Compiling keycloak agnostic config

InseeFrLab · Oct 9, 2023 · b559356 · b559356
1 parent 422c5da
commit b559356
Show file tree

Hide file tree

Showing 10 changed files with 148 additions and 140 deletions.
diff --git a/web/src/core/adapters/oidc/createOidcOrFallback.ts b/web/src/core/adapters/oidc/createOidcOrFallback.ts
@@ -2,42 +2,39 @@ import type { Oidc } from "../../ports/Oidc";
 import { assert } from "tsafe/assert";
 
 export async function createOidcOrFallback(params: {
-    keycloakParams:
+    oidcParams:
         | {
-              url?: string;
-              realm?: string;
+              authority?: string;
               clientId: string;
           }
         | undefined;
     fallback:
         | {
-              keycloakParams: {
-                  url: string;
+              oidcParams: {
+                  authority: string;
                   clientId: string;
-                  realm: string;
               };
               oidc: Oidc.LoggedIn;
           }
         | undefined;
 }): Promise<Oidc.LoggedIn> {
-    const { keycloakParams, fallback } = params;
+    const { oidcParams, fallback } = params;
 
     const wrap = (() => {
-        const { url, realm, clientId } = {
-            ...fallback?.keycloakParams,
-            ...keycloakParams
+        const { authority, clientId } = {
+            ...fallback?.oidcParams,
+            ...oidcParams
         };
 
         assert(
-            url !== undefined && clientId !== undefined && realm !== undefined,
-            "There is no specific keycloak config in the region for s3 and no keycloak config to fallback to"
+            authority !== undefined && clientId !== undefined,
+            "There is no specific oidc config in the region for satellite service and no oidc config to fallback to"
         );
 
         if (
             fallback !== undefined &&
-            url === fallback.keycloakParams.url &&
-            realm === fallback.keycloakParams.realm &&
-            clientId === fallback.keycloakParams.clientId
+            authority === fallback.oidcParams.authority &&
+            clientId === fallback.oidcParams.clientId
         ) {
             return {
                 "type": "oidc client",
@@ -47,7 +44,7 @@ export async function createOidcOrFallback(params: {
 
         return {
             "type": "keycloak params",
-            "keycloakParams": { url, realm, clientId }
+            "oidcParams": { authority, clientId }
         } as const;
     })();
 
@@ -58,7 +55,8 @@ export async function createOidcOrFallback(params: {
             const { createOidc } = await import("./oidc");
 
             const oidc = await createOidc({
-                ...wrap.keycloakParams,
+                "authority": wrap.oidcParams.authority,
+                "clientId": wrap.oidcParams.clientId,
                 "transformUrlBeforeRedirect": url => url,
                 "getUiLocales": () => "en"
             });

diff --git a/web/src/core/adapters/oidc/oidc.ts b/web/src/core/adapters/oidc/oidc.ts
@@ -27,7 +27,7 @@ export async function createOidc(params: {
         "silent_redirect_uri": `${window.location.origin}/silent-sso.html`
     });
 
-    const configHash = fnv1aHashToHex(`${url} ${realm} ${clientId}`);
+    const configHash = fnv1aHashToHex(`${authority} ${clientId}`);
     const configHashKey = "configHash";
 
     const login: Oidc.NotLoggedIn["login"] = async () => {

diff --git a/web/src/core/adapters/onyxiaApi.ts b/web/src/core/adapters/onyxiaApi.ts
@@ -131,10 +131,9 @@ export function createOnyxiaApi(params: {
                             };
                             initScript: string;
                             k8sPublicEndpoint: {
-                                keycloakParams?: {
-                                    clientId: string;
-                                    realm: string;
-                                    URL: string;
+                                oidcConfiguration?: {
+                                    issuerURI?: string;
+                                    clientID: string;
                                 };
                                 URL?: string;
                             };
@@ -144,10 +143,9 @@ export function createOnyxiaApi(params: {
                                 monitoring?: {
                                     URLPattern: string;
                                 };
-                                keycloakParams?: {
-                                    URL?: string;
-                                    realm?: string;
-                                    clientId: string;
+                                oidcConfiguration?: {
+                                    issuerURI?: string;
+                                    clientID: string;
                                 };
                                 defaultDurationSeconds?: number;
                             } & (
@@ -169,10 +167,9 @@ export function createOnyxiaApi(params: {
                             kvEngine: string;
                             role: string;
                             authPath?: string;
-                            keycloakParams?: {
-                                URL?: string;
-                                realm?: string;
-                                clientId: string;
+                            oidcConfiguration?: {
+                                issuerURI?: string;
+                                clientID: string;
                             };
                         };
                         proxyInjection?: {
@@ -192,17 +189,10 @@ export function createOnyxiaApi(params: {
                             pathToCaBundle: string;
                         };
                     }[];
-                    authenticationInfo?:
-                        | {
-                              mode: "none";
-                          }
-                        | {
-                              mode: "openidconnect";
-                              oidcConfiguration: {
-                                  issuerURI: string;
-                                  clientID: string;
-                              };
-                          };
+                    oidcConfiguration?: {
+                        issuerURI: string;
+                        clientID: string;
+                    };
                 }>("/public/configuration")
                 .then(({ data }) => ({
                     "regions": data.regions.map(
@@ -230,13 +220,14 @@ export function createOnyxiaApi(params: {
                                 const common: DeploymentRegion.S3.Common = {
                                     "monitoringUrlPattern": S3.monitoring?.URLPattern,
                                     "defaultDurationSeconds": S3.defaultDurationSeconds,
-                                    "keycloakParams":
-                                        S3.keycloakParams === undefined
+                                    "oidcParams":
+                                        S3.oidcConfiguration === undefined
                                             ? undefined
                                             : {
-                                                  "url": S3.keycloakParams.URL,
-                                                  "realm": S3.keycloakParams.realm,
-                                                  "clientId": S3.keycloakParams.clientId
+                                                  "authority":
+                                                      S3.oidcConfiguration.issuerURI,
+                                                  "clientId":
+                                                      S3.oidcConfiguration.clientID
                                               }
                                 };
 
