internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-06 13:22:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Customize CSRF options (#825)

Browse Source
This commit is contained in:
David Luong
2022-04-13 19:42:07 -04:00
committed by GitHub
parent 1b41d945e6
commit 1686875321
5 changed files with 54 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@@ -34,6 +34,8 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
* [Default execution environments from private registries](#default-execution-environments-from-private-registries)
* [Control plane ee from private registry](#control-plane-ee-from-private-registry)
* [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers)
* [CSRF Cookie Secure](#csrf-cookie-secure-setting)
* [Session Cookie Secure](#session-cookie-secure-setting)
* [Extra Settings](#extra-settings)
* [Service Account](#service-account)
* [Uninstall](#uninstall)
@@ -836,6 +838,36 @@ Example configuration of environment variables
value: foo
```
#### CSRF Cookie Secure Setting
With `csrf_cookie_secure`, you can pass the value for `CSRF_COOKIE_SECURE` to `/etc/tower/settings.py`
| Name | Description | Default |
| ------------------ | ------------------ | ------- |
| csrf_cookie_secure | CSRF Cookie Secure | '' |
Example configuration of the `csrf_cookie_secure` setting:
```yaml
spec:
csrf_cookie_secure: 'False'
```
#### Session Cookie Secure Setting
With `session_cookie_secure`, you can pass the value for `SESSION_COOKIE_SECURE` to `/etc/tower/settings.py`
| Name | Description | Default |
| --------------------- | --------------------- | ------- |
| session_cookie_secure | Session Cookie Secure | '' |
Example configuration of the `session_cookie_secure` setting:
```yaml
spec:
session_cookie_secure: 'False'
```
#### Extra Settings
With`extra_settings`, you can pass multiple custom settings via the `awx-operator`. The parameter `extra_settings` will be appended to the `/etc/tower/settings.py` and can be an alternative to the `extra_volumes` parameter.

6
config/crd/bases/awx.ansible.com_awxs.yaml
View File

@@ -432,6 +432,12 @@ spec:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
csrf_cookie_secure:
description: Set csrf cookie secure mode for web
type: string
session_cookie_secure:
description: Set session cookie secure mode for web
type: string
extra_settings:
description: Extra settings to specify for the API
items:

10
config/manifests/bases/awx-operator.clusterserviceversion.yaml
View File

@@ -554,6 +554,16 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: CSRF cookie secure setting
path: csrf_cookie_secure
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Session cookie secure setting
path: session_cookie_secure
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: API Extra Settings
path: extra_settings
x-descriptors:

4
roles/installer/defaults/main.yml
View File

@@ -182,6 +182,10 @@ ee_resource_requirements:
cpu: 500m
memory: 1Gi
# Customize CSRF options
csrf_cookie_secure: False
session_cookie_secure: False
# Add extra environment variables to the AWX task/web containers. Specify as
# literal block. E.g.:
# task_extra_env: |

4
roles/installer/templates/config.yaml.j2
View File

@@ -60,8 +60,8 @@ data:
CLUSTER_HOST_ID = socket.gethostname()
SYSTEM_UUID = os.environ.get('MY_POD_UID', '00000000-0000-0000-0000-000000000000')
CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = '{{ csrf_cookie_secure }}'
SESSION_COOKIE_SECURE = '{{ session_cookie_secure }}'
SERVER_EMAIL = 'root@localhost'
DEFAULT_FROM_EMAIL = 'webmaster@localhost'