lnmch/kops-arm64
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix oauth + github example

Browse Source
This commit is contained in:
Henning Jacobs
2019-03-23 11:03:11 +01:00
parent a897aa7494
commit 5d0a8e05c7
3 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/access-control.rst
View File

@@ -17,8 +17,16 @@ Relevant configuration settings (environment variables) for OAuth are:
``CREDENTIALS_DIR``
Folder path to load client credentials from. The folder needs to contain two files: ``authcode-client-id`` and ``authcode-client-secret``.
GitHub OAuth Example
====================
TODO: how to configure
How to configure Kubernetes Operational View to use GitHub OAuth for access control (example with localhost):
* create a new GitHub OAuth application and configure ``http://localhost:8080/login/oauth/authorized`` as "Authorization Callback URL".
* create a file ``authcode-client-id`` with the contents of the generated GitHub "Client ID"
* create a file ``authcode-client-secret`` with the contents of the generated GitHub "Client Secret"
* point the ``CREDENTIALS_DIR`` environment variable to a folder with these two files
* start Kubernetes Operational View with ``OAUTHLIB_INSECURE_TRANSPORT=true`` (needed as localhost is not running with SSL/TLS), ``AUTHORIZE_URL=https://github.com/login/oauth/authorize``, and ``ACCESS_TOKEN_URL=https://github.com/login/oauth/access_token``
Screen Tokens
=============

3
kube_ops_view/main.py
View File

@@ -32,6 +32,7 @@ logger = logging.getLogger(__name__)
SERVER_STATUS = {'shutdown': False}
AUTHORIZE_URL = os.getenv('AUTHORIZE_URL')
ACCESS_TOKEN_URL = os.getenv('ACCESS_TOKEN_URL')
APP_URL = os.getenv('APP_URL')
SCOPE = os.getenv('SCOPE')
@@ -40,7 +41,7 @@ app = Flask(__name__)
oauth_blueprint = OAuth2ConsumerBlueprintWithClientRefresh(
"oauth", __name__,
authorization_url=AUTHORIZE_URL,
token_url=os.getenv('ACCESS_TOKEN_URL'),
token_url=ACCESS_TOKEN_URL,
token_url_params={'scope': SCOPE} if SCOPE else None,
)
app.register_blueprint(oauth_blueprint, url_prefix="/login")

5
kube_ops_view/oauth.py
View File

@@ -11,10 +11,11 @@ class OAuth2ConsumerBlueprintWithClientRefresh(OAuth2ConsumerBlueprint):
def refresh_credentials(self):
with open(os.path.join(CREDENTIALS_DIR, 'authcode-client-id')) as fd:
self.client_id = fd.read().strip()
# note that we need to set two attributes because of how OAuth2ConsumerBlueprint works :-/
self._client_id = self.client_id = fd.read().strip()
with open(os.path.join(CREDENTIALS_DIR, 'authcode-client-secret')) as fd:
self.client_secret = fd.read().strip()
def login(self):
self.refresh_credentials()
return super()
return super().login()