This is an automated email from the ASF dual-hosted git repository. mykolabodnar pushed a commit to branch DLAB-1363 in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 3befbd124545df0cbcc31b66f8d275655d4fdbda Author: Mykola_Bodnar1 <bodnarmyk...@gmail.com> AuthorDate: Tue Dec 10 18:10:41 2019 +0200 [DLAB-1363] - SSO and Superset fixed for keycloak auth via any url --- .../src/general/lib/os/debian/edge_lib.py | 4 +--- infrastructure-provisioning/src/general/lib/os/fab.py | 5 ++--- .../src/project/templates/conf.d/proxy.conf | 2 +- infrastructure-provisioning/src/project/templates/nginx.conf | 2 ++ .../src/superset/templates/id_provider.json | 10 +++++----- .../src/superset/templates/superset_config.py | 2 +- 6 files changed, 12 insertions(+), 13 deletions(-) diff --git a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py index 7d40b1e..c874eca 100644 --- a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py +++ b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py @@ -23,7 +23,6 @@ import os import sys -import re from fabric.api import * from fabric.contrib.files import exists @@ -117,9 +116,8 @@ def install_nginx_lua(edge_ip, nginx_version, keycloak_auth_server_url, keycloak sudo('rm -f /etc/nginx/nginx.conf') sudo('mkdir -p /opt/dlab/templates') put('/root/templates', '/opt/dlab', use_sudo=True) - keycloak_auth_server_ip = ''.join(re.findall('(?:[12]?\\d?\\d\\.){3}[12]?\\d?\\d:\d+', keycloak_auth_server_url)) sudo('sed -i \'s/EDGE_IP/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(edge_ip)) - sudo('sed -i \'s/KEYCLOAK_SERVER_IP/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_auth_server_ip)) + sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_auth_server_url)) sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_realm_name)) sudo('sed -i \'s/KEYCLOAK_CLIENT_ID/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_client_id)) sudo('sed -i \'s/KEYCLOAK_CLIENT_SECRET/{}/g\' /opt/dlab/templates/conf.d/proxy.conf'.format(keycloak_client_secret)) diff --git a/infrastructure-provisioning/src/general/lib/os/fab.py b/infrastructure-provisioning/src/general/lib/os/fab.py index bbb5e39..3a9d876 100644 --- a/infrastructure-provisioning/src/general/lib/os/fab.py +++ b/infrastructure-provisioning/src/general/lib/os/fab.py @@ -877,14 +877,13 @@ def configure_superset(os_user, keycloak_auth_server_url, keycloak_realm_name, k sudo('mkdir -p /opt/dlab/templates') put('/root/templates', '/opt/dlab', use_sudo=True) sudo('sed -i \'s/OS_USER/{}/g\' /opt/dlab/templates/.env'.format(os_user)) - keycloak_auth_server_ip = ''.join(re.findall('(?:[12]?\\d?\\d\\.){3}[12]?\\d?\\d:\d+', keycloak_auth_server_url)) proxy_string = '{}:3128'.format(edge_instance_private_ip) - sudo('sed -i \'s/KEYCLOAK_AUTH_SERVER_URL/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_auth_server_ip)) + sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/id_provider.json'.format(keycloak_auth_server_url)) sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_realm_name)) sudo('sed -i \'s/CLIENT_ID/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_client_id)) sudo('sed -i \'s/CLIENT_SECRET/{}/g\' /opt/dlab/templates/id_provider.json'.format(keycloak_client_secret)) sudo('sed -i \'s/PROXY_STRING/{}/g\' /opt/dlab/templates/docker-compose.yml'.format(proxy_string)) - sudo('sed -i \'s/KEYCLOAK_AUTH_SERVER_URL/{}/g\' /opt/dlab/templates/superset_config.py'.format(keycloak_auth_server_ip)) + sudo('sed -i \'s|KEYCLOAK_AUTH_SERVER_URL|{}|g\' /opt/dlab/templates/superset_config.py'.format(keycloak_auth_server_url)) sudo('sed -i \'s/KEYCLOAK_REALM_NAME/{}/g\' /opt/dlab/templates/superset_config.py'.format(keycloak_realm_name)) sudo('sed -i \'s/EDGE_IP/{}/g\' /opt/dlab/templates/superset_config.py'.format(edge_instance_public_ip)) sudo('sed -i \'s/SUPERSET_NAME/{}/g\' /opt/dlab/templates/superset_config.py'.format(superset_name)) diff --git a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf index b166519..49557d2 100644 --- a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf +++ b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf @@ -26,7 +26,7 @@ server { local opts = { redirect_uri_path = "/*", accept_none_alg = true, - discovery = "http://KEYCLOAK_SERVER_IP/auth/realms/KEYCLOAK_REALM_NAME/.well-known/openid-configuration", + discovery = "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/.well-known/openid-configuration", client_id = "KEYCLOAK_CLIENT_ID", client_secret = "KEYCLOAK_CLIENT_SECRET", ssl_verify = "no", diff --git a/infrastructure-provisioning/src/project/templates/nginx.conf b/infrastructure-provisioning/src/project/templates/nginx.conf index 7ce18ca..d012375 100644 --- a/infrastructure-provisioning/src/project/templates/nginx.conf +++ b/infrastructure-provisioning/src/project/templates/nginx.conf @@ -47,6 +47,8 @@ http { proxy_read_timeout 86400s; proxy_send_timeout 86400s; client_max_body_size 50M; + resolver 8.8.8.8; + resolver_timeout 10s; include /etc/nginx/mime.types; default_type application/octet-stream; diff --git a/infrastructure-provisioning/src/superset/templates/id_provider.json b/infrastructure-provisioning/src/superset/templates/id_provider.json index 4987ebc..0269079 100644 --- a/infrastructure-provisioning/src/superset/templates/id_provider.json +++ b/infrastructure-provisioning/src/superset/templates/id_provider.json @@ -1,12 +1,12 @@ { "web": { - "issuer": "http://KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME", - "auth_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/auth", + "issuer": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME", + "auth_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/auth", "client_id": "CLIENT_ID", "client_secret": "CLIENT_SECRET", - "token_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token", - "token_introspection_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token/introspect", - "userinfo_uri": "http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/userinfo", + "token_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token", + "token_introspection_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/token/introspect", + "userinfo_uri": "KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME/protocol/openid-connect/userinfo", "ssl-required": "none" } } diff --git a/infrastructure-provisioning/src/superset/templates/superset_config.py b/infrastructure-provisioning/src/superset/templates/superset_config.py index a57c85e..b8830af 100644 --- a/infrastructure-provisioning/src/superset/templates/superset_config.py +++ b/infrastructure-provisioning/src/superset/templates/superset_config.py @@ -64,6 +64,6 @@ AUTH_USER_REGISTRATION_ROLE = "Admin" CUSTOM_SECURITY_MANAGER = SupersetOIDCSecurityManager OIDC_CLIENT_SECRETS = '/home/superset/superset/id_provider.json' OIDC_COOKIE_SECURE = False -OIDC_VALID_ISSUERS = 'http://KEYCLOAK_AUTH_SERVER_URL/auth/realms/KEYCLOAK_REALM_NAME' +OIDC_VALID_ISSUERS = 'KEYCLOAK_AUTH_SERVER_URL/realms/KEYCLOAK_REALM_NAME' WTF_CSRF_ENABLED = False OVERWRITE_REDIRECT_URI = 'http://EDGE_IP/SUPERSET_NAME/oidc_callback' --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org For additional commands, e-mail: commits-h...@dlab.apache.org