From bd0691ac6354446785fdfc1cd1ab5e0232add5c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Manelphe?= Date: Fri, 17 May 2024 14:29:48 +0200 Subject: [PATCH] feat: add keycloak authorized roles parameter --- app-batch.Dockerfile | 1 + app-web.Dockerfile | 1 + app-ws.Dockerfile | 1 + script.sh | 2 +- user-guide/arc_parameters.md | 1 + 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/app-batch.Dockerfile b/app-batch.Dockerfile index 927e280c..866b7810 100644 --- a/app-batch.Dockerfile +++ b/app-batch.Dockerfile @@ -35,6 +35,7 @@ ARG S3_OUTPUT_BUCKET ARG S3_OUTPUT_ACCESS ARG S3_OUTPUT_SECRET ARG S3_OUTPUT_PARQUET_KEY +ARG KEYCLOAK_AUTHORIZED_ROLES ARG KEYCLOAK_REALM ARG KEYCLOAK_SERVER ARG KEYCLOAK_RESOURCE diff --git a/app-web.Dockerfile b/app-web.Dockerfile index a555bd62..9c2103bf 100644 --- a/app-web.Dockerfile +++ b/app-web.Dockerfile @@ -35,6 +35,7 @@ ARG S3_OUTPUT_BUCKET ARG S3_OUTPUT_ACCESS ARG S3_OUTPUT_SECRET ARG S3_OUTPUT_PARQUET_KEY +ARG KEYCLOAK_AUTHORIZED_ROLES ARG KEYCLOAK_REALM ARG KEYCLOAK_SERVER ARG KEYCLOAK_RESOURCE diff --git a/app-ws.Dockerfile b/app-ws.Dockerfile index aa36a5ba..2a05e90a 100644 --- a/app-ws.Dockerfile +++ b/app-ws.Dockerfile @@ -35,6 +35,7 @@ ARG S3_OUTPUT_BUCKET ARG S3_OUTPUT_ACCESS ARG S3_OUTPUT_SECRET ARG S3_OUTPUT_PARQUET_KEY +ARG KEYCLOAK_AUTHORIZED_ROLES ARG KEYCLOAK_REALM ARG KEYCLOAK_SERVER ARG KEYCLOAK_RESOURCE diff --git a/script.sh b/script.sh index 1b066ac8..39064576 100755 --- a/script.sh +++ b/script.sh @@ -37,6 +37,6 @@ echo "maven settings.xml set to $MAVEN_SETTINGS"; MAVEN_CONF="-s usr/src/app/$MAVEN_SETTINGS"; fi -mvn -f /usr/src/app/pom.xml clean package -DskipTests $MAVEN_CONF -Pdocker -Denv.logSettings=$LOG_SETTINGS -Denv.urlDatabase=$DATABASE_URL -Denv.usernameDatabase=$DATABASE_USER -Denv.passwordDatabase=$DATABASE_PASSWORD -Denv.restrictedUserDatabase=$DATABASE_RESTRICTED_USER -Denv.applicationDirectory=$APPLICATION_DIRECTORY -Denv.disableDebugGui=$DISABLE_DEBUG_GUI -Denv.kubernetesApiUri=$KUBERNETES_API_URI -Denv.kubernetesApiNamespace=KUBERNETES_API_NAMESPACE -Denv.kubernetesApiTokenPath=$KUBERNETES_API_TOKEN_PATH -Denv.kubernetesApiTokenValue=$KUBERNETES_API_TOKEN_VALUE -Denv.kubernetesExecutorImage=$KUBERNETES_EXECUTOR_IMAGE -Denv.kubernetesExecutorNumber=$KUBERNETES_EXECUTOR_NUMBER -Denv.kubernetesExecutorLabel=$KUBERNETES_EXECUTOR_LABEL -Denv.kubernetesExecutorUser=$KUBERNETES_EXECUTOR_USER -Denv.kubernetesExecutorDatabase=$KUBERNETES_EXECUTOR_DATABASE -Denv.kubernetesExecutorPort=$KUBERNETES_EXECUTOR_PORT -Denv.kubernetesExecutorVolatile=$KUBERNETES_EXECUTOR_VOLATILE -Denv.processExport=$PROCESS_EXPORT -Denv.s3InputApiUri=$S3_INPUT_API_URI -Denv.s3InputBucket=$S3_INPUT_BUCKET -Denv.s3InputAccess=$S3_INPUT_ACCESS -Denv.s3InputSecret=$S3_INPUT_SECRET -Denv.s3OutputApiUri=$S3_OUTPUT_API_URI -Denv.s3OutputBucket=$S3_OUTPUT_BUCKET -Denv.s3OutputAccess=$S3_OUTPUT_ACCESS -Denv.s3OutputSecret=$S3_OUTPUT_SECRET -Denv.s3OutputParquetKey=$S3_OUTPUT_PARQUET_KEY -Denv.envExecution=$ENV_EXECUTION -Dfr.insee.keycloak.realm=$KEYCLOAK_REALM -Dfr.insee.keycloak.server=$KEYCLOAK_SERVER -Dfr.insee.keycloak.resource=$KEYCLOAK_RESOURCE -Dfr.insee.keycloak.credentials.secret=$KEYCLOAK_CREDENTIALS; +mvn -f /usr/src/app/pom.xml clean package -DskipTests $MAVEN_CONF -Pdocker -Denv.logSettings=$LOG_SETTINGS -Denv.urlDatabase=$DATABASE_URL -Denv.usernameDatabase=$DATABASE_USER -Denv.passwordDatabase=$DATABASE_PASSWORD -Denv.restrictedUserDatabase=$DATABASE_RESTRICTED_USER -Denv.applicationDirectory=$APPLICATION_DIRECTORY -Denv.disableDebugGui=$DISABLE_DEBUG_GUI -Denv.kubernetesApiUri=$KUBERNETES_API_URI -Denv.kubernetesApiNamespace=KUBERNETES_API_NAMESPACE -Denv.kubernetesApiTokenPath=$KUBERNETES_API_TOKEN_PATH -Denv.kubernetesApiTokenValue=$KUBERNETES_API_TOKEN_VALUE -Denv.kubernetesExecutorImage=$KUBERNETES_EXECUTOR_IMAGE -Denv.kubernetesExecutorNumber=$KUBERNETES_EXECUTOR_NUMBER -Denv.kubernetesExecutorLabel=$KUBERNETES_EXECUTOR_LABEL -Denv.kubernetesExecutorUser=$KUBERNETES_EXECUTOR_USER -Denv.kubernetesExecutorDatabase=$KUBERNETES_EXECUTOR_DATABASE -Denv.kubernetesExecutorPort=$KUBERNETES_EXECUTOR_PORT -Denv.kubernetesExecutorVolatile=$KUBERNETES_EXECUTOR_VOLATILE -Denv.processExport=$PROCESS_EXPORT -Denv.s3InputApiUri=$S3_INPUT_API_URI -Denv.s3InputBucket=$S3_INPUT_BUCKET -Denv.s3InputAccess=$S3_INPUT_ACCESS -Denv.s3InputSecret=$S3_INPUT_SECRET -Denv.s3OutputApiUri=$S3_OUTPUT_API_URI -Denv.s3OutputBucket=$S3_OUTPUT_BUCKET -Denv.s3OutputAccess=$S3_OUTPUT_ACCESS -Denv.s3OutputSecret=$S3_OUTPUT_SECRET -Denv.s3OutputParquetKey=$S3_OUTPUT_PARQUET_KEY -Denv.envExecution=$ENV_EXECUTION -Dfr.insee.arc.roles.admin=$KEYCLOAK_AUTHORIZED_ROLES -Dfr.insee.keycloak.realm=$KEYCLOAK_REALM -Dfr.insee.keycloak.server=$KEYCLOAK_SERVER -Dfr.insee.keycloak.resource=$KEYCLOAK_RESOURCE -Dfr.insee.keycloak.credentials.secret=$KEYCLOAK_CREDENTIALS; diff --git a/user-guide/arc_parameters.md b/user-guide/arc_parameters.md index 3cb30c27..2731744b 100644 --- a/user-guide/arc_parameters.md +++ b/user-guide/arc_parameters.md @@ -185,6 +185,7 @@ ___ | s3OutputAccess | S3_OUTPUT_ACCESS | fr.insee.arc.s3.output.access | | s3OutputSecret | S3_OUTPUT_SECRET | fr.insee.arc.s3.output.secret | | s3OutputParquetKey | S3_OUTPUT_PARQUET_KEY | fr.insee.arc.s3.output.parquet.key | +| | KEYCLOAK_AUTHORIZED_ROLES | fr.insee.arc.roles.admin | | | KEYCLOAK_REALM | fr.insee.keycloak.realm | | | KEYCLOAK_SERVER | fr.insee.keycloak.server | | | KEYCLOAK_RESOURCE | fr.insee.keycloak.resource |