Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/merge develop and project manager connection #123

Merged
Merged
Show file tree
Hide file tree
Changes from 25 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
c3e5d1b
wip
MatsJohansen87 Dec 19, 2023
ec50f0b
feat(negotiate): add base64 query to request
MatsJohansen87 Dec 21, 2023
7a12896
feat: WIP - project manager connection
torbrenner Jan 16, 2024
51b1ed7
fix: make requests work
torbrenner Feb 28, 2024
2a4fe75
feature: send CQL to project manager
torbrenner Mar 19, 2024
1b0f87d
fix: get site from siteCollectionMap
torbrenner Mar 19, 2024
eccb36a
fix: send collectionId to project manager
torbrenner Mar 19, 2024
3e1e5ab
fix: send return url only with params if user defined criteria
torbrenner Mar 19, 2024
8c48e00
docs: added test environment
torbrenner Mar 28, 2024
28a92ec
docs: added test environment
torbrenner Mar 28, 2024
a8a815b
feat(env): set ports
MatsJohansen87 Apr 3, 2024
1052bdc
Merge branch 'feat/project-manager-connection' of https://github.com/…
MatsJohansen87 Apr 9, 2024
959fdb1
feat(environment): add environment variables to the project
MatsJohansen87 Apr 11, 2024
80f1a60
feat(project manager): add jump to project manager
MatsJohansen87 Apr 22, 2024
8dfd37b
feat(WIP: project manager): add refresh token support
MatsJohansen87 Apr 24, 2024
d558973
Merge branch 'develop' into feat/project-manager-connection
MatsJohansen87 Apr 25, 2024
e32ecba
feat(authentication wip): get refresh token
MatsJohansen87 Apr 30, 2024
39a4258
feat(wip authentication): refactor authentication
MatsJohansen87 Jun 5, 2024
e1e88d7
feat(wip negotiate): get auth from project manager
MatsJohansen87 Jun 18, 2024
3d77029
feat(wip negotiate): get correct tokens
MatsJohansen87 Aug 19, 2024
8fd8b3a
feat(auth): add proper token refreshing via forward proxy
MatsJohansen87 Aug 20, 2024
60a67e0
Merge branch 'feat/project-manager-connection' into feature/merge-dev…
MatsJohansen87 Sep 2, 2024
5275d03
feat(negotiate): add schema for options and move from demo to dev
MatsJohansen87 Sep 2, 2024
353533e
feat(catalogues): add staging catalogue
MatsJohansen87 Sep 4, 2024
02a3502
feat(negotiate): add config to change negotiation service
MatsJohansen87 Sep 5, 2024
945fb4c
fix(auth): remove negotiator authentiation from frontend code
MatsJohansen87 Sep 5, 2024
bfceafa
refactor: adjust deployment configuration
torbrenner Sep 6, 2024
7fdcc1a
