switch to using oauth-proxy Ansible role

This way we get version upgrades for free.

Signed-off-by: Jakub Sokołowski <jakub@status.im>

defaults/main.yml

@@ -36,14 +36,13 @@ alertmanager_smtp_receivers_extra: []
 #        send_resolved: true
 
 # OAuth
-alertmanager_oauth_id: ~
+alertmanager_oauth_compose_file: '{{ alertmanager_service_path }}/docker-compose.oauth.yml'
-alertmanager_oauth_secret: ~
-alertmanager_oauth_cookie_secret: ~
-alertmanager_oauth_gh_org: ~
-alertmanager_oauth_gh_teams: []
 alertmanager_oauth_cont_port: 8092
-alertmanager_oauth_cont_tag: 'v7.2.1-amd64'
+#alertmanager_oauth_id: ~
-alertmanager_oauth_cont_image: 'quay.io/oauth2-proxy/oauth2-proxy:{{ alertmanager_oauth_cont_tag }}'
+#alertmanager_oauth_secret: ~
+#alertmanager_oauth_cookie_secret: ~
+#alertmanager_oauth_gh_org: ~
+alertmanager_oauth_gh_teams: []
 
 # Route configuration
 alertmanager_group_by: ['alertname', 'fleet']

tasks/consul.yml

@@ -14,18 +14,6 @@
             type: 'http'
             http: 'http://localhost:{{ alertmanager_webui_port }}/api/v1/receivers'
 
-      - name: '{{ alertmanager_service_name }}-oauth'
-        tags: ['oauth-proxy', 'alertmanager', 'ssl-proxy-backend']
-        port: '{{ alertmanager_oauth_cont_port }}'
-        address: '{{ ansible_local.wireguard.vpn_ip }}'
-        meta:
-          proxy_fqdn: '{{ alertmanager_domain | mandatory }}'
-        checks:
-          - id:   '{{ alertmanager_service_name }}-oauth-health'
-            name: 'AlertManager OAuth Health'
-            type: 'http'
-            http: 'http://localhost:{{ alertmanager_oauth_cont_port }}/ping'
-
 # We need to do this for discover step to work
 - name: Reload Consul right away
   systemd:

tasks/container.yml

@@ -1,5 +1,5 @@
 ---
-- name: Create compose file
+- name: Create app compose file
   template:
     src: 'docker-compose.yml.j2'
     dest: '{{ alertmanager_compose_file }}'
@@ -7,9 +7,26 @@
     group: 'docker'
     mode: 0640
 
+- name: Create OAuth compose file
+  include_role: name=oauth-proxy
+  vars:
+    oauth_service_name:  '{{ alertmanager_service_name }}-oauth'
+    oauth_service_path:  '{{ alertmanager_service_path }}'
+    oauth_compose_path:  '{{ alertmanager_oauth_compose_file }}'
+    oauth_domain:        '{{ alertmanager_domain | mandatory }}'
+    oauth_github_org:    '{{ alertmanager_oauth_gh_org | mandatory }}'
+    oauth_github_teams:  '{{ alertmanager_oauth_gh_teams | mandatory }}'
+    oauth_id:            '{{ alertmanager_oauth_id | mandatory }}'
+    oauth_secret:        '{{ alertmanager_oauth_secret | mandatory }}'
+    oauth_cookie_secret: '{{ alertmanager_oauth_cookie_secret | mandatory }}'
+    oauth_local_port:    '{{ alertmanager_oauth_cont_port | mandatory }}'
+    oauth_local_addr:    '0.0.0.0'
+    oauth_upstream_url:  'http://app:{{ alertmanager_webui_port }}/'
+
 - name: Create containers
   docker_compose:
     project_src: '{{ alertmanager_service_path }}'
+    files: ['{{ alertmanager_compose_file }}', '{{ alertmanager_oauth_compose_file }}']
     pull: true
     build: false
     state: '{{ compose_state }}'

templates/docker-compose.yml.j2

@@ -30,28 +30,3 @@ services:
       - '--cluster.peer={{ peer.ServiceAddress }}:{{ alertmanager_cluster_port }}' # {{ peer.Node }}
 {% endif %}
 {% endfor %}
-{% if alertmanager_oauth_id %}
-
-  oauth:
-    container_name: '{{ alertmanager_service_name }}-oauth'
-    image: '{{ alertmanager_oauth_cont_image }}'
-    user: 'root'
-    restart: 'always'
-    ports:
-      - '0.0.0.0:{{ alertmanager_oauth_cont_port }}:{{ alertmanager_oauth_cont_port }}' # Web UI
-    command: |
-      --email-domain='*'
-      --provider='github'
-      --github-org='{{ alertmanager_oauth_gh_org | mandatory }}'
-{% if alertmanager_oauth_gh_teams %}
-      --github-team='{{ alertmanager_oauth_gh_teams | join(",") }}'
-{% endif %}
-      --cookie-domain='{{ alertmanager_domain | mandatory }}'
-      --cookie-secret='{{ alertmanager_oauth_cookie_secret | mandatory }}'
-      --client-id='{{ alertmanager_oauth_id | mandatory }}'
-      --client-secret='{{ alertmanager_oauth_secret | mandatory }}'
-      --redirect-url='https://{{ alertmanager_domain }}/oauth2/callback'
-      --http-address='0.0.0.0:{{ alertmanager_oauth_cont_port | mandatory }}'
-      --upstream='http://app:{{ alertmanager_webui_port }}/'
-      --request-logging=false
-{% endif %}