This is an automated email from the ASF dual-hosted git repository. lfrolov pushed a commit to branch DATALAB-1342 in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit b289e2693dc8a809ebda5cc08fcd1e9d720d1631 Author: leonidfrolov <[email protected]> AuthorDate: Mon Aug 30 16:19:16 2021 +0300 [DATALAB-1342]: added keycloak ssn client creation during ssn deployment and deletion during ssn termination --- .../scripts/configure_keycloak.py | 11 ++++--- .../src/general/scripts/aws/edge_configure.py | 2 +- .../src/general/scripts/aws/ssn_configure.py | 15 +++++++++ .../src/general/scripts/aws/ssn_terminate.py | 38 ++++++++++++++++++++++ .../src/general/scripts/azure/edge_configure.py | 2 +- .../src/general/scripts/azure/ssn_configure.py | 15 +++++++++ .../src/general/scripts/azure/ssn_terminate.py | 38 ++++++++++++++++++++++ .../src/general/scripts/gcp/edge_configure.py | 2 +- .../src/general/scripts/gcp/ssn_configure.py | 15 +++++++++ .../src/general/scripts/gcp/ssn_terminate.py | 22 +++++++++++++ 10 files changed, 153 insertions(+), 7 deletions(-) diff --git a/infrastructure-provisioning/src/project/scripts/configure_keycloak.py b/infrastructure-provisioning/src/base/scripts/configure_keycloak.py similarity index 89% rename from infrastructure-provisioning/src/project/scripts/configure_keycloak.py rename to infrastructure-provisioning/src/base/scripts/configure_keycloak.py index 11850c7..538a665 100644 --- a/infrastructure-provisioning/src/project/scripts/configure_keycloak.py +++ b/infrastructure-provisioning/src/base/scripts/configure_keycloak.py @@ -36,7 +36,7 @@ parser.add_argument('--keycloak_realm_name', type=str, default='') parser.add_argument('--keycloak_user', type=str, default='') parser.add_argument('--keycloak_user_password', type=str, default='') parser.add_argument('--keycloak_client_secret', type=str, default='') -parser.add_argument('--edge_public_ip', type=str, default='') +parser.add_argument('--instance_public_ip', type=str, default='') parser.add_argument('--hostname', type=str, default='') parser.add_argument('--project_name', type=str, default='') parser.add_argument('--endpoint_name', type=str, default='') @@ -60,14 +60,17 @@ if __name__ == "__main__": keycloak_client_create_url = '{0}/admin/realms/{1}/clients'.format(args.keycloak_auth_server_url, args.keycloak_realm_name) - keycloak_client_name = "{0}-{1}-{2}".format(args.service_base_name, args.project_name, args.endpoint_name) + if args.project_name and args.endpoint_name: + keycloak_client_name = "{0}-{1}-{2}".format(args.service_base_name, args.project_name, args.endpoint_name) + else: + keycloak_client_name = "{0}-ui".format(args.service_base_name) keycloak_client_id = str(uuid.uuid4()) if args.hostname == '': - keycloak_redirectUris = 'https://{0}/*,http://{0}/*'.format(args.edge_public_ip).lower().split(',') + keycloak_redirectUris = 'https://{0}/*,http://{0}/*'.format(args.instance_public_ip).lower().split(',') print(keycloak_redirectUris) else: keycloak_redirectUris = 'https://{0}/*,http://{0}/*,https://{1}/*,http://{1}/*'.format( - args.edge_public_ip, args.hostname).lower().split(',') + args.instance_public_ip, args.hostname).lower().split(',') keycloak_client_data = { "clientId": keycloak_client_name, "id": keycloak_client_id, diff --git a/infrastructure-provisioning/src/general/scripts/aws/edge_configure.py b/infrastructure-provisioning/src/general/scripts/aws/edge_configure.py index 1257464..d79023c 100644 --- a/infrastructure-provisioning/src/general/scripts/aws/edge_configure.py +++ b/infrastructure-provisioning/src/general/scripts/aws/edge_configure.py @@ -248,7 +248,7 @@ if __name__ == "__main__": edge_conf['edge_hostname'] = "''" keycloak_params = "--service_base_name {} --keycloak_auth_server_url {} --keycloak_realm_name {} " \ "--keycloak_user {} --keycloak_user_password {} --keycloak_client_secret {} " \ - "--edge_public_ip {} --hostname {} --project_name {} --endpoint_name {} --hostname {} ".format( + "--instance_public_ip {} --hostname {} --project_name {} --endpoint_name {} --hostname {} ".format( edge_conf['service_base_name'], os.environ['keycloak_auth_server_url'], os.environ['keycloak_realm_name'], os.environ['keycloak_user'], os.environ['keycloak_user_password'], edge_conf['keycloak_client_secret'], diff --git a/infrastructure-provisioning/src/general/scripts/aws/ssn_configure.py b/infrastructure-provisioning/src/general/scripts/aws/ssn_configure.py index eceb451..f040c82 100644 --- a/infrastructure-provisioning/src/general/scripts/aws/ssn_configure.py +++ b/infrastructure-provisioning/src/general/scripts/aws/ssn_configure.py @@ -625,6 +625,21 @@ if __name__ == "__main__": clear_resources() sys.exit(1) + ssn_conf['keycloak_client_secret'] = str(uuid.uuid4()) + keycloak_params = "--service_base_name {} --keycloak_auth_server_url {} --keycloak_realm_name {} " \ + "--keycloak_user {} --keycloak_user_password {} --keycloak_client_secret {} " \ + "--edge_public_ip {} " \ + .format(ssn_conf['service_base_name'], os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], os.environ['keycloak_user'], + os.environ['keycloak_user_password'], ssn_conf['keycloak_client_secret'], + datalab.meta_lib.get_instance_hostname(ssn_conf['tag_name'], ssn_conf['instance_name'])) + try: + subprocess.run("~/scripts/{}.py {}".format('configure_keycloak', keycloak_params), shell=True, check=True) + except Exception as err: + datalab.fab.append_result("Failed to create ssn keycloak client: " + str(err)) + #clear_resources() + #sys.exit(1) + try: logging.info('[SUMMARY]') print('[SUMMARY]') diff --git a/infrastructure-provisioning/src/general/scripts/aws/ssn_terminate.py b/infrastructure-provisioning/src/general/scripts/aws/ssn_terminate.py index 1dd2ffe..0c0e624 100644 --- a/infrastructure-provisioning/src/general/scripts/aws/ssn_terminate.py +++ b/infrastructure-provisioning/src/general/scripts/aws/ssn_terminate.py @@ -68,6 +68,44 @@ if __name__ == "__main__": sys.exit(1) try: + print('[KEYCLOAK SSN CLIENT DELETE]') + logging.info('[KEYCLOAK SSN CLIENT DELETE]') + keycloak_auth_server_url = '{}/realms/master/protocol/openid-connect/token'.format( + os.environ['keycloak_auth_server_url']) + keycloak_client_url = '{0}/admin/realms/{1}/clients'.format(os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name']) + + keycloak_auth_data = { + "username": os.environ['keycloak_user'], + "password": os.environ['keycloak_user_password'], + "grant_type": "password", + "client_id": "admin-cli", + } + + client_params = { + "clientId": '{}-ui'.format(ssn_conf['service_base_name']) + } + + keycloak_token = requests.post(keycloak_auth_server_url, data=keycloak_auth_data).json() + + keycloak_get_id_client = requests.get(keycloak_client_url, data=keycloak_auth_data, params=client_params, + headers={"Authorization": "Bearer " + keycloak_token.get("access_token"), + "Content-Type": "application/json"}) + json_keycloak_client_id = json.loads(keycloak_get_id_client.text) + keycloak_id_client = json_keycloak_client_id[0]['id'] + + keycloak_client_delete_url = '{0}/admin/realms/{1}/clients/{2}'.format(os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], + keycloak_id_client) + + keycloak_client = requests.delete( + keycloak_client_delete_url, + headers={"Authorization": "Bearer {}".format(keycloak_token.get("access_token")), + "Content-Type": "application/json"}) + except Exception as err: + print("Failed to remove ssn client from Keycloak", str(err)) + + try: with open("/root/result.json", 'w') as result: res = {"service_base_name": ssn_conf['service_base_name'], "Action": "Terminate ssn with all service_base_name environment"} diff --git a/infrastructure-provisioning/src/general/scripts/azure/edge_configure.py b/infrastructure-provisioning/src/general/scripts/azure/edge_configure.py index b7ca24e..46a9607 100644 --- a/infrastructure-provisioning/src/general/scripts/azure/edge_configure.py +++ b/infrastructure-provisioning/src/general/scripts/azure/edge_configure.py @@ -247,7 +247,7 @@ if __name__ == "__main__": edge_conf['edge_hostname'] = "''" keycloak_params = "--service_base_name {} --keycloak_auth_server_url {} --keycloak_realm_name {} " \ "--keycloak_user {} --keycloak_user_password {} --keycloak_client_secret {} " \ - "--edge_public_ip {} --project_name {} --endpoint_name {} --hostname {} ".format( + "--instance_public_ip {} --project_name {} --endpoint_name {} --hostname {} ".format( edge_conf['service_base_name'], os.environ['keycloak_auth_server_url'], os.environ['keycloak_realm_name'], os.environ['keycloak_user'], os.environ['keycloak_user_password'], diff --git a/infrastructure-provisioning/src/general/scripts/azure/ssn_configure.py b/infrastructure-provisioning/src/general/scripts/azure/ssn_configure.py index 3809db5..e77ec28 100644 --- a/infrastructure-provisioning/src/general/scripts/azure/ssn_configure.py +++ b/infrastructure-provisioning/src/general/scripts/azure/ssn_configure.py @@ -516,6 +516,21 @@ if __name__ == "__main__": datalab.fab.append_result("Unable to configure UI.", str(err)) sys.exit(1) + ssn_conf['keycloak_client_secret'] = str(uuid.uuid4()) + keycloak_params = "--service_base_name {} --keycloak_auth_server_url {} --keycloak_realm_name {} " \ + "--keycloak_user {} --keycloak_user_password {} --keycloak_client_secret {} " \ + "--edge_public_ip {} " \ + .format(ssn_conf['service_base_name'], os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], os.environ['keycloak_user'], + os.environ['keycloak_user_password'], ssn_conf['keycloak_client_secret'], + datalab.meta_lib.get_instance_hostname(ssn_conf['tag_name'], ssn_conf['instance_name'])) + try: + subprocess.run("~/scripts/{}.py {}".format('configure_keycloak', keycloak_params), shell=True, check=True) + except Exception as err: + datalab.fab.append_result("Failed to create ssn keycloak client: " + str(err)) + #clear_resources() + #sys.exit(1) + try: logging.info('[SUMMARY]') diff --git a/infrastructure-provisioning/src/general/scripts/azure/ssn_terminate.py b/infrastructure-provisioning/src/general/scripts/azure/ssn_terminate.py index 38ebffc..0423aac 100644 --- a/infrastructure-provisioning/src/general/scripts/azure/ssn_terminate.py +++ b/infrastructure-provisioning/src/general/scripts/azure/ssn_terminate.py @@ -157,6 +157,44 @@ def terminate_ssn_node(resource_group_name, service_base_name, vpc_name, region) datalab.fab.append_result("Failed to remove resource group", str(err)) sys.exit(1) + try: + print('[KEYCLOAK SSN CLIENT DELETE]') + logging.info('[KEYCLOAK SSN CLIENT DELETE]') + keycloak_auth_server_url = '{}/realms/master/protocol/openid-connect/token'.format( + os.environ['keycloak_auth_server_url']) + keycloak_client_url = '{0}/admin/realms/{1}/clients'.format(os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name']) + + keycloak_auth_data = { + "username": os.environ['keycloak_user'], + "password": os.environ['keycloak_user_password'], + "grant_type": "password", + "client_id": "admin-cli", + } + + client_params = { + "clientId": '{}-ui'.format(ssn_conf['service_base_name']) + } + + keycloak_token = requests.post(keycloak_auth_server_url, data=keycloak_auth_data).json() + + keycloak_get_id_client = requests.get(keycloak_client_url, data=keycloak_auth_data, params=client_params, + headers={"Authorization": "Bearer " + keycloak_token.get("access_token"), + "Content-Type": "application/json"}) + json_keycloak_client_id = json.loads(keycloak_get_id_client.text) + keycloak_id_client = json_keycloak_client_id[0]['id'] + + keycloak_client_delete_url = '{0}/admin/realms/{1}/clients/{2}'.format(os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], + keycloak_id_client) + + keycloak_client = requests.delete( + keycloak_client_delete_url, + headers={"Authorization": "Bearer {}".format(keycloak_token.get("access_token")), + "Content-Type": "application/json"}) + except Exception as err: + print("Failed to remove ssn client from Keycloak", str(err)) + if __name__ == "__main__": local_log_filename = "{}_{}.log".format(os.environ['conf_resource'], os.environ['request_id']) diff --git a/infrastructure-provisioning/src/general/scripts/gcp/edge_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/edge_configure.py index 7507d59..ac7fbb0 100644 --- a/infrastructure-provisioning/src/general/scripts/gcp/edge_configure.py +++ b/infrastructure-provisioning/src/general/scripts/gcp/edge_configure.py @@ -254,7 +254,7 @@ if __name__ == "__main__": edge_conf['edge_hostname'] = "''" keycloak_params = "--service_base_name {} --keycloak_auth_server_url {} --keycloak_realm_name {} " \ "--keycloak_user {} --keycloak_user_password {} --keycloak_client_secret {} " \ - "--edge_public_ip {} --project_name {} --endpoint_name {} --hostname {} " \ + "--instance_public_ip {} --project_name {} --endpoint_name {} --hostname {} " \ .format(edge_conf['service_base_name'], os.environ['keycloak_auth_server_url'], os.environ['keycloak_realm_name'], os.environ['keycloak_user'], os.environ['keycloak_user_password'], diff --git a/infrastructure-provisioning/src/general/scripts/gcp/ssn_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/ssn_configure.py index 6282be4..aa02e0b 100644 --- a/infrastructure-provisioning/src/general/scripts/gcp/ssn_configure.py +++ b/infrastructure-provisioning/src/general/scripts/gcp/ssn_configure.py @@ -525,6 +525,21 @@ if __name__ == "__main__": clear_resources() sys.exit(1) + ssn_conf['keycloak_client_secret'] = str(uuid.uuid4()) + keycloak_params = "--service_base_name {} --keycloak_auth_server_url {} --keycloak_realm_name {} " \ + "--keycloak_user {} --keycloak_user_password {} --keycloak_client_secret {} " \ + "--edge_public_ip {} " \ + .format(ssn_conf['service_base_name'], os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], os.environ['keycloak_user'], + os.environ['keycloak_user_password'], ssn_conf['keycloak_client_secret'], + datalab.meta_lib.get_instance_hostname(ssn_conf['tag_name'], ssn_conf['instance_name'])) + try: + subprocess.run("~/scripts/{}.py {}".format('configure_keycloak', keycloak_params), shell=True, check=True) + except Exception as err: + datalab.fab.append_result("Failed to create ssn keycloak client: " + str(err)) + #clear_resources() + #sys.exit(1) + try: logging.info('[SUMMARY]') print('[SUMMARY]') diff --git a/infrastructure-provisioning/src/general/scripts/gcp/ssn_terminate.py b/infrastructure-provisioning/src/general/scripts/gcp/ssn_terminate.py index efe84cf..e703df4 100644 --- a/infrastructure-provisioning/src/general/scripts/gcp/ssn_terminate.py +++ b/infrastructure-provisioning/src/general/scripts/gcp/ssn_terminate.py @@ -68,6 +68,28 @@ if __name__ == "__main__": sys.exit(1) try: + print('[KEYCLOAK SSN CLIENT DELETE]') + logging.info('[KEYCLOAK SSN CLIENT DELETE]') + keycloak_auth_server_url = '{}/realms/master/protocol/openid-connect/token'.format(os.environ['keycloak_auth_server_url']) + keycloak_client_url = '{0}/admin/realms/{1}/clients'.format(os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name']) + keycloak_auth_data = {"username": os.environ['keycloak_user'], "password": os.environ['keycloak_user_password'], + "grant_type": "password", "client_id": "admin-cli"} + client_params = {"clientId": '{}-ui'.format(ssn_conf['service_base_name'])} + keycloak_token = requests.post(keycloak_auth_server_url, data=keycloak_auth_data).json() + keycloak_get_id_client = requests.get(keycloak_client_url, data=keycloak_auth_data, params=client_params, + headers={"Authorization": "Bearer " + keycloak_token.get("access_token"), + "Content-Type": "application/json"}) + json_keycloak_client_id = json.loads(keycloak_get_id_client.text) + keycloak_id_client = json_keycloak_client_id[0]['id'] + keycloak_client_delete_url = '{0}/admin/realms/{1}/clients/{2}'.format(os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], keycloak_id_client) + keycloak_client = requests.delete(keycloak_client_delete_url, headers={"Authorization": "Bearer {}" + .format(keycloak_token.get("access_token")), "Content-Type": "application/json"}) + except Exception as err: + print("Failed to remove ssn client from Keycloak", str(err)) + + try: with open("/root/result.json", 'w') as result: res = {"service_base_name": ssn_conf['service_base_name'], "Action": "Terminate ssn with all service_base_name environment"} --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
