✨[maykinmedia/open-api-framework#23] add Mozilla OIDC setup configura…

…iton
maykinmedia · Jan 10, 2025 · faf8ab1 · faf8ab1
1 parent 0309789
commit faf8ab1
Show file tree

Hide file tree

Showing 7 changed files with 167 additions and 9 deletions.
diff --git a/docker/setup_configuration/data.yaml b/docker/setup_configuration/data.yaml
@@ -0,0 +1,10 @@
+oidc_db_config_enable: true
+oidc_db_config_admin_auth:
+  items:
+    - identifier: admin-oidc
+      oidc_rp_client_id: client-id
+      oidc_rp_client_secret: secret
+      endpoint_config:
+        oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
+        oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
+        oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo
diff --git a/docs/installation/setup_configuraiton.rst b/docs/installation/setup_configuraiton.rst
@@ -0,0 +1,69 @@
+.. _installation_configuration_cli:
+
+=====================================
+Referentielijsten configuration (CLI)
+=====================================
+
+After deploying Referentielijsten, it needs to be configured to be fully functional.
+The django management command ``setup_configuration`` assist with this configuration.
+You can get the full command documentation with:
+
+.. code-block:: bash
+
+    python ./src/manage.py setup_configuration --help
+
+.. warning:: This command is declarative - if configuration is manually changed after
+   running the command and you then run the exact same command again, the manual
+   changes will be reverted.
+
+Preparation
+===========
+
+The command executes the list of pluggable configuration steps, and each step
+requires specific configuration information, that should be prepared.
+Here is the description of all available configuration steps and the configuration
+format, used by each step.
+
+Token configuration
+----------------------
+
+Create a (single) YAML configuration file with your settings:
+
+
+Mozilla-django-oidc-db
+----------------------
+
+Create or update the (single) YAML configuration file with your settings:
+
+.. code-block:: yaml
+
+   ...
+    oidc_db_config_enable: true
+    oidc_db_config_admin_auth:
+    items:
+      - identifier: admin-oidc
+        oidc_rp_client_id: client-id
+        oidc_rp_client_secret: secret
+        endpoint_config:
+          oidc_op_discovery_endpoint: https://keycloak.local/protocol/openid-connect/
+   ...
+
+More details about configuring mozilla-django-oidc-db through ``setup_configuration``
+can be found at the _`documentation`: https://mozilla-django-oidc-db.readthedocs.io/en/latest/setup_configuration.html.
+
+Execution
+=========
+
+Referentielijsten configuration
+-------------------------------
+
+With the full command invocation, everything is configured at once. Each configuration step
+is idempotent, so any manual changes made via the admin interface will be updated if the command
+is run afterwards.
+
+.. code-block:: bash
+
+    python ./src/manage.py setup_configuration --yaml-file /path/to/config.yaml
+
+.. note:: Due to a cache-bug in the underlying framework, you need to restart all
+   replicas for part of this change to take effect everywhere.
diff --git a/requirements/base.in b/requirements/base.in
@@ -1,3 +1,5 @@
 open-api-framework
 
 django-import-export[xlsx]
+
+mozilla-django-oidc-db[setup_configuration]
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -2,6 +2,8 @@
 #    ./bin/compile_dependencies.sh
 amqp==5.2.0
     # via kombu
+annotated-types==0.7.0
+    # via pydantic
 ape-pie==0.2.0
     # via
     #   commonground-api-common
@@ -152,8 +154,10 @@ django-sendfile2==0.7.1
     # via django-privates
 django-sessionprofile==3.0.0
     # via open-api-framework
-django-setup-configuration==0.3.0
-    # via open-api-framework
+django-setup-configuration==0.5.0
+    # via
+    #   mozilla-django-oidc-db
+    #   open-api-framework
 django-simple-certmanager==2.3.0
     # via zgw-consumers
 django-solo==2.3.0
@@ -235,8 +239,10 @@ maykin-2fa==1.0.1
     # via open-api-framework
 mozilla-django-oidc==4.0.1
     # via mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
-    # via open-api-framework
+mozilla-django-oidc-db==0.21.1
+    # via
+    #   -r requirements/base.in
+    #   open-api-framework
 notifications-api-common==0.3.1
     # via commonground-api-common
 open-api-framework==0.9.2
@@ -259,6 +265,14 @@ psycopg2==2.9.9
     # via open-api-framework
 pycparser==2.22
     # via cffi
+pydantic==2.10.5
+    # via
+    #   django-setup-configuration
+    #   pydantic-settings
+pydantic-core==2.27.2
+    # via pydantic
+pydantic-settings==2.7.1
+    # via django-setup-configuration
 pyjwt==2.8.0
     # via
     #   commonground-api-common
@@ -276,7 +290,9 @@ python-dateutil==2.9.0.post0
 python-decouple==3.8
     # via open-api-framework
 python-dotenv==1.0.1
-    # via open-api-framework
+    # via
+    #   open-api-framework
+    #   pydantic-settings
 pytz==2024.1
     # via
     #   drf-yasg
@@ -286,6 +302,7 @@ pyyaml==6.0.1
     #   drf-spectacular
     #   drf-yasg
     #   oyaml
+    #   pydantic-settings
 qrcode==7.4.2
     # via django-two-factor-auth
 redis==5.0.8
@@ -328,6 +345,8 @@ tornado==6.4.2
 typing-extensions==4.12.2
     # via
     #   mozilla-django-oidc-db
+    #   pydantic
+    #   pydantic-core
     #   qrcode
     #   zgw-consumers
 tzdata==2024.1

diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -7,6 +7,11 @@ amqp==5.2.0
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   kombu
+annotated-types==0.7.0
+    # via
+    #   -c requirements/base.txt
+    #   -r requirements/base.txt
+    #   pydantic
 ape-pie==0.2.0
     # via
     #   -c requirements/base.txt
@@ -287,7 +292,7 @@ django-sessionprofile==3.0.0
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   open-api-framework
-django-setup-configuration==0.3.0
+django-setup-configuration==0.5.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -491,7 +496,7 @@ mozilla-django-oidc==4.0.1
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db==0.21.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -564,6 +569,22 @@ pycparser==2.22
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   cffi
+pydantic==2.10.5
+    # via
+    #   -c requirements/base.txt
+    #   -r requirements/base.txt
+    #   django-setup-configuration
+    #   pydantic-settings
+pydantic-core==2.27.2
+    # via
+    #   -c requirements/base.txt
+    #   -r requirements/base.txt
+    #   pydantic
+pydantic-settings==2.7.1
+    # via
+    #   -c requirements/base.txt
+    #   -r requirements/base.txt
+    #   django-setup-configuration
 pyflakes==3.2.0
     # via flake8
 pygments==2.18.0
@@ -607,6 +628,7 @@ python-dotenv==1.0.1
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   open-api-framework
+    #   pydantic-settings
 pytz==2024.1
     # via
     #   -c requirements/base.txt
@@ -620,6 +642,7 @@ pyyaml==6.0.1
     #   drf-spectacular
     #   drf-yasg
     #   oyaml
+    #   pydantic-settings
     #   vcrpy
 qrcode==7.4.2
     # via
@@ -724,6 +747,8 @@ typing-extensions==4.12.2
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
+    #   pydantic
+    #   pydantic-core
     #   qrcode
     #   zgw-consumers
 tzdata==2024.1

diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -10,6 +10,11 @@ amqp==5.2.0
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   kombu
+annotated-types==0.7.0
+    # via
+    #   -c requirements/ci.txt
+    #   -r requirements/ci.txt
+    #   pydantic
 ape-pie==0.2.0
     # via
     #   -c requirements/ci.txt
@@ -314,7 +319,7 @@ django-sessionprofile==3.0.0
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   open-api-framework
-django-setup-configuration==0.3.0
+django-setup-configuration==0.5.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -549,7 +554,7 @@ mozilla-django-oidc==4.0.1
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db==0.21.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -645,6 +650,22 @@ pycparser==2.22
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   cffi
+pydantic==2.10.5
+    # via
+    #   -c requirements/ci.txt
+    #   -r requirements/ci.txt
+    #   django-setup-configuration
+    #   pydantic-settings
+pydantic-core==2.27.2
+    # via
+    #   -c requirements/ci.txt
+    #   -r requirements/ci.txt
+    #   pydantic
+pydantic-settings==2.7.1
+    # via
+    #   -c requirements/ci.txt
+    #   -r requirements/ci.txt
+    #   django-setup-configuration
 pyflakes==3.2.0
     # via
     #   -c requirements/ci.txt
@@ -702,6 +723,7 @@ python-dotenv==1.0.1
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   open-api-framework
+    #   pydantic-settings
 pytz==2024.1
     # via
     #   -c requirements/ci.txt
@@ -715,6 +737,7 @@ pyyaml==6.0.1
     #   drf-spectacular
     #   drf-yasg
     #   oyaml
+    #   pydantic-settings
     #   vcrpy
 qrcode==7.4.2
     # via
@@ -855,6 +878,8 @@ typing-extensions==4.12.2
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   mozilla-django-oidc-db
+    #   pydantic
+    #   pydantic-core
     #   qrcode
     #   zgw-consumers
 tzdata==2024.1

diff --git a/src/referentielijsten/conf/base.py b/src/referentielijsten/conf/base.py
@@ -71,3 +71,11 @@
 # django-import-export
 #
 IMPORT_EXPORT_FORMATS = DEFAULT_FORMATS
+
+
+#
+# Django setup configuration
+#
+SETUP_CONFIGURATION_STEPS = (
+    "mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep",
+)