[release-monitoring] Authlib update

Add Authlib related configuration and build variables. Remove libraries.io consumer, it's no longer available. Remove ConfigChange deployment trigger so we don't deploy twice when pushing changes through ansible repository. Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2024-12-03 15:14:32 +01:00 · 2024-12-03 15:14:32 +01:00 · 5c5160e51b
commit 5c5160e51b
parent e154f92f70
3 changed files with 51 additions and 103 deletions
--- a/roles/openshift-apps/release-monitoring/files/deploymentconfig.yml
+++ b/roles/openshift-apps/release-monitoring/files/deploymentconfig.yml
@ -99,7 +99,6 @@ items:
          name: release-monitoring-web:latest
          namespace: release-monitoring
      type: ImageChange
-    - type: ConfigChange
 - apiVersion: apps.openshift.io/v1
  kind: DeploymentConfig
  metadata:
@ -191,98 +190,5 @@ items:
            name: release-monitoring-web:latest
            namespace: release-monitoring
        type: ImageChange
-      - type: ConfigChange
- apiVersion: apps.openshift.io/v1
-  kind: DeploymentConfig
-  metadata:
-    labels:
-      app: release-monitoring-librariesio-consumer
-      service: web
-    name: release-monitoring-librariesio-consumer
-  spec:
-    replicas: 1
-    selector:
-      deploymentconfig: release-monitoring-librariesio-consumer
-    strategy:
-      activeDeadlineSeconds: 900
-      recreateParams:
-        timeoutSeconds: 30
-        mid:
-          failurePolicy: Retry
-          execNewPod:
-            containerName: release-monitoring-web
-            command:
-              - /bin/bash
-              - -c
-              - |
-                python3 -m alembic -c /etc/anitya/alembic.ini current | grep '(head)'
-            env:
-              - name: ANITYA_WEB_CONFIG
-                value: /etc/anitya/anitya.toml
-            volumes:
-              - config-volume
-      resources: {}
-      type: Recreate
-    template:
-      metadata:
-        creationTimestamp: null
-        labels:
-          app: release-monitoring-librariesio-consumer
-          deploymentconfig: release-monitoring-librariesio-consumer
-      spec:
-        containers:
-          - name: release-monitoring-web
-            image: release-monitoring/release-monitoring-web:latest
-            command:
-              - python3
-            args:
-              - /usr/local/bin/librariesio_consumer
-            env:
-              - name: ANITYA_WEB_CONFIG
-                value: /etc/anitya/anitya.toml
-            resources: {}
-            volumeMounts:
-              - name: config-volume
-                mountPath: /etc/anitya
-                readOnly: true
-              - name: fedora-messaging-config-volume
-                mountPath: /etc/fedora-messaging
-                readOnly: true
-              - name: fedora-messaging-ca-volume
-                mountPath: /etc/pki/rabbitmq/ca
-                readOnly: true
-              - name: fedora-messaging-key-volume
-                mountPath: /etc/pki/rabbitmq/key
-                readOnly: true
-              - name: fedora-messaging-cert-volume
-                mountPath: /etc/pki/rabbitmq/cert
-                readOnly: true
-        volumes:
-          - name: config-volume
-            configMap:
-              name: release-monitoring-configmap
-          - name: fedora-messaging-config-volume
-            configMap:
-              name: fedora-messaging-configmap
-          - name: fedora-messaging-ca-volume
-            secret:
-              secretName: release-monitoring-fedora-messaging-ca
-          - name: fedora-messaging-key-volume
-            secret:
-              secretName: release-monitoring-fedora-messaging-key
-          - name: fedora-messaging-cert-volume
-            secret:
-              secretName: release-monitoring-fedora-messaging-cert
-    triggers:
-      - imageChangeParams:
-          automatic: true
-          containerNames:
-            - release-monitoring-web
-          from:
-            kind: ImageStreamTag
-            name: release-monitoring-web:latest
-            namespace: release-monitoring
-        type: ImageChange
-      - type: ConfigChange
 kind: List
 metadata: {}
--- a/roles/openshift-apps/release-monitoring/templates/anitya.toml
+++ b/roles/openshift-apps/release-monitoring/templates/anitya.toml
@ -40,15 +40,59 @@ email_errors = false
 # List of users that are not allowed to sign in
 blacklisted_users = []

