From c61cf5a48fb4548321aae0c8a3e5babf790fc1fe Mon Sep 17 00:00:00 2001
From: Filippo Ledda <filippo@metacell.us>
Date: Wed, 19 Jan 2022 17:54:15 +0100
Subject: [PATCH] #344 unauthorized paged improved on gatekeeper

---
 .../helm/templates/auto-gatekeepers.yaml      | 43 ++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/utilities/cloudharness_utilities/deployment-configuration/helm/templates/auto-gatekeepers.yaml b/utilities/cloudharness_utilities/deployment-configuration/helm/templates/auto-gatekeepers.yaml
index abf9718e..18b9f100 100644
--- a/utilities/cloudharness_utilities/deployment-configuration/helm/templates/auto-gatekeepers.yaml
+++ b/utilities/cloudharness_utilities/deployment-configuration/helm/templates/auto-gatekeepers.yaml
@@ -9,11 +9,12 @@ metadata:
     app: "{{ .app.harness.service.name }}-gk"
 data:
   proxy.yml: |-
-    verbose: true
+    verbose: {{ .root.Values.debug }}
     discovery-url: {{ ternary "https" "http" $tls}}://{{ .root.Values.apps.accounts.harness.subdomain }}.{{ .root.Values.domain }}/auth/realms/{{ .root.Values.namespace }}
     client-id: {{ .root.Values.apps.accounts.webclient.id | quote }}
     client-secret: {{ .root.Values.apps.accounts.webclient.secret }}
     secure-cookie: {{ $tls }}
+    forbidden-page: /templates/access-denied.html.tmpl
     listen: 0.0.0.0:8080
     enable-refresh-tokens: true
     tls-cert:
@@ -31,6 +32,43 @@ data:
     skip-openid-provider-tls-verify: true
     {{- end }}
   cacert.crt: {{ .files.Get "resources/certs/cacert.crt" | quote }}
+  access-denied.html.tmpl: |-
+    <!DOCTYPE html>
+    <html>
+    <head>
+      <meta charset="UTF-8">
+      <title>403 - Access Forbidden</title>
+      <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
+      <script src="https://code.jquery.com/jquery-1.11.3.min.js"></script>
+      <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
+      <style>
+        .oops {
+          font-size: 9em;
+          letter-spacing: 2px;
+        }
+        .message {
+          font-size: 3em;
+        }
+      </style>
+    </head>
+    <body>
+      <div class="container text-center">
+        <div class="row vcenter" style="margin-top: 20%;">
+          <div class="col-md-12">
+            <div class="error-template">
+              <h1 class="oops">Oops!</h1>
+              <h2 class="message">403 Permission Denied</h2>
+              <div class="error-details">
+                Sorry, you do not have access to this page, please contact your administrator.
+                If you have been assigned new authorizations try to <a href="/oauth/logout?redirect=/">login again</a>.
+              </div>
+            </div>
+          </div>
+        </div>
+    </div>
+
+    </body>
+    </html>
 ---
 apiVersion: v1
 kind: Service
@@ -82,6 +120,9 @@ spec:
         - name: "{{ .app.harness.service.name }}-gk-proxy-config"
           mountPath: /etc/pki/ca-trust/source/anchors/cacert.crt
           subPath: cacert.crt
+        - name: "{{ .app.harness.service.name }}-gk-proxy-config"
+          mountPath: /templates/access-denied.html.tmpl
+          subPath: access-denied.html.tmpl
         ports:
         - name: http
           containerPort: 8080