read KEYCLOAK_CLIENT_SECRET from secret and env var + update setups t…

…o 24.7.1
orthanc-team · Jul 3, 2024 · 8b54a76 · 8b54a76
1 parent 623d0ad
commit 8b54a76
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 22 deletions.
diff --git a/minimal-setup/basic-auth/docker-compose.yml b/minimal-setup/basic-auth/docker-compose.yml
@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:24.6.1
+    image: orthancteam/orthanc-nginx:24.7.1
     depends_on: [orthanc, orthanc-auth-service, orthanc-for-shares]
     restart: unless-stopped
     ports: ["80:80"]
@@ -23,7 +23,7 @@ services:
       ENABLE_OHIF: "true"
 
   orthanc:
-    image: orthancteam/orthanc:24.6.2
+    image: orthancteam/orthanc:24.7.1
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -64,7 +64,7 @@ services:
         }
 
   orthanc-for-shares:
-    image: orthancteam/orthanc:24.6.2
+    image: orthancteam/orthanc:24.7.1
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -107,7 +107,7 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:24.6.1
+    image: orthancteam/orthanc-auth-service:24.7.1
     restart: unless-stopped
     environment:
       SECRET_KEY: "change-me-I-am-a-secret-key"
@@ -121,7 +121,7 @@ services:
         }
 
   ohif:
-    image: orthancteam/ohif-v3:24.6.1
+    image: orthancteam/ohif-v3:24.7.1
 #  uncomment if you want to customize ohif configuration
 #    volumes:
 #      - ./ohif-app-config.js:/usr/share/nginx/html/app-config.js

diff --git a/minimal-setup/keycloak-meddream-full/docker-compose.yml b/minimal-setup/keycloak-meddream-full/docker-compose.yml
@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:24.6.1
+    image: orthancteam/orthanc-nginx:24.7.1
     depends_on: [orthanc, orthanc-auth-service, orthanc-for-api, meddream-viewer, keycloak]
     restart: unless-stopped
     ports: ["80:80"]
@@ -24,7 +24,7 @@ services:
       ENABLE_ORTHANC_FOR_API: "true"
 
   orthanc:
-    image: orthancteam/orthanc:24.6.2
+    image: orthancteam/orthanc:24.7.1
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -76,7 +76,7 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:24.6.1
+    image: orthancteam/orthanc-auth-service:24.7.1
     depends_on: [keycloak, meddream-token-service]
     # permissions can be customized in the permissions.json file
     volumes:
@@ -85,6 +85,8 @@ services:
     environment:
       SECRET_KEY: "change-me-I-am-a-secret-key"
       ENABLE_KEYCLOAK: "true"
+#      # to enable the permissions edition UI in OE2, you need to provide a KEYCLOAK_CLIENT_SECRET
+#      KEYCLOAK_CLIENT_SECRET: "change-me-I-am-a-secret-you-get-in-keycloak-admin-ui"
       PUBLIC_ORTHANC_ROOT: "http://localhost/orthanc/"
       PUBLIC_LANDING_ROOT: "http://localhost/orthanc/ui/app/token-landing.html"
       USERS: |
@@ -102,7 +104,7 @@ services:
       POSTGRES_HOST_AUTH_METHOD: "trust"
 
   keycloak:
-    image: orthancteam/orthanc-keycloak:24.6.1
+    image: orthancteam/orthanc-keycloak:24.7.1
     depends_on: [keycloak-db]
     restart: unless-stopped
     environment:
@@ -125,11 +127,11 @@ services:
       POSTGRES_DB: "keycloak"
 
   meddream-token-service:
-    image: orthancteam/meddream-token-service:24.6.1
+    image: orthancteam/meddream-token-service:24.7.1
     restart: unless-stopped
 
   meddream-viewer:
-    image: orthancteam/meddream-viewer:24.6.1
+    image: orthancteam/meddream-viewer:24.7.1
     restart: unless-stopped
     depends_on:
       - orthanc-for-api
@@ -151,7 +153,7 @@ services:
 