-librariesio_platform_whitelist = [
-  'pypi',
-  'rubygems',
-]
+{% if env == 'staging' %}
+# Enabled authentication backends
+authlib_enabled_backends = ["Fedora", "GitHub", "Google"]

+# Github OAuth backend variables
+# Github OAuth app client id
+# See https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app
+github_client_id = "{{ anitya_stg_github_client_id }}"
+# Github OAuth app client secret
+# See https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app
+github_client_secret = "{{ anitya_stg_github_client_secret }}"
+# Github access token URL
+github_access_token_url = "https://github.com/login/oauth/access_token"
+# Github URL used for authorization
+github_authorize_url = "https://github.com/login/oauth/authorize"
+# Github URL for API
+github_api_base_url = "https://api.github.com/"
+# Additional arguments for Github authentication
+[github_client_kwargs]
+scope = "openid profile email"
+
+# Fedora OAuth backend variables
+# Fedora OAuth client id
+# Have to be requested in a ticket on https://pagure.io/fedora-infrastructure
+fedora_client_id = "{{ anitya_stg_fedora_client_id }}"
+# Fedora OAuth secret
+# Have to be requested in a ticket on https://pagure.io/fedora-infrastructure
+fedora_client_secret = "{{ anitya_stg_fedora_client_secret }}"
+# Fedora OAuth authentication endpoint
+fedora_server_metadata_url = "https://id.stg.fedoraproject.org/.well-known/openid-configuration"
+# Additional arguments for Fedora authentication
+[fedora_client_kwargs]
+scope = "openid profile email"
+token_endpoint_auth_method = "client_secret_post"
+
+# Google OAuth backend variables
+# Google OAuth client id
+# See https://support.google.com/cloud/answer/6158849
+google_client_id = "{{ anitya_stg_google_client_id }}"
+# Google OAuth client secret
+# See https://support.google.com/cloud/answer/6158849
+google_client_secret = "{{ anitya_stg_google_client_secret }}"
+# Google OAuth authentication endpoint
+google_server_metadata_url = "https://accounts.google.com/.well-known/openid-configuration"
+# Additional arguments for Google authentication
+[google_client_kwargs]
+scope = "openid profile email"
+{% else %}
 social_auth_authentication_backends = [
  'social_core.backends.fedora.FedoraOpenId',
  'social_core.backends.open_id.OpenIdAuth',
 ]
+{% endif %}

 # Default regular expression used for backend
 default_regex = """\
--- a/roles/openshift-apps/release-monitoring/templates/buildconfig.yml
+++ b/roles/openshift-apps/release-monitoring/templates/buildconfig.yml
@ -24,6 +24,7 @@ items:
                npm \
                poetry \
                python3-alembic \
+                python3-authlib \
                python3-beautifulsoup4 \
                python3-arrow \
                python3-dateutil \
@ -73,14 +74,11 @@ items:
                pip-3 install dist/*.whl && \
                popd && \
                rm -rf anitya
-{% if env == 'staging' %}
-        # Let's use staging auth server in staging
-        RUN sed -i 's/id.fedoraproject.org/id.stg.fedoraproject.org/g' /usr/local/lib/python3.12/site-packages/social_core/backends/fedora.py
-{% endif %}
-
+{% if env == 'production' %}
        # Hotfix for social_auth-sqlalchemy
        # Could be removed when we switch to something else
        RUN sed -i 's/base64.encodestring/base64.encodebytes/g' /usr/local/lib/python3.12/site-packages/social_sqlalchemy/storage.py
+{% endif %}
        RUN mkdir /httpdir
        RUN chmod 777 /httpdir
        EXPOSE 8080