[#293] add support for configuring tokens through django-setup-config…

…uration (#297)

Dockerfile

@@ -57,6 +57,7 @@ WORKDIR /app
 # COPY ./cache /app/cache
 COPY ./bin/docker_start.sh /start.sh
 COPY ./bin/wait_for_db.sh /wait_for_db.sh
+COPY ./bin/setup_configuration.sh /setup_configuration.sh
 COPY ./bin/celery_worker.sh /celery_worker.sh
 COPY ./bin/celery_flower.sh /celery_flower.sh
 

bin/setup_configuration.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# setup initial configuration using environment variables
+# Run this script from the root of the repository
+
+set -e
+
+if [[ "${RUN_SETUP_CONFIG,,}" =~ ^(true|1|yes)$ ]]; then
+    # wait for required services
+    /wait_for_db.sh
+
+    src/manage.py migrate
+    src/manage.py setup_configuration --yaml-file setup_configuration/data.yaml
+fi

docker-compose.yml

@@ -7,7 +7,7 @@ services:
     # See: https://hub.docker.com/_/postgres/
     image: postgres
     environment:
-      - POSTGRES_HOST_AUTH_METHOD=trust
+      POSTGRES_HOST_AUTH_METHOD: trust
     # NOTE: this works for bitnami, not sure if this works for regular
     # postgres image
     volumes:
@@ -17,22 +17,46 @@ services:
   web:
     image: maykinmedia/open-klant:latest
     build: .
-    environment: &web-env
-      - DJANGO_SETTINGS_MODULE=openklant.conf.docker
-      - IS_HTTPS=no
-      - DB_NAME=postgres
-      - DB_USER=postgres
-      - DB_HOST=db
-      - ALLOWED_HOSTS=*
-      - CACHE_DEFAULT=redis:6379/0
-      - CACHE_AXES=redis:6379/0
-      - SUBPATH=${SUBPATH:-/}
-      - SECRET_KEY=${SECRET_KEY:-django-insecure-f8s@b*ds4t84-q_2#c0j0506@!l2q6r5_pq5e!vm^_9c*#^66b}
-      - CELERY_BROKER_URL=redis://redis:6379/0
-      - CELERY_RESULT_BACKEND=redis://redis:6379/0
-      - DISABLE_2FA=true
+    environment: &web_env
+      DJANGO_SETTINGS_MODULE: openklant.conf.docker
+      IS_HTTPS: no
+      DB_NAME: postgres
+      DB_USER: postgres
+      DB_HOST: db
+      ALLOWED_HOSTS: '*'
+      CACHE_DEFAULT: redis:6379/0
+      CACHE_AXES: redis:6379/0
+      SUBPATH: ${SUBPATH:-/}
+      SECRET_KEY: ${SECRET_KEY:-django-insecure-f8s@b*ds4t84-q_2#c0j0506@!l2q6r5_pq5e!vm^_9c*#^66b}
+      CELERY_BROKER_UR: redis://redis:6379/0
+      CELERY_RESULT_BACKEND: redis://redis:6379/0
+      DISABLE_2FA: true
+
+    volumes:
+      - media:/app/media
+      - private_media:/app/private_media
+      - log:/app/log
     ports:
       - 8000:8000
+    depends_on:
+      db:
+        condition: service_started
+      redis:
+        condition: service_started
+      web-init:
+        condition: service_completed_successfully
+
+  web-init:
+    build: .
+    environment:
+      <<: *web_env
+      #
+      # Django-setup-configuration
+      RUN_SETUP_CONFIG: ${RUN_SETUP_CONFIG:-true}
+    command: /setup_configuration.sh
+    volumes:
+      - log:/app/log
+      - ./docker/setup_configuration:/app/setup_configuration
     depends_on:
       - db
       - redis
@@ -43,4 +67,5 @@ services:
 volumes:
   db:
   log:
-
+  media:
+  private_media:

docker/setup_configuration/data.yaml

@@ -0,0 +1,10 @@
+openklant_tokens_config_enable: true
+openklant_tokens:
+  items:
+    - identifier: token-1
+      token: ba9d233e95e04c4a8a661a27daffe7c9bd019067
+      contact_person: Person 1
+      email: [email protected]
+      organization: Organization XYZ
+      application: Application XYZ
+      administration: Administration XYZ

docs/installation/index.rst

@@ -16,3 +16,4 @@ this.
 
