Merge pull request #42 from canonical/template-updates

Template updates
canonical · Nov 24, 2023 · 5806645 · 5806645
2 parents 6c6151e + f3956f8
commit 5806645
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/config.yaml b/config.yaml
@@ -0,0 +1,7 @@
+options:
+  dev:
+    description: |
+      Run Oathkeeper in dev mode. This option is needed if no internal ingress is configured and https is not set up.
+      This should only be used for development purposes.
+    type: boolean
+    default: False
diff --git a/src/charm.py b/src/charm.py
@@ -38,6 +38,7 @@
 from ops.charm import (
     ActionEvent,
     CharmBase,
+    ConfigChangedEvent,
     HookEvent,
     InstallEvent,
     PebbleReadyEvent,
@@ -120,6 +121,7 @@ def __init__(self, *args):
 
         self.framework.observe(self.on.oathkeeper_pebble_ready, self._on_oathkeeper_pebble_ready)
         self.framework.observe(self.on.install, self._on_install)
+        self.framework.observe(self.on.config_changed, self._on_config_changed)
         self.framework.observe(self.on.remove, self._on_remove)
 
         self.framework.observe(
@@ -189,8 +191,10 @@ def _oathkeeper_service_is_running(self) -> bool:
 
     @property
     def _forward_auth_config(self) -> ForwardAuthConfig:
+        scheme = "http" if self.config["dev"] else "https"
+        decisions_url = f"{scheme}://{self.app.name}.{self.model.name}.svc.cluster.local:{OATHKEEPER_API_PORT}/decisions"
         return ForwardAuthConfig(
-            decisions_address=f"https://{self.app.name}.{self.model.name}.svc.cluster.local:{OATHKEEPER_API_PORT}/decisions",
+            decisions_address=decisions_url,
             app_names=self.auth_proxy.get_app_names(),
             headers=self.auth_proxy.get_headers(),
         )
@@ -329,6 +333,9 @@ def _on_oathkeeper_pebble_ready(self, event: PebbleReadyEvent) -> None:
         self._patch_statefulset()
         self._handle_status_update_config(event)
 
+    def _on_config_changed(self, event: ConfigChangedEvent):
+        self.forward_auth.update_forward_auth_config(self._forward_auth_config)
+
     def _on_remove(self, event: RemoveEvent) -> None:
         if not self.unit.is_leader():
             return

diff --git a/templates/oathkeeper.yaml.j2 b/templates/oathkeeper.yaml.j2
@@ -49,6 +49,8 @@ access_rules:
   {%- endif %}
 
 authenticators:
+  anonymous:
+    enabled: true
   noop:
     enabled: true
   cookie_session: