Skip to content

Commit

Permalink
- Added proof on concept for tdp based kibana auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@elipe17
elipe17 committed Dec 8, 2023
1 parent 5f0fddf commit 15d4019
Show file tree
Hide file tree
Showing 7 changed files with 39 additions and 3 deletions.
1 change: 1 addition & 0 deletions tdrs-backend/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ services:
- CYPRESS_TOKEN
- DJANGO_DEBUG
- SENDGRID_API_KEY
- BYPASS_KIBANA_AUTH
volumes:
- .:/tdpapp
image: tdp
Expand Down
4 changes: 3 additions & 1 deletion tdrs-backend/tdpservice/settings/common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -465,11 +465,13 @@ class Common(Configuration):
}
}

# Elastic
# Elastic/Kibana
ELASTICSEARCH_DSL = {
'default': {
'hosts': os.getenv('ELASTIC_HOST', 'elastic:9200'),
},
}
KIBANA_BASE_URL = os.getenv('KIBANA_BASE_URL', 'http://localhost:5601')
BYPASS_KIBANA_AUTH = os.getenv("BYPASS_KIBANA_AUTH", 0)

CYPRESS_TOKEN = os.getenv('CYPRESS_TOKEN', None)
3 changes: 2 additions & 1 deletion tdrs-backend/tdpservice/urls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
from rest_framework.permissions import AllowAny


from .users.api.authorization_check import AuthorizationCheck
from .users.api.authorization_check import AuthorizationCheck, KibanaAuthorizationCheck
from .users.api.login import TokenAuthorizationLoginDotGov, TokenAuthorizationAMS
from .users.api.login import CypressLoginDotGovAuthenticationOverride
from .users.api.login_redirect_oidc import LoginRedirectAMS, LoginRedirectLoginDotGov
Expand Down Expand Up @@ -52,6 +52,7 @@
urlpatterns = [
path("v1/", include(urlpatterns)),
path("admin/", admin.site.urls, name="admin"),
path("kibana/", KibanaAuthorizationCheck.as_view(), name="kibana-authorization-check"),
] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

# TODO: Supply `terms_of_service` argument in OpenAPI Info once implemented
Expand Down
18 changes: 18 additions & 0 deletions tdrs-backend/tdpservice/users/api/authorization_check.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
from rest_framework.response import Response
from rest_framework.views import APIView
from ..serializers import UserProfileSerializer
from django.http import HttpResponseRedirect
from django.conf import settings

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -47,3 +49,19 @@ def get(self, request, *args, **kwargs):
else:
logger.info("Auth check FAIL for user on %s", timezone.now())
return Response({"authenticated": False})

class KibanaAuthorizationCheck(APIView):
"""Check if user is authorized to view Kibana."""

query_string = False
pattern_name = "kibana-authorization-check"
permission_classes = [AllowAny]

def get(self, request, *args, **kwargs):
"""Handle get request and verify user is authorized."""
user = request.user

if (user.is_authenticated and user.hhs_id is not None) or settings.BYPASS_KIBANA_AUTH:
return HttpResponseRedirect(settings.KIBANA_BASE_URL)
else:
return HttpResponseRedirect(settings.FRONTEND_BASE_URL)
2 changes: 1 addition & 1 deletion tdrs-frontend/nginx/local/locations.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ location = /nginx_status {
deny all;
}

location ~ ^/(v1|admin|static/admin|swagger|redocs) {
location ~ ^/(v1|admin|static/admin|swagger|redocs|kibana) {
limit_req zone=limitreqsbyaddr delay=5;
proxy_pass http://${BACK_END}:8080$request_uri;
proxy_set_header Host $host:3000;
Expand Down
7 changes: 7 additions & 0 deletions tdrs-frontend/src/components/Header/Header.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,13 @@ function Header() {
href={`${process.env.REACT_APP_BACKEND_HOST}/admin/`}
/>
)}
{userIsAdmin && (
<NavItem
pathname={pathname}
tabTitle="Kibana"
href={`${process.env.REACT_APP_BACKEND_HOST}/kibana/`}
/>
)}
</>
)}
</ul>
Expand Down
7 changes: 7 additions & 0 deletions tdrs-frontend/src/components/SiteMap/SiteMap.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,13 @@ const SiteMap = ({ user }) => {
link={`${process.env.REACT_APP_BACKEND_HOST}/admin/`}
/>
)}

{userIsAdmin && (
<SiteMap.Link
text="Kibana"
link={`${process.env.REACT_APP_BACKEND_HOST}/kibana/`}
/>
)}
</div>
)
}
Expand Down

0 comments on commit 15d4019

Please sign in to comment.