wip: remove public-url config option

README.md

@@ -11,7 +11,6 @@ This repository hosts the Kubernetes Python Operator for OIDC Gatekeeper
 The OIDC Gatekeeper Operator may be deployed using the Juju command line as follows
 ```bash
 juju deploy oidc-gatekeeper
-juju config oidc-gatekeeper client-secret=<client-secret> public-url=http://<public-url>
 ```
 
 Upstream documentation can be found at https://github.com/arrikto/oidc-authservice

config.yaml

@@ -14,10 +14,6 @@ options:
     type: string
     default: ''
     description: OpenID Connect client secret
-  public-url:
-    type: string
-    default: ''
-    description: Publicly-accessible endpoint for cluster
   oidc-scopes:
     type: string
     default: 'profile email groups'
@@ -41,4 +37,4 @@ options:
   userid-claim:
     type: string
     default: 'email'
-    description: OpenID Connect claim whose value will be used as the userid.
+    description: OpenID Connect claim whose value will be used as the userid.

src/charm.py

@@ -37,10 +37,6 @@ def __init__(self, *args):
             [http_service_port],
         )
 
-        self.public_url = self.model.config["public-url"]
-        if not self.public_url.startswith(("http://", "https://")):
-            self.public_url = f"http://{self.public_url}"
-
         for event in [
             self.on.start,
             self.on.leader_elected,
@@ -58,7 +54,6 @@ def __init__(self, *args):
 
     def main(self, event):
         try:
-            self._check_public_url()
             self._check_leader()
             interfaces = self._get_interfaces()
             secret_key = self._check_secret()
@@ -146,11 +141,6 @@ def _get_interfaces(self):
             raise ErrorWithStatus(str(err), BlockedStatus)
         return interfaces
 
-    def _check_public_url(self):
-        """Check if `public-url` config is set."""
-        if not self.model.config.get("public-url"):
-            raise ErrorWithStatus("public-url config required", BlockedStatus)
-
     def _configure_mesh(self, interfaces):
         """Update ingress and ingress-auth relations with mesh info."""
         if interfaces["ingress"]:
@@ -179,9 +169,6 @@ def _send_info(self, interfaces, secret_key):
         """Send info to oidc-client relation."""
         config = self.model.config
 
-        if not config.get("public-url"):
-            return False
-
         if interfaces["oidc-client"]:
             interfaces["oidc-client"].send_data(
                 {

tests/integration/test_charm.py

@@ -57,8 +57,6 @@ async def test_deploy(self, ops_test: OpsTest):
             config=OIDC_CONFIG,
         )
 
-        await ops_test.model.applications[APP_NAME].set_config({"public-url": PUBLIC_URL})
-
         await ops_test.model.wait_for_idle(
             apps=[APP_NAME], status="active", raise_on_blocked=False, timeout=60 * 10
         )
@@ -87,8 +85,6 @@ async def test_relations(self, ops_test: OpsTest):
         await ops_test.model.integrate(f"{ISTIO_PILOT}:ingress-auth", f"{APP_NAME}:ingress-auth")
         await ops_test.model.integrate(f"{APP_NAME}:oidc-client", f"{DEX_AUTH}:oidc-client")
 
-        await ops_test.model.applications[DEX_AUTH].set_config({"public-url": PUBLIC_URL})
-
         # Not raising on blocked will allow istio-pilot to be deployed
         # without istio-gateway and provide oidc with the data it needs.
         await ops_test.model.wait_for_idle(
@@ -125,7 +121,6 @@ async def test_upgrade(self, ops_test: OpsTest):
         await ops_test.model.integrate(f"{ISTIO_PILOT}:ingress", f"{APP_NAME}:ingress")
         await ops_test.model.integrate(f"{ISTIO_PILOT}:ingress-auth", f"{APP_NAME}:ingress-auth")
         await ops_test.model.integrate(f"{APP_NAME}:oidc-client", f"{DEX_AUTH}:oidc-client")
-        await ops_test.model.applications[APP_NAME].set_config({"public-url": PUBLIC_URL})
 
         print("Stable charm is deployed, add relations")
         await ops_test.model.wait_for_idle(

tests/unit/test_operator.py

@@ -25,15 +25,13 @@ def test_log_forwarding(harness):
 
 @patch("charm.KubernetesServicePatch", lambda x, y: None)
 def test_not_leader(harness):
-    harness.update_config({"public-url": "10.64.140.43.nip.io"})
     harness.begin_with_initial_hooks()
     assert harness.charm.model.unit.status == WaitingStatus("Waiting for leadership")
 
 
 @patch("charm.KubernetesServicePatch", lambda x, y: None)
 def test_no_relation(harness):
     harness.set_leader(True)
-    harness.update_config({"public-url": "10.64.140.43.nip.io"})
     harness.add_oci_resource(
         "oci-image",
         {
@@ -50,7 +48,6 @@ def test_no_relation(harness):
 @patch("charm.KubernetesServicePatch", lambda x, y: None)
 def test_with_relation(harness):
     harness.set_leader(True)
-    harness.update_config({"public-url": "10.64.140.43.nip.io"})
     rel_id = harness.add_relation("ingress", "app")
     harness.add_relation_unit(rel_id, "app/0")
 
@@ -65,36 +62,9 @@ def test_with_relation(harness):
     assert isinstance(harness.charm.model.unit.status, ActiveStatus)
 
 
-@pytest.mark.parametrize(
-    "url_prefix,url_result",
-    [
-        (
-            "",
-            "http://",
-        ),
-        ("https://", "https://"),
-        ("http://", "http://"),
-    ],
-)
-@patch("charm.KubernetesServicePatch", lambda x, y: None)
-def test_public_url(harness, url_prefix, url_result):
-    harness.set_leader(True)
-    harness.update_config({"public-url": f"{url_prefix}10.64.140.43.nip.io"})
-    harness.begin_with_initial_hooks()
-
-    plan = harness.get_container_pebble_plan("oidc-authservice")
-
-    assert "OIDC_PROVIDER" in plan.services["oidc-authservice"].environment
-    assert (
-        plan.services["oidc-authservice"].environment["OIDC_PROVIDER"]
-        == f"{url_result}10.64.140.43.nip.io/dex"
-    )
-
-
 @patch("charm.KubernetesServicePatch", lambda x, y: None)
 def test_skip_auth_url_config_has_value(harness):
     harness.set_leader(True)
-    harness.update_config({"public-url": "10.64.140.43.nip.io"})
     harness.update_config({"skip-auth-urls": "/test/,/path1/"})
     harness.begin_with_initial_hooks()
 
@@ -108,7 +78,6 @@ def test_skip_auth_url_config_has_value(harness):
 @patch("charm.KubernetesServicePatch", lambda x, y: None)
 def test_skip_auth_url_config_is_empty(harness):
     harness.set_leader(True)
-    harness.update_config({"public-url": "10.64.140.43.nip.io"})
     harness.begin_with_initial_hooks()
 
     plan = harness.get_container_pebble_plan("oidc-authservice")
@@ -119,7 +88,6 @@ def test_skip_auth_url_config_is_empty(harness):
 @patch("charm.KubernetesServicePatch", lambda x, y: None)
 def test_ca_bundle_config(harness):
     harness.set_leader(True)
-    harness.update_config({"public-url": "10.64.140.43.nip.io"})
     harness.update_config({"ca-bundle": "aaa"})
     harness.begin_with_initial_hooks()
 
@@ -133,7 +101,6 @@ def test_ca_bundle_config(harness):
 @patch("charm.KubernetesServicePatch", lambda x, y: None)
 def test_session_store(harness):
     harness.set_leader(True)
-    harness.update_config({"public-url": "10.64.140.43.nip.io"})
     harness.begin_with_initial_hooks()
 
     plan = harness.get_container_pebble_plan("oidc-authservice")
@@ -154,7 +121,6 @@ def test_pebble_ready_hook_handled(harness: Harness):
     """
     harness.set_leader(True)
     harness.begin()
-    harness.charm._check_public_url = MagicMock()
     harness.charm._get_interfaces = MagicMock()
     harness.charm._check_secret = MagicMock()
     harness.charm._send_info = MagicMock()