def generate_config(self, daemon_spec: CephadmDaemonDeploySpec) -> Tuple[Dict[str, Any], List[str]]:
assert self.TYPE == daemon_spec.daemon_type
svc_spec = cast(OAuth2ProxySpec, self.mgr.spec_store[daemon_spec.service_name].spec)
+ whitelist_domains = svc_spec.whitelist_domains or []
+ whitelist_domains += self.get_service_ips_and_hosts('mgmt-gateway')
context = {
'spec': svc_spec,
'cookie_secret': svc_spec.cookie_secret or self.generate_random_secret(),
- 'whitelist_domains': self.get_service_ips_and_hosts('mgmt-gateway'),
+ 'whitelist_domains': whitelist_domains,
'redirect_url': svc_spec.redirect_url or self.get_redirect_url()
}
cookie_secret: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_certificate_key: Optional[str] = None,
+ whitelist_domains: Optional[List[str]] = None,
unmanaged: bool = False,
extra_container_args: Optional[GeneralArgList] = None,
extra_entrypoint_args: Optional[GeneralArgList] = None,
self.ssl_certificate = ssl_certificate
#: The multi-line SSL certificate private key for decrypting communications.
self.ssl_certificate_key = ssl_certificate_key
+ #: List of allowed domains for safe redirection after login or logout,
+ # preventing unauthorized redirects.
+ self.whitelist_domains = whitelist_domains
self.unmanaged = unmanaged
def get_port_start(self) -> List[int]:
projects / ceph.git / commitdiff