coulomb/railiance-platform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(openbao-ui): serve standalone KeyCape login at /ui/vault/auth

Browse Source 
Ember's auth route bounces between ?with=netkingdom/ and ?with=token when
OIDC mounts are hidden from the unauthenticated listing. Bypass Ember on the
bare auth path with a static login page that calls auth_url directly; OIDC
callbacks still proxy to the OpenBao UI.
This commit is contained in:
Bernd Worsch
2026-06-19 21:13:08 +02:00
parent ae4d967481
commit 520c7ea2c0
8 changed files with 225 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/openbao-ui-overlay-apply.sh
View File

@@ -27,7 +27,7 @@ if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
exit 0
fi
for required in overlay.css overlay.js presets.json nginx.conf VERSION; do
for required in overlay.css overlay.js login.css login.html login.js presets.json nginx.conf VERSION; do
if [ ! -f "$OVERLAY_DIR/$required" ]; then
echo "missing overlay asset: $OVERLAY_DIR/$required" >&2
exit 1
@@ -47,6 +47,9 @@ $KUBECTL create configmap openbao-ui-overlay \
--namespace "$OPENBAO_NAMESPACE" \
--from-file="$OVERLAY_DIR/overlay.css" \
--from-file="$OVERLAY_DIR/overlay.js" \
--from-file="$OVERLAY_DIR/login.css" \
--from-file="$OVERLAY_DIR/login.html" \
--from-file="$OVERLAY_DIR/login.js" \
--from-file="$OVERLAY_DIR/presets.json" \
--from-file="$OVERLAY_DIR/VERSION" \
--dry-run=client -o yaml | $KUBECTL apply -f -