@@ -291,15 +282,16 @@ export function createOnyxiaApi(params: {
                                           "kvEngine": vault.kvEngine,
                                           "role": vault.role,
                                           "authPath": vault.authPath,
-                                          "keycloakParams":
-                                              vault.keycloakParams === undefined
+                                          "oidcParams":
+                                              vault.oidcConfiguration === undefined
                                                   ? undefined
                                                   : {
-                                                        "url": vault.keycloakParams.URL,
-                                                        "realm":
-                                                            vault.keycloakParams.realm,
+                                                        "authority":
+                                                            vault.oidcConfiguration
+                                                                .issuerURI,
                                                         "clientId":
-                                                            vault.keycloakParams.clientId
+                                                            vault.oidcConfiguration
+                                                                .clientID
                                                     }
                                       };
                             })(),
@@ -314,19 +306,19 @@ export function createOnyxiaApi(params: {
                                     ? undefined
                                     : {
                                           "url": k8sPublicEndpoint.URL,
-                                          "keycloakParams":
-                                              k8sPublicEndpoint.keycloakParams ===
+                                          "oidcParams":
+                                              k8sPublicEndpoint.oidcConfiguration ===
                                               undefined
                                                   ? undefined
                                                   : {
-                                                        "url": k8sPublicEndpoint
-                                                            .keycloakParams.URL,
-                                                        "realm":
+                                                        "authority":
                                                             k8sPublicEndpoint
-                                                                .keycloakParams.realm,
+                                                                .oidcConfiguration
+                                                                .issuerURI,
                                                         "clientId":
                                                             k8sPublicEndpoint
-                                                                .keycloakParams.clientId
+                                                                .oidcConfiguration
+                                                                .clientID
                                                     }
                                       };
                             })(),
@@ -335,24 +327,13 @@ export function createOnyxiaApi(params: {
                             "resources": region.services.defaultConfiguration?.resources
                         })
                     ),
-                    "oidcParams": (() => {
-                        const { authenticationInfo } = data;
-
-                        if (authenticationInfo === undefined) {
-                            return undefined;
-                        }
-
-                        if (authenticationInfo.mode !== "openidconnect") {
-                            return undefined;
-                        }
-
-                        const { oidcConfiguration } = authenticationInfo;
-
-                        return {
-                            "authority": oidcConfiguration.issuerURI,
-                            "clientId": oidcConfiguration.clientID
-                        };
-                    })()
+                    "oidcParams":
+                        data.oidcConfiguration === undefined
+                            ? undefined
+                            : {
+                                  "authority": data.oidcConfiguration.issuerURI,
+                                  "clientId": data.oidcConfiguration.clientID
+                              }
                 }))
                 .catch(onError)
         ),

diff --git a/web/src/core/core.ts b/web/src/core/core.ts
@@ -15,21 +15,14 @@ import type { Language } from "./ports/OnyxiaApi/Language";
 type CoreParams = {
     /** Empty string for using mock */
     apiUrl: string;
-    /** Default: false, only considered if using mocks */
-    isUserInitiallyLoggedIn?: boolean;
     transformUrlBeforeRedirectToLogin: (url: string) => string;
     getCurrentLang: () => Language;
     disablePersonalInfosInjectionInGroup: boolean;
     isCommandBarEnabledByDefault: boolean;
 };
 
 export async function createCore(params: CoreParams) {
-    const {
-        apiUrl,
-        isUserInitiallyLoggedIn = false,
-        transformUrlBeforeRedirectToLogin,
-        getCurrentLang
-    } = params;
+    const { apiUrl, transformUrlBeforeRedirectToLogin, getCurrentLang } = params;
 
     let oidc: Oidc | undefined = undefined;
 
