This is an automated email from the ASF dual-hosted git repository. lfrolov pushed a commit to branch DATALAB-3073 in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit 2f3cae2a0cdcb83ec6875fb8c38411c36ea6a083 Author: leonidfrolov <[email protected]> AuthorDate: Thu Oct 13 11:16:38 2022 +0300 [DATALAB-3073]: added client creation and termination for aws --- .../scripts/aws/common_terminate_notebook.py | 38 ++++++++++++++++++++++ .../src/general/scripts/aws/jupyter_configure.py | 38 ++++++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/infrastructure-provisioning/src/general/scripts/aws/common_terminate_notebook.py b/infrastructure-provisioning/src/general/scripts/aws/common_terminate_notebook.py index a7e92f1b9..46ea321a2 100644 --- a/infrastructure-provisioning/src/general/scripts/aws/common_terminate_notebook.py +++ b/infrastructure-provisioning/src/general/scripts/aws/common_terminate_notebook.py @@ -65,6 +65,44 @@ def terminate_nb(nb_tag_value, bucket_name, tag_name): except: sys.exit(1) + if os.environ['notebook_create_keycloak_client'] == 'True': + logging.info("Terminating notebook keycloak client") + try: + keycloak_auth_server_url = '{}/realms/master/protocol/openid-connect/token'.format( + os.environ['keycloak_auth_server_url']) + keycloak_client_url = '{0}/admin/realms/{1}/clients'.format(os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name']) + + keycloak_auth_data = { + "username": os.environ['keycloak_user'], + "password": os.environ['keycloak_user_password'], + "grant_type": "password", + "client_id": "admin-cli", + } + + client_params = { + "clientId": "{}-{}-{}-{}".format(notebook_config['service_base_name'], notebook_config['project_name'], + notebook_config['endpoint_name'], notebook_config['exploratory_name']) + } + + keycloak_token = requests.post(keycloak_auth_server_url, data=keycloak_auth_data).json() + + keycloak_get_id_client = requests.get(keycloak_client_url, data=keycloak_auth_data, params=client_params, + headers={"Authorization": "Bearer " + keycloak_token.get("access_token"), + "Content-Type": "application/json"}) + json_keycloak_client_id = json.loads(keycloak_get_id_client.text) + keycloak_id_client = json_keycloak_client_id[0]['id'] + + keycloak_client_delete_url = '{0}/admin/realms/{1}/clients/{2}'.format(os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], + keycloak_id_client) + + requests.delete(keycloak_client_delete_url, + headers={"Authorization": "Bearer " + keycloak_token.get("access_token"), + "Content-Type": "application/json"}) + except Exception as err: + logging.error("Failed to remove project client from Keycloak", str(err)) + if __name__ == "__main__": # generating variables dictionary diff --git a/infrastructure-provisioning/src/general/scripts/aws/jupyter_configure.py b/infrastructure-provisioning/src/general/scripts/aws/jupyter_configure.py index 1f761a399..bf6a7fbc2 100644 --- a/infrastructure-provisioning/src/general/scripts/aws/jupyter_configure.py +++ b/infrastructure-provisioning/src/general/scripts/aws/jupyter_configure.py @@ -296,6 +296,44 @@ if __name__ == "__main__": datalab.actions_lib.remove_ec2(notebook_config['tag_name'], notebook_config['instance_name']) sys.exit(1) + if os.environ['notebook_create_keycloak_client'] == 'True': + try: + logging.info('[SETUP KEYCLOAK CLIENT]') + notebook_config['keycloak_client_name'] = '{}-{}-{}-{}'\ + .format(notebook_config['service_base_name'], notebook_config['project_name'], + notebook_config['endpoint_name'], notebook_config['exploratory_name']) + notebook_config['keycloak_client_secret'] = str(uuid.uuid4()) + keycloak_params = "--service_base_name {} --keycloak_auth_server_url {} --keycloak_realm_name {} " \ + "--keycloak_user {} --keycloak_user_password {} --keycloak_client_secret {} " \ + "--project_name {} --endpoint_name {} --exploratory_name {}"\ + .format(notebook_config['service_base_name'], os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], os.environ['keycloak_user'], + os.environ['keycloak_user_password'], notebook_config['keycloak_client_secret'], + notebook_config['project_name'], notebook_config['endpoint_name'], + notebook_config['exploratory_name']) + try: + subprocess.run("~/scripts/{}.py {}".format('configure_keycloak', keycloak_params), shell=True, check=True) + except: + datalab.fab.append_result("Failed setup keycloak client") + raise Exception + + try: + conn = datalab.fab.init_datalab_connection(instance_hostname, notebook_config['datalab_ssh_user'], + notebook_config['ssh_key_path'], '', False) + content = json.loads(conn.sudo("cat /home/{}/.local/share/jupyter/kernels/py3spark_local/kernel.json" + .format(notebook_config['datalab_ssh_user'])).stdout) + content['env']['KEYCLOAK_CLIENT'] = notebook_config['keycloak_client_name'] + content['env']['KEYCLOAK_SECRET'] = notebook_config['keycloak_client_secret'] + conn.sudo("echo '{}' > /home/{}/.local/share/jupyter/kernels/py3spark_local/kernel.json" + .format(json.dumps(content), notebook_config['datalab_ssh_user'])) + conn.sudo('systemctl restart jupyter-notebook') + except: + datalab.fab.append_result("Failed to write variables to .bashrc") + raise Exception + + except Exception as err: + datalab.fab.append_result("Failed setup keycloak client ", str(err)) + try: # generating output information ip_address = datalab.meta_lib.get_instance_ip_address(notebook_config['tag_name'], --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
