From 312de0becbee51e72ed1c1999cb3dc7890b5159d Mon Sep 17 00:00:00 2001 From: James Tanner Date: Tue, 1 Oct 2024 12:57:01 -0400 Subject: [PATCH 1/8] Add more config options for keycloak. No-Issue Signed-off-by: James Tanner --- galaxy_ng/app/dynaconf_hooks.py | 25 +++++++++++++++++-------- profiles/keycloak/pulp_config.env | 8 ++++++++ 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/galaxy_ng/app/dynaconf_hooks.py b/galaxy_ng/app/dynaconf_hooks.py index 6deb06945d..d40fe950d1 100755 --- a/galaxy_ng/app/dynaconf_hooks.py +++ b/galaxy_ng/app/dynaconf_hooks.py @@ -99,6 +99,10 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: KEYCLOAK_PORT = settings.get("KEYCLOAK_PORT", default=None) KEYCLOAK_REALM = settings.get("KEYCLOAK_REALM", default=None) + KEYCLOAK_AUTH_PREFIX = settings.get("KEYCLOAK_AUTH_PREFIX", default="auth/") + SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = settings.get("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL", default=None) + SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = settings.get("SOCIAL_AUTH_ACCESS_TOKEN_URL", default=None) + # Add settings if Social Auth values are provided if all( [ @@ -122,21 +126,26 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: ) data["KEYCLOAK_HOST_LOOPBACK"] = settings.get("KEYCLOAK_HOST_LOOPBACK", default=None) data["KEYCLOAK_URL"] = f"{KEYCLOAK_PROTOCOL}://{KEYCLOAK_HOST}:{KEYCLOAK_PORT}" - auth_url_str = "{keycloak}/auth/realms/{realm}/protocol/openid-connect/auth/" - data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format( - keycloak=data["KEYCLOAK_URL"], realm=KEYCLOAK_REALM - ) + + auth_url_str = "{keycloak}/{prefix}realms/{realm}/protocol/openid-connect/auth/" + + if SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL is None: + data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format( + keycloak=data["KEYCLOAK_URL"], realm=KEYCLOAK_REALM, prefix=KEYCLOAK_AUTH_PREFIX + ) + if data["KEYCLOAK_HOST_LOOPBACK"]: loopback_url = "{protocol}://{host}:{port}".format( protocol=KEYCLOAK_PROTOCOL, host=data["KEYCLOAK_HOST_LOOPBACK"], port=KEYCLOAK_PORT ) data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format( - keycloak=loopback_url, realm=KEYCLOAK_REALM + keycloak=loopback_url, realm=KEYCLOAK_REALM, prefix=KEYCLOAK_AUTH_PREFIX ) - data[ - "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL" - ] = f"{data['KEYCLOAK_URL']}/auth/realms/{KEYCLOAK_REALM}/protocol/openid-connect/token/" + if SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL is None: + data[ + "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL" + ] = f"{data['KEYCLOAK_URL']}/{KEYCLOAK_AUTH_PREFIX}realms/{KEYCLOAK_REALM}/protocol/openid-connect/token/" data["SOCIAL_AUTH_LOGIN_REDIRECT_URL"] = settings.get( "SOCIAL_AUTH_LOGIN_REDIRECT_URL", default="/ui/" diff --git a/profiles/keycloak/pulp_config.env b/profiles/keycloak/pulp_config.env index b53a791b4a..71dd167cfc 100644 --- a/profiles/keycloak/pulp_config.env +++ b/profiles/keycloak/pulp_config.env @@ -9,6 +9,7 @@ PULP_GALAXY_DEPLOYMENT_MODE=standalone PULP_SOCIAL_AUTH_KEYCLOAK_KEY=automation-hub PULP_SOCIAL_AUTH_KEYCLOAK_SECRET=REALLYWELLKEPTSECRET PULP_SOCIAL_AUTH_LOGIN_REDIRECT_URL={API_PROTOCOL}://{API_HOST}:{API_PORT} +PULP_KEYCLOAK_AUTH_PREFIX="auth/" PULP_KEYCLOAK_PROTOCOL=http PULP_KEYCLOAK_HOST=keycloak PULP_KEYCLOAK_HOST_LOOPBACK=localhost @@ -20,3 +21,10 @@ KEYCLOAK_REDIRECT_URL="{API_PROTOCOL}://{API_HOST}:{API_PORT}/" # Integration test settings HUB_TEST_AUTHENTICATION_BACKEND="keycloak" HUB_TEST_MARKS=deployment_standalone or all or keycloak + +## RENDERED ... +#[root@a06dd698f808 /]# dynaconf list | grep -i keycloak | grep -i url +#SOCIAL_AUTH_KEYCLOAK_LOGOUT_URL None +#KEYCLOAK_URL 