diff --git a/.editorconfig b/.editorconfig index 5179009b..e12dc6e5 100644 --- a/.editorconfig +++ b/.editorconfig @@ -9,3 +9,6 @@ insert_final_newline = true [html] indent_size = 2 + +[yaml] +indent_size = 2 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8a5d8730..1fea0092 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,7 @@ stages: - build - docs - deploy -image: docker.pkg.beryju.org/passbook-build-base:latest +image: docker.beryju.org/passbook/build-base:latest services: - postgres:latest - redis:latest @@ -22,7 +22,7 @@ create-build-image: before_script: - echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.build-base --destination docker.pkg.beryju.org/passbook-build-base:latest --destination docker.pkg.beryju.org/passbook-build-base:0.1.33-beta + - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.build-base --destination docker.beryju.org/passbook/build-base:latest --destination docker.beryju.org/passbook/build-base:0.1.33-beta stage: build-buildimage only: refs: @@ -63,7 +63,7 @@ package-docker: before_script: - echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.1.33-beta + - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.1.33-beta stage: build only: - tags @@ -74,31 +74,10 @@ package-helm: - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash - helm init --client-only - helm package helm/passbook - - ./manage.py nexus_upload --method put --url $NEXUS_URL --auth $NEXUS_AUTH --repo helm *.tgz - only: - - tags - - /^version/.*$/ -package-debian: - before_script: - - apt update - - apt install -y --no-install-recommends build-essential debhelper devscripts equivs python3 python3-dev python3-pip libsasl2-dev libldap2-dev - - mk-build-deps debian/control - - apt install ./*build-deps*deb -f -y - - python3 -m pip install -U virtualenv pip - - virtualenv env - - source env/bin/activate - - pip3 install -U -r requirements.txt -r requirements-dev.txt - - ./manage.py collectstatic --no-input - image: ubuntu:18.04 - script: - - debuild -us -uc - - cp ../passbook*.deb . - - ./manage.py nexus_upload --method post --url $NEXUS_URL --auth $NEXUS_AUTH --repo apt passbook*deb artifacts: paths: - - passbook*deb + - passbook-*.tgz expire_in: 2 days - stage: build only: - tags - /^version/.*$/ @@ -128,36 +107,3 @@ package-client-package-sentry: - /^version/.*$/ changes: - client-packages/sentry-auth-passbook/** -# docs: -# stage: docs -# only: -# - master -# - tags -# - /^debian/.*$/ -# environment: -# name: docs -# url: "https://passbook.beryju.org/docs/" -# script: -# - apt update -# - apt install -y rsync -# - "mkdir ~/.ssh" -# - "cp .gitlab/known_hosts ~/.ssh/" -# - "pip3 install -U -r requirements-docs.txt" -# - "eval $(ssh-agent -s)" -# - "echo \"${CI_SSH_PRIVATE}\" | ssh-add -" -# - mkdocs build -# - 'rsync -avh --delete web/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/"' -# - 'rsync -avh --delete site/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/docs/"' - -# deploy: -# environment: -# name: production -# url: https://passbook-prod.default.k8s.beryju.org/ -# stage: deploy -# only: -# - tags -# - /^version/.*$/ -# script: -# - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash -# - helm init -# - helm upgrade passbook-prod helm/passbook --devel diff --git a/.vscode/settings.json b/.vscode/settings.json index 9bbdc984..0b70cee1 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -4,6 +4,9 @@ "[html]": { "editor.tabSize": 2 }, + "[yml]": { + "editor.tabSize": 2 + }, "cSpell.words": [ "SAML", "passbook" diff --git a/LICENSE b/LICENSE index b2f0af43..3cef0786 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2018 BeryJu.org +Copyright (c) 2019 BeryJu.org Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index 84e907c2..00000000 --- a/debian/changelog +++ /dev/null @@ -1,253 +0,0 @@ -passbook (0.1.33) stable; urgency=medium - - * bump version: 0.1.31-beta -> 0.1.32-beta - * fix EntityID being