Page MenuHomeSoftware Heritage
Differential D4994

Enable keycloak authentication on hedgedoc
ClosedPublic
Actions

Authored by olasd on Feb 2 2021, 2:52 PM.

Details

Reviewers
ardumont
vsellier
Maniphest Tasks
T2951: Integrate hedgedoc with keycloak
Commits
rSPSITE1c3d314fddbb: Set session secret for hedgedoc
rSPSITE1d65506caa88: Enable keycloak authentication on HedgeDoc
rSPSITEed5266af59a1: Unconfuse variable names in hedgedoc manifest
rSPSITEc9c80f291c9e: Harden hedgedoc config mode
Summary
  • Harden hedgedoc config mode
  • Enable keycloak authentication on HedgeDoc (and disable user registration)
  • Unconfuse variable names in hedgedoc manifest
  • Set session secret for hedgedoc

Related to T2951

Test Plan
diff origin/production/bardo.internal.admin.swh.network current/bardo.internal.admin.swh.network
*******************************************
  File[/opt/hedgedoc/config.json] =>
   parameters =>
     content =>
      @@ -1,5 +1,5 @@
       {
           "production": {
      -        "sessionSecret": "change-this-secret",
      +        "sessionSecret": "hedgedoc::session_secret",
               "allowAnonymous": true,
               "allowAnonymousEdit": true,
      @@ -10,5 +10,16 @@
               "allowOrigin": [ "localhost", "hedgedoc.softwareheritage.org"],
               "email": true,
      -        "allowEmailRegister": true,
      +        "allowEmailRegister": false,
      +        "oauth2": {
      +            "baseURL": "https://auth.softwareheritage.org/",
      +            "userProfileURL": "https://auth.softwareheritage.org/auth/realms/SoftwareHeritage/protocol/openid-connect/userinfo",
      +            "userProfileUsernameAttr": "preferred_username",
      +            "userProfileDisplayNameAttr": "name",
      +            "userProfileEmailAttr": "email",
      +            "tokenURL": "https://auth.softwareheritage.org/auth/realms/SoftwareHeritage/protocol/openid-connect/token",
      +            "authorizationURL": "https://auth.softwareheritage.org/auth/realms/SoftwareHeritage/protocol/openid-connect/auth",
      +            "clientID": "hedgedoc",
      +            "clientSecret": "hedgedoc::keycloak::client::secret"
      +        },
               "hsts": {
                   "enable": true,
     mode =>
      - 0644
      + 0600
*******************************************
*** End octocatalog-diff on bardo.internal.admin.swh.network

Checked that the new config.json file works on the prod instance 0:-)

Diff Detail

Repository
rSPSITE puppet-swh-site
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

olasd requested review of this revision.Feb 2 2021, 2:52 PM
olasd created this revision.
Harbormaster completed remote builds in B18953: Diff 17811.Feb 2 2021, 2:52 PM
olasd updated this revision to Diff 17812.Feb 2 2021, 2:56 PM

Use the actual, working, keycloak /protocol/ URLs

Harbormaster completed remote builds in B18954: Diff 17812.Feb 2 2021, 2:56 PM
olasd edited the test plan for this revision. (Show Details)Feb 2 2021, 2:56 PM
ardumont accepted this revision.Feb 2 2021, 3:05 PM

lgtm

That was fast ;)

This revision is now accepted and ready to land.Feb 2 2021, 3:05 PM
olasd added a child revision: D4995: Programmatically set up keycloak client for hedgedoc.Feb 2 2021, 3:15 PM
olasd updated this revision to Diff 17820.Feb 2 2021, 3:53 PM

Rebase

Harbormaster completed remote builds in B18957: Diff 17820.Feb 2 2021, 3:53 PM
Closed by commit rSPSITEc9c80f291c9e: Harden hedgedoc config mode (authored by olasd). · Explain WhyFeb 2 2021, 3:54 PM
This revision was automatically updated to reflect the committed changes.
olasd added a commit: rSPSITEc9c80f291c9e: Harden hedgedoc config mode.
olasd added a commit: rSPSITEed5266af59a1: Unconfuse variable names in hedgedoc manifest.
olasd added a commit: rSPSITE1d65506caa88: Enable keycloak authentication on HedgeDoc.
olasd added a commit: rSPSITE1c3d314fddbb: Set session secret for hedgedoc.

Revision Contents
Changeset List

PathSize
site-modules/
profile/
manifests/
3 lines

Diff 17821

View Options

site-modules/profile/manifests/hedgedoc.pp

Loading...
About · Developer information · Legal