Skip to content

Commit

Permalink
added docker superset lts
Browse files Browse the repository at this point in the history
  • Loading branch information
Allan-Nava authored Sep 22, 2023
1 parent 0edad6c commit 3cb9434
Show file tree
Hide file tree
Showing 5 changed files with 249 additions and 0 deletions.
9 changes: 9 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
DB_DIALECT=mysql
DB_USER=superset
DB_PASSWORD=password
DB_HOST=localhost
DB_PORT=3306
DB_NAME=superset
SUPERSET_ENV=production
SUPERSET_SECRET_KEY=key
OIDC_ENABLE="True"
86 changes: 86 additions & 0 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: Docker SuperSet LTS Keycloak
on:
push:
branches:
- main
tags:
- v*
#
jobs:
superset-docker:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3

# Repo metadata
- name: Repo metadata
id: repo
uses: actions/github-script@v4
with:
script: |
const repo = await github.repos.get(context.repo)
return repo.data
# Prepare variables
- name: Prepare
id: prep
run: |
REG=ghcr.io
IMAGE=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')
DOCKER_IMAGE=${REG}/${IMAGE}
VERSION=nool
if [ "${{ github.event_name }}" = "schedule" ]; then
VERSION=nightly
elif [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
VERSION=latest
fi
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.number }}
fi
TAGS="${DOCKER_IMAGE}:${VERSION}"
if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
MINOR=${VERSION%.*}
MAJOR=${MINOR%.*}
TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest"
fi
echo ::set-output name=version::${VERSION}
echo ::set-output name=tags::${TAGS}
echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
# Set up Buildx env
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

