update sdk, config files, and compose file

Author: yasithdev

.devcontainer/docker-compose.yml

@@ -121,28 +121,23 @@ services:
       - "20000:20000"
 
   proxy:
-    image: nginx/nginx-ingress
+    image: nginx:stable
     container_name: proxy
     restart: always
-    environment:
-      RESEARCH_PORTAL_ADDR: "http://portals:5173"
-      PHP_PORTAL_ADDR: "http://portals:8008"
-      DJANGO_PORTAL_ADDR: "http://portals:8009"
-      KEYCLOAK_ADDR: "http://keycloak:18080"
     volumes:
-      - ../vault:/vault:ro # requires /vault/server.crt and /vault/server.key for ssl termination
-      - ./proxy/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ../vault/server.key:/vault/server.key:ro
+      - ../vault/server.crt:/vault/server.crt:ro
       - ./proxy/proxy.conf:/etc/nginx/conf.d/proxy.conf:ro
     networks:
       airavata-network:
         ipv4_address: 192.168.100.13
     extra_hosts:
       - "airavata.host:192.168.100.1"
     ports:
-      - "8443:8443" # https keycloak
       - "5173:5173" # https research portal
       - "8008:8008" # https php portal
       - "8009:8009" # https django portal
+      - "8443:8443" # https keycloak
 
   keycloak:
     image: keycloak/keycloak:25.0

.devcontainer/keycloak/keycloak.conf

@@ -1,7 +1,7 @@
 db=dev-mem
 http-enabled=true
 http-port=18080
-https-port=0
+https-port=8443
 hostname-strict=false
 hostname-strict-https=false
 health-enabled=true

.devcontainer/proxy/nginx.conf

@@ -1,61 +1,83 @@
+# research portal (5173)
 server {
-    listen 5173 ssl http2;
-    server_name airavata.host;
+    listen              5173 ssl;
+    if ($scheme != "https") {
+        return 301 https://$host$request_uri;
+    }
+    http2 on;
+    server_name         airavata.host;
     ssl_certificate     /vault/server.crt;
     ssl_certificate_key /vault/server.key;
-    ssl_protocols       TLSv1.2 TLSv1.3;
-    ssl_prefer_server_ciphers on;
-
     location / {
-        proxy_pass         $RESEARCH_PORTAL_ADDR;
-        proxy_set_header   Host              $host;
-        proxy_set_header   X-Real-IP         $remote_addr;
-        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header   X-Forwarded-Proto https;
+        proxy_pass         http://portals:5173;
+        proxy_set_header   Host               $host;
+        proxy_set_header   X-Real-IP          $remote_addr;
+        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto  $scheme;
+        proxy_set_header   X-Forwarded-Port   $server_port;
+        proxy_redirect     default;
     }
 }
 
+# php portal (8008)
 server {
-    listen 8008 ssl http2;
-    server_name airavata.host;
+    listen              8008 ssl;
+    if ($scheme != "https") {
+        return 301 https://$host$request_uri;
+    }
+    http2 on;
+    server_name         airavata.host;
     ssl_certificate     /vault/server.crt;
     ssl_certificate_key /vault/server.key;
-
     location / {
-        proxy_pass         $PHP_PORTAL_ADDR;
-        proxy_set_header   Host              $host;
-        proxy_set_header   X-Real-IP         $remote_addr;
-        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header   X-Forwarded-Proto https;
+        proxy_pass         http://portals:8008;
+        proxy_set_header   Host               $host;
+        proxy_set_header   X-Real-IP          $remote_addr;
+        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto  $scheme;
+        proxy_set_header   X-Forwarded-Port   $server_port;
+        proxy_redirect     default;
     }
 }
 
+# django portal (8009)
 server {
-    listen 8009 ssl http2;
-    server_name airavata.host;
+    listen              8009 ssl;
+    if ($scheme != "https") {
+        return 301 https://$host$request_uri;
+    }
+    http2 on;
+    server_name         airavata.host;
     ssl_certificate     /vault/server.crt;
     ssl_certificate_key /vault/server.key;
-
     location / {
-        proxy_pass         $DJANGO_PORTAL_ADDR;
-        proxy_set_header   Host              $host;
-        proxy_set_header   X-Real-IP         $remote_addr;
-        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header   X-Forwarded-Proto https;
+        proxy_pass         http://portals:8009;
+        proxy_set_header   Host               $host;
+        proxy_set_header   X-Real-IP          $remote_addr;
+        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto  $scheme;
+        proxy_set_header   X-Forwarded-Port   $server_port;
+        proxy_redirect     default;
     }
 }
 
