You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dlab.apache.org by my...@apache.org on 2019/12/10 16:10:59 UTC

[incubator-dlab] branch DLAB-1363 created (now 3befbd1)

This is an automated email from the ASF dual-hosted git repository.

mykolabodnar pushed a change to branch DLAB-1363
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git.


      at 3befbd1  [DLAB-1363] - SSO and Superset fixed for keycloak auth via any url

This branch includes the following new commits:

     new 3befbd1  [DLAB-1363] - SSO and Superset fixed for keycloak auth via any url

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org

[incubator-dlab] 01/01: [DLAB-1363] - SSO and Superset fixed for keycloak auth via any url

Posted by my...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

mykolabodnar pushed a commit to branch DLAB-1363
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git

commit 3befbd124545df0cbcc31b66f8d275655d4fdbda
Author: Mykola_Bodnar1 <bo...@gmail.com>
AuthorDate: Tue Dec 10 18:10:41 2019 +0200

    [DLAB-1363] - SSO and Superset fixed for keycloak auth via any url
---
 .../src/general/lib/os/debian/edge_lib.py                      |  4 +---
 infrastructure-provisioning/src/general/lib/os/fab.py          |  5 ++---
 .../src/project/templates/conf.d/proxy.conf                    |  2 +-
 infrastructure-provisioning/src/project/templates/nginx.conf   |  2 ++
 .../src/superset/templates/id_provider.json                    | 10 +++++-----
 .../src/superset/templates/superset_config.py                  |  2 +-
 6 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
index 7d40b1e..c874eca 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
@@ -23,7 +23,6 @@
 
 import os
 import sys
-import re
 from fabric.api import *
 from fabric.contrib.files import exists
 
@@ -117,9 +116,8 @@ def install_nginx_lua(edge_ip, nginx_version, keycloak_auth_server_url, keycloak
             sudo('rm -f /etc/nginx/nginx.conf')
             sudo('mkdir -p /opt/dlab/templates')
             put('/root/templates', '/opt/dlab', use_sudo=True)
-            keycloak_auth_server_ip = ''.join(re.findall('(?:[12]?\\d?\\d\\.){3}[12]?\\d?\\d:\d+', keycloak_auth_server_url))
             sudo('sed -i \'s/EDGE_IP/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(edge_ip))
-            sudo('sed -i \'s/KEYCLOAK_SERVER_IP/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_auth_server_ip))
+            sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_auth_server_url))
             sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_realm_name))
             sudo('sed -i \'s/KEYCLOAK_CLIENT_ID/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_client_id))
             sudo('sed -i \'s/KEYCLOAK_CLIENT_SECRET/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_client_secret))
diff --git a/infrastructure-provisioning/src/general/lib/os/fab.py b/infrastructure-provisioning/src/general/lib/os/fab.py
index bbb5e39..3a9d876 100644
--- a/infrastructure-provisioning/src/general/lib/os/fab.py
+++ b/infrastructure-provisioning/src/general/lib/os/fab.py
@@ -877,14 +877,13 @@ def configure_superset(os_user, keycloak_auth_server_url, keycloak_realm_name, k
             sudo('mkdir -p /opt/dlab/templates')
             put('/root/templates', '/opt/dlab', use_sudo=True)
             sudo('sed -i \'s/OS_USER/{}/g\' /opt/dlab/templates/.env'.format(os_user))
-            keycloak_auth_server_ip = ''.join(re.findall('(?:[12]?\\d?\\d\\.){3}[12]?\\d?\\d:\d+', keycloak_auth_server_url))
             proxy_string = '{}:3128'.format(edge_instance_private_ip)
-            sudo('sed -i \'s/KEYCLOAK_AUTH_SERVER_URL/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_auth_server_ip))
+            sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/id_provider.json'.format(keycloak_auth_server_url))
             sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_realm_name))
             sudo('sed -i \'s/CLIENT_ID/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_client_id))
             sudo('sed -i \'s/CLIENT_SECRET/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_client_secret))
             sudo('sed -i \'s/PROXY_STRING/{}/g\' /opt/dlab/templates/docker-compose.yml'.format(proxy_string))
-            sudo('sed -i \'s/KEYCLOAK_AUTH_SERVER_URL/{}/g\' /opt/dlab/templates/superset_config.py'.format(keycloak_auth_server_ip))
+            sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/superset_config.py'.format(keycloak_auth_server_url))
             sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/superset_config.py'.format(keycloak_realm_name))
             sudo('sed -i \'s/EDGE_IP/{}/g\' /opt/dlab/templates/superset_config.py'.format(edge_instance_public_ip))
             sudo('sed -i \'s/SUPERSET_NAME/{}/g\' /opt/dlab/templates/superset_config.py'.format(superset_name))
diff --git a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
index b166519..49557d2 100644
--- a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
+++ b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
@@ -26,7 +26,7 @@ server {
           local opts = {
             redirect_uri_path = "/*",
             accept_none_alg = true,
-            discovery = "http://KEYCLOAK_SERVER_IP/auth/realms/KEYCLOAK_REALM_NAME/.well-known/openid-configuration",
+            discovery = "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/.well-known/openid-configuration",
             client_id = "KEYCLOAK_CLIENT_ID",
             client_secret = "KEYCLOAK_CLIENT_SECRET",
             ssl_verify = "no",
diff --git a/infrastructure-provisioning/src/project/templates/nginx.conf b/infrastructure-provisioning/src/project/templates/nginx.conf
index 7ce18ca..d012375 100644
--- a/infrastructure-provisioning/src/project/templates/nginx.conf
+++ b/infrastructure-provisioning/src/project/templates/nginx.conf
@@ -47,6 +47,8 @@ http {
     proxy_read_timeout 86400s;
     proxy_send_timeout 86400s;
     client_max_body_size 50M;
+    resolver 8.8.8.8;
+    resolver_timeout 10s;
 
     include             /etc/nginx/mime.types;
     default_type        application/octet-stream;
diff --git a/infrastructure-provisioning/src/superset/templates/id_provider.json b/infrastructure-provisioning/src/superset/templates/id_provider.json
index 4987ebc..0269079 100644
--- a/infrastructure-provisioning/src/superset/templates/id_provider.json
+++ b/infrastructure-provisioning/src/superset/templates/id_provider.json
@@ -1,12 +1,12 @@
 {
     "web": {
-        "issuer": "http://KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME",
-        "auth_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/auth",
+        "issuer": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME",
+        "auth_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/auth",
         "client_id": "CLIENT_ID",
         "client_secret": "CLIENT_SECRET",
-        "token_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token",
-        "token_introspection_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token/introspect",
-        "userinfo_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/userinfo",
+        "token_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token",
+        "token_introspection_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token/introspect",
+        "userinfo_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/userinfo",
         "ssl-required": "none"
     }
 }
diff --git a/infrastructure-provisioning/src/superset/templates/superset_config.py b/infrastructure-provisioning/src/superset/templates/superset_config.py
index a57c85e..b8830af 100644
--- a/infrastructure-provisioning/src/superset/templates/superset_config.py
+++ b/infrastructure-provisioning/src/superset/templates/superset_config.py
@@ -64,6 +64,6 @@ AUTH_USER_REGISTRATION_ROLE = "Admin"
 CUSTOM_SECURITY_MANAGER = SupersetOIDCSecurityManager
 OIDC_CLIENT_SECRETS = '/home/superset/superset/id_provider.json'
 OIDC_COOKIE_SECURE = False
-OIDC_VALID_ISSUERS = 'http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME'
+OIDC_VALID_ISSUERS = 'KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME'
 WTF_CSRF_ENABLED = False
 OVERWRITE_REDIRECT_URI = 'http://EDGE_IP/SUPERSET_NAME/oidc_callback'


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org