[keycloak] use the old prefix by default

galaxy_ng/app/dynaconf_hooks.py

@@ -104,7 +104,7 @@ def configure_keycloak(settings: Dynaconf) -> Dict[str, Any]:
     #   with /auth. In newer versions, that substring no longer exists.
     #   There is a setting which can re-add that substring to make
     #   a newer system operate similar to the old.
-    KEYCLOAK_KC_HTTP_RELATIVE_PATH = settings.get("KEYCLOAK_KC_HTTP_RELATIVE_PATH", default="")
+    KEYCLOAK_KC_HTTP_RELATIVE_PATH = settings.get("KEYCLOAK_KC_HTTP_RELATIVE_PATH", default="/auth")
 
     SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = \
         settings.get("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL", default=None)

galaxy_ng/tests/unit/app/test_dynaconf_hooks.py

@@ -358,9 +358,9 @@ def test_dynaconf_hooks_authentication_backends_and_classes(
                 "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"],
                 "KEYCLOAK_URL": "https://mykeycloak:1337",
                 "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL":
-                    "https://mykeycloak:1337/realms/aap/protocol/openid-connect/auth/",
+                    "https://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/auth/",
                 "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL":
-                    "https://mykeycloak:1337/realms/aap/protocol/openid-connect/token/",
+                    "https://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/token/",
                 "GALAXY_AUTH_KEYCLOAK_ENABLED": True,
                 "GALAXY_FEATURE_FLAGS__external_authentication": True,
                 "GALAXY_TOKEN_EXPIRATION": 1440,
@@ -369,17 +369,36 @@ def test_dynaconf_hooks_authentication_backends_and_classes(
         (
             True,
             {
-                "KEYCLOAK_KC_HTTP_RELATIVE_PATH": "/auth",
+                "KEYCLOAK_KC_HTTP_RELATIVE_PATH": "",
                 "KEYCLOAK_PROTOCOL": "http",
                 "GALAXY_TOKEN_EXPIRATION": 0,
             },
             {
                 "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"],
                 "KEYCLOAK_URL": "http://mykeycloak:1337",
                 "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL":
-                    "http://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/auth/",
+                    "http://mykeycloak:1337/realms/aap/protocol/openid-connect/auth/",
                 "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL":
-                    "http://mykeycloak:1337/auth/realms/aap/protocol/openid-connect/token/",
+                    "http://mykeycloak:1337/realms/aap/protocol/openid-connect/token/",
+                "GALAXY_AUTH_KEYCLOAK_ENABLED": True,
+                "GALAXY_FEATURE_FLAGS__external_authentication": True,
+                "GALAXY_TOKEN_EXPIRATION": 0,
+            },
+        ),
+        (
+            True,
+            {
+                "KEYCLOAK_KC_HTTP_RELATIVE_PATH": "/mylittlepony",
+                "KEYCLOAK_PROTOCOL": "http",
+                "GALAXY_TOKEN_EXPIRATION": 0,
+            },
+            {
+                "INSTALLED_APPS": ["social_django", "dynaconf_merge_unique"],
+                "KEYCLOAK_URL": "http://mykeycloak:1337",
+                "SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL":
+                    "http://mykeycloak:1337/mylittlepony/realms/aap/protocol/openid-connect/auth/",
+                "SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL":
+                    "http://mykeycloak:1337/mylittlepony/realms/aap/protocol/openid-connect/token/",
                 "GALAXY_AUTH_KEYCLOAK_ENABLED": True,
                 "GALAXY_FEATURE_FLAGS__external_authentication": True,
                 "GALAXY_TOKEN_EXPIRATION": 0,

profiles/keycloak/compose.yaml

@@ -12,8 +12,8 @@ services:
   #     - "UI_EXTERNAL_LOGIN_URI={API_PROTOCOL}://{API_HOST}:{API_PORT}/login"
 
   keycloak:
-    #image: quay.io/keycloak/keycloak:legacy
-    image: quay.io/keycloak/keycloak:latest
+    image: quay.io/keycloak/keycloak:legacy
+    #image: quay.io/keycloak/keycloak:latest
     environment:
       - DB_VENDOR=POSTGRES
       - DB_ADDR=kc-postgres
@@ -25,12 +25,13 @@ services:
       - KEYCLOAK_ADMIN_PASSWORD=admin
       - KEYCLOAK_USER=admin
       - KEYCLOAK_PASSWORD=admin
+      #- KC_HTTP_RELATIVE_PATH=/auth
     ports:
       - 8080:8080
     depends_on:
       - kc-postgres
       - ldap
-    command: ['start-dev']
+    #command: ['start-dev']
 
   kc-postgres:
     image: "postgres:12"

