This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/providers/app_gw/views.py

98 lines
3.5 KiB
Python

"""passbook app_gw views"""
import string
from random import SystemRandom
from urllib.parse import urlparse
from django.contrib.auth.mixins import LoginRequiredMixin
from django.db.models import Model
from django.http import HttpRequest, HttpResponse
from django.shortcuts import get_object_or_404, render, reverse
from django.views import View
from guardian.shortcuts import get_objects_for_user
from structlog import get_logger
from yaml import safe_dump
from passbook import __version__
from passbook.core.models import User
from passbook.providers.app_gw.models import ApplicationGatewayProvider
ORIGINAL_URL = "HTTP_X_ORIGINAL_URL"
LOGGER = get_logger()
def get_object_for_user_or_404(user: User, perm: str, **filters) -> Model:
"""Wrapper that combines get_objects_for_user and get_object_or_404"""
return get_object_or_404(get_objects_for_user(user, perm), **filters)
def get_cookie_secret():
"""Generate random 32-character string for cookie-secret"""
return "".join(
SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32)
)
class DockerComposeView(LoginRequiredMixin, View):
"""Generate docker-compose yaml"""
def get_compose(self, provider: ApplicationGatewayProvider) -> str:
"""Generate docker-compose yaml, version 3.5"""
full_issuer_user = self.request.build_absolute_uri(
reverse("passbook_providers_oidc:authorize")
)
env = {
"OAUTH2_PROXY_CLIENT_ID": provider.client.client_id,
"OAUTH2_PROXY_CLIENT_SECRET": provider.client.client_secret,
"OAUTH2_PROXY_REDIRECT_URL": f"{provider.external_host}/oauth2/callback",
"OAUTH2_PROXY_OIDC_ISSUER_URL": full_issuer_user,
"OAUTH2_PROXY_COOKIE_SECRET": get_cookie_secret(),
"OAUTH2_PROXY_UPSTREAMS": provider.internal_host,
}
if urlparse(provider.external_host).scheme != "https":
env["OAUTH2_PROXY_COOKIE_SECURE"] = "false"
compose = {
"version": "3.5",
"services": {
"passbook_gatekeeper": {
"image": f"beryju/passbook-gatekeeper:{__version__}",
"ports": ["4180:4180"],
"environment": env,
}
},
}
return safe_dump(compose, default_flow_style=False)
def get(self, request: HttpRequest, provider_pk: int) -> HttpResponse:
"""Render docker-compose file"""
provider: ApplicationGatewayProvider = get_object_for_user_or_404(
request.user,
"passbook_providers_app_gw.view_applicationgatewayprovider",
pk=provider_pk,
)
response = HttpResponse()
response.content_type = "application/x-yaml"
response.content = self.get_compose(provider.pk)
return response
class K8sManifestView(LoginRequiredMixin, View):
"""Generate K8s Deployment and SVC for gatekeeper"""
def get(self, request: HttpRequest, provider_pk: int) -> HttpResponse:
"""Render deployment template"""
provider: ApplicationGatewayProvider = get_object_for_user_or_404(
request.user,
"passbook_providers_app_gw.view_applicationgatewayprovider",
pk=provider_pk,
)
return render(
request,
"app_gw/k8s-manifest.yaml",
{
"provider": provider,
"cookie_secret": get_cookie_secret(),
"version": __version__,
},
content_type="text/yaml",
)