[AAI] Keycloak integration into aai-traversal

author Sam Huang <sam.huang@yoppworks.com>

Fri, 26 Mar 2021 19:27:17 +0000 (13:27 -0600)

committer Sylvain Desbureaux <sylvain.desbureaux@orange.com>

Thu, 6 May 2021 18:33:27 +0000 (18:33 +0000)
author Sam Huang <sam.huang@yoppworks.com>
Fri, 26 Mar 2021 19:27:17 +0000 (13:27 -0600)
committer Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Thu, 6 May 2021 18:33:27 +0000 (18:33 +0000)
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties

new file mode 100644 (file)

index 0000000..dd1956b
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties
@@ -0,0 +1,13 @@
+spring.autoconfigure.exclude=\
+  org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
+  org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }}
+keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
+keycloak.realm={{ .Values.config.keycloak.realm }}
+keycloak.resource={{ .Values.config.keycloak.resource }}
+keycloak.public-client=false
+keycloak.principal-attribute=preferred_username
+
+keycloak.ssl-required=external
+keycloak.bearer-only=true
diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml

index c0bcb3b..8f1bd2d 100644 (file)
--- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
@@ -32,6 +32,7 @@ data:
  {{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
  {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
  {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
  {{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
  ---
  apiVersion: v1
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml

index 7e54f1d..dc1c010 100644 (file)
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -188,6 +188,9 @@ spec:
          - mountPath: /opt/app/aai-traversal/resources/application.properties
            name: {{ include "common.fullname" . }}-config
            subPath: application.properties
+        - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties
+          name: {{ include "common.fullname" . }}-config
+          subPath: application-keycloak.properties
          ports:
          - containerPort: {{ .Values.service.internalPort }}
          - containerPort: {{ .Values.service.internalPort2 }}
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml

index 38011a0..ad4279a 100644 (file)
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -59,7 +59,7 @@ global: # global defaults
  
      # Active spring profiles for the resources microservice
      profiles:
-      active: production,dmaap,aaf-auth
+      active: production,dmaap,aaf-auth #,keycloak
  
      # Notification event specific properties
      notification:
@@ -168,6 +168,20 @@ aai_enpoints:
  # application configuration
  config:
  
+  # configure keycloak according to your environment.
+  # don't forget to add keycloak in active profiles above (global.config.profiles)
+  keycloak:
+    host: keycloak.your.domain
+    port: 8180
+    # Specifies a set of users, credentials, roles, and groups
+    realm: aai-traversal
+    # Used by any client application for enabling fine-grained authorization for their protected resources
+    resource: aai-traversal-app
+    # If set to true, additional criteria will be added into traversal query to returns all the vertices that match
+    # the data-owner property with the given role to the user in keycloak
+    multiTenancy:
+      enabled: true
+
    # Specifies timeout information such as application specific and limits
    timeout:
      # If set to true application will timeout for queries taking longer than limit
author	Sam Huang <sam.huang@yoppworks.com>
	Fri, 26 Mar 2021 19:27:17 +0000 (13:27 -0600)
committer	Sylvain Desbureaux <sylvain.desbureaux@orange.com>
	Thu, 6 May 2021 18:33:27 +0000 (18:33 +0000)
kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties	[new file with mode: 0644]	patch \| blob
kubernetes/aai/components/aai-traversal/templates/configmap.yaml		patch \| blob \| history
kubernetes/aai/components/aai-traversal/templates/deployment.yaml		patch \| blob \| history
kubernetes/aai/components/aai-traversal/values.yaml		patch \| blob \| history