refactor: add project-manager.env to gitignore
torbrenner Sep 6, 2024
56de19f
Merge pull request #125 from samply/review-project-manager-connection…
MatsJohansen87 Sep 6, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 28 additions & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ services:
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.exposedbydefault=false
# - --providers.file.directory=/conf/
- --accesslog=true
ports:
- "80:80"
Expand All @@ -27,6 +28,8 @@ services:
- OAUTH2_PROXY_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
- OAUTH2_PROXY_COOKIE_SECRET=${AUTHENTICATION_SECRET}
- OAUTH2_PROXY_COOKIE_DOMAINS=.${GUI_HOST}
- OAUTH2_PROXY_COOKIE_REFRESH=4m
- OAUTH2_PROXY_COOKIE_EXPIRE=24h
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
- OAUTH2_PROXY_REVERSE_PROXY=true
- OAUTH2_PROXY_WHITELIST_DOMAINS=.${GUI_HOST}
Expand Down Expand Up @@ -62,6 +65,7 @@ services:
ports:
- "8055:8055"
environment:
RUST_LOG: "debug,hyper=info"
HTTP_PROXY: ${http_proxy}
HTTPS_PROXY: ${https_proxy}
NO_PROXY: beam-proxy, prism
Expand All @@ -72,7 +76,7 @@ services:
CATALOGUE_URL: "${CATALOGUE_URL}"
BIND_ADDR: 0.0.0.0:8055
PRISM_URL: http://prism:8066
RUST_LOG: "info"
# RUST_LOG: "info"
LOG_FILE: /requests.log
volumes:
- ./requests.log:/requests.log
Expand Down Expand Up @@ -128,6 +132,29 @@ services:
- "traefik.http.middlewares.prism-stripprefix.stripprefix.prefixes=/prism"
- "traefik.http.routers.prism.middlewares=corsheaders,traefik-forward-auth,prism-stripprefix"

project-manager:
image: samply/project-manager:develop
ports:
- 8097:8097
# environment:
# OIDC_CLIENT_ID: ${PROJECT_MANAGER_OAUTH_CLIENT_ID}
# OIDC_CLIENT_SECRET: ${PROJECT_MANAGER_OAUTH_CLIENT_SECRET}
# OIDC_REALM: ${PROJECT_MANAGER_OAUTH_CLIENT_REALM}
# OIDC_URL: ${PROJECT_MANAGER_OAUTH_ISSUER_URL}
env_file:
- env/project-manager.env
volumes:
- "./templates:/templates"
- "./documents:/documents"
- "./public-documents:/public-documents"

project-manager-db:
image: postgres:alpine
environment:
POSTGRES_DB: dev
POSTGRES_USER: dev
POSTGRES_PASSWORD: dev

secrets:
proxy.pem:
# TODO: Key in BBMRI was directly stored in lens directory!
Expand Down
74 changes: 74 additions & 0 deletions env/project-manager.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
export APPLICATION_FORM_FILENAME="antrag_template.pdf"
export BEAM_PROJECT_MANAGER_ID=app4.proxy2.broker
export BEAM_URL=http://localhost:8082
