Merge pull request #41 from fdelavega/feature/keycloak-support

Add support to Keycloak plugin

Author: aarranz

1.3/Dockerfile

@@ -21,7 +21,7 @@ COPY ./docker-entrypoint.sh /
 COPY ./manage.py /usr/local/bin/
 
 RUN adduser --system --group --shell /bin/bash wirecloud && \
-    pip install --no-cache-dir channels asgi_ipc asgi_redis asgi_rabbitmq && \
+    pip install --no-cache-dir channels asgi_ipc asgi_redis asgi_rabbitmq wirecloud_keycloak && \
     mkdir -p /opt/wirecloud_instance /var/www/static && \
     cd /opt && \
     wirecloud-admin startproject wirecloud_instance wirecloud_instance && \

1.3/docker-compose.yml

@@ -53,10 +53,17 @@ services:
             - FORWARDED_ALLOW_IPS=*
             - ELASTICSEARCH2_URL=http://elasticsearch:9200/
             - MEMCACHED_LOCATION=memcached:11211
-            # Uncomment the following environment variables to enable IDM integration
+            # Uncomment the following environment variables to enable FIWARE IDM integration
             #- FIWARE_IDM_SERVER=${FIWARE_IDM_SERVER}
             #- SOCIAL_AUTH_FIWARE_KEY=${SOCIAL_AUTH_FIWARE_KEY}
             #- SOCIAL_AUTH_FIWARE_SECRET=${SOCIAL_AUTH_FIWARE_SECRET}
+            # Uncomment the following environment variables to enable Keycloak IDM Integration
+            #- KEYCLOAK_IDM_SERVER=${KEYCLOAK_IDM_SERVER}
+            #- KEYCLOAK_REALM=${KEYCLOAK_REALM}
+            #- KEYCLOAK_KEY=${KEYCLOAK_KEY}
+            #- KEYCLOAK_GLOBAL_ROLE=${KEYCLOAK_GLOBAL_ROLE}
+            #- SOCIAL_AUTH_KEYCLOAK_KEY=${SOCIAL_AUTH_KEYCLOAK_KEY}
+            #- SOCIAL_AUTH_KEYCLOAK_SECRET=${SOCIAL_AUTH_KEYCLOAK_SECRET}
         volumes:
             - ./wirecloud-data:/opt/wirecloud_instance/data
             - ./wirecloud-static:/var/www/static

1.3/settings.py

@@ -126,19 +126,53 @@
 # Python dotted path to the WSGI application used by Django's runserver.
 WSGI_APPLICATION = 'wirecloud_instance.wsgi.application'
 