   # An orthanc dedicated for API accesses and also used by MedDream
   orthanc-for-api:
-    image: orthancteam/orthanc:24.6.2
+    image: orthancteam/orthanc:24.7.1
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
       - ./meddream-plugin.py:/scripts/meddream-plugin.py

diff --git a/minimal-setup/keycloak/docker-compose.yml b/minimal-setup/keycloak/docker-compose.yml
@@ -6,7 +6,7 @@ version: "3"
 services:
 
   nginx:
-    image: orthancteam/orthanc-nginx:24.6.1
+    image: orthancteam/orthanc-nginx:24.7.1
     depends_on: [orthanc, orthanc-auth-service, keycloak]
     restart: unless-stopped
     ports: ["80:80"]
@@ -24,8 +24,7 @@ services:
       ENABLE_OHIF: "true"
 
   orthanc:
-# to use OHIF-plugin:  use the master-unstable image
-    image: orthancteam/orthanc-pre-release:master-unstable
+    image: orthancteam/orthanc:24.7.1
     volumes:
       - orthanc-storage:/var/lib/orthanc/db
     depends_on: [orthanc-db]
@@ -91,7 +90,7 @@ services:
         }
 
   orthanc-auth-service:
-    image: orthancteam/orthanc-auth-service:24.6.1
+    image: orthancteam/orthanc-auth-service:24.7.1
     # always disable port mapping in production !!!
     # ports: ["8000:8000"]
     # permissions can be customized in the permissions.json file
@@ -103,7 +102,9 @@ services:
       SECRET_KEY: "change-me-I-am-a-secret-key"
       ENABLE_KEYCLOAK: "true"
 #      ENABLE_KEYCLOAK_API_KEYS: "true"
+#      # to enable the permissions edition UI in OE2, you need to provide a KEYCLOAK_CLIENT_SECRET
 #      KEYCLOAK_CLIENT_SECRET: "change-me-I-am-a-secret-you-get-in-keycloak-admin-ui"
+      KEYCLOAK_CLIENT_SECRET: "TxOYLTicpl1iZIO0XgWzSE0jzmA40mb5"
       PUBLIC_ORTHANC_ROOT: "http://localhost/orthanc/"
       PUBLIC_LANDING_ROOT: "http://localhost/orthanc/ui/app/token-landing.html"
       # to use OHIF-plugin:  make sure to use http://localhost/orthanc/ohif/
@@ -123,15 +124,15 @@ services:
 
 # to use OHIF-plugin: you don't need this container
   ohif:
-    image: orthancteam/ohif-v3:24.6.1
+    image: orthancteam/ohif-v3:24.7.1
 #  uncomment if you want to customize ohif configuration
 #    volumes:
 #      - ./ohif-app-config.js:/usr/share/nginx/html/app-config.js
     restart: unless-stopped
 
 
   keycloak:
-    image: orthancteam/orthanc-keycloak:24.6.1
+    image: orthancteam/orthanc-keycloak:24.7.1
     depends_on: [keycloak-db]
     restart: unless-stopped
 #    healthcheck:

diff --git a/release-notes.md b/release-notes.md
@@ -4,7 +4,9 @@ SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL <[email protected]>
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
 
-v 24.6.1
+- fix: read KEYCLOAK_CLIENT_SECRET from secrets or environment variable
+
+v 24.7.1
 ========
 
 - when requesting a user-profile with e.g. a basic auth token, the auth-service now

diff --git a/sources/ohif/Dockerfile.ohif-v3 b/sources/ohif/Dockerfile.ohif-v3
@@ -9,7 +9,7 @@ FROM node:18.16.1-slim as builder
 RUN apt-get update && apt-get install -y git
 
 WORKDIR /sources
-RUN git clone https://github.com/OHIF/Viewers.git && cd /sources/Viewers && git checkout v3.9.0-beta.50
+RUN git clone https://github.com/OHIF/Viewers.git && cd /sources/Viewers && git checkout v3.9.0-beta.56
 
 WORKDIR /sources/Viewers
 

diff --git a/sources/orthanc_auth_service/app.py b/sources/orthanc_auth_service/app.py
@@ -17,7 +17,7 @@
 from shares.keycloak import create_keycloak_from_secrets
 from shares.roles_configuration import RolesConfiguration
 from shares.keycloak_admin import KeycloakAdmin
-from shares.utils.utils import get_secret_or_die
+from shares.utils.utils import get_secret_or_die, is_secret_defined
 
 logging.basicConfig(level=logging.DEBUG)
 
@@ -46,7 +46,7 @@
         logging.warning("ENABLE_KEYCLOAK_API_KEYS is set, using keycloak to handle api-keys")
         needKeycloakAdmin = True
 
-    if needKeycloakAdmin or os.environ.get("KEYCLOAK_CLIENT_SECRET") is not None:
+    if needKeycloakAdmin or is_secret_defined("KEYCLOAK_CLIENT_SECRET") is not None:
         keycloak_client_secret = get_secret_or_die("KEYCLOAK_CLIENT_SECRET")
         keycloak_admin_uri = os.environ.get("KECLOAK_ADMIN_URI", "http://keycloak:8080/admin/realms/orthanc/")
         keycloak_admin_client = KeycloakAdmin(keycloak_uri=keycloak_uri,