Page MenuHomeSoftware Heritage
Differential D2130

[POC] Integrate Keycloak to authenticate users and manage permissions
AbandonedPublic
Actions

Authored by anlambert on Oct 11 2019, 4:51 PM.

Details

Reviewers
None
Group Reviewers
Reviewers
Summary

That diff is not intended to be landed as is but is rather a proof of concept regarding
the integration of Keycloak in swh-web.

Keycloak is an opensource solution for adding authentication to applications and securing
services with minimum fuss.

Instead of using the Django authentication system, every operations related to users
management are delegated to Keycloak.

That diff is an experiment of using it to authenticate users who make requests to the
swh web api and lift the rate limiting if they have the proper permission.

To test that new feature, you can use the docker-compose environment by following the
instructions located in diff D2131.

Related T2020

Test Plan

TODO, we could mock Keycloak responses by using the python-jose module in the tests implementation.

Diff Detail

Event Timeline

anlambert created this revision.Oct 11 2019, 4:51 PM
Herald added a reviewer: Reviewers. · View Herald TranscriptOct 11 2019, 4:51 PM
swh-public-ci added a comment.Oct 11 2019, 4:52 PM

Build has FAILED

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/737/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/737/console

Harbormaster failed remote builds in B8367: Diff 7157!Oct 11 2019, 4:52 PM
anlambert added a child revision: D2131: [POC] Add keycloak service and sample SoftwareHeritage realm.Oct 11 2019, 4:57 PM
anlambert edited the summary of this revision. (Show Details)Oct 11 2019, 4:57 PM
swh-public-ci added a comment.Oct 11 2019, 5:01 PM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/341/ for more details.

swh-public-ci added a comment.Oct 11 2019, 5:01 PM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/738/ for more details.

swh-public-ci added a comment.Oct 12 2019, 3:39 AM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/739/ for more details.

Harbormaster completed remote builds in B8367: Diff 7157.Oct 12 2019, 3:39 AM
vlorentz added a subscriber: vlorentz.Oct 31 2019, 3:54 PM
vlorentz added inline comments.
swh/web/common/keycloak.py
119–122

why?

swh/web/common/middlewares.py
94

it shouldn't return a 401 for *all* errors.

anlambert planned changes to this revision.Oct 31 2019, 4:24 PM

Next step: better integrate Keycloak using the Django authentication layer.

anlambert abandoned this revision.Mar 2 2020, 6:44 PM

Abandonning this POC, proper work now continues in D2746

Revision Contents
Changeset List

PathSize
1 line
3 lines
swh/
web/
api/
1 line
views/
101 lines
common/
229 lines
25 lines
18 lines
18 lines
settings/
1 line
keycloak/
79 lines

Diff 7157

View Options

MANIFEST.in

Loading...
View Options

requirements.txt

Loading...
View Options

swh/web/api/urls.py

Loading...
View Options

swh/web/api/views/auth.py

Loading...
View Options

swh/web/common/keycloak.py

Loading...
View Options

swh/web/common/middlewares.py

Loading...
View Options

swh/web/common/throttling.py

Loading...
View Options

swh/web/config.py

Loading...
View Options

swh/web/settings/common.py

Loading...
View Options

swh/web/settings/keycloak/swh_web_api_authorization_config.json

Loading...
About · Developer information · Legal