Now able to use local keycloak instance with Qiita via Docker

Anna-Rehm · Anna-Rehm · commit 6bae7103a50c · 2024-05-24T13:12:16.000+02:00
diff --git a/Images/qiita/Dockerfile b/Images/qiita/Dockerfile
@@ -34,8 +34,8 @@ RUN pip install \
 	coverage
 
 #Clone the Qiita Repo
-RUN git clone -b master https://github.com/qiita-spots/qiita.git
-
+#RUN git clone -b master https://github.com/qiita-spots/qiita.git
+RUN git clone -b auth_oidc https://github.com/jlab/qiita.git
 
 #We need to install necessary dependencies
 #as well as some extra dependencies for psycopg2 to work
@@ -53,8 +53,11 @@ RUN pip install "Jinja2<3.1"
 
 
 #Configuring the Qiita Config to run inside the container
-RUN sed -i 's/BASE_URL = https:\/\/localhost:8383/BASE_URL = https:\/\/localhost:21174\//' qiita/qiita_core/support_files/config_test.cfg
-RUN sed -i 's/\/home\/runner\/work\/qiita\/qiita\//\/qiita\//' qiita/qiita_core/support_files/config_test.cfg
+#RUN sed -i 's/BASE_URL = https:\/\/localhost:8383/BASE_URL = https:\/\/localhost:21174\//' qiita/qiita_core/support_files/config_test.cfg
+#RUN sed -i 's/\/home\/runner\/work\/qiita\/qiita\//\/qiita\//' qiita/qiita_core/support_files/config_test.cfg
+
+COPY config_qiita_oidc.cfg .
+RUN chmod 777 config_qiita_oidc.cfg
 
 #Copy Bash Script to run Qiita to the container
 COPY start_qiita.sh .
diff --git a/Images/qiita/config_qiita_oidc.cfg b/Images/qiita/config_qiita_oidc.cfg
@@ -0,0 +1,257 @@
+# WARNING!!!! DO NOT MODIFY THIS FILE
+# IF YOU NEED TO PROVIDE YOUR OWN CONFIGURATION, COPY THIS FILE TO A NEW
+# LOCATION AND EDIT THE COPY
+
+# -----------------------------------------------------------------------------
+# Copyright (c) 2014--, The Qiita Development Team.
+#
+# Distributed under the terms of the BSD 3-clause License.
+#
+# The full license is in the file LICENSE, distributed with this software.
+# -----------------------------------------------------------------------------
+
+# ------------------------------ Main settings --------------------------------
+[main]
+# Change to FALSE in a production system
+TEST_ENVIRONMENT = TRUE
+
+# Absolute path to the directory where log files are saved. If not given, no
+# log file will be created
+LOG_DIR =
+
+# Whether studies require admin approval to be made available
+REQUIRE_APPROVAL = True
+
+# Base URL: DO NOT ADD TRAILING SLASH
+BASE_URL = https://localhost:21174
+
+# Download path files
+UPLOAD_DATA_DIR = /qiita/qiita_db/support_files/test_data/uploads/
+
+# Working directory path
+WORKING_DIR = /qiita/qiita_db/support_files/test_data/working_dir/
+
+# Maximum upload size (in Gb)
+MAX_UPLOAD_SIZE = 100
+
+# Path to the base directory where the data files are going to be stored
+BASE_DATA_DIR = /qiita/qiita_db/support_files/test_data/
+
+# Valid upload extension, comma separated. Empty for no uploads
+VALID_UPLOAD_EXTENSION = fastq,fastq.gz,txt,tsv,sff,fna,qual
+
+# The script used to start the qiita environment, if any
+# used to spawn private CLI to a cluster
+QIITA_ENV = source activate qiita
+
+# Script used for launching private Qiita tasks
+PRIVATE_LAUNCHER = qiita-private-launcher
+
+# Script used for launching plugins
+PLUGIN_LAUNCHER = qiita-plugin-launcher
+
+# Plugins configuration directory
+PLUGIN_DIR =
+
+# Webserver certificate file paths
+CERTIFICATE_FILE =
+KEY_FILE =
+
+# The value used to secure cookies used for user sessions. A suitable value can
+# be generated with:
+#
+# python -c "from base64 import b64encode;\
+#   from uuid import uuid4;\
+#   print b64encode(uuid4().bytes + uuid4().bytes)"
+COOKIE_SECRET = SECRET
+
+# The value used to secure JWTs for delegated permission artifact download.
+JWT_SECRET = SUPER_SECRET
+
+# Address a user should write to when asking for help
+HELP_EMAIL = foo@bar.com
+
+# The email address, Qiita sends internal notifications to a sys admin
+SYSADMIN_EMAIL = jeff@bar.com
+
+# ----------------------------- SMTP settings -----------------------------
+[smtp]
+# The hostname to connect to
+# Google: smtp.google.com
+HOST = localhost
+
+# The port to connect to the database
+# Google: 587
+PORT = 25
+
+# SSL needed (True or False)
+# Google: True
+SSL = False
+
+# The user name to connect with
+USER =
+
+# The user password to connect with
+PASSWORD =
+
+# The email to have messages sent from
+EMAIL = example@domain.com
+
+# ----------------------------- Redis settings --------------------------------
+[redis]
+HOST = localhost
+PORT = 7777
+PASSWORD =
+# The redis database you will use, redis has a max of 16.
+# Qiita should have its own database
+DB = 13
+
+# ----------------------------- Postgres settings -----------------------------
+[postgres]
+# The user name to connect to the database
+USER = postgres
+
+# The administrator user, which can be used to create/drop environments
+ADMIN_USER = postgres
+
+# The database to connect to
+DATABASE = qiita_test
+
+# The host where the database lives on
+HOST = localhost
+
+# The port to connect to the database
+PORT = 5432
+
+# The password to use to connect to the database
+PASSWORD = postgres
+
+# The postgres password for the admin_user
+ADMIN_PASSWORD = postgres
+
+# ----------------------------- Job Scheduler Settings -----------------------------
+[job_scheduler]
+# The email address of the submitter of jobs
+JOB_SCHEDULER_JOB_OWNER = user@somewhere.org
+
+# The number of seconds to wait between successive calls
+JOB_SCHEDULER__POLLING_VALUE = 15
+
+# Hard upper-limit on concurrently running validator jobs
+JOB_SCHEDULER_PROCESSING_QUEUE_COUNT = 2
+
+# ----------------------------- EBI settings -----------------------------
+[ebi]
+# The user to use when submitting to EBI
+EBI_SEQ_XFER_USER = Webin-41528
+
+# Password for the above user
+EBI_SEQ_XFER_PASS =
+
+# URL of EBI's FASP site
+EBI_SEQ_XFER_URL = webin.ebi.ac.uk
+
+# URL of EBI's HTTPS dropbox
+# live submission URL
+#EBI_DROPBOX_URL = https://www.ebi.ac.uk/ena/submit/drop-box/submit/
+# testing URL
+EBI_DROPBOX_URL = https://www-test.ebi.ac.uk/ena/submit/drop-box/submit/
+
+# The name of the sequencing center to use when doing EBI submissions
+EBI_CENTER_NAME = qiita-test
+
+# This string (with an underscore) will be prefixed to your EBI submission and
+# study aliases
+EBI_ORGANIZATION_PREFIX = example_organization
+
+# ----------------------------- VAMPS settings -----------------------------
+[vamps]
+# general info to submit to vamps
+USER = user
+PASSWORD = password
+URL = https://vamps.mbl.edu/mobe_workshop/getfile.php
+
+# ----------------------------- Portal settings -----------------------------
+[portal]
+
+# Portal the site is working under
+PORTAL = QIITA
+
+# Portal subdirectory
+PORTAL_DIR =
+
+# Full path to portal styling config file
+PORTAL_FP =
+
+# The center latitude of the world map, shown on the Stats map.
+# Defaults to 40.01027 (Boulder, CO, USA)
+STATS_MAP_CENTER_LATITUDE =
+
+# The center longitude of the world map, shown on the Stats map.
+# Defaults to -105.24827 (Boulder, CO, USA)
+STATS_MAP_CENTER_LONGITUDE =
+
+# ----------------------------- iframes settings ---------------------------
+[iframe]
+# The real world QIIMP will always need to be accessed with https because Qiita
+# runs on https too
+QIIMP = https://localhost:8898/
+
+
+# --------------------- External Identity Provider settings --------------------
+# user authentication happens per default within Qiita, i.e. when a user logs in,
+# the stored password hash and email address is compared against what a user
+# just provided. You might however, use an external identity provider (IdP) to 
+# authenticate the user like 
+#    google: https://developers.google.com/identity/protocols/oauth2 or
+#    github: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps or
+#    self hosted keycloak: https://www.keycloak.org/
+# Thus, you don't have to deal with user verification, reset passwords, ...
+# Authorization (i.e. if the authorized user is allowed to use Qiita or which
+# user level he/she gets assigned is an independent process. You can even use
+# multiple independent external identity providers!
+# Qiita currently only support the "open ID connect" protocol with the implicit flow.
+# Each identity provider comes as its own config section [oidc_foo] and needs
+# to specify the following five fields:
+#
+# Typical identity provider manage multiple "realms" and specific "clients" per realm
+# You need to contact your IdP and register Qiita as a new "client". The IdP will
+# provide you with the correct values.
+#
+# The authorization protocol requires three steps to obtain user information:
+# 1) you identify as the correct client and ask the IdP for a request code
+#    You have to forward the user to the login page of your IdP. To let the IdP
+#    know how to come back to Qiita, you need to provide a redirect URL
+# 2) you exchange the code for a user token
+# 3) you obtain information about the user for the obtaines user token
+# Typically, each step is implemented as a separate URL endpoint
+#
+# To activate IdP: comment out the following config section
+
+[oidc_localkeycloak]
+
+# client ID for Qiita as registered at your Identity Provider of choice
+CLIENT_ID = qiita
+
+# client secret to verify Qiita as the correct client. Not all IdPs require
+# a client secret!
+CLIENT_SECRET = VrZOw326Pej0mFtlHi3fFu6plQeRs1CB
+
+# redirect URL (end point in your Qiita instance), to which the IdP redirects 
+# after user types in his/her credentials. If you don't want to change code in 
+# qiita_pet/webserver.py the URL must follow the pattern:
+# base_URL/auth/login_OIDC/foo where foo is the name of this config section 
+# without the oidc_ prefix!
+REDIRECT_ENDPOINT = /auth/login_OIDC/localkeycloak
+
+# URL for step 1: obtain code
+AUTHORIZE_URL = http://localhost:8080/realms/qiita_realm/protocol/openid-connect/auth
+
+# URL for step 2: obtain user token
+ACCESS_TOKEN_URL = http://localhost:8080/realms/qiita_realm/protocol/openid-connect/token
+
+# URL for step 3: obtain user infos
+USERINFO_URL = http://localhost:8080/realms/qiita_realm/protocol/openid-connect/userinfo
+
+# a speaking label for the Identity Provider. Section name is used if empty.
+LABEL = localhost
diff --git a/Images/qiita/start_qiita.sh b/Images/qiita/start_qiita.sh
@@ -4,6 +4,8 @@
 redis-server --daemonize yes --port 7777
 redis-server --daemonize yes --port 6379
 
