From 497389ceb9fb181375be6d4fc9c62de8d9b9b2d9 Mon Sep 17 00:00:00 2001 From: jasquat Date: Wed, 15 Feb 2023 17:07:12 -0500 Subject: [PATCH 01/24] updated configs to use the prefix using the script w/ burnettk --- .../bin/boot_server_in_docker | 4 +- .../bin/build_and_run_with_docker_compose | 4 +- spiffworkflow-backend/bin/deploy | 8 +-- .../bin/find_sample_process_models | 16 ++--- .../bin/get_bpmn_json_for_process_instance | 4 +- .../bin/git_commit_bpmn_models_repo | 10 +-- spiffworkflow-backend/bin/recreate_db | 16 ++--- spiffworkflow-backend/bin/run_server_locally | 12 ++-- .../bin/save_to_secrets_from_file | 4 +- spiffworkflow-backend/docker-compose.yml | 12 ++-- .../src/spiffworkflow_backend/__init__.py | 18 ++--- .../spiffworkflow_backend/config/__init__.py | 18 ++--- .../spiffworkflow_backend/config/default.py | 70 +++++++++---------- .../src/spiffworkflow_backend/config/demo.py | 10 +-- .../src/spiffworkflow_backend/config/dev.py | 8 +-- .../config/local_development.py | 10 +-- .../src/spiffworkflow_backend/config/qa1.py | 8 +-- .../src/spiffworkflow_backend/config/qa2.py | 6 +- .../config/sartography.py | 6 +- .../spiffworkflow_backend/config/staging.py | 6 +- .../config/terraform_deployed_environment.py | 18 ++--- .../config/unit_testing.py | 4 +- .../routes/process_api_blueprint.py | 2 +- .../routes/process_instances_controller.py | 2 +- .../routes/process_models_controller.py | 4 +- .../routes/service_tasks_controller.py | 4 +- .../routes/tasks_controller.py | 2 +- .../src/spiffworkflow_backend/routes/user.py | 4 +- .../scripts/get_frontend_url.py | 2 +- .../services/authentication_service.py | 6 +- .../services/authorization_service.py | 2 +- .../services/error_handling_service.py | 2 +- .../services/file_system_service.py | 4 +- .../services/git_service.py | 48 ++++++------- .../services/process_instance_processor.py | 2 +- .../services/service_task_service.py | 2 +- 36 files changed, 179 insertions(+), 179 deletions(-) diff --git a/spiffworkflow-backend/bin/boot_server_in_docker b/spiffworkflow-backend/bin/boot_server_in_docker index c0b233a8..4cd430a3 100755 --- a/spiffworkflow-backend/bin/boot_server_in_docker +++ b/spiffworkflow-backend/bin/boot_server_in_docker @@ -56,8 +56,8 @@ if [[ "${SPIFFWORKFLOW_BACKEND_RUN_DATA_SETUP:-}" != "false" ]]; then fi # Assure that the the Process Models Directory is initialized as a git repo -git init "${BPMN_SPEC_ABSOLUTE_DIR}" -git config --global --add safe.directory "${BPMN_SPEC_ABSOLUTE_DIR}" +git init "${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR}" +git config --global --add safe.directory "${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR}" export IS_GUNICORN="true" # THIS MUST BE THE LAST COMMAND! diff --git a/spiffworkflow-backend/bin/build_and_run_with_docker_compose b/spiffworkflow-backend/bin/build_and_run_with_docker_compose index c986e394..58fd61f0 100755 --- a/spiffworkflow-backend/bin/build_and_run_with_docker_compose +++ b/spiffworkflow-backend/bin/build_and_run_with_docker_compose @@ -7,8 +7,8 @@ function error_handler() { trap 'error_handler ${LINENO} $?' ERR set -o errtrace -o errexit -o nounset -o pipefail -BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models) -export BPMN_SPEC_ABSOLUTE_DIR +SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models) +export SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR if [[ -z "${SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE:-}" ]]; then export SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE=run diff --git a/spiffworkflow-backend/bin/deploy b/spiffworkflow-backend/bin/deploy index 466bb6d1..65aa3c2f 100755 --- a/spiffworkflow-backend/bin/deploy +++ b/spiffworkflow-backend/bin/deploy @@ -31,16 +31,16 @@ if [[ -z "${SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE:-}" ]]; then export SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE=run fi -if [[ -z "${SPIFFWORKFLOW_FRONTEND_URL:-}" ]]; then - export SPIFFWORKFLOW_FRONTEND_URL='http://167.172.242.138:7001' +if [[ -z "${SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL:-}" ]]; then + export SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL='http://167.172.242.138:7001' fi if [[ -z "${SPIFFWORKFLOW_BACKEND_URL:-}" ]]; then export SPIFFWORKFLOW_BACKEND_URL='http://167.172.242.138:7000' fi -if [[ -z "${OPEN_ID_SERVER_URL:-}" ]]; then - export OPEN_ID_SERVER_URL='http://167.172.242.138:7002' +if [[ -z "${SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL:-}" ]]; then + export SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL='http://167.172.242.138:7002' fi git pull diff --git a/spiffworkflow-backend/bin/find_sample_process_models b/spiffworkflow-backend/bin/find_sample_process_models index 52599639..ead42ca0 100755 --- a/spiffworkflow-backend/bin/find_sample_process_models +++ b/spiffworkflow-backend/bin/find_sample_process_models @@ -7,19 +7,19 @@ function error_handler() { trap 'error_handler ${LINENO} $?' ERR set -o errtrace -o errexit -o nounset -o pipefail -if [[ -z "${BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then +if [[ -z "${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then script_dir="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../../sample-process-models" - if [[ ! -d "$BPMN_SPEC_ABSOLUTE_DIR" ]]; then - BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../sample-process-models" - if [[ ! -d "$BPMN_SPEC_ABSOLUTE_DIR" ]]; then - >&2 echo "ERROR: Could not find a location for the sample processes. Last tried: $BPMN_SPEC_ABSOLUTE_DIR" + SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../../sample-process-models" + if [[ ! -d "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ]]; then + SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../sample-process-models" + if [[ ! -d "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ]]; then + >&2 echo "ERROR: Could not find a location for the sample processes. Last tried: $SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" exit 1 fi fi - pushd "$BPMN_SPEC_ABSOLUTE_DIR" >/dev/null 2>&1 + pushd "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" >/dev/null 2>&1 if [[ "$(git rev-parse --abbrev-ref HEAD)" == "main" ]]; then >&2 echo "ERROR: please do not use the main branch of sample-process-models. use dev" exit 1 @@ -27,4 +27,4 @@ if [[ -z "${BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then popd >/dev/null 2>&1 fi -realpath "$BPMN_SPEC_ABSOLUTE_DIR" +realpath "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" diff --git a/spiffworkflow-backend/bin/get_bpmn_json_for_process_instance b/spiffworkflow-backend/bin/get_bpmn_json_for_process_instance index 3cfedccc..d4e3d8ed 100644 --- a/spiffworkflow-backend/bin/get_bpmn_json_for_process_instance +++ b/spiffworkflow-backend/bin/get_bpmn_json_for_process_instance @@ -9,8 +9,8 @@ from spiffworkflow_backend.models.process_instance import ProcessInstanceModel def main(process_instance_id: str): """Main.""" os.environ["SPIFFWORKFLOW_BACKEND_ENV"] = "local_development" - if os.environ.get("BPMN_SPEC_ABSOLUTE_DIR") is None: - os.environ["BPMN_SPEC_ABSOLUTE_DIR"] = "hey" + if os.environ.get("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR") is None: + os.environ["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = "hey" flask_env_key = "FLASK_SESSION_SECRET_KEY" os.environ[flask_env_key] = "whatevs" app = create_app() diff --git a/spiffworkflow-backend/bin/git_commit_bpmn_models_repo b/spiffworkflow-backend/bin/git_commit_bpmn_models_repo index 3a2e0150..b475427a 100755 --- a/spiffworkflow-backend/bin/git_commit_bpmn_models_repo +++ b/spiffworkflow-backend/bin/git_commit_bpmn_models_repo @@ -21,8 +21,8 @@ if [[ -z "${5:-}" ]]; then exit 1 fi -if [[ -z "$git_commit_password" && -z "${GIT_SSH_PRIVATE_KEY:-}" ]]; then - >&2 echo "ERROR: A git password or GIT_SSH_PRIVATE_KEY must be provided" +if [[ -z "$git_commit_password" && -z "${SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY:-}" ]]; then + >&2 echo "ERROR: A git password or SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY must be provided" exit 1 fi @@ -43,10 +43,10 @@ function run() { git config --local user.name "$git_commit_username" git config --local user.email "$git_commit_email" - if [[ -n "${GIT_SSH_PRIVATE_KEY:-}" ]]; then + if [[ -n "${SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY:-}" ]]; then tmpfile=$(mktemp /tmp/tmp_git.XXXXXX) chmod 600 "$tmpfile" - echo "$GIT_SSH_PRIVATE_KEY" >"$tmpfile" + echo "$SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY" >"$tmpfile" export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${tmpfile} -F /dev/null" else PAT="${git_commit_username}:${git_commit_password}" @@ -57,7 +57,7 @@ function run() { git commit -m "$git_commit_message" git push --set-upstream origin "$git_branch" - if [[ -z "${GIT_SSH_PRIVATE_KEY:-}" ]]; then + if [[ -z "${SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY:-}" ]]; then git config --unset --local http.extraHeader fi fi diff --git a/spiffworkflow-backend/bin/recreate_db b/spiffworkflow-backend/bin/recreate_db index 8a4e4b5a..fac35da6 100755 --- a/spiffworkflow-backend/bin/recreate_db +++ b/spiffworkflow-backend/bin/recreate_db @@ -9,18 +9,18 @@ set -o errtrace -o errexit -o nounset -o pipefail export FLASK_SESSION_SECRET_KEY="this_is_recreate_db_secret_key" -if [[ -z "${BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then +if [[ -z "${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then script_dir="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../../sample-process-models" - if [[ ! -d "$BPMN_SPEC_ABSOLUTE_DIR" ]]; then - BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../sample-process-models" - if [[ ! -d "$BPMN_SPEC_ABSOLUTE_DIR" ]]; then - >&2 echo "ERROR: Could not find a location for the sample processes. Last tried: $BPMN_SPEC_ABSOLUTE_DIR" + SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../../sample-process-models" + if [[ ! -d "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ]]; then + SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../sample-process-models" + if [[ ! -d "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ]]; then + >&2 echo "ERROR: Could not find a location for the sample processes. Last tried: $SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" exit 1 fi fi - export BPMN_SPEC_ABSOLUTE_DIR + export SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR fi tasks="" @@ -40,7 +40,7 @@ if [[ "${1:-}" == "clean" ]]; then # TODO: check to see if the db already exists and we can connect to it. also actually clean it up. # start postgres in background with one db - if [[ "${SPIFF_DATABASE_TYPE:-}" == "postgres" ]]; then + if [[ "${SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE:-}" == "postgres" ]]; then if ! docker exec -it postgres-spiff psql -U spiffworkflow_backend spiffworkflow_backend_testing -c "select 1"; then docker run --name postgres-spiff -p 5432:5432 -e POSTGRES_PASSWORD=spiffworkflow_backend -e POSTGRES_USER=spiffworkflow_backend -e POSTGRES_DB=spiffworkflow_backend_testing -d postgres sleep 4 # classy diff --git a/spiffworkflow-backend/bin/run_server_locally b/spiffworkflow-backend/bin/run_server_locally index 213a4f39..2a4f5034 100755 --- a/spiffworkflow-backend/bin/run_server_locally +++ b/spiffworkflow-backend/bin/run_server_locally @@ -17,8 +17,8 @@ if [[ -z "${SPIFFWORKFLOW_BACKEND_ENV:-}" ]]; then export SPIFFWORKFLOW_BACKEND_ENV=local_development fi -BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models) -export BPMN_SPEC_ABSOLUTE_DIR +SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models) +export SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR export FLASK_SESSION_SECRET_KEY=super_secret_key export APPLICATION_ROOT="/" @@ -29,13 +29,13 @@ else export FLASK_DEBUG=1 if [[ "${SPIFFWORKFLOW_BACKEND_RUN_DATA_SETUP:-}" != "false" ]]; then - RUN_BACKGROUND_SCHEDULER=false SPIFFWORKFLOW_BACKEND_FAIL_ON_INVALID_PROCESS_MODELS=false poetry run python bin/save_all_bpmn.py + SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER=false SPIFFWORKFLOW_BACKEND_FAIL_ON_INVALID_PROCESS_MODELS=false poetry run python bin/save_all_bpmn.py fi - if [[ -z "${RUN_BACKGROUND_SCHEDULER:-}" ]]; then - RUN_BACKGROUND_SCHEDULER=true + if [[ -z "${SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER:-}" ]]; then + SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER=true fi # this line blocks - RUN_BACKGROUND_SCHEDULER="${RUN_BACKGROUND_SCHEDULER}" FLASK_APP=src/spiffworkflow_backend poetry run flask run -p 7000 + SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER="${SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER}" FLASK_APP=src/spiffworkflow_backend poetry run flask run -p 7000 fi diff --git a/spiffworkflow-backend/bin/save_to_secrets_from_file b/spiffworkflow-backend/bin/save_to_secrets_from_file index 5a28c66a..5fa1b0bd 100644 --- a/spiffworkflow-backend/bin/save_to_secrets_from_file +++ b/spiffworkflow-backend/bin/save_to_secrets_from_file @@ -11,8 +11,8 @@ from spiffworkflow_backend.services.secret_service import SecretService def main(env_file: str): """Main.""" os.environ["SPIFFWORKFLOW_BACKEND_ENV"] = "local_development" - if os.environ.get("BPMN_SPEC_ABSOLUTE_DIR") is None: - os.environ["BPMN_SPEC_ABSOLUTE_DIR"] = "hey" + if os.environ.get("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR") is None: + os.environ["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = "hey" flask_env_key = "FLASK_SESSION_SECRET_KEY" os.environ[flask_env_key] = "whatevs" app = create_app() diff --git a/spiffworkflow-backend/docker-compose.yml b/spiffworkflow-backend/docker-compose.yml index 4ec1028f..b1847ef6 100644 --- a/spiffworkflow-backend/docker-compose.yml +++ b/spiffworkflow-backend/docker-compose.yml @@ -54,21 +54,21 @@ services: - SPIFFWORKFLOW_BACKEND_ENV=${SPIFFWORKFLOW_BACKEND_ENV:-local_development} - FLASK_DEBUG=0 - FLASK_SESSION_SECRET_KEY=${FLASK_SESSION_SECRET_KEY:-super_secret_key} - - OPEN_ID_SERVER_URL=${OPEN_ID_SERVER_URL:-http://localhost:7002/realms/spiffworkflow} - - SPIFFWORKFLOW_FRONTEND_URL=${SPIFFWORKFLOW_FRONTEND_URL:-http://localhost:7001} + - SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL=${SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL:-http://localhost:7002/realms/spiffworkflow} + - SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL=${SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL:-http://localhost:7001} - SPIFFWORKFLOW_BACKEND_URL=${SPIFFWORKFLOW_BACKEND_URL:-http://localhost:7000} - SPIFFWORKFLOW_BACKEND_PORT=7000 - SPIFFWORKFLOW_BACKEND_UPGRADE_DB=true - SPIFFWORKFLOW_BACKEND_DATABASE_URI=mysql+mysqlconnector://root:${SPIFFWORKFLOW_BACKEND_MYSQL_ROOT_DATABASE:-my-secret-pw}@localhost:7003/${SPIFFWORKFLOW_BACKEND_DATABASE_NAME:-spiffworkflow_backend_development} - - BPMN_SPEC_ABSOLUTE_DIR=/app/process_models + - SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=/app/process_models - SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA=${SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA:-false} - SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME=${SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME:-acceptance_tests.yml} - - RUN_BACKGROUND_SCHEDULER=true + - SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER=true ports: - "7000:7000" network_mode: host volumes: - - ${BPMN_SPEC_ABSOLUTE_DIR:-../../sample-process-models}:/app/process_models + - ${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR:-../../sample-process-models}:/app/process_models - ./log:/app/log healthcheck: test: curl localhost:7000/v1.0/status --fail @@ -82,7 +82,7 @@ services: profiles: - debug volumes: - - ${BPMN_SPEC_ABSOLUTE_DIR:-../../sample-process-models}:/app/process_models + - ${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR:-../../sample-process-models}:/app/process_models - ./:/app command: /app/bin/boot_in_docker_debug_mode diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py index eb759d46..79c02b4b 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py @@ -115,7 +115,7 @@ def create_app() -> flask.app.Flask: # need to continually keep asking for the same path. origins_re = [ r"^https?:\/\/%s(.*)" % o.replace(".", r"\.") - for o in app.config["CORS_ALLOW_ORIGINS"] + for o in app.config["SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS"] ] CORS(app, origins=origins_re, max_age=3600, supports_credentials=True) @@ -128,7 +128,7 @@ def create_app() -> flask.app.Flask: # do not start the scheduler twice in flask debug mode if ( - app.config["RUN_BACKGROUND_SCHEDULER"] + app.config["SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER"] and os.environ.get("WERKZEUG_RUN_MAIN") != "true" ): start_scheduler(app) @@ -147,13 +147,13 @@ def get_hacked_up_app_for_script() -> flask.app.Flask: os.environ["SPIFFWORKFLOW_BACKEND_ENV"] = "local_development" flask_env_key = "FLASK_SESSION_SECRET_KEY" os.environ[flask_env_key] = "whatevs" - if "BPMN_SPEC_ABSOLUTE_DIR" not in os.environ: + if "SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" not in os.environ: home = os.environ["HOME"] full_process_model_path = ( f"{home}/projects/github/sartography/sample-process-models" ) if os.path.isdir(full_process_model_path): - os.environ["BPMN_SPEC_ABSOLUTE_DIR"] = full_process_model_path + os.environ["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = full_process_model_path else: raise Exception(f"Could not find {full_process_model_path}") app = create_app() @@ -198,20 +198,20 @@ def configure_sentry(app: flask.app.Flask) -> None: return None return event - sentry_errors_sample_rate = app.config.get("SENTRY_ERRORS_SAMPLE_RATE") + sentry_errors_sample_rate = app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE") if sentry_errors_sample_rate is None: - raise Exception("SENTRY_ERRORS_SAMPLE_RATE is not set somehow") + raise Exception("SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE is not set somehow") - sentry_traces_sample_rate = app.config.get("SENTRY_TRACES_SAMPLE_RATE") + sentry_traces_sample_rate = app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE") if sentry_traces_sample_rate is None: - raise Exception("SENTRY_TRACES_SAMPLE_RATE is not set somehow") + raise Exception("SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE is not set somehow") # profiling doesn't work on windows, because of an issue like https://github.com/nvdv/vprof/issues/62 # but also we commented out profiling because it was causing segfaults (i guess it is marked experimental) # profiles_sample_rate = 0 if sys.platform.startswith("win") else 1 sentry_sdk.init( - dsn=app.config.get("SENTRY_DSN"), + dsn=app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_DSN"), integrations=[ FlaskIntegration(), ], diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py index e0c18ee5..267c9c10 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py @@ -17,11 +17,11 @@ def setup_database_uri(app: Flask) -> None: """Setup_database_uri.""" if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_URI") is None: database_name = f"spiffworkflow_backend_{app.config['ENV_IDENTIFIER']}" - if app.config.get("SPIFF_DATABASE_TYPE") == "sqlite": + if app.config.get("SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE") == "sqlite": app.config["SQLALCHEMY_DATABASE_URI"] = ( f"sqlite:///{app.instance_path}/db_{app.config['ENV_IDENTIFIER']}.sqlite3" ) - elif app.config.get("SPIFF_DATABASE_TYPE") == "postgres": + elif app.config.get("SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE") == "postgres": app.config["SQLALCHEMY_DATABASE_URI"] = ( f"postgresql://spiffworkflow_backend:spiffworkflow_backend@localhost:5432/{database_name}" ) @@ -52,15 +52,15 @@ def load_config_file(app: Flask, env_config_module: str) -> None: def _set_up_tenant_specific_fields_as_list_of_strings(app: Flask) -> None: - tenant_specific_fields = app.config.get("OPEN_ID_TENANT_SPECIFIC_FIELDS") + tenant_specific_fields = app.config.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS") if tenant_specific_fields is None or tenant_specific_fields == "": - app.config["OPEN_ID_TENANT_SPECIFIC_FIELDS"] = [] + app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"] = [] else: - app.config["OPEN_ID_TENANT_SPECIFIC_FIELDS"] = tenant_specific_fields.split(",") - if len(app.config["OPEN_ID_TENANT_SPECIFIC_FIELDS"]) > 3: + app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"] = tenant_specific_fields.split(",") + if len(app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"]) > 3: raise ConfigurationError( - "OPEN_ID_TENANT_SPECIFIC_FIELDS can have a maximum of 3 fields" + "SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS can have a maximum of 3 fields" ) @@ -116,8 +116,8 @@ def setup_config(app: Flask) -> None: # src/spiffworkflow_backend/config/secrets.py app.config.from_pyfile(os.path.join("config", "secrets.py"), silent=True) - if app.config["BPMN_SPEC_ABSOLUTE_DIR"] is None: - raise ConfigurationError("BPMN_SPEC_ABSOLUTE_DIR config must be set") + if app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] is None: + raise ConfigurationError("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set") app.config["PROCESS_UUID"] = uuid.uuid4() diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index 8002a998..dd9ea4d0 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -2,44 +2,44 @@ import re from os import environ -BPMN_SPEC_ABSOLUTE_DIR = environ.get("BPMN_SPEC_ABSOLUTE_DIR") +SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR = environ.get("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR") cors_allow_all = "*" -CORS_ALLOW_ORIGINS = re.split( - r",\s*", environ.get("CORS_ALLOW_ORIGINS", default=cors_allow_all) +SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS = re.split( + r",\s*", environ.get("SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS", default=cors_allow_all) ) -RUN_BACKGROUND_SCHEDULER = ( - environ.get("RUN_BACKGROUND_SCHEDULER", default="false") == "true" +SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( + environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" ) -SPIFFWORKFLOW_FRONTEND_URL = environ.get( - "SPIFFWORKFLOW_FRONTEND_URL", default="http://localhost:7001" +SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = environ.get( + "SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL", default="http://localhost:7001" ) SPIFFWORKFLOW_BACKEND_URL = environ.get( "SPIFFWORKFLOW_BACKEND_URL", default="http://localhost:7000" ) # service task connector proxy -CONNECTOR_PROXY_URL = environ.get( - "CONNECTOR_PROXY_URL", default="http://localhost:7004" +SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = environ.get( + "SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL", default="http://localhost:7004" ) # Open ID server -OPEN_ID_SERVER_URL = environ.get( - "OPEN_ID_SERVER_URL", +SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = environ.get( + "SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL", default="http://localhost:7002/realms/spiffworkflow" - # "OPEN_ID_SERVER_URL", default="http://localhost:7000/openid" + # "SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL", default="http://localhost:7000/openid" ) # Replace above line with this to use the built-in Open ID Server. -# OPEN_ID_SERVER_URL = environ.get("OPEN_ID_SERVER_URL", default="http://localhost:7000/openid") -OPEN_ID_CLIENT_ID = environ.get("OPEN_ID_CLIENT_ID", default="spiffworkflow-backend") -OPEN_ID_CLIENT_SECRET_KEY = environ.get( - "OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" +# SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = environ.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL", default="http://localhost:7000/openid") +SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID = environ.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID", default="spiffworkflow-backend") +SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY = environ.get( + "SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" ) # noqa: S105 # Tenant specific fields is a comma separated list of field names that we will convert to list of strings # and store in the user table's tenant_specific_field_n columns. You can have up to three items in this # comma-separated list. -OPEN_ID_TENANT_SPECIFIC_FIELDS = environ.get("OPEN_ID_TENANT_SPECIFIC_FIELDS") +SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS = environ.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS") SPIFFWORKFLOW_BACKEND_LOG_TO_FILE = ( environ.get("SPIFFWORKFLOW_BACKEND_LOG_TO_FILE", default="false") == "true" @@ -50,12 +50,12 @@ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( ) # Sentry Configuration -SENTRY_DSN = environ.get("SENTRY_DSN", default="") -SENTRY_ERRORS_SAMPLE_RATE = environ.get( - "SENTRY_ERRORS_SAMPLE_RATE", default="1" +SPIFFWORKFLOW_BACKEND_SENTRY_DSN = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_DSN", default="") +SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE", default="1" ) # send all errors -SENTRY_TRACES_SAMPLE_RATE = environ.get( - "SENTRY_TRACES_SAMPLE_RATE", default="0.01" +SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE", default="0.01" ) # send 1% of traces SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get( @@ -64,29 +64,29 @@ SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get( # When a user clicks on the `Publish` button, this is the default branch this server merges into. # I.e., dev server could have `staging` here. Staging server might have `production` here. -GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO") -GIT_BRANCH = environ.get("GIT_BRANCH") -GIT_CLONE_URL_FOR_PUBLISHING = environ.get("GIT_CLONE_URL") -GIT_COMMIT_ON_SAVE = environ.get("GIT_COMMIT_ON_SAVE", default="false") == "true" -GIT_SSH_PRIVATE_KEY = environ.get("GIT_SSH_PRIVATE_KEY") -GIT_USERNAME = environ.get("GIT_USERNAME") -GIT_USER_EMAIL = environ.get("GIT_USER_EMAIL") +SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO") +SPIFFWORKFLOW_BACKEND_GIT_BRANCH = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH") +SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING = environ.get("GIT_CLONE_URL") +SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = environ.get("SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE", default="false") == "true" +SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get("SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY") +SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME") +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL") # Database Configuration -SPIFF_DATABASE_TYPE = environ.get( - "SPIFF_DATABASE_TYPE", default="mysql" +SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE = environ.get( + "SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE", default="mysql" ) # can also be sqlite, postgres # Overide above with specific sqlalchymy connection string. SPIFFWORKFLOW_BACKEND_DATABASE_URI = environ.get( "SPIFFWORKFLOW_BACKEND_DATABASE_URI", default=None ) -SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID = environ.get( - "SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID", +SPIFFWORKFLOW_BACKEND_SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID = environ.get( + "SPIFFWORKFLOW_BACKEND_SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID", default="Message_SystemMessageNotification", ) -ALLOW_CONFISCATING_LOCK_AFTER_SECONDS = int( - environ.get("ALLOW_CONFISCATING_LOCK_AFTER_SECONDS", default="600") +SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS = int( + environ.get("SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS", default="600") ) SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP = environ.get( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/demo.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/demo.py index 06e9184d..c9694489 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/demo.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/demo.py @@ -1,14 +1,14 @@ """Demo environment.""" from os import environ -GIT_COMMIT_ON_SAVE = True -GIT_USERNAME = "demo" -GIT_USER_EMAIL = "demo@example.com" +SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = True +SPIFFWORKFLOW_BACKEND_GIT_USERNAME = "demo" +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = "demo@example.com" SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="terraform_deployed_environment.yml", ) -RUN_BACKGROUND_SCHEDULER = ( - environ.get("RUN_BACKGROUND_SCHEDULER", default="false") == "true" +SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( + environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py index cbbc269a..7b8104ec 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py @@ -1,9 +1,9 @@ """Dev.""" from os import environ -GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO", default="staging") -GIT_USERNAME = environ.get("GIT_USERNAME", default="sartography-automated-committer") -GIT_USER_EMAIL = environ.get( - "GIT_USER_EMAIL", default="sartography-automated-committer@users.noreply.github.com" +SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="staging") +SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME", default="sartography-automated-committer") +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", default="sartography-automated-committer@users.noreply.github.com" ) SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = "dev.yml" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/local_development.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/local_development.py index a1129c67..633d5ef7 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/local_development.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/local_development.py @@ -9,11 +9,11 @@ SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get( "SPIFFWORKFLOW_BACKEND_LOG_LEVEL", default="debug" ) -RUN_BACKGROUND_SCHEDULER = ( - environ.get("RUN_BACKGROUND_SCHEDULER", default="false") == "true" +SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( + environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" ) -GIT_CLONE_URL_FOR_PUBLISHING = environ.get( +SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING = environ.get( "GIT_CLONE_URL", default="https://github.com/sartography/sample-process-models.git" ) -GIT_USERNAME = "sartography-automated-committer" -GIT_USER_EMAIL = f"{GIT_USERNAME}@users.noreply.github.com" +SPIFFWORKFLOW_BACKEND_GIT_USERNAME = "sartography-automated-committer" +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa1.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa1.py index 8e8f4379..2e55e5c9 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa1.