profiles/keycloak/keycloak-playbook.yaml

@@ -17,9 +17,7 @@
     - name: Create or update AAP Keycloak realm
       community.general.keycloak_realm:
         auth_client_id: admin-cli
-        #auth_keycloak_url: http://keycloak:8080/auth
-        auth_keycloak_url: http://keycloak:8080
-        #auth_keycloak_url: http://localhost:8080
+        auth_keycloak_url: http://keycloak:8080/auth
         auth_realm: master
         auth_username: admin
         auth_password: admin
@@ -33,8 +31,7 @@
     - name: Create or update a Keycloak client
       community.general.keycloak_client:
         auth_client_id: admin-cli
-        #auth_keycloak_url: http://keycloak:8080/auth
-        auth_keycloak_url: http://keycloak:8080
+        auth_keycloak_url: http://keycloak:8080/auth
         auth_realm: master
         auth_username: admin
         auth_password: admin
@@ -161,8 +158,7 @@
 
     - name: Create Token for service Keycloak
       uri:
-        #url: "http://keycloak:8080/auth/realms/master/protocol/openid-connect/token"
-        url: "http://keycloak:8080/realms/master/protocol/openid-connect/token"
+        url: "http://keycloak:8080/auth/realms/master/protocol/openid-connect/token"
         method: POST
         body_format: form-urlencoded
         body:
@@ -240,8 +236,7 @@
 
     - name: Create LDAP configuration
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/components"
-        url: "http://keycloak:8080/admin/realms/aap/components"
+        url: "http://keycloak:8080/auth/admin/realms/aap/components"
         method: POST
         body_format: json
         body: "{{ ldap_config | to_json }}"
@@ -256,8 +251,7 @@
 
     - name: Get components
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider"
-        url: "http://keycloak:8080/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider"
+        url: "http://keycloak:8080/auth/admin/realms/aap/components?parent=aap&type=org.keycloak.storage.UserStorageProvider"
         method: GET
         status_code:
         - 200
@@ -308,8 +302,7 @@
 
     - name: Create LDAP group mapping
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/components"
-        url: "http://keycloak:8080/admin/realms/aap/components"
+        url: "http://keycloak:8080/auth/admin/realms/aap/components"
         method: POST
         body_format: json
         body: "{{ ldap_group_mapper | to_json }}"
@@ -324,8 +317,7 @@
 
     - name: Get group mapper identifier
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group"
-        url: "http://keycloak:8080/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group"
+        url: "http://keycloak:8080/auth/admin/realms/aap/components?parent={{ ldap_id }}&type=org.keycloak.storage.ldap.mappers.LDAPStorageMapper&name=group"
         method: GET
         status_code:
         - 200
@@ -341,8 +333,7 @@
 
     - name: Sync LDAP users
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync"
-        url: "http://keycloak:8080/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync"
+        url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/sync?action=triggerFullSync"
         method: POST
         status_code:
         - 200
@@ -354,8 +345,7 @@
 
     - name: Sync LDAP groups
       uri:
-        #url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak"
-        url: "http://keycloak:8080/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak"
+        url: "http://keycloak:8080/auth/admin/realms/aap/user-storage/{{ ldap_id }}/mappers/{{ keycloak_ldap_group_mapper_id }}/sync?direction=fedToKeycloak"
         method: POST
         status_code:
         - 200
@@ -373,8 +363,7 @@
         client_id: automation-hub
         state: present
         auth_client_id: admin-cli
-        #auth_keycloak_url: http://keycloak:8080/auth
-        auth_keycloak_url: http://keycloak:8080
+        auth_keycloak_url: http://keycloak:8080/auth
         auth_realm: master
         auth_username: admin
         auth_password: admin
@@ -390,17 +379,15 @@
         client_id: automation-hub
         state: present
         auth_client_id: admin-cli
-        #auth_keycloak_url: http://keycloak:8080/auth
-        auth_keycloak_url: http://keycloak:8080
+        auth_keycloak_url: http://keycloak:8080/auth
         auth_realm: master
         auth_username: admin
         auth_password: admin
       # loop: "{{ user_list.json}}"
 
     - name: Get realm public key
       uri:
-        #url: "http://keycloak:8080/auth/realms/aap"
-        url: "http://keycloak:8080/realms/aap"
+        url: "http://keycloak:8080/auth/realms/aap"
         method: GET
         status_code:
         - 200

profiles/keycloak/pulp_config.env

@@ -17,6 +17,7 @@ PULP_KEYCLOAK_PORT=8080
 PULP_KEYCLOAK_REALM=aap
 
 KEYCLOAK_REDIRECT_URL="{API_PROTOCOL}://{API_HOST}:{API_PORT}/"
+# PULP_KEYCLOAK_KC_HTTP_RELATIVE_PATH=""
 
 # Integration test settings
 HUB_TEST_AUTHENTICATION_BACKEND="keycloak"