You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by my...@apache.org on 2019/12/10 16:11:00 UTC
[incubator-dlab] 01/01: [DLAB-1363] - SSO and Superset fixed for
keycloak auth via any url
This is an automated email from the ASF dual-hosted git repository.
mykolabodnar pushed a commit to branch DLAB-1363
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 3befbd124545df0cbcc31b66f8d275655d4fdbda
Author: Mykola_Bodnar1 <bo...@gmail.com>
AuthorDate: Tue Dec 10 18:10:41 2019 +0200
[DLAB-1363] - SSO and Superset fixed for keycloak auth via any url
---
.../src/general/lib/os/debian/edge_lib.py | 4 +---
infrastructure-provisioning/src/general/lib/os/fab.py | 5 ++---
.../src/project/templates/conf.d/proxy.conf | 2 +-
infrastructure-provisioning/src/project/templates/nginx.conf | 2 ++
.../src/superset/templates/id_provider.json | 10 +++++-----
.../src/superset/templates/superset_config.py | 2 +-
6 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
index 7d40b1e..c874eca 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
@@ -23,7 +23,6 @@
import os
import sys
-import re
from fabric.api import *
from fabric.contrib.files import exists
@@ -117,9 +116,8 @@ def install_nginx_lua(edge_ip, nginx_version, keycloak_auth_server_url, keycloak
sudo('rm -f /etc/nginx/nginx.conf')
sudo('mkdir -p /opt/dlab/templates')
put('/root/templates', '/opt/dlab', use_sudo=True)
- keycloak_auth_server_ip = ''.join(re.findall('(?:[12]?\\d?\\d\\.){3}[12]?\\d?\\d:\d+', keycloak_auth_server_url))
sudo('sed -i \'s/EDGE_IP/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(edge_ip))
- sudo('sed -i \'s/KEYCLOAK_SERVER_IP/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_auth_server_ip))
+ sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_auth_server_url))
sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_realm_name))
sudo('sed -i \'s/KEYCLOAK_CLIENT_ID/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_client_id))
sudo('sed -i \'s/KEYCLOAK_CLIENT_SECRET/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_client_secret))
diff --git a/infrastructure-provisioning/src/general/lib/os/fab.py b/infrastructure-provisioning/src/general/lib/os/fab.py
index bbb5e39..3a9d876 100644
--- a/infrastructure-provisioning/src/general/lib/os/fab.py
+++ b/infrastructure-provisioning/src/general/lib/os/fab.py
@@ -877,14 +877,13 @@ def configure_superset(os_user, keycloak_auth_server_url, keycloak_realm_name, k
sudo('mkdir -p /opt/dlab/templates')
put('/root/templates', '/opt/dlab', use_sudo=True)
sudo('sed -i \'s/OS_USER/{}/g\' /opt/dlab/templates/.env'.format(os_user))
- keycloak_auth_server_ip = ''.join(re.findall('(?:[12]?\\d?\\d\\.){3}[12]?\\d?\\d:\d+', keycloak_auth_server_url))
proxy_string = '{}:3128'.format(edge_instance_private_ip)
- sudo('sed -i \'s/KEYCLOAK_AUTH_SERVER_URL/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_auth_server_ip))
+ sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/id_provider.json'.format(keycloak_auth_server_url))
sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_realm_name))
sudo('sed -i \'s/CLIENT_ID/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_client_id))
sudo('sed -i \'s/CLIENT_SECRET/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_client_secret))
sudo('sed -i \'s/PROXY_STRING/{}/g\' /opt/dlab/templates/docker-compose.yml'.format(proxy_string))
- sudo('sed -i \'s/KEYCLOAK_AUTH_SERVER_URL/{}/g\' /opt/dlab/templates/superset_config.py'.format(keycloak_auth_server_ip))
+ sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/superset_config.py'.format(keycloak_auth_server_url))
sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/superset_config.py'.format(keycloak_realm_name))
sudo('sed -i \'s/EDGE_IP/{}/g\' /opt/dlab/templates/superset_config.py'.format(edge_instance_public_ip))
sudo('sed -i \'s/SUPERSET_NAME/{}/g\' /opt/dlab/templates/superset_config.py'.format(superset_name))
diff --git a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
index b166519..49557d2 100644
--- a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
+++ b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
@@ -26,7 +26,7 @@ server {
local opts = {
redirect_uri_path = "/*",
accept_none_alg = true,
- discovery = "http://KEYCLOAK_SERVER_IP/auth/realms/KEYCLOAK_REALM_NAME/.well-known/openid-configuration",
+ discovery = "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/.well-known/openid-configuration",
client_id = "KEYCLOAK_CLIENT_ID",
client_secret = "KEYCLOAK_CLIENT_SECRET",
ssl_verify = "no",
diff --git a/infrastructure-provisioning/src/project/templates/nginx.conf b/infrastructure-provisioning/src/project/templates/nginx.conf
index 7ce18ca..d012375 100644
--- a/infrastructure-provisioning/src/project/templates/nginx.conf
+++ b/infrastructure-provisioning/src/project/templates/nginx.conf
@@ -47,6 +47,8 @@ http {
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
client_max_body_size 50M;
+ resolver 8.8.8.8;
+ resolver_timeout 10s;
include /etc/nginx/mime.types;
default_type application/octet-stream;
diff --git a/infrastructure-provisioning/src/superset/templates/id_provider.json b/infrastructure-provisioning/src/superset/templates/id_provider.json
index 4987ebc..0269079 100644
--- a/infrastructure-provisioning/src/superset/templates/id_provider.json
+++ b/infrastructure-provisioning/src/superset/templates/id_provider.json
@@ -1,12 +1,12 @@
{
"web": {
- "issuer": "http://KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME",
- "auth_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/auth",
+ "issuer": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME",
+ "auth_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/auth",
"client_id": "CLIENT_ID",
"client_secret": "CLIENT_SECRET",
- "token_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token",
- "token_introspection_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token/introspect",
- "userinfo_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/userinfo",
+ "token_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token",
+ "token_introspection_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token/introspect",
+ "userinfo_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/userinfo",
"ssl-required": "none"
}
}
diff --git a/infrastructure-provisioning/src/superset/templates/superset_config.py b/infrastructure-provisioning/src/superset/templates/superset_config.py
index a57c85e..b8830af 100644
--- a/infrastructure-provisioning/src/superset/templates/superset_config.py
+++ b/infrastructure-provisioning/src/superset/templates/superset_config.py
@@ -64,6 +64,6 @@ AUTH_USER_REGISTRATION_ROLE = "Admin"
CUSTOM_SECURITY_MANAGER = SupersetOIDCSecurityManager
OIDC_CLIENT_SECRETS = '/home/superset/superset/id_provider.json'
OIDC_COOKIE_SECURE = False
-OIDC_VALID_ISSUERS = 'http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME'
+OIDC_VALID_ISSUERS = 'KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME'
WTF_CSRF_ENABLED = False
OVERWRITE_REDIRECT_URI = 'http://EDGE_IP/SUPERSET_NAME/oidc_callback'
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org