Merge branch 'release/0.3.1'

Author: filippomc

applications/accounts/Docker-compose.yaml

@@ -39,6 +39,9 @@ spec:
         - name: config
           configMap:
             name: hub-config
+        - name: cloudharness-allvalues
+          configMap:
+            name: cloudharness-allvalues
         - name: secret
           secret:
             {{- if .Values.apps.jupyterhub.hub.existingSecret }}
@@ -114,6 +117,9 @@ spec:
               name: config
             - mountPath: /etc/jupyterhub/secret/
               name: secret
+            - name: cloudharness-allvalues
+              mountPath: /opt/cloudharness/resources/allvalues.yaml
+              subPath: allvalues.yaml
             {{- if .Values.apps.jupyterhub.hub.extraVolumeMounts }}
             {{- .Values.apps.jupyterhub.hub.extraVolumeMounts | toYaml | trimSuffix "\n" | nindent 12 }}
             {{- end }}

applications/jupyterhub/deploy/templates/hub/deployment.yaml

@@ -5,7 +5,7 @@
 from tornado import gen
 from traitlets import Bool
 from jupyterhub.utils import url_path_join
-from .utils import get_keycloak_data
+from cloudharness.auth import AuthClient
 
 class CloudHarnessAuthenticateHandler(BaseHandler):
     """
@@ -34,8 +34,8 @@ def get(self):
                 self.redirect('/hub/logout')
 
             accessToken = accessToken.value
-            keycloak_id, keycloak_data = get_keycloak_data(accessToken)
-            username = keycloak_id
+            user_data = AuthClient.decode_token(accessToken)
+            username = user_data['sub']
             raw_user = self.user_from_username(username)
             self.set_login_cookie(raw_user)
         user = yield gen.maybe_future(self.process_user(raw_user, self))

applications/jupyterhub/src/chauthenticator/chauthenticator/auth.py

@@ -1,5 +1,5 @@
 harness:
-  subdomain: errormonitor
+  subdomain: sentry
   secured: false
   service:
     auto: true

applications/jupyterhub/src/chauthenticator/chauthenticator/utils.py

@@ -12,15 +12,16 @@
     from cloudharness.utils.config import CloudharnessConfig as conf, ALLVALUES_PATH
     from cloudharness.applications import get_configuration
     accounts_app = get_configuration('accounts')
-    AUTH_REALM = env.get_auth_realm()
+    AUTH_REALM = conf.get_namespace()
     SERVER_URL = accounts_app.get_service_address() + '/auth/'
     if not os.environ.get('KUBERNETES_SERVICE_HOST', None):
         # running outside kubernetes
         SERVER_URL = accounts_app.get_public_address() + '/auth/'
     USER = accounts_app.admin['user']
     PASSWD = accounts_app.admin['pass']
 except:
-    log.error("Error on cloudharness configuration. Check that the values file %s your deployment.", ALLVALUES_PATH, exc_info=True)
+    log.error("Error on cloudharness configuration. Check that the values file %s your deployment.",
+              ALLVALUES_PATH, exc_info=True)
 
 
 def with_refreshtoken(func):
@@ -32,6 +33,7 @@ def wrapper(self, *args, **kwargs):
             return func(self, *args, **kwargs)
     return wrapper
 
+
 def decode_token(token):
     """
     Check and retrieve authentication information from custom bearer token.
@@ -51,17 +53,18 @@ def decode_token(token):
 
 
 class AuthClient():
-    __public_key=None
+    __public_key = None
 
     @staticmethod
     def _get_keycloak_user_id():
         bearer = request.headers.get('Authorization', None)
         current_app.logger.debug(f'Bearer: {bearer}')
         if not bearer or bearer == 'Bearer undefined':
             if current_app.config['ENV'] == 'development':
-                # when development and not using KeyCloak (no current user), 
+                # when development and not using KeyCloak (no current user),
                 # get id from X-Current-User-Id header
-                keycloak_user_id = request.headers.get("X-Current-User-Id", "-1")
+                keycloak_user_id = request.headers.get(
+                    "X-Current-User-Id", "-1")
             else:
                 keycloak_user_id = "-1"  # No authorization --> no user
         else:
@@ -98,7 +101,7 @@ def get_admin_client(self):
 
