Merge branch...

Merge branch '266-authservice-redirect-urls-dont-respect-virtual-service-name-overrides' into 'master'

Resolve "Authservice Redirect URLs dont respect virtual service name overrides"

Closes #266

See merge request platform-one/big-bang/bigbang!350

chart/templates/authservice/values.yaml

@@ -36,27 +36,49 @@ chains:
   jaeger:
     match:
       header: ":authority"
+    {{- $jaegerValues := .Values.jaeger.values | default dict }}
+    {{- $jaegerIstioValues := $jaegerValues.istio | default dict }}
+    {{- $jaegerHostValues := $jaegerIstioValues.jaeger | default dict}}
+    {{- if hasKey $jaegerHostValues "hosts" }}
+      prefix: {{ range .Values.jaeger.values.istio.jaeger.hosts }}{{ tpl . $}}{{ end }}
+    callback_uri: https://{{ range .Values.jaeger.values.istio.jaeger.hosts }}{{ tpl . $}}{{ end }}/login
+    {{- else }}
       prefix: "tracing"
+    callback_uri: https://tracing.{{ .Values.hostname }}/login
+    {{- end }}
     client_id: "{{ .Values.jaeger.sso.client_id }}"
     client_secret: "{{ .Values.jaeger.sso.client_secret }}"
-    callback_uri: https://tracing.{{ .Values.hostname }}/login
   {{- end }}
 
   {{- if .Values.monitoring.sso.enabled }}
   prometheus:
     match:
       header: ":authority"
+    {{- $monitoringValues := .Values.monitoring.values | default dict }}
+    {{- $monitoringIstioValues := $monitoringValues.istio | default dict }}
+    {{- $prometheusHostValues := $monitoringIstioValues.prometheus | default dict}}
+    {{- if hasKey $prometheusHostValues "hosts" }}
+      prefix: {{ range .Values.monitoring.values.istio.prometheus.hosts }}{{ tpl . $}}{{ end }}
+    callback_uri: https://{{ range .Values.monitoring.values.istio.prometheus.hosts }}{{ tpl . $}}{{ end }}/login/generic_oauth
+    {{- else }}
       prefix: "prometheus"
+    callback_uri: https://prometheus.{{ .Values.hostname }}/login/generic_oauth
+    {{- end }}
     client_id: {{ .Values.monitoring.sso.prometheus.client_id }}
     client_secret: "{{ .Values.monitoring.sso.prometheus.client_secret }}"
-    callback_uri: https://prometheus.{{ .Values.hostname }}/login/generic_oauth
 
   alertmanager:
     match:
       header: ":authority"
+    {{- $alertmanagerHostValues := $monitoringIstioValues.alertmanager | default dict}}
+    {{- if hasKey $alertmanagerHostValues "hosts" }}
+      prefix: {{ range .Values.monitoring.values.istio.alertmanager.hosts }}{{ tpl . $}}{{ end }}
+    callback_uri: https://{{ range .Values.monitoring.values.istio.alertmanager.hosts }}{{ tpl . $}}{{ end }}/login/generic_oauth
+    {{- else }}
       prefix: "alertmanager"
+    callback_uri: https://alertmanager.{{ .Values.hostname }}/login/generic_oauth
+    {{- end }}
     client_id: {{ .Values.monitoring.sso.alertmanager.client_id }}
     client_secret: "{{ .Values.monitoring.sso.alertmanager.client_secret }}"
-    callback_uri: https://alertmanager.{{ .Values.hostname }}/login/generic_oauth
   {{- end }}
 {{- end -}}

chart/templates/haproxy/values.yaml

@@ -65,8 +65,20 @@ config: |
     unique-id-format %{+X}o\ 1-%[date,hex,bytes(8,8),lower]-%[capture.req.hdr(3)]
     http-request set-header X-Amzn-Trace-Id Root=%[unique-id,lower]
     bind :8080
+    {{- $monitoringValues := .Values.monitoring.values | default dict }}
+    {{- $monitoringIstioValues := $monitoringValues.istio | default dict }}
+    {{- $prometheusHostValues := $monitoringIstioValues.prometheus | default dict}}
+    {{- $alertmanagerHostValues := $monitoringIstioValues.alertmanager | default dict}}
+    {{- if hasKey $alertmanagerHostValues "hosts" }}
+    acl host_alertmanager hdr(host) -i {{ range .Values.monitoring.values.istio.alertmanager.hosts }}{{ tpl . $}}{{ end }}
+    {{- else }}
     acl host_alertmanager hdr(host) -i alertmanager.{{ .Values.hostname }}
+    {{- end }}
+    {{- if hasKey $prometheusHostValues "hosts" }}
+    acl host_prometheus hdr(host) -i {{ range .Values.monitoring.values.istio.prometheus.hosts }}{{ tpl . $}}{{ end }}
+    {{- else }}
     acl host_prometheus hdr(host) -i prometheus.{{ .Values.hostname }}
+    {{- end }}
 
     option forwardfor
     use_backend alertmanager_main if host_alertmanager

chart/values.yaml

@@ -56,7 +56,7 @@ sso:
     realm: baby-yoda
 
   # -- Keycloak's certificate authority (unencoded) used by authservice to support SSO for various packages
-  certificate_authority: ""
+  certificate_authority: ''
 
   # -- Keycloak realm's json web key uri, obtained through https://<keycloak-server>/auth/realms/<realm>/.well-known/openid-configuration
   jwks: ""