diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a1dd073b5..f21d284356 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to ### Added - ✨(backend) allow to create a new user in a marketing system +- ✨(helm) redirecting system #1697 ### Changed diff --git a/src/frontend/apps/impress/src/features/auth/components/Auth.tsx b/src/frontend/apps/impress/src/features/auth/components/Auth.tsx index 414ac51b61..ea079d1f9d 100644 --- a/src/frontend/apps/impress/src/features/auth/components/Auth.tsx +++ b/src/frontend/apps/impress/src/features/auth/components/Auth.tsx @@ -44,7 +44,7 @@ export const Auth = ({ children }: PropsWithChildren) => { if (config?.FRONTEND_HOMEPAGE_FEATURE_ENABLED) { if (pathname !== HOME_URL) { setIsRedirecting(true); - void replace(HOME_URL).then(() => setIsRedirecting(false)); + window.location.replace(HOME_URL); } return; diff --git a/src/frontend/apps/impress/src/features/auth/conf.ts b/src/frontend/apps/impress/src/features/auth/conf.ts index c44fe01884..4e58db0fd6 100644 --- a/src/frontend/apps/impress/src/features/auth/conf.ts +++ b/src/frontend/apps/impress/src/features/auth/conf.ts @@ -1,6 +1,6 @@ import { baseApiUrl } from '@/api'; -export const HOME_URL = '/home'; +export const HOME_URL = '/home/'; export const LOGIN_URL = `${baseApiUrl()}authenticate/`; export const LOGOUT_URL = `${baseApiUrl()}logout/`; export const PATH_AUTH_LOCAL_STORAGE = 'docs-path-auth'; diff --git a/src/frontend/apps/impress/src/pages/login/index.tsx b/src/frontend/apps/impress/src/pages/login/index.tsx index f76bb8969a..2e06f82628 100644 --- a/src/frontend/apps/impress/src/pages/login/index.tsx +++ b/src/frontend/apps/impress/src/pages/login/index.tsx @@ -1,10 +1,7 @@ -import { useRouter } from 'next/router'; - import { HOME_URL } from '@/features/auth'; const Page = () => { - const { replace } = useRouter(); - void replace(HOME_URL); + window.location.replace(HOME_URL); }; export default Page; diff --git a/src/helm/env.d/dev/values.impress.yaml.gotmpl b/src/helm/env.d/dev/values.impress.yaml.gotmpl index 129a4b89ba..693c51121e 100644 --- a/src/helm/env.d/dev/values.impress.yaml.gotmpl +++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl @@ -32,16 +32,17 @@ backend: LOGGING_LEVEL_LOGGERS_ROOT: INFO LOGGING_LEVEL_LOGGERS_APP: INFO OIDC_USERINFO_SHORTNAME_FIELD: "given_name" - OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name" + OIDC_USERINFO_FULLNAME_FIELDS: "given_name,family_name" OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/certs OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/auth OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/token OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/userinfo OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/logout + OIDC_REDIRECT_ALLOWED_HOSTS: "docs.127.0.0.1.nip.io" OIDC_RP_CLIENT_ID: docs OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email given_name usual_name" + OIDC_RP_SCOPES: "openid email profile" LOGIN_REDIRECT_URL: https://docs.127.0.0.1.nip.io LOGIN_REDIRECT_URL_FAILURE: https://docs.127.0.0.1.nip.io LOGOUT_REDIRECT_URL: https://docs.127.0.0.1.nip.io diff --git a/src/helm/env.d/feature/values.impress.yaml.gotmpl b/src/helm/env.d/feature/values.impress.yaml.gotmpl index 050c35ece2..c72a9dfee3 100644 --- a/src/helm/env.d/feature/values.impress.yaml.gotmpl +++ b/src/helm/env.d/feature/values.impress.yaml.gotmpl @@ -33,16 +33,17 @@ backend: LOGGING_LEVEL_LOGGERS_ROOT: INFO LOGGING_LEVEL_LOGGERS_APP: INFO OIDC_USERINFO_SHORTNAME_FIELD: "given_name" - OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name" + OIDC_USERINFO_FULLNAME_FIELDS: "given_name,family_name" OIDC_OP_JWKS_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/certs OIDC_OP_AUTHORIZATION_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/auth OIDC_OP_TOKEN_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/token OIDC_OP_USER_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/userinfo OIDC_OP_LOGOUT_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/logout + OIDC_REDIRECT_ALLOWED_HOSTS: "{{ .Values.feature }}-docs.