From faf8ab1c722420b9d1391d713d3901ebbf0b8531 Mon Sep 17 00:00:00 2001 From: Conor Holden Date: Fri, 10 Jan 2025 12:57:56 +0100 Subject: [PATCH] :sparkles:[maykinmedia/open-api-framework#23] add Mozilla OIDC setup configuraiton --- docker/setup_configuration/data.yaml | 10 ++++ docs/installation/setup_configuraiton.rst | 69 +++++++++++++++++++++++ requirements/base.in | 2 + requirements/base.txt | 29 ++++++++-- requirements/ci.txt | 29 +++++++++- requirements/dev.txt | 29 +++++++++- src/referentielijsten/conf/base.py | 8 +++ 7 files changed, 167 insertions(+), 9 deletions(-) create mode 100644 docker/setup_configuration/data.yaml create mode 100644 docs/installation/setup_configuraiton.rst diff --git a/docker/setup_configuration/data.yaml b/docker/setup_configuration/data.yaml new file mode 100644 index 0000000..cfa4de4 --- /dev/null +++ b/docker/setup_configuration/data.yaml @@ -0,0 +1,10 @@ +oidc_db_config_enable: true +oidc_db_config_admin_auth: + items: + - identifier: admin-oidc + oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo diff --git a/docs/installation/setup_configuraiton.rst b/docs/installation/setup_configuraiton.rst new file mode 100644 index 0000000..7e08337 --- /dev/null +++ b/docs/installation/setup_configuraiton.rst @@ -0,0 +1,69 @@ +.. _installation_configuration_cli: + +===================================== +Referentielijsten configuration (CLI) +===================================== + +After deploying Referentielijsten, it needs to be configured to be fully functional. +The django management command ``setup_configuration`` assist with this configuration. +You can get the full command documentation with: + +.. code-block:: bash + + python ./src/manage.py setup_configuration --help + +.. warning:: This command is declarative - if configuration is manually changed after + running the command and you then run the exact same command again, the manual + changes will be reverted. + +Preparation +=========== + +The command executes the list of pluggable configuration steps, and each step +requires specific configuration information, that should be prepared. +Here is the description of all available configuration steps and the configuration +format, used by each step. + +Token configuration +---------------------- + +Create a (single) YAML configuration file with your settings: + + +Mozilla-django-oidc-db +---------------------- + +Create or update the (single) YAML configuration file with your settings: + +.. code-block:: yaml + + ... + oidc_db_config_enable: true + oidc_db_config_admin_auth: + items: + - identifier: admin-oidc + oidc_rp_client_id: client-id + oidc_rp_client_secret: secret + endpoint_config: + oidc_op_discovery_endpoint: https://keycloak.local/protocol/openid-connect/ + ... + +More details about configuring mozilla-django-oidc-db through ``setup_configuration`` +can be found at the _`documentation`: https://mozilla-django-oidc-db.readthedocs.io/en/latest/setup_configuration.html. + +Execution +========= + +Referentielijsten configuration +------------------------------- + +With the full command invocation, everything is configured at once. Each configuration step +is idempotent, so any manual changes made via the admin interface will be updated if the command +is run afterwards. + +.. code-block:: bash + + python ./src/manage.py setup_configuration --yaml-file /path/to/config.yaml + +.. note:: Due to a cache-bug in the underlying framework, you need to restart all + replicas for part of this change to take effect everywhere. diff --git a/requirements/base.in b/requirements/base.in index ca609a0..a26def1 100644 --- a/requirements/base.in +++ b/requirements/base.in @@ -1,3 +1,5 @@ open-api-framework django-import-export[xlsx] + +mozilla-django-oidc-db[setup_configuration] diff --git a/requirements/base.txt b/requirements/base.txt index 7e21399..fbb4daa 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -2,6 +2,8 @@ # ./bin/compile_dependencies.sh amqp==5.2.0 # via kombu +annotated-types==0.7.0 + # via pydantic ape-pie==0.2.0 # via # commonground-api-common @@ -152,8 +154,10 @@ django-sendfile2==0.7.1 # via django-privates django-sessionprofile==3.0.0 # via open-api-framework -django-setup-configuration==0.3.0 - # via open-api-framework +django-setup-configuration==0.5.0 + # via + # mozilla-django-oidc-db + # open-api-framework django-simple-certmanager==2.3.0 # via zgw-consumers django-solo==2.3.0 @@ -235,8 +239,10 @@ maykin-2fa==1.0.1 # via open-api-framework mozilla-django-oidc==4.0.1 # via mozilla-django-oidc-db -mozilla-django-oidc-db==0.19.0 - # via open-api-framework +mozilla-django-oidc-db==0.21.1 + # via + # -r requirements/base.in + # open-api-framework notifications-api-common==0.3.1 # via commonground-api-common open-api-framework==0.9.2 @@ -259,6 +265,14 @@ psycopg2==2.9.9 # via open-api-framework pycparser==2.22 # via cffi +pydantic==2.10.5 + # via + # django-setup-configuration + # pydantic-settings +pydantic-core==2.27.2 + # via pydantic +pydantic-settings==2.7.1 + # via django-setup-configuration pyjwt==2.8.0 # via # commonground-api-common @@ -276,7 +290,9 @@ python-dateutil==2.9.0.post0 python-decouple==3.8 # via open-api-framework python-dotenv==1.0.1 - # via open-api-framework + # via + # open-api-framework + # pydantic-settings pytz==2024.1 # via # drf-yasg @@ -286,6 +302,7 @@ pyyaml==6.0.1 # drf-spectacular # drf-yasg # oyaml + # pydantic-settings qrcode==7.4.2 # via django-two-factor-auth redis==5.0.8 @@ -328,6 +345,8 @@ tornado==6.4.2 typing-extensions==4.12.2 # via # mozilla-django-oidc-db + # pydantic + # pydantic-core # qrcode # zgw-consumers tzdata==2024.1 diff --git a/requirements/ci.txt b/requirements/ci.txt index 2d0fd4b..8676347 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -7,6 +7,11 @@ amqp==5.2.0 # -c requirements/base.txt # -r requirements/base.txt # kombu +annotated-types==0.7.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # pydantic ape-pie==0.2.0 # via # -c requirements/base.txt @@ -287,7 +292,7 @@ django-sessionprofile==3.0.0 # -c requirements/base.txt # -r requirements/base.txt # open-api-framework -django-setup-configuration==0.3.0 +django-setup-configuration==0.5.0 # via # -c requirements/base.txt # -r requirements/base.txt @@ -491,7 +496,7 @@ mozilla-django-oidc==4.0.1 # -c requirements/base.txt # -r requirements/base.txt # mozilla-django-oidc-db -mozilla-django-oidc-db==0.19.0 +mozilla-django-oidc-db==0.21.1 # via # -c requirements/base.txt # -r requirements/base.txt @@ -564,6 +569,22 @@ pycparser==2.22 # -c requirements/base.txt # -r requirements/base.txt # cffi +pydantic==2.10.5 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # django-setup-configuration + # pydantic-settings +pydantic-core==2.27.2 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # pydantic +pydantic-settings==2.7.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # django-setup-configuration pyflakes==3.2.0 # via flake8 pygments==2.18.0 @@ -607,6 +628,7 @@ python-dotenv==1.0.1 # -c requirements/base.txt # -r requirements/base.txt # open-api-framework + # pydantic-settings pytz==2024.1 # via # -c requirements/base.txt @@ -620,6 +642,7 @@ pyyaml==6.0.1 # drf-spectacular # drf-yasg # oyaml + # pydantic-settings # vcrpy qrcode==7.4.2 # via @@ -724,6 +747,8 @@ typing-extensions==4.12.2 # -c requirements/base.txt # -r requirements/base.txt # mozilla-django-oidc-db + # pydantic + # pydantic-core # qrcode # zgw-consumers tzdata==2024.1 diff --git a/requirements/dev.txt b/requirements/dev.txt index 2266c73..eaa14a3 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -10,6 +10,11 @@ amqp==5.2.0 # -c requirements/ci.txt # -r requirements/ci.txt # kombu +annotated-types==0.7.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # pydantic ape-pie==0.2.0 # via # -c requirements/ci.txt @@ -314,7 +319,7 @@ django-sessionprofile==3.0.0 # -c requirements/ci.txt # -r requirements/ci.txt # open-api-framework -django-setup-configuration==0.3.0 +django-setup-configuration==0.5.0 # via # -c requirements/ci.txt # -r requirements/ci.txt @@ -549,7 +554,7 @@ mozilla-django-oidc==4.0.1 # -c requirements/ci.txt # -r requirements/ci.txt # mozilla-django-oidc-db -mozilla-django-oidc-db==0.19.0 +mozilla-django-oidc-db==0.21.1 # via # -c requirements/ci.txt # -r requirements/ci.txt @@ -645,6 +650,22 @@ pycparser==2.22 # -c requirements/ci.txt # -r requirements/ci.txt # cffi +pydantic==2.10.5 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # django-setup-configuration + # pydantic-settings +pydantic-core==2.27.2 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # pydantic +pydantic-settings==2.7.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # django-setup-configuration pyflakes==3.2.0 # via # -c requirements/ci.txt @@ -702,6 +723,7 @@ python-dotenv==1.0.1 # -c requirements/ci.txt # -r requirements/ci.txt # open-api-framework + # pydantic-settings pytz==2024.1 # via # -c requirements/ci.txt @@ -715,6 +737,7 @@ pyyaml==6.0.1 # drf-spectacular # drf-yasg # oyaml + # pydantic-settings # vcrpy qrcode==7.4.2 # via @@ -855,6 +878,8 @@ typing-extensions==4.12.2 # -c requirements/ci.txt # -r requirements/ci.txt # mozilla-django-oidc-db + # pydantic + # pydantic-core # qrcode # zgw-consumers tzdata==2024.1 diff --git a/src/referentielijsten/conf/base.py b/src/referentielijsten/conf/base.py index 2e729ed..c004611 100644 --- a/src/referentielijsten/conf/base.py +++ b/src/referentielijsten/conf/base.py @@ -71,3 +71,11 @@ # django-import-export # IMPORT_EXPORT_FORMATS = DEFAULT_FORMATS + + +# +# Django setup configuration +# +SETUP_CONFIGURATION_STEPS = ( + "mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep", +)