    config
    migration
+   setup_configuration

docs/installation/setup_configuration.rst

@@ -0,0 +1,63 @@
+.. _installation_configuration_cli:
+
+==============================
+Open Klant configuration (CLI)
+==============================
+
+After deploying Open Klant, it needs to be configured to be fully functional.
+The django management command ``setup_configuration`` assist with this configuration.
+You can get the full command documentation with:
+
+.. code-block:: bash
+
+    python ./src/manage.py setup_configuration --help
+
+.. warning:: This command is declarative - if configuration is manually changed after
+   running the command and you then run the exact same command again, the manual
+   changes will be reverted.
+
+Preparation
+===========
+
+The command executes the list of pluggable configuration steps, and each step
+requires specific configuration information, that should be prepared.
+Here is the description of all available configuration steps and the configuration
+format, used by each step.
+
+Token configuration
+----------------------
+
+Create a (single) YAML configuration file with your settings:
+
+.. code-block:: yaml
+
+    openklant_tokens_config_enable: true
+    openklant_tokens:
+      group:
+        - identifier: token-1
+          contact_person: Person 1
+          email: [email protected]
+          organization: Organization XYZ # optional
+          application: Application XYZ # optional
+          administration: Administration XYZ # optional
+
+        - identifier: token-2
+          contact_person: Person 2
+          email: [email protected]
+
+Execution
+=========
+
+Open Klant configuration
+------------------------
+
+With the full command invocation, everything is configured at once. Each configuration step
+is idempotent, so any manual changes made via the admin interface will be updated if the command
+is run afterwards.
+
+.. code-block:: bash
+
+    python ./src/manage.py setup_configuration --yaml-file /path/to/config.yaml
+
+.. note:: Due to a cache-bug in the underlying framework, you need to restart all
+   replicas for part of this change to take effect everywhere.

requirements/base.in

@@ -1 +1,3 @@
 open-api-framework
+
+django-setup-configuration

requirements/base.txt

@@ -6,6 +6,8 @@
 #
 amqp==5.2.0
     # via kombu
+annotated-types==0.7.0
+    # via pydantic
 ape-pie==0.2.0
     # via
     #   commonground-api-common
@@ -151,8 +153,10 @@ django-sendfile2==0.7.1
     # via django-privates
 django-sessionprofile==3.0.0
     # via open-api-framework
-django-setup-configuration==0.3.0
-    # via open-api-framework
+django-setup-configuration==0.4.0
+    # via
+    #   -r requirements/base.in
+    #   open-api-framework
 django-simple-certmanager==2.3.0
     # via zgw-consumers
 django-solo==2.3.0
@@ -254,6 +258,14 @@ psycopg2==2.9.9
     # via open-api-framework
 pycparser==2.22
     # via cffi
+pydantic==2.10.2
+    # via
+    #   django-setup-configuration
+    #   pydantic-settings
+pydantic-core==2.27.1
+    # via pydantic
+pydantic-settings[yaml]==2.6.1
+    # via django-setup-configuration
 pyjwt==2.9.0
     # via
     #   commonground-api-common
@@ -271,7 +283,9 @@ python-dateutil==2.9.0.post0
 python-decouple==3.8
     # via open-api-framework
 python-dotenv==1.0.1
-    # via open-api-framework
+    # via
+    #   open-api-framework
+    #   pydantic-settings
 pytz==2024.1
     # via
     #   drf-yasg
@@ -281,6 +295,7 @@ pyyaml==6.0.1
     #   drf-spectacular
     #   drf-yasg
     #   oyaml
+    #   pydantic-settings
 qrcode==7.4.2
     # via django-two-factor-auth
 redis==5.0.8
@@ -321,6 +336,8 @@ tornado==6.4.1
 typing-extensions==4.12.2
     # via
     #   mozilla-django-oidc-db
+    #   pydantic
+    #   pydantic-core
     #   qrcode
     #   zgw-consumers
 tzdata==2024.1

