From b8cfa4fd3c3f0885445be489acf209cb9b38f466 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 9 Nov 2023 11:09:11 -0500 Subject: [PATCH] fixed backwards compatibility with multiple auths --- .../bin/local_development_environment_setup | 29 ++++++++++++------- .../spiffworkflow_backend/config/default.py | 29 ++++++++++++------- 2 files changed, 37 insertions(+), 21 deletions(-) diff --git a/spiffworkflow-backend/bin/local_development_environment_setup b/spiffworkflow-backend/bin/local_development_environment_setup index 138ed4e39..95286349c 100755 --- a/spiffworkflow-backend/bin/local_development_environment_setup +++ b/spiffworkflow-backend/bin/local_development_environment_setup @@ -35,18 +35,25 @@ elif [[ "$process_model_dir" == "localopenid" ]]; then export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_id="spiffworkflow-backend" export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_secret="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" export SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME="example.yml" -else - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__identifier="keycloak_internal" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__label="I am a Core Contributor" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__uri="http://localhost:7002/realms/spiffworkflow" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_id="spiffworkflow-backend" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_secret="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__identifier="openid" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__label="I am a vendor" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__uri="http://localhost:$port/openid" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__client_id="spiffworkflow-backend" - export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__client_secret="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" +# else # uncomment to test multiple auths +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__identifier="keycloak_internal" +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__label="I am a Core Contributor" +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__uri="http://localhost:7002/realms/spiffworkflow" +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_id="spiffworkflow-backend" +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_secret="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" +# +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__identifier="openid" +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__label="I am a vendor" +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__uri="http://localhost:$port/openid" +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__client_id="spiffworkflow-backend" +# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__client_secret="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" + +# else # uncomment to test specfied +# export SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL="http://localhost:7002/realms/spiffworkflow" +# export SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID="spiffworkflow-backend" +# export SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" + fi if [[ -z "${SPIFFWORKFLOW_BACKEND_ENV:-}" ]]; then diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index 70349f71f..d07bb6886 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -1,5 +1,6 @@ import re from os import environ +from typing import Any from spiffworkflow_backend.config.normalized_environment import normalized_environment @@ -8,7 +9,7 @@ from spiffworkflow_backend.config.normalized_environment import normalized_envir # is a benefit of the status quo and having them all in this file explicitly. -def config_from_env(variable_name: str, *, default: str | bool | int | None = None) -> None: +def config_from_env(variable_name: str, *, default: str | bool | int | None = None) -> Any: value_from_env: str | None = environ.get(variable_name) if value_from_env == "": value_from_env = None @@ -30,6 +31,7 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No # the value set in the variable here. It is better to set the variables like # normal in them so they can take effect. globals()[variable_name] = value_to_return + return value_to_return configs_with_structures = normalized_environment(environ) @@ -91,15 +93,22 @@ config_from_env("SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS") if "SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS" in configs_with_structures: SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS = configs_with_structures["SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS"] else: - SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS = [ - { - "identifier": "default", - "label": "Default", - "uri": "http://localhost:7002/realms/spiffworkflow", - "client_id": "spiffworkflow-backend", - "client_secret": "JXeQExm0JhQPLumgHtIIqf52bDalHz0q", - } - ] + # do this for now for backwards compatibility + url_config = config_from_env("SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL") + if url_config is not None: + SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = url_config + config_from_env("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID") + config_from_env("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY") + else: + SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS = [ + { + "identifier": "default", + "label": "Default", + "uri": "http://localhost:7002/realms/spiffworkflow", + "client_id": "spiffworkflow-backend", + "client_secret": "JXeQExm0JhQPLumgHtIIqf52bDalHz0q", + } + ] ### logs # loggers to use is a comma separated list of logger prefixes that we will be converted to list of strings