.ecr.aws/c9e4w0g3/cognito/aws-authservice
newTag: v1.0.0
newTag: v2.0.0
configMapGenerator:
- name: authservice-config
env: params.env
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
http:
- match:
- uri:
prefix: /logout
prefix: /authservice/logout
route:
- destination:
host: aws-authservice.istio-system.svc.cluster.local
Expand Down
24 changes: 3 additions & 21 deletions charts/common/aws-authservice/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,24 +1,6 @@
apiVersion: v2
name: aws-authservice
appVersion: v2.0.0
description: A Helm chart for Kubernetes

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
name: aws-authservice
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v0.1.0"
version: 0.2.0
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ data:
LOGOUT_URL: {{ .Values.LOGOUT_URL }}
kind: ConfigMap
metadata:
name: authservice-config-ck6577dfkd
name: authservice-config-c9f7d7t7db
namespace: istio-system
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ spec:
valueFrom:
configMapKeyRef:
key: LOGOUT_URL
name: authservice-config-ck6577dfkd
image: public.ecr.aws/c9e4w0g3/cognito/aws-authservice:v1.0.0
name: authservice-config-c9f7d7t7db
ryansteakley marked this conversation as resolved.
Show resolved Hide resolved
image: public.ecr.aws/c9e4w0g3/cognito/aws-authservice:v2.0.0
imagePullPolicy: IfNotPresent
name: aws-authservice
ports:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
http:
- match:
- uri:
prefix: /logout
prefix: /authservice/logout
route:
- destination:
host: aws-authservice.istio-system.svc.cluster.local
Expand Down
24 changes: 19 additions & 5 deletions components/aws-authservice/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
package main

import (
"encoding/json"
"fmt"
"log"
"net/http"
Expand All @@ -36,23 +37,36 @@ func init() {
// LogoutHandler expires ALB Cookies and redirects to Cognito Logout Endpoint
func LogoutHandler(w http.ResponseWriter, r *http.Request) {
log.Println("Traffic reached LogoutHandler")

// There are 4 possible AWSELBAuthSessionCookies
// https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#authentication-logout
for cookieIndex := 0; cookieIndex < 4; cookieIndex++ {
name := fmt.Sprintf("AWSELBAuthSessionCookie-%s", strconv.Itoa(cookieIndex))
expireALBCookie := &http.Cookie{Value: "Expired", Name: name, MaxAge: -1, Path: "/"}
http.SetCookie(w, expireALBCookie)
}
http.Redirect(w, r, redirectURL, http.StatusSeeOther)

// Central Dashboard expects to redirect to event.detail.response['afterLogoutURL']) after logout
// https://github.com/kubeflow/kubeflow/blob/master/components/centraldashboard/public/components/logout-button.js#L49
resp := struct {
AfterLogoutURL string `json:"afterLogoutURL"`
}{
AfterLogoutURL: redirectURL,
}
jsonBytes, err := json.Marshal(resp)
if err != nil {
log.Println("Failed to marshal struct to json: %v", err)
}

w.Write(jsonBytes)

http.Redirect(w, r, redirectURL, http.StatusCreated)
}

func main() {

router := mux.NewRouter()
router.HandleFunc("/logout", LogoutHandler).Methods(http.MethodGet)

router.HandleFunc("/authservice/logout", LogoutHandler).Methods(http.MethodPost)
var listenPort = ":" + port
log.Println("Starting web server at", listenPort)
log.Fatal(http.ListenAndServe(listenPort, handlers.CORS()(router)))
log.Println(http.ListenAndServe(listenPort, handlers.CORS()(router)))
}
4 changes: 2 additions & 2 deletions tools/helmify/src/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -336,8 +336,8 @@ aws-authservice:
kustomization_paths:
- awsconfigs/common/aws-authservice/base
output_helm_chart_path: charts/common/aws-authservice
version: 0.1.0
app_version: v0.1.0
version: 0.2.0
app_version: v2.0.0
params:
template_paths:
- tools/helmify/template/aws-authservice/params.env
Expand Down