     def refresh_token(self):
         try:
-            self._admin_client.refresh_token() 
+            self._admin_client.refresh_token()
         except Exception as e:
             # reset the internal admin client to create a new one
             self._admin_client = None
@@ -107,10 +110,13 @@ def refresh_token(self):
     @classmethod
     def get_public_key(cls):
         if not cls.__public_key:
-            AUTH_PUBLIC_KEY_URL = os.path.join(SERVER_URL, "realms", AUTH_REALM)
+            AUTH_PUBLIC_KEY_URL = os.path.join(
+                SERVER_URL, "realms", AUTH_REALM)
 
-            KEY = json.loads(requests.get(AUTH_PUBLIC_KEY_URL, verify=False).text)['public_key']
-            cls.__public_key = b"-----BEGIN PUBLIC KEY-----\n" + str.encode(KEY) + b"\n-----END PUBLIC KEY-----"
+            KEY = json.loads(requests.get(AUTH_PUBLIC_KEY_URL,
+                                          verify=False).text)['public_key']
+            cls.__public_key = b"-----BEGIN PUBLIC KEY-----\n" + \
+                str.encode(KEY) + b"\n-----END PUBLIC KEY-----"
         return cls.__public_key
 
     @classmethod
@@ -126,8 +132,8 @@ def decode_token(cls, token):
         :rtype: dict | None
         """
 
-
-        decoded = jwt.decode(token, cls.get_public_key(), algorithms='RS256', audience='account')
+        decoded = jwt.decode(token, cls.get_public_key(),
+                             algorithms='RS256', audience='account')
         return decoded
 
     @with_refreshtoken
@@ -147,15 +153,15 @@ def get_client(self, client_name):
         return client
 
     @with_refreshtoken
-    def create_client(self, 
-                      client_name, 
+    def create_client(self,
+                      client_name,
                       protocol="openid-connect",
                       enabled=True,
                       public=True,
                       standard_flow_enabled=True,
                       direct_access_grants_enable=True,
                       redirect_uris=["*"],
-                      web_origins=["*","+"]):
+                      web_origins=["*", "+"]):
         """
         Creates a new KC client
 
@@ -170,7 +176,7 @@ def create_client(self,
         :return: True on success or exception
         """
         admin_client = self.get_admin_client()
-        x= admin_client.create_client({
+        x = admin_client.create_client({
             'id': client_name,
             'name': client_name,
             'protocol': protocol,
@@ -218,8 +224,10 @@ def get_group(self, group_id, with_members=False):
         if with_members:
             members = admin_client.get_group_members(group_id)
             for user in members:
-                user.update({'userGroups': admin_client.get_user_groups(user['id'])})
-                user.update({'realmRoles': admin_client.get_realm_roles_of_user(user['id'])})
+                user.update(
+                    {'userGroups': admin_client.get_user_groups(user['id'])})
+                user.update(
+                    {'realmRoles': admin_client.get_realm_roles_of_user(user['id'])})
             group.update({'members': members})
         return group
 
@@ -257,8 +265,10 @@ def get_users(self, query=None):
         admin_client = self.get_admin_client()
         users = []
         for user in admin_client.get_users(query=query):
-            user.update({'userGroups': admin_client.get_user_groups(user['id'])})
-            user.update({'realmRoles': admin_client.get_realm_roles_of_user(user['id'])})
+            user.update(
+                {'userGroups': admin_client.get_user_groups(user['id'])})
+            user.update(
+                {'realmRoles': admin_client.get_realm_roles_of_user(user['id'])})
             users.append(user)
         return users
 
@@ -280,7 +290,8 @@ def get_user(self, user_id):
         admin_client = self.get_admin_client()
         user = admin_client.get_user(user_id)
         user.update({'userGroups': admin_client.get_user_groups(user_id)})
-        user.update({'realmRoles': admin_client.get_realm_roles_of_user(user_id)})
+        user.update(
+            {'realmRoles': admin_client.get_realm_roles_of_user(user_id)})
         return user
 