{{ .Values.domain }}" OIDC_RP_CLIENT_ID: docs OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email given_name usual_name" + OIDC_RP_SCOPES: "openid email profile" LOGIN_REDIRECT_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }} LOGIN_REDIRECT_URL_FAILURE: https://{{ .Values.feature }}-docs.{{ .Values.domain }} LOGOUT_REDIRECT_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }} @@ -141,6 +142,17 @@ yProvider: COLLABORATION_SERVER_SECRET: my-secret Y_PROVIDER_API_KEY: my-secret +ingressRedirects: + enabled: true + host: {{ .Values.feature }}-docs.{{ .Values.domain }} + rules: + - name: home + from: /home + to: https://lasuite.numerique.gouv.fr/produits/docs + - name: google + from: /google + to: https://docs.google.com + ingress: enabled: true host: {{ .Values.feature }}-docs.{{ .Values.domain }} diff --git a/src/helm/impress/README.md b/src/helm/impress/README.md index d5bcd2260f..a1095080ed 100644 --- a/src/helm/impress/README.md +++ b/src/helm/impress/README.md @@ -39,6 +39,14 @@ | `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/proxy-read-timeout` | | `86400` | | `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/proxy-send-timeout` | | `86400` | | `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/upstream-hash-by` | | `$arg_room` | +| `ingressRedirects.enabled` | whether to enable the Ingress Redirects or not | `false` | +| `ingressRedirects.className` | IngressClass to use for the Ingress Redirects | `nil` | +| `ingressRedirects.host` | Host for the Ingress Redirects | `impress.example.com` | +| `ingressRedirects.tls.enabled` | Weather to enable TLS for the Ingress Redirects | `true` | +| `ingressRedirects.tls.secretName` | Secret name for TLS config | `nil` | +| `ingressRedirects.tls.additional[].secretName` | Secret name for additional TLS config | | +| `ingressRedirects.tls.additional[].hosts[]` | Hosts for additional TLS config | | +| `ingressRedirects.rules` | Rules for the Ingress Redirects | `[]` | | `ingressCollaborationApi.enabled` | whether to enable the Ingress or not | `false` | | `ingressCollaborationApi.className` | IngressClass to use for the Ingress | `nil` | | `ingressCollaborationApi.host` | Host for the Ingress | `impress.example.com` | @@ -113,15 +121,15 @@ | `backend.job.annotations` | Annotations to add to the job [default: argocd.argoproj.io/hook: PostSync] | | | `backend.cronjobs` | Cronjob name, schedule, command | `[]` | | `backend.probes.liveness.path` | Configure path for backend HTTP liveness probe | `/__heartbeat__` | -| `backend.probes.liveness.targetPort` | Configure port for backend HTTP liveness probe | `undefined` | +| `backend.probes.liveness.targetPort` | Configure port for backend HTTP liveness probe | `nil` | | `backend.probes.liveness.initialDelaySeconds` | Configure initial delay for backend liveness probe | `10` | | `backend.probes.liveness.initialDelaySeconds` | Configure timeout for backend liveness probe | `10` | -| `backend.probes.startup.path` | Configure path for backend HTTP startup probe | `undefined` | -| `backend.probes.startup.targetPort` | Configure port for backend HTTP startup probe | `undefined` | -| `backend.probes.startup.initialDelaySeconds` | Configure initial delay for backend startup probe | `undefined` | -| `backend.probes.startup.initialDelaySeconds` | Configure timeout for backend startup probe | `undefined` | +| `backend.probes.startup.path` | Configure path for backend HTTP startup probe | `nil` | +| `backend.probes.startup.targetPort` | Configure port for backend HTTP startup probe | `nil` | +| `backend.probes.startup.initialDelaySeconds` | Configure initial delay for backend startup probe | `nil` | +| `backend.probes.startup.initialDelaySeconds` | Configure timeout for backend startup probe | `nil` | | `backend.probes.readiness.path` | Configure path for backend HTTP readiness probe | `/__lbheartbeat__` | -| `backend.probes.readiness.targetPort` | Configure port for backend HTTP readiness probe | `undefined` | +| `backend.probes.readiness.targetPort` | Configure port for backend HTTP readiness probe | `nil` | | `backend.probes.readiness.initialDelaySeconds` | Configure initial delay for backend readiness probe | `10` | | `backend.probes.readiness.initialDelaySeconds` | Configure timeout for backend readiness probe | `10` | | `backend.resources` | Resource requirements for the backend container | `{}` | diff --git a/src/helm/impress/templates/ingress-redirects.yaml b/src/helm/impress/templates/ingress-redirects.yaml new file mode 100644 index 0000000000..2415149ce8 --- /dev/null +++ b/src/helm/impress/templates/ingress-redirects.yaml @@ -0,0 +1,63 @@ +{{- if .Values.ingressRedirects.enabled }} +{{- $fullName := include "impress.fullname" . -}} +{{- $ns := .Release.Namespace -}} + +{{- range $i, $r := .Values.ingressRedirects.rules }} +{{- $host := $r.host | default $.Values.ingressRedirects.host -}} +{{- $from := $r.from | default "/home" -}} +{{- $to := required (printf "ingressRedirects.rules[%d].to is required" $i) $r.to -}} +{{- $name := printf "%s-redirect-%s" $fullName (replace "/" "-" (trimAll "/" $from)) | trunc 63 | trimSuffix "-" -}} +{{- if $i }} +--- +{{- end }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $name }} + namespace: {{ $ns }} + annotations: + {{- if or (not $r.code) (eq (toString $r.code) "301") }} + nginx.ingress.kubernetes.io/permanent-redirect: "{{ $to }}" + {{- else }} + nginx.ingress.kubernetes.io/temporal-redirect: "{{ $to }}" + nginx.ingress.kubernetes.io/temporal-redirect-code: "{{ $r.code }}" + {{- end }} +spec: + {{- if $.Values.ingressRedirects.className }} + ingressClassName: {{ $.Values.ingressRedirects.className }} + {{- end }} + {{- if $.Values.ingressRedirects.tls.enabled }} + tls: + {{- if $host }} + - secretName: {{ $.Values.ingressRedirects.tls.secretName | default (printf "%s-tls" $fullName) | quote }} + hosts: + - {{ $host | quote }} + {{- end }} + {{- range $.Values.ingressRedirects.tls.additional }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ $host }} + http: + paths: + - path: {{ $from }} + pathType: Exact + backend: + service: + name: {{ include "impress.frontend.fullname" $ }} + port: + number: {{ $.Values.frontend.service.port }} + - path: {{ printf "%s/" (trimSuffix "/" $from) }} + pathType: Exact + backend: + service: + name: {{ include "impress.frontend.fullname" $ }} + port: + number: {{ $.Values.frontend.service.port }} +{{- end }} +{{- end }} diff --git a/src/helm/impress/values.yaml b/src/helm/impress/values.yaml index f063e478d7..9595f4b8d9 100644 --- a/src/helm/impress/values.yaml +++ b/src/helm/impress/values.yaml @@ -85,6 +85,25 @@ ingressCollaborationWS: nginx.ingress.kubernetes.io/proxy-send-timeout: "86400" nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room +## @param ingressRedirects.enabled whether to enable the Ingress Redirects or not +## @param ingressRedirects.className IngressClass to use for the Ingress Redirects +## @param ingressRedirects.host Host for the Ingress Redirects +ingressRedirects: + enabled: false + className: null + host: impress.example.com + ## @param ingressRedirects.tls.enabled Weather to enable TLS for the Ingress Redirects + ## @param ingressRedirects.tls.secretName Secret name for TLS config + ## @skip ingressRedirects.tls.additional + ## @extra ingressRedirects.tls.additional[].secretName Secret name for additional TLS config + ## @extra ingressRedirects.tls.additional[].hosts[] Hosts for additional TLS config + tls: + enabled: true + secretName: null + additional: [] + ## @param ingressRedirects.rules Rules for the Ingress Redirects + rules: [] + ## @param ingressCollaborationApi.enabled whether to enable the Ingress or not ## @param ingressCollaborationApi.className IngressClass to use for the Ingress ## @param ingressCollaborationApi.host Host for the Ingress