'http://keycloak:8080' +#SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL 'http://localhost:8080/auth/realms/aap/protocol/openid-connect/auth/' +#SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL 'http://keycloak:8080/auth/realms/aap/protocol/openid-connect/token/' From 49fa6bf3ee59ee7de0a1e4562383dd26660bf335 Mon Sep 17 00:00:00 2001 From: James Tanner Date: Tue, 1 Oct 2024 13:00:18 -0400 Subject: [PATCH 2/8] Set default empty prefix. No-Issue Signed-off-by: James Tanner --- galaxy_ng/app/dynaconf_hooks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy_ng/app/dynaconf_hooks.py b/galaxy_ng/app/dynaconf_hooks.py index d40fe950d1..9b1f5640fc 100755 --- a/galaxy_ng/app/dynaconf_hooks.py +++ b/galaxy_ng/app/dynaconf_hooks.py @@ -99,7 +99,7 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: KEYCLOAK_PORT = settings.get("KEYCLOAK_PORT", default=None) KEYCLOAK_REALM = settings.get("KEYCLOAK_REALM", default=None) - KEYCLOAK_AUTH_PREFIX = settings.get("KEYCLOAK_AUTH_PREFIX", default="auth/") + KEYCLOAK_AUTH_PREFIX = settings.get("KEYCLOAK_AUTH_PREFIX", default="") SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = settings.get("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL", default=None) SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = settings.get("SOCIAL_AUTH_ACCESS_TOKEN_URL", default=None) From 0e80ca57f9330dc1d44395fedf256571e010cbd2 Mon Sep 17 00:00:00 2001 From: James Tanner Date: Tue, 1 Oct 2024 13:51:40 -0400 Subject: [PATCH 3/8] Use the latest keycloak image tag and fix playbook. No-Issue Signed-off-by: James Tanner --- profiles/keycloak/compose.yaml | 6 +++- profiles/keycloak/keycloak-playbook.yaml | 37 ++++++++++++++++-------- 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/profiles/keycloak/compose.yaml b/profiles/keycloak/compose.yaml index d5485093fa..87722612a6 100644 --- a/profiles/keycloak/compose.yaml +++ b/profiles/keycloak/compose.yaml @@ -12,7 +12,8 @@ services: # - "UI_EXTERNAL_LOGIN_URI={API_PROTOCOL}://{API_HOST}:{API_PORT}/login" keycloak: - image: quay.io/keycloak/keycloak:legacy + #image: quay.io/keycloak/keycloak:legacy + image: quay.io/keycloak/keycloak:latest environment: - DB_VENDOR=POSTGRES - DB_ADDR=kc-postgres @@ -20,6 +21,8 @@ services: - DB_USER=keycloak - DB_SCHEMA=public - DB_PASSWORD=keycloak + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=admin - KEYCLOAK_USER=admin - KEYCLOAK_PASSWORD=admin ports: @@ -27,6 +30,7 @@ services: depends_on: - kc-postgres - ldap + command: ['start-dev'] kc-postgres: image: "postgres:12" diff --git a/profiles/keycloak/keycloak-playbook.yaml b/profiles/keycloak/keycloak-playbook.yaml index 59072ea4b7..8ce48db8c6 100644 --- a/profiles/keycloak/keycloak-playbook.yaml +++ b/profiles/keycloak/keycloak-playbook.yaml @@ -17,7 +17,9 @@ - name: Create or update AAP Keycloak realm community.general.keycloak_realm: auth_client_id: admin-cli - auth_keycloak_url: http://keycloak:8080/auth + #auth_keycloak_url: http://keycloak:8080/auth + auth_keycloak_url: http://keycloak:8080 + #auth_keycloak_url: http://localhost:8080 auth_realm: master auth_username: admin auth_password: admin @@ -31,7 +33,8 @@ - name: Create or update a Keycloak client community.general.keycloak_client: auth_client_id: admin-cli - auth_keycloak_url: http://keycloak:8080/auth + #auth_keycloak_url: http://keycloak:8080/auth + auth_keycloak_url: http://keycloak:8080 auth_realm: master auth_username: admin auth_password: admin @@ -158,7 +161,8 @@ - name: Create Token for service Keycloak uri: - url: "http://keycloak:8080/auth/realms/master/protocol/openid-connect/token" + #url: "http://keycloak:8080/auth/realms/master/protocol/openid-connect/token" + url: "http://keycloak:8080/realms/master/protocol/openid-connect/token" method: POST body_format: form-urlencoded body: @@ -236,7 +240,8 @@ - name: Create LDAP configuration uri: - url: "http://keycloak:8080/auth/admin/realms/aap/components" + #url: "http://keycloak:8080/auth/admin/realms/aap/components" + url: "http://keycloak:8080/admin/realms/aap/components" method: POST body_format: json body: "{{ ldap_config | to_json }}" @@ -251,7 +256,8 @@ - name: Get components uri: - url: "http://keycloak:8080/auth/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider" + #url: "http://keycloak:8080/auth/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider" + url: "http://keycloak:8080/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider" method: GET status_code: - 200 @@ -302,7 +308,8 @@ - name: Create LDAP group mapping uri: - url: "http://keycloak:8080/auth/admin/realms/aap/components" + #url: "http://keycloak:8080/auth/admin/realms/aap/components" + url: "http://keycloak:8080/admin/realms/aap/components" method: POST body_format: json body: "{{ ldap_group_mapper | to_json }}" @@ -317,7 +324,8 @@ - name: Get group mapper identifier uri: - url: "http://keycloak:8080/auth/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group" + #url: "http://keycloak:8080/auth/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group" + url: "http://keycloak:8080/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group" method: GET status_code: - 200 @@ -333,7 +341,8 @@ - name: Sync LDAP users uri: - url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync" + #url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync" + url: "http://keycloak:8080/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync" method: POST status_code: - 200 @@ -345,7 +354,8 @@ - name: Sync LDAP groups uri: - url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak" + #url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak" + url: "http://keycloak:8080/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak" method: POST status_code: - 200 @@ -363,7 +373,8 @@ client_id: automation-hub state: present auth_client_id: admin-cli - auth_keycloak_url: http://keycloak:8080/auth + #auth_keycloak_url: http://keycloak:8080/auth + auth_keycloak_url: http://keycloak:8080 auth_realm: master auth_username: admin auth_password: admin @@ -379,7 +390,8 @@ client_id: automation-hub state: present auth_client_id: admin-cli - auth_keycloak_url: http://keycloak:8080/auth + #auth_keycloak_url: http://keycloak:8080/auth + auth_keycloak_url: http://keycloak:8080 auth_realm: master auth_username: admin auth_password: admin @@ -387,7 +399,8 @@ - name: Get realm public key uri: - url: "http://keycloak:8080/auth/realms/aap" + #url: "http://keycloak:8080/auth/realms/aap" + url: "http://keycloak:8080/realms/aap" method: GET status_code: - 200 From 075bcb2123adf6463ade49774f15adcda2ede151 Mon Sep 17 00:00:00 2001 From: James Tanner Date: Tue, 1 Oct 2024 14:13:03 -0400 Subject: [PATCH 4/8] Use the appropriate prefix for new keycloak. No-Issue Signed-off-by: James Tanner --- profiles/keycloak/pulp_config.env | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/profiles/keycloak/pulp_config.env b/profiles/keycloak/pulp_config.env index 71dd167cfc..9e41f1d6b1 100644 --- a/profiles/keycloak/pulp_config.env +++ b/profiles/keycloak/pulp_config.env @@ -9,7 +9,8 @@ PULP_GALAXY_DEPLOYMENT_MODE=standalone PULP_SOCIAL_AUTH_KEYCLOAK_KEY=automation-hub PULP_SOCIAL_AUTH_KEYCLOAK_SECRET=REALLYWELLKEPTSECRET PULP_SOCIAL_AUTH_LOGIN_REDIRECT_URL={API_PROTOCOL}://{API_HOST}:{API_PORT} -PULP_KEYCLOAK_AUTH_PREFIX="auth/" +#PULP_KEYCLOAK_AUTH_PREFIX="auth/" +PULP_KEYCLOAK_AUTH_PREFIX="" PULP_KEYCLOAK_PROTOCOL=http PULP_KEYCLOAK_HOST=keycloak