From b92ddbb6ae78f3147de48e18ef3a314d61c80ed5 Mon Sep 17 00:00:00 2001 From: Shaun Turner <77382942+qcaas-nhs-sjt@users.noreply.github.com> Date: Tue, 14 May 2024 14:11:10 +0100 Subject: [PATCH] OHDSI/Atlas#2916 - Improvements to Docker Configurability of Atlas Application (#2917) * OHDSI/Atlas#2916 - added configuration via environment variables to Dockerfile - amended authors list on container metadata - amended envsubst command to include all environment variables - extended config-local.js to include the majority of configuration options available in app.js - Added comment to app.js to remind future contributors to add configuration to Dockerfile and config-local.js * OHDSI/Atlas#2916 - amended variables that exist to match those on Broadsea implementation --- .github/workflows/ci.yaml | 2 +- Dockerfile | 104 ++++++++++++++++++++++++++- docker/30-atlas-env-subst.sh | 2 +- docker/config-local.js | 136 +++++++++++++++++++++++++++++++++-- js/config/app.js | 3 + 5 files changed, 237 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e046c2865..80179bbfa 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -92,7 +92,7 @@ jobs: labels: | ${{ steps.docker_meta.outputs.labels }} maintainer=Joris Borgdorff , Lee Evans - www.ltscomputingllc.com - org.opencontainers.image.authors=Joris Borgdorff , Lee Evans - www.ltscomputingllc.com + org.opencontainers.image.authors=Joris Borgdorff , Lee Evans - www.ltscomputingllc.com, Shaun Turner org.opencontainers.image.vendor=OHDSI # If the image was pushed, we need to pull it again to inspect it diff --git a/Dockerfile b/Dockerfile index 8179d6f65..7a606e82a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN find . -type f "(" \ FROM docker.io/nginxinc/nginx-unprivileged:1.23.3-alpine@sha256:c748ba587e7436aaa8729b64d4e0412410a486f0c592f0eec100fb3804ff9afd LABEL org.opencontainers.image.title="OHDSI-Atlas" -LABEL org.opencontainers.image.authors="Joris Borgdorff , Lee Evans - www.ltscomputingllc.com" +LABEL org.opencontainers.image.authors="Joris Borgdorff , Lee Evans - www.ltscomputingllc.com, Shaun Turner" LABEL org.opencontainers.image.description="ATLAS is an open source software tool for researchers to \ conduct scientific analyses on standardized observational data" LABEL org.opencontainers.image.licenses="Apache-2.0" @@ -37,8 +37,106 @@ LABEL org.opencontainers.image.vendor="OHDSI" LABEL org.opencontainers.image.source="https://github.com/OHDSI/Atlas" # URL where WebAPI can be queried by the client -ENV WEBAPI_URL=http://localhost:8080/WebAPI/ \ - CONFIG_PATH=/etc/atlas/config-local.js +ENV USE_DYNAMIC_WEBAPI_URL="false" +ENV DYNAMIC_WEBAPI_SUFFIX="/WebAPI/" +ENV WEBAPI_URL="http://localhost:8080/WebAPI/" +ENV CONFIG_PATH="/etc/atlas/config-local.js" +ENV ATLAS_INSTANCE_NAME="OHDSI" +ENV ATLAS_COHORT_COMPARISON_RESULTS_ENABLED="false" +ENV ATLAS_USER_AUTH_ENABLED="false" +ENV ATLAS_PLP_RESULTS_ENABLED="false" +ENV ATLAS_CLEAR_LOCAL_STORAGE="false" +ENV ATLAS_DISABLE_BROWSER_CHECK="false" +ENV ATLAS_ENABLE_PERMISSIONS_MGMT="true" +ENV ATLAS_CACHE_SOURCES="false" +ENV ATLAS_POLL_INTERVAL="60000" +ENV ATLAS_SKIP_LOGIN="false" +ENV ATLAS_USE_EXECUTION_ENGINE="false" +ENV ATLAS_VIEW_PROFILE_DATES="false" +ENV ATLAS_ENABLE_COSTS="false" +ENV ATLAS_SUPPORT_URL="https://github.com/ohdsi/atlas/issues" +ENV ATLAS_SUPPORT_MAIL="atlasadmin@your.org" +ENV ATLAS_FEEDBACK_CONTACTS="For access or questions concerning the Atlas application please contact:" +ENV ATLAS_FEEDBACK_HTML="" +ENV ATLAS_COMPANYINFO_HTML="" +ENV ATLAS_COMPANYINFO_SHOW="true" +ENV ATLAS_DEFAULT_LOCALE="en" + +ENV ATLAS_SECURITY_WIN_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_WIN_PROVIDER_NAME="Windows" +ENV ATLAS_SECURITY_WIN_PROVIDER_URL="user/login/windows" +ENV ATLAS_SECURITY_WIN_PROVIDER_AJAX="true" +ENV ATLAS_SECURITY_WIN_PROVIDER_ICON="fab fa-windows" + +ENV ATLAS_SECURITY_KERB_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_KERB_PROVIDER_NAME="Kerberos" +ENV ATLAS_SECURITY_KERB_PROVIDER_URL="user/login/kerberos" +ENV ATLAS_SECURITY_KERB_PROVIDER_AJAX="true" +ENV ATLAS_SECURITY_KERB_PROVIDER_ICON="fab fa-windows" + +ENV ATLAS_SECURITY_OID_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_OID_PROVIDER_NAME="OpenID Connect" +ENV ATLAS_SECURITY_OID_PROVIDER_URL="user/login/openid" +ENV ATLAS_SECURITY_OID_PROVIDER_AJAX="false" +ENV ATLAS_SECURITY_OID_PROVIDER_ICON="fa fa-openid" + +ENV ATLAS_SECURITY_GGL_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_GGL_PROVIDER_NAME="Google" +ENV ATLAS_SECURITY_GGL_PROVIDER_URL="user/oauth/google" +ENV ATLAS_SECURITY_GGL_PROVIDER_AJAX="false" +ENV ATLAS_SECURITY_GGL_PROVIDER_ICON="fab fa-google" + +ENV ATLAS_SECURITY_FB_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_FB_PROVIDER_NAME="Facebook" +ENV ATLAS_SECURITY_FB_PROVIDER_URL="user/oauth/facebook" +ENV ATLAS_SECURITY_FB_PROVIDER_AJAX="false" +ENV ATLAS_SECURITY_FB_PROVIDER_ICON="fab fa-facebook-f" + +ENV ATLAS_SECURITY_GH_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_GH_PROVIDER_NAME="Github" +ENV ATLAS_SECURITY_GH_PROVIDER_URL="user/oauth/github" +ENV ATLAS_SECURITY_GH_PROVIDER_AJAX="false" +ENV ATLAS_SECURITY_GH_PROVIDER_ICON="fab fa-github" + +ENV ATLAS_SECURITY_DB_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_DB_PROVIDER_NAME="DB" +ENV ATLAS_SECURITY_DB_PROVIDER_URL="user/login/db" +ENV ATLAS_SECURITY_DB_PROVIDER_AJAX="true" +ENV ATLAS_SECURITY_DB_PROVIDER_ICON="fa fa-database" +ENV ATLAS_SECURITY_DB_PROVIDER_CREDFORM="true" + +ENV ATLAS_SECURITY_LDAP_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_LDAP_PROVIDER_NAME="LDAP" +ENV ATLAS_SECURITY_LDAP_PROVIDER_URL="user/login/ldap" +ENV ATLAS_SECURITY_LDAP_PROVIDER_AJAX="true" +ENV ATLAS_SECURITY_LDAP_PROVIDER_ICON="fa fa-cubes" +ENV ATLAS_SECURITY_LDAP_PROVIDER_CREDFORM="true" + +ENV ATLAS_SECURITY_SAML_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_SAML_PROVIDER_NAME="SAML" +ENV ATLAS_SECURITY_SAML_PROVIDER_URL="user/login/saml" +ENV ATLAS_SECURITY_SAML_PROVIDER_AJAX="false" +ENV ATLAS_SECURITY_SAML_PROVIDER_ICON="fab fa-openid" + +ENV ATLAS_SECURITY_AD_PROVIDER_ENABLED="false" +ENV ATLAS_SECURITY_AD_PROVIDER_NAME="Active Directory LDAP" +ENV ATLAS_SECURITY_AD_PROVIDER_URL="user/login/ad" +ENV ATLAS_SECURITY_AD_PROVIDER_AJAX="true" +ENV ATLAS_SECURITY_AD_PROVIDER_ICON="fa fa-cubes" +ENV ATLAS_SECURITY_AD_PROVIDER_CREDFORM="true" + +# for existing broadsea implementations +ENV ATLAS_SECURITY_PROVIDER_ENABLED="true" +ENV ATLAS_SECURITY_PROVIDER_NAME="none" +ENV ATLAS_SECURITY_PROVIDER_TYPE="none" +ENV ATLAS_SECURITY_USE_AJAX="false" +ENV ATLAS_SECURITY_PROVIDER_ICON="fa-cubes" +ENV ATLAS_SECURITY_USE_FORM="false" + +ENV ATLAS_ENABLE_TANDCS="true" +ENV