@@ -83,13 +76,15 @@ export async function createCore(params: CoreParams) {
         return onyxiaApi;
     })();
 
+    let oidcParams: { authority: string; clientId: string } | undefined = undefined;
+
     oidc = await (async () => {
-        const { oidcParams } = await onyxiaApi.getAvailableRegionsAndOidcParams();
+        oidcParams = (await onyxiaApi.getAvailableRegionsAndOidcParams()).oidcParams;
 
         if (oidcParams === undefined) {
             const { createOidc } = await import("core/adapters/oidcMock");
 
-            return createOidc({ isUserInitiallyLoggedIn });
+            return createOidc({ "isUserInitiallyLoggedIn": false });
         }
 
         const { createOidc } = await import("core/adapters/oidc");
@@ -130,8 +125,8 @@ export async function createCore(params: CoreParams) {
         const { s3: s3Params, vault: vaultParams } = usecases.deploymentRegion.selectors.selectedDeploymentRegion(core.getState());
 
         /* prettier-ignore */
-        const fallbackOidc = keycloakParams === undefined ? undefined : {
-            "keycloakParams": keycloakParams,
+        const fallback = oidcParams === undefined ? undefined : {
+            oidcParams,
             oidc
         };
 
@@ -151,12 +146,12 @@ export async function createCore(params: CoreParams) {
             );
 
             return createS3Client({
-                "oidc": await createOidcOrFallback({
-                    "keycloakParams": s3Params.keycloakParams,
-                    "fallback": fallbackOidc
-                }),
                 ...getCreateS3ClientParams({ s3Params }),
-                "createAwsBucket": onyxiaApi.createAwsBucket
+                "createAwsBucket": onyxiaApi.createAwsBucket,
+                "oidc": await createOidcOrFallback({
+                    "oidcParams": s3Params.oidcParams,
+                    fallback
+                })
             });
         })();
 
@@ -176,8 +171,8 @@ export async function createCore(params: CoreParams) {
                 "url": vaultParams.url,
                 "authPath": vaultParams.authPath,
                 "oidc": await createOidcOrFallback({
-                    "keycloakParams": vaultParams.keycloakParams,
-                    "fallback": fallbackOidc
+                    "oidcParams": vaultParams.oidcParams,
+                    fallback
                 })
             });
         })();
@@ -190,6 +185,8 @@ export async function createCore(params: CoreParams) {
         await core.dispatch(
             usecases.restorablePackageConfigs.protectedThunks.initialize()
         );
+
+        await core.dispatch(usecases.userAccountManagement.protectedThunks.initialize());
     }
 
     return core;

diff --git a/web/src/core/ports/OnyxiaApi/DeploymentRegion.ts b/web/src/core/ports/OnyxiaApi/DeploymentRegion.ts
@@ -32,10 +32,9 @@ export type DeploymentRegion = {
               kvEngine: string;
               role: string;
               authPath: string | undefined;
-              keycloakParams:
+              oidcParams:
                   | {
-                        url: string | undefined;
-                        realm: string | undefined;
+                        authority?: string;
                         clientId: string;
                     }
                   | undefined;
@@ -65,10 +64,9 @@ export type DeploymentRegion = {
     kubernetes:
         | {
               url: string;
-              keycloakParams:
+              oidcParams:
                   | {
-                        url: string;
-                        realm: string;
+                        authority?: string;
                         clientId: string;
                     }
                   | undefined;
@@ -100,10 +98,9 @@ export namespace DeploymentRegion {
         export type Common = {
             defaultDurationSeconds: number | undefined;
             monitoringUrlPattern: string | undefined;
-            keycloakParams:
+            oidcParams:
                 | {
-                      url: string | undefined;
-                      realm: string | undefined;
+                      authority?: string;
                       clientId: string;
                   }
                 | undefined;

diff --git a/web/src/core/usecases/deploymentRegion.ts b/web/src/core/usecases/deploymentRegion.ts
@@ -41,7 +41,8 @@ export const protectedThunks = {
         async (...args) => {
             const [dispatch, , { onyxiaApi }] = args;
 
-            const availableDeploymentRegions = await onyxiaApi.getAvailableRegions();
+            const { regions: availableDeploymentRegions } =
+                await onyxiaApi.getAvailableRegionsAndOidcParams();
 
             let previouslySelectedRegionIdFromLocalStorage =
                 localStorage.getItem(localStorageKey);