PULP_KEYCLOAK_HOST_LOOPBACK=localhost From 814dba8f628e03cd2ac34ec9ee9d9571ad851ecb Mon Sep 17 00:00:00 2001 From: James Tanner Date: Tue, 1 Oct 2024 17:02:10 -0400 Subject: [PATCH 5/8] Cleanup. No-Issue Signed-off-by: James Tanner --- profiles/keycloak/pulp_config.env | 8 -------- 1 file changed, 8 deletions(-) diff --git a/profiles/keycloak/pulp_config.env b/profiles/keycloak/pulp_config.env index 9e41f1d6b1..ba7d8edf04 100644 --- a/profiles/keycloak/pulp_config.env +++ b/profiles/keycloak/pulp_config.env @@ -9,7 +9,6 @@ PULP_GALAXY_DEPLOYMENT_MODE=standalone PULP_SOCIAL_AUTH_KEYCLOAK_KEY=automation-hub PULP_SOCIAL_AUTH_KEYCLOAK_SECRET=REALLYWELLKEPTSECRET PULP_SOCIAL_AUTH_LOGIN_REDIRECT_URL={API_PROTOCOL}://{API_HOST}:{API_PORT} -#PULP_KEYCLOAK_AUTH_PREFIX="auth/" PULP_KEYCLOAK_AUTH_PREFIX="" PULP_KEYCLOAK_PROTOCOL=http PULP_KEYCLOAK_HOST=keycloak @@ -22,10 +21,3 @@ KEYCLOAK_REDIRECT_URL="{API_PROTOCOL}://{API_HOST}:{API_PORT}/" # Integration test settings HUB_TEST_AUTHENTICATION_BACKEND="keycloak" HUB_TEST_MARKS=deployment_standalone or all or keycloak - -## RENDERED ... -#[root@a06dd698f808 /]# dynaconf list | grep -i keycloak | grep -i url -#SOCIAL_AUTH_KEYCLOAK_LOGOUT_URL None -#KEYCLOAK_URL 'http://keycloak:8080' -#SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL 'http://localhost:8080/auth/realms/aap/protocol/openid-connect/auth/' -#SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL 'http://keycloak:8080/auth/realms/aap/protocol/openid-connect/token/' From 92b78992b79f81d802d28673dcef137a403cc6a5 Mon Sep 17 00:00:00 2001 From: James Tanner Date: Tue, 1 Oct 2024 18:54:33 -0400 Subject: [PATCH 6/8] Lint ... No-Issue Signed-off-by: James Tanner --- galaxy_ng/app/dynaconf_hooks.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/galaxy_ng/app/dynaconf_hooks.py b/galaxy_ng/app/dynaconf_hooks.py index 9b1f5640fc..1110f5199f 100755 --- a/galaxy_ng/app/dynaconf_hooks.py +++ b/galaxy_ng/app/dynaconf_hooks.py @@ -100,8 +100,10 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: KEYCLOAK_REALM = settings.get("KEYCLOAK_REALM", default=None) KEYCLOAK_AUTH_PREFIX = settings.get("KEYCLOAK_AUTH_PREFIX", default="") - SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = settings.get("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL", default=None) - SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = settings.get("SOCIAL_AUTH_ACCESS_TOKEN_URL", default=None) + SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = \ + settings.get("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL", default=None) + SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = \ + settings.get("SOCIAL_AUTH_ACCESS_TOKEN_URL", default=None) # Add settings if Social Auth values are provided if all( @@ -145,7 +147,10 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: if SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL is None: data[ "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL" - ] = f"{data['KEYCLOAK_URL']}/{KEYCLOAK_AUTH_PREFIX}realms/{KEYCLOAK_REALM}/protocol/openid-connect/token/" + ] = ( + f"{data['KEYCLOAK_URL']}/{KEYCLOAK_AUTH_PREFIX}realms/" + f"{KEYCLOAK_REALM}/protocol/openid-connect/token/" + ) data["SOCIAL_AUTH_LOGIN_REDIRECT_URL"] = settings.get( "SOCIAL_AUTH_LOGIN_REDIRECT_URL", default="/ui/" From 3c56549273118bcbc1a2cc9e1d7340e743987965 Mon Sep 17 00:00:00 2001 From: James Tanner Date: Wed, 2 Oct 2024 11:01:56 -0400 Subject: [PATCH 7/8] Tests and more sensible defaults. No-Issue Signed-off-by: James Tanner --- galaxy_ng/app/dynaconf_hooks.py | 2 +- .../tests/unit/app/test_dynaconf_hooks.py | 74 ++++++++++++++++++- 2 files changed, 72 insertions(+), 4 deletions(-) diff --git a/galaxy_ng/app/dynaconf_hooks.py