Merge branch 'master' into feature/485-tokenauth-setup-config

maykinmedia · Dec 16, 2024 · 6af7c09 · 6af7c09
2 parents 7c3bf67 + c855991
commit 6af7c09
Show file tree

Hide file tree

Showing 17 changed files with 462 additions and 50 deletions.
diff --git a/bin/setup_configuration.sh b/bin/setup_configuration.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# setup initial configuration using an yaml file
+# setup initial configuration using a yaml file
 # Run this script from the root of the repository
 
 set -e

diff --git a/docker/setup_configuration/data.yaml b/docker/setup_configuration/data.yaml
@@ -24,3 +24,42 @@ zgw_consumers:
     api_connection_check_path: objecttypes
     api_type: orc
     auth_type: api_key
+    header_key: Authorization
+    header_value: Token b9f100590925b529664ed9d370f5f8da124b2c20
+
+  - identifier: notifications-api
+    label: Notificaties API
+    api_root: http://notificaties.local/api/v1/
+    api_connection_check_path: notificaties
+    api_type: nrc
+    auth_type: api_key
+    header_key: Authorization
+    header_value: Token ba9d233e95e04c4a8a661a27daffe7c9bd019067
+
+notifications_config_enable: true
+notifications_config:
+  notifications_api_service_identifier: notifications-api
+  notification_delivery_max_retries: 1
+  notification_delivery_retry_backoff: 2
+  notification_delivery_retry_backoff_max: 3
+
+objecttypes_config_enable: true
+objecttypes:
+  items:
+    - uuid: b427ef84-189d-43aa-9efd-7bb2c459e281
+      name: Object Type 1
+      service_identifier: objecttypes-api
+
+oidc_db_config_enable: true
+oidc_db_config_admin_auth:
+  items:
+    - identifier: admin-oidc
+      oidc_rp_client_id: client-id
+      oidc_rp_client_secret: secret
+      endpoint_config:
+        oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
+        oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
+        oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo
+
+      # workaround for https://github.com/maykinmedia/django-setup-configuration/issues/27
+      userinfo_claims_source: id_token
diff --git a/docs/installation/config_cli.rst b/docs/installation/config_cli.rst
@@ -26,32 +26,56 @@ Preparation
 The command executes the list of pluggable configuration steps, and each step
 requires specific configuration information, that should be prepared.
 Here is the description of all available configuration steps and the configuration
-format, used by each step.
+format, use by each step.
 
 Objects API
 ===========
 
-Sites configuration
--------------------
+Objecttypes configuration
+-------------------------
 
-Create or update a (single) YAML configuration file with your settings:
+To configure objecttypes the following configuration could be used:
 
 .. code-block:: yaml
    ...
-    sites_config_enable: true
-    sites_config:
-      items:
-        - domain: example.com
-          name: Example site
-
-        - domain: test.example.com
-          name: Test site
+   zgw_consumers_config_enable: true
+   zgw_consumers:
+   services:
+     - identifier: objecttypen-foo
+       label: Objecttypen API Foo
+       api_root: http://objecttypen.foo/api/v1/
+       api_type: orc
+       auth_type: api_key
+       header_key: Authorization
+       header_value: Token ba9d233e95e04c4a8a661a27daffe7c9bd019067
+
+     - identifier: objecttypen-bar
+       label: Objecttypen API Bar
+       api_root: http://objecttypen.bar/api/v1/
+       api_type: orc
+       auth_type: api_key
+       header_key: Authorization
+       header_value: Token b9f100590925b529664ed9d370f5f8da124b2c20
+
+   objecttypes_config_enable: true
+   objecttypes:
+     items:
+       - uuid: b427ef84-189d-43aa-9efd-7bb2c459e281
+         name: Object Type 1
+         service_identifier: objecttypen-foo
+
+       - uuid: b0e8553f-8b1a-4d55-ab90-6d02f1bcf2c2
+         name: Object Type 2
+         service_identifier: objecttypen-bar
    ...
+.. note:: The ``uuid`` field will be used to lookup existing ``ObjectType``'s.
 
-.. note:: The ``domain`` field will be used to lookup existing ``Site``'s.
+Objecttypes require a corresponding ``Service`` to work correctly. Creating
+these ``Service``'s can be done by defining these in the same yaml file. ``Service``
+instances will be created before the ``ObjectType``'s are created.
 
 Objecttypes connection configuration
--------------------------
+------------------------------------
 
 In order to be able to retrieve objecttypes, a corresponding ``Service`` should be
 created. An example of a configuration could be seen below:
@@ -68,46 +92,86 @@ created. An example of a configuration could be seen below:
         api_connection_check_path: objecttypes
         api_type: orc
         auth_type: api_key
+        header_key: Authorization
+        header_value: Token ba9d233e95e04c4a8a661a27daffe7c9bd019067
       - identifier: objecttypes-api-2
         label: Objecttypes API 2
         api_root: http://objecttypes-2.local/api/v1/
         api_connection_check_path: objecttypes
         api_type: orc
         auth_type: api_key
+        header_key: Authorization
+        header_value: Token b9f100590925b529664ed9d370f5f8da124b2c20
    ....
 
-TokenAuth configuration
+Tokens configuration
+--------------------
+
+Mozilla-django-oidc-db
+----------------------
+
+Create or update the (single) YAML configuration file with your settings:
+
+.. code-block:: yaml
+
+   ...
+    oidc_db_config_enable: true
+    oidc_db_config_admin_auth:
+    items:
+      - identifier: admin-oidc
+        oidc_rp_client_id: client-id
+        oidc_rp_client_secret: secret
+        endpoint_config:
+          oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
+          oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
+          oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo
+
+      # workaround for https://github.com/maykinmedia/django-setup-configuration/issues/27
+      userinfo_claims_source: id_token
+   ...
+
+More details about configuring mozilla-django-oidc-db through ``setup_configuration``
+can be found at the _`documentation`: https://mozilla-django-oidc-db.readthedocs.io/en/latest/setup_configuration.html.
+
+Sites configuration
+-------------------
+
+Notifications configuration
 -------------------------
 
-Create or update a (single) YAML configuration file with your settings:
+To configure sending notifications for the application ensure there is a ``services``
+item present that matches the ``notifications_api_service_identifier`` in the
+``notifications_config`` namespace:
 
 .. code-block:: yaml
-    token_tokenauth_config_enable: true
-    token_tokenauth:
-      items:
-        - identifier: token-1
-          token: 18b2b74ef994314b84021d47b9422e82b685d82f
-          contact_person: Person 1
-          email: [email protected]
-          organization: Organization XYZ
-          application: Application XYZ
-          administration: Administration XYZ
-        
-        - identifier: token-2
-          token: e882642bd0ec2482adcdc97258c2e6f98cb06d85
-          contact_person: Person 2
-          email: [email protected]
    ...
 
+    zgw_consumers_config_enable: true
+    zgw_consumers:
+      services:
+      - identifier: notifications-api
+        label: Notificaties API
+        api_root: http://notificaties.local/api/v1/
+        api_connection_check_path: notificaties
+        api_type: nrc
+        auth_type: api_key
+
+    notifications_config_enable: true
+    notifications_config:
+      notifications_api_service_identifier: notifications-api
+      notification_delivery_max_retries: 1
+      notification_delivery_retry_backoff: 2
+      notification_delivery_retry_backoff_max: 3
+   ....
+
 
 Execution
 =========
 
 
-With the full command invocation, everything is configured at once.
-Each configuration step is idempotent, so any manual changes made via the admin interface
-will be updated if the command is run afterwards.
+With the full command invocation, everything is configured at once and immediately
+tested.
 
 .. code-block:: bash
 
-    python ./src/manage.py setup_configuration --yaml-file /path/to/config.yaml
+    src/manage.py setup_configuration --yaml-file /path/to/config.yaml
diff --git a/requirements/base.in b/requirements/base.in
@@ -6,6 +6,7 @@ jsonschema
 furl
 
 # Common ground libraries
-notifications-api-common
 django-setup-configuration>=0.4.0
+notifications-api-common[setup-configuration]
 zgw-consumers[setup-configuration]
+mozilla-django-oidc-db[setup-configuration]
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -155,6 +155,8 @@ django-sessionprofile==3.0.0
     # via open-api-framework
 django-setup-configuration==0.4.0
     # via
+    #   mozilla-django-oidc-db
+    #   notifications-api-common
     #   open-api-framework
     #   zgw-consumers
 django-simple-certmanager==1.4.1
@@ -206,6 +208,7 @@ furl==2.1.3
     # via
     #   -r requirements/base.in
     #   ape-pie
+    #   notifications-api-common
 glom==23.5.0
     # via
     #   -r requirements/base.in
@@ -240,9 +243,11 @@ maykin-2fa==1.0.1
     # via open-api-framework
 mozilla-django-oidc==4.0.0
     # via mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
-    # via open-api-framework
-notifications-api-common==0.3.1
+mozilla-django-oidc-db[setup-configuration]==0.21.1
+    # via
+    #   -r requirements/base.in
+    #   open-api-framework
+notifications-api-common[setup-configuration]==0.4.0
     # via
     #   -r requirements/base.in
     #   commonground-api-common

diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -242,6 +242,8 @@ django-sessionprofile==3.0.0
 django-setup-configuration==0.4.0
     # via
     #   -r requirements/base.txt
+    #   mozilla-django-oidc-db
+    #   notifications-api-common
     #   open-api-framework
     #   zgw-consumers
 django-simple-certmanager==1.4.1
@@ -330,6 +332,7 @@ furl==2.1.3
     # via
     #   -r requirements/base.txt
     #   ape-pie
+    #   notifications-api-common
 glom==23.5.0
     # via
     #   -r requirements/base.txt
@@ -396,15 +399,15 @@ mozilla-django-oidc==4.0.0
     # via
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db[setup-configuration]==0.21.1
     # via
     #   -r requirements/base.txt
     #   open-api-framework
 multidict==6.0.5
     # via yarl
 mypy-extensions==1.0.0
     # via black
-notifications-api-common==0.3.1
+notifications-api-common[setup-configuration]==0.4.0
     # via
     #   -r requirements/base.txt
     #   commonground-api-common

diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -257,6 +257,8 @@ django-sessionprofile==3.0.0
 django-setup-configuration==0.4.0
     # via
     #   -r requirements/base.txt
+    #   mozilla-django-oidc-db
+    #   notifications-api-common
     #   open-api-framework
     #   zgw-consumers
 django-simple-certmanager==1.4.1
@@ -351,6 +353,7 @@ furl==2.1.3
     # via
     #   -r requirements/base.txt
     #   ape-pie
+    #   notifications-api-common
 glom==23.5.0
     # via
     #   -r requirements/base.txt
@@ -418,15 +421,15 @@ mozilla-django-oidc==4.0.0
     # via
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db[setup-configuration]==0.21.1
     # via
     #   -r requirements/base.txt
     #   open-api-framework
 multidict==6.0.5
     # via yarl
 mypy-extensions==0.4.3
     # via black
-notifications-api-common==0.3.1
+notifications-api-common[setup-configuration]==0.4.0
     # via
     #   -r requirements/base.txt
     #   commonground-api-common

diff --git a/src/objects/conf/base.py b/src/objects/conf/base.py
@@ -17,8 +17,8 @@
     "rest_framework_gis",
     # Project applications.
     "objects.accounts",
-    "objects.api",
     "objects.setup_configuration",
+    "objects.api",
     "objects.core",
     "objects.token",
     "objects.utils",
@@ -84,7 +84,8 @@
 # Django setup configuration
 #
 SETUP_CONFIGURATION_STEPS = (
-    "objects.setup_configuration.steps.token_auth.TokenAuthConfigurationStep",
-    "zgw_consumers.contrib.setup_configuration.steps.ServiceConfigurationStep"
-    "objects.setup_configuration.steps.sites.SitesConfigurationStep",
+    "zgw_consumers.contrib.setup_configuration.steps.ServiceConfigurationStep",
+    "notifications_api_common.contrib.setup_configuration.steps.NotificationConfigurationStep",
+    "objects.setup_configuration.steps.objecttypes.ObjectTypesConfigurationStep",
+    "mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep",
 )
diff --git a/src/objects/core/models.py b/src/objects/core/models.py
@@ -1,6 +1,6 @@
 import datetime
 import uuid
-from typing import Iterable, Optional
+from typing import Iterable
 
 from django.contrib.gis.db.models import GeometryField
 from django.core.exceptions import ValidationError
@@ -42,7 +42,7 @@ def url(self):
         # zds_client.get_operation_url() can be used here but it increases HTTP overhead
         return f"{self.service.api_root}objecttypes/{self.uuid}"
 
-    def clean_fields(self, exclude: Optional[Iterable[str]] = None) -> None:
+    def clean_fields(self, exclude: Iterable[str] | None = None) -> None:
         super().clean_fields(exclude=exclude)
 
         if exclude and "service" in exclude:

diff --git a/src/objects/core/tests/files/objecttypes_empty_database.yaml b/src/objects/core/tests/files/objecttypes_empty_database.yaml
@@ -0,0 +1,10 @@
+objecttypes_config_enable: true
+objecttypes:
+  items:
+    - uuid: b427ef84-189d-43aa-9efd-7bb2c459e281
+      name: Object Type 1
+      service_identifier: service-1
+
+    - uuid: b0e8553f-8b1a-4d55-ab90-6d02f1bcf2c2
+      name: Object Type 2
+      service_identifier: service-2