export BK_ADMIN_GROUP_PREFIX="DKTK_CCP_"
export BK_ADMIN_GROUP_SUFFIX="_Verwalter"
export BK_USER_GROUP_PREFIX="DKTK_CCP_"
export BK_USER_GROUP_SUFFIX=""
export PROJECT_MANAGER_DB_PASSWORD="dev"
export PROJECT_MANAGER_DB_URL="jdbc:postgresql://project-manager-db:5432/dev"
export PROJECT_MANAGER_DB_USER="dev"



export BRIDGEHEADS_CONFIG_DRESDEN_EXPLORERID="dresden"
export BRIDGEHEADS_CONFIG_DRESDEN_FOCUSID="focus.dresden.ccp-it.dktk.dkfz.de"
export BRIDGEHEADS_CONFIG_DRESDEN_FILEDISPATCHERBEAMID=app3.proxy1.broker
export BRIDGEHEADS_CONFIG_DRESDEN_HUMANREADABLE="Dresden"

export BRIDGEHEADS_CONFIG_BERLIN_EXPLORERID="berlin"
export BRIDGEHEADS_CONFIG_BERLIN_FOCUSID="focus.berlin.ccp-it.dktk.dkfz.de"
export BRIDGEHEADS_CONFIG_BERLIN_FILEDISPATCHERBEAMID=app3.proxy1.broker
export BRIDGEHEADS_CONFIG_BERLIN_HUMANREADABLE="Berlin"

export BRIDGEHEADS_CONFIG_DRESDEN_TOKENMANAGERID="app2.proxy1.broker"
export CHECK_EXPIRED_ACTIVE_PROJECTS_CRON_EXPRESSION="30 * * * * *"
export CODER_BASE_URL="https://dev.samply.de"
export CODER_BEAM_ID_SUFFIX=proxy1.broker
export CODER_CREATE_PATH="/organizations/{CODER_ORGANISATION_ID}/members/{CODER_MEMBER_ID}/workspaces"
export CODER_CRON_EXPRESSION=15 * * * * *
export CODER_DELETE_PATH="/workspaces/{CODER_WORKSPACE_ID}/builds"
export CODER_MEMBER_ID="778c50a3-3162-4f15-a207-f550486754d2"
export CODER_ORGANISATION_ID="c91cb5c7-a1f3-4786-b8d5-ae0c84085d22"
export CODER_SESSION_TOKEN="Gfsyb6wgo6-oHCrpgvjEcABxMZYhmMTBa"
export CODER_TEMPLATE_VERSION_ID="b9abe45a-501b-4208-b411-6c9d7bc5a085"
export CODER_TEST_FILE_BEAM_ID=app4.proxy1.broker
export DATASHIELD_TEMPLATES="opal-ccp"
export EMAIL_TEMPLATES_CONFIG=ewogICJ0ZW1wbGF0ZXMiOiB7CiAgICAiTkVXX1BST0pFQ1QiOiB7CiAgICAgICJzdWJqZWN0IjogIk5ldyBwcm9qZWN0IiwKICAgICAgImZpbGVzIjogewogICAgICAgICJQUk9KRUNUX01BTkFHRVJfQURNSU4iOiAicHJvamVjdC1tYW5hZ2VyLWFkbWluLW5ldy1wcm9qZWN0Lmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiTkVXX1BST0pFQ1RfQUNDRVBURUQiOiB7CiAgICAgICJzdWJqZWN0IjogIlByb2plY3QgYWNjZXB0ZWQiLAogICAgICAiZmlsZXMiOiB7CiAgICAgICAgIkNSRUFUT1IiOiAiY3JlYXRvci1uZXctcHJvamVjdC1hY2NlcHRlZC5odG1sIiwKICAgICAgICAiQlJJREdFSEVBRF9BRE1JTiI6ICJicmlkZ2VoZWFkLWFkbWluLW5ldy1wcm9qZWN0LWFjY2VwdGVkLmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiTkVXX1ZPVFVNIjogewogICAgICAic3ViamVjdCI6ICJOZXcgdm90dW0gZm9yIHByb2plY3QiLAogICAgICAiZmlsZXMiOiB7CiAgICAgICAgIlBST0pFQ1RfTUFOQUdFUl9BRE1JTiI6ICJwcm9qZWN0LW1hbmFnZXItYWRtaW4tbmV3LXZvdHVtLmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiSU5WSVRBVElPTiI6IHsKICAgICAgInN1YmplY3QiOiAiQWNjZXNzIHRvIERhdGFTSElFTEQiLAogICAgICAiZmlsZXMiOiB7CiAgICAgICAgIkRFVkVMT1BFUiI6ICJkZXZlbG9wZXItaW52aXRhdGlvbi5odG1sIiwKICAgICAgICAiUElMT1QiOiAicGlsb3QtaW52aXRhdGlvbi5odG1sIiwKICAgICAgICAiRklOQUwiOiAiZmluYWwtZXhlY3V0aW9uLXVzZXItaW52aXRhdGlvbi5odG1sIgogICAgICB9CiAgICB9LAogICAgIlBST0pFQ1RfQlJJREdFSEVBRF9BQ0NFUFRFRCI6IHsKICAgICAgInN1YmplY3QiOiAiUHJvamVjdCBhY2NlcHRlZCBpbiBicmlkZ2VoZWFkIiwKICAgICAgImZpbGVzIjogewogICAgICAgICJQUk9KRUNUX01BTkFHRVJfQURNSU4iOiAicHJvamVjdC1tYW5hZ2VyLWFkbWluLXByb2plY3QtYnJpZGdlaGVhZC1hY2NlcHRlZC5odG1sIgogICAgICB9CiAgICB9LAogICAgIlBST0pFQ1RfQlJJREdFSEVBRF9SRUpFQ1RFRCI6IHsKICAgICAgInN1YmplY3QiOiAiUHJvamVjdCByZWplY3RlZCBpbiBicmlkZ2VoZWFkIiwKICAgICAgImZpbGVzIjogewogICAgICAgICJQUk9KRUNUX01BTkFHRVJfQURNSU4iOiAicHJvamVjdC1tYW5hZ2VyLWFkbWluLXByb2plY3QtYnJpZGdlaGVhZC1yZWplY3RlZC5odG1sIgogICAgICB9CiAgICB9LAogICAgIlJFUVVFU1RfVEVDSE5JQ0FMX0FQUFJPVkFMIjogewogICAgICAic3ViamVjdCI6ICJUZWNobmljYWwgYXBwcm92YWwgcmVxdWVzdGVkIiwKICAgICAgImZpbGVzIjogewogICAgICAgICJCUklER0VIRUFEX0FETUlOIjogImJyaWRnZWhlYWQtYWRtaW4tcmVxdWVzdC10ZWNobmljYWwtYXBwcm92YWwuaHRtbCIKICAgICAgfQogICAgfSwKICAgICJTQ1JJUFRfQUNDRVBURUQiOiB7CiAgICAgICJzdWJqZWN0IjogIlNjcmlwdCBhY2NlcHRlZCIsCiAgICAgICJmaWxlcyI6IHsKICAgICAgICAiREVGQVVMVCI6ICJkZWZhdWx0LXNjcmlwdC1hY2NlcHRlZC5odG1sIgogICAgICB9CiAgICB9LAogICAgIlNDUklQVF9SRUpFQ1RFRCI6IHsKICAgICAgInN1YmplY3QiOiAiU2NyaXB0IHJlamVjdGVkIiwKICAgICAgImZpbGVzIjogewogICAgICAgICJERUZBVUxUIjogImRlZmF1bHQtc2NyaXB0LXJlamVjdGVkLmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiUkVRVUVTVF9DSEFOR0VTX0lOX1NDUklQVCI6IHsKICAgICAgInN1YmplY3QiOiAiQ2hhbmdlcyBpbiBzY3JpcHQgcmVxdWVzdGVkIiwKICAgICAgImZpbGVzIjogewogICAgICAgICJERUZBVUxUIjogImRlZmF1bHQtc2NyaXB0LWNoYW5nZXMtcmVxdWVzdGVkLmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiUkVTVUxUU19BQ0NFUFRFRCI6IHsKICAgICAgInN1YmplY3QiOiAiUmVzdWx0cyBhY2NlcHRlZCIsCiAgICAgICJmaWxlcyI6IHsKICAgICAgICAiREVGQVVMVCI6ICJkZWZhdWx0LXJlc3VsdHMtYWNjZXB0ZWQuaHRtbCIKICAgICAgfQogICAgfSwKICAgICJSRVNVTFRTX1JFSkVDVEVEIjogewogICAgICAic3ViamVjdCI6ICJSZXN1bHRzIHJlamVjdGVkIiwKICAgICAgImZpbGVzIjogewogICAgICAgICJERUZBVUxUIjogImRlZmF1bHQtcmVzdWx0cy1yZWplY3RlZC5odG1sIgogICAgICB9CiAgICB9LAogICAgIlJFUVVFU1RfQ0hBTkdFU19JTl9QUk9KRUNUIjogewogICAgICAic3ViamVjdCI6ICJDaGFuZ2VzIGluIHByb2plY3QgcmVxdWVzdGVkIiwKICAgICAgImZpbGVzIjogewogICAgICAgICJERUZBVUxUIjogImRlZmF1bHQtcmVzdWx0cy1jaGFuZ2VzLXJlcXVlc3RlZC5odG1sIgogICAgICB9CiAgICB9LAogICAgIkFOQUxZU0lTX0FDQ0VQVEVEIjogewogICAgICAic3ViamVjdCI6ICJBbmFseXNpcyBhY2NlcHRlZCIsCiAgICAgICJmaWxlcyI6IHsKICAgICAgICAiREVGQVVMVCI6ICJkZWZhdWx0LWFuYWx5c2lzLWFjY2VwdGVkLmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiQU5BTFlTSVNfUkVKRUNURUQiOiB7CiAgICAgICJzdWJqZWN0IjogIkFuYWx5c2lzIHJlamVjdGVkIiwKICAgICAgImZpbGVzIjogewogICAgICAgICJERUZBVUxUIjogImRlZmF1bHQtYW5hbHlzaXMtcmVqZWN0ZWQuaHRtbCIKICAgICAgfQogICAgfSwKICAgICJSRVFVRVNUX0NIQU5HRVNfSU5fUFJPSkVDVF9BTkFMWVNJUyI6IHsKICAgICAgInN1YmplY3QiOiAiQ2hhbmdlcyBpbiBwcm9qZWN0IGFuYWx5c2lzIHJlcXVlc3RlZCIsCiAgICAgICJmaWxlcyI6IHsKICAgICAgICAiREVGQVVMVCI6ICJkZWZhdWx0LWFuYWx5c2lzLWNoYW5nZXMtcmVxdWVzdGVkLmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiTkVXX1RPS0VOX0ZPUl9BVVRIRU5USUNBVElPTl9TQ1JJUFQiOiB7CiAgICAgICJzdWJqZWN0IjogIk5ldyBBdXRoZW50aWNhdGlvbiBTY3JpcHQgZm9yIERhdGFTSElFTEQiLAogICAgICAiZmlsZXMiOiB7CiAgICAgICAgIkRFRkFVTFQiOiAiZGVmYXVsdC1uZXctYXV0aGVudGljYXRpb24tc2NyaXB0Lmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiSU5WQUxJRF9BVVRIRU5USUNBVElPTl9TQ1JJUFQiOiB7CiAgICAgICJzdWJqZWN0IjogIlNvbWUgdG9rZW5zIG9mIEF1dGhlbnRpY2F0aW9uIFNjcmlwdCBubyBsb25nZXIgdmFsaWQgZm9yIERhdGFTSElFTEQiLAogICAgICAiZmlsZXMiOiB7CiAgICAgICAgIkRFRkFVTFQiOiAiZGVmYXVsdC1pbnZhbGlkLWF1dGhlbnRpY2F0aW9uLXNjcmlwdC5odG1sIgogICAgICB9CiAgICB9LAogICAgIkZJTklTSEVEX1BST0pFQ1QiOiB7CiAgICAgICJzdWJqZWN0IjogIlByb2plY3QgZmluaXNoZWQiLAogICAgICAiZmlsZXMiOiB7CiAgICAgICAgIkRFRkFVTFQiOiAiZGVmYXVsdC1wcm9qZWN0LWZpbmlzaGVkLmh0bWwiCiAgICAgIH0KICAgIH0sCiAgICAiTkVXX1BVQkxJQ0FUSU9OIjogewogICAgICAic3ViamVjdCI6ICJOZXcgcHVibGljYXRpb24iLAogICAgICAiZmlsZXMiOiB7CiAgICAgICAgIkRFRkFVTFQiOiAiZGVmYXVsdC1uZXctcHVibGljYXRpb24uaHRtbCIKICAgICAgfQogICAgfQogIH0KfQ==
export EMAIL_TEMPLATES_DIRECTORY="/templates"
export ENABLE_CODER="false"
export ENABLE_EMAILS="false"
export ENABLE_EXPORTER="false"
export ENABLE_RSTUDIO_GROUP_MANAGER="false"
export ENABLE_TOKEN_MANAGER="false"
export EXPLORER_REDIRECT_URI_PARAMETER="redirect_uri"
export EXPLORER_URL="https://localhost"
export EXPORT_TEMPLATES="ccp,ccp-exliquid"
export EXPORTER_API_KEY="App1Secret"
export EXPORTER_CRON_EXPRESSION="45 * * * * *"
export FRONTEND_BASEURL="http://localhost:8080"