b/galaxy_ng/app/dynaconf_hooks.py index 1110f5199f..05b374ed9f 100755 --- a/galaxy_ng/app/dynaconf_hooks.py +++ b/galaxy_ng/app/dynaconf_hooks.py @@ -94,7 +94,7 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: SOCIAL_AUTH_KEYCLOAK_KEY = settings.get("SOCIAL_AUTH_KEYCLOAK_KEY", default=None) SOCIAL_AUTH_KEYCLOAK_SECRET = settings.get("SOCIAL_AUTH_KEYCLOAK_SECRET", default=None) SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = settings.get("SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY", default=None) - KEYCLOAK_PROTOCOL = settings.get("KEYCLOAK_PROTOCOL", default=None) + KEYCLOAK_PROTOCOL = settings.get("KEYCLOAK_PROTOCOL", default="https") KEYCLOAK_HOST = settings.get("KEYCLOAK_HOST", default=None) KEYCLOAK_PORT = settings.get("KEYCLOAK_PORT", default=None) KEYCLOAK_REALM = settings.get("KEYCLOAK_REALM", default=None) diff --git a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py index a9a1253a91..457917c50c 100644 --- a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py +++ b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py @@ -2,6 +2,7 @@ import pytest from galaxy_ng.app.dynaconf_hooks import post as post_hook +from galaxy_ng.app.dynaconf_hooks import configure_keycloak class SuperDict(dict): @@ -69,6 +70,16 @@ def validate(*args, **kwargs): "validators": SuperValidator(), } +BASE_KEYCLOAK_SETTINGS = { + "BASE_DIR": "templates", + "SOCIAL_AUTH_KEYCLOAK_KEY": "key123", + "SOCIAL_AUTH_KEYCLOAK_SECRET": "secret123", + "SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY": "pubkey123", + "KEYCLOAK_HOST": "mykeycloak", + "KEYCLOAK_PORT": 1337, + "KEYCLOAK_REALM": "aap", +} + @pytest.mark.parametrize( "do_stuff, extra_settings, expected_results", @@ -309,9 +320,7 @@ def validate(*args, **kwargs): ], ) def test_dynaconf_hooks_authentication_backends_and_classes( - do_stuff, - extra_settings, - expected_results + do_stuff, extra_settings, expected_results ): # skip test this way ... @@ -337,3 +346,62 @@ def test_dynaconf_hooks_authentication_backends_and_classes( print(e) """ assert new_settings.get(key) == val + + +@pytest.mark.parametrize( + "do_stuff, extra_settings, expected_results", + [ + ( + True, + {}, + { + "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"], + "KEYCLOAK_URL": "https://mykeycloak:1337", + "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL": + "https://mykeycloak:1337/realms/aap/protocol/openid-connect/auth/", + "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL": + "https://mykeycloak:1337/realms/aap/protocol/openid-connect/token/", + "GALAXY_AUTH_KEYCLOAK_ENABLED": True, + "GALAXY_FEATURE_FLAGS__external_authentication": True, + "GALAXY_TOKEN_EXPIRATION": 1440, + }, + ), + ( + True, + { + "KEYCLOAK_AUTH_PREFIX": "auth/", + "KEYCLOAK_PROTOCOL": "http", + "GALAXY_TOKEN_EXPIRATION": 0, + }, + { + "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"], + "KEYCLOAK_URL": "http://mykeycloak:1337", + "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL": + "http://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/auth/", + "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL": + "http://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/token/", + "GALAXY_AUTH_KEYCLOAK_ENABLED": True, + "GALAXY_FEATURE_FLAGS__external_authentication": True, + "GALAXY_TOKEN_EXPIRATION": 0, + }, + ), + ], +) +def test_dynaconf_hook_configure_keycloak(do_stuff, extra_settings, expected_results): + # skip test this way ... + if not do_stuff: + return + + xsettings = SuperDict() + xsettings.update(copy.deepcopy(BASE_KEYCLOAK_SETTINGS)) + if extra_settings: + xsettings.update(copy.deepcopy(extra_settings)) + + # don't allow the downstream to edit this data ... + xsettings.immutable = True + + # run the function and get the result ... + new_settings = configure_keycloak(xsettings) + + for key, val in expected_results.items(): + assert new_settings.get(key) == val From 03394bf15c21ae86369d02f22d1578d930e1cd8f Mon Sep 17 00:00:00 2001 From: James Tanner Date: Wed, 2 Oct 2024 11:30:37 -0400 Subject: [PATCH 8/8] Fix overrides and tests. No-Issue Signed-off-by: James Tanner --- galaxy_ng/app/dynaconf_hooks.py | 28 +++++++++++-------- .../tests/unit/app/test_dynaconf_hooks.py | 16 +++++++++++ 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/galaxy_ng/app/dynaconf_hooks.py b/galaxy_ng/app/dynaconf_hooks.py index 05b374ed9f..46d9123ee9 100755 --- a/galaxy_ng/app/dynaconf_hooks.py +++ b/galaxy_ng/app/dynaconf_hooks.py @@ -103,7 +103,7 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = \ settings.get("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL", default=None) SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = \ - settings.get("SOCIAL_AUTH_ACCESS_TOKEN_URL", default=None) + settings.get("SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL", default=None) # Add settings if Social Auth values are provided if all( @@ -131,20 +131,26 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: auth_url_str = "{keycloak}/{prefix}realms/{realm}/protocol/openid-connect/auth/" - if SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL is None: + if SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL is not None: + data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL + else: data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format( keycloak=data["KEYCLOAK_URL"], realm=KEYCLOAK_REALM, prefix=KEYCLOAK_AUTH_PREFIX ) - if data["KEYCLOAK_HOST_LOOPBACK"]: - loopback_url = "{protocol}://{host}:{port}".format( - protocol=KEYCLOAK_PROTOCOL, host=data["KEYCLOAK_HOST_LOOPBACK"], port=KEYCLOAK_PORT - ) - data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format( - keycloak=loopback_url, realm=KEYCLOAK_REALM, prefix=KEYCLOAK_AUTH_PREFIX - ) - - if SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL is None: + if data["KEYCLOAK_HOST_LOOPBACK"]: + loopback_url = "{protocol}://{host}:{port}".format( + protocol=KEYCLOAK_PROTOCOL, + host=data["KEYCLOAK_HOST_LOOPBACK"], + port=KEYCLOAK_PORT + ) + data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format( + keycloak=loopback_url, realm=KEYCLOAK_REALM, prefix=KEYCLOAK_AUTH_PREFIX + ) + + if SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL is not None: + data['SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL'] = SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL + else: data[ "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL" ] = ( diff --git a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py index 457917c50c..b11caedc45 100644 --- a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py +++ b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py @@ -385,6 +385,22 @@ def test_dynaconf_hooks_authentication_backends_and_classes( "GALAXY_TOKEN_EXPIRATION": 0, }, ), + ( + True, + { + "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL": + "httpZ://mykeycloAk:1339/auth__/realms/aap/protocol/openid-connect/auth/", + "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL": + "httpZ://mykeycloAk:1339/auth__/realms/aap/protocol/openid-connect/token/", + }, + { + "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL": + "httpZ://mykeycloAk:1339/auth__/realms/aap/protocol/openid-connect/auth/", + "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL": + "httpZ://mykeycloAk:1339/auth__/realms/aap/protocol/openid-connect/token/", + }, + ), + ], ) def test_dynaconf_hook_configure_keycloak(do_stuff, extra_settings, expected_results):