providers/app_gw: Fix K8s template labels, add missing ISSUER_URL

passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml

@@ -2,29 +2,31 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    k8s-app: passbook-gatekeeper
+    app.kubernetes.io/name: passbook-gatekeeper
   name: passbook-gatekeeper
   namespace: kube-system
 spec:
   replicas: 1
   selector:
     matchLabels:
-      k8s-app: passbook-gatekeeper
+      app.kubernetes.io/name: passbook-gatekeeper
   template:
     metadata:
       labels:
-        k8s-app: passbook-gatekeeper
+        app.kubernetes.io/name: passbook-gatekeeper
     spec:
       containers:
       - args:
         - --upstream=file:///dev/null
         env:
         - name: OAUTH2_PROXY_CLIENT_ID
-          value: {{ provider.client.client_id }}
+          value: "{{ provider.client.client_id }}"
         - name: OAUTH2_PROXY_CLIENT_SECRET
-          value: {{ provider.client.client_secret }}
+          value: "{{ provider.client.client_secret }}"
         - name: OAUTH2_PROXY_COOKIE_SECRET
-          value: {{ cookie_secret }}
+          value: "{{ cookie_secret }}"
+        - name: OAUTH2_PROXY_OIDC_ISSUER_URL
+          value: "{{ issuer }}"
         image: beryju/passbook-gatekeeper:{{ version }}
         imagePullPolicy: Always
         name: passbook-gatekeeper
@@ -36,7 +38,7 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    k8s-app: passbook-gatekeeper
+    app.kubernetes.io/name: passbook-gatekeeper
   name: passbook-gatekeeper
   namespace: kube-system
 spec:
@@ -46,7 +48,7 @@ spec:
     protocol: TCP
     targetPort: 4180
   selector:
-    k8s-app: passbook-gatekeeper
+    app.kubernetes.io/name: passbook-gatekeeper
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

passbook/providers/app_gw/views.py

@@ -6,9 +6,10 @@ from urllib.parse import urlparse
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.db.models import Model
 from django.http import HttpRequest, HttpResponse
-from django.shortcuts import get_object_or_404, render, reverse
+from django.shortcuts import get_object_or_404, render
 from django.views import View
 from guardian.shortcuts import get_objects_for_user
+from oidc_provider.lib.utils.common import get_issuer, get_site_url
 from structlog import get_logger
 from yaml import safe_dump
 
@@ -37,14 +38,13 @@ class DockerComposeView(LoginRequiredMixin, View):
 
     def get_compose(self, provider: ApplicationGatewayProvider) -> str:
         """Generate docker-compose yaml, version 3.5"""
-        full_issuer_user = self.request.build_absolute_uri(
-            reverse("passbook_providers_oidc:authorize")
-        )
+        site_url = get_site_url(request=self.request)
+        issuer = get_issuer(site_url=site_url, request=self.request)
         env = {
             "OAUTH2_PROXY_CLIENT_ID": provider.client.client_id,
             "OAUTH2_PROXY_CLIENT_SECRET": provider.client.client_secret,
             "OAUTH2_PROXY_REDIRECT_URL": f"{provider.external_host}/oauth2/callback",
-            "OAUTH2_PROXY_OIDC_ISSUER_URL": full_issuer_user,
+            "OAUTH2_PROXY_OIDC_ISSUER_URL": issuer,
             "OAUTH2_PROXY_COOKIE_SECRET": get_cookie_secret(),
             "OAUTH2_PROXY_UPSTREAMS": provider.internal_host,
         }
@@ -85,6 +85,8 @@ class K8sManifestView(LoginRequiredMixin, View):
             "passbook_providers_app_gw.view_applicationgatewayprovider",
             pk=provider_pk,
         )
+        site_url = get_site_url(request=self.request)
+        issuer = get_issuer(site_url=site_url, request=self.request)
         return render(
             request,
             "app_gw/k8s-manifest.yaml",
@@ -92,6 +94,7 @@ class K8sManifestView(LoginRequiredMixin, View):
                 "provider": provider,
                 "cookie_secret": get_cookie_secret(),
                 "version": __version__,
+                "issuer": issuer,
             },
             content_type="text/yaml",
         )