FPDC: fix buildconfig and configure kinto

Signed-off-by: Clement Verna <cverna@tutanota.com>
2019-08-29 13:11:07 +02:00 · 2019-08-29 13:11:07 +02:00 · eb10f482d7
commit eb10f482d7
parent a164b03672
2 changed files with 30 additions and 32 deletions
--- a/roles/openshift-apps/fpdc/templates/buildconfig.yml
+++ b/roles/openshift-apps/fpdc/templates/buildconfig.yml
@ -8,27 +8,26 @@ spec:
  runPolicy: Serial
  source:
    dockerfile: |-
-      # See imagestream.yml for the definition
-    FROM fedora:30
+      FROM fedora:30

-    RUN dnf install -y python3-ujson uwsgi uwsgi-plugin-python3 && dnf clean all \
-        && mkdir /app \
-        && chown 10001:10001 /app \
-        && groupadd --gid 10001 app \
-        && useradd --no-create-home --uid 10001 --gid 10001 --home-dir /app app
+      RUN dnf install -y python3-ujson uwsgi uwsgi-plugin-python3 && dnf clean all \
+          && mkdir /app \
+          && chown 10001:10001 /app \
+          && groupadd --gid 10001 app \
+          && useradd --no-create-home --uid 10001 --gid 10001 --home-dir /app app

-    USER 10001
-    EXPOSE 8080
+      USER 10001
+      EXPOSE 8080

-    RUN pip3 install --no-cache-dir --user kinto
+      RUN pip3 install --no-cache-dir --user kinto

-    ENV KINTO_INI=/etc/kinto/kinto.ini \
-        PYTHONPATH=/app/
+      ENV KINTO_INI=/etc/kinto/kinto.ini \
+          PYTHONPATH=/app/

-    WORKDIR /app
-    ADD https://raw.githubusercontent.com/mozilla-services/kinto-dist/master/app.wsgi /app
+      WORKDIR /app
+      ADD https://raw.githubusercontent.com/mozilla-services/kinto-dist/master/app.wsgi /app

-    CMD ["uwsgi", "--http-socket", ":8080", "--ini", "/etc/kinto/kinto.ini"]
+      CMD ["uwsgi", "--http-socket", ":8080", "--ini", "/etc/kinto/kinto.ini"]
  strategy:
    type: Docker
    dockerStrategy:
--- a/roles/openshift-apps/fpdc/templates/kinto.ini
+++ b/roles/openshift-apps/fpdc/templates/kinto.ini
@ -31,17 +31,12 @@ use = egg:kinto
 # Plugins
 # https://kinto.readthedocs.io/en/latest/configuration/settings.html#plugins
 # https://github.com/uralbash/awesome-pyramid
-kinto.includes = kinto.plugins.default_bucket
-                 kinto.plugins.admin
-                 kinto.plugins.accounts
-#                kinto.plugins.history
-#                kinto.plugins.quotas
-
+kinto.includes = kinto.plugins.openid
 # Backends
 # https://kinto.readthedocs.io/en/latest/configuration/settings.html#storage
 #
-kinto.storage_backend = kinto.core.storage.memory
-kinto.storage_url =
+kinto.storage_backend = kinto.core.storage.postgresql
+kinto.storage_url = postgresql://fpdc:{{fpdc_stg_db_pass}}@{{fpdc_stg_db_server}}/kinto
 # kinto.storage_max_fetch_size = 10000
 # kinto.storage_pool_size = 25
 # kinto.storage_max_overflow = 5
@ -68,8 +63,8 @@ kinto.cache_url =
 # Permissions.
 # https://kinto.readthedocs.io/en/latest/configuration/settings.html#permissions
 #
-kinto.permission_backend = kinto.core.permission.memory
-kinto.permission_url =
+kinto.permission_backend = kinto.core.permission.postgresql
+kinto.permission_url = postgresql://fpdc:{{fpdc_stg_db_pass}}@{{fpdc_stg_db_server}}/kinto
 # kinto.permission_pool_size = 25
 # kinto.permission_max_overflow = 5
 # kinto.permission_pool_recycle = 1
@ -81,8 +76,8 @@ kinto.permission_url =
 # Authentication
 # https://kinto.readthedocs.io/en/latest/configuration/settings.html#authentication
 #
-kinto.userid_hmac_secret = 3a494f2f248d9aaa7cca227b8f39b250836611c828de22ef6b6f8ca203aa0afb
-multiauth.policies = account
+kinto.userid_hmac_secret = {{ stg_fpdc_secret_key }}
+multiauth.policies = fedora
 # Any pyramid multiauth setting can be specified for custom authentication
 # https://github.com/uralbash/awesome-pyramid#authentication
 #
@ -92,13 +87,17 @@ multiauth.policies = account
 # Set `kinto.includes` to `kinto.plugins.accounts`
 # Enable authenticated policy.
 # Set `multiauth.policies` to `account`
-multiauth.policy.account.use = kinto.plugins.accounts.AccountsPolicy
+multiauth.policy.fedora.use = kinto.plugins.openid.OpenIDConnectPolicy
+multiauth.policy.fedora.issuer = https://id{env_suffix}.fedorainfracloud.org/openidc/
+multiauth.policy.fedora.client_id = {{fpdc_stg_client_id}}
+multiauth.policy.fedora.client_secret = {{fpdc_stg_client_secret}}
+multiauth.policy.fedora.userid_field = email
 # Allow anyone to create accounts.
-kinto.account_create_principals = system.Everyone
+#kinto.account_create_principals = system.Everyone
 # Set user 'account:admin' as the administrator.
-kinto.account_write_principals = account:admin
+#kinto.account_write_principals = account:admin
 # Allow administrators to create buckets
-kinto.bucket_create_principals = account:admin
+#kinto.bucket_create_principals = account:admin
 # Enable the "account_validation" option.
 # kinto.account_validation = true
 # Set the sender for the validation email.
@ -128,7 +127,7 @@ kinto.bucket_create_principals = account:admin
 #
 # https://kinto.readthedocs.io/en/latest/configuration/production.html

-# kinto.http_scheme = https
+kinto.http_scheme = https
 # kinto.http_host = kinto.services.mozilla.com

 # Cross Origin Requests