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa1.py @@ -1,10 +1,10 @@ """Qa1.""" from os import environ -GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO", default="qa2") -GIT_USERNAME = environ.get("GIT_USERNAME", default="sartography-automated-committer") -GIT_USER_EMAIL = environ.get( - "GIT_USER_EMAIL", default=f"{GIT_USERNAME}@users.noreply.github.com" +SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="qa2") +SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME", default="sartography-automated-committer") +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", default=f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com" ) SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="qa1.yml" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py index 561954f6..ed752821 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py @@ -4,7 +4,7 @@ from os import environ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="qa1.yml" ) -SPIFFWORKFLOW_FRONTEND_URL = "https://qa2.spiffworkflow.org" -OPEN_ID_SERVER_URL = "https://qa2.spiffworkflow.org/keycloak/realms/spiffworkflow" +SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = "https://qa2.spiffworkflow.org" +SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = "https://qa2.spiffworkflow.org/keycloak/realms/spiffworkflow" SPIFFWORKFLOW_BACKEND_URL = "https://qa2.spiffworkflow.org/api" -CONNECTOR_PROXY_URL = "https://qa2.spiffworkflow.org/connector-proxy" +SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = "https://qa2.spiffworkflow.org/connector-proxy" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/sartography.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/sartography.py index 016076b9..dd6a307c 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/sartography.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/sartography.py @@ -2,9 +2,9 @@ from os import environ environment_identifier_for_this_config_file_only = environ["SPIFFWORKFLOW_BACKEND_ENV"] -OPEN_ID_SERVER_URL = f"https://keycloak.{environment_identifier_for_this_config_file_only}.spiffworkflow.org/realms/sartography" -GIT_BRANCH = environ.get("GIT_BRANCH", default="main") -GIT_CLONE_URL_FOR_PUBLISHING = environ.get( +SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = f"https://keycloak.{environment_identifier_for_this_config_file_only}.spiffworkflow.org/realms/sartography" +SPIFFWORKFLOW_BACKEND_GIT_BRANCH = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH", default="main") +SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING = environ.get( "GIT_CLONE_URL", default="https://github.com/sartography/sartography-process-models.git", ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py index 80716331..bd77dcab 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py @@ -1,7 +1,7 @@ """Staging.""" from os import environ -GIT_BRANCH = environ.get("GIT_BRANCH", default="staging") -GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO", default="main") -GIT_COMMIT_ON_SAVE = False +SPIFFWORKFLOW_BACKEND_GIT_BRANCH = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH", default="staging") +SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="main") +SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = False SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = "staging.yml" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py index efd45183..1c03676d 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py @@ -4,26 +4,26 @@ from os import environ # default.py already ensured that this key existed as was not None environment_identifier_for_this_config_file_only = environ["SPIFFWORKFLOW_BACKEND_ENV"] -GIT_COMMIT_ON_SAVE = True -GIT_USERNAME = "sartography-automated-committer" -GIT_USER_EMAIL = f"{GIT_USERNAME}@users.noreply.github.com" +SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = True +SPIFFWORKFLOW_BACKEND_GIT_USERNAME = "sartography-automated-committer" +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com" SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="terraform_deployed_environment.yml", ) -RUN_BACKGROUND_SCHEDULER = ( - environ.get("RUN_BACKGROUND_SCHEDULER", default="false") == "true" +SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( + environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" ) -OPEN_ID_SERVER_URL = f"https://keycloak.{environment_identifier_for_this_config_file_only}.spiffworkflow.org/realms/spiffworkflow" -SPIFFWORKFLOW_FRONTEND_URL = ( +SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = f"https://keycloak.{environment_identifier_for_this_config_file_only}.spiffworkflow.org/realms/spiffworkflow" +SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = ( f"https://{environment_identifier_for_this_config_file_only}.spiffworkflow.org" ) SPIFFWORKFLOW_BACKEND_URL = ( f"https://api.{environment_identifier_for_this_config_file_only}.spiffworkflow.org" ) -CONNECTOR_PROXY_URL = f"https://connector-proxy.{environment_identifier_for_this_config_file_only}.spiffworkflow.org" -GIT_CLONE_URL_FOR_PUBLISHING = environ.get( +SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = f"https://connector-proxy.{environment_identifier_for_this_config_file_only}.spiffworkflow.org" +SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING = environ.get( "GIT_CLONE_URL", default="https://github.com/sartography/sample-process-models.git" ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/unit_testing.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/unit_testing.py index 77f123e9..e486fe76 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/unit_testing.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/unit_testing.py @@ -15,11 +15,11 @@ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get( "SPIFFWORKFLOW_BACKEND_LOG_LEVEL", default="debug" ) -GIT_COMMIT_ON_SAVE = False +SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = False # NOTE: set this here since nox shoves tests and src code to # different places and this allows us to know exactly where we are at the start -BPMN_SPEC_ABSOLUTE_DIR = os.path.join( +SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR = os.path.join( os.path.dirname(__file__), "..", "..", diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py index 82263475..d50255a8 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py @@ -305,7 +305,7 @@ def manual_complete_task( def _commit_and_push_to_git(message: str) -> None: """Commit_and_push_to_git.""" - if current_app.config["GIT_COMMIT_ON_SAVE"]: + if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE"]: git_output = GitService.commit(message=message) current_app.logger.info(f"git output: {git_output}") else: diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py index c085c9e9..634d2128 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py @@ -136,7 +136,7 @@ def process_instance_run( finally: processor.unlock_process_instance("Web") - if not current_app.config["RUN_BACKGROUND_SCHEDULER"]: + if not current_app.config["SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER"]: MessageService.process_message_instances() process_instance_api = ProcessInstanceService.processor_to_process_instance_api( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_models_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_models_controller.py index 120db8ca..bdeccbd8 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_models_controller.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_models_controller.py @@ -225,10 +225,10 @@ def process_model_publish( ) -> flask.wrappers.Response: """Process_model_publish.""" if branch_to_update is None: - branch_to_update = current_app.config["GIT_BRANCH_TO_PUBLISH_TO"] + branch_to_update = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO"] if branch_to_update is None: raise MissingGitConfigsError( - "Missing config for GIT_BRANCH_TO_PUBLISH_TO. " + "Missing config for SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO. " "This is required for publishing process models" ) process_model_identifier = _un_modify_modified_process_model_id( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py index a1708ce8..b8e0df25 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py @@ -27,7 +27,7 @@ def authentication_list() -> flask.wrappers.Response: available_authentications = ServiceTaskService.authentication_list() response_json = { "results": available_authentications, - "connector_proxy_base_url": current_app.config["CONNECTOR_PROXY_URL"], + "connector_proxy_base_url": current_app.config["SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL"], "redirect_url": f"{current_app.config['SPIFFWORKFLOW_BACKEND_URL']}/v1.0/authentication_callback", } @@ -45,5 +45,5 @@ def authentication_callback( f"{service}/{auth_method}", response, g.user.id, create_if_not_exists=True ) return redirect( - f"{current_app.config['SPIFFWORKFLOW_FRONTEND_URL']}/admin/configuration" + f"{current_app.config['SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL']}/admin/configuration" ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py index e40bf057..269fb113 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py @@ -674,7 +674,7 @@ def _get_potential_owner_usernames(assigned_user: AliasedClass) -> Any: potential_owner_usernames_from_group_concat_or_similar = func.group_concat( assigned_user.username.distinct() ).label("potential_owner_usernames") - db_type = current_app.config.get("SPIFF_DATABASE_TYPE") + db_type = current_app.config.get("SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE") if db_type == "postgres": potential_owner_usernames_from_group_concat_or_similar = func.string_agg( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py index 08727bdd..2f48e873 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py @@ -186,7 +186,7 @@ def set_new_access_token_in_cookie( """ tld = current_app.config["THREAD_LOCAL_DATA"] domain_for_frontend_cookie: Optional[str] = re.sub( - r"^https?:\/\/", "", current_app.config["SPIFFWORKFLOW_FRONTEND_URL"] + r"^https?:\/\/", "", current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"] ) if domain_for_frontend_cookie and domain_for_frontend_cookie.startswith( "localhost" @@ -351,7 +351,7 @@ def logout(id_token: str, redirect_url: Optional[str]) -> Response: def logout_return() -> Response: """Logout_return.""" - frontend_url = str(current_app.config["SPIFFWORKFLOW_FRONTEND_URL"]) + frontend_url = str(current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"]) return redirect(f"{frontend_url}/") diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_frontend_url.py b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_frontend_url.py index b128214a..1dee0c49 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_frontend_url.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_frontend_url.py @@ -28,4 +28,4 @@ class GetFrontendUrl(Script): **kwargs: Any ) -> Any: """Run.""" - return current_app.config["SPIFFWORKFLOW_FRONTEND_URL"] + return current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"] diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py index 9e5cb6ce..178c56fa 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py @@ -63,17 +63,17 @@ class AuthenticationService: @staticmethod def client_id() -> str: """Returns the client id from the config.""" - return current_app.config.get("OPEN_ID_CLIENT_ID", "") + return current_app.config.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID", "") @staticmethod def server_url() -> str: """Returns the server url from the config.""" - return current_app.config.get("OPEN_ID_SERVER_URL", "") + return current_app.config.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL", "") @staticmethod def secret_key() -> str: """Returns the secret key from the config.""" - return current_app.config.get("OPEN_ID_CLIENT_SECRET_KEY", "") + return current_app.config.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY", "") @classmethod def open_id_endpoint_for_name(cls, name: str) -> str: diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index d00fc162..3a34acea 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -504,7 +504,7 @@ class AuthorizationService: user_attributes["service_id"] = user_info["sub"] for field_index, tenant_specific_field in enumerate( - current_app.config["OPEN_ID_TENANT_SPECIFIC_FIELDS"] + current_app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"] ): if tenant_specific_field in user_info: field_number = field_index + 1 diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/error_handling_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/error_handling_service.py index ec1f5d36..740aa106 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/error_handling_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/error_handling_service.py @@ -81,7 +81,7 @@ class ErrorHandlingService: ) message_payload = {"message_text": message_text, "recipients": recipients} message_identifier = current_app.config[ - "SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID" + "SPIFFWORKFLOW_BACKEND_SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID" ] message_model = MessageModel.query.filter_by( identifier=message_identifier diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/file_system_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/file_system_service.py index ffca4f2c..92dcb9bb 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/file_system_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/file_system_service.py @@ -40,7 +40,7 @@ class FileSystemService: @staticmethod def root_path() -> str: """Root_path.""" - dir_name = current_app.config["BPMN_SPEC_ABSOLUTE_DIR"] + dir_name = current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] # ensure this is a string - thanks mypy... return os.path.abspath(os.path.join(dir_name, "")) @@ -66,7 +66,7 @@ class FileSystemService: @staticmethod def process_model_relative_path(spec: ProcessModelInfo) -> str: - """Get the file path to a process model relative to BPMN_SPEC_ABSOLUTE_DIR. + """Get the file path to a process model relative to SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR. If the full path is /path/to/process-group-a/group-b/process-model-a, it will return: process-group-a/group-b/process-model-a diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py index 3b8f518a..c5655cd1 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py @@ -37,7 +37,7 @@ class GitService: @classmethod def get_current_revision(cls) -> str: """Get_current_revision.""" - bpmn_spec_absolute_dir = current_app.config["BPMN_SPEC_ABSOLUTE_DIR"] + bpmn_spec_absolute_dir = current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] # The value includes a carriage return character at the end, so we don't grab the last character with FileSystemService.cd(bpmn_spec_absolute_dir): return cls.run_shell_command_to_get_stdout( @@ -52,7 +52,7 @@ class GitService: file_name: Optional[str] = None, ) -> str: """Get_instance_file_contents_for_revision.""" - bpmn_spec_absolute_dir = current_app.config["BPMN_SPEC_ABSOLUTE_DIR"] + bpmn_spec_absolute_dir = current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] process_model_relative_path = FileSystemService.process_model_relative_path( process_model ) @@ -78,22 +78,22 @@ class GitService: cls.check_for_basic_configs() branch_name_to_use = branch_name if branch_name_to_use is None: - branch_name_to_use = current_app.config["GIT_BRANCH"] + branch_name_to_use = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH"] repo_path_to_use = repo_path if repo_path is None: - repo_path_to_use = current_app.config["BPMN_SPEC_ABSOLUTE_DIR"] + repo_path_to_use = current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] if repo_path_to_use is None: - raise ConfigurationError("BPMN_SPEC_ABSOLUTE_DIR config must be set") - if current_app.config["GIT_SSH_PRIVATE_KEY"]: - os.environ["GIT_SSH_PRIVATE_KEY"] = current_app.config[ - "GIT_SSH_PRIVATE_KEY" + raise ConfigurationError("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set") + if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"]: + os.environ["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"] = current_app.config[ + "SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY" ] git_username = "" git_email = "" - if current_app.config["GIT_USERNAME"] and current_app.config["GIT_USER_EMAIL"]: - git_username = current_app.config["GIT_USERNAME"] - git_email = current_app.config["GIT_USER_EMAIL"] + if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USERNAME"] and current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL"]: + git_username = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USERNAME"] + git_email = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL"] shell_command_path = os.path.join( current_app.root_path, "..", "..", "bin", "git_commit_bpmn_models_repo" ) @@ -111,9 +111,9 @@ class GitService: @classmethod def check_for_basic_configs(cls) -> None: """Check_for_basic_configs.""" - if current_app.config["GIT_BRANCH"] is None: + if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH"] is None: raise MissingGitConfigsError( - "Missing config for GIT_BRANCH. " + "Missing config for SPIFFWORKFLOW_BACKEND_GIT_BRANCH. " "This is required for publishing process models" ) @@ -121,14 +121,14 @@ class GitService: def check_for_publish_configs(cls) -> None: """Check_for_configs.""" cls.check_for_basic_configs() - if current_app.config["GIT_BRANCH_TO_PUBLISH_TO"] is None: + if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO"] is None: raise MissingGitConfigsError( - "Missing config for GIT_BRANCH_TO_PUBLISH_TO. " + "Missing config for SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO. " "This is required for publishing process models" ) - if current_app.config["GIT_CLONE_URL_FOR_PUBLISHING"] is None: + if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING"] is None: raise MissingGitConfigsError( - "Missing config for GIT_CLONE_URL_FOR_PUBLISHING. " + "Missing config for SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING. " "This is required for publishing process models" ) @@ -182,7 +182,7 @@ class GitService: ) clone_url = webhook["repository"]["clone_url"] - if clone_url != current_app.config["GIT_CLONE_URL_FOR_PUBLISHING"]: + if clone_url != current_app.config["SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING"]: raise GitCloneUrlMismatchError( "Configured clone url does not match clone url from webhook:" f" {clone_url}" @@ -193,18 +193,18 @@ class GitService: f"Could not find the 'ref' arg in the webhook boy: {webhook}" ) - if current_app.config["GIT_BRANCH"] is None: + if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH"] is None: raise MissingGitConfigsError( - "Missing config for GIT_BRANCH. This is required for updating the" + "Missing config for SPIFFWORKFLOW_BACKEND_GIT_BRANCH. This is required for updating the" " repository as a result of the webhook" ) ref = webhook["ref"] - git_branch = current_app.config["GIT_BRANCH"] + git_branch = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH"] if ref != f"refs/heads/{git_branch}": return False - with FileSystemService.cd(current_app.config["BPMN_SPEC_ABSOLUTE_DIR"]): + with FileSystemService.cd(current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"]): cls.run_shell_command(["git", "pull"]) return True @@ -223,11 +223,11 @@ class GitService: # we are adding a guid to this so the flake8 issue has been mitigated destination_process_root = f"/tmp/{clone_dir}" # noqa - git_clone_url = current_app.config["GIT_CLONE_URL_FOR_PUBLISHING"] + git_clone_url = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING"] if git_clone_url.startswith("https://"): git_clone_url = git_clone_url.replace( "https://", - f"https://{current_app.config['GIT_USERNAME']}:{current_app.config['GIT_USER_PASSWORD']}@", + f"https://{current_app.config['SPIFFWORKFLOW_BACKEND_GIT_USERNAME']}:{current_app.config['GIT_USER_PASSWORD']}@", ) cmd = ["git", "clone", git_clone_url, destination_process_root] diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py index a1130d37..cb2a076d 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py @@ -1301,7 +1301,7 @@ class ProcessInstanceProcessor: current_time_in_seconds = round(time.time()) lock_expiry_in_seconds = ( current_time_in_seconds - - current_app.config["ALLOW_CONFISCATING_LOCK_AFTER_SECONDS"] + - current_app.config["SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS"] ) query_text = text( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/service_task_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/service_task_service.py index 8d4fd43b..5931989b 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/service_task_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/service_task_service.py @@ -18,7 +18,7 @@ class ConnectorProxyError(Exception): def connector_proxy_url() -> Any: """Returns the connector proxy url.""" - return current_app.config["CONNECTOR_PROXY_URL"] + return current_app.config["SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL"] class ServiceTaskDelegate: From 78360de25f7653e1d67194d51d96199b44c4e3b4 Mon Sep 17 00:00:00 2001 From: jasquat Date: Wed, 15 Feb 2023 17:17:47 -0500 Subject: [PATCH 02/24] updated secret config names as well w/ burnettk --- .../src/spiffworkflow_backend/exceptions/api_error.py | 4 ++-- .../spiffworkflow_backend/services/authorization_service.py | 2 +- .../src/spiffworkflow_backend/services/git_service.py | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/exceptions/api_error.py b/spiffworkflow-backend/src/spiffworkflow_backend/exceptions/api_error.py index bb6d84f4..de9956fc 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/exceptions/api_error.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/exceptions/api_error.py @@ -206,8 +206,8 @@ def handle_exception(exception: Exception) -> flask.wrappers.Response: f" {exception.error_code}" ) - organization_slug = current_app.config.get("SENTRY_ORGANIZATION_SLUG") - project_slug = current_app.config.get("SENTRY_PROJECT_SLUG") + organization_slug = current_app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG") + project_slug = current_app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG") if organization_slug and project_slug: sentry_link = ( f"https://sentry.io/{organization_slug}/{project_slug}/events/{id}" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index 3a34acea..abd9c8d5 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -107,7 +107,7 @@ class AuthorizationService: ) received_sign = auth_header.split("sha256=")[-1].strip() - secret = current_app.config["GITHUB_WEBHOOK_SECRET"].encode() + secret = current_app.config["SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET"].encode() expected_sign = HMAC(key=secret, msg=request.data, digestmod=sha256).hexdigest() if not compare_digest(received_sign, expected_sign): raise TokenInvalidError( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py index c5655cd1..2ddee7d6 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py @@ -104,7 +104,7 @@ class GitService: branch_name_to_use, git_username, git_email, - current_app.config["GIT_USER_PASSWORD"], + current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD"], ] return cls.run_shell_command_to_get_stdout(shell_command) @@ -227,7 +227,7 @@ class GitService: if git_clone_url.startswith("https://"): git_clone_url = git_clone_url.replace( "https://", - f"https://{current_app.config['SPIFFWORKFLOW_BACKEND_GIT_USERNAME']}:{current_app.config['GIT_USER_PASSWORD']}@", + f"https://{current_app.config['SPIFFWORKFLOW_BACKEND_GIT_USERNAME']}:{current_app.config['SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD']}@", ) cmd = ["git", "clone", git_clone_url, destination_process_root] From 3abd4c92c62731a56db65e93e155442e6dc9ed58 Mon Sep 17 00:00:00 2001 From: jasquat Date: Wed, 15 Feb 2023 17:21:37 -0500 Subject: [PATCH 03/24] updated remaining configs manually w/ burnettk --- docker-compose.yml | 14 +++++++------- spiffworkflow-backend/bin/boot_server_in_docker | 8 ++++---- spiffworkflow-backend/bin/run_server_locally | 2 +- spiffworkflow-backend/docker-compose.yml | 16 ++++++++-------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 31e348b5..e19ec4a2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,24 +18,24 @@ services: spiffworkflow-db: condition: service_healthy environment: - APPLICATION_ROOT: "/" + SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT: "/" SPIFFWORKFLOW_BACKEND_ENV: "local_development" FLASK_DEBUG: "0" FLASK_SESSION_SECRET_KEY: "${FLASK_SESSION_SECRET_KEY:-super_secret_key}" - OPEN_ID_SERVER_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}/openid" + SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}/openid" SPIFFWORKFLOW_FRONTEND_URL: "http://localhost:${SPIFF_FRONTEND_PORT:-8001}" # WARNING: Frontend is a static site which assumes frontend port - 1 on localhost. SPIFFWORKFLOW_BACKEND_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}" SPIFFWORKFLOW_BACKEND_PORT: "${SPIFF_BACKEND_PORT:-8000}" SPIFFWORKFLOW_BACKEND_UPGRADE_DB: "true" SPIFFWORKFLOW_BACKEND_DATABASE_URI: "mysql+mysqlconnector://root:${SPIFF_MYSQL_PASS:-my-secret-pw}@spiffworkflow-db:${SPIFF_MYSQL_PORT:-8003}/spiffworkflow_backend_development" - BPMN_SPEC_ABSOLUTE_DIR: "/app/process_models" + SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR: "/app/process_models" SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA: "false" SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME: "example.yml" - RUN_BACKGROUND_SCHEDULER: "true" - OPEN_ID_CLIENT_ID: "spiffworkflow-backend" - OPEN_ID_CLIENT_SECRET_KEY: "my_open_id_secret_key" - CONNECTOR_PROXY_URL: "http://spiffworkflow-connector:8004" + SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER: "true" + SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID: "spiffworkflow-backend" + SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY: "my_open_id_secret_key" + SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL: "http://spiffworkflow-connector:8004" ports: - "${SPIFF_BACKEND_PORT:-8000}:${SPIFF_BACKEND_PORT:-8000}/tcp" volumes: diff --git a/spiffworkflow-backend/bin/boot_server_in_docker b/spiffworkflow-backend/bin/boot_server_in_docker index 4cd430a3..2976e27d 100755 --- a/spiffworkflow-backend/bin/boot_server_in_docker +++ b/spiffworkflow-backend/bin/boot_server_in_docker @@ -10,12 +10,12 @@ set -o errtrace -o errexit -o nounset -o pipefail # run migrations export FLASK_APP=/app/src/spiffworkflow_backend -if [[ "${WAIT_FOR_DB_TO_BE_READY:-}" == "true" ]]; then +if [[ "${SPIFFWORKFLOW_BACKEND_WAIT_FOR_DB_TO_BE_READY:-}" == "true" ]]; then echo 'Waiting for db to be ready...' poetry run python ./bin/wait_for_db_to_be_ready.py fi -if [[ "${DOWNGRADE_DB:-}" == "true" ]]; then +if [[ "${SPIFFWORKFLOW_BACKEND_DOWNGRADE_DB:-}" == "true" ]]; then echo 'Downgrading database...' poetry run flask db downgrade fi @@ -40,8 +40,8 @@ fi additional_args="" -if [[ "${APPLICATION_ROOT:-}" != "/" ]]; then - additional_args="${additional_args} -e SCRIPT_NAME=${APPLICATION_ROOT}" +if [[ "${SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT:-}" != "/" ]]; then + additional_args="${additional_args} -e SCRIPT_NAME=${SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT}" fi # HACK: if loading fixtures for acceptance tests when we do not need multiple workers diff --git a/spiffworkflow-backend/bin/run_server_locally b/spiffworkflow-backend/bin/run_server_locally index 2a4f5034..d27ddf3b 100755 --- a/spiffworkflow-backend/bin/run_server_locally +++ b/spiffworkflow-backend/bin/run_server_locally @@ -21,7 +21,7 @@ SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models) export SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR export FLASK_SESSION_SECRET_KEY=super_secret_key -export APPLICATION_ROOT="/" +export SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT="/" if [[ -n "${SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA:-}" ]]; then ./bin/boot_server_in_docker diff --git a/spiffworkflow-backend/docker-compose.yml b/spiffworkflow-backend/docker-compose.yml index b1847ef6..43cfd960 100644 --- a/spiffworkflow-backend/docker-compose.yml +++ b/spiffworkflow-backend/docker-compose.yml @@ -50,20 +50,20 @@ services: build: context: . environment: - - APPLICATION_ROOT=/ - - SPIFFWORKFLOW_BACKEND_ENV=${SPIFFWORKFLOW_BACKEND_ENV:-local_development} - FLASK_DEBUG=0 - FLASK_SESSION_SECRET_KEY=${FLASK_SESSION_SECRET_KEY:-super_secret_key} - - SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL=${SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL:-http://localhost:7002/realms/spiffworkflow} - - SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL=${SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL:-http://localhost:7001} - - SPIFFWORKFLOW_BACKEND_URL=${SPIFFWORKFLOW_BACKEND_URL:-http://localhost:7000} - - SPIFFWORKFLOW_BACKEND_PORT=7000 - - SPIFFWORKFLOW_BACKEND_UPGRADE_DB=true - - SPIFFWORKFLOW_BACKEND_DATABASE_URI=mysql+mysqlconnector://root:${SPIFFWORKFLOW_BACKEND_MYSQL_ROOT_DATABASE:-my-secret-pw}@localhost:7003/${SPIFFWORKFLOW_BACKEND_DATABASE_NAME:-spiffworkflow_backend_development} + - SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT=/ - SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=/app/process_models + - SPIFFWORKFLOW_BACKEND_DATABASE_URI=mysql+mysqlconnector://root:${SPIFFWORKFLOW_BACKEND_MYSQL_ROOT_DATABASE:-my-secret-pw}@localhost:7003/${SPIFFWORKFLOW_BACKEND_DATABASE_NAME:-spiffworkflow_backend_development} + - SPIFFWORKFLOW_BACKEND_ENV=${SPIFFWORKFLOW_BACKEND_ENV:-local_development} - SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA=${SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA:-false} + - SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL=${SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL:-http://localhost:7002/realms/spiffworkflow} - SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME=${SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME:-acceptance_tests.yml} + - SPIFFWORKFLOW_BACKEND_PORT=7000 - SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER=true + - SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL=${SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL:-http://localhost:7001} + - SPIFFWORKFLOW_BACKEND_UPGRADE_DB=true + - SPIFFWORKFLOW_BACKEND_URL=${SPIFFWORKFLOW_BACKEND_URL:-http://localhost:7000} ports: - "7000:7000" network_mode: host From 1f2a5e2ddf1b1cbabb9418fbf232caa7f2e35b4e Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 16 Feb 2023 07:39:40 -0500 Subject: [PATCH 04/24] pyl --- .../src/spiffworkflow_backend/__init__.py | 20 +++++-- .../spiffworkflow_backend/config/__init__.py | 15 +++-- .../spiffworkflow_backend/config/default.py | 52 ++++++++++++------ .../src/spiffworkflow_backend/config/demo.py | 3 +- .../src/spiffworkflow_backend/config/dev.py | 11 +++- .../config/local_development.py | 7 ++- .../src/spiffworkflow_backend/config/qa1.py | 11 +++- .../src/spiffworkflow_backend/config/qa2.py | 8 ++- .../config/sartography.py | 9 ++- .../spiffworkflow_backend/config/staging.py | 8 ++- .../config/terraform_deployed_environment.py | 17 ++++-- .../exceptions/api_error.py | 8 ++- .../routes/process_models_controller.py | 4 +- .../routes/service_tasks_controller.py | 4 +- .../src/spiffworkflow_backend/routes/user.py | 8 ++- .../services/authentication_service.py | 4 +- .../services/authorization_service.py | 4 +- .../services/git_service.py | 55 +++++++++++++------ .../services/process_instance_processor.py | 4 +- 19 files changed, 182 insertions(+), 70 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py index 79c02b4b..92c11037 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py @@ -153,7 +153,9 @@ def get_hacked_up_app_for_script() -> flask.app.Flask: f"{home}/projects/github/sartography/sample-process-models" ) if os.path.isdir(full_process_model_path): - os.environ["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = full_process_model_path + os.environ["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = ( + full_process_model_path + ) else: raise Exception(f"Could not find {full_process_model_path}") app = create_app() @@ -198,13 +200,21 @@ def configure_sentry(app: flask.app.Flask) -> None: return None return event - sentry_errors_sample_rate = app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE") + sentry_errors_sample_rate = app.config.