providers/app_gw: generate docker-compose in code

passbook/providers/app_gw/views.py

@@ -1,33 +1,90 @@
 """passbook app_gw views"""
 import string
 from random import SystemRandom
+from urllib.parse import urlparse
 
 from django.contrib.auth.mixins import LoginRequiredMixin
+from django.db.models import Model
 from django.http import HttpRequest, HttpResponse
-from django.shortcuts import get_object_or_404, render
+from django.shortcuts import get_object_or_404, render, reverse
 from django.views import View
+from guardian.shortcuts import get_objects_for_user
 from structlog import get_logger
+from yaml import safe_dump
 
 from passbook import __version__
+from passbook.core.models import User
 from passbook.providers.app_gw.models import ApplicationGatewayProvider
 
 ORIGINAL_URL = "HTTP_X_ORIGINAL_URL"
 LOGGER = get_logger()
 
 
+def get_object_for_user_or_404(user: User, perm: str, **filters) -> Model:
+    """Wrapper that combines get_objects_for_user and get_object_or_404"""
+    return get_object_or_404(get_objects_for_user(user, perm), **filters)
+
+
 def get_cookie_secret():
-    """Generate random 50-character string for cookie-secret"""
+    """Generate random 32-character string for cookie-secret"""
     return "".join(
         SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32)
     )
 
 
+class DockerComposeView(LoginRequiredMixin, View):
+    """Generate docker-compose yaml"""
+
+    def get_compose(self, provider: ApplicationGatewayProvider) -> str:
+        """Generate docker-compose yaml, version 3.5"""
+        full_issuer_user = self.request.build_absolute_uri(
+            reverse("passbook_providers_oidc:authorize")
+        )
+        env = {
+            "OAUTH2_PROXY_CLIENT_ID": provider.client.client_id,
+            "OAUTH2_PROXY_CLIENT_SECRET": provider.client.client_secret,
+            "OAUTH2_PROXY_REDIRECT_URL": f"{provider.external_host}/oauth2/callback",
+            "OAUTH2_PROXY_OIDC_ISSUER_URL": full_issuer_user,
+            "OAUTH2_PROXY_COOKIE_SECRET": get_cookie_secret(),
+            "OAUTH2_PROXY_UPSTREAMS": provider.internal_host,
+        }
+        if urlparse(provider.external_host).scheme != "https":
+            env["OAUTH2_PROXY_COOKIE_SECURE"] = "false"
+        compose = {
+            "version": "3.5",
+            "services": {
+                "passbook_gatekeeper": {
+                    "image": f"beryju/passbook-gatekeeper:{__version__}",
+                    "ports": ["4180:4180"],
+                    "environment": env,
+                }
+            },
+        }
+        return safe_dump(compose, default_flow_style=False)
+
+    def get(self, request: HttpRequest, provider_pk: int) -> HttpResponse:
+        """Render docker-compose file"""
+        provider: ApplicationGatewayProvider = get_object_for_user_or_404(
+            request.user,
+            "passbook_providers_app_gw.view_applicationgatewayprovider",
+            pk=provider_pk,
+        )
+        response = HttpResponse()
+        response.content_type = "application/x-yaml"
+        response.content = self.get_compose(provider.pk)
+        return response
+
+
 class K8sManifestView(LoginRequiredMixin, View):
     """Generate K8s Deployment and SVC for gatekeeper"""
 
-    def get(self, request: HttpRequest, provider: int) -> HttpResponse:
+    def get(self, request: HttpRequest, provider_pk: int) -> HttpResponse:
         """Render deployment template"""
-        provider = get_object_or_404(ApplicationGatewayProvider, pk=provider)
+        provider: ApplicationGatewayProvider = get_object_for_user_or_404(
+            request.user,
+            "passbook_providers_app_gw.view_applicationgatewayprovider",
+            pk=provider_pk,
+        )
         return render(
             request,
             "app_gw/k8s-manifest.yaml",