requirements/ci.txt

@@ -10,6 +10,10 @@ amqp==5.2.0
     # via
     #   -r requirements/base.txt
     #   kombu
+annotated-types==0.7.0
+    # via
+    #   -r requirements/base.txt
+    #   pydantic
 ape-pie==0.2.0
     # via
     #   -r requirements/base.txt
@@ -243,7 +247,7 @@ django-sessionprofile==3.0.0
     # via
     #   -r requirements/base.txt
     #   open-api-framework
-django-setup-configuration==0.3.0
+django-setup-configuration==0.4.0
     # via
     #   -r requirements/base.txt
     #   open-api-framework
@@ -479,6 +483,19 @@ pycparser==2.22
     # via
     #   -r requirements/base.txt
     #   cffi
+pydantic==2.10.2
+    # via
+    #   -r requirements/base.txt
+    #   django-setup-configuration
+    #   pydantic-settings
+pydantic-core==2.27.1
+    # via
+    #   -r requirements/base.txt
+    #   pydantic
+pydantic-settings[yaml]==2.6.1
+    # via
+    #   -r requirements/base.txt
+    #   django-setup-configuration
 pyflakes==3.2.0
     # via flake8
 pygments==2.18.0
@@ -520,6 +537,7 @@ python-dotenv==1.0.1
     # via
     #   -r requirements/base.txt
     #   open-api-framework
+    #   pydantic-settings
 pytz==2024.1
     # via
     #   -r requirements/base.txt
@@ -531,6 +549,7 @@ pyyaml==6.0.1
     #   drf-spectacular
     #   drf-yasg
     #   oyaml
+    #   pydantic-settings
     #   vcrpy
 qrcode==7.4.2
     # via
@@ -630,6 +649,8 @@ typing-extensions==4.12.2
     #   -r requirements/base.txt
     #   faker
     #   mozilla-django-oidc-db
+    #   pydantic
+    #   pydantic-core
     #   qrcode
     #   zgw-consumers
 tzdata==2024.1

requirements/dev.txt

@@ -10,6 +10,10 @@ amqp==5.2.0
     # via
     #   -r requirements/base.txt
     #   kombu
+annotated-types==0.7.0
+    # via
+    #   -r requirements/base.txt
+    #   pydantic
 ape-pie==0.2.0
     # via
     #   -r requirements/base.txt
@@ -250,7 +254,7 @@ django-sessionprofile==3.0.0
     # via
     #   -r requirements/base.txt
     #   open-api-framework
-django-setup-configuration==0.3.0
+django-setup-configuration==0.4.0
     # via
     #   -r requirements/base.txt
     #   open-api-framework
@@ -488,6 +492,19 @@ pycparser==2.22
     # via
     #   -r requirements/base.txt
     #   cffi
+pydantic==2.10.2
+    # via
+    #   -r requirements/base.txt
+    #   django-setup-configuration
+    #   pydantic-settings
+pydantic-core==2.27.1
+    # via
+    #   -r requirements/base.txt
+    #   pydantic
+pydantic-settings[yaml]==2.6.1
+    # via
+    #   -r requirements/base.txt
+    #   django-setup-configuration
 pyflakes==3.2.0
     # via flake8
 pygments==2.18.0
@@ -531,6 +548,7 @@ python-dotenv==1.0.1
     # via
     #   -r requirements/base.txt
     #   open-api-framework
+    #   pydantic-settings
 pytz==2024.1
     # via
     #   -r requirements/base.txt
@@ -542,6 +560,7 @@ pyyaml==6.0.1
     #   drf-spectacular
     #   drf-yasg
     #   oyaml
+    #   pydantic-settings
     #   vcrpy
 qrcode==7.4.2
     # via
@@ -643,6 +662,8 @@ typing-extensions==4.12.2
     #   -r requirements/base.txt
     #   faker
     #   mozilla-django-oidc-db
+    #   pydantic
+    #   pydantic-core
     #   qrcode
     #   zgw-consumers
 tzdata==2024.1

src/openklant/components/token/admin.py

@@ -6,7 +6,7 @@
 @admin.register(TokenAuth)
 class TokenAuthAdmin(admin.ModelAdmin):
     list_display = (
-        "token",
+        "identifier",
         "contact_person",
         "organization",
         "administration",