mgr/cephadm: adding spec fields for oauth2-proxy whitelist_domains

this field is needed in order to configure which domains are allowed
for redirection during login and/or logout

Fixes: https://tracker.ceph.com/issues/67934

Signed-off-by: Redouane Kachach <rkachach@redhat.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index 0efd10545c6..2b1afc141d8 100644
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -1920,6 +1920,7 @@ class OAuth2ProxySpec(ServiceSpec):
                  cookie_secret: Optional[str] = None,
                  ssl_certificate: Optional[str] = None,
                  ssl_certificate_key: Optional[str] = None,
+                 whitelist_domains: Optional[List[str]] = None,
                  unmanaged: bool = False,
                  extra_container_args: Optional[GeneralArgList] = None,
                  extra_entrypoint_args: Optional[GeneralArgList] = None,
@@ -1955,6 +1956,9 @@ class OAuth2ProxySpec(ServiceSpec):
         self.ssl_certificate = ssl_certificate
         #: The multi-line SSL certificate private key for decrypting communications.
         self.ssl_certificate_key = ssl_certificate_key
+        #: List of allowed domains for safe redirection after login or logout,
+        # preventing unauthorized redirects.
+        self.whitelist_domains = whitelist_domains
         self.unmanaged = unmanaged
 
     def get_port_start(self) -> List[int]: