Skip to content
GitLab
Commit 9f76442b authored by Markus Scheidgen's avatar Markus Scheidgen
Browse files

Simplified keycloak usage. #287

parent a86ee887
Pipeline #69826 passed with stages
in 32 minutes and 22 seconds
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
View file @ 9f76442b
......@@ -90,7 +90,6 @@ tests:
NOMAD_RABBITMQ_HOST: rabbitmq
NOMAD_ELASTIC_HOST: elastic
NOMAD_MONGO_HOST: mongo
NOMAD_KEYCLOAK_CLIENT_SECRET: ${CI_KEYCLOAK_TEST_CLIENT_SECRET}
NOMAD_KEYCLOAK_PASSWORD: ${CI_KEYCLOAK_ADMIN_PASSWORD}
NOMAD_SPRINGER_DB_PATH: /nomad/fairdi/db/data/springer.db
script:
......
gui/src/components/EditUserMetadataDialog.js
View file @ 9f76442b
......@@ -730,7 +730,8 @@ class EditUserMetadataDialogUnstyled extends React.Component {
user: PropTypes.object,
onEditComplete: PropTypes.func,
disabled: PropTypes.bool,
title: PropTypes.string
title: PropTypes.string,
info: PropTypes.object
}
static styles = theme => ({
......@@ -1055,7 +1056,7 @@ class EditUserMetadataDialogUnstyled extends React.Component {
}
renderDialogActions(submitting, submitEnabled) {
const {classes} = this.props
const {classes, info} = this.props
if (submitting) {
return <DialogActions>
......@@ -1070,7 +1071,7 @@ class EditUserMetadataDialogUnstyled extends React.Component {
</DialogActions>
} else {
return <DialogActions>
<InviteUserDialog />
{info && !info.oasis && <InviteUserDialog />}
<span style={{flexGrow: 1}} />
<Button onClick={this.handleClose} disabled={submitting}>
Cancel
......
nomad/app/api/auth.py
View file @ 9f76442b
......@@ -249,6 +249,9 @@ class UsersResource(Resource):
@api.expect(user_model, validate=True)
def put(self):
""" Invite a new user. """
if config.keycloak.oasis:
abort(400, 'User invide does not work this NOMAD OASIS')
json_data = request.get_json()
try:
user = datamodel.User.m_from_dict(json_data)
......
nomad/app/api/info.py
View file @ 9f76442b
......@@ -59,7 +59,8 @@ info_model = api.model('Info', {
'domain': fields.Nested(model=domain_model),
'version': fields.String,
'release': fields.String,
'git': fields.Nested(model=git_info_model)
'git': fields.Nested(model=git_info_model),
'oasis': fields.Boolean
})
......@@ -95,5 +96,6 @@ class InfoResource(Resource):
'version': gitinfo.version,
'commit': gitinfo.commit,
'log': gitinfo.log
}
},
'oasis': config.keycloak.oasis
}, 200
nomad/cli/client/client.py
View file @ 9f76442b
......@@ -83,9 +83,9 @@ def __create_client(
host=host,
user=user,
password=password,
server_url=nomad_config.keycloak.server_external_url,
server_url=nomad_config.keycloak.server_url,
realm_name=nomad_config.keycloak.realm_name,
client_id=nomad_config.keycloak.public_client_id)
client_id=nomad_config.keycloak.client_id)
else:
http_client.set_basic_auth(
host=host,
......
nomad/config.py
View file @ 9f76442b
......@@ -37,6 +37,7 @@ import os
import os.path
import yaml
import warnings
import sys
from nomad import gitinfo
......@@ -112,14 +113,13 @@ elastic = NomadConfig(
)
keycloak = NomadConfig(
server_external_url='https://repository.nomad-coe.eu/fairdi/keycloak/auth/',
server_url='https://repository.nomad-coe.eu/fairdi/keycloak/auth/',
realm_name='fairdi_nomad_test',
username='admin',
password='password',
client_id='nomad_api_dev',
client_secret='**********',
public_client_id='nomad_public')
client_id='nomad_public',
client_secret=None,
oasis=False)
mongo = NomadConfig(
host='localhost',
......@@ -308,8 +308,8 @@ def load_config(config_file: str = os.environ.get('NOMAD_CONFIG', 'nomad.yaml'))
config_file: Override the configfile, default is file stored in env variable
NOMAD_CONFIG or ``nomad.yaml``.
"""
# load yaml and override defaults
if os.path.exists(config_file):
# load yaml and override defaults (only when not in test)
if os.path.exists(config_file) and 'pytest' not in sys.modules:
with open(config_file, 'r') as stream:
try:
config_data = yaml.load(stream, Loader=getattr(yaml, 'FullLoader'))
......
nomad/infrastructure.py
View file @ 9f76442b
......@@ -124,7 +124,7 @@ class Keycloak():
def _oidc_client(self):
if self.__oidc_client is None:
self.__oidc_client = KeycloakOpenID(
server_url=config.keycloak.server_external_url,
server_url=config.keycloak.server_url,
client_id=config.keycloak.client_id,
realm_name=config.keycloak.realm_name,
client_secret_key=config.keycloak.client_secret)
......@@ -188,7 +188,7 @@ class Keycloak():
options = dict(verify_aud=False, verify_exp=True, verify_iss=True)
payload = jwt.decode(
g.oidc_access_token, key=key, algorithms=['RS256'], options=options,
issuer='%s/realms/%s' % (config.keycloak.server_external_url.rstrip('/'), config.keycloak.realm_name))
issuer='%s/realms/%s' % (config.keycloak.server_url.rstrip('/'), config.keycloak.realm_name))
except jwt.InvalidTokenError as e:
auth_error = str(e)
......@@ -375,7 +375,7 @@ class Keycloak():
server_url=config.keycloak.server_url,
username=config.keycloak.username,
password=config.keycloak.password,
realm_name='master',
realm_name=config.keycloak.realm_name,
verify=True)
self.__admin_client.realm_name = config.keycloak.realm_name
......
ops/helm/nomad/templates/nomad-configmap.yml
View file @ 9f76442b
......@@ -55,7 +55,6 @@ data:
routing: "{{ .Values.worker.routing }}"
timeout: 7200
keycloak:
server_external_url: "{{ .Values.keycloak.serverExternalUrl }}"
server_url: "{{ .Values.keycloak.serverUrl }}"
realm_name: "{{ .Values.keycloak.realmName }}"
username: "{{ .Values.keycloak.username }}"
......
ops/helm/nomad/values.yaml
View file @ 9f76442b
......@@ -136,8 +136,8 @@ keycloak:
serverUrl: "https://repository.nomad-coe.eu/fairdi/keycloak/auth/"
realmName: "fairdi_nomad_test"
username: "admin"
clientId: "nomad_api_dev"
guiClientId: "nomad_gui_dev"
clientId: "nomad_public"
guiClientId: "nomad_public"
admin_user_id: "00000000-0000-0000-0000-000000000000"
## Everything concerning the data that is used by the service
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment