livebook-dev/livebook
1
1
Fork 0
mirror of https://github.com/livebook-dev/livebook.git synced 2025-12-17 21:50:25 +08:00
Code Issues Projects Releases Packages Wiki Activity

Adds ZTA support for offline deployment (#2136)

Browse source
This commit is contained in:
Cristine Guadelupe 2023-08-04 00:25:05 +07:00 committed by GitHub
parent 2521e42108
commit 8e26fe6287
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 100 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

94
lib/livebook_web/live/hub/edit/team_component.ex
View file

@ -13,6 +13,7 @@ defmodule LivebookWeb.Hub.Edit.TeamComponent do
show_key? = assigns.params["show-key"] == "true" show_key? = assigns.params["show-key"] == "true"
secrets = Livebook.Hubs.get_secrets(assigns.hub) secrets = Livebook.Hubs.get_secrets(assigns.hub)
secret_name = assigns.params["secret_name"] secret_name = assigns.params["secret_name"]
zta = %{"provider" => "", "key" => ""}
secret_value = secret_value =
if assigns.live_action == :edit_secret do if assigns.live_action == :edit_secret do
@ -27,7 +28,8 @@ defmodule LivebookWeb.Hub.Edit.TeamComponent do
show_key: show_key?, show_key: show_key?,
secret_name: secret_name, secret_name: secret_name,
secret_value: secret_value, secret_value: secret_value,
hub_metadata: Provider.to_metadata(assigns.hub) hub_metadata: Provider.to_metadata(assigns.hub),
zta: zta
) )
|> assign_dockerfile() |> assign_dockerfile()
|> assign_form(changeset)} |> assign_form(changeset)}
@ -136,6 +138,62 @@ defmodule LivebookWeb.Hub.Edit.TeamComponent do
/> />
</div> </div>
<div class="flex flex-col space-y-4">
<h2 class="text-xl text-gray-800 font-medium pb-2 border-b border-gray-200">
Zero Trust Authentication
</h2>
<p class="text-gray-700">
Enables Zero Trust Authentication to be used as the identity provider.
</p>
<.form :let={f} for={@zta} phx-change="change_zta" phx-target={@myself}>
<div class="grid grid-cols-1 md:grid-cols-2 gap-3">
<.select_field
name="provider"
label="Provider"
value={@zta["provider"]}
options={[
{"None", ""},
{"Cloudflare", "cloudflare"},
{"GoogleIAP", "google_iap"}
]}
/>
<span class={[@zta["provider"] == "" && "hidden"]}>
<.text_field
field={f[:key]}
label={"#{if @zta["provider"] == "cloudflare", do: "Team name (domain)", else: "Audience (aud)"}"}
phx-debounce
/>
</span>
</div>
<%= if @zta["provider"] == "cloudflare" do %>
<span>
See the
<a
class="text-blue-800 hover:text-blue-600"
href="https://developers.cloudflare.com/cloudflare-one/"
>
CloudFlare docs
</a>
for more information about Cloudflare Zero Trust.
</span>
<% end %>
<%= if @zta["provider"] == "google_iap" do %>
<span>
See the
<a
class="text-blue-800 hover:text-blue-600"
href="https://cloud.google.com/iap/docs/concepts-overview"
>
Google docs
</a>
for more information about Google Identity-Aware Proxy (IAP).
</span>
<% end %>
</.form>
</div>
<div class="flex flex-col space-y-4"> <div class="flex flex-col space-y-4">
<h2 class="text-xl text-gray-800 font-medium pb-2 border-b border-gray-200"> <h2 class="text-xl text-gray-800 font-medium pb-2 border-b border-gray-200">
Airgapped Deployment Airgapped Deployment
@ -387,6 +445,16 @@ defmodule LivebookWeb.Hub.Edit.TeamComponent do
)} )}
end end
def handle_event("change_zta", %{"provider" => ""}, socket) do
zta = %{"provider" => "", "key" => ""}
{:noreply, assign(socket, zta: zta) |> assign_dockerfile()}
end
def handle_event("change_zta", %{"provider" => provider, "key" => key}, socket) do
zta = %{"provider" => provider, "key" => key}
{:noreply, assign(socket, zta: zta) |> assign_dockerfile()}
end
defp assign_form(socket, %Ecto.Changeset{} = changeset) do defp assign_form(socket, %Ecto.Changeset{} = changeset) do
assign(socket, form: to_form(changeset)) assign(socket, form: to_form(changeset))
end end
@ -395,7 +463,8 @@ defmodule LivebookWeb.Hub.Edit.TeamComponent do
version = to_string(Application.spec(:livebook, :vsn)) version = to_string(Application.spec(:livebook, :vsn))
version = if version =~ "dev", do: "edge", else: version version = if version =~ "dev", do: "edge", else: version
assign(socket, :dockerfile, """ base =
"""
FROM ghcr.io/livebook-dev/livebook:#{version} FROM ghcr.io/livebook-dev/livebook:#{version}
ENV LIVEBOOK_APPS_PATH_HUB_ID "#{socket.assigns.hub.id}" ENV LIVEBOOK_APPS_PATH_HUB_ID "#{socket.assigns.hub.id}"
@ -403,11 +472,20 @@ defmodule LivebookWeb.Hub.Edit.TeamComponent do
ENV LIVEBOOK_TEAMS_OFFLINE_KEY "#{socket.assigns.hub.org_public_key}" ENV LIVEBOOK_TEAMS_OFFLINE_KEY "#{socket.assigns.hub.org_public_key}"
ENV LIVEBOOK_TEAMS_SECRETS "#{encrypt_secrets_to_dockerfile(socket)}" ENV LIVEBOOK_TEAMS_SECRETS "#{encrypt_secrets_to_dockerfile(socket)}"
"""
apps =
"""
COPY /path/to/my/notebooks /apps COPY /path/to/my/notebooks /apps
ENV LIVEBOOK_APPS_PATH "/apps" ENV LIVEBOOK_APPS_PATH "/apps"
ENV LIVEBOOK_APPS_PATH_WARMUP "manual" ENV LIVEBOOK_APPS_PATH_WARMUP "manual"
RUN /app/bin/warmup_apps.sh\ RUN /app/bin/warmup_apps.sh\
""") """
zta = zta_env(socket.assigns.zta)
dockerfile = if zta, do: base <> zta <> apps, else: base <> apps
assign(socket, :dockerfile, dockerfile)
end end
defp encrypt_secrets_to_dockerfile(socket) do defp encrypt_secrets_to_dockerfile(socket) do
@ -422,4 +500,14 @@ defmodule LivebookWeb.Hub.Edit.TeamComponent do
Livebook.Teams.encrypt(stringified_secrets, secret_key, sign_secret) Livebook.Teams.encrypt(stringified_secrets, secret_key, sign_secret)
end end
defp zta_env(%{"provider" => ""}), do: nil
defp zta_env(%{"key" => ""}), do: nil
defp zta_env(%{"provider" => provider, "key" => key}) do
"""
ENV LIVEBOOK_IDENTITY_PROVIDER "#{provider}:#{key}"
"""
end
end end