배포 시 세션 유실 방지를 위한 워크플로우 및 RP 초기화 로직 개선

2026-03-24 10:03:00 +09:00
parent 64e7c5241e
commit d1c5ad8d33
2 changed files with 18 additions and 18 deletions
--- a/docker/staging_pull_compose.template.yaml
+++ b/docker/staging_pull_compose.template.yaml
@@ -275,13 +275,20 @@ services:
        tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra
        rm /tmp/hydra.tar.gz

-        hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true
-        hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true
-        hydra delete oauth2-client --endpoint http://hydra:4445 $${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect} >/dev/null 2>&1 || true
+        # Function to create or update OAuth2 client (Idempotency)
+        upsert_client() {
+          ID=$1
+          shift
+          if hydra get oauth2-client --endpoint http://hydra:4445 "$ID" >/dev/null 2>&1; then
+            echo "Updating existing client: $ID"
+            hydra update oauth2-client --endpoint http://hydra:4445 "$ID" "$@"
+          else
+            echo "Creating new client: $ID"
+            hydra create oauth2-client --endpoint http://hydra:4445 --id "$ID" "$@"
+          fi
+        }

-        hydra create oauth2-client \
-          --endpoint http://hydra:4445 \
-          --id adminfront \
+        upsert_client "adminfront" \
          --name "AdminFront" \
          --grant-type authorization_code,refresh_token \
          --response-type code \
@@ -289,9 +296,7 @@ services:
          --token-endpoint-auth-method none \
          --redirect-uri "$${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback}"

-        hydra create oauth2-client \
-          --endpoint http://hydra:4445 \
-          --id devfront \
+        upsert_client "devfront" \
          --name "DevFront" \
          --grant-type authorization_code,refresh_token \
          --response-type code \
@@ -299,9 +304,7 @@ services:
          --token-endpoint-auth-method none \
          --redirect-uri "$${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback}"

-        hydra create oauth2-client \
-          --endpoint http://hydra:4445 \
-          --id "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \
+        upsert_client "$${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}" \
          --secret "$${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}" \
          --grant-type client_credentials \
          --response-type token \