coop-cloud/rstudio
coop-cloud
/
rstudio
generated from coop-cloud/example
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Support SSO 

See https://github.com/WASHNote/washnote-apps/issues/10.
This commit is contained in:
decentral1se 2021-06-28 13:42:02 +02:00
parent 14cc4e6ac5
commit c13aa2c715
No known key found for this signature in database
GPG Key ID: 5E2EF5A63E3718CC
6 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.env.sample
View File

@ -7,3 +7,10 @@ SECRET_ADMIN_PASSWORD_VERSION=v1
# MSSQL driver
COMPOSE_FILE="compose.yml:compose.mssql.yml"
# OpenID Connect (SSO)
# COMPOSE_FILE="compose.yml:compose.oidc.yml"
# OIDC_ENABLED=1
# OIDC_CLIENT_ID=
# OIDC_ISSUER_URL=
# SECRET_OIDC_CLIENT_SECRET=v1

1
abra.sh
View File

@ -1 +1,2 @@
export CUSTOM_ENTRYPOINT_VERSION=v1
export OIDC_CONF_VERSION=v1

26
compose.oidc.yml Normal file
View File

@ -0,0 +1,26 @@
---
version: "3.8"
services:
app:
configs:
- source: oidc_conf
target: /etc/rstudio/openid-client-secret
mode: 0600
environment:
- OIDC_CLIENT_ID
- OIDC_ENABLED
- OIDC_ISSUER_URL
secrets:
- oidc_client_secret
configs:
oidc_conf:
name: ${STACK_NAME}_oidc_conf_${OIDC_CONF_VERSION}
file: oidc.conf.tmpl
template_driver: golang
secrets:
oidc_client_secret:
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET}
external: true

3
compose.yml
View File

@ -12,8 +12,9 @@ services:
secrets:
- admin_password
environment:
- ROOT=TRUE
- DOMAIN=${DOMAIN}
- PASSWORD_FILE=/run/secrets/admin_password
- ROOT=TRUE
configs:
- source: custom_entrypoint
target: /docker-entrypoint.sh

6
entrypoint.sh.tmpl
View File

@ -26,4 +26,10 @@ file_env() {
file_env "PASSWORD"
{{ if eq (env "OIDC_ENABLED") "1" }}
echo "auth-openid=1" >> /etc/rstudio/rserver.conf
echo "auth-openid-issuer=${OIDC_ISSUER_URL}" >> /etc/rstudio/rserver.conf
echo "auth-openid-base-uri=https://${DOMAIN}" >> /etc/rstudio/rserver.conf
{{ end }}
exec "$@"

2
oidc.conf.tmpl Normal file
View File

@ -0,0 +1,2 @@
client-id={{ env "OIDC_CLIENT_ID" }}
client-secret={{ secret "oidc_client_secret" }}