This is an automated email from the ASF dual-hosted git repository. lfrolov pushed a commit to branch DATALAB-3073 in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit a6a4e06fb49d60771cc268c09aed35d986826836 Author: leonidfrolov <[email protected]> AuthorDate: Tue Oct 11 17:59:39 2022 +0300 [DATALAB-3073]: added notebook keycloak client creation --- .../src/base/scripts/configure_keycloak.py | 20 ++++++++--- .../src/general/lib/os/fab.py | 8 ++--- .../src/general/scripts/gcp/jupyter_configure.py | 41 ++++++++++++++++++++++ 3 files changed, 61 insertions(+), 8 deletions(-) diff --git a/infrastructure-provisioning/src/base/scripts/configure_keycloak.py b/infrastructure-provisioning/src/base/scripts/configure_keycloak.py index 5974b2c45..516a8ab52 100644 --- a/infrastructure-provisioning/src/base/scripts/configure_keycloak.py +++ b/infrastructure-provisioning/src/base/scripts/configure_keycloak.py @@ -40,6 +40,7 @@ parser.add_argument('--instance_public_ip', type=str, default='') parser.add_argument('--hostname', type=str, default='') parser.add_argument('--project_name', type=str, default='') parser.add_argument('--endpoint_name', type=str, default='') +parser.add_argument('--exploratory_name', type=str, default='') args = parser.parse_args() ############## @@ -50,6 +51,7 @@ if __name__ == "__main__": logging.info('[CONFIGURE KEYCLOAK]') keycloak_auth_server_url = '{}/realms/master/protocol/openid-connect/token'.format( args.keycloak_auth_server_url) + keycloak_auth_data = { "username": args.keycloak_user, "password": args.keycloak_user_password, @@ -63,26 +65,36 @@ if __name__ == "__main__": keycloak_client_create_url = '{0}/admin/realms/{1}/clients'.format(args.keycloak_auth_server_url, args.keycloak_realm_name) if args.project_name and args.endpoint_name: - keycloak_client_name = "{0}-{1}-{2}".format(args.service_base_name, args.project_name, args.endpoint_name) + if args.exploratory_name: + keycloak_client_name = "{0}-{1}-{2}-{3}".format(args.service_base_name, args.project_name, + args.endpoint_name, args.exploratory_name) + else: + keycloak_client_name = "{0}-{1}-{2}".format(args.service_base_name, args.project_name, + args.endpoint_name) else: keycloak_client_name = "{0}-ui".format(args.service_base_name) + keycloak_client_id = str(uuid.uuid4()) - if args.hostname == '': + + if not args.hostname: keycloak_redirectUris = 'https://{0}/*,http://{0}/*'.format(args.instance_public_ip).lower().split(',') else: keycloak_redirectUris = 'https://{0}/*,http://{0}/*,https://{1}/*,http://{1}/*'.format( args.instance_public_ip, args.hostname).lower().split(',') + keycloak_client_data = { "clientId": keycloak_client_name, "id": keycloak_client_id, "enabled": "true", - "redirectUris": keycloak_redirectUris, "publicClient": "false", "secret": args.keycloak_client_secret, "protocol": "openid-connect", } - if not args.project_name: + if not args.exploratory_name: + keycloak_client_data["redirectUris"] = keycloak_redirectUris + + if args.exploratory_name or not args.project_name: keycloak_client_data["serviceAccountsEnabled"] = "true" try: diff --git a/infrastructure-provisioning/src/general/lib/os/fab.py b/infrastructure-provisioning/src/general/lib/os/fab.py index 923fa3d89..62a464e3e 100644 --- a/infrastructure-provisioning/src/general/lib/os/fab.py +++ b/infrastructure-provisioning/src/general/lib/os/fab.py @@ -40,7 +40,7 @@ from patchwork import files # general functions for all resources -def init_datalab_connection(hostname, username, keyfile, reserve_user=''): +def init_datalab_connection(hostname, username, keyfile, reserve_user='', run_echo=True): try: global conn if reserve_user: @@ -52,11 +52,11 @@ def init_datalab_connection(hostname, username, keyfile, reserve_user=''): while attempt < 15: logging.info('connection attempt {} with user {}'.format(attempt, user)) conn = Connection(host=hostname, user=user, connect_kwargs={'banner_timeout': 200, - 'key_filename': keyfile}) - conn.config.run.echo = True + 'key_filename': keyfile}) + conn.config.run.echo = run_echo try: conn.run('hostname') - conn.config.run.echo = True + conn.config.run.echo = run_echo return conn except: attempt += 1 diff --git a/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py index caa17e17d..5e972b84e 100644 --- a/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py +++ b/infrastructure-provisioning/src/general/scripts/gcp/jupyter_configure.py @@ -31,6 +31,7 @@ import sys import traceback import subprocess from fabric import * +import uuid if __name__ == "__main__": try: @@ -205,6 +206,46 @@ if __name__ == "__main__": datalab.fab.append_result("Failed to setup git credentials.", str(err)) GCPActions.remove_instance(notebook_config['instance_name'], notebook_config['zone']) sys.exit(1) + + try: + logging.info('[SETUP KEYCLOAK CLIENT]') + notebook_config['keycloak_client_name'] = '{}-{}-{}-{}'\ + .format(notebook_config['service_base_name'], notebook_config['project_name'], + notebook_config['endpoint_name'], notebook_config['exploratory_name']) + notebook_config['keycloak_client_secret'] = str(uuid.uuid4()) + keycloak_params = "--service_base_name {} --keycloak_auth_server_url {} --keycloak_realm_name {} " \ + "--keycloak_user {} --keycloak_user_password {} --keycloak_client_secret {} " \ + "--project_name {} --endpoint_name {} --exploratory_name {}"\ + .format(notebook_config['service_base_name'], os.environ['keycloak_auth_server_url'], + os.environ['keycloak_realm_name'], os.environ['keycloak_user'], + os.environ['keycloak_user_password'], notebook_config['keycloak_client_secret'], + notebook_config['project_name'], notebook_config['endpoint_name'], + notebook_config['exploratory_name']) + try: + subprocess.run("~/scripts/{}.py {}".format('configure_keycloak', keycloak_params), shell=True, check=True) + except: + datalab.fab.append_result("Failed setup keycloak client") + raise Exception + + try: + conn = datalab.fab.init_datalab_connection(instance_hostname, notebook_config['datalab_ssh_user'], + notebook_config['ssh_key_path'], '', False) + + with open("/home/datalab-user/template.json") as py3kernel: + content = json.loads(py3kernel.read()) + content['env']['KEYCLOAK_CLIENT'] = notebook_config['keycloak_client_name'] + content['env']['KEYCLOAK_SECRET'] = notebook_config['keycloak_client_secret'] + print(content['env']) + with open("/home/datalab-user/template.json", 'w') as py3kernel: + py3kernel.write(json.dumps(content)) + except: + datalab.fab.append_result("Failed to write variables to .bashrc") + raise Exception + + except Exception as err: + datalab.fab.append_result("Failed setup keycloak client ", str(err)) + GCPActions.remove_instance(notebook_config['instance_name'], notebook_config['zone']) + sys.exit(1) if notebook_config['image_enabled'] == 'true': try: --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
