[incubator-dlab] 03/03: added validation for keycloak client. minor fixes

adamsd Tue, 05 Nov 2019 07:18:56 -0800

This is an automated email from the ASF dual-hosted git repository.

adamsd pushed a commit to branch adum-superset
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git


commit 4a192cbf0fd5f8bcfd6808ec94620358fa9d3cc6
Author: AdamsDisturber <[email protected]>
AuthorDate: Tue Nov 5 16:19:36 2019 +0200

    added validation for keycloak client. minor fixes
---
 .../src/general/scripts/gcp/superset_configure.py  | 40 +++++++++++++++-------
 .../src/superset/templates/superset_config.py      |  2 +-
 2 files changed, 29 insertions(+), 13 deletions(-)

diff --git 
a/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py 
b/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
index 81ae4ca..fe946fc 100644
--- a/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
+++ b/infrastructure-provisioning/src/general/scripts/gcp/superset_configure.py
@@ -126,19 +126,35 @@ if __name__ == "__main__":
             "grant_type": "password",
             "client_id": "admin-cli",
         }
-        keycloak_client_id = 
"{}-{}-superset".format(notebook_config['service_base_name'], 
notebook_config['project_name'])
-        keycloak_client_secret = uuid.uuid4()
-        keycloak_client_data = {
-            "clientId": keycloak_client_id,
-            "enabled": "true",
-            "redirectUris": ["*"],
-            "secret": keycloak_client_secret,
-        }
         try:
+            keycloak_client_id = 
"{}-{}-superset".format(notebook_config['service_base_name'],
+                                                         
notebook_config['project_name'])
+            client_params = {
+                "clientId": keycloak_client_id,
+            }
             keycloak_token = requests.post(keycloak_auth_server_url, 
data=keycloak_auth_data).json()
-            keycloak_client = requests.post(keycloak_client_create_url, 
json=keycloak_client_data, headers={"Authorization": "Bearer " + 
keycloak_token.get("access_token"), "Content-Type": "application/json"})
-        except:
-            append_result("Failed to configure keycloak")
+            keycloak_get_id_client = requests.get(keycloak_client_create_url, 
data=keycloak_auth_data, params=client_params, headers={"Authorization": 
"Bearer " + keycloak_token.get("access_token"), "Content-Type": 
"application/json"})
+            json_keycloak_client_id = json.loads(keycloak_get_id_client.text)
+            # Check, if response is not empty
+            if len(json_keycloak_client_id) != 0:
+                print('Keycloak client {} exists. Getting his required 
attributes.'.format(keycloak_client_id))
+                keycloak_id_client = json_keycloak_client_id[0]['id']
+                keycloak_client_get_secret_url = 
("{0}/{1}/client-secret".format(keycloak_client_create_url, keycloak_id_client))
+                keycloak_client_get_secret = 
requests.get(keycloak_client_get_secret_url, data=keycloak_auth_data, 
headers={"Authorization": "Bearer " + keycloak_token.get("access_token"), 
"Content-Type": "application/json"})
+                json_keycloak_client_secret = 
json.loads(keycloak_client_get_secret.text)
+                keycloak_client_secret = json_keycloak_client_secret['value']
+            else:
+                print('Keycloak client does not exists. Creating new client 
{0}.'.format(keycloak_client_id))
+                keycloak_client_secret = str(uuid.uuid4())
+                keycloak_client_data = {
+                    "clientId": keycloak_client_id,
+                    "enabled": "true",
+                    "redirectUris": ["*"],
+                    "secret": keycloak_client_secret,
+                }
+                keycloak_client = requests.post(keycloak_client_create_url, 
json=keycloak_client_data, headers={"Authorization": "Bearer " + 
keycloak_token.get("access_token"), "Content-Type": "application/json"})
+        except Exception as err:
+            append_result("Failed to configure keycloak.")
             raise Exception
     except Exception as err:
         print('Error: {0}'.format(err))
@@ -261,7 +277,7 @@ if __name__ == "__main__":
 
     # generating output information
     ip_address = 
GCPMeta().get_private_ip_address(notebook_config['instance_name'])
-    superset_ip_url = "http://"; + ip_address + 
":8888/{}/".format(notebook_config['exploratory_name'])
+    superset_ip_url = "http://"; + ip_address + 
":8088/{}/".format(notebook_config['exploratory_name'])
     ungit_ip_url = "http://"; + ip_address + 
":8085/{}-ungit/".format(notebook_config['exploratory_name'])
     superset_notebook_acces_url = "http://"; + edge_instance_hostname + 
"/{}/".format(notebook_config['exploratory_name'])
     superset_ungit_acces_url = "http://"; + edge_instance_hostname + 
"/{}-ungit/".format(
diff --git 
a/infrastructure-provisioning/src/superset/templates/superset_config.py 
b/infrastructure-provisioning/src/superset/templates/superset_config.py
index 9588d23..4894be8 100644
--- a/infrastructure-provisioning/src/superset/templates/superset_config.py
+++ b/infrastructure-provisioning/src/superset/templates/superset_config.py
@@ -64,7 +64,7 @@ AUTH_USER_REGISTRATION_ROLE = "Admin"
 CUSTOM_SECURITY_MANAGER = SupersetOIDCSecurityManager
 OIDC_CLIENT_SECRETS = '/home/superset/superset/id_provider.json'
 OIDC_COOKIE_SECURE = False
-OIDC_VALID_ISSUERS = 
'http://KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME'
+OIDC_VALID_ISSUERS = 
'http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME'
 ENABLE_PROXY_FIX = True
 
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[incubator-dlab] 03/03: added validation for keycloak client. minor fixes

Reply via email to