improvement: user-auth allow customizing UI url (#57)

davidcheung · web-flow · commit d16aa4ffaf8e · 2021-08-05T17:50:22.000-04:00
diff --git a/modules/user_auth/README.md b/modules/user_auth/README.md
@@ -40,6 +40,7 @@ No requirements.
 | frontend\_service\_domain | Domain of the frontend | `string` | n/a | yes |
 | jwks\_content | The content of a JWKS file for Oathkeeper | `string` | n/a | yes |
 | k8s\_local\_exec\_context | Custom resource (Oathkeeper Rules are created using local-exec with kubectl), if not specified it will target your current context from kubeconfig | `string` | `""` | no |
+| kratos\_default\_redirect\_ui\_path | Setting the default path after self-service flows(login/signup/verify/settings), kratos will redirect you to frontend | `string` | `"/dashboard"` | no |
 | kratos\_secret\_name | Secret name for kratos to access Database credentials, created from pre-k8s script | `string` | n/a | yes |
 | kratos\_values\_override | a map of parameters to override the kratos-values.yml | `map(any)` | `{}` | no |
 | kubectl\_extra\_args | Arguments that will be passed to kubectl when using the local executor in cases where the terraform k8s support is not enough | `string` | n/a | yes |
diff --git a/modules/user_auth/main.tf b/modules/user_auth/main.tf
@@ -14,6 +14,7 @@ locals {
     }
   }
 
+  default_flow_return_url = "https://${var.frontend_service_domain}${var.kratos_default_redirect_ui_path}"
   kratos_values_override = {
     secret = {
       nameOverride = var.kratos_secret_name
@@ -36,40 +37,40 @@ locals {
             settings = {
               ui_url = "https://${var.frontend_service_domain}/auth/settings"
               after = {
-                default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"
+                default_browser_return_url = local.default_flow_return_url
               }
             }
 
             verification = {
               ui_url = "https://${var.frontend_service_domain}/auth/verify"
               after = {
-                default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"
+                default_browser_return_url = local.default_flow_return_url
               }
             }
 
             recovery = {
               ui_url = "https://${var.frontend_service_domain}/auth/recovery"
               after = {
-                default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"
+                default_browser_return_url = local.default_flow_return_url
               }
             }
 
             login = {
               ui_url = "https://${var.frontend_service_domain}/auth/login"
               after = {
-                default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"
+                default_browser_return_url = local.default_flow_return_url
               }
             }
 
             registration = {
               ui_url = "https://${var.frontend_service_domain}/auth/registration"
               after = {
-                default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"
+                default_browser_return_url = local.default_flow_return_url
                 password = {
-                  default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"
+                  default_browser_return_url = local.default_flow_return_url
                 }
                 oidc = {
-                  default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"
+                  default_browser_return_url = local.default_flow_return_url
                 }
               }
             }
@@ -94,8 +95,6 @@ locals {
       proxy = {
         hosts = [var.backend_service_domain]
         tls = {
-          // HCL doesnt allow map inside a list, you will get the following error with a list
-          // `<.host>: can't evaluate field host in type interface {}`
           "0" = {
             host = [var.backend_service_domain]
           }
@@ -162,8 +161,8 @@ resource "null_resource" "external_secret_custom_resource" {
 }
 
 module "kratos_config" {
-  source                     = "cloudposse/config/yaml"
-  version                    = "0.7.0"
+  source  = "cloudposse/config/yaml"
+  version = "0.7.0"
 
   map_config_local_base_path = "${path.module}/files"
   map_config_paths           = ["kratos-values.yml"]
@@ -217,8 +216,8 @@ resource "null_resource" "oathkeeper_kratos_proxy_rules" {
 }
 
 module "oathkeeper_config" {
-  source                     = "cloudposse/config/yaml"
-  version                    = "0.7.0"
+  source  = "cloudposse/config/yaml"
+  version = "0.7.0"
 
   map_config_local_base_path = "${path.module}/files"
   map_config_paths           = ["oathkeeper-values.yml"]
diff --git a/modules/user_auth/variables.tf b/modules/user_auth/variables.tf
@@ -87,3 +87,9 @@ variable "oathkeeper_values_override" {
   type        = map(any)
   default     = {}
 }
+
+variable "kratos_default_redirect_ui_path" {
+  description = "Setting the default path after self-service flows(login/signup/verify/settings), kratos will redirect you to frontend"
+  type        = string
+  default     = "/dashboard"
+}

