Merge branch 'master' into compose_profile_var

ansible · Oct 10, 2024 · e7a1089 · e7a1089
2 parents fee1bbc + b05b8d4
commit e7a1089
Show file tree

Hide file tree

Showing 11 changed files with 50 additions and 161 deletions.
diff --git a/galaxy_ng/app/dynaconf_hooks.py b/galaxy_ng/app/dynaconf_hooks.py
@@ -94,23 +94,11 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]:
     SOCIAL_AUTH_KEYCLOAK_KEY = settings.get("SOCIAL_AUTH_KEYCLOAK_KEY", default=None)
     SOCIAL_AUTH_KEYCLOAK_SECRET = settings.get("SOCIAL_AUTH_KEYCLOAK_SECRET", default=None)
     SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = settings.get("SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY", default=None)
-    KEYCLOAK_PROTOCOL = settings.get("KEYCLOAK_PROTOCOL", default="https")
+    KEYCLOAK_PROTOCOL = settings.get("KEYCLOAK_PROTOCOL", default=None)
     KEYCLOAK_HOST = settings.get("KEYCLOAK_HOST", default=None)
     KEYCLOAK_PORT = settings.get("KEYCLOAK_PORT", default=None)
     KEYCLOAK_REALM = settings.get("KEYCLOAK_REALM", default=None)
 
-    # https://www.keycloak.org/server/all-config
-    #   In prior versions of keycloak, the auth and token url paths began
-    #   with /auth. In newer versions, that substring no longer exists.
-    #   There is a setting which can re-add that substring to make
-    #   a newer system operate similar to the old.
-    KEYCLOAK_KC_HTTP_RELATIVE_PATH = settings.get("KEYCLOAK_KC_HTTP_RELATIVE_PATH", default="")
-
-    SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = \
-        settings.get("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL", default=None)
-    SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = \
-        settings.get("SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL", default=None)
-
     # Add settings if Social Auth values are provided
     if all(
         [
@@ -134,39 +122,21 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]:
         )
         data["KEYCLOAK_HOST_LOOPBACK"] = settings.get("KEYCLOAK_HOST_LOOPBACK", default=None)
         data["KEYCLOAK_URL"] = f"{KEYCLOAK_PROTOCOL}://{KEYCLOAK_HOST}:{KEYCLOAK_PORT}"
-
-        auth_url_str = "{keycloak}{prefix}/realms/{realm}/protocol/openid-connect/auth/"
-
-        if SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL is not None:
-            data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL
-        else:
+        auth_url_str = "{keycloak}/auth/realms/{realm}/protocol/openid-connect/auth/"
+        data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format(
+            keycloak=data["KEYCLOAK_URL"], realm=KEYCLOAK_REALM
+        )
+        if data["KEYCLOAK_HOST_LOOPBACK"]:
+            loopback_url = "{protocol}://{host}:{port}".format(
+                protocol=KEYCLOAK_PROTOCOL, host=data["KEYCLOAK_HOST_LOOPBACK"], port=KEYCLOAK_PORT
+            )
             data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format(
-                keycloak=data["KEYCLOAK_URL"],
-                realm=KEYCLOAK_REALM,
-                prefix=KEYCLOAK_KC_HTTP_RELATIVE_PATH
+                keycloak=loopback_url, realm=KEYCLOAK_REALM
             )
 
-            if data["KEYCLOAK_HOST_LOOPBACK"]:
-                loopback_url = "{protocol}://{host}:{port}".format(
-                    protocol=KEYCLOAK_PROTOCOL,
-                    host=data["KEYCLOAK_HOST_LOOPBACK"],
-                    port=KEYCLOAK_PORT
-                )
-                data["SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL"] = auth_url_str.format(
-                    keycloak=loopback_url,
-                    realm=KEYCLOAK_REALM,
-                    prefix=KEYCLOAK_KC_HTTP_RELATIVE_PATH
-                )
-
-        if SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL is not None:
-            data['SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL'] = SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL
-        else:
-            data[
-                "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL"
-            ] = (
-                f"{data['KEYCLOAK_URL']}{KEYCLOAK_KC_HTTP_RELATIVE_PATH}/realms/"
-                f"{KEYCLOAK_REALM}/protocol/openid-connect/token/"
-            )
+        data[
+            "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL"
+        ] = f"{data['KEYCLOAK_URL']}/auth/realms/{KEYCLOAK_REALM}/protocol/openid-connect/token/"
 
         data["SOCIAL_AUTH_LOGIN_REDIRECT_URL"] = settings.get(
             "SOCIAL_AUTH_LOGIN_REDIRECT_URL", default="/ui/"

diff --git a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py
@@ -2,7 +2,6 @@
 import pytest
 
 from galaxy_ng.app.dynaconf_hooks import post as post_hook
-from galaxy_ng.app.dynaconf_hooks import configure_keycloak
 
 
 class SuperDict(dict):
@@ -70,16 +69,6 @@ def validate(*args, **kwargs):
     "validators": SuperValidator(),
 }
 
