Merge pull request #330 from TeskaLabs/fix/public-url-config

Post-fix: Unify public URL config
TeskaLabs · Dec 18, 2023 · 6d93904 · 6d93904
2 parents 5e0f849 + 39676df
commit 6d93904
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,11 +13,12 @@
 - Batman for Kibana now also requires `kibana_url` (#281, `v23.47-alpha`)
 - Batman does no longer create Seacat resources from all Kibana roles (#281, `v23.47-alpha`)
 - Config section 'batman:elk' renamed to 'batman:kibana' (#281, `v23.47-alpha`)
+- Public URL config changed (#328, #330, `v23.47-alpha4`)
 
 ### Features
 - Kibana spaces and roles are now synchronized with Seacat tenants (#281, `v23.47-alpha`)
 - Batman configuration for Kibana can be also loaded from the `[elasticsearch]` section, in addition to the `[batman:kibana]` section (#326, `v23.47-alpha4`)
-- Public URL config now requires only one option in canonical deployments (#328, `v23.47-alpha4`)
+- Public URL config now requires only one option in canonical deployments (#328, #330, `v23.47-alpha4`)
 
 ### Refactoring
 - Separate login factors in session object (#325, `v23.47-alpha3`)

diff --git a/example/docker/nginx-conf/nginx.conf b/example/docker/nginx-conf/nginx.conf
@@ -47,6 +47,18 @@ server {
     }
 
 
+    ######################
+    # SeaCat Auth API
+    location /api/seacat-auth/ {
+        rewrite ^/api/seacat-auth/(.*) /$1 break;
+        proxy_pass http://seacat_public_api;
+    }
+
+    location /api/openidconnect {
+        rewrite ^/api/(.*) /$1 break;
+        proxy_pass http://seacat_public_api;
+    }
+
     #####################
     # SeaCat Auth WebUI
     location /auth {

diff --git a/example/docker/seacatauth-conf/seacatauth.conf b/example/docker/seacatauth-conf/seacatauth.conf
@@ -1,6 +1,5 @@
 [general]
-public_api_base_url=http://localhost/auth/api
-auth_webui_base_url=http://localhost/auth
+public_url=http://localhost
 
 [asab:storage]
 type=mongodb

diff --git a/seacatauth/__init__.py b/seacatauth/__init__.py
@@ -12,11 +12,11 @@
 
 		# URL prefix of public Seacat Auth API
 		# The URL can be either absolute, or relative to the "public_url" above.
-		"public_seacat_auth_api_prefix": "api/seacat-auth/",
+		"public_seacat_auth_base_url": "api/seacat-auth/",
 
 		# URL prefix of public OpenID Connect API
 		# The URL can be either absolute, or relative to the "public_url" above.
-		"public_openidconnect_api_prefix": "api/",
+		"public_openidconnect_base_url": "api/",
 
 		# Auth web UI base URL lets the app know where the auth web UI is served to the public.
 		# It is used for building login and password reset URIs.

diff --git a/seacatauth/app.py b/seacatauth/app.py
@@ -325,16 +325,15 @@ def create_argument_parser(
 	def _prepare_public_urls(self):
 		self.PublicUrl = asab.Config.get("general", "public_url")
 		if not self.PublicUrl:
-			# Check deprecated option (backward compatibility)
+			# Check obsoleted option
 			public_api_base_url = asab.Config.get("general", "public_api_base_url", fallback=None)
 			if public_api_base_url:
-				asab.LogObsolete.warning(
-					"Config option 'public_api_base_url' in the 'general' section is deprecated. "
+				raise ValueError(
+					"Config option 'public_api_base_url' in the 'general' section is obsoleted. "
 					"Please use the 'PUBLIC_URL' environment variable "
-					"or the 'public_url' option in the 'general' config section.",
-					struct_data={"eol": "2024-05-31"}
+					"or the 'public_url' option in the 'general' config section. "
+					"See https://github.com/TeskaLabs/seacat-auth/pull/330 for details."
 				)
-				self.PublicUrl = public_api_base_url
 		if not self.PublicUrl:
 			# Try to load config from env variable
 			env_public_url = os.getenv("PUBLIC_URL")
@@ -359,7 +358,7 @@ def _prepare_public_urls(self):
 		#   Canonically, this is "${PUBLIC_SERVER_URL}/api/seacat-auth/",
 		#   yielding for example "https://example.com/api/seacat-auth/public/features"
 		self.PublicSeacatAuthApiUrl = asab.Config.get(
-			"general", "public_seacat_auth_api_prefix").rstrip("/") + "/"
+			"general", "public_seacat_auth_base_url").rstrip("/") + "/"
 		if not (
 			self.PublicSeacatAuthApiUrl.startswith("https://")
 			or self.PublicSeacatAuthApiUrl.startswith("http://")
@@ -371,7 +370,7 @@ def _prepare_public_urls(self):
 		#   Canonically, this is "${PUBLIC_SERVER_URL}/api/openidconnect/",
 		#   yielding for example "https://example.com/api/openidconnect/authorize"
 		self.PublicOpenIdConnectApiUrl = asab.Config.get(
-			"general", "public_openidconnect_api_prefix").rstrip("/") + "/"
+			"general", "public_openidconnect_base_url").rstrip("/") + "/"
 		if not (
 			self.PublicOpenIdConnectApiUrl.startswith("https://")
 			or self.PublicOpenIdConnectApiUrl.startswith("http://")