None in SAML Metadata - * fix SAML Request not being parsed all the time - * add Rancher SAML processor - * remove unused import - * fix broken icon for helm chart - * switch to custom CI base image with dependencies installed - * remove included CI file - - -- Jens Langhammer Thu, 18 Apr 2019 08:23:55 +0000 - -passbook (0.1.32) stable; urgency=medium - - * bump version: 0.1.30-beta -> 0.1.31-beta - * automatically add response_type if not given in OAuth Request - - -- Jens Langhammer Wed, 17 Apr 2019 12:25:58 +0000 - -passbook (0.1.31) stable; urgency=medium - - * bump version: 0.1.29-beta -> 0.1.30-beta - * allow setting authentication_header to empty string (disabling the header) - * use global urllib Pools - * try to fix app_gw being null - * only enable sentry when not DEBUG - * move logging to separate thread - * move actual proxying logic to separate class - * remove logging to increase speed, add more caching to policy and rewriter - - -- Jens Langhammer Sat, 13 Apr 2019 15:56:55 +0000 - -passbook (0.1.30) stable; urgency=medium - - * bump version: 0.1.28-beta -> 0.1.29-beta - * don't use context manager in web command - - -- Jens Langhammer Thu, 11 Apr 2019 12:21:58 +0000 - -passbook (0.1.29) stable; urgency=medium - - * bump version: 0.1.27-beta -> 0.1.28-beta - * Add libpq-dev dependency so psycopg2 build works - * switch to whitenoise for static files - * replace cherrypy with daphne - * Run collectstatic before coverage, use autoreload on celery worker - - -- Jens Langhammer Thu, 11 Apr 2019 12:00:27 +0000 - -passbook (0.1.28) stable; urgency=medium - - * bump version: 0.1.26-beta -> 0.1.27-beta - * fix allauth client's formatting - * switch from raven to sentry_sdk - * add ability to have non-expiring nonces, clean up expired nonces - * fully remove raven and switch WSGI and logging to sentry_sdk - * fix failing CI - * trigger autoreload from config files - * Choose upstream more cleverly - * Move code from django-revproxy to app_gw to fix cookie bug - * Implement websocket proxy - * switch kubernetes deployment to daphne server - * set default log level to warn, fix clean_nonces not working - - -- Jens Langhammer Thu, 11 Apr 2019 08:46:44 +0000 - -passbook (0.1.27) stable; urgency=medium - - * bump version: 0.1.25-beta -> 0.1.26-beta - * fix broken app_gw - - -- Jens Langhammer Fri, 22 Mar 2019 13:50:31 +0000 - -passbook (0.1.26) stable; urgency=medium - - * bump version: 0.1.24-beta -> 0.1.25-beta - * always parse url instead of once - * validate upstream in form - * add custom template views - - -- Jens Langhammer Fri, 22 Mar 2019 11:47:08 +0000 - -passbook (0.1.25) stable; urgency=medium - - * initial implementation of reverse proxy, using django-revproxy from within a middleware - * fix TypeError: can only concatenate list (not "str") to list - * bump version: 0.1.23-beta -> 0.1.24-beta - * add redis dependency back in for caching - * utilise cache in PolicyEngine - * explicitly use redis db - * invalidate cache when policy is saved - * add redis as service in CI for unittests - * add timeout field to policy to prevent stuck policies - * Don't use LoginRequired for PermissionDenied View - * Check for policies in app_gw - * Better handle policy timeouts - * cleanup post-migration mess - * prevent ZeroDivisionError - * Redirect to login on reverse proxy - * cleanup property_mapping list - * add compiled regex to RewriteRule - * implement actual Rewriting logic - * Invalidate cache when ApplicationGateway instance is saved - * validate server_name in form - - -- Jens Langhammer Thu, 21 Mar 2019 15:47:58 +0000 - -passbook (0.1.24) stable; urgency=medium - - * bump version: 0.1.22-beta -> 0.1.23-beta - * add modal for OAuth Providers showing the URLs - * remove user field from form. Closes #32 - - -- Jens Langhammer Wed, 20 Mar 2019 21:59:21 +0000 - -passbook (0.1.23) stable; urgency=medium - - * add support for OpenID-Connect Discovery - - -- Jens Langhammer Thu, 18 Mar 2019 20:19:27 +0000 - -passbook (0.1.22) stable; urgency=medium - - * bump version: 0.1.20-beta -> 0.1.21-beta - * fix missing debug template - * move icons to single folder, cleanup - * fix layout when on mobile viewport and scrolling - * fix delete form not working - * point to correct icons - * add Azure AD Source - * Fix OAuth Client's disconnect view having invalid URL names - - -- Jens Langhammer Thu, 14 Mar 2019 20:19:27 +0000 - -passbook (0.1.21) stable; urgency=medium - - * bump version: 0.1.19-beta -> 0.1.20-beta - * add request debug view - * detect HTTPS from reverse proxy - - -- Jens Langhammer Thu, 14 Mar 2019 17:01:49 +0000 - -passbook (0.1.20) stable; urgency=medium - - * bump version: 0.1.18-beta -> 0.1.19-beta - * fix GitHub Pretend again - * add user settings for Sources - - -- Jens Langhammer Wed, 13 Mar 2019 15:49:44 +0000 - -passbook (0.1.18) stable; urgency=medium - - * bump version: 0.1.16-beta -> 0.1.17-beta - * fix Server Error when downloading metadata - * add sentry client - * fix included yaml file - * adjust versions for client packages, auto build client-packages - * bump version: 0.1.17-beta -> 0.1.18-beta - * fix API Call for sentry-client, add missing template - * fix GitHub Pretend throwing a 500 error - - -- Jens Langhammer Wed, 13 Mar 2019 14:14:10 +0000 - -passbook (0.1.17) stable; urgency=medium - - * bump version: 0.1.15-beta -> 0.1.16-beta - * remove Application.user_is_authorized - * don't use celery heartbeat, use TCP keepalive instead - * switch to vertical navigation - - -- Jens Langhammer Tue, 12 Mar 2019 14:54:27 +0000 - -passbook (0.1.16) stable; urgency=medium - - * Replace redis with RabbitMQ - * updated debian package to suggest RabbitMQ - * update helm chart to require RabbitMQ - * fix invalid default config in debian package - - -- Jens Langhammer Mon, 11 Mar 2019 10:28:36 +0000 - -passbook (0.1.14) stable; urgency=medium - - * bump version: 0.1.11-beta -> 0.1.12-beta - * Fix DoesNotExist error when running PolicyEngine against None user - * allow custom email server for helm installs - * fix UserChangePasswordView not requiring Login - - -- Jens Langhammer Mon, 11 Mar 2019 10:28:36 +0000 - -passbook (0.1.12) stable; urgency=medium - - * bump version: 0.1.10-beta -> 0.1.11-beta - * rewrite PasswordFactor to use backends setting instead of trying all backends - * install updated helm release from local folder - * disable automatic k8s deployment for now - * fix OAuth Authorization View not requiring authentication - - -- Jens Langhammer Mon, 11 Mar 2019 08:50:29 +0000 - -passbook (0.1.11) stable; urgency=medium - - * add group administration - * bump version: 0.1.9-beta -> 0.1.10-beta - * fix helm labels being on deployments and not pods - * automatically deploy after release - * use Django's Admin FilteredSelectMultiple for Group Membership - * always use FilteredSelectMultiple for many-to-many fields - * Add Group Member policy - * add LDAP Group Membership Policy - - -- Jens Langhammer Sun, 10 Mar 2019 18:55:31 +0000 - -passbook (0.1.10) stable; urgency=high - - * bump version: 0.1.7-beta -> 0.1.8-beta - * consistently using PolicyEngine - * add more Verbosity to PolicyEngine, rewrite SAML Authorisation check - * slightly refactor Factor View, add more unittests - * add impersonation middleware, add to templates - * bump version: 0.1.8-beta -> 0.1.9-beta - * fix k8s service routing http traffic to workers - * Fix button on policy test page - * better show loading state when testing a policy - - -- Jens Langhammer Sun, 10 Mar 2019 14:52:40 +0000 - -passbook (0.1.7) stable; urgency=medium - - * bump version: 0.1.3-beta -> 0.1.4-beta - * implicitly add kubernetes-healthcheck-host in helm configmap - * fix debian build (again) - * add PropertyMapping Model, add Subclass for SAML, test with AWS - * add custom DynamicArrayField to better handle arrays - * format data before inserting it - * bump version: 0.1.4-beta -> 0.1.5-beta - * fix static files missing for debian package - * fix password not getting set on user import - * remove audit's login attempt - * add passing property to PolicyEngine - * fix captcha factor not loading keys from Factor class - * bump version: 0.1.5-beta -> 0.1.6-beta - * fix MATCH_EXACT not working as intended - * Improve access control for saml - - -- Jens Langhammer Fri, 08 Mar 2019 20:37:05 +0000 - -passbook (0.1.4) stable; urgency=medium - - * initial debian package release - - -- Jens Langhammer Wed, 06 Mar 2019 18:22:41 +0000 diff --git a/debian/compat b/debian/compat deleted file mode 100644 index f599e28b..00000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -10 diff --git a/debian/config b/debian/config deleted file mode 100644 index 4ccc05ad..00000000 --- a/debian/config +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# config maintainer script for passbook -set -e - -# source debconf stuff -. /usr/share/debconf/confmodule - -dbc_first_version=1.0.0 -dbc_dbuser=passbook -dbc_dbname=passbook - -# source dbconfig-common shell library, and call the hook function -if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/config.pgsql - dbc_go passbook "$@" -fi - -#DEBHELPER# - -exit 0 diff --git a/debian/control b/debian/control deleted file mode 100644 index 32e2530b..00000000 --- a/debian/control +++ /dev/null @@ -1,14 +0,0 @@ -Source: passbook -Section: admin -Priority: optional -Maintainer: BeryJu.org -Uploaders: Jens Langhammer , BeryJu.org -Build-Depends: debhelper (>= 10), dh-systemd (>= 1.5), dh-exec, wget, dh-exec, python3 (>= 3.5) | python3.6 | python3.7, libpq-dev -Standards-Version: 3.9.6 - -Package: passbook -Architecture: all -Recommends: mysql-server, rabbitmq-server, redis-server -Pre-Depends: adduser, libldap2-dev, libsasl2-dev -Depends: python3 (>= 3.5) | python3.6 | python3.7, python3-pip, dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends} -Description: Authentication Provider/Proxy supporting protocols like SAML, OAuth, LDAP and more. diff --git a/debian/copyright b/debian/copyright deleted file mode 100644 index 750b5c79..00000000 --- a/debian/copyright +++ /dev/null @@ -1,22 +0,0 @@ -MIT License - -Copyright (c) 2019 BeryJu.org - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - diff --git a/debian/dirs b/debian/dirs deleted file mode 100644 index 487ad2f1..00000000 --- a/debian/dirs +++ /dev/null @@ -1,4 +0,0 @@ -etc/passbook/ -etc/passbook/config.d/ -var/log/passbook/ -usr/share/passbook/ diff --git a/debian/etc/passbook/config.yml b/debian/etc/passbook/config.yml deleted file mode 100644 index 40561906..00000000 --- a/debian/etc/passbook/config.yml +++ /dev/null @@ -1,76 +0,0 @@ -http: - host: 0.0.0.0 - port: 8000 -secret_key_file: /etc/passbook/secret_key -log: - level: - console: INFO - file: DEBUG - file: /var/log/passbook/passbook.log -debug: false -secure_proxy_header: - HTTP_X_FORWARDED_PROTO: https -rabbitmq: guest:guest@localhost/passbook -redis: localhost/0 - -# Error reporting, sends stacktrace to sentry.services.beryju.org -error_report_enabled: true - -primary_domain: passbook.local - -passbook: - sign_up: - # Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true - enabled: true - password_reset: - # Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true - enabled: true - # Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions` - verification: - - email - # Text used in title, on login page and multiple other places - branding: passbook - login: - # Override URL used for logo - logo_url: null - # Override URL used for Background on Login page - bg_url: null - # Optionally add a subtext, placed below logo on the login page - subtext: null - footer: - links: - # Optionally add links to the footer on the login page - # - name: test - # href: https://test - # Specify which fields can be used to