+# keycloak (8443)
 server {
-    listen 8443 ssl http2;
-    server_name airavata.host;
+    listen              8443 ssl;
+    if ($scheme != "https") {
+        return 301 https://$host$request_uri;
+    }
+    http2 on;
+    server_name         airavata.host;
     ssl_certificate     /vault/server.crt;
     ssl_certificate_key /vault/server.key;
-
     location / {
-        proxy_pass         $KEYCLOAK_ADDR;
-        proxy_set_header   Host              $host;
-        proxy_set_header   X-Real-IP         $remote_addr;
-        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header   X-Forwarded-Proto https;
+        proxy_pass         http://keycloak:8443;
+        proxy_set_header   Host               $host;
+        proxy_set_header   X-Real-IP          $remote_addr;
+        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto  $scheme;
+        proxy_set_header   X-Forwarded-Port   $server_port;
+        proxy_redirect     default;
     }
 }

.devcontainer/proxy/proxy.conf

@@ -206,7 +206,7 @@ distribution
     ├── airavata.jks
     ├── application-agent-service.yml
     ├── application-research-service.yml
-    ├── client_truststore.jks
+    ├── client_truststore.p12
     ├── email-config.yaml
     └── log4j2.xml
 
@@ -216,7 +216,7 @@ distribution
 **What's in the vault?**
 
 * `airavata_sym.jks`, `airavata.jks` - contains the keys used to secure SSH credentials, etc.
-* `client_truststore.jks` - contains the certificates (e.g., certbot fullchain.pem) used to secure network connections (TLS).
+* `client_truststore.p12` - contains the certificates (e.g., certbot fullchain.pem) used to secure network connections (TLS).
 * `email-config.yaml` - contains the email addresses observed by the email monitor.
 * `airavata-server.properties` - config file for the airavata api server.
 * `application-agent-service.yml` - config file for the airavata agent service.

README.md

@@ -6,13 +6,16 @@
 
 # Load environment variables from .env file
 
-class DeviceFlowAuthenticator:
-    def __init__(self):
-        self.client_id = "cybershuttle-agent"
-        self.realm = "default"
-        self.auth_server_url = "https://auth.cybershuttle.org"
+class AuthContext:
+    
+    client_id: str = "cybershuttle-agent"
+    realm: str = "default"
+    auth_server_url: str = "https://auth.cybershuttle.org"
+    api_host: str = "https://api.gateway.cybershuttle.org"
+    file_server_url: str = "http://api.gateway.cybershuttle.org:8050"
 
-        if not self.client_id or not self.realm or not self.auth_server_url:
+    def __init__(self):
+        if not AuthContext.client_id or not AuthContext.realm or not AuthContext.auth_server_url:
             raise ValueError("Missing required environment variables for client ID, realm, or auth server URL")
 
         self.device_code = None
@@ -21,8 +24,8 @@ def __init__(self):
 
     def login(self):
         # Step 1: Request device and user code
-        auth_device_url = f"{self.auth_server_url}/realms/{self.realm}/protocol/openid-connect/auth/device"
-        response = requests.post(auth_device_url, data={"client_id": self.client_id, "scope": "openid"})
+        auth_device_url = f"{AuthContext.auth_server_url}/realms/{AuthContext.realm}/protocol/openid-connect/auth/device"
+        response = requests.post(auth_device_url, data={"client_id": AuthContext.client_id, "scope": "openid"})
 
         if response.status_code != 200:
             print(f"Error in authentication request: {response.status_code} - {response.text}", flush=True)
@@ -37,12 +40,12 @@ def login(self):
 
     def poll_for_token(self, url):
         assert self.interval is not None
-        token_url = f"{self.auth_server_url}/realms/{self.realm}/protocol/openid-connect/token"
+        token_url = f"{AuthContext.auth_server_url}/realms/{AuthContext.realm}/protocol/openid-connect/token"
         counter = 0
         with self.console.status(f"Authenticate via link: [link={url}]{url}[/link]", refresh_per_second=1) as status:
             while True:
                 response = requests.post(token_url, data={
-                    "client_id": self.client_id,
+                    "client_id": AuthContext.client_id,
                     "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
                     "device_code": self.device_code
                 })

…dk/airavata_jupyter_magic/device_auth.py …-python-sdk/airavata_auth/device_auth.pydev-tools/airavata-python-sdk/airavata_jupyter_magic/device_auth.py renamed to dev-tools/airavata-python-sdk/airavata_auth/device_auth.py dev-tools/airavata-python-sdk/airavata_jupyter_magic/device_auth.py renamed to dev-tools/airavata-python-sdk/airavata_auth/device_auth.py

@@ -17,11 +17,17 @@
 from __future__ import annotations
 
 from . import base, plan
-from .auth import login, logout
+from airavata_auth.device_auth import AuthContext
 from .runtime import list_runtimes, Runtime
 from typing import Any
 
-__all__ = ["login", "logout", "list_runtimes", "base", "plan"]
+
+context = AuthContext()
+
+def login():
+  context.login()
+
+__all__ = ["list_runtimes", "base", "plan", "login"]
 
 
 def display_runtimes(runtimes: list[Runtime]) -> None: