Add environment variables and log discovered values

Dougley · Apr 1, 2024 · d8096f7 · d8096f7
1 parent 53cc96c
commit d8096f7
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 10 deletions.
diff --git a/charts/jwt-nginx-ext-auth/Chart.yaml b/charts/jwt-nginx-ext-auth/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
+version: 0.0.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/jwt-nginx-ext-auth/templates/deployment.yaml b/charts/jwt-nginx-ext-auth/templates/deployment.yaml
@@ -32,6 +32,19 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
+          env:
+            - name: OIDC_DISCOVERY_URL
+              value: {{ .Values.oidcConfig.discoveryUrl }}
+            - name: JWKS_URI
+              value: {{ .Values.oidcConfig.jwksUri }}
+            - name: JWT_ISSUER
+              value: {{ .Values.oidcConfig.jwtIssuer }}
+            - name: JWT_AUDIENCE
+              value: {{ .Values.oidcConfig.jwtAudience }}
+            - name: JWT_HEADER
+              value: {{ .Values.oidcConfig.jwtHeader }}
+            - name: PORT
+              value: "{{ .Values.service.port }}"
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -40,14 +53,6 @@ spec:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           {{- with .Values.volumeMounts }}

diff --git a/charts/jwt-nginx-ext-auth/values.yaml b/charts/jwt-nginx-ext-auth/values.yaml
@@ -14,6 +14,13 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+oidcConfig:
+  discoveryUri: ""
+  jwksUri: ""
+  jwtIssuer: ""
+  jwtAudience: ""
+  jwtHeader: "authorization"
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true

diff --git a/src/index.mts b/src/index.mts
@@ -12,6 +12,8 @@ if (process.env.OIDC_DISCOVERY_URI) {
     jwks_uri: string;
     issuer: string;
   };
+  console.log("Discovered JWKS_URI", discoveryJson.jwks_uri);
+  console.log("Discovered issuer", discoveryJson.issuer);
   process.env.JWKS_URI = discoveryJson.jwks_uri;
   process.env.JWT_ISSUER = discoveryJson.issuer;
 }
@@ -31,7 +33,7 @@ fastify.get<{
     authorization: string;
   };
 }>("/", async (request, reply) => {
-  const header = process.env.JWT_HEADER ?? "authorization";
+  const header = (process.env.JWT_HEADER ?? "authorization").toLowerCase();
   if (!request.headers[header]) {
     reply.status(401).send({ error: "Unauthorized" });
     return;