ATLAS_ENABLE_PERSONCOUNT="true" +ENV ATLAS_ENABLE_TAGGING_SECTION="false" +ENV ATLAS_REFRESH_TOKEN_THRESHOLD="240" # Configure webserver COPY ./docker/nginx-default.conf /etc/nginx/conf.d/default.conf diff --git a/docker/30-atlas-env-subst.sh b/docker/30-atlas-env-subst.sh index 77e079129..f4030d3a6 100755 --- a/docker/30-atlas-env-subst.sh +++ b/docker/30-atlas-env-subst.sh @@ -26,7 +26,7 @@ if [ -n "${WEBAPI_URL}" ]; then TFILE=`mktemp` trap "rm -f $TFILE" 0 1 2 3 15 # Don't copy but rewrite so that permissions are not changed. - envsubst '$WEBAPI_URL' < "$CONFIG_TARGET_PATH" > "$TFILE" + envsubst < "$CONFIG_TARGET_PATH" > "$TFILE" cat "$TFILE" > "$CONFIG_TARGET_PATH" rm -f "$TFILE" fi diff --git a/docker/config-local.js b/docker/config-local.js index 1d99a873f..15f91a278 100644 --- a/docker/config-local.js +++ b/docker/config-local.js @@ -1,15 +1,141 @@ define([], function () { var configLocal = {}; + if ("${ATLAS_CLEAR_LOCAL_STORAGE}" == "true") { + localStorage.clear(); + } + + var webapi_url = "${WEBAPI_URL}"; + + if ("${USE_DYNAMIC_WEBAPI_URL}" == "true") { + var getUrl = window.location; + webapi_url = getUrl.protocol + "//" + getUrl.hostname + "${DYNAMIC_WEBAPI_SUFFIX}"; + } + // WebAPI configLocal.api = { - name: 'OHDSI', - url: '${WEBAPI_URL}' + name: '${ATLAS_INSTANCE_NAME}', + url: webapi_url }; - configLocal.cohortComparisonResultsEnabled = false; - configLocal.userAuthenticationEnabled = false; - configLocal.plpResultsEnabled = false; + configLocal.cohortComparisonResultsEnabled = ("${ATLAS_COHORT_COMPARISON_RESULTS_ENABLED}" == "true"); + configLocal.plpResultsEnabled = ("${ATLAS_PLP_RESULTS_ENABLED}" === "true"); + configLocal.userAuthenticationEnabled = ("${ATLAS_USER_AUTH_ENABLED}" === "true"); + configLocal.authProviders = []; + configLocal.disableBrowserCheck = ("${ATLAS_DISABLE_BROWSER_CHECK}" === "true"); + configLocal.enablePermissionManagement = ("${ATLAS_ENABLE_PERMISSIONS_MGMT}" === "true"); + configLocal.cacheSources = ("${ATLAS_CACHE_SOURCES}" === "true"); + configLocal.enableSkipLogin = ("${ATLAS_SKIP_LOGIN}" === "true"); // automatically opens login window when user is not authenticated + configLocal.useExecutionEngine = ("${ATLAS_USE_EXECUTION_ENGINE}" === "true"); + configLocal.viewProfileDates = ("${ATLAS_VIEW_PROFILE_DATES}" === "true"); + configLocal.enableCosts = ("${ATLAS_ENABLE_COSTS}" === "true"); + configLocal.supportUrl = "${ATLAS_SUPPORT_URL}"; + configLocal.supportMail = "${ATLAS_SUPPORT_MAIL}"; + configLocal.feedbackContacts = "${ATLAS_FEEDBACK_CONTACTS}"; + configLocal.feedbackCustomHtmlTemplate = "${ATLAS_FEEDBACK_HTML}"; + configLocal.companyInfoCustomHtmlTemplate = "${ATLAS_COMPANYINFO_HTML}"; + configLocal.showCompanyInfo = ("${ATLAS_COMPANYINFO_SHOW}" === "true"); + configLocal.defaultLocale = "${ATLAS_DEFAULT_LOCALE}"; + configLocal.pollInterval = parseInt("${ATLAS_POLL_INTERVAL}"); + + + if ("${ATLAS_SECURITY_WIN_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_WIN_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_WIN_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_WIN_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_WIN_PROVIDER_ICON}", + }); + } + + if ("${ATLAS_SECURITY_KERB_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_KERB_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_KERB_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_KERB_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_KERB_PROVIDER_ICON}", + }); + } + + if ("${ATLAS_SECURITY_OID_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_OID_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_OID_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_OID_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_OID_PROVIDER_ICON}", + }); + } + + if ("${ATLAS_SECURITY_GGL_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_GGL_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_GGL_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_GGL_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_GGL_PROVIDER_ICON}", + }); + } + + if ("${ATLAS_SECURITY_FB_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_FB_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_FB_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_FB_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_FB_PROVIDER_ICON}", + }); + } + + if ("${ATLAS_SECURITY_GH_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_GH_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_GH_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_GH_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_GH_PROVIDER_ICON}", + }); + } + + if ("${ATLAS_SECURITY_DB_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_DB_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_DB_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_DB_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_DB_PROVIDER_ICON}", + isUseCredentialsForm: ("${ATLAS_SECURITY_DB_PROVIDER_CREDFORM}" === "true") + }); + } + + if ("${ATLAS_SECURITY_LDAP_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_LDAP_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_LDAP_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_LDAP_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_LDAP_PROVIDER_ICON}", + isUseCredentialsForm: ("${ATLAS_SECURITY_LDAP_PROVIDER_CREDFORM}" === "true") + }); + } + + if ("${ATLAS_SECURITY_SAML_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_SAML_PROVIDER_NAME}", + url: "${ATLAS_SECURITY_SAML_PROVIDER_URL}", + ajax: ("${ATLAS_SECURITY_SAML_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_SAML_PROVIDER_ICON}", + }); + } + + // For existing broadsea implementations + if ("${ATLAS_SECURITY_PROVIDER_ENABLED}" === "true") { + configLocal.authProviders.push(openIdProvider = { + name: "${ATLAS_SECURITY_PROVIDER_NAME}", + url: "user/login/${ATLAS_SECURITY_PROVIDER_TYPE}", + ajax: ("${ATLAS_SECURITY_PROVIDER_AJAX}" === "true"), + icon: "${ATLAS_SECURITY_PROVIDER_ICON}", + }); + } + + configLocal.enableTermsAndConditions = ("${ATLAS_ENABLE_TANDCS}" === "true"); + configLocal.enablePersonCount = ("${ATLAS_ENABLE_PERSONCOUNT}" === "true"); + configLocal.enableTaggingSection = ("${ATLAS_ENABLE_TAGGING_SECTION}" === "true"); + configLocal.refreshTokenThreshold = 1000 * 60 * parseInt("${ATLAS_REFRESH_TOKEN_THRESHOLD}"); return configLocal; }); diff --git a/js/config/app.js b/js/config/app.js index 975941ed6..ec896db1d 100644 --- a/js/config/app.js +++ b/js/config/app.js @@ -1,3 +1,6 @@ +// Please remember to update the environmental variables in the Dockerfile and the docker config-local.js to reflect +// any new settings introduced here + define(function () { var appConfig = {};