From 9b946f6b90afcb083556aa9549980c6f9afc4081 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= Date: Fri, 15 Dec 2023 17:21:37 +0100 Subject: [PATCH 1/4] public url renaming --- seacatauth/__init__.py | 4 ++-- seacatauth/app.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/seacatauth/__init__.py b/seacatauth/__init__.py index 4714b5bb..1025f4db 100644 --- a/seacatauth/__init__.py +++ b/seacatauth/__init__.py @@ -12,11 +12,11 @@ # URL prefix of public Seacat Auth API # The URL can be either absolute, or relative to the "public_url" above. - "public_seacat_auth_api_prefix": "api/seacat-auth/", + "public_seacat_auth_base_url": "api/seacat-auth/", # URL prefix of public OpenID Connect API # The URL can be either absolute, or relative to the "public_url" above. - "public_openidconnect_api_prefix": "api/", + "public_openidconnect_base_url": "api/", # Auth web UI base URL lets the app know where the auth web UI is served to the public. # It is used for building login and password reset URIs. diff --git a/seacatauth/app.py b/seacatauth/app.py index 6049202f..8b560461 100644 --- a/seacatauth/app.py +++ b/seacatauth/app.py @@ -359,7 +359,7 @@ def _prepare_public_urls(self): # Canonically, this is "${PUBLIC_SERVER_URL}/api/seacat-auth/", # yielding for example "https://example.com/api/seacat-auth/public/features" self.PublicSeacatAuthApiUrl = asab.Config.get( - "general", "public_seacat_auth_api_prefix").rstrip("/") + "/" + "general", "public_seacat_auth_base_url").rstrip("/") + "/" if not ( self.PublicSeacatAuthApiUrl.startswith("https://") or self.PublicSeacatAuthApiUrl.startswith("http://") @@ -371,7 +371,7 @@ def _prepare_public_urls(self): # Canonically, this is "${PUBLIC_SERVER_URL}/api/openidconnect/", # yielding for example "https://example.com/api/openidconnect/authorize" self.PublicOpenIdConnectApiUrl = asab.Config.get( - "general", "public_openidconnect_api_prefix").rstrip("/") + "/" + "general", "public_openidconnect_base_url").rstrip("/") + "/" if not ( self.PublicOpenIdConnectApiUrl.startswith("https://") or self.PublicOpenIdConnectApiUrl.startswith("http://") From 8f7df01f37cc43bfa304741fae45e4b027fe347f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= Date: Fri, 15 Dec 2023 18:40:59 +0100 Subject: [PATCH 2/4] public_api_base_url is not supported, because it breaks anyway --- seacatauth/app.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/seacatauth/app.py b/seacatauth/app.py index 8b560461..e5155d3c 100644 --- a/seacatauth/app.py +++ b/seacatauth/app.py @@ -325,16 +325,15 @@ def create_argument_parser( def _prepare_public_urls(self): self.PublicUrl = asab.Config.get("general", "public_url") if not self.PublicUrl: - # Check deprecated option (backward compatibility) + # Check obsoleted option public_api_base_url = asab.Config.get("general", "public_api_base_url", fallback=None) if public_api_base_url: - asab.LogObsolete.warning( - "Config option 'public_api_base_url' in the 'general' section is deprecated. " + raise ValueError( + "Config option 'public_api_base_url' in the 'general' section is obsoleted. " "Please use the 'PUBLIC_URL' environment variable " - "or the 'public_url' option in the 'general' config section.", - struct_data={"eol": "2024-05-31"} + "or the 'public_url' option in the 'general' config section. " + "See https://github.com/TeskaLabs/seacat-auth/pull/330 for details." ) - self.PublicUrl = public_api_base_url if not self.PublicUrl: # Try to load config from env variable env_public_url = os.getenv("PUBLIC_URL") From 6ac955985d658cd4728568fb887435cb50ba2579 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= Date: Fri, 15 Dec 2023 18:41:13 +0100 Subject: [PATCH 3/4] update example configuration --- example/docker/nginx-conf/nginx.conf | 12 ++++++++++++ example/docker/seacatauth-conf/seacatauth.conf | 3 +-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/example/docker/nginx-conf/nginx.conf b/example/docker/nginx-conf/nginx.conf index cfcb275d..54998a8f 100644 --- a/example/docker/nginx-conf/nginx.conf +++ b/example/docker/nginx-conf/nginx.conf @@ -47,6 +47,18 @@ server { } + ###################### + # SeaCat Auth API + location /api/seacat-auth/ { + rewrite ^/api/seacat-auth/(.*) /$1 break; + proxy_pass http://seacat_public_api; + } + + location /api/openidconnect { + rewrite ^/api/(.*) /$1 break; + proxy_pass http://seacat_public_api; + } + ##################### # SeaCat Auth WebUI location /auth { diff --git a/example/docker/seacatauth-conf/seacatauth.conf b/example/docker/seacatauth-conf/seacatauth.conf index 5a90ff51..1ccc1e14 100644 --- a/example/docker/seacatauth-conf/seacatauth.conf +++ b/example/docker/seacatauth-conf/seacatauth.conf @@ -1,6 +1,5 @@ [general] -public_api_base_url=http://localhost/auth/api -auth_webui_base_url=http://localhost/auth +public_url=http://localhost [asab:storage] type=mongodb From 39676df4efbbd3838fc26a130fe997e549fde5a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= Date: Fri, 15 Dec 2023 18:41:21 +0100 Subject: [PATCH 4/4] update CHANGELOG.md --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e47f7780..2f2dec08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,11 +13,12 @@ - Batman for Kibana now also requires `kibana_url` (#281, `v23.47-alpha`) - Batman does no longer create Seacat resources from all Kibana roles (#281, `v23.47-alpha`) - Config section 'batman:elk' renamed to 'batman:kibana' (#281, `v23.47-alpha`) +- Public URL config changed (#328, #330, `v23.47-alpha4`) ### Features - Kibana spaces and roles are now synchronized with Seacat tenants (#281, `v23.47-alpha`) - Batman configuration for Kibana can be also loaded from the `[elasticsearch]` section, in addition to the `[batman:kibana]` section (#326, `v23.47-alpha4`) -- Public URL config now requires only one option in canonical deployments (#328, `v23.47-alpha4`) +- Public URL config now requires only one option in canonical deployments (#328, #330, `v23.47-alpha4`) ### Refactoring - Separate login factors in session object (#325, `v23.47-alpha3`)