From 43d21d16aa312161f567cd08fb0bea41b696a294 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Tue, 8 Mar 2022 16:20:52 +0100
Subject: [PATCH] Keycloak auth, more app parameters.

---
 defaults/main.yml                  | 12 ++++++++++--
 templates/shinyproxy-2-conf.yml.j2 | 23 ++++++++++++++++++++---
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 6510037..4d591a8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -69,8 +69,8 @@ shinyproxy_template_path: '{{ shinyproxy_install_dir }}/web_templates'
 
 shinyproxy_app_title: 'Open Analytics Shiny Proxy'
 shinyproxy_logo_url: 'http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png'
-shinyproxy_authentication: ldap
-shinyproxy_ldap_enabled: False
+# ldap, keycloak, none
+shinyproxy_authentication: 'none'
 shinyproxy_basic_auth: 'false'
 shinyproxy_admin_group: ''
 shinyproxy_ldap_server: 'ldap://ldap.forumsys.com:389/dc=example,dc=com'
@@ -84,5 +84,13 @@ shinyproxy_ldap_user_search_filter_enabled: True
 shinyproxy_ldap_user_search_filter: '(uid={0})'
 shinyproxy_ldap_group_search_base: ''
 shinyproxy_ldap_group_search_filter: '(uniqueMember={0})'
+shinyproxy_keycloak_realm: 'realm'
+shinyproxy_keycloak_url: 'http://localhost:8180/auth'
+shinyproxy_keycloak_resource: 'shiny_client'
+shinyproxy_keycloak_secret: 'use a vault file'
+shinyproxy_keycloak_ssl_required: 'external'
+# preferred_username, nickname, email
+shinyproxy_keycloak_name_attribute: 'preferred_username'
+shinyproxy_keycloak_role_mappings: 'false'
 
 shinyproxy_max_log_size: 20MB
diff --git a/templates/shinyproxy-2-conf.yml.j2 b/templates/shinyproxy-2-conf.yml.j2
index 7f70d17..7868b5b 100644
--- a/templates/shinyproxy-2-conf.yml.j2
+++ b/templates/shinyproxy-2-conf.yml.j2
@@ -38,7 +38,7 @@ proxy:
 {% endif %}
   admin-groups: {{ shinyproxy_admin_group }}
   container-backend: {{ shinyproxy_container_backend }}
-{% if shinyproxy_ldap_enabled %}
+{% if shinyproxy_authentication == 'ldap' %}
   # LDAP configuration
   ldap:
     url: {{ shinyproxy_ldap_server }}
@@ -56,6 +56,16 @@ proxy:
     manager-dn: {{ shinyproxy_ldap_admin }}
     manager-password: {{ shinyproxy_ldap_admin_pwd }}
 {% endif %}
+{% if shinyproxy_authentication == 'keycloak' %}
+  keycloak:
+    realm: {{ shinyproxy_keycloak_realm }}
+    auth-server-url: {{ shinyproxy_keycloak_url }}
+    resource: {{ shinyproxy_keycloak_resource }}
+    credentials-secret: {{ shinyproxy_keycloak_secret }}
+    ssl-required: {{ shinyproxy_keycloak_ssl_required }}
+    proxy.keycloak.name-attribute: {{ shinyproxy_keycloak_name_attribute }}
+    use-resource-role-mappings: {{ shinyproxy_keycloak_role_mappings }}
+{% endif %}
 {% if shinyproxy_container_backend == 'docker' or shinyproxy_container_backend == 'docker-swarm' %}
   docker:
     container-memory-request: {{ shinyproxy_docker_memory_request }}
@@ -87,7 +97,7 @@ proxy:
   - id: {{ app.name }}
     display-name: {{ app.display_name }}
     description: {{ app.description }}
-    container-cmd: ["R", "-e {{ app.cmd }}"]
+    {% if app.cmd is defined %}container-cmd: ["R", "-e {{ app.cmd }}"]{% endif %}
     container-image: {{ app.docker_image }}
     container-memory: {{ app.docker_memory | default('2g') }}
 {% if shinyproxy_version is version_compare('2.6.0', '>=') %}
@@ -96,7 +106,14 @@ proxy:
     max-lifetime: {{ app.max_lifetime | default(shinyproxy_default_proxy_max_lifetime) }}
 
 {% endif %}
- 
+
+    {% if app.environment is defined %}
+    container-env:
+    {% for env in app.environment %}
+      {{ env.name }}: {{ env.value }}
+    {% endfor %}
+    {% endif %}
+
 {% if shinyproxy_as_docker_service %}
   {% if shinyproxy_container_backend == 'docker-swarm' %}