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE" + ) if sentry_errors_sample_rate is None: - raise Exception("SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE is not set somehow") + raise Exception( + "SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE is not set somehow" + ) - sentry_traces_sample_rate = app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE") + sentry_traces_sample_rate = app.config.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE" + ) if sentry_traces_sample_rate is None: - raise Exception("SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE is not set somehow") + raise Exception( + "SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE is not set somehow" + ) # profiling doesn't work on windows, because of an issue like https://github.com/nvdv/vprof/issues/62 # but also we commented out profiling because it was causing segfaults (i guess it is marked experimental) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py index 267c9c10..7ad2237f 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py @@ -52,15 +52,20 @@ def load_config_file(app: Flask, env_config_module: str) -> None: def _set_up_tenant_specific_fields_as_list_of_strings(app: Flask) -> None: - tenant_specific_fields = app.config.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS") + tenant_specific_fields = app.config.get( + "SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS" + ) if tenant_specific_fields is None or tenant_specific_fields == "": app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"] = [] else: - app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"] = tenant_specific_fields.split(",") + app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"] = ( + tenant_specific_fields.split(",") + ) if len(app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"]) > 3: raise ConfigurationError( - "SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS can have a maximum of 3 fields" + "SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS can have a" + " maximum of 3 fields" ) @@ -117,7 +122,9 @@ def setup_config(app: Flask) -> None: app.config.from_pyfile(os.path.join("config", "secrets.py"), silent=True) if app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] is None: - raise ConfigurationError("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set") + raise ConfigurationError( + "SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set" + ) app.config["PROCESS_UUID"] = uuid.uuid4() diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index dd9ea4d0..469d4f76 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -2,14 +2,18 @@ import re from os import environ -SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR = environ.get("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR") +SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR = environ.get( + "SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" +) cors_allow_all = "*" SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS = re.split( - r",\s*", environ.get("SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS", default=cors_allow_all) + r",\s*", + environ.get("SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS", default=cors_allow_all), ) SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( - environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" + environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") + == "true" ) SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = environ.get( "SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL", default="http://localhost:7001" @@ -23,23 +27,27 @@ SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = environ.get( ) # Open ID server +# use "http://localhost:7000/openid" for running with simple openid +# server hosted by spiffworkflow-backend SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = environ.get( "SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL", - default="http://localhost:7002/realms/spiffworkflow" - # "SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL", default="http://localhost:7000/openid" + default="http://localhost:7002/realms/spiffworkflow", ) -# Replace above line with this to use the built-in Open ID Server. -# SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = environ.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL", default="http://localhost:7000/openid") -SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID = environ.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID", default="spiffworkflow-backend") +SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID = environ.get( + "SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID", default="spiffworkflow-backend" +) SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY = environ.get( - "SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" + "SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY", + default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q", ) # noqa: S105 # Tenant specific fields is a comma separated list of field names that we will convert to list of strings # and store in the user table's tenant_specific_field_n columns. You can have up to three items in this # comma-separated list. -SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS = environ.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS") +SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS = environ.get( + "SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS" +) SPIFFWORKFLOW_BACKEND_LOG_TO_FILE = ( environ.get("SPIFFWORKFLOW_BACKEND_LOG_TO_FILE", default="false") == "true" @@ -50,7 +58,9 @@ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( ) # Sentry Configuration -SPIFFWORKFLOW_BACKEND_SENTRY_DSN = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_DSN", default="") +SPIFFWORKFLOW_BACKEND_SENTRY_DSN = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_DSN", default="" +) SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE = environ.get( "SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE", default="1" ) # send all errors @@ -64,13 +74,21 @@ SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get( # When a user clicks on the `Publish` button, this is the default branch this server merges into. # I.e., dev server could have `staging` here. Staging server might have `production` here. -SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO") +SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO" +) SPIFFWORKFLOW_BACKEND_GIT_BRANCH = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH") SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING = environ.get("GIT_CLONE_URL") -SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = environ.get("SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE", default="false") == "true" -SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get("SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY") +SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = ( + environ.get("SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE", default="false") == "true" +) +SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY" +) SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME") -SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL") +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL" +) # Database Configuration SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE = environ.get( @@ -86,7 +104,9 @@ SPIFFWORKFLOW_BACKEND_SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID = environ.get ) SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS = int( - environ.get("SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS", default="600") + environ.get( + "SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS", default="600" + ) ) SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP = environ.get( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/demo.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/demo.py index c9694489..aec6a03b 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/demo.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/demo.py @@ -10,5 +10,6 @@ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( ) SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( - environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" + environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") + == "true" ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py index 7b8104ec..7cc73bc8 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py @@ -1,9 +1,14 @@ """Dev.""" from os import environ -SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="staging") -SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME", default="sartography-automated-committer") +SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="staging" +) +SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_USERNAME", default="sartography-automated-committer" +) SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get( - "SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", default="sartography-automated-committer@users.noreply.github.com" + "SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", + default="sartography-automated-committer@users.noreply.github.com", ) SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = "dev.yml" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/local_development.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/local_development.py index 633d5ef7..e9e674ef 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/local_development.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/local_development.py @@ -10,10 +10,13 @@ SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get( ) SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( - environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" + environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") + == "true" ) SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING = environ.get( "GIT_CLONE_URL", default="https://github.com/sartography/sample-process-models.git" ) SPIFFWORKFLOW_BACKEND_GIT_USERNAME = "sartography-automated-committer" -SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com" +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = ( + f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com" +) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa1.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa1.py index 2e55e5c9..b1592d93 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa1.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa1.py @@ -1,10 +1,15 @@ """Qa1.""" from os import environ -SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="qa2") -SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME", default="sartography-automated-committer") +SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="qa2" +) +SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_USERNAME", default="sartography-automated-committer" +) SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get( - "SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", default=f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com" + "SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", + default=f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com", ) SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="qa1.yml" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py index ed752821..310897a1 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py @@ -5,6 +5,10 @@ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="qa1.yml" ) SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = "https://qa2.spiffworkflow.org" -SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = "https://qa2.spiffworkflow.org/keycloak/realms/spiffworkflow" +SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = ( + "https://qa2.spiffworkflow.org/keycloak/realms/spiffworkflow" +) SPIFFWORKFLOW_BACKEND_URL = "https://qa2.spiffworkflow.org/api" -SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = "https://qa2.spiffworkflow.org/connector-proxy" +SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = ( + "https://qa2.spiffworkflow.org/connector-proxy" +) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/sartography.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/sartography.py index dd6a307c..f384622e 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/sartography.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/sartography.py @@ -2,8 +2,13 @@ from os import environ environment_identifier_for_this_config_file_only = environ["SPIFFWORKFLOW_BACKEND_ENV"] -SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = f"https://keycloak.{environment_identifier_for_this_config_file_only}.spiffworkflow.org/realms/sartography" -SPIFFWORKFLOW_BACKEND_GIT_BRANCH = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH", default="main") +SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = ( + f"https://keycloak.{environment_identifier_for_this_config_file_only}" + ".spiffworkflow.org/realms/sartography" +) +SPIFFWORKFLOW_BACKEND_GIT_BRANCH = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_BRANCH", default="main" +) SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING = environ.get( "GIT_CLONE_URL", default="https://github.com/sartography/sartography-process-models.git", diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py index bd77dcab..56b4a3ff 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py @@ -1,7 +1,11 @@ """Staging.""" from os import environ -SPIFFWORKFLOW_BACKEND_GIT_BRANCH = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH", default="staging") -SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get("SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="main") +SPIFFWORKFLOW_BACKEND_GIT_BRANCH = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_BRANCH", default="staging" +) +SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO", default="main" +) SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = False SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = "staging.yml" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py index 1c03676d..937d17af 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py @@ -6,24 +6,33 @@ environment_identifier_for_this_config_file_only = environ["SPIFFWORKFLOW_BACKEN SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = True SPIFFWORKFLOW_BACKEND_GIT_USERNAME = "sartography-automated-committer" -SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com" +SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = ( + f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com" +) SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="terraform_deployed_environment.yml", ) SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( - environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" + environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") + == "true" ) -SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = f"https://keycloak.{environment_identifier_for_this_config_file_only}.spiffworkflow.org/realms/spiffworkflow" +SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = ( + f"https://keycloak.{environment_identifier_for_this_config_file_only}" + ".spiffworkflow.org/realms/spiffworkflow" +) SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = ( f"https://{environment_identifier_for_this_config_file_only}.spiffworkflow.org" ) SPIFFWORKFLOW_BACKEND_URL = ( f"https://api.