diff --git a/galaxy_ng/app/dynaconf_hooks.py b/galaxy_ng/app/dynaconf_hooks.py index 70c0f2992d..f81231c9af 100755 --- a/galaxy_ng/app/dynaconf_hooks.py +++ b/galaxy_ng/app/dynaconf_hooks.py @@ -104,7 +104,7 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]: # with /auth. In newer versions, that substring no longer exists. # There is a setting which can re-add that substring to make # a newer system operate similar to the old. - KEYCLOAK_KC_HTTP_RELATIVE_PATH = settings.get("KEYCLOAK_KC_HTTP_RELATIVE_PATH", default="") + KEYCLOAK_KC_HTTP_RELATIVE_PATH = settings.get("KEYCLOAK_KC_HTTP_RELATIVE_PATH", default="/auth") SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = \ settings.get("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL", default=None) diff --git a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py index 6d11e8ca7e..a897fe2881 100644 --- a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py +++ b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py @@ -358,9 +358,9 @@ def test_dynaconf_hooks_authentication_backends_and_classes( "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"], "KEYCLOAK_URL": "https://mykeycloak:1337", "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL": - "https://mykeycloak:1337/realms/aap/protocol/openid-connect/auth/", + "https://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/auth/", "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL": - "https://mykeycloak:1337/realms/aap/protocol/openid-connect/token/", + "https://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/token/", "GALAXY_AUTH_KEYCLOAK_ENABLED": True, "GALAXY_FEATURE_FLAGS__external_authentication": True, "GALAXY_TOKEN_EXPIRATION": 1440, @@ -369,7 +369,7 @@ def test_dynaconf_hooks_authentication_backends_and_classes( ( True, { - "KEYCLOAK_KC_HTTP_RELATIVE_PATH": "/auth", + "KEYCLOAK_KC_HTTP_RELATIVE_PATH": "", "KEYCLOAK_PROTOCOL": "http", "GALAXY_TOKEN_EXPIRATION": 0, }, @@ -377,9 +377,28 @@ def test_dynaconf_hooks_authentication_backends_and_classes( "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"], "KEYCLOAK_URL": "http://mykeycloak:1337", "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL": - "http://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/auth/", + "http://mykeycloak:1337/realms/aap/protocol/openid-connect/auth/", "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL": - "http://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/token/", + "http://mykeycloak:1337/realms/aap/protocol/openid-connect/token/", + "GALAXY_AUTH_KEYCLOAK_ENABLED": True, + "GALAXY_FEATURE_FLAGS__external_authentication": True, + "GALAXY_TOKEN_EXPIRATION": 0, + }, + ), + ( + True, + { + "KEYCLOAK_KC_HTTP_RELATIVE_PATH": "/mylittlepony", + "KEYCLOAK_PROTOCOL": "http", + "GALAXY_TOKEN_EXPIRATION": 0, + }, + { + "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"], + "KEYCLOAK_URL": "http://mykeycloak:1337", + "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL": + "http://mykeycloak:1337/mylittlepony/realms/aap/protocol/openid-connect/auth/", + "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL": + "http://mykeycloak:1337/mylittlepony/realms/aap/protocol/openid-connect/token/", "GALAXY_AUTH_KEYCLOAK_ENABLED": True, "GALAXY_FEATURE_FLAGS__external_authentication": True, "GALAXY_TOKEN_EXPIRATION": 0, diff --git a/profiles/keycloak/compose.yaml b/profiles/keycloak/compose.yaml index 87722612a6..9077f19e42 100644 --- a/profiles/keycloak/compose.yaml +++ b/profiles/keycloak/compose.yaml @@ -12,8 +12,8 @@ services: # - "UI_EXTERNAL_LOGIN_URI={API_PROTOCOL}://{API_HOST}:{API_PORT}/login" keycloak: - #image: quay.io/keycloak/keycloak:legacy - image: quay.io/keycloak/keycloak:latest + image: quay.io/keycloak/keycloak:legacy + #image: quay.io/keycloak/keycloak:latest environment: - DB_VENDOR=POSTGRES - DB_ADDR=kc-postgres @@ -25,12 +25,13 @@ services: - KEYCLOAK_ADMIN_PASSWORD=admin - KEYCLOAK_USER=admin - KEYCLOAK_PASSWORD=admin + #- KC_HTTP_RELATIVE_PATH=/auth ports: - 8080:8080 depends_on: - kc-postgres - ldap - command: ['start-dev'] + #command: ['start-dev'] kc-postgres: image: "postgres:12" diff --git a/profiles/keycloak/keycloak-playbook.yaml b/profiles/keycloak/keycloak-playbook.yaml index 8ce48db8c6..59072ea4b7 100644 --- a/profiles/keycloak/keycloak-playbook.yaml +++ b/profiles/keycloak/keycloak-playbook.yaml @@ -17,9 +17,7 @@ - name: Create or update AAP Keycloak realm community.general.keycloak_realm: auth_client_id: admin-cli - #auth_keycloak_url: http://keycloak:8080/auth - auth_keycloak_url: http://keycloak:8080 - #auth_keycloak_url: http://localhost:8080 + auth_keycloak_url: http://keycloak:8080/auth auth_realm: master auth_username: admin auth_password: admin @@ -33,8 +31,7 @@ - name: Create or update a Keycloak client community.general.keycloak_client: auth_client_id: admin-cli - #auth_keycloak_url: http://keycloak:8080/auth - auth_keycloak_url: http://keycloak:8080 + auth_keycloak_url: http://keycloak:8080/auth auth_realm: master auth_username: admin auth_password: admin @@ -161,8 +158,7 @@ - name: Create Token for service Keycloak uri: - #url: "http://keycloak:8080/auth/realms/master/protocol/openid-connect/token" - url: "http://keycloak:8080/realms/master/protocol/openid-connect/token" + url: "http://keycloak:8080/auth/realms/master/protocol/openid-connect/token" method: POST body_format: form-urlencoded body: @@ -240,8 +236,7 @@ - name: Create LDAP configuration uri: - #url: "http://keycloak:8080/auth/admin/realms/aap/components" - url: "http://keycloak:8080/admin/realms/aap/components" + url: "http://keycloak:8080/auth/admin/realms/aap/components" method: POST body_format: json body: "{{ ldap_config | to_json }}" @@ -256,8 +251,7 @@ - name: Get components uri: - #url: "http://keycloak:8080/auth/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider" - url: "http://keycloak:8080/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider" + url: "http://keycloak:8080/auth/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider" method: GET status_code: - 200 @@ -308,8 +302,7 @@ - name: Create LDAP group mapping uri: - #url: "http://keycloak:8080/auth/admin/realms/aap/components" - url: "http://keycloak:8080/admin/realms/aap/components" + url: "http://keycloak:8080/auth/admin/realms/aap/components" method: POST body_format: json body: "{{ ldap_group_mapper | to_json }}" @@ -324,8 +317,7 @@ - name: Get group mapper identifier uri: - #url: "http://keycloak:8080/auth/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group" - url: "http://keycloak:8080/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group" + url: "http://keycloak:8080/auth/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group" method: GET status_code: - 200 @@ -341,8 +333,7 @@ - name: Sync LDAP users uri: - #url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync" - url: "http://keycloak:8080/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync" + url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync" method: POST status_code: - 200 @@ -354,8 +345,7 @@ - name: Sync LDAP groups uri: - #url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak" - url: "http://keycloak:8080/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak" + url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak" method: POST status_code: - 200 @@ -373,8 +363,7 @@ client_id: automation-hub state: present auth_client_id: admin-cli - #auth_keycloak_url: http://keycloak:8080/auth - auth_keycloak_url: http://keycloak:8080 + auth_keycloak_url: http://keycloak:8080/auth auth_realm: master auth_username: admin auth_password: admin @@ -390,8 +379,7 @@ client_id: automation-hub state: present auth_client_id: admin-cli - #auth_keycloak_url: http://keycloak:8080/auth - auth_keycloak_url: http://keycloak:8080 + auth_keycloak_url: http://keycloak:8080/auth auth_realm: master auth_username: admin auth_password: admin @@ -399,8 +387,7 @@ - name: Get realm public key uri: - #url: "http://keycloak:8080/auth/realms/aap" - url: "http://keycloak:8080/realms/aap" + url: "http://keycloak:8080/auth/realms/aap" method: GET status_code: - 200 diff --git a/profiles/keycloak/pulp_config.env b/profiles/keycloak/pulp_config.env index ba7d8edf04..517242065a 100644 --- a/profiles/keycloak/pulp_config.env +++ b/profiles/keycloak/pulp_config.env @@ -17,6 +17,7 @@ PULP_KEYCLOAK_PORT=8080 PULP_KEYCLOAK_REALM=aap KEYCLOAK_REDIRECT_URL="{API_PROTOCOL}://{API_HOST}:{API_PORT}/" +# PULP_KEYCLOAK_KC_HTTP_RELATIVE_PATH="" # Integration test settings HUB_TEST_AUTHENTICATION_BACKEND="keycloak"