Add support to Keycloak plugin in 1.3 docker

Author: fdelavega

1.3/Dockerfile

@@ -10,7 +10,7 @@ ENV LOGLEVEL=info
 
 RUN apt-get update && \
     apt-get install -y libmemcached-dev gosu && \
-    pip install --no-cache-dir social-auth-app-django "gunicorn==19.3.0" "psycopg2==2.6" pylibmc pysolr "elasticsearch==2.4.1" && \
+    pip install --no-cache-dir social-auth-app-django "gunicorn==19.3.0" "psycopg2==2.6" pylibmc pysolr "elasticsearch==2.4.1" wirecloud-keycloak && \
     rm -rf /var/lib/apt/lists/* && \
     gosu nobody true
 

1.3/docker-compose.yml

@@ -57,6 +57,13 @@ services:
             #- FIWARE_IDM_SERVER=${FIWARE_IDM_SERVER}
             #- SOCIAL_AUTH_FIWARE_KEY=${SOCIAL_AUTH_FIWARE_KEY}
             #- SOCIAL_AUTH_FIWARE_SECRET=${SOCIAL_AUTH_FIWARE_SECRET}
+            # Uncomment the following environment variables to enable Keycloak IDM Integration
+            #- KEYCLOAK_IDM_SERVER=${KEYCLOAK_IDM_SERVER}
+            #- KEYCLOAK_REALM=${KEYCLOAK_REALM}
+            #- KEYCLOAK_KEY=${KEYCLOAK_KEY}
+            #- KEYCLOAK_GLOBAL_ROLE=${KEYCLOAK_GLOBAL_ROLE}
+            #- SOCIAL_AUTH_KEYCLOAK_KEY=${SOCIAL_AUTH_KEYCLOAK_KEY}
+            #- SOCIAL_AUTH_KEYCLOAK_SECRET=${SOCIAL_AUTH_KEYCLOAK_SECRET}
         volumes:
             - ./wirecloud-data:/opt/wirecloud_instance/data
             - ./wirecloud-static:/var/www/static

1.3/settings.py

@@ -127,15 +127,33 @@
 WSGI_APPLICATION = 'wirecloud_instance.wsgi.application'
 
 # FIWARE IdM configuration
-FIWARE_IDM_SERVER = os.environ.get('FIWARE_IDM_SERVER', '').strip()
-FIWARE_IDM_PUBLIC_URL = os.environ.get('FIWARE_IDM_PUBLIC_URL', FIWARE_IDM_SERVER).strip()
-SOCIAL_AUTH_FIWARE_KEY = os.environ.get('SOCIAL_AUTH_FIWARE_KEY', '').strip()
-SOCIAL_AUTH_FIWARE_SECRET = os.environ.get('SOCIAL_AUTH_FIWARE_SECRET', '').strip()
-IDM_AUTH_ENABLED = FIWARE_IDM_SERVER and SOCIAL_AUTH_FIWARE_KEY and SOCIAL_AUTH_FIWARE_SECRET
-
-if IDM_AUTH_ENABLED:
+IDM_AUTH = None
+if os.environ.get('FIWARE_IDM_SERVER', '').strip() != '':
+    FIWARE_IDM_SERVER = os.environ.get('FIWARE_IDM_SERVER', '').strip()
+    FIWARE_IDM_PUBLIC_URL = os.environ.get('FIWARE_IDM_PUBLIC_URL', FIWARE_IDM_SERVER).strip()
+    SOCIAL_AUTH_FIWARE_KEY = os.environ.get('SOCIAL_AUTH_FIWARE_KEY', '').strip()
+    SOCIAL_AUTH_FIWARE_SECRET = os.environ.get('SOCIAL_AUTH_FIWARE_SECRET', '').strip()
+    IDM_AUTH = 'fiware' if FIWARE_IDM_SERVER and SOCIAL_AUTH_FIWARE_KEY and SOCIAL_AUTH_FIWARE_SECRET else None
+
+elif os.environ.get('KEYCLOAK_IDM_SERVER', '').strip() != '':
+    KEYCLOAK_IDM_SERVER = os.environ.get('KEYCLOAK_IDM_SERVER', '').strip()
+    KEYCLOAK_REALM = os.environ.get('KEYCLOAK_REALM', '').strip()
+    KEYCLOAK_KEY = os.environ.get('KEYCLOAK_KEY', '').strip()
+    KEYCLOAK_GLOBAL_ROLE = os.environ.get('KEYCLOAK_GLOBAL_ROLE', '').strip() == 'True'
+    SOCIAL_AUTH_KEYCLOAK_KEY = os.environ.get('SOCIAL_AUTH_KEYCLOAK_KEY', '').strip()
+    SOCIAL_AUTH_KEYCLOAK_SECRET = os.environ.get('SOCIAL_AUTH_KEYCLOAK_SECRET', '').strip()
+    IDM_AUTH = 'keycloak' if KEYCLOAK_IDM_SERVER and KEYCLOAK_REALM and KEYCLOAK_KEY and SOCIAL_AUTH_KEYCLOAK_KEY and SOCIAL_AUTH_KEYCLOAK_SECRET else None
+
+if IDM_AUTH == 'fiware':
+    INSTALLED_APPS += (
+        'wirecloud.fiware',
+        'social_django',
+        'haystack',
+    )
+elif IDM_AUTH == 'keycloak':
     INSTALLED_APPS += (
         'wirecloud.fiware',
+        'wirecloud.keycloak',
         'social_django',
         'haystack',
     )
@@ -192,10 +210,14 @@
 USE_X_FORWARDED_PORT = True
 
 # Auth configuration
-if IDM_AUTH_ENABLED:
+if IDM_AUTH == 'fiware':
     AUTHENTICATION_BACKENDS = (
         'wirecloud.fiware.social_auth_backend.FIWAREOAuth2',
     )
+elif IDM_AUTH == 'keycloak':
+    AUTHENTICATION_BACKENDS = (
+        'wirecloud.keycloak.social_auth_backend.KeycloakOAuth2',
+    )
 else:
     AUTHENTICATION_BACKENDS = (
         'django.contrib.auth.backends.ModelBackend',

1.3/urls.py

@@ -8,10 +8,19 @@
 
 from wirecloud.commons import authentication as wc_auth
 from wirecloud.fiware import views as wc_fiware
+from wirecloud.keycloak import views as wc_keycloak
+
 import wirecloud.platform.urls
 
 admin.autodiscover()
 
+login_method = django_auth.login
+if settings.IDM_AUTH == 'fiware':
+    login_method = wc_fiware.login
+
+if settings.IDM_AUTH == 'keycloak':
+    login_method = wc_keycloak.login
+
 urlpatterns = (
 
     # Catalogue
@@ -21,15 +30,15 @@
     url(r'^cdp/', include('wirecloud.proxy.urls')),
 
     # Login/logout
-    url(r'^login/?$', wc_fiware.login if settings.IDM_AUTH_ENABLED else django_auth.login, name="login"),
+    url(r'^login/?$', login_method, name="login"),
     url(r'^logout/?$', wc_auth.logout, name="logout"),
     url(r'^admin/logout/?$', wc_auth.logout),
 
     # Admin interface
     url(r'^admin/', include(admin.site.urls)),
 )
 
-if settings.IDM_AUTH_ENABLED:
+if settings.IDM_AUTH is not None:
     urlpatterns += (url('', include('social_django.urls', namespace='social')),)
 
 urlpatterns += wirecloud.platform.urls.urlpatterns