diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a431a4befc8cd1a95eb306c9a0055bc9f1bf56a0..3a8dc082f2b30711a4350e64c84497bad25caccc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -90,7 +90,6 @@ tests: NOMAD_RABBITMQ_HOST: rabbitmq NOMAD_ELASTIC_HOST: elastic NOMAD_MONGO_HOST: mongo - NOMAD_KEYCLOAK_CLIENT_SECRET: ${CI_KEYCLOAK_TEST_CLIENT_SECRET} NOMAD_KEYCLOAK_PASSWORD: ${CI_KEYCLOAK_ADMIN_PASSWORD} NOMAD_SPRINGER_DB_PATH: /nomad/fairdi/db/data/springer.db script: diff --git a/gui/src/components/EditUserMetadataDialog.js b/gui/src/components/EditUserMetadataDialog.js index e410504196e5537c2505806ffaedd5747402b9ed..fdad8f1964437d95d112656b625d6c3565cdcdba 100644 --- a/gui/src/components/EditUserMetadataDialog.js +++ b/gui/src/components/EditUserMetadataDialog.js @@ -730,7 +730,8 @@ class EditUserMetadataDialogUnstyled extends React.Component { user: PropTypes.object, onEditComplete: PropTypes.func, disabled: PropTypes.bool, - title: PropTypes.string + title: PropTypes.string, + info: PropTypes.object } static styles = theme => ({ @@ -1055,7 +1056,7 @@ class EditUserMetadataDialogUnstyled extends React.Component { } renderDialogActions(submitting, submitEnabled) { - const {classes} = this.props + const {classes, info} = this.props if (submitting) { return <DialogActions> @@ -1070,7 +1071,7 @@ class EditUserMetadataDialogUnstyled extends React.Component { </DialogActions> } else { return <DialogActions> - <InviteUserDialog /> + {info && !info.oasis && <InviteUserDialog />} <span style={{flexGrow: 1}} /> <Button onClick={this.handleClose} disabled={submitting}> Cancel diff --git a/nomad/app/api/auth.py b/nomad/app/api/auth.py index 354a88a674b980c3eccf02397b3c65f21fa21764..0ba9876d9a96b49c665259e4141ff8b8a30ef16a 100644 --- a/nomad/app/api/auth.py +++ b/nomad/app/api/auth.py @@ -249,6 +249,9 @@ class UsersResource(Resource): @api.expect(user_model, validate=True) def put(self): """ Invite a new user. """ + if config.keycloak.oasis: + abort(400, 'User invide does not work this NOMAD OASIS') + json_data = request.get_json() try: user = datamodel.User.m_from_dict(json_data) diff --git a/nomad/app/api/info.py b/nomad/app/api/info.py index b284ea9193d166860d7bec331b66a2c3de9692f6..2d16bcb137a70c5ad180c82ce56d23c6db8e05a4 100644 --- a/nomad/app/api/info.py +++ b/nomad/app/api/info.py @@ -59,7 +59,8 @@ info_model = api.model('Info', { 'domain': fields.Nested(model=domain_model), 'version': fields.String, 'release': fields.String, - 'git': fields.Nested(model=git_info_model) + 'git': fields.Nested(model=git_info_model), + 'oasis': fields.Boolean }) @@ -95,5 +96,6 @@ class InfoResource(Resource): 'version': gitinfo.version, 'commit': gitinfo.commit, 'log': gitinfo.log - } + }, + 'oasis': config.keycloak.oasis }, 200 diff --git a/nomad/cli/client/client.py b/nomad/cli/client/client.py index 9dc8eb7c4247e0310e756a4faec19602b1364291..662cb31356fc13066e7d7369589c50eeb35ff9ab 100644 --- a/nomad/cli/client/client.py +++ b/nomad/cli/client/client.py @@ -83,9 +83,9 @@ def __create_client( host=host, user=user, password=password, - server_url=nomad_config.keycloak.server_external_url, + server_url=nomad_config.keycloak.server_url, realm_name=nomad_config.keycloak.realm_name, - client_id=nomad_config.keycloak.public_client_id) + client_id=nomad_config.keycloak.client_id) else: http_client.set_basic_auth( host=host, diff --git a/nomad/config.py b/nomad/config.py index ecc4f25ce035599db12cd40c4d6b30636bb517e7..e266b43e1c3b810d7cf21880f9c7b1da1c5700d2 100644 --- a/nomad/config.py +++ b/nomad/config.py @@ -37,6 +37,7 @@ import os import os.path import yaml import warnings +import sys from nomad import gitinfo @@ -112,14 +113,13 @@ elastic = NomadConfig( ) keycloak = NomadConfig( - server_external_url='https://repository.nomad-coe.eu/fairdi/keycloak/auth/', server_url='https://repository.nomad-coe.eu/fairdi/keycloak/auth/', realm_name='fairdi_nomad_test', username='admin', password='password', - client_id='nomad_api_dev', - client_secret='**********', - public_client_id='nomad_public') + client_id='nomad_public', + client_secret=None, + oasis=False) mongo = NomadConfig( host='localhost', @@ -308,8 +308,8 @@ def load_config(config_file: str = os.environ.get('NOMAD_CONFIG', 'nomad.yaml')) config_file: Override the configfile, default is file stored in env variable NOMAD_CONFIG or ``nomad.yaml``. """ - # load yaml and override defaults - if os.path.exists(config_file): + # load yaml and override defaults (only when not in test) + if os.path.exists(config_file) and 'pytest' not in sys.modules: with open(config_file, 'r') as stream: try: config_data = yaml.load(stream, Loader=getattr(yaml, 'FullLoader')) diff --git a/nomad/infrastructure.py b/nomad/infrastructure.py index 76e20299893cef4580d257f0412df394ab5f4f0a..84da75147b87b5309d6558aff2ff6f111902ab74 100644 --- a/nomad/infrastructure.py +++ b/nomad/infrastructure.py @@ -124,7 +124,7 @@ class Keycloak(): def _oidc_client(self): if self.__oidc_client is None: self.__oidc_client = KeycloakOpenID( - server_url=config.keycloak.server_external_url, + server_url=config.keycloak.server_url, client_id=config.keycloak.client_id, realm_name=config.keycloak.realm_name, client_secret_key=config.keycloak.client_secret) @@ -188,7 +188,7 @@ class Keycloak(): options = dict(verify_aud=False, verify_exp=True, verify_iss=True) payload = jwt.decode( g.oidc_access_token, key=key, algorithms=['RS256'], options=options, - issuer='%s/realms/%s' % (config.keycloak.server_external_url.rstrip('/'), config.keycloak.realm_name)) + issuer='%s/realms/%s' % (config.keycloak.server_url.rstrip('/'), config.keycloak.realm_name)) except jwt.InvalidTokenError as e: auth_error = str(e) @@ -375,7 +375,7 @@ class Keycloak(): server_url=config.keycloak.server_url, username=config.keycloak.username, password=config.keycloak.password, - realm_name='master', + realm_name=config.keycloak.realm_name, verify=True) self.__admin_client.realm_name = config.keycloak.realm_name diff --git a/ops/helm/nomad/templates/nomad-configmap.yml b/ops/helm/nomad/templates/nomad-configmap.yml index 6b2c0842f81a407f1be10d33dc362ded4955c2fa..a0495d333b0aeb4252d77b868b3c85b3a03fe17e 100644 --- a/ops/helm/nomad/templates/nomad-configmap.yml +++ b/ops/helm/nomad/templates/nomad-configmap.yml @@ -55,7 +55,6 @@ data: routing: "{{ .Values.worker.routing }}" timeout: 7200 keycloak: - server_external_url: "{{ .Values.keycloak.serverExternalUrl }}" server_url: "{{ .Values.keycloak.serverUrl }}" realm_name: "{{ .Values.keycloak.realmName }}" username: "{{ .Values.keycloak.username }}" diff --git a/ops/helm/nomad/values.yaml b/ops/helm/nomad/values.yaml index 661bbe2b1f259fa39f43ffaf0cc81c1bba55b0ba..595acec64a95e3189a6facf280ac637f57183f77 100644 --- a/ops/helm/nomad/values.yaml +++ b/ops/helm/nomad/values.yaml @@ -136,8 +136,8 @@ keycloak: serverUrl: "https://repository.nomad-coe.eu/fairdi/keycloak/auth/" realmName: "fairdi_nomad_test" username: "admin" - clientId: "nomad_api_dev" - guiClientId: "nomad_gui_dev" + clientId: "nomad_public" + guiClientId: "nomad_public" admin_user_id: "00000000-0000-0000-0000-000000000000" ## Everything concerning the data that is used by the service