+export QIITA_CONFIG_FP="./config_qiita_oidc.cfg"
+
 #building the database without ontologies
 qiita-env make --no-load-ontologies
 
diff --git a/README.md b/README.md
@@ -6,5 +6,19 @@
 3. Build docker image `docker build . -f qiita/Dockerfile -t qiita`
 4. Move to folder containing compose file `cd ../..`
 5. Run docker compose `docker compose up`
-6. To stop: Run `docker compose down`
-    - Use `docker compose down --volumes`if you wish to remove the database volume as well.
+6. Open `http://localhost:21174`
+7. To stop: Run `docker compose down qiita qiita-db`
+    - Use `docker compose down --volumes`if you wish to remove the database volume as well.
+
+### IF YOU WANT TO USE LOCAL KEYCLOAK:
+
+1. Clone repository
+2. Run `docker compose up keycloak_web keycloakdb`
+3. Open `http://localhost:8080`, login admin pw admin
+4. Configure Qiita as a service, create a user
+5. Edit `config_qiita_oidc.cfg` to fit your local Keycloak configuration.
+6. Open a new terminal, move into Image Folder `cd Images/qiita`
+7. Build docker image `docker build . -f qiita/Dockerfile -t qiita`
+8. Move to folder containing compose file `cd ../..`
+9. Run docker compose `docker compose up qiita qiita-db`
+10. Open `http://localhost:21174`
