Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding import for custom security manager #525

Closed
wants to merge 6 commits into from
Closed

Adding import for custom security manager #525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
fb86a5c
Adding import for custom security manager
Maleware Aug 2, 2024
b2dff56
Changing path to custom security manager
Maleware Aug 2, 2024
75165fd
Importing AUTH_OAUTH, needed by superset_config.py
Maleware Aug 2, 2024
47668a3
Adding new imports for tests
Maleware Aug 5, 2024
30df713
Using OIDCSecurityManager
Maleware Aug 5, 2024
d79453f
Only load custom secuirty manager if product version is 4.0.1
Maleware Aug 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions rust/operator-binary/src/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,15 @@ pub const PYTHON_IMPORTS: &[&str] = &[
"from log_config import StackableLoggingConfigurator",
];

pub const PYTHON_IMPORTS_OIDC: &[&str] = &[
"import os",
"from superset.stats_logger import StatsdStatsLogger",
"from flask_appbuilder.security.manager import (AUTH_DB, AUTH_LDAP, AUTH_OAUTH, AUTH_OID, AUTH_REMOTE_USER)",
"from log_config import StackableLoggingConfigurator",
// Custom logout manager to securely logout while using Keycloak SSO. Issue: https://github.com/apache/superset/issues/24713
"from superset.security.CustomKeycloakSecurityManager import OIDCSecurityManager",
];

pub fn add_superset_config(
config: &mut BTreeMap<String, String>,
authentication_config: &SupersetClientAuthenticationDetailsResolved,
Expand Down
32 changes: 22 additions & 10 deletions rust/operator-binary/src/superset_controller.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ use strum::{EnumDiscriminants, IntoStaticStr};

use crate::{
commands::add_cert_to_python_certifi_command,
config::{self, PYTHON_IMPORTS},
config::{self, PYTHON_IMPORTS, PYTHON_IMPORTS_OIDC},
controller_commons::{self, CONFIG_VOLUME_NAME, LOG_CONFIG_VOLUME_NAME, LOG_VOLUME_NAME},
operations::{graceful_shutdown::add_graceful_shutdown_config, pdb::add_pdbs},
product_logging::{
Expand Down Expand Up @@ -521,16 +521,28 @@ fn build_rolegroup_config_map(
.cloned()
.unwrap_or_default(),
);

let mut config_file = Vec::new();
flask_app_config_writer::write::<SupersetConfigOptions, _, _>(
&mut config_file,
config_properties.iter(),
PYTHON_IMPORTS,
)
.with_context(|_| BuildRoleGroupConfigFileSnafu {
rolegroup: rolegroup.clone(),
})?;
// For superset OIDC logout, we need to import the custom security manager containing the login and logout functions
// therefore we need another import if we have version 4.0.2 ( This can change )
if resolved_product_image.product_version != "4.0.2" {
flask_app_config_writer::write::<SupersetConfigOptions, _, _>(
&mut config_file,
config_properties.iter(),
PYTHON_IMPORTS,
)
.with_context(|_| BuildRoleGroupConfigFileSnafu {
rolegroup: rolegroup.clone(),
})?;
} else {
flask_app_config_writer::write::<SupersetConfigOptions, _, _>(
&mut config_file,
config_properties.iter(),
PYTHON_IMPORTS_OIDC,
)
.with_context(|_| BuildRoleGroupConfigFileSnafu {
rolegroup: rolegroup.clone(),
})?;
}

let mut cm_builder = ConfigMapBuilder::new();

Expand Down
Loading