-# FIWARE IdM configuration
-FIWARE_IDM_SERVER = os.environ.get('FIWARE_IDM_SERVER', '').strip()
-FIWARE_IDM_PUBLIC_URL = os.environ.get('FIWARE_IDM_PUBLIC_URL', FIWARE_IDM_SERVER).strip()
-SOCIAL_AUTH_FIWARE_KEY = os.environ.get('SOCIAL_AUTH_FIWARE_KEY', '').strip()
-SOCIAL_AUTH_FIWARE_SECRET = os.environ.get('SOCIAL_AUTH_FIWARE_SECRET', '').strip()
-IDM_AUTH_ENABLED = FIWARE_IDM_SERVER and SOCIAL_AUTH_FIWARE_KEY and SOCIAL_AUTH_FIWARE_SECRET
-
-if IDM_AUTH_ENABLED:
+
+# Handle some basic settings
+
+## String settings
+STRING_SETTINGS = (
+    "FIWARE_IDM_SERVER",
+    "FIWARE_IDM_PUBLIC_URL",
+    "SOCIAL_AUTH_FIWARE_KEY",
+    "SOCIAL_AUTH_FIWARE_SECRET",
+    "KEYCLOAK_SERVER",
+    "KEYCLOAK_REALM",
+    "KEYCLOAK_KEY",
+    "SOCIAL_AUTH_KEYCLOAK_KEY",
+    "SOCIAL_AUTH_KEYCLOAK_SECRET",
+)
+for setting in STRING_SETTINGS:
+    value = os.environ.get(setting, "").strip()
+    if value != "":
+        locals()[setting] = value
+
+## Boolean settings
+BOOLEAN_SETTINGS = (
+    "KEYCLOAK_GLOBAL_ROLE",
+)
+for setting in BOOLEAN_SETTINGS:
+    value = os.environ.get(setting, "").strip()
+    if value != "":
+        locals()[setting] = value.lower() == "true"
+
+
+# FIWARE & Keycloak configuration
+IDM_AUTH = 'fiware' if "FIWARE_IDM_SERVER" in locals() and "SOCIAL_AUTH_FIWARE_KEY" in locals() and "SOCIAL_AUTH_FIWARE_SECRET" in locals() else None
+IDM_AUTH = 'keycloak' if "KEYCLOAK_IDM_SERVER" in locals() and "KEYCLOAK_REALM" in locals() and "KEYCLOAK_KEY" in locals() and "SOCIAL_AUTH_KEYCLOAK_KEY" in locals() and "SOCIAL_AUTH_KEYCLOAK_SECRET" in locals() else IDM_AUTH
+
+if IDM_AUTH == 'fiware':
     INSTALLED_APPS += (
         'wirecloud.fiware',
         'social_django',
         'haystack',
     )
+elif IDM_AUTH == 'keycloak':
+    INSTALLED_APPS += (
+        'wirecloud.fiware',
+        'wirecloud.keycloak',
+        'social_django',
+        'haystack',
+    )
 else:
     INSTALLED_APPS += (
         'wirecloud.oauth2provider',
@@ -192,10 +226,14 @@
 USE_X_FORWARDED_PORT = True
 
 # Auth configuration
-if IDM_AUTH_ENABLED:
+if IDM_AUTH == 'fiware':
     AUTHENTICATION_BACKENDS = (
         'wirecloud.fiware.social_auth_backend.FIWAREOAuth2',
     )
+elif IDM_AUTH == 'keycloak':
+    AUTHENTICATION_BACKENDS = (
+        'wirecloud.keycloak.social_auth_backend.KeycloakOAuth2',
+    )
 else:
     AUTHENTICATION_BACKENDS = (
         'django.contrib.auth.backends.ModelBackend',

1.3/urls.py

@@ -8,10 +8,18 @@
 
 from wirecloud.commons import authentication as wc_auth
 from wirecloud.fiware import views as wc_fiware
+from wirecloud.keycloak import views as wc_keycloak
 import wirecloud.platform.urls
 
 admin.autodiscover()
 
+login_method = django_auth.login
+if settings.IDM_AUTH == 'fiware':
+    login_method = wc_fiware.login
+
+if settings.IDM_AUTH == 'keycloak':
+    login_method = wc_keycloak.login
+
 urlpatterns = (
 
     # Catalogue
@@ -21,15 +29,15 @@
     url(r'^cdp/', include('wirecloud.proxy.urls')),
 
     # Login/logout
-    url(r'^login/?$', wc_fiware.login if settings.IDM_AUTH_ENABLED else django_auth.login, name="login"),
+    url(r'^login/?$', login_method, name="login"),
     url(r'^logout/?$', wc_auth.logout, name="logout"),
     url(r'^admin/logout/?$', wc_auth.logout),
 
     # Admin interface
     url(r'^admin/', include(admin.site.urls)),
 )
 
-if settings.IDM_AUTH_ENABLED:
+if settings.IDM_AUTH is not None:
     urlpatterns += (url('', include('social_django.urls', namespace='social')),)
 
 urlpatterns += wirecloud.platform.urls.urlpatterns

README.md

@@ -58,6 +58,15 @@ The following environment variables are also honored for configuring your WireCl
     the browser to the IdM portal)
 - `-e SOCIAL_AUTH_FIWARE_KEY=...` (defaults to nothing)
 - `-e SOCIAL_AUTH_FIWARE_SECRET=...` (defaults to nothing)
+- `-e KEYCLOAK_IDM_SERVER=...` (defaults to nothing, leave it empty for
+    authenticating users using the credentials stored on the WireCloud
+    database.)
+- `-e KEYCLOAK_REALM=...` (default to nothing, realm to use for connecting with
+   keycloak)
+- `-e KEYCLOAK_KEY=...` (default to nothing)
+- `-e KEYCLOAK_GLOBAL_ROLE=...` (default to "False")
+- `-e SOCIAL_AUTH_KEYCLOAK_KEY=...` (defaults to nothing)
+- `-e SOCIAL_AUTH_KEYCLOAK_SECRET=...` (defaults to nothing)
 
 When running WireCloud with TLS behind a reverse proxy such as Apache/NGINX
 which is responsible for doing TLS termination, be sure to set

dev/.gitignore

@@ -1,4 +1,4 @@
 /elasticsearch-data/
 /postgres-data/
-/wirecloud-instance/
+/wirecloud-data/
 /wirecloud-static/

dev/Dockerfile

@@ -42,6 +42,7 @@ COPY ./manage.py /usr/local/bin/
 
 RUN adduser --system --group --shell /bin/bash wirecloud && \
     pip install --no-cache-dir channels asgi_ipc asgi_redis asgi_rabbitmq && \
+    pip install wirecloud-keycloak && \
     mkdir -p /opt/wirecloud_instance /var/www/static && \
     cd /opt && \
     wirecloud-admin startproject wirecloud_instance wirecloud_instance && \

dev/docker-compose.yml

@@ -53,10 +53,17 @@ services:
             - FORWARDED_ALLOW_IPS=*
             - ELASTICSEARCH2_URL=http://elasticsearch:9200/
             - MEMCACHED_LOCATION=memcached:11211
-            # Uncomment the following environment variables to enable IDM integration
+            # Uncomment the following environment variables to enable FIWARE IDM integration
             #- FIWARE_IDM_SERVER=${FIWARE_IDM_SERVER}
             #- SOCIAL_AUTH_FIWARE_KEY=${SOCIAL_AUTH_FIWARE_KEY}
             #- SOCIAL_AUTH_FIWARE_SECRET=${SOCIAL_AUTH_FIWARE_SECRET}
+            # Uncomment the following environment variables to enable Keycloak IDM Integration
+            #- KEYCLOAK_IDM_SERVER=${KEYCLOAK_IDM_SERVER}
+            #- KEYCLOAK_REALM=${KEYCLOAK_REALM}
+            #- KEYCLOAK_KEY=${KEYCLOAK_KEY}
+            #- KEYCLOAK_GLOBAL_ROLE=${KEYCLOAK_GLOBAL_ROLE}
+            #- SOCIAL_AUTH_KEYCLOAK_KEY=${SOCIAL_AUTH_KEYCLOAK_KEY}
+            #- SOCIAL_AUTH_KEYCLOAK_SECRET=${SOCIAL_AUTH_KEYCLOAK_SECRET}
         volumes:
             - ./wirecloud-data:/opt/wirecloud_instance/data
             - ./wirecloud-static:/var/www/static

dev/settings.py

@@ -126,16 +126,49 @@
 # Python dotted path to the WSGI application used by Django's runserver.
 WSGI_APPLICATION = 'wirecloud_instance.wsgi.application'
 
