Conversation
This reverts commit 654e9f9.
| {% if cookiecutter.basic_authentication == "Yes, please!" %} | ||
| dj_rest_auth | ||
| django-allauth | ||
| django-allauth<65.3 |
There was a problem hiding this comment.
Necessary not to go too high here, as otherwise settings for SAML clash with settings for allauth.
tymees
left a comment
tymees
left a comment
There was a problem hiding this comment.
I know I'm only tagged, but I have some minor nitpicks for the test-idp docker config.
Sorry for the unprompted review
| {% endif %} | ||
| {% if cookiecutter.saml_authentication == "Yes, please!" %} | ||
| test-idp: | ||
| image: ghcr.io/centrefordigitalhumanities/development-idp/development-idp:develop |
There was a problem hiding this comment.
Tracking develop isn't recommended; I have broken that build at times.
Please use the latest tag. (It did not exist before, like, 5 minutes ago, so thanks for the hint I forgot to merge something)
| image: ghcr.io/centrefordigitalhumanities/development-idp/development-idp:develop | ||
| ports: | ||
| - 127.0.0.1:7000:7000 | ||
| volumes: |
There was a problem hiding this comment.
AFAIK you are using the test-idp in sqlite mode; you might want to create a volume for /app/db such that you don't have to recreate the SAML SP entry every time the container gets updated; Or provide the relevant ENV settings to use PSQL
| - type: bind | ||
| source: backend/user/tests/saml/idp_certificates | ||
| target: /app/certificates | ||
| command: sh -c "python manage.py migrate && python manage.py loaddata main/fixtures/initial.json main/fixtures/admin-user.json && python manage.py runserver 0.0.0.0:7000" |
There was a problem hiding this comment.
TL;DR: the latest image's entrypoint should do all this, so it's better to remove this imo
This isn't a great idea imho, it's a bit of a cheat to get the container to do something it can't do automatically, and can break stuff later down the line.
I think this was done this way to automatically load in the needed data, which I can understand.
To that end, in the latest version I've made the supplied entrypoint capable of doing this. It check if the initial data is not yet in the DB, and if so, will do the loaddata's automatically.
So, this custom command should be redundant now?
If you didn't want to include the battery of test-users, you can disable that part of the bootstrapping by adding
env:
- NOTESTUSERBOOTSTRAP=true
There was a problem hiding this comment.
Somehow I didn't get the docker/startup.sh to work yet, but wanted to trigger those commands, and on top of that, eventually, also want to include another custom)fixture which adds a service provider of the generated application for testing.
There was a problem hiding this comment.
Fair enough;
I'm just worried that, in the future, I get complaints I broke something because I changed the startup routine. (And as this is a template, it would be hell to fix everywhere).
I could look into a way to supply custom fixtures to the image, to autoload. Something like 'mount a file in /bootstrap and the app will load that as well'. Would that be enough to start using the supplied startup script?
|
Thanks for the feedback, @tymees ! I incorporated some of your comments, but left the longish command for now. This is as far as I've gotten. I'd hoped to add a fixture, as mentioned, to auto-add the service provider, but cannot figure out how to export the appropriate model. TODO:
I'd hoped to finish this branch before handing it over (I understood that @bbonf will take over all things SAML?), but seeing as I accidentally also Dockerized and updated the Angular version along the way, I kind of ran out of time. |
| @@ -0,0 +1,23 @@ | |||
| FROM docker.io/python:3.11-alpine3.20 | |||
There was a problem hiding this comment.
If this is development-oriented, I suggest using buildpack-deps instead. it's much larger, but it has git and other tools built-in and the overal cost to the developer is low because it is used as a common base for most development-oriented images.
Disable ssr; because it creates index.csr.html instead of index.html now and we aren't even really using ssr anyway
oktaal
force-pushed
the
feature/saml-login
branch
from
c237326 to
20143dd
Compare
4 participants
This branch adds the dependencies to configure paths for SAML login on the backend, and adds a login button on the frontend.
It also adds Dockerfiles for bacckend and frontend and a
docker-compose.yaml, which spins up @tymees ' fantastic development-IDP. Wrt @jgonggrijp 's #58 : the files here are actually nicely picking up where that PR leaves off, i.e., they are intended for use in development, after the project has been successfully generated.Also: updated Angular, because, why not? and what could possibly go wrong? 😆 The added
tsconfig.json(to include the"useDefineForClassFields": falsesetting) and renames ofapp.component->app, as well as changingafterRender->afterEveryRenderare caused by that change.So in summary, a bit of feature creep here, but also hopefully some functionality / updates to help.
NB: Due to #73 , it's necessary to manually set a date in
frontend/src/environments/version.tsbefore this can be run withdocker-compose up.