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ locals {`
`14`	`14`	`}`
`15`	`15`	`}`
`16`	`16`
	`17`	`+ default_flow_return_url = "https://${var.frontend_service_domain}${var.kratos_default_redirect_ui_path}"`
`17`	`18`	`kratos_values_override = {`
`18`	`19`	`secret = {`
`19`	`20`	`nameOverride = var.kratos_secret_name`
`@@ -36,40 +37,40 @@ locals {`
`36`	`37`	`settings = {`
`37`	`38`	`ui_url = "https://${var.frontend_service_domain}/auth/settings"`
`38`	`39`	`after = {`
`39`		`- default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"`
	`40`	`+ default_browser_return_url = local.default_flow_return_url`
`40`	`41`	`}`
`41`	`42`	`}`
`42`	`43`
`43`	`44`	`verification = {`
`44`	`45`	`ui_url = "https://${var.frontend_service_domain}/auth/verify"`
`45`	`46`	`after = {`
`46`		`- default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"`
	`47`	`+ default_browser_return_url = local.default_flow_return_url`
`47`	`48`	`}`
`48`	`49`	`}`
`49`	`50`
`50`	`51`	`recovery = {`
`51`	`52`	`ui_url = "https://${var.frontend_service_domain}/auth/recovery"`
`52`	`53`	`after = {`
`53`		`- default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"`
	`54`	`+ default_browser_return_url = local.default_flow_return_url`
`54`	`55`	`}`
`55`	`56`	`}`
`56`	`57`
`57`	`58`	`login = {`
`58`	`59`	`ui_url = "https://${var.frontend_service_domain}/auth/login"`
`59`	`60`	`after = {`
`60`		`- default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"`
	`61`	`+ default_browser_return_url = local.default_flow_return_url`
`61`	`62`	`}`
`62`	`63`	`}`
`63`	`64`
`64`	`65`	`registration = {`
`65`	`66`	`ui_url = "https://${var.frontend_service_domain}/auth/registration"`
`66`	`67`	`after = {`
`67`		`- default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"`
	`68`	`+ default_browser_return_url = local.default_flow_return_url`
`68`	`69`	`password = {`
`69`		`- default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"`
	`70`	`+ default_browser_return_url = local.default_flow_return_url`
`70`	`71`	`}`
`71`	`72`	`oidc = {`
`72`		`- default_browser_return_url = "https://${var.frontend_service_domain}/dashboard"`
	`73`	`+ default_browser_return_url = local.default_flow_return_url`
`73`	`74`	`}`
`74`	`75`	`}`
`75`	`76`	`}`
`@@ -94,8 +95,6 @@ locals {`
`94`	`95`	`proxy = {`
`95`	`96`	`hosts = [var.backend_service_domain]`
`96`	`97`	`tls = {`
`97`		`- // HCL doesnt allow map inside a list, you will get the following error with a list`
`98`		- // `<.host>: can't evaluate field host in type interface {}`
`99`	`98`	`"0" = {`
`100`	`99`	`host = [var.backend_service_domain]`
`101`	`100`	`}`
`@@ -162,8 +161,8 @@ resource "null_resource" "external_secret_custom_resource" {`
`162`	`161`	`}`
`163`	`162`
`164`	`163`	`module "kratos_config" {`
`165`		`- source = "cloudposse/config/yaml"`
`166`		`- version = "0.7.0"`
	`164`	`+ source = "cloudposse/config/yaml"`
	`165`	`+ version = "0.7.0"`
`167`	`166`
`168`	`167`	`map_config_local_base_path = "${path.module}/files"`
`169`	`168`	`map_config_paths = ["kratos-values.yml"]`
`@@ -217,8 +216,8 @@ resource "null_resource" "oathkeeper_kratos_proxy_rules" {`
`217`	`216`	`}`
`218`	`217`
`219`	`218`	`module "oathkeeper_config" {`
`220`		`- source = "cloudposse/config/yaml"`
`221`		`- version = "0.7.0"`
	`219`	`+ source = "cloudposse/config/yaml"`
	`220`	`+ version = "0.7.0"`
`222`	`221`
`223`	`222`	`map_config_local_base_path = "${path.module}/files"`
`224`	`223`	`map_config_paths = ["oathkeeper-values.yml"]`