export FRONTEND_PROJECT_CONFIG=ewogICJjb25maWciOiB7CiAgICAiQ0NQLURhdGFTSElFTEQiOiB7CiAgICAgICJmaWVsZFZhbHVlcyI6IHsKICAgICAgICAidHlwZSI6ICJEQVRBU0hJRUxEIiwKICAgICAgICAib3V0cHV0Rm9ybWF0IjogIk9QQUwiLAogICAgICAgICJ0ZW1wbGF0ZUlkIjogIm9wYWwtY2NwIgogICAgICB9CiAgICB9LAogICAgIkNDUC1FeHBvcnQiOiB7CiAgICAgICJmaWVsZFZhbHVlcyI6IHsKICAgICAgICAidHlwZSI6ICJFWFBPUlQiLAogICAgICAgICJvdXRwdXRGb3JtYXQiOiAiRVhDRUwiLAogICAgICAgICJ0ZW1wbGF0ZUlkIjogImNjcCIKICAgICAgfQogICAgfSwKICAgICJDQ1AtUmVzZWFyY2gtRW52aXJvbm1lbnQiOiB7CiAgICAgICJmaWVsZFZhbHVlcyI6IHsKICAgICAgICAidHlwZSI6ICJSRVNFQVJDSF9FTlZJUk9OTUVOVCIsCiAgICAgICAgIm91dHB1dEZvcm1hdCI6ICJDU1YiLAogICAgICAgICJ0ZW1wbGF0ZUlkIjogImNjcCIKICAgICAgfQogICAgfQogIH0KfQo=
export FRONTEND_SITES_PROJECT-DASHBOARD="/"
export FRONTEND_SITES_PROJECT-VIEW="/project-view"
export KEYCLOAK_RSTUDIO_GROUP="RSTUDIO"
export KEYCLOAK_RSTUDIO_GROUP_CLIENT_ID="project-manager"
export KEYCLOAK_RSTUDIO_GROUP_CLIENT_SECRET="FpROJnNUuNhSvICGtsWFb1Kn4MQkDTD7"
export LOG_LEVEL="INFO"
export MANAGE_TOKENS_CRON_EXPRESSION="0 * * * * *"
export OIDC_CLAIM_GROUPS="groups"
export OIDC_CLIENT_ID="bridgehead-test-private"
export OIDC_CLIENT_SECRET="mmDjwfaoLeTzdRUeGZRDEIaYXgY3zL6r"
export OIDC_REALM="test-realm-01"
export OIDC_URL="https://login.verbis.dkfz.de"
export PM_ADMIN_GROUPS="CCP_Office"
export PROJECT_DOCUMENTS_DIRECTORY="/documents"
export PROJECT_MANAGER_EMAIL_FROM="no-reply@project-manager.ccp.dkfz.de"
export PUBLIC_DOCUMENTS_DIRECTORY="/public-documents"
export RESEARCH_ENVIRONMENT_TEMPLATES=ccp,ccp-exliquid
export RSTUDIO_GROUP_IMPLEMENTATION="KEYCLOAK"
export SECURITY_ENABLED="true"
export SMTP_HOST="localhost"
export SMTP_PASSWORD=""
export SMTP_PORT="1025"
export SMTP_USER=""
export TOKEN_MANAGER_URL="http://localhost:3030"
6 changes: 6 additions & 0 deletions example.env
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ OAUTH_CLIENT_ID="your-oauth-client-id"
OAUTH_CLIENT_SECRET="your-oauth-client-id"
AUTHENTICATION_SECRET="insert-a-random-passphrase-here"

PROJECT_MANAGER_OAUTH_URL="your-url-for-project-manager-client"
PROJECT_MANAGER_OAUTH_REALM="your-realm-for-project-manager-client"
PROJECT_MANAGER_OAUTH_CLIENT_ID="your-id-for-project-manager-client"
PROJECT_MANAGER_OAUTH_CLIENT_SECRET="your-secret-for-project-manager-client"

PROJECT_PATH="/Users/e260admin/dkfz/projects/lens-svelte-web_components/lens-web-components"
ALLOWED_GROUPS="SPACE SEPARATED LIST OF GROUPS"

# URL to catalogue.json; this is given to Spot to hold the catalogue (with extended metadata) for Lens
Expand Down
Loading
Loading