mirror of
https://github.com/samply/bridgehead.git
synced 2025-06-16 21:50:14 +02:00
Remove OIDC configuration in BBMRI
This commit is contained in:
David Juarez
@ -23,6 +23,18 @@ services:
|
|||||||
- "traefik.http.routers.exporter_bbmri.tls=true"
|
- "traefik.http.routers.exporter_bbmri.tls=true"
|
||||||
- "traefik.http.middlewares.exporter_bbmri_strip.stripprefix.prefixes=/bbmri-exporter"
|
- "traefik.http.middlewares.exporter_bbmri_strip.stripprefix.prefixes=/bbmri-exporter"
|
||||||
- "traefik.http.routers.exporter_bbmri.middlewares=exporter_bbmri_strip"
|
- "traefik.http.routers.exporter_bbmri.middlewares=exporter_bbmri_strip"
|
||||||
|
# Main router
|
||||||
|
- "traefik.http.routers.exporter_bbmri.priority=20"
|
||||||
|
|
||||||
|
# API router
|
||||||
|
- "traefik.http.routers.exporter_bbmri_api.middlewares=exporter_bbmri_strip,exporter_auth"
|
||||||
|
- "traefik.http.routers.exporter_bbmri_api.rule=PathRegexp(`/bbmri-exporter/.+`)"
|
||||||
|
- "traefik.http.routers.exporter_bbmri_api.tls=true"
|
||||||
|
- "traefik.http.routers.exporter_bbmri_api.priority=25"
|
||||||
|
|
||||||
|
# Shared middlewares
|
||||||
|
- "traefik.http.middlewares.exporter_auth.basicauth.users=${EXPORTER_USER}"
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/cache/bridgehead/bbmri/exporter-files:/app/exporter-files/output"
|
- "/var/cache/bridgehead/bbmri/exporter-files:/app/exporter-files/output"
|
||||||
|
|
||||||
@ -65,3 +77,12 @@ services:
|
|||||||
- "traefik.http.routers.reporter_bbmri.tls=true"
|
- "traefik.http.routers.reporter_bbmri.tls=true"
|
||||||
- "traefik.http.middlewares.reporter_bbmri_strip.stripprefix.prefixes=/bbmri-reporter"
|
- "traefik.http.middlewares.reporter_bbmri_strip.stripprefix.prefixes=/bbmri-reporter"
|
||||||
- "traefik.http.routers.reporter_bbmri.middlewares=reporter_bbmri_strip"
|
- "traefik.http.routers.reporter_bbmri.middlewares=reporter_bbmri_strip"
|
||||||
|
- "traefik.http.routers.reporter_bbmri.priority=20"
|
||||||
|
|
||||||
|
#- "traefik.http.routers.reporter_bbmri.middlewares=reporter_bbmri_strip,exporter_auth"
|
||||||
|
- "traefik.http.routers.reporter_bbmri_api.middlewares=reporter_bbmri_strip,exporter_auth"
|
||||||
|
- "traefik.http.routers.reporter_bbmri_api.rule=PathRegexp(`/bbmri-reporter/.+`)"
|
||||||
|
- "traefik.http.routers.reporter_bbmri_api.tls=true"
|
||||||
|
- "traefik.http.routers.reporter_bbmri_api.priority=25"
|
||||||
|
#- "traefik.http.middlewares.reporter_auth.basicauth.users=${EXPORTER_USER}"
|
||||||
|
|
||||||
|
|||||||
@ -5,4 +5,11 @@ if [ "$ENABLE_EXPORTER" == true ]; then
|
|||||||
OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
|
OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
|
||||||
EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||||
EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
|
EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
|
||||||
|
|
||||||
|
if [ -z "$EXPORTER_USER" ]; then
|
||||||
|
log "INFO" "Now generating basic auth for the exporter and reporter (see adduser in bridgehead for more information). "
|
||||||
|
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
|
||||||
|
add_basic_auth_user $PROJECT $generated_passwd "EXPORTER_USER" $PROJECT
|
||||||
|
fi
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -33,7 +33,6 @@ services:
|
|||||||
TEILER_BACKEND_URL: "https://${HOST}/bbmri-teiler-backend"
|
TEILER_BACKEND_URL: "https://${HOST}/bbmri-teiler-backend"
|
||||||
TEILER_DASHBOARD_URL: "https://${HOST}/bbmri-teiler-dashboard"
|
TEILER_DASHBOARD_URL: "https://${HOST}/bbmri-teiler-dashboard"
|
||||||
OIDC_URL: "${OIDC_URL}"
|
OIDC_URL: "${OIDC_URL}"
|
||||||
OIDC_REALM: "${OIDC_REALM}"
|
|
||||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
||||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
||||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||||
@ -69,6 +68,3 @@ services:
|
|||||||
TEILER_DASHBOARD_DE_URL: "https://${HOST}/bbmri-teiler-dashboard/de"
|
TEILER_DASHBOARD_DE_URL: "https://${HOST}/bbmri-teiler-dashboard/de"
|
||||||
TEILER_DASHBOARD_EN_URL: "https://${HOST}/bbmri-teiler-dashboard/en"
|
TEILER_DASHBOARD_EN_URL: "https://${HOST}/bbmri-teiler-dashboard/en"
|
||||||
HTTP_PROXY: "http://forward_proxy:3128"
|
HTTP_PROXY: "http://forward_proxy:3128"
|
||||||
ENABLE_MTBA: "${ENABLE_MTBA}"
|
|
||||||
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
|
|
||||||
IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active
|
|
||||||
|
|||||||
12
bbmri/vars
12
bbmri/vars
@ -13,18 +13,6 @@ echo $PRIVATEKEYFILENAME
|
|||||||
|
|
||||||
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
|
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
|
||||||
|
|
||||||
|
|
||||||
# TODO: Adapt Teiler to work without exporter. Then, remove the following OIDC configuration:
|
|
||||||
OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
|
|
||||||
OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
|
|
||||||
OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
|
|
||||||
OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
|
|
||||||
# Use "test-realm-01" for testing
|
|
||||||
OIDC_REALM="${OIDC_REALM:-master}"
|
|
||||||
OIDC_URL="https://login.verbis.dkfz.de"
|
|
||||||
OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
|
|
||||||
OIDC_GROUP_CLAIM="groups"
|
|
||||||
|
|
||||||
POSTGRES_TAG=15.6-alpine
|
POSTGRES_TAG=15.6-alpine
|
||||||
|
|
||||||
for module in $PROJECT/modules/*.sh
|
for module in $PROJECT/modules/*.sh
|
||||||
|
|||||||
@ -45,7 +45,6 @@ services:
|
|||||||
OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
|
OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
|
||||||
OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
|
OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
|
||||||
OIDC_URL: "${OIDC_URL}"
|
OIDC_URL: "${OIDC_URL}"
|
||||||
OIDC_REALM: "${OIDC_REALM}"
|
|
||||||
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
||||||
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
||||||
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
||||||
@ -141,7 +140,7 @@ services:
|
|||||||
--client-id="${OIDC_PRIVATE_CLIENT_ID}"
|
--client-id="${OIDC_PRIVATE_CLIENT_ID}"
|
||||||
--client-secret="${OIDC_CLIENT_SECRET}"
|
--client-secret="${OIDC_CLIENT_SECRET}"
|
||||||
--redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
|
--redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
|
||||||
--oidc-issuer-url="${OIDC_ISSUER_URL}"
|
--oidc-issuer-url="${OIDC_URL}"
|
||||||
--scope="openid email profile"
|
--scope="openid email profile"
|
||||||
--code-challenge-method="S256"
|
--code-challenge-method="S256"
|
||||||
--skip-provider-button=true
|
--skip-provider-button=true
|
||||||
|
|||||||
@ -23,7 +23,6 @@ services:
|
|||||||
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
||||||
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
||||||
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
||||||
OIDC_REALM: "${OIDC_REALM}"
|
|
||||||
OIDC_URL: "${OIDC_URL}"
|
OIDC_URL: "${OIDC_URL}"
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
|
|||||||
@ -33,7 +33,6 @@ services:
|
|||||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
||||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
||||||
OIDC_URL: "${OIDC_URL}"
|
OIDC_URL: "${OIDC_URL}"
|
||||||
OIDC_REALM: "${OIDC_REALM}"
|
|
||||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
||||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
||||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||||
|
|||||||
5
ccp/vars
5
ccp/vars
@ -12,10 +12,7 @@ OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
|
|||||||
OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
|
OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
|
||||||
OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
|
OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
|
||||||
OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
|
OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
|
||||||
# Use "test-realm-01" for testing
|
OIDC_URL="https://login.verbis.dkfz.de/realms/test-realm-01"
|
||||||
OIDC_REALM="${OIDC_REALM:-master}"
|
|
||||||
OIDC_URL="https://login.verbis.dkfz.de"
|
|
||||||
OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
|
|
||||||
OIDC_GROUP_CLAIM="groups"
|
OIDC_GROUP_CLAIM="groups"
|
||||||
|
|
||||||
POSTGRES_TAG=15.6-alpine
|
POSTGRES_TAG=15.6-alpine
|
||||||
|
|||||||
@ -33,7 +33,6 @@ services:
|
|||||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
||||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
||||||
OIDC_URL: "${OIDC_URL}"
|
OIDC_URL: "${OIDC_URL}"
|
||||||
OIDC_REALM: "${OIDC_REALM}"
|
|
||||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
||||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
||||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||||
|
|||||||
Reference in New Issue
Block a user