Remove OIDC configuration in BBMRI

2025-06-16 09:10:15 +02:00 · 2025-05-27 17:35:26 +02:00
parent 7c5bbefe74
commit dd37863b8b
8 changed files with 6 additions and 25 deletions
--- a/bbmri/modules/teiler-compose.yml
+++ b/bbmri/modules/teiler-compose.yml
@ -33,7 +33,6 @@ services:
      TEILER_BACKEND_URL: "https://${HOST}/bbmri-teiler-backend"
      TEILER_DASHBOARD_URL: "https://${HOST}/bbmri-teiler-dashboard"
      OIDC_URL: "${OIDC_URL}"
-      OIDC_REALM: "${OIDC_REALM}"
      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
--- a/bbmri/vars
+++ b/bbmri/vars
@ -13,18 +13,6 @@ echo $PRIVATEKEYFILENAME

 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}

-
-# TODO: Adapt Teiler to work without exporter. Then, remove the following OIDC configuration:
-OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
-OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
-OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
-OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
-# Use "test-realm-01" for testing
-OIDC_REALM="${OIDC_REALM:-master}"
-OIDC_URL="https://login.verbis.dkfz.de"
-OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
-OIDC_GROUP_CLAIM="groups"
-
 POSTGRES_TAG=15.6-alpine

 for module in $PROJECT/modules/*.sh
--- a/ccp/modules/datashield-compose.yml
+++ b/ccp/modules/datashield-compose.yml
@ -22,7 +22,7 @@ services:

  opal:
    container_name: bridgehead-opal
-    image: docker.verbis.dkfz.de/ccp/dktk-opal:latest
+    image: docker.verbis.dkfz.de/ccp/dktk-opal:test
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.opal_ccp.rule=PathPrefix(`/opal`)"
@ -45,7 +45,6 @@ services:
      OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
      OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
      OIDC_URL: "${OIDC_URL}"
-      OIDC_REALM: "${OIDC_REALM}"
      OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
      OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
      OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
@ -141,7 +140,7 @@ services:
      --client-id="${OIDC_PRIVATE_CLIENT_ID}"
      --client-secret="${OIDC_CLIENT_SECRET}"
      --redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
-      --oidc-issuer-url="${OIDC_ISSUER_URL}"
+      --oidc-issuer-url="${OIDC_URL}"
      --scope="openid email profile"
      --code-challenge-method="S256"
      --skip-provider-button=true
--- a/ccp/modules/mtba-compose.yml
+++ b/ccp/modules/mtba-compose.yml
@ -23,7 +23,6 @@ services:
      OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
      OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
      OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
-      OIDC_REALM: "${OIDC_REALM}"
      OIDC_URL: "${OIDC_URL}"

    labels:
--- a/ccp/modules/teiler-compose.yml
+++ b/ccp/modules/teiler-compose.yml
@ -19,7 +19,8 @@ services:
      HTTP_RELATIVE_PATH: "/ccp-teiler"

  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    #image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: samply/teiler-dashboard:develop
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
@ -33,7 +34,6 @@ services:
      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
      TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
      OIDC_URL: "${OIDC_URL}"
-      OIDC_REALM: "${OIDC_REALM}"
      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
--- a/ccp/vars
+++ b/ccp/vars
@ -12,10 +12,7 @@ OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
 OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
 OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
 OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
-# Use "test-realm-01" for testing
-OIDC_REALM="${OIDC_REALM:-master}"
-OIDC_URL="https://login.verbis.dkfz.de"
-OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
+OIDC_URL="https://sso.verbis.dkfz.de/application/o/${SITE_ID}/"
 OIDC_GROUP_CLAIM="groups"

 POSTGRES_TAG=15.6-alpine
--- a/kr/modules/teiler-compose.yml
+++ b/kr/modules/teiler-compose.yml
@ -33,7 +33,6 @@ services:
      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
      TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
      OIDC_URL: "${OIDC_URL}"
-      OIDC_REALM: "${OIDC_REALM}"
      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
--- a/lib/functions.sh
+++ b/lib/functions.sh
@ -328,7 +328,7 @@ function sync_secrets() {
        -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
        -e PROXY_ID=$proxy_id \
        -e BROKER_URL=$broker_url \
-        -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
+        -e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \
        -e SECRET_DEFINITIONS=$secret_sync_args \
        docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest