Commit 9f76442b authored by Markus Scheidgen's avatar Markus Scheidgen
Browse files

Simplified keycloak usage. #287

parent a86ee887
Pipeline #69826 passed with stages
in 32 minutes and 22 seconds
...@@ -90,7 +90,6 @@ tests: ...@@ -90,7 +90,6 @@ tests:
NOMAD_RABBITMQ_HOST: rabbitmq NOMAD_RABBITMQ_HOST: rabbitmq
NOMAD_ELASTIC_HOST: elastic NOMAD_ELASTIC_HOST: elastic
NOMAD_MONGO_HOST: mongo NOMAD_MONGO_HOST: mongo
NOMAD_KEYCLOAK_CLIENT_SECRET: ${CI_KEYCLOAK_TEST_CLIENT_SECRET}
NOMAD_KEYCLOAK_PASSWORD: ${CI_KEYCLOAK_ADMIN_PASSWORD} NOMAD_KEYCLOAK_PASSWORD: ${CI_KEYCLOAK_ADMIN_PASSWORD}
NOMAD_SPRINGER_DB_PATH: /nomad/fairdi/db/data/springer.db NOMAD_SPRINGER_DB_PATH: /nomad/fairdi/db/data/springer.db
script: script:
......
...@@ -730,7 +730,8 @@ class EditUserMetadataDialogUnstyled extends React.Component { ...@@ -730,7 +730,8 @@ class EditUserMetadataDialogUnstyled extends React.Component {
user: PropTypes.object, user: PropTypes.object,
onEditComplete: PropTypes.func, onEditComplete: PropTypes.func,
disabled: PropTypes.bool, disabled: PropTypes.bool,
title: PropTypes.string title: PropTypes.string,
info: PropTypes.object
} }
static styles = theme => ({ static styles = theme => ({
...@@ -1055,7 +1056,7 @@ class EditUserMetadataDialogUnstyled extends React.Component { ...@@ -1055,7 +1056,7 @@ class EditUserMetadataDialogUnstyled extends React.Component {
} }
renderDialogActions(submitting, submitEnabled) { renderDialogActions(submitting, submitEnabled) {
const {classes} = this.props const {classes, info} = this.props
if (submitting) { if (submitting) {
return <DialogActions> return <DialogActions>
...@@ -1070,7 +1071,7 @@ class EditUserMetadataDialogUnstyled extends React.Component { ...@@ -1070,7 +1071,7 @@ class EditUserMetadataDialogUnstyled extends React.Component {
</DialogActions> </DialogActions>
} else { } else {
return <DialogActions> return <DialogActions>
<InviteUserDialog /> {info && !info.oasis && <InviteUserDialog />}
<span style={{flexGrow: 1}} /> <span style={{flexGrow: 1}} />
<Button onClick={this.handleClose} disabled={submitting}> <Button onClick={this.handleClose} disabled={submitting}>
Cancel Cancel
......
...@@ -249,6 +249,9 @@ class UsersResource(Resource): ...@@ -249,6 +249,9 @@ class UsersResource(Resource):
@api.expect(user_model, validate=True) @api.expect(user_model, validate=True)
def put(self): def put(self):
""" Invite a new user. """ """ Invite a new user. """
if config.keycloak.oasis:
abort(400, 'User invide does not work this NOMAD OASIS')
json_data = request.get_json() json_data = request.get_json()
try: try:
user = datamodel.User.m_from_dict(json_data) user = datamodel.User.m_from_dict(json_data)
......
...@@ -59,7 +59,8 @@ info_model = api.model('Info', { ...@@ -59,7 +59,8 @@ info_model = api.model('Info', {
'domain': fields.Nested(model=domain_model), 'domain': fields.Nested(model=domain_model),
'version': fields.String, 'version': fields.String,
'release': fields.String, 'release': fields.String,
'git': fields.Nested(model=git_info_model) 'git': fields.Nested(model=git_info_model),
'oasis': fields.Boolean
}) })
...@@ -95,5 +96,6 @@ class InfoResource(Resource): ...@@ -95,5 +96,6 @@ class InfoResource(Resource):
'version': gitinfo.version, 'version': gitinfo.version,
'commit': gitinfo.commit, 'commit': gitinfo.commit,
'log': gitinfo.log 'log': gitinfo.log
} },
'oasis': config.keycloak.oasis
}, 200 }, 200
...@@ -83,9 +83,9 @@ def __create_client( ...@@ -83,9 +83,9 @@ def __create_client(
host=host, host=host,
user=user, user=user,
password=password, password=password,
server_url=nomad_config.keycloak.server_external_url, server_url=nomad_config.keycloak.server_url,
realm_name=nomad_config.keycloak.realm_name, realm_name=nomad_config.keycloak.realm_name,
client_id=nomad_config.keycloak.public_client_id) client_id=nomad_config.keycloak.client_id)
else: else:
http_client.set_basic_auth( http_client.set_basic_auth(
host=host, host=host,
......