-# FIWARE IdM configuration
-FIWARE_IDM_SERVER = os.environ.get('FIWARE_IDM_SERVER', '').strip()
-FIWARE_IDM_PUBLIC_URL = os.environ.get('FIWARE_IDM_PUBLIC_URL', FIWARE_IDM_SERVER).strip()
-SOCIAL_AUTH_FIWARE_KEY = os.environ.get('SOCIAL_AUTH_FIWARE_KEY', '').strip()
-SOCIAL_AUTH_FIWARE_SECRET = os.environ.get('SOCIAL_AUTH_FIWARE_SECRET', '').strip()
-IDM_AUTH_ENABLED = FIWARE_IDM_SERVER and SOCIAL_AUTH_FIWARE_KEY and SOCIAL_AUTH_FIWARE_SECRET
-
-if IDM_AUTH_ENABLED:
+# Handle some basic settings
+
+## String settings
+STRING_SETTINGS = (
+    "FIWARE_IDM_SERVER",
+    "FIWARE_IDM_PUBLIC_URL",
+    "SOCIAL_AUTH_FIWARE_KEY",
+    "SOCIAL_AUTH_FIWARE_SECRET",
+    "KEYCLOAK_SERVER",
+    "KEYCLOAK_REALM",
+    "KEYCLOAK_KEY",
+    "SOCIAL_AUTH_KEYCLOAK_KEY",
+    "SOCIAL_AUTH_KEYCLOAK_SECRET",
+)
+for setting in STRING_SETTINGS:
+    value = os.environ.get(setting, "").strip()
+    if value != "":
+        locals()[setting] = value
+
+## Boolean settings
+BOOLEAN_SETTINGS = (
+    "KEYCLOAK_GLOBAL_ROLE",
+)
+for setting in BOOLEAN_SETTINGS:
+    value = os.environ.get(setting, "").strip()
+    if value != "":
+        locals()[setting] = value.lower() == "true"
+
+
+# FIWARE & Keycloak configuration
+IDM_AUTH = 'fiware' if "FIWARE_IDM_SERVER" in locals() and "SOCIAL_AUTH_FIWARE_KEY" in locals() and "SOCIAL_AUTH_FIWARE_SECRET" in locals() else None
+IDM_AUTH = 'keycloak' if "KEYCLOAK_IDM_SERVER" in locals() and "KEYCLOAK_REALM" in locals() and "KEYCLOAK_KEY" in locals() and "SOCIAL_AUTH_KEYCLOAK_KEY" in locals() and "SOCIAL_AUTH_KEYCLOAK_SECRET" in locals() else IDM_AUTH
+
+if IDM_AUTH == 'fiware':
+    INSTALLED_APPS += (
+        'wirecloud.fiware',
+        'social_django',
+        'haystack',
+    )
+elif IDM_AUTH == 'keycloak':
     INSTALLED_APPS += (
         'wirecloud.fiware',
+        'wirecloud.keycloak',
         'social_django',
         'haystack',
     )
@@ -192,10 +225,14 @@
 USE_X_FORWARDED_PORT = True
 
 # Auth configuration
-if IDM_AUTH_ENABLED:
+if IDM_AUTH == 'fiware':
     AUTHENTICATION_BACKENDS = (
         'wirecloud.fiware.social_auth_backend.FIWAREOAuth2',
     )
+elif IDM_AUTH == 'keycloak':
+    AUTHENTICATION_BACKENDS = (
+        'wirecloud.keycloak.social_auth_backend.KeycloakOAuth2',
+    )
 else:
     AUTHENTICATION_BACKENDS = (
         'django.contrib.auth.backends.ModelBackend',

dev/urls.py

@@ -8,10 +8,18 @@
 
 from wirecloud.commons import authentication as wc_auth
 from wirecloud.fiware import views as wc_fiware
+from wirecloud.keycloak import views as wc_keycloak
 import wirecloud.platform.urls
 
 admin.autodiscover()
 
+login_method = django_auth.login
+if settings.IDM_AUTH == 'fiware':
+    login_method = wc_fiware.login
+
+if settings.IDM_AUTH == 'keycloak':
+    login_method = wc_keycloak.login
+
 urlpatterns = (
 
     # Catalogue
@@ -21,15 +29,15 @@
     url(r'^cdp/', include('wirecloud.proxy.urls')),
 
     # Login/logout
-    url(r'^login/?$', wc_fiware.login if settings.IDM_AUTH_ENABLED else django_auth.login, name="login"),
+    url(r'^login/?$', login_method, name="login"),
     url(r'^logout/?$', wc_auth.logout, name="logout"),
     url(r'^admin/logout/?$', wc_auth.logout),
 
     # Admin interface
     url(r'^admin/', include(admin.site.urls)),
 )
 
-if settings.IDM_AUTH_ENABLED:
+if settings.IDM_AUTH:
     urlpatterns += (url('', include('social_django.urls', namespace='social')),)
 
 urlpatterns += wirecloud.platform.urls.urlpatterns