authenticate. Can be any combination of `username` and `email` - uid_fields: - - username - - email - session: - remember_age: 2592000 # 60 * 60 * 24 * 30, one month -# Provider-specific settings -ldap: - # Which field from `uid_fields` maps to which LDAP Attribute - login_field_map: - username: sAMAccountName - email: mail # or userPrincipalName - user_attribute_map: - active_directory: - username: "%(sAMAccountName)s" - email: "%(mail)s" - name: "%(displayName)" -oauth_client: - # List of python packages with sources types to load. - types: - - passbook.oauth_client.source_types.discord - - passbook.oauth_client.source_types.facebook - - passbook.oauth_client.source_types.github - - passbook.oauth_client.source_types.google - - passbook.oauth_client.source_types.reddit - - passbook.oauth_client.source_types.supervisr - - passbook.oauth_client.source_types.twitter -saml_idp: - # List of python packages with provider types to load. - types: - - passbook.saml_idp.processors.generic - - passbook.saml_idp.processors.salesforce diff --git a/debian/gbp.conf b/debian/gbp.conf deleted file mode 100644 index 9eeba044..00000000 --- a/debian/gbp.conf +++ /dev/null @@ -1,2 +0,0 @@ -[buildpackage] -export-dir=../build-area diff --git a/debian/install b/debian/install deleted file mode 100644 index 8d3485ae..00000000 --- a/debian/install +++ /dev/null @@ -1,8 +0,0 @@ -passbook /usr/share/passbook/ -static /usr/share/passbook/ -manage.py /usr/share/passbook/ -passbook.sh /usr/share/passbook/ -vendor /usr/share/passbook/ - -debian/etc/passbook /etc/ -debian/templates/database.yml /usr/share/passbook/ diff --git a/debian/links b/debian/links deleted file mode 100644 index e69de29b..00000000 diff --git a/debian/passbook-worker.service b/debian/passbook-worker.service deleted file mode 100644 index 2c5f9e56..00000000 --- a/debian/passbook-worker.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=passbook - Authentication Provider/Proxy (Background worker) -After=network.target -Requires=network.target - -[Service] -User=passbook -Group=passbook -WorkingDirectory=/usr/share/passbook -Type=simple -ExecStart=/usr/share/passbook/passbook.sh worker - -[Install] -WantedBy=multi-user.target diff --git a/debian/passbook.service b/debian/passbook.service deleted file mode 100644 index bb4d59c6..00000000 --- a/debian/passbook.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=passbook - Authentication Provider/Proxy -After=network.target -Requires=network.target - -[Service] -User=passbook -Group=passbook -WorkingDirectory=/usr/share/passbook -Type=simple -ExecStart=/usr/share/passbook/passbook.sh web - -[Install] -WantedBy=multi-user.target diff --git a/debian/postinst b/debian/postinst deleted file mode 100755 index 0bdd0aea..00000000 --- a/debian/postinst +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -set -e - -. /usr/share/debconf/confmodule -. /usr/share/dbconfig-common/dpkg/postinst.pgsql - -# you can set the default database encoding to something else -dbc_pgsql_createdb_encoding="UTF8" -dbc_generate_include=template:/etc/passbook/config.d/database.yml -dbc_generate_include_args="-o template_infile=/usr/share/passbook/database.yml" -dbc_go passbook "$@" - -if [ -z "`getent group passbook`" ]; then - addgroup --quiet --system passbook -fi -if [ -z "`getent passwd passbook`" ]; then - echo " * Creating user and group passbook..." - adduser --quiet --system --home /usr/share/passbook --shell /bin/false --ingroup passbook --disabled-password --disabled-login --gecos "passbook User" passbook >> /var/log/passbook/passbook.log 2>&1 -fi -echo " * Updating binary packages (psycopg2)" -python3 -m pip install --target=/usr/share/passbook/vendor/ --no-cache-dir --upgrade --force-reinstall psycopg2 >> /var/log/passbook/passbook.log 2>&1 -if [ ! -f '/etc/passbook/secret_key' ]; then - echo " * Generating Secret Key" - python3 -c 'import random; result = "".join([random.choice("abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)") for i in range(50)]); print(result)' > /etc/passbook/secret_key 2> /dev/null -fi -chown -R passbook: /usr/share/passbook/ -chown -R passbook: /etc/passbook/ -chown -R passbook: /var/log/passbook/ -chmod 440 /etc/passbook/secret_key -echo " * Running Database Migration" -/usr/share/passbook/passbook.sh migrate -echo " * A superuser can be created with this command '/usr/share/passbook/passbook.sh createsuperuser'" -echo " * You should probably also adjust your settings in '/etc/passbook/config.yml'" - -#DEBHELPER# diff --git a/debian/postrm b/debian/postrm deleted file mode 100644 index abfa631b..00000000 --- a/debian/postrm +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -set -e - -if [ -f /usr/share/debconf/confmodule ]; then - . /usr/share/debconf/confmodule -fi -if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/postrm.pgsql - dbc_go passbook "$@" -fi - - -if [ "$1" = "purge" ]; then - if which ucf >/dev/null 2>&1; then - ucf --purge /etc/passbook/config.d/database.yml - ucfr --purge passbook /etc/passbook/config.d/database.yml - fi - rm -rf /etc/passbook/ - rm -rf /usr/share/passbook/ -fi - -#DEBHELPER# - diff --git a/debian/prerm b/debian/prerm deleted file mode 100644 index 5383d20d..00000000 --- a/debian/prerm +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -set -e - -. /usr/share/debconf/confmodule -. /usr/share/dbconfig-common/dpkg/prerm.pgsql -dbc_go passbook "$@" - -#DEBHELPER# - diff --git a/debian/rules b/debian/rules deleted file mode 100755 index 8f17bf69..00000000 --- a/debian/rules +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/make -f - -# Uncomment this to turn on verbose mode. -# export DH_VERBOSE=1 - -%: - dh $@ --with=systemd - -build-arch: - python3 -m pip install setuptools - python3 -m pip install --target=vendor/ -r requirements.txt - -override_dh_strip: - dh_strip --exclude=psycopg2 - -override_dh_shlibdeps: - dh_shlibdeps --exclude=psycopg2 - -override_dh_installinit: - dh_installinit --name=passbook - dh_installinit --name=passbook-worker - dh_systemd_enable --name=passbook - dh_systemd_enable --name=passbook-worker - dh_systemd_start - -# override_dh_usrlocal to do nothing -override_dh_usrlocal: diff --git a/debian/source/format b/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/debian/templates/database.yml b/debian/templates/database.yml deleted file mode 100644 index 0c4a4a82..00000000 --- a/debian/templates/database.yml +++ /dev/null @@ -1,8 +0,0 @@ -databases: - default: - engine: django.db.backends.postgresql - name: _DBC_DBNAME_ - user: _DBC_DBUSER_ - password: _DBC_DBPASS_ - host: _DBC_DBSERVER_ - port: _DBC_DBPORT_ diff --git a/helm/passbook/app-readme.md b/helm/passbook/app-readme.md new file mode 100644 index 00000000..0f0092e2 --- /dev/null +++ b/helm/passbook/app-readme.md @@ -0,0 +1 @@ +# passbook diff --git a/helm/passbook/questions.yml b/helm/passbook/questions.yml new file mode 100644 index 00000000..834f6309 --- /dev/null +++ b/helm/passbook/questions.yml @@ -0,0 +1,98 @@ +--- +categories: + - Authentication + - SSO +questions: + - default: "true" + variable: config.error_reporting + type: boolean + description: "Enable error-reporting to sentry.services.beryju.org" + group: "passbook Configuration" + label: "Error Reporting" + #################################################################### + ### PostgreSQL + #################################################################### + - variable: postgresql.enabled + default: true + description: "Deploy a database server as part of this deployment, or set to false and configure an external database connection." + type: boolean + required: true + label: Install PostgreSQL + show_subquestion_if: true + group: "Database Settings" + subquestions: + - variable: postgresql.postgresqlDatabase + default: "passbook" + description: "Database name to create" + type: string + label: PostgreSQL Database + - variable: postgresql.postgresqlUsername + default: "passbook" + description: "Database user to create" + type: string + label: PostgreSQL User + - variable: postgresql.postgresqlPassword + default: "" + description: "password will be auto-generated if not specified" + type: password + label: PostgreSQL Password + - variable: externalDatabase.host + default: "" + description: "Host of the external database" + type: string + label: External Database Host + show_if: "postgresql.enabled=false" + group: "Database Settings" + - variable: externalDatabase.user + default: "" + description: "Existing username in the external DB" + type: string + label: External Database username + show_if: "postgresql.enabled=false" + group: "Database Settings" + - variable: externalDatabase.password + default: "" + description: "External database password" + type: password + label: External Database password + show_if: "postgresql.enabled=false" + group: "Database Settings" + - variable: externalDatabase.database + default: "" + description: "Name of the existing database" + type: string + label: External Database + show_if: "postgresql.enabled=false" + group: "Database Settings" + - variable: externalDatabase.port + default: "3306" + description: "External database port number" + type: string + label: External Database Port + show_if: "postgresql.enabled=false" + group: "Database Settings" + - variable: postgresql.persistence.enabled + default: false + description: "Enable persistent volume for PostgreSQL" + type: boolean + required: true + label: PostgreSQL Persistent Volume Enabled + show_if: "postgresql.enabled=true" + show_subquestion_if: true + group: "Database Settings" + subquestions: + - variable: postgresql.master.persistence.size + default: "8Gi" + description: "PostgreSQL Persistent Volume Size" + type: string + label: PostgreSQL Volume Size + - variable: postgresql.master.persistence.storageClass + default: "" + description: "If undefined or null, uses the default StorageClass. Default to null" + type: storageclass + label: Default StorageClass for PostgreSQL + - variable: postgresql.master.persistence.existingClaim + default: "" + description: "If not empty, uses the specified existing PVC instead of creating new one" + type: string + label: Existing Persistent Volume Claim for PostgreSQL diff --git a/helm/passbook/templates/passbook-web-deployment.yaml b/helm/passbook/templates/passbook-web-deployment.yaml index 2308300c..5d5da056 100644 --- a/helm/passbook/templates/passbook-web-deployment.yaml +++ b/helm/passbook/templates/passbook-web-deployment.yaml @@ -26,7 +26,7 @@ spec: name: {{ include "passbook.fullname" . }}-config containers: - name: {{ .Chart.Name }} - image: "docker.pkg.beryju.org/passbook:{{ .Values.image.tag }}" + image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}" imagePullPolicy: IfNotPresent command: ["/bin/sh","-c"] args: ["./manage.py migrate && ./manage.py web"] diff --git a/helm/passbook/templates/passbook-worker-deployment.yaml b/helm/passbook/templates/passbook-worker-deployment.yaml index 79cd1100..50893a7d 100644 --- a/helm/passbook/templates/passbook-worker-deployment.yaml +++ b/helm/passbook/templates/passbook-worker-deployment.yaml @@ -26,7 +26,7 @@ spec: name: {{ include "passbook.fullname" . }}-config containers: - name: {{ .Chart.Name }} - image: "docker.pkg.beryju.org/passbook:{{ .Values.image.tag }}" + image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}" imagePullPolicy: IfNotPresent command: ["./manage.py", "worker"] ports: diff --git a/passbook.sh b/passbook.sh deleted file mode 100755 index f4798367..00000000 --- a/passbook.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -# Check if this file is a symlink, if so, read real base dir -BASE_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]})) - -cd $BASE_DIR -PYTHONPATH="${BASE_DIR}/vendor/" python3 manage.py $@