...@@ -37,6 +37,7 @@ import os ...@@ -37,6 +37,7 @@ import os
import os.path import os.path
import yaml import yaml
import warnings import warnings
import sys
from nomad import gitinfo from nomad import gitinfo
...@@ -112,14 +113,13 @@ elastic = NomadConfig( ...@@ -112,14 +113,13 @@ elastic = NomadConfig(
) )
keycloak = NomadConfig( keycloak = NomadConfig(
server_external_url='https://repository.nomad-coe.eu/fairdi/keycloak/auth/',
server_url='https://repository.nomad-coe.eu/fairdi/keycloak/auth/', server_url='https://repository.nomad-coe.eu/fairdi/keycloak/auth/',
realm_name='fairdi_nomad_test', realm_name='fairdi_nomad_test',
username='admin', username='admin',
password='password', password='password',
client_id='nomad_api_dev', client_id='nomad_public',
client_secret='**********', client_secret=None,
public_client_id='nomad_public') oasis=False)
mongo = NomadConfig( mongo = NomadConfig(
host='localhost', host='localhost',
...@@ -308,8 +308,8 @@ def load_config(config_file: str = os.environ.get('NOMAD_CONFIG', 'nomad.yaml')) ...@@ -308,8 +308,8 @@ def load_config(config_file: str = os.environ.get('NOMAD_CONFIG', 'nomad.yaml'))
config_file: Override the configfile, default is file stored in env variable config_file: Override the configfile, default is file stored in env variable
NOMAD_CONFIG or ``nomad.yaml``. NOMAD_CONFIG or ``nomad.yaml``.
""" """
# load yaml and override defaults # load yaml and override defaults (only when not in test)
if os.path.exists(config_file): if os.path.exists(config_file) and 'pytest' not in sys.modules:
with open(config_file, 'r') as stream: with open(config_file, 'r') as stream:
try: try:
config_data = yaml.load(stream, Loader=getattr(yaml, 'FullLoader')) config_data = yaml.load(stream, Loader=getattr(yaml, 'FullLoader'))
......
...@@ -124,7 +124,7 @@ class Keycloak(): ...@@ -124,7 +124,7 @@ class Keycloak():
def _oidc_client(self): def _oidc_client(self):
if self.__oidc_client is None: if self.__oidc_client is None:
self.__oidc_client = KeycloakOpenID( self.__oidc_client = KeycloakOpenID(
server_url=config.keycloak.server_external_url, server_url=config.keycloak.server_url,
client_id=config.keycloak.client_id, client_id=config.keycloak.client_id,
realm_name=config.keycloak.realm_name, realm_name=config.keycloak.realm_name,
client_secret_key=config.keycloak.client_secret) client_secret_key=config.keycloak.client_secret)
...@@ -188,7 +188,7 @@ class Keycloak(): ...@@ -188,7 +188,7 @@ class Keycloak():
options = dict(verify_aud=False, verify_exp=True, verify_iss=True) options = dict(verify_aud=False, verify_exp=True, verify_iss=True)
payload = jwt.decode( payload = jwt.decode(
g.oidc_access_token, key=key, algorithms=['RS256'], options=options, g.oidc_access_token, key=key, algorithms=['RS256'], options=options,
issuer='%s/realms/%s' % (config.keycloak.server_external_url.rstrip('/'), config.keycloak.realm_name)) issuer='%s/realms/%s' % (config.keycloak.server_url.rstrip('/'), config.keycloak.realm_name))
except jwt.InvalidTokenError as e: except jwt.InvalidTokenError as e:
auth_error = str(e) auth_error = str(e)
...@@ -375,7 +375,7 @@ class Keycloak(): ...@@ -375,7 +375,7 @@ class Keycloak():
server_url=config.keycloak.server_url, server_url=config.keycloak.server_url,
username=config.keycloak.username, username=config.keycloak.username,
password=config.keycloak.password, password=config.keycloak.password,
realm_name='master', realm_name=config.keycloak.realm_name,
verify=True) verify=True)
self.__admin_client.realm_name = config.keycloak.realm_name self.__admin_client.realm_name = config.keycloak.realm_name
......
...@@ -55,7 +55,6 @@ data: ...@@ -55,7 +55,6 @@ data:
routing: "{{ .Values.worker.routing }}" routing: "{{ .Values.worker.routing }}"
timeout: 7200 timeout: 7200
keycloak: keycloak:
server_external_url: "{{ .Values.keycloak.serverExternalUrl }}"
server_url: "{{ .Values.keycloak.serverUrl }}" server_url: "{{ .Values.keycloak.serverUrl }}"
realm_name: "{{ .Values.keycloak.realmName }}" realm_name: "{{ .Values.keycloak.realmName }}"
username: "{{ .Values.keycloak.username }}" username: "{{ .Values.keycloak.username }}"
......
...@@ -136,8 +136,8 @@ keycloak: ...@@ -136,8 +136,8 @@ keycloak:
serverUrl: "https://repository.nomad-coe.eu/fairdi/keycloak/auth/" serverUrl: "https://repository.nomad-coe.eu/fairdi/keycloak/auth/"
realmName: "fairdi_nomad_test" realmName: "fairdi_nomad_test"
username: "admin" username: "admin"
clientId: "nomad_api_dev" clientId: "nomad_public"
guiClientId: "nomad_gui_dev" guiClientId: "nomad_public"
admin_user_id: "00000000-0000-0000-0000-000000000000" admin_user_id: "00000000-0000-0000-0000-000000000000"
## Everything concerning the data that is used by the service ## Everything concerning the data that is used by the service
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment