Adding a separate oidc version of the image (#352)

* Adding a seperate oidc version of the image * fixing linting issue * fixup * changing typing hints to Flask * more fixup :) * Moving oidc deps to setup.py extras

Adding a separate oidc version of the image (#352)
* Adding a seperate oidc version of the image * fixing linting issue * fixup * changing typing hints to Flask * more fixup :) * Moving oidc deps to setup.py extras
c9ce3d36 · Luke Lowery · Tao Feng · f260a792 · c9ce3d36 · c9ce3d36
Commit c9ce3d36 authored Dec 19, 2019 by Luke Lowery Committed by Tao Feng Dec 19, 2019
Showing with 73 additions and 4 deletions

Makefile Makefile +12 -1

config.py amundsen_application/config.py +3 -2

oidc_config.py amundsen_application/oidc_config.py +38 -0

public.Dockerfile public.Dockerfile +17 -1

setup.py setup.py +3 -0

No files found.
--- a/Makefile
+++ b/Makefile
 IMAGE := amundsendev/amundsen-frontend
+OIDC_IMAGE := ${IMAGE}-oidc
 VERSION:= $(shell grep -m 1 '__version__' setup.py | cut -d '=' -f 2 | tr -d "'" | tr -d '[:space:]')

 .PHONY: clean
@@ -32,5 +33,15 @@ push-image:
 	docker push ${IMAGE}:${VERSION}
 	docker push ${IMAGE}:latest

+.PHONY: oidc-image
+oidc-image:
+	docker build -f public.Dockerfile --target=oidc-release -t ${OIDC_IMAGE}:${VERSION} .
+	docker tag ${OIDC_IMAGE}:${VERSION} ${OIDC_IMAGE}:latest
+
+.PHONY: push-odic-image
+push-oidc-image:
+	docker push ${OIDC_IMAGE}:${VERSION}
+	docker push ${OIDC_IMAGE}:latest
+
 .PHONY: build-push-image
-build-push-image: image push-image
+build-push-image: image oidc-image push-image push-oidc-image
--- a/amundsen_application/config.py
+++ b/amundsen_application/config.py
 import os
 from typing import Callable, Dict, Optional, Set  # noqa: F401
+from amundsen_application.models.user import User

 from flask import Flask  # noqa: F401

@@ -69,9 +70,9 @@ class LocalConfig(Config):
    # Please note that if specified, this will ignore following config properties:
    # 1. METADATASERVICE_REQUEST_HEADERS
    # 2. SEARCHSERVICE_REQUEST_HEADERS
-    REQUEST_HEADERS_METHOD = None
+    REQUEST_HEADERS_METHOD: Optional[Callable[[Flask], Optional[Dict]]] = None

-    AUTH_USER_METHOD = None  # type: Optional[function]
+    AUTH_USER_METHOD: Optional[Callable[[Flask], User]] = None
    GET_PROFILE_URL = None



--- a/amundsen_application/oidc_config.py
+++ b/amundsen_application/oidc_config.py
+from typing import Dict, Optional
+from flask import Flask
+from amundsen_application.config import LocalConfig
+from amundsen_application.models.user import load_user, User
+
+
+def get_access_headers(app: Flask) -> Optional[Dict]:
+    """
+    Function to retrieve and format the Authorization Headers
+    that can be passed to various microservices who are expecting that.
+    :param oidc: OIDC object having authorization information
+    :return: A formatted dictionary containing access token
+    as Authorization header.
+    """
+    try:
+        access_token = app.oidc.get_access_token()
+        return {'Authorization': 'Bearer {}'.format(access_token)}
+    except Exception:
+        return None
+
+
+def get_auth_user(app: Flask) -> User:
+    """
+    Retrieves the user information from oidc token, and then makes
+    a dictionary 'UserInfo' from the token information dictionary.
+    We need to convert it to a class in order to use the information
+    in the rest of the Amundsen application.
+    :param app: The instance of the current app.
+    :return: A class UserInfo (Note, there isn't a UserInfo class, so we use Any)
+    """
+    from flask import g
+    user_info = load_user(g.oidc_id_token)
+    return user_info
+
+
+class OidcConfig(LocalConfig):
+    AUTH_USER_METHOD = get_auth_user
+    REQUEST_HEADERS_METHOD = get_access_headers
--- a/public.Dockerfile
+++ b/public.Dockerfile
@@ -8,7 +8,7 @@ RUN npm install
 COPY amundsen_application/static /app/amundsen_application/static
 RUN npm run build

-FROM python:3.7-slim
+FROM python:3.7-slim as base
 WORKDIR /app
 RUN pip3 install gunicorn

@@ -20,3 +20,19 @@ COPY . /app
 RUN python3 setup.py install

 CMD [ "python3",  "amundsen_application/wsgi.py" ]
+
+FROM base as oidc-release
+
+RUN pip3 install .[oidc]
+ENV FRONTEND_SVC_CONFIG_MODULE_CLASS amundsen_application.oidc_config.OidcConfig
+ENV APP_WRAPPER flaskoidc
+ENV APP_WRAPPER_CLASS FlaskOIDC
+ENV FLASK_OIDC_WHITELISTED_ENDPOINTS status,healthcheck,health
+ENV FLASK_OIDC_SQLALCHEMY_DATABASE_URI sqlite:///sessions.db
+
+# You will need to set these environment variables in order to use the oidc image
+# FLASK_OIDC_CLIENT_SECRETS - a path to a client_secrets.json file
+# FLASK_OIDC_SECRET_KEY - A secret key from your oidc provider
+# You will also need to mount a volume for the clients_secrets.json file.
+
+FROM base as release
--- a/setup.py
+++ b/setup.py
@@ -48,6 +48,9 @@ setup(
    include_package_data=True,
    dependency_links=[],
    install_requires=requirements,
+    extras_require={
+        'oidc': ['flaskoidc==0.0.2']
+    },
    python_requires=">=3.6",
    entry_points="""
        [action_log.post_exec.plugin]