mgr/cephadm: adding spec fields for oauth2-proxy whitelist_domains

this field is needed in order to configure which domains are allowed
for redirection during login and/or logout

Fixes: https://tracker.ceph.com/issues/67934

Signed-off-by: Redouane Kachach <rkachach@redhat.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/src/pybind/mgr/cephadm/services/oauth2_proxy.py b/src/pybind/mgr/cephadm/services/oauth2_proxy.py
index a84f44817ee..c19005c95f3 100644
--- a/src/pybind/mgr/cephadm/services/oauth2_proxy.py
+++ b/src/pybind/mgr/cephadm/services/oauth2_proxy.py
@@ -67,10 +67,12 @@ class OAuth2ProxyService(CephadmService):
     def generate_config(self, daemon_spec: CephadmDaemonDeploySpec) -> Tuple[Dict[str, Any], List[str]]:
         assert self.TYPE == daemon_spec.daemon_type
         svc_spec = cast(OAuth2ProxySpec, self.mgr.spec_store[daemon_spec.service_name].spec)
+        whitelist_domains = svc_spec.whitelist_domains or []
+        whitelist_domains += self.get_service_ips_and_hosts('mgmt-gateway')
         context = {
             'spec': svc_spec,
             'cookie_secret': svc_spec.cookie_secret or self.generate_random_secret(),
-            'whitelist_domains': self.get_service_ips_and_hosts('mgmt-gateway'),
+            'whitelist_domains': whitelist_domains,
             'redirect_url': svc_spec.redirect_url or self.get_redirect_url()
         }