Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(keycloak authentication) #4162

Open
wants to merge 53 commits into
base: master
Choose a base branch
from
Open

feat(keycloak authentication) #4162

wants to merge 53 commits into from

Conversation

ChrOertlin
Copy link
Contributor

@ChrOertlin ChrOertlin commented Jan 28, 2025
edited
Loading

Description

Implements keycloak as authirsation and verification provider for CG

Added

  • AuthenticationService
    Handles logic pertaining to authentication and token verification of users

  • UserService
    handles fetching of users from the database - introduced to reduce coupling of database to endpoints

  • New endpoints:
    auth/login
    auth/callback
    auth/logout

  • New config settings in the Flask AppConfig to initiate the authentication service

Changed

  • Moved app.route("/") to its own blueprint to cleanup the _register_blueprint() function. Increased code clarity

  • Removed google oauth flow from front end

Fixed

closes: #4159

How to prepare for test

  • Ssh to relevant server (depending on type of change)
  • Use stage: us
  • Paxa the environment: paxa
  • Install on stage (example for Hasta): 
    bash /home/proj/production/servers/resources/hasta.scilifelab.se/update-tool-stage.sh -e S_cg -t cg -b [THIS-BRANCH-NAME] -a

How to test

  • Do ...

Expected test outcome

  • Check that ...
  • Take a screenshot and attach or copy/paste the output.

Review

  • Tests executed by
  • "Merge and deploy" approved by
    Thanks for filling in who performed the code review and the test!

This version is a

  • MAJOR - when you make incompatible API changes
  • MINOR - when you add functionality in a backwards compatible manner
  • PATCH - when you make backwards compatible bug fixes or documentation/instructions

Implementation Plan

  • Document in ...
  • Deploy this branch on ...
  • Inform to ...

ChrOertlin and others added 20 commits February 6, 2025 12:55
@ChrOertlin
refactor: create user service for user operations
b613bed
@ChrOertlin
feat: register user service in flask app
43f4a12
@ChrOertlin
revert: introduction of authenticated user model
fddb478
@ChrOertlin
feat: redirect login button to new flow
9253efd
@ChrOertlin
chore: add redirect to appconfig
96cea98
@ChrOertlin
fix: unused import
3cffc98
@ChrOertlin
feat: working prototype
6f8404b
@ChrOertlin
chore: merge master
86b6466
@ChrOertlin
chore: test pass
90eaf4b
@ChrOertlin
chore: remove google from invoices
8f4d75a
@ChrOertlin
chore: various improvements
202ca6d
@ChrOertlin
chore: linting
d702276
@ChrOertlin
feat: init from config
5527ea0
@ChrOertlin
Merge branch 'master' into feat-keycloak
d352cc6
@ChrOertlin
chore: merge
8de7bb5
@ChrOertlin
Merge branch 'master' into feat-keycloak
bbb6cbd
@ChrOertlin
Merge branch 'feat-keycloak' of https://github.com/Clinical-Genomics/cg
cd0a2ba 
… into feat-keycloak
@ChrOertlin
chore:changes
4d6995f
@ChrOertlin
feat: add user role check
589ea5d
@ChrOertlin
feat: fix admin view
729cde3
ChrOertlin
ChrOertlin commented Mar 5, 2025
View reviewed changes
@ChrOertlin ChrOertlin marked this pull request as ready for review March 6, 2025 09:58
@ChrOertlin ChrOertlin requested a review from a team as a code owner March 6, 2025 09:58
ChrOertlin
ChrOertlin commented Mar 6, 2025
View reviewed changes
cg/server/endpoints/authentication/authentication.py
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These endpoints will handle the talk with keycloak

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

ChrOertlin
ChrOertlin commented Mar 10, 2025
View reviewed changes
cg/apps/tb/api.py
def __init__(self, config: dict):
self.service_account = config["trailblazer"]["service_account"]
self.service_account_auth_file = config["trailblazer"]["service_account_auth_file"]
def __init__(self, config: dict, keycloak_client: KeycloakClient):
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this part needs to be tested on hasta-stage with the cli commands.

@ChrOertlin ChrOertlin mentioned this pull request Mar 11, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enable keycloak authentication in CG
2 participants
@ChrOertlin @ahdamin