Some cleanups

5a981763 · Mart van Santen · f2e3b7c9 · 5a981763 · f2e3b7c9 · f2e3b7c9
Commit 5a981763 authored 3 years ago by Mart van Santen
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -54,7 +54,7 @@ behave-integration:
  services:
    - name: postgres:latest
      alias: postgres
-    - name: docker.io/oryd/hydra:v1.10.7-alpine
+    - name: docker.io/oryd/hydra:v1.8
      alias: hydra
      command:
        - serve
@@ -102,7 +102,8 @@ behave-integration:
    FLASK_ENV: "development"
  image: ${CI_REGISTRY_IMAGE}/integration_test:${CI_COMMIT_REF_NAME}
  script:
-    - echo "I am skipped today!"
+    # TODO: Fixed by https://open.greenhost.net/stackspin/single-sign-on/-/issues/103
+    - echo "The panel code is not included in CI/CD build. It can not do testing"
    # Create user and application objects
    #- /bin/bash user-panel/backend/utils/create-user.bash ${TESTUSER_USERNAME} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL} backend:5000
    #- /bin/bash user-panel/backend/utils/create-user.bash ${TESTUSER_USERNAME2} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL2} backend:5000

--- a/docker-compose.yml
+++ b/docker-compose.yml
-###########################################################################
-#######                FOR TESTING PURPOSES ONLY                    #######
-###########################################################################
-# Instead of using the docker compose file you should use the helmfiles   #
-# to deploy the single sign on system on a kubernetes cluster             #
-###########################################################################
-version: '3'
-services:
-  hydra:
-    image: oryd/hydra:v1.8
-    ports:
-      - "4444:4444" # Public port
-      - "4445:4445" # Admin port
-      - "5555:5555" # Port for hydra token user
-    command:
-      serve all --dangerous-force-http --dangerous-allow-insecure-redirect-urls "http://localhost:13337/callback, http://localhost:13337/"
-    environment:
-      - URLS_SELF_ISSUER=http://localhost:4444/
-      - URLS_CONSENT=http://localhost:5001/consent
-      - URLS_LOGIN=http://localhost:5000/login
-      - URLS_LOGOUT=http://localhost:5002/logout
-      - DSN=memory
-      - SECRETS_SYSTEM=youReallyNeedToChangeThis
-      - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise
-      - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis
-      - SERVE_PUBLIC_CORS_DEBUG=true
-      - LOG_LEVEL=debug
-      - LOG_LEAK_SENSITIVE_VALUES=true
-    restart: unless-stopped
-  psql:
-    image: postgres:11
-    environment:
-      - POSTGRES_PASSWORD=secret
-    ports:
-      - "5432:5432"
-  oauth:
-    build: ./test/integration_tests
-    network_mode: host
-    depends_on:
-      - hydra
-    environment:
-      - BASE_URL=http://localhost:4444/
-      - KEY=testapp
-      - SECRET=secret
-      - FLASK_ENV=development
-    # with this settings run:
-    ## `bash test/create-hydra-client.bash testapp clientsecret http://localhost:4445 http://localhost:13337/callback http://localhost:13337/ http://localhost:13337/logout
-    ## to register a corresponding oauth client with hydra
-    ports:
-      - "13337:13337"
-    command: flask run --port 13337
-    restart: unless-stopped
-
--- a/docs/local_development.md
+++ b/docs/local_development.md
-# Local development
-
-In order to run the single-sign-on system locally, you can start the environment
-via `docker-compose`.  Install docker-compose via `pip install docker-compose`
-after you [insalled docker](https://docs.docker.com/v17.12/install/) on your
-machine.
-
-Build and start all docker containers by running: 
-
-```
-docker-compose up --build
-```
-
-The default configuration works if you are running the setup on your local
-machine. You need to change the following values in the docker-compose.yml file
-in case you run the containers on a remote machine:
-
-```yaml
-environment:
- - URLS_SELF_ISSUER=http://YOUR_SERVER_FQDN:4444/
- - URLS_CONSENT=http://YOUR_SERVER_FQDN:5001/
- - URLS_LOGIN=http://YOUR_SERVER_FQDN:5000/
- - URLS_LOGOUT=http://YOUR_SERVER_FQDN:5000/logout
- - URLS_POST_LOGOUT_REDIRECT=http://YOUR_SERVER_FQDN:5000/ ```
-```
-
-Notice that you need to create users and applications before being able to
-login.  You can use the scripts located in `user-panel/backend/utils` to create
-users for testing.
-
-If you don't have an application you want to use as an OIDC client, you can use
-the small OpeinID Connect test application located at `test/login_logout/`.
-Instructions on how to run the test application can be found in
-`test/login_logout/README.md`.
-
-Refer to `.gitlab-ci.yml` to get an idea on how to run all of the tests that
-this repository contains.
-
-
-## Adding clients
-
-This section covers how you can manually add clients to the single-sign-on
-server. 
-
-Note that we recommend using the helm chart installation if you want to add
-clients. Take a look at the [helmchart documentation](helmchart) to see how you
-can register clients if you install `single-sign-on` with the helm chart.
-However, if you just want to test something on your docker-compose setup, keep
-reading.
-
-### Step 1: registering the client
-
-`single-sign-on` uses Hydra to provide an API for creating clients. As a
-starting point, you can have a look at `test/create-hydra-client.bash`. For more
-information on the available scopes and endpoints, you can take a look at
-`https://sso.<YOUR.DOMAIN>/.well-known/openid-configuration`.
-Remember the `client_name` and `client_secret` you use to register your
-application. You will need to enter the same name and secret in your application
-configuration in the next step.
-
-### Step 2: configuring the application
-
-You still need to configure the application you want to be able to log into to
-use the client you just registered. Some applications, like
-[Grafana](https://grafana.com/docs/grafana/latest/auth/generic-oauth/), support
-OpenID Connect out-of-the-box. Other applications, like
-[Nextcloud](https://nextcloud.com/), require [a
-plugin](https://apps.nextcloud.com/apps/sociallogin) to add this support.
-
-Different applications support different authentication methods. Again, take a
-look at the information available at
-`https://sso.<YOUR.DOMAIN>/.well-known/openid-configuration` to see the methods
-available to you with this single sign on server.
-
-### Step 3: configure the user backend
-
-After Step 2 you should be able to use the single sign-on function of your
-application. After starting the authentication via single sign-on you should be
-redirected to a login page that looks different from your application's default
-login page. The only thing you need to do now is add the application to the user
-panel and add application permission to your users.
-
-The easiest way to do so is to use the `utils` scripts in
-`user-panel/backend/utils`.
-
-If you are running your setup with docker compose simply execute:
-
-```
-docker exec -it $(docker ps | grep backend | awk '{ print $1 }') bash ./utils/create-application.bash <application-name> "<description>"
-docker exec -it $(docker ps | grep backend | awk '{ print $1 }') bash ./utils/grant-access.bash <username> <application-name>
-```
-