# Login
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Build image and push to registry
- name: Build and push
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
push: true
tags: ${{ steps.prep.outputs.tags }}
labels: |
org.opencontainers.image.title=${{ fromJson(steps.repo.outputs.result).name }}
org.opencontainers.image.description=${{ fromJson(steps.repo.outputs.result).description }}
org.opencontainers.image.url=${{ fromJson(steps.repo.outputs.result).html_url }}
org.opencontainers.image.source=${{ fromJson(steps.repo.outputs.result).html_url }}
org.opencontainers.image.version=${{ steps.prep.outputs.version }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ fromJson(steps.repo.outputs.result).license.spdx_id }}
21 changes: 21 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
FROM apache/superset:latest
USER root
RUN pip install mysqlclient itsdangerous==2.0.1 flask-oidc==1.4.0 Flask-OpenID==1.3.0
#
# Add custom superset_config.py file and shell files
COPY superset_config.py /app/
ENV SUPERSET_CONFIG_PATH /app/superset_config.py
#
ADD keycloak_security_manager.py /app/pythonpath
#
#RUN pip install --upgrade pip
#RUN pip uninstall fbprophet pystan
#RUN pip install --upgrade pip setuptools
RUN pip install lunarcalendar==0.0.9 tqdm==4.64.0
RUN pip install cython==0.29.21
RUN pip install "pystan<3.0"
RUN pip install "prophet>=1.0.1,<1.1"
#
CMD ["/bin/sh","-c","/usr/bin/run-server.sh"]
USER superset
#
55 changes: 55 additions & 0 deletions keycloak_security_manager.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
from flask_appbuilder.security.manager import AUTH_OID
from superset.security import SupersetSecurityManager
from flask_oidc import OpenIDConnect
from flask_appbuilder.security.views import AuthOIDView
from flask_login import login_user
from urllib.parse import quote
from flask_appbuilder.views import expose
from flask import request, redirect
#
AUTH_ROLES_SYNC_AT_LOGIN = True
#
class OIDCSecurityManager(SupersetSecurityManager):
#
def __init__(self, appbuilder):
super(OIDCSecurityManager, self).__init__(appbuilder)
if self.auth_type == AUTH_OID:
self.oid = OpenIDConnect(self.appbuilder.get_app)
self.authoidview = AuthOIDCView
#
class AuthOIDCView(AuthOIDView):
#
@expose('/login/', methods=['GET', 'POST'])
def login(self, flag=True):
sm = self.appbuilder.sm
oidc = sm.oid
default_role = "Gamma"
#
@self.appbuilder.sm.oid.require_login
def handle_login():
user = sm.auth_user_oid(oidc.user_getfield('email'))
if user is None:
info = oidc.user_getinfo(['preferred_username', 'given_name', 'family_name', 'email', 'roles'])
roles = info.get('roles', [])
roles += [default_role, ]
user = sm.add_user(info.get('preferred_username'), info.get('given_name', ''), info.get('family_name', ''),
info.get('email'), [sm.find_role(role) for role in roles])
# need to check if is it correct
#setattr(user, "is_active", True)
#
login_user(user, remember=False)
return redirect(self.appbuilder.get_url_for_index)
#
return handle_login()
#
@expose('/logout/', methods=['GET', 'POST'])
def logout(self):
oidc = self.appbuilder.sm.oid
oidc.logout()
super(AuthOIDCView, self).logout()
redirect_url = request.url_root.strip('/')
# redirect_url = request.url_root.strip('/') + self.appbuilder.get_url_for_login
return redirect(
oidc.client_secrets.get('issuer') + '/protocol/openid-connect/logout?redirect_uri=' + quote(redirect_url))
#
#
78 changes: 78 additions & 0 deletions superset_config.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
import os
from typing import Optional
#
def get_env_variable(var_name: str, default: Optional[str] = None) -> str:
"""Get the environment variable or raise exception."""
try:
return os.environ[var_name]
except KeyError:
if default is not None:
return default
else:
error_msg = "The environment variable {} was missing, abort...".format(
var_name
)
raise EnvironmentError(error_msg)
#
#
#
ENABLE_PROXY_FIX = True
DASHBOARD_RBAC = True
FEATURE_FLAGS = {"DASHBOARD_RBAC": True}
#################################
# METADATA DATABASE #
#################################
DATABASE_DIALECT = get_env_variable("DB_DIALECT")
DATABASE_USER = get_env_variable("DB_USER")
DATABASE_PASSWORD = get_env_variable("DB_PASSWORD")
DATABASE_HOST = get_env_variable("DB_HOST")
DATABASE_PORT = get_env_variable("DB_PORT")
DATABASE_DB = get_env_variable("DB_NAME")
#
SQLALCHEMY_DATABASE_URI = "%s://%s:%s@%s:%s/%s?charset=utf8" % (
DATABASE_DIALECT,
DATABASE_USER,
DATABASE_PASSWORD,
DATABASE_HOST,
DATABASE_PORT,
DATABASE_DB,
)
#
SECRET_KEY = get_env_variable("SECRET_KEY", 'secret_key')
#
#---------------------------KEYCLOACK ----------------------------
# See: https://github.com/apache/superset/discussions/13915
# See: https://stackoverflow.com/questions/54010314/using-keycloakopenid-connect-with-apache-superset/54024394#54024394
from keycloak_security_manager import OIDCSecurityManager
from flask_appbuilder.security.manager import AUTH_OID, AUTH_OAUTH
#
OIDC_ENABLE = get_env_variable("OIDC_ENABLE", 'False')
#
if OIDC_ENABLE == 'True':
AUTH_TYPE = AUTH_OID
OIDC_CLIENT_SECRETS = get_env_variable("OIDC_CLIENT_SECRETS", '/app/pythonpath/client_secret.json')
OIDC_ID_TOKEN_COOKIE_SECURE = False
OIDC_REQUIRE_VERIFIED_EMAIL = False
OIDC_OPENID_REALM = get_env_variable("OIDC_OPENID_REALM",'realm')
OIDC_INTROSPECTION_AUTH_METHOD = 'client_secret_post'
CUSTOM_SECURITY_MANAGER = OIDCSecurityManager
AUTH_ROLES_SYNC_AT_LOGIN = True
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = get_env_variable("AUTH_USER_REGISTRATION_ROLE", 'Gamma')
#--------------------------------------------------------------
#
#
SMTP_ENABLE = get_env_variable("SMTP_ENABLE", 'False')
#
#############################################
# EMAIL REPORTS CONFIGURATION #
#############################################
if SMTP_ENABLE == 'True':
SMTP_HOST = get_env_variable("SMTP_HOST")
SMTP_STARTTLS = True
SMTP_SSL = False
SMTP_USER = get_env_variable("SMTP_USER")
SMTP_PORT = get_env_variable("SMTP_PORT")
SMTP_PASSWORD = get_env_variable("SMTP_PASSWORD")
SMTP_MAIL_FROM = get_env_variable("SMTP_MAIL_FROM")
#

0 comments on commit 3cb9434

Please sign in to comment.