-BASE_KEYCLOAK_SETTINGS = {
-    "BASE_DIR": "templates",
-    "SOCIAL_AUTH_KEYCLOAK_KEY": "key123",
-    "SOCIAL_AUTH_KEYCLOAK_SECRET": "secret123",
-    "SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY": "pubkey123",
-    "KEYCLOAK_HOST": "mykeycloak",
-    "KEYCLOAK_PORT": 1337,
-    "KEYCLOAK_REALM": "aap",
-}
-
 
 @pytest.mark.parametrize(
     "do_stuff, extra_settings, expected_results",
@@ -320,7 +309,9 @@ def validate(*args, **kwargs):
     ],
 )
 def test_dynaconf_hooks_authentication_backends_and_classes(
-    do_stuff, extra_settings, expected_results
+    do_stuff,
+    extra_settings,
+    expected_results
 ):
 
     # skip test this way ...
@@ -346,78 +337,3 @@ def test_dynaconf_hooks_authentication_backends_and_classes(
             print(e)
         """
         assert new_settings.get(key) == val
-
-
-@pytest.mark.parametrize(
-    "do_stuff, extra_settings, expected_results",
-    [
-        (
-            True,
-            {},
-            {
-                "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"],
-                "KEYCLOAK_URL": "https://mykeycloak:1337",
-                "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL":
-                    "https://mykeycloak:1337/realms/aap/protocol/openid-connect/auth/",
-                "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL":
-                    "https://mykeycloak:1337/realms/aap/protocol/openid-connect/token/",
-                "GALAXY_AUTH_KEYCLOAK_ENABLED": True,
-                "GALAXY_FEATURE_FLAGS__external_authentication": True,
-                "GALAXY_TOKEN_EXPIRATION": 1440,
-            },
-        ),
-        (
-            True,
-            {
-                "KEYCLOAK_KC_HTTP_RELATIVE_PATH": "/auth",
-                "KEYCLOAK_PROTOCOL": "http",
-                "GALAXY_TOKEN_EXPIRATION": 0,
-            },
-            {
-                "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"],
-                "KEYCLOAK_URL": "http://mykeycloak:1337",
-                "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL":
-                    "http://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/auth/",
-                "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL":
-                    "http://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/token/",
-                "GALAXY_AUTH_KEYCLOAK_ENABLED": True,
-                "GALAXY_FEATURE_FLAGS__external_authentication": True,
-                "GALAXY_TOKEN_EXPIRATION": 0,
-            },
-        ),
-        (
-            True,
-            {
-                "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL":
-                    "httpZ://mykeycloAk:1339/auth__/realms/aap/protocol/openid-connect/auth/",
-                "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL":
-                    "httpZ://mykeycloAk:1339/auth__/realms/aap/protocol/openid-connect/token/",
-            },
-            {
-                "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL":
-                    "httpZ://mykeycloAk:1339/auth__/realms/aap/protocol/openid-connect/auth/",
-                "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL":
-                    "httpZ://mykeycloAk:1339/auth__/realms/aap/protocol/openid-connect/token/",
-            },
-        ),
-
-    ],
-)
-def test_dynaconf_hook_configure_keycloak(do_stuff, extra_settings, expected_results):
-    # skip test this way ...
-    if not do_stuff:
-        return
-
-    xsettings = SuperDict()
-    xsettings.update(copy.deepcopy(BASE_KEYCLOAK_SETTINGS))
-    if extra_settings:
-        xsettings.update(copy.deepcopy(extra_settings))
-
-    # don't allow the downstream to edit this data ...
-    xsettings.immutable = True
-
-    # run the function and get the result ...
-    new_settings = configure_keycloak(xsettings)
-
-    for key, val in expected_results.items():
-        assert new_settings.get(key) == val
diff --git a/profiles/base/pulp_config.env b/profiles/base/pulp_config.env
@@ -35,3 +35,6 @@ HUB_TEST_MARKS=deployment_standalone or all
 
 # role content workaround ..
 PULP_ANSIBLE_BASE_ROLES_REQUIRE_VIEW=false
+
+# Disable DAB RESOURCE SYNC to avoid debugging messages
+PULP_RESOURCE_SERVER_SYNC_ENABLED=false
diff --git a/profiles/community/pulp_config.env b/profiles/community/pulp_config.env
@@ -34,3 +34,6 @@ PULP_GALAXY_CONTAINER_SIGNING_SERVICE='@none None'
 # Integration test settings
 HUB_TEST_AUTHENTICATION_BACKEND="community"
 HUB_TEST_MARKS="deployment_community"
+
+# Disable DAB RESOURCE SYNC to avoid debugging messages
+PULP_RESOURCE_SERVER_SYNC_ENABLED=false
diff --git a/profiles/dab/pulp_config.env b/profiles/dab/pulp_config.env
@@ -26,3 +26,6 @@ PULP_ALLOW_LOCAL_RESOURCE_MANAGEMENT=false
 
 # role content workaround ..
 PULP_ANSIBLE_BASE_ROLES_REQUIRE_VIEW=false
+
+# Disable DAB RESOURCE SYNC to avoid debugging messages
+PULP_RESOURCE_SERVER_SYNC_ENABLED=false
diff --git a/profiles/dab_jwt/pulp_config.env b/profiles/dab_jwt/pulp_config.env
@@ -26,3 +26,6 @@ PULP_ALLOW_LOCAL_RESOURCE_MANAGEMENT=false
 
 # role content workaround ..
 PULP_ANSIBLE_BASE_ROLES_REQUIRE_VIEW=false
+
+# Disable DAB RESOURCE SYNC to avoid debugging messages
+PULP_RESOURCE_SERVER_SYNC_ENABLED=false
diff --git a/profiles/insights/pulp_config.env b/profiles/insights/pulp_config.env
@@ -17,3 +17,6 @@ HUB_AUTH_URL={API_PROTOCOL}://{API_HOST}:{INSIGHTS_PROXY_PORT}/auth/realms/redha
 HUB_API_ROOT={API_PROTOCOL}://{API_HOST}:{INSIGHTS_PROXY_PORT}{PULP_GALAXY_API_PATH_PREFIX}
 HUB_LOCAL=0
 HUB_TEST_MARKS=deployment_cloud or all
+
+# Disable DAB RESOURCE SYNC to avoid debugging messages
+PULP_RESOURCE_SERVER_SYNC_ENABLED=false
diff --git a/profiles/keycloak/compose.yaml b/profiles/keycloak/compose.yaml
@@ -12,25 +12,21 @@ services:
   #     - "UI_EXTERNAL_LOGIN_URI={API_PROTOCOL}://{API_HOST}:{API_PORT}/login"
 
   keycloak:
-    #image: quay.io/keycloak/keycloak:legacy
-    image: quay.io/keycloak/keycloak:latest
+    image: quay.io/keycloak/keycloak:legacy
     environment:
       - DB_VENDOR=POSTGRES
       - DB_ADDR=kc-postgres
       - DB_DATABASE=keycloak
       - DB_USER=keycloak
       - DB_SCHEMA=public
       - DB_PASSWORD=keycloak
-      - KEYCLOAK_ADMIN=admin
-      - KEYCLOAK_ADMIN_PASSWORD=admin
       - KEYCLOAK_USER=admin
       - KEYCLOAK_PASSWORD=admin
     ports:
       - 8080:8080
     depends_on:
       - kc-postgres
       - ldap
-    command: ['start-dev']
 
   kc-postgres:
     image: "postgres:12"

diff --git a/profiles/keycloak/keycloak-playbook.yaml b/profiles/keycloak/keycloak-playbook.yaml
@@ -17,9 +17,7 @@
     - name: Create or update AAP Keycloak realm
       community.general.keycloak_realm:
         auth_client_id: admin-cli
-        #auth_keycloak_url: http://keycloak:8080/auth
-        auth_keycloak_url: http://keycloak:8080
-        #auth_keycloak_url: http://localhost:8080
+        auth_keycloak_url: http://keycloak:8080/auth
         auth_realm: master
         auth_username: admin
         auth_password: admin
@@ -33,8 +31,7 @@
     - name: Create or update a Keycloak client
       community.general.keycloak_client:
         auth_client_id: admin-cli
-        #auth_keycloak_url: http://keycloak:8080/auth
-        auth_keycloak_url: http://keycloak:8080
+        auth_keycloak_url: http://keycloak:8080/auth
         auth_realm: master
         auth_username: admin
         auth_password: admin
@@ -161,8 +158,7 @@
 
     - name: Create Token for service Keycloak
       uri:
-        #url: "http://keycloak:8080/auth/realms/master/protocol/openid-connect/token"
-        url: "http://keycloak:8080/realms/master/protocol/openid-connect/token"
+        url: "http://keycloak:8080/auth/realms/master/protocol/openid-connect/token"
         method: POST
         body_format: form-urlencoded
         body:
@@ -240,8 +236,7 @@
 
     - name: Create LDAP configuration
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/components"
-        url: "http://keycloak:8080/admin/realms/aap/components"
+        url: "http://keycloak:8080/auth/admin/realms/aap/components"
         method: POST
         body_format: json
         body: "{{ ldap_config | to_json }}"
@@ -256,8 +251,7 @@
 
     - name: Get components
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider"
-        url: "http://keycloak:8080/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider"
+        url: "http://keycloak:8080/auth/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider"
         method: GET
         status_code:
         - 200
@@ -308,8 +302,7 @@
 
     - name: Create LDAP group mapping
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/components"
-        url: "http://keycloak:8080/admin/realms/aap/components"
+        url: "http://keycloak:8080/auth/admin/realms/aap/components"
         method: POST
         body_format: json
         body: "{{ ldap_group_mapper | to_json }}"
@@ -324,8 +317,7 @@
 
     - name: Get group mapper identifier
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group"
-        url: "http://keycloak:8080/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group"
+        url: "http://keycloak:8080/auth/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group"
         method: GET
         status_code:
         - 200
@@ -341,8 +333,7 @@
 
     - name: Sync LDAP users
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync"
-        url: "http://keycloak:8080/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync"
+        url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync"
         method: POST
         status_code:
         - 200
@@ -354,8 +345,7 @@
 
     - name: Sync LDAP groups
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak"
-        url: "http://keycloak:8080/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak"
+        url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak"
         method: POST
         status_code:
         - 200
@@ -373,8 +363,7 @@
         client_id: automation-hub
         state: present
         auth_client_id: admin-cli
-        #auth_keycloak_url: http://keycloak:8080/auth
-        auth_keycloak_url: http://keycloak:8080
+        auth_keycloak_url: http://keycloak:8080/auth
         auth_realm: master
         auth_username: admin
         auth_password: admin
@@ -390,17 +379,15 @@
         client_id: automation-hub
         state: present
         auth_client_id: admin-cli
-        #auth_keycloak_url: http://keycloak:8080/auth
-        auth_keycloak_url: http://keycloak:8080
+        auth_keycloak_url: http://keycloak:8080/auth
         auth_realm: master
         auth_username: admin
         auth_password: admin
       # loop: "{{ user_list.json}}"
 
     - name: Get realm public key
       uri:
-        #url: "http://keycloak:8080/auth/realms/aap"
-        url: "http://keycloak:8080/realms/aap"
+        url: "http://keycloak:8080/auth/realms/aap"
         method: GET
         status_code:
         - 200

diff --git a/profiles/keycloak/pulp_config.env b/profiles/keycloak/pulp_config.env
@@ -9,7 +9,6 @@ PULP_GALAXY_DEPLOYMENT_MODE=standalone
 PULP_SOCIAL_AUTH_KEYCLOAK_KEY=automation-hub
 PULP_SOCIAL_AUTH_KEYCLOAK_SECRET=REALLYWELLKEPTSECRET
 PULP_SOCIAL_AUTH_LOGIN_REDIRECT_URL={API_PROTOCOL}://{API_HOST}:{API_PORT}
-PULP_KEYCLOAK_AUTH_PREFIX=""
 PULP_KEYCLOAK_PROTOCOL=http
 PULP_KEYCLOAK_HOST=keycloak
 PULP_KEYCLOAK_HOST_LOOPBACK=localhost
@@ -21,3 +20,6 @@ KEYCLOAK_REDIRECT_URL="{API_PROTOCOL}://{API_HOST}:{API_PORT}/"
 # Integration test settings
 HUB_TEST_AUTHENTICATION_BACKEND="keycloak"
 HUB_TEST_MARKS=deployment_standalone or all or keycloak
+
+# Disable DAB RESOURCE SYNC to avoid debugging messages
+PULP_RESOURCE_SERVER_SYNC_ENABLED=false
diff --git a/profiles/ldap/pulp_config.env b/profiles/ldap/pulp_config.env
@@ -31,3 +31,6 @@ PULP_GALAXY_LDAP_LOGGING=true
 # Integration test settings
 HUB_TEST_AUTHENTICATION_BACKEND="ldap"
 HUB_TEST_MARKS=(deployment_standalone or all or ldap) and not iqe_ldap
+
+# Disable DAB RESOURCE SYNC to avoid debugging messages
+PULP_RESOURCE_SERVER_SYNC_ENABLED=false