Skip to content

Commit

Permalink
Move dashboard-assets to assets
Browse files Browse the repository at this point in the history
  • Loading branch information
enyachoke committed Jun 17, 2024
1 parent 1bd3124 commit 8529105
Show file tree
Hide file tree
Showing 17 changed files with 99 additions and 16 deletions.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
database_name: PostgreSQL
database_name: Analytics
sqlalchemy_uri: postgresql://analytics:{ANALYTICS_DB_PASSWORD}@postgresql:5432/analytics
cache_timeout: null
expose_in_sqllab: true
Expand Down
14 changes: 14 additions & 0 deletions distro/configs/superset/client_secret.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"web": {
"issuer": "${KEYCLOAK_URL}/realms/ozone",
"auth_uri": "${KEYCLOAK_URL}/realms/ozone/protocol/openid-connect/auth",
"client_id": "${SUPERSET_CLIENT_ID}",
"client_secret": "${SUPERSET_CLIENT_SECRET}",
"redirect_urls": [
"${SUPERSET_PUBLIC_URL}/*","http://localhost:8088/*"
],
"userinfo_uri": "${KEYCLOAK_URL}/realms/ozone/protocol/openid-connect/userinfo",
"token_uri": "${KEYCLOAK_URL}/realms/ozone/protocol/openid-connect/token",
"token_introspection_uri": "${KEYCLOAK_URL}/realms/ozone/protocol/openid-connect/token/introspect"
}
}
58 changes: 58 additions & 0 deletions distro/configs/superset/security.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
from flask import redirect, request
from flask_appbuilder.security.manager import AUTH_OID
from superset.security import SupersetSecurityManager
from flask_oidc import OpenIDConnect
from flask_appbuilder.security.views import AuthOIDView
from flask_login import login_user
from urllib.parse import quote
from flask_appbuilder.views import ModelView, SimpleFormView, expose
import logging
logger = logging.getLogger(__name__)

class AuthOIDCView(AuthOIDView):
def add_role_if_missing(self, sm, user_id, role_name):
found_role = sm.find_role(role_name)
session = sm.get_session
user = session.query(sm.user_model).get(user_id)
if found_role and found_role not in user.roles:
user.roles += [found_role]
session.commit()

@expose('/login/', methods=['GET', 'POST'])
def login(self, flag=True):
sm = self.appbuilder.sm
oidc = sm.oid


@self.appbuilder.sm.oid.require_login
def handle_login():
user = sm.auth_user_oid(oidc.user_getfield('email'))
if user is None:
info = oidc.user_getinfo(['preferred_username', 'given_name', 'family_name', 'email','roles'])
user = sm.add_user(info.get('preferred_username'), info.get('given_name'), info.get('family_name'), info.get('email'), sm.find_role('Gamma'))
role_info = oidc.user_getinfo(['roles'])
if role_info is not None:
for role in role_info['roles']:
self.add_role_if_missing(sm, user.id, role)
login_user(user, remember=False)
return redirect(self.appbuilder.get_url_for_index)

return handle_login()

@expose('/logout/', methods=['GET', 'POST'])
def logout(self):

oidc = self.appbuilder.sm.oid

oidc.logout()
super(AuthOIDCView, self).logout()
redirect_url = request.url_root.strip('/') + self.appbuilder.get_url_for_login

return redirect(oidc.client_secrets.get('issuer') + '/protocol/openid-connect/logout?redirect_uri=' + quote(redirect_url))

class OIDCSecurityManager(SupersetSecurityManager):
authoidview = AuthOIDCView
def __init__(self,appbuilder):
super(OIDCSecurityManager, self).__init__(appbuilder)
if self.auth_type == AUTH_OID:
self.oid = OpenIDConnect(self.appbuilder.get_app)
41 changes: 26 additions & 15 deletions distro/configs/superset/superset_config.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import logging
import os
from dotenv import load_dotenv
from cachelib import RedisCache

from cachelib.file import FileSystemCache

logger = logging.getLogger()

def password_from_env(url):
return os.getenv("ANALYTICS_DB_PASSWORD")

SQLALCHEMY_CUSTOM_PASSWORD_STORE = password_from_env

def get_env_variable(var_name, default=None):
"""Get the environment variable or raise exception."""
Expand All @@ -29,8 +35,7 @@ def get_env_variable(var_name, default=None):
DATABASE_PORT = get_env_variable("DATABASE_PORT", 5432)
DATABASE_DB = get_env_variable("DATABASE_DB", "superset")

SQLALCHEMY_TRACK_MODIFICATIONS = get_env_variable(
"SQLALCHEMY_TRACK_MODIFICATIONS", True)
SQLALCHEMY_TRACK_MODIFICATIONS = get_env_variable("SQLALCHEMY_TRACK_MODIFICATIONS", True)
SECRET_KEY = get_env_variable("SECRET_KEY", 'thisISaSECRET_1234')

# The SQLAlchemy connection string.
Expand All @@ -48,19 +53,16 @@ def get_env_variable(var_name, default=None):
REDIS_CELERY_DB = get_env_variable("REDIS_CELERY_DB", 0)
REDIS_RESULTS_DB = get_env_variable("REDIS_CELERY_DB", 1)

RESULTS_BACKEND = RedisCache(
host=REDIS_HOST, port=REDIS_PORT, key_prefix='superset_results')
RESULTS_BACKEND = RedisCache(host=REDIS_HOST, port=REDIS_PORT, key_prefix='superset_results')
# RESULTS_BACKEND = FileSystemCache("/app/superset_home/sqllab")


class CeleryConfig(object):
BROKER_URL = f"redis://{REDIS_HOST}:{REDIS_PORT}/{REDIS_CELERY_DB}"
CELERY_IMPORTS = ("superset.sql_lab",)
CELERY_RESULT_BACKEND = f"redis://{REDIS_HOST}:{REDIS_PORT}/{REDIS_RESULTS_DB}"
CELERY_ANNOTATIONS = {"tasks.add": {"rate_limit": "10/s"}}
CELERY_TASK_PROTOCOL = 1


CACHE_CONFIG = {
'CACHE_TYPE': 'redis',
'CACHE_DEFAULT_TIMEOUT': 300,
Expand Down Expand Up @@ -93,14 +95,6 @@ class CeleryConfig(object):
SQLLAB_CTAS_NO_LIMIT = True
PERMANENT_SESSION_LIFETIME = 86400


def password_from_env(url):
return os.getenv("ANALYTICS_DB_PASSWORD")


SQLALCHEMY_CUSTOM_PASSWORD_STORE = password_from_env


class ReverseProxied(object):

def __init__(self, app):
Expand All @@ -122,4 +116,21 @@ def __call__(self, environ, start_response):

ADDITIONAL_MIDDLEWARE = [ReverseProxied, ]
ENABLE_PROXY_FIX = True
PREVENT_UNSAFE_DB_CONNECTIONS = False
PREVENT_UNSAFE_DB_CONNECTIONS = False
# Enable the security manager API.
FAB_ADD_SECURITY_API = True

if os.getenv("ENABLE_OAUTH"):
from security import OIDCSecurityManager
from flask_appbuilder.security.manager import AUTH_OID
AUTH_TYPE = AUTH_OID
OIDC_ID_TOKEN_COOKIE_SECURE = False
OIDC_REQUIRE_VERIFIED_EMAIL = False
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Gamma'
CUSTOM_SECURITY_MANAGER = OIDCSecurityManager
OIDC_CLIENT_SECRETS = '/etc/superset/client_secret.json'




0 comments on commit 8529105

Please sign in to comment.