     @with_refreshtoken
@@ -357,7 +368,8 @@ def user_has_client_role(self, user_id, client_name, role):
         :param role: Name of the role
         :return: (array RoleRepresentation)
         """
-        roles = [user_client_role for user_client_role in self.get_user_client_roles(user_id, client_name) if user_client_role['name'] == role]
+        roles = [user_client_role for user_client_role in self.get_user_client_roles(
+            user_id, client_name) if user_client_role['name'] == role]
         return roles != []
 
     def user_has_realm_role(self, user_id, role):
@@ -368,7 +380,8 @@ def user_has_realm_role(self, user_id, role):
         :param role: Name of the role
         :return: (array RoleRepresentation)
         """
-        roles = [user_realm_role for user_realm_role in self.get_user_realm_roles(user_id) if user_realm_role['name'] == role]
+        roles = [user_realm_role for user_realm_role in self.get_user_realm_roles(
+            user_id) if user_realm_role['name'] == role]
         return roles != []
 
     def current_user_has_client_role(self, client_name, role):

applications/sentry/deploy/values.yaml

@@ -21,10 +21,6 @@
 namespace = conf.get_namespace()
 
 
-
-
-
-
 # --- Api functions ---    `
 
 def get_api_client():
@@ -53,15 +49,13 @@ def create_namespace():
     api_instance = kubernetes.client.CoreV1Api(kubernetes.client.ApiClient(get_configuration()))
     body = kubernetes.client.V1Namespace(metadata=kubernetes.client.V1ObjectMeta(name=namespace))  # V1Namespace |
 
-
     try:
         api_response = api_instance.create_namespace(body)
     except Exception  as e:
         raise Exception(f"Error creating namespace: {namespace}") from e
 
 
-
-def get_objects(group = 'argoproj.io', plural='workflows', status=None, limit=10, continue_token=None, timeout_seconds=3):
+def get_objects(group='argoproj.io', plural='workflows', status=None, limit=10, continue_token=None, timeout_seconds=3):
     """https://github.com/kubernetes-client/python/blob/master/kubernetes/docs/CustomObjectsApi.md#list_namespaced_custom_object"""
     # Notice: field selector doesn't work though advertised, except fot metadata.name and metadata.namespace https://github.com/kubernetes/kubernetes/issues/51046
     # The filtering by phase can be obtained through labels: https://github.com/argoproj/argo/issues/496
@@ -77,38 +71,41 @@ def get_object(object_name):
     api_instance = kubernetes.client.CustomObjectsApi(kubernetes.client.ApiClient(configuration))
     return api_instance.get_namespaced_custom_object(group, version, namespace, plural, object_name)
 
-def get_pod_logs(pod_name, namespace=namespace):
 
+def get_pod_logs(pod_name, namespace=namespace):
     try:
         return api_instance.read_namespaced_pod_log(name=pod_name, namespace=namespace, container="main")
     except kubernetes.client.rest.ApiException as e:
         if e.status == 400:
             return f"Pod {pod_name} has not emitted logs yet..."
         raise Exception(e.status) from e
 
-def get_pod(pod_name, namespace=namespace):
 
+def get_pod(pod_name, namespace=namespace):
     try:
         return api_instance.read_namespaced_pod(name=pod_name, namespace=namespace)
     except kubernetes.client.rest.ApiException as e:
         if 404 == e.status:
             raise Exception(f"Pod {pod_name} not found")
         raise Exception(e.status) from e
 
+
 def get_pods(namespace=namespace):
     try:
-        return api_instance.list_namespaced_pod( namespace=namespace)
+        return api_instance.list_namespaced_pod(namespace=namespace)
     except kubernetes.client.rest.ApiException as e:
         raise Exception("Error retrieving pods") from e
 
+
 def get_deployments(namespace=namespace):
     api_instance = kubernetes.client.AppsV1Api(kubernetes.client.ApiClient(get_configuration()))
     try:
-        return api_instance.list_namespaced_deployment( namespace=namespace)
+        return api_instance.list_namespaced_deployment(namespace=namespace)
     except kubernetes.client.rest.ApiException as e:
         raise Exception("Error retrieving deployments") from e
 
+
 if __name__ == '__main__':
     from pprint import pprint
 
-    pprint(get_objects())
+    pprint(get_objects())