{environment_identifier_for_this_config_file_only}.spiffworkflow.org" ) -SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = f"https://connector-proxy.{environment_identifier_for_this_config_file_only}.spiffworkflow.org" +SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = ( + f"https://connector-proxy.{environment_identifier_for_this_config_file_only}" + ".spiffworkflow.org" +) SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING = environ.get( "GIT_CLONE_URL", default="https://github.com/sartography/sample-process-models.git" ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/exceptions/api_error.py b/spiffworkflow-backend/src/spiffworkflow_backend/exceptions/api_error.py index de9956fc..5fff05c2 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/exceptions/api_error.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/exceptions/api_error.py @@ -206,8 +206,12 @@ def handle_exception(exception: Exception) -> flask.wrappers.Response: f" {exception.error_code}" ) - organization_slug = current_app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG") - project_slug = current_app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG") + organization_slug = current_app.config.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG" + ) + project_slug = current_app.config.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG" + ) if organization_slug and project_slug: sentry_link = ( f"https://sentry.io/{organization_slug}/{project_slug}/events/{id}" diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_models_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_models_controller.py index bdeccbd8..1e2a16a7 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_models_controller.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_models_controller.py @@ -225,7 +225,9 @@ def process_model_publish( ) -> flask.wrappers.Response: """Process_model_publish.""" if branch_to_update is None: - branch_to_update = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO"] + branch_to_update = current_app.config[ + "SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO" + ] if branch_to_update is None: raise MissingGitConfigsError( "Missing config for SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO. " diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py index b8e0df25..ee1bd2c3 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py @@ -27,7 +27,9 @@ def authentication_list() -> flask.wrappers.Response: available_authentications = ServiceTaskService.authentication_list() response_json = { "results": available_authentications, - "connector_proxy_base_url": current_app.config["SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL"], + "connector_proxy_base_url": current_app.config[ + "SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL" + ], "redirect_url": f"{current_app.config['SPIFFWORKFLOW_BACKEND_URL']}/v1.0/authentication_callback", } diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py index 2f48e873..6e7ac7e1 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py @@ -186,7 +186,9 @@ def set_new_access_token_in_cookie( """ tld = current_app.config["THREAD_LOCAL_DATA"] domain_for_frontend_cookie: Optional[str] = re.sub( - r"^https?:\/\/", "", current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"] + r"^https?:\/\/", + "", + current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"], ) if domain_for_frontend_cookie and domain_for_frontend_cookie.startswith( "localhost" @@ -351,7 +353,9 @@ def logout(id_token: str, redirect_url: Optional[str]) -> Response: def logout_return() -> Response: """Logout_return.""" - frontend_url = str(current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"]) + frontend_url = str( + current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"] + ) return redirect(f"{frontend_url}/") diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py index 178c56fa..143bb765 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py @@ -73,7 +73,9 @@ class AuthenticationService: @staticmethod def secret_key() -> str: """Returns the secret key from the config.""" - return current_app.config.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY", "") + return current_app.config.get( + "SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY", "" + ) @classmethod def open_id_endpoint_for_name(cls, name: str) -> str: diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index abd9c8d5..9db4c39c 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -107,7 +107,9 @@ class AuthorizationService: ) received_sign = auth_header.split("sha256=")[-1].strip() - secret = current_app.config["SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET"].encode() + secret = current_app.config[ + "SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET" + ].encode() expected_sign = HMAC(key=secret, msg=request.data, digestmod=sha256).hexdigest() if not compare_digest(received_sign, expected_sign): raise TokenInvalidError( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py index 2ddee7d6..37b04937 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py @@ -37,7 +37,9 @@ class GitService: @classmethod def get_current_revision(cls) -> str: """Get_current_revision.""" - bpmn_spec_absolute_dir = current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] + bpmn_spec_absolute_dir = current_app.config[ + "SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" + ] # The value includes a carriage return character at the end, so we don't grab the last character with FileSystemService.cd(bpmn_spec_absolute_dir): return cls.run_shell_command_to_get_stdout( @@ -52,7 +54,9 @@ class GitService: file_name: Optional[str] = None, ) -> str: """Get_instance_file_contents_for_revision.""" - bpmn_spec_absolute_dir = current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] + bpmn_spec_absolute_dir = current_app.config[ + "SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" + ] process_model_relative_path = FileSystemService.process_model_relative_path( process_model ) @@ -81,17 +85,24 @@ class GitService: branch_name_to_use = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH"] repo_path_to_use = repo_path if repo_path is None: - repo_path_to_use = current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] - if repo_path_to_use is None: - raise ConfigurationError("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set") - if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"]: - os.environ["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"] = current_app.config[ - "SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY" + repo_path_to_use = current_app.config[ + "SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ] + if repo_path_to_use is None: + raise ConfigurationError( + "SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set" + ) + if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"]: + os.environ["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"] = ( + current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"] + ) git_username = "" git_email = "" - if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USERNAME"] and current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL"]: + if ( + current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USERNAME"] + and current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL"] + ): git_username = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USERNAME"] git_email = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL"] shell_command_path = os.path.join( @@ -126,10 +137,13 @@ class GitService: "Missing config for SPIFFWORKFLOW_BACKEND_GIT_BRANCH_TO_PUBLISH_TO. " "This is required for publishing process models" ) - if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING"] is None: + if ( + current_app.config["SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING"] + is None + ): raise MissingGitConfigsError( - "Missing config for SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING. " - "This is required for publishing process models" + "Missing config for SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING." + " This is required for publishing process models" ) @classmethod @@ -182,7 +196,10 @@ class GitService: ) clone_url = webhook["repository"]["clone_url"] - if clone_url != current_app.config["SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING"]: + if ( + clone_url + != current_app.config["SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING"] + ): raise GitCloneUrlMismatchError( "Configured clone url does not match clone url from webhook:" f" {clone_url}" @@ -195,8 +212,8 @@ class GitService: if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_BRANCH"] is None: raise MissingGitConfigsError( - "Missing config for SPIFFWORKFLOW_BACKEND_GIT_BRANCH. This is required for updating the" - " repository as a result of the webhook" + "Missing config for SPIFFWORKFLOW_BACKEND_GIT_BRANCH. This is required" + " for updating the repository as a result of the webhook" ) ref = webhook["ref"] @@ -204,7 +221,9 @@ class GitService: if ref != f"refs/heads/{git_branch}": return False - with FileSystemService.cd(current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"]): + with FileSystemService.cd( + current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] + ): cls.run_shell_command(["git", "pull"]) return True @@ -223,7 +242,9 @@ class GitService: # we are adding a guid to this so the flake8 issue has been mitigated destination_process_root = f"/tmp/{clone_dir}" # noqa - git_clone_url = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING"] + git_clone_url = current_app.config[ + "SPIFFWORKFLOW_BACKEND_GIT_CLONE_URL_FOR_PUBLISHING" + ] if git_clone_url.startswith("https://"): git_clone_url = git_clone_url.replace( "https://", diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py index cb2a076d..5aabe5ac 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py @@ -1301,7 +1301,9 @@ class ProcessInstanceProcessor: current_time_in_seconds = round(time.time()) lock_expiry_in_seconds = ( current_time_in_seconds - - current_app.config["SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS"] + - current_app.config[ + "SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS" + ] ) query_text = text( From fb5d902ce433eb00eb364027daca25dc888d16e8 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 16 Feb 2023 07:59:51 -0500 Subject: [PATCH 05/24] fixed some env vars for ci --- .github/workflows/backend_tests.yml | 10 +++++----- spiffworkflow-backend/bin/recreate_db | 2 +- .../src/spiffworkflow_backend/config/__init__.py | 6 +++--- .../src/spiffworkflow_backend/config/default.py | 14 ++++++++++++-- .../routes/tasks_controller.py | 2 +- 5 files changed, 22 insertions(+), 12 deletions(-) diff --git a/.github/workflows/backend_tests.yml b/.github/workflows/backend_tests.yml index f1d9a1c7..cc11adb6 100644 --- a/.github/workflows/backend_tests.yml +++ b/.github/workflows/backend_tests.yml @@ -78,12 +78,12 @@ jobs: - { python: "3.11", os: "ubuntu-latest", session: "docs-build" } env: - NOXSESSION: ${{ matrix.session }} - SPIFF_DATABASE_TYPE: ${{ matrix.database }} - FORCE_COLOR: "1" - PRE_COMMIT_COLOR: "always" - DB_PASSWORD: password FLASK_SESSION_SECRET_KEY: super_secret_key + FORCE_COLOR: "1" + NOXSESSION: ${{ matrix.session }} + PRE_COMMIT_COLOR: "always" + SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD: password + SPIFFWORKFLOW_BACKEND_DATABASE_TYPE: ${{ matrix.database }} steps: - name: Check out the repository diff --git a/spiffworkflow-backend/bin/recreate_db b/spiffworkflow-backend/bin/recreate_db index fac35da6..8a78a9b8 100755 --- a/spiffworkflow-backend/bin/recreate_db +++ b/spiffworkflow-backend/bin/recreate_db @@ -40,7 +40,7 @@ if [[ "${1:-}" == "clean" ]]; then # TODO: check to see if the db already exists and we can connect to it. also actually clean it up. # start postgres in background with one db - if [[ "${SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE:-}" == "postgres" ]]; then + if [[ "${SPIFFWORKFLOW_BACKEND_DATABASE_TYPE:-}" == "postgres" ]]; then if ! docker exec -it postgres-spiff psql -U spiffworkflow_backend spiffworkflow_backend_testing -c "select 1"; then docker run --name postgres-spiff -p 5432:5432 -e POSTGRES_PASSWORD=spiffworkflow_backend -e POSTGRES_USER=spiffworkflow_backend -e POSTGRES_DB=spiffworkflow_backend_testing -d postgres sleep 4 # classy diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py index 7ad2237f..bdd02909 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py @@ -17,17 +17,17 @@ def setup_database_uri(app: Flask) -> None: """Setup_database_uri.""" if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_URI") is None: database_name = f"spiffworkflow_backend_{app.config['ENV_IDENTIFIER']}" - if app.config.get("SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE") == "sqlite": + if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") == "sqlite": app.config["SQLALCHEMY_DATABASE_URI"] = ( f"sqlite:///{app.instance_path}/db_{app.config['ENV_IDENTIFIER']}.sqlite3" ) - elif app.config.get("SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE") == "postgres": + elif app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") == "postgres": app.config["SQLALCHEMY_DATABASE_URI"] = ( f"postgresql://spiffworkflow_backend:spiffworkflow_backend@localhost:5432/{database_name}" ) else: # use pswd to trick flake8 with hardcoded passwords - db_pswd = os.environ.get("DB_PASSWORD") + db_pswd = app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD") if db_pswd is None: db_pswd = "" app.config["SQLALCHEMY_DATABASE_URI"] = ( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index 469d4f76..7b315f48 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -91,8 +91,8 @@ SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get( ) # Database Configuration -SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE = environ.get( - "SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE", default="mysql" +SPIFFWORKFLOW_BACKEND_DATABASE_TYPE = environ.get( + "SPIFFWORKFLOW_BACKEND_DATABASE_TYPE", default="mysql" ) # can also be sqlite, postgres # Overide above with specific sqlalchymy connection string. SPIFFWORKFLOW_BACKEND_DATABASE_URI = environ.get( @@ -112,3 +112,13 @@ SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS = int( SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP = environ.get( "SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP", default="everybody" ) + +# secrets: These should be set as environment variables +SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default="") +SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET = environ.get("SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET", default='') +SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get("SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY", default='') +SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD", default='') +SPIFFWORKFLOW_BACKEND_SENTRY_DSN = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_DSN", default='') +SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG", default='') +SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG", default='') +SPIFFWORKFLOW_BACKEND_SENTRY_SAMPLE_RATE = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_SAMPLE_RATE", default='') diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py index 269fb113..c5dab954 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py @@ -674,7 +674,7 @@ def _get_potential_owner_usernames(assigned_user: AliasedClass) -> Any: potential_owner_usernames_from_group_concat_or_similar = func.group_concat( assigned_user.username.distinct() ).label("potential_owner_usernames") - db_type = current_app.config.get("SPIFFWORKFLOW_BACKEND_SPIFF_DATABASE_TYPE") + db_type = current_app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") if db_type == "postgres": potential_owner_usernames_from_group_concat_or_similar = func.string_agg( From bb0ac42fe5a00f0ab3c1972a987caa0e78eae9d4 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 16 Feb 2023 08:33:39 -0500 Subject: [PATCH 06/24] pyl --- .../spiffworkflow_backend/config/default.py | 32 ++++++++++++++----- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index 7b315f48..51846169 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -114,11 +114,27 @@ SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP = environ.get( ) # secrets: These should be set as environment variables -SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default="") -SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET = environ.get("SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET", default='') -SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get("SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY", default='') -SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD", default='') -SPIFFWORKFLOW_BACKEND_SENTRY_DSN = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_DSN", default='') -SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG", default='') -SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG", default='') -SPIFFWORKFLOW_BACKEND_SENTRY_SAMPLE_RATE = environ.get("SPIFFWORKFLOW_BACKEND_SENTRY_SAMPLE_RATE", default='') +SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get( + "SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default="" +) +SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET = environ.get( + "SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET", default="" +) +SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY", default="" +) +SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD", default="" +) +SPIFFWORKFLOW_BACKEND_SENTRY_DSN = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_DSN", default="" +) +SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG", default="" +) +SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG", default="" +) +SPIFFWORKFLOW_BACKEND_SENTRY_SAMPLE_RATE = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_SAMPLE_RATE", default="" +) From e1b71d526788b9f1c11483365a5c356be41ec204 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 16 Feb 2023 09:05:40 -0500 Subject: [PATCH 07/24] cleaned up the default config file a bit --- .../spiffworkflow_backend/config/default.py | 40 ++++++++----------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index 51846169..6a3816c6 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -67,6 +67,12 @@ SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE = environ.get( SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE = environ.get( "SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE", default="0.01" ) # send 1% of traces +SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG", default=None +) +SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG = environ.get( + "SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG", default=None +) SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get( "SPIFFWORKFLOW_BACKEND_LOG_LEVEL", default="info" @@ -89,6 +95,15 @@ SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USER SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get( "SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL" ) +SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET = environ.get( + "SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET", default=None +) +SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY", default=None +) +SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD = environ.get( + "SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD", default=None +) # Database Configuration SPIFFWORKFLOW_BACKEND_DATABASE_TYPE = environ.get( @@ -113,28 +128,7 @@ SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP = environ.get( "SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP", default="everybody" ) -# secrets: These should be set as environment variables +# this is only used in CI SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get( - "SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default="" -) -SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET = environ.get( - "SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET", default="" -) -SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get( - "SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY", default="" -) -SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD = environ.get( - "SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD", default="" -) -SPIFFWORKFLOW_BACKEND_SENTRY_DSN = environ.get( - "SPIFFWORKFLOW_BACKEND_SENTRY_DSN", default="" -) -SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG = environ.get( - "SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG", default="" -) -SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG = environ.get( - "SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG", default="" -) -SPIFFWORKFLOW_BACKEND_SENTRY_SAMPLE_RATE = environ.get( - "SPIFFWORKFLOW_BACKEND_SENTRY_SAMPLE_RATE", default="" + "SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default=None ) From 59a166ddf6e0834fee0ec97813d00b2a92c26789 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 16 Feb 2023 10:21:02 -0500 Subject: [PATCH 08/24] more config updates w/ burnettk --- docker-compose.yml | 21 ++++++++++--------- spiffworkflow-backend/bin/deploy | 4 ++-- spiffworkflow-backend/docker-compose.yml | 2 +- .../spiffworkflow_backend/config/default.py | 6 +++--- .../src/spiffworkflow_backend/config/qa2.py | 2 +- .../config/terraform_deployed_environment.py | 2 +- .../routes/service_tasks_controller.py | 2 +- .../src/spiffworkflow_backend/routes/user.py | 6 ++---- .../scripts/get_frontend_url.py | 2 +- 9 files changed, 23 insertions(+), 24 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index e19ec4a2..95b87b39 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,9 +7,9 @@ services: condition: service_healthy environment: APPLICATION_ROOT: "/" - PORT0: "${SPIFF_FRONTEND_PORT:-8001}" + PORT0: "${SPIFFWORKFLOW_FRONTEND_PORT:-8001}" ports: - - "${SPIFF_FRONTEND_PORT:-8001}:${SPIFF_FRONTEND_PORT:-8001}/tcp" + - "${SPIFFWORKFLOW_FRONTEND_PORT:-8001}:${SPIFFWORKFLOW_FRONTEND_PORT:-8001}/tcp" spiffworkflow-backend: container_name: spiffworkflow-backend @@ -22,20 +22,21 @@ services: SPIFFWORKFLOW_BACKEND_ENV: "local_development" FLASK_DEBUG: "0" FLASK_SESSION_SECRET_KEY: "${FLASK_SESSION_SECRET_KEY:-super_secret_key}" - SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}/openid" - SPIFFWORKFLOW_FRONTEND_URL: "http://localhost:${SPIFF_FRONTEND_PORT:-8001}" # WARNING: Frontend is a static site which assumes frontend port - 1 on localhost. SPIFFWORKFLOW_BACKEND_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}" - SPIFFWORKFLOW_BACKEND_PORT: "${SPIFF_BACKEND_PORT:-8000}" - SPIFFWORKFLOW_BACKEND_UPGRADE_DB: "true" - SPIFFWORKFLOW_BACKEND_DATABASE_URI: "mysql+mysqlconnector://root:${SPIFF_MYSQL_PASS:-my-secret-pw}@spiffworkflow-db:${SPIFF_MYSQL_PORT:-8003}/spiffworkflow_backend_development" + SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR: "/app/process_models" + SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL: "http://spiffworkflow-connector:8004" + SPIFFWORKFLOW_BACKEND_DATABASE_URI: "mysql+mysqlconnector://root:${SPIFF_MYSQL_PASS:-my-secret-pw}@spiffworkflow-db:${SPIFF_MYSQL_PORT:-8003}/spiffworkflow_backend_development" SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA: "false" - SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME: "example.yml" - SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER: "true" SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID: "spiffworkflow-backend" SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY: "my_open_id_secret_key" - SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL: "http://spiffworkflow-connector:8004" + SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}/openid" + SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME: "example.yml" + SPIFFWORKFLOW_BACKEND_PORT: "${SPIFF_BACKEND_PORT:-8000}" + SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER: "true" + SPIFFWORKFLOW_BACKEND_UPGRADE_DB: "true" + SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND: "http://localhost:${SPIFFWORKFLOW_FRONTEND_PORT:-8001}" ports: - "${SPIFF_BACKEND_PORT:-8000}:${SPIFF_BACKEND_PORT:-8000}/tcp" volumes: diff --git a/spiffworkflow-backend/bin/deploy b/spiffworkflow-backend/bin/deploy index 65aa3c2f..ebfd9a55 100755 --- a/spiffworkflow-backend/bin/deploy +++ b/spiffworkflow-backend/bin/deploy @@ -31,8 +31,8 @@ if [[ -z "${SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE:-}" ]]; then export SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE=run fi -if [[ -z "${SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL:-}" ]]; then - export SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL='http://167.172.242.138:7001' +if [[ -z "${SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND:-}" ]]; then + export SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND='http://167.172.242.138:7001' fi if [[ -z "${SPIFFWORKFLOW_BACKEND_URL:-}" ]]; then diff --git a/spiffworkflow-backend/docker-compose.yml b/spiffworkflow-backend/docker-compose.yml index 43cfd960..8fe55281 100644 --- a/spiffworkflow-backend/docker-compose.yml +++ b/spiffworkflow-backend/docker-compose.yml @@ -61,7 +61,7 @@ services: - SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME=${SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME:-acceptance_tests.yml} - SPIFFWORKFLOW_BACKEND_PORT=7000 - SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER=true - - SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL=${SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL:-http://localhost:7001} + - SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND=${SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND:-http://localhost:7001} - SPIFFWORKFLOW_BACKEND_UPGRADE_DB=true - SPIFFWORKFLOW_BACKEND_URL=${SPIFFWORKFLOW_BACKEND_URL:-http://localhost:7000} ports: diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index 6a3816c6..4aeecd37 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -15,8 +15,8 @@ SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = ( environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false") == "true" ) -SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = environ.get( - "SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL", default="http://localhost:7001" +SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND = environ.get( + "SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND", default="http://localhost:7001" ) SPIFFWORKFLOW_BACKEND_URL = environ.get( "SPIFFWORKFLOW_BACKEND_URL", default="http://localhost:7000" @@ -128,7 +128,7 @@ SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP = environ.get( "SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP", default="everybody" ) -# this is only used in CI +# this is only used in CI. use SPIFFWORKFLOW_BACKEND_DATABASE_URI instead for real configuration SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get( "SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default=None ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py index 310897a1..f81d8864 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/qa2.py @@ -4,7 +4,7 @@ from os import environ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get( "SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="qa1.yml" ) -SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = "https://qa2.spiffworkflow.org" +SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND = "https://qa2.spiffworkflow.org" SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = ( "https://qa2.spiffworkflow.org/keycloak/realms/spiffworkflow" ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py index 937d17af..f75b5f06 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/terraform_deployed_environment.py @@ -23,7 +23,7 @@ SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = ( f"https://keycloak.{environment_identifier_for_this_config_file_only}" ".spiffworkflow.org/realms/spiffworkflow" ) -SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL = ( +SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND = ( f"https://{environment_identifier_for_this_config_file_only}.spiffworkflow.org" ) SPIFFWORKFLOW_BACKEND_URL = ( diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py index ee1bd2c3..61c8f6da 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/service_tasks_controller.py @@ -47,5 +47,5 @@ def authentication_callback( f"{service}/{auth_method}", response, g.user.id, create_if_not_exists=True ) return redirect( - f"{current_app.config['SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL']}/admin/configuration" + f"{current_app.config['SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND']}/admin/configuration" ) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py index 6e7ac7e1..7b9a268a 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py @@ -188,7 +188,7 @@ def set_new_access_token_in_cookie( domain_for_frontend_cookie: Optional[str] = re.sub( r"^https?:\/\/", "", - current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"], + current_app.config["SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND"], ) if domain_for_frontend_cookie and domain_for_frontend_cookie.startswith( "localhost" @@ -353,9 +353,7 @@ def logout(id_token: str, redirect_url: Optional[str]) -> Response: def logout_return() -> Response: """Logout_return.""" - frontend_url = str( - current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"] - ) + frontend_url = str(current_app.config["SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND"]) return redirect(f"{frontend_url}/") diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_frontend_url.py b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_frontend_url.py index 1dee0c49..503b9584 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_frontend_url.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_frontend_url.py @@ -28,4 +28,4 @@ class GetFrontendUrl(Script): **kwargs: Any ) -> Any: """Run.""" - return current_app.config["SPIFFWORKFLOW_BACKEND_SPIFFWORKFLOW_FRONTEND_URL"] + return current_app.config["SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND"] From 1fd086f055c52c8a2da5fc461a8e7980954ea306 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 16 Feb 2023 10:51:05 -0500 Subject: [PATCH 09/24] updated terraform deployed env config name w/ burnettk --- .../src/spiffworkflow_backend/config/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py index bdd02909..79fccd2e 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py @@ -45,7 +45,7 @@ def load_config_file(app: Flask, env_config_module: str) -> None: app.config.from_object(env_config_module) print(f"loaded config: {env_config_module}") except ImportStringError as exception: - if os.environ.get("TERRAFORM_DEPLOYED_ENVIRONMENT") != "true": + if os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT=") != "true": raise ModuleNotFoundError( f"Cannot find config module: {env_config_module}" ) from exception @@ -85,7 +85,7 @@ def setup_config(app: Flask) -> None: env_config_prefix = "spiffworkflow_backend.config." if ( - os.environ.get("TERRAFORM_DEPLOYED_ENVIRONMENT") == "true" + os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT=") == "true" and os.environ.get("SPIFFWORKFLOW_BACKEND_ENV") is not None ): load_config_file(app, f"{env_config_prefix}terraform_deployed_environment") From f004db15623fb1167c8ecaf9fce1f02368799111 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 16 Feb 2023 11:18:50 -0500 Subject: [PATCH 10/24] the equal sign is not apart of the env var w/ burnettk --- .../src/spiffworkflow_backend/config/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py index 79fccd2e..2edb57f7 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py @@ -45,7 +45,7 @@ def load_config_file(app: Flask, env_config_module: str) -> None: app.config.from_object(env_config_module) print(f"loaded config: {env_config_module}") except ImportStringError as exception: - if os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT=") != "true": + if os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT") != "true": raise ModuleNotFoundError( f"Cannot find config module: {env_config_module}" ) from exception @@ -85,7 +85,7 @@ def setup_config(app: Flask) -> None: env_config_prefix = "spiffworkflow_backend.config." if ( - os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT=") == "true" + os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT") == "true" and os.environ.get("SPIFFWORKFLOW_BACKEND_ENV") is not None ): load_config_file(app, f"{env_config_prefix}terraform_deployed_environment") From 9a88dc2d812f572d841192e10e0e9bcd98ff1400 Mon Sep 17 00:00:00 2001 From: burnettk Date: Thu, 16 Feb 2023 11:53:08 -0500 Subject: [PATCH 11/24] add new uses and delete ppg.ba.sme1 --- .../realm_exports/spiffworkflow-realm.json | 273 +++++++++++++++--- .../keycloak/test_user_lists/status | 15 +- .../spiffworkflow_backend/config/__init__.py | 5 +- 3 files changed, 256 insertions(+), 37 deletions(-) diff --git a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json index 4e3a82b7..78652bcf 100644 --- a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json +++ b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json @@ -396,7 +396,7 @@ "otpPolicyLookAheadWindow" : 1, "otpPolicyPeriod" : 30, "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ], + "otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName" : "keycloak", "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], "webAuthnPolicyRpId" : "", @@ -970,6 +970,29 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "6c8829ab-d37c-4638-99b0-c83e732dc02f", + "createdTimestamp" : 1676566095383, + "username" : "infra3.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "infra3.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "167" ] + }, + "credentials" : [ { + "id" : "06476e91-a1db-4f9c-848b-f9ba120a200e", + "type" : "password", + "createdDate" : 1676566095417, + "secretData" : "{\"value\":\"00UdICckafKEytSulbqdURfya9ZO4UlmAlQQ6R/he44Jv0wkYGIk/vadNE5ACgmIBunoj6jANVbu87ZWNxp1Dw==\",\"salt\":\"etUtwyB9nvChOvyw1P0xkA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "b8d0d90e-9a7e-446c-9984-082cb315af8f", "createdTimestamp" : 1675718484095, @@ -1202,6 +1225,52 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "8763cdfb-46d4-4585-a17f-57acc1e44646", + "createdTimestamp" : 1676566095195, + "username" : "legal2.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "legal2.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "165" ] + }, + "credentials" : [ { + "id" : "9322a6c5-0c19-48ee-aa92-c28eae605e95", + "type" : "password", + "createdDate" : 1676566095260, + "secretData" : "{\"value\":\"yfqeGYoyN5ZZM7SoAbVvDCM/J3fwhS17A1/L1GkLZoB3+844lK5g7iWJjrnrmBpzNAPjKKDx0aTGdEWetxt9Qg==\",\"salt\":\"zvh/FXb9F/wdWUupHwNFjw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "adba601b-d3c0-43fc-ae7e-cb6120ab342d", + "createdTimestamp" : 1676566095313, + "username" : "legal3.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "legal3.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "166" ] + }, + "credentials" : [ { + "id" : "d1bb52f8-92b1-4873-a356-e9dc9739e1e6", + "type" : "password", + "createdDate" : 1676566095348, + "secretData" : "{\"value\":\"END4w4oxI1H5C5l4dqeYqrClb0y+vx3tuI484ELpqouEIol5P/piTiv8Q5/ECbb3jj8opjUFZZfvc12VIukCWw==\",\"salt\":\"e0EvbNYHC9jdqPkX3AneYw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "588e69b9-7534-4073-861d-500475b12b24", "createdTimestamp" : 1675718484566, @@ -1357,6 +1426,52 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "2a5d7caa-2c3e-4404-a133-ec220c0307db", + "createdTimestamp" : 1676566095780, + "username" : "peopleops.partner2.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "peopleops.partner2.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "173" ] + }, + "credentials" : [ { + "id" : "64fc835c-b693-4fed-ab9f-952cbaadbbfd", + "type" : "password", + "createdDate" : 1676566095815, + "secretData" : "{\"value\":\"w5nUlwlH1Z46WGhfejPIiRW6OkE9bcjHNCVySUDzMIpkbCm3f78XfuvdGSDeCpJ/FQCJuFo5ciDJ7ExXLyLfnQ==\",\"salt\":\"nz1xSxci+NFsyPZPhFDtZQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "2df3aa5e-5e5b-4c4a-b9bc-3a916c651632", + "createdTimestamp" : 1676566095846, + "username" : "peopleops.partner3.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "peopleops.partner3.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "174" ] + }, + "credentials" : [ { + "id" : "efaaec98-45c7-45cc-b4a4-32708882b72f", + "type" : "password", + "createdDate" : 1676566095880, + "secretData" : "{\"value\":\"B9M+AGxXUX4/+ce0y6AgFBm4F7phl5+6zToumcfheXglqcag2jr7iqLTtvwVkz3w8x7rmxUrzs7rkJPhK+/Jpg==\",\"salt\":\"rLFkhDJLxRuCNw7PNswlSQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "dbf941e7-0b45-4bc6-ae9e-d7153d32ce47", "createdTimestamp" : 1676302143401, @@ -1519,21 +1634,67 @@ "notBefore" : 0, "groups" : [ ] }, { - "id" : "d0355a9b-43d2-4111-b294-07c4dfa261b1", - "createdTimestamp" : 1676302144418, - "username" : "ppg.ba.sme1", + "id" : "2cc27223-369b-4abb-b7b3-7c3668bb4695", + "createdTimestamp" : 1676566095589, + "username" : "ppg.ba1.sme", "enabled" : true, "totp" : false, "emailVerified" : false, - "email" : "ppg.ba.sme1@status.im", + "email" : "ppg.ba1.sme@status.im", "attributes" : { - "spiffworkflow-employeeid" : [ "139" ] + "spiffworkflow-employeeid" : [ "170" ] }, "credentials" : [ { - "id" : "cca986d0-d323-4c62-8752-989f4fc7551e", + "id" : "80015df9-1c37-4c2c-9862-e4c5bf3c7fe1", "type" : "password", - "createdDate" : 1676302144451, - "secretData" : "{\"value\":\"WcgfAuHzOZIaE5n1+cNRqkHfur2P9HQg5sn+xoucHSGyu0ibXd19LK+x6ITyoG153VEhws6PvPIB195MlSxOsw==\",\"salt\":\"lChW81Tfy5VZruOu/x0RZA==\",\"additionalParameters\":{}}", + "createdDate" : 1676566095623, + "secretData" : "{\"value\":\"aHhv9WD2OpLT99Pt8adXov9qlO+mHdZc/YnLcwmg/FN1GZ5s1ExKD+PgiJnbUMyiIrEoTaMImRlG0+CaXNB8pA==\",\"salt\":\"WG3QARMAE6XD4CYMq/vVog==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "ccdd9a3c-2df1-4b01-8cd0-f983e2975044", + "createdTimestamp" : 1676566095652, + "username" : "ppg.ba2.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "ppg.ba2.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "171" ] + }, + "credentials" : [ { + "id" : "1a1b635b-78a0-4e1b-be27-54fa8e5bf46e", + "type" : "password", + "createdDate" : 1676566095686, + "secretData" : "{\"value\":\"lvIpCEkCU7VjWkc5HVjIpbEX3m2y0qRAm6vpUOF6jsC3kPOU32kGTpXtoAXRMQYqzwwrZPezkWiBWSc9tZQZmw==\",\"salt\":\"4vtZJjWkwRZZpQHL0y2cFQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "6d570a0f-66dc-4059-a9b5-17bcfaf92c25", + "createdTimestamp" : 1676566095715, + "username" : "ppg.ba3.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "ppg.ba3.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "172" ] + }, + "credentials" : [ { + "id" : "81737a3e-74be-48e7-8540-47df7189f6b8", + "type" : "password", + "createdDate" : 1676566095750, + "secretData" : "{\"value\":\"92827vUG05pG+5KqIU0x3YP8KzAygyflfN7ClS+87JOuSvQjElY8yaLtUNftZn2nr2EK/ud1HHfVPdjNHqv3lQ==\",\"salt\":\"ggPrdGdcE+U8spc6rzMAow==\",\"additionalParameters\":{}}", "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" } ], "disableableCredentialTypes" : [ ], @@ -1633,6 +1794,52 @@ "realmRoles" : [ "default-roles-spiffworkflow" ], "notBefore" : 0, "groups" : [ ] + }, { + "id" : "7cf99174-49f1-4036-9eff-f7ba111a691f", + "createdTimestamp" : 1676566095455, + "username" : "security2.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "security2.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "168" ] + }, + "credentials" : [ { + "id" : "2402ab6b-c06f-4db6-a2ab-e2a0d63c7082", + "type" : "password", + "createdDate" : 1676566095491, + "secretData" : "{\"value\":\"SKxvUtsnbbqUMfcNnIU9YnrsrfCE7MH801Mf50pL9rj5/k+ZIrB2nDowGVjip0wdIgiYZbdT7mwHjmc2KBrmoQ==\",\"salt\":\"Ww6KCOsMjQmMkEAP0Pabfg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "01daff17-0ead-4ca1-ae90-9da59ac2878d", + "createdTimestamp" : 1676566095522, + "username" : "security3.sme", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "email" : "security3.sme@status.im", + "attributes" : { + "spiffworkflow-employeeid" : [ "169" ] + }, + "credentials" : [ { + "id" : "99ccf7fb-a8a5-44c1-82a8-074af6f1a21d", + "type" : "password", + "createdDate" : 1676566095557, + "secretData" : "{\"value\":\"LBBgnnqfxU+NqlT33rPCk2IyDrQQs9wdTG0syZ2GyovKe3iwBmarBio+0kSKiWWZQmF085ZO3jeR82hc1TDv3A==\",\"salt\":\"T6qwoJLQaXdaPBZZvhVCvw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-spiffworkflow" ], + "notBefore" : 0, + "groups" : [ ] }, { "id" : "b768e3ef-f905-4493-976c-bc3408c04bec", "createdTimestamp" : 1675447832524, @@ -2968,7 +3175,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-role-list-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { "id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd", @@ -2986,7 +3193,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper" ] } }, { "id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c", @@ -3076,7 +3283,7 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "b575ba3a-ceeb-4fcc-8921-906f534107e1", + "id" : "01b4b17c-bb82-41c3-b5b5-b9aadd21cb23", "alias" : "Account verification options", "description" : "Method with which to verity the existing account", "providerId" : "basic-flow", @@ -3098,7 +3305,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "2c8efabb-b397-4bb5-9c62-c7528d755e29", + "id" : "57574e2d-3c3d-4286-9fd1-d7f4ab86c6c1", "alias" : "Authentication Options", "description" : "Authentication options.", "providerId" : "basic-flow", @@ -3127,7 +3334,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "7838ba09-a8a1-4478-bacb-c20abaff7d05", + "id" : "1eb0e67c-2856-475e-8563-5eca431fd9d0", "alias" : "Browser - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3149,7 +3356,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "be4254ab-bdb7-4cca-8fa4-14956f460620", + "id" : "ff023867-aad5-4d19-a7da-60904727cd77", "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3171,7 +3378,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "3dc1581f-38dc-48d1-9e73-7aa45b38eae8", + "id" : "c4f2f1e4-a32c-4559-9fe3-f88cc6cb63da", "alias" : "First broker login - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -3193,7 +3400,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "8b280bec-2423-4590-bc28-8873e4f9c2e8", + "id" : "bfb28a5f-98d9-4ce0-ae8d-75a7ba1ad331", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -3215,7 +3422,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "8bc16848-7275-42a7-aaa4-30693d379600", + "id" : "8b2075bd-9ad7-44c3-9a06-bc60a13beb7a", "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", @@ -3237,7 +3444,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "727a7c7e-aceb-420a-be17-7e1aa1a19ef0", + "id" : "1fdcbed7-e44b-4473-ab7b-25037309660b", "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", @@ -3260,7 +3467,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "db654134-730a-4e50-841e-5ff9e206625f", + "id" : "2f6e9208-b0e6-4941-9bd5-8f83ebc25b6c", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -3282,7 +3489,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "06ced0a0-aec5-43dd-8b39-7d7ea7a5faf8", + "id" : "f059067e-d626-4be3-868f-4c8780318497", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -3318,7 +3525,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "0f8f80e3-56eb-49a1-8b7d-e22242699b78", + "id" : "c35098b5-3785-4f52-90e3-39b8f3841f0c", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -3354,7 +3561,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "a67ef3ee-332a-4f40-b2dc-69a3d7967808", + "id" : "c78934b6-5386-49e7-89e8-9efe1088f5b2", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -3383,7 +3590,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "e2e2fffa-81d3-4a4d-adb2-a0154e2f86cd", + "id" : "7a08791f-0c8b-4e11-a588-f5856b75337b", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -3398,7 +3605,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "fc418578-3c89-4f68-ad8f-825929669979", + "id" : "11e93dce-9673-4c99-ae7a-0edaf1c9b7e4", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -3421,7 +3628,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "31a9e34e-c499-4842-a085-a7ea0a4cab78", + "id" : "dbb50df7-ec6e-4a34-97f5-b484f1d8a76c", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -3443,7 +3650,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "ec66a031-7712-438a-91e7-564736cb3f75", + "id" : "d7a3dff9-249b-4811-9f36-b78119a4ce3f", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", @@ -3465,7 +3672,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "013a75a6-ae0d-459e-80eb-1681957b769b", + "id" : "ed4891ad-657c-45ac-9388-6c50d191124d", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -3481,7 +3688,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "e011c6be-e1d0-4f94-80b1-2e2b2eb61832", + "id" : "f7c308b0-58de-4ed2-bf69-394144698e5a", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -3517,7 +3724,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "4f7c3405-ce05-4799-a001-cb6404c72625", + "id" : "3fb75774-a3a5-4e01-bc4a-4e564451601d", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -3553,7 +3760,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "7bde2ab3-96b9-4323-be48-dfae94c84df1", + "id" : "822d5c02-9ab3-4a9b-8fa4-1f020c5ffe08", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -3569,13 +3776,13 @@ } ] } ], "authenticatorConfig" : [ { - "id" : "82c6898c-ff7c-442a-9ae1-8e1972634e01", + "id" : "0e613377-2aaa-4fed-bb7d-4dea69d5c340", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "5cfbdf35-1766-4eb3-a404-3560ae3f4cac", + "id" : "ac6b9188-f0ec-48ec-852a-8e3b331b33a6", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" diff --git a/spiffworkflow-backend/keycloak/test_user_lists/status b/spiffworkflow-backend/keycloak/test_user_lists/status index 4da1297f..d370b96a 100644 --- a/spiffworkflow-backend/keycloak/test_user_lists/status +++ b/spiffworkflow-backend/keycloak/test_user_lists/status @@ -2,12 +2,12 @@ email,spiffworkflow-employeeid # admin@spiffworkflow.org amir@status.im app.program.lead@status.im,121 -core@status.im,113 core1.contributor@status.im,155 core2.contributor@status.im,156 core3.contributor@status.im,157 core4.contributor@status.im,158 core5.contributor@status.im,159 +core@status.im,113 dao.project.lead@status.im desktop.program.lead@status.im desktop.project.lead@status.im @@ -19,26 +19,35 @@ infra.project-lead@status.im,130 infra.sme@status.im,119 infra1.sme@status.im,131 infra2.sme@status.im,132 +infra3.sme@status.im,167 jakub@status.im jarrad@status.im lead@status.im,114 legal.project-lead@status.im,133 legal.sme@status.im,125 legal1.sme@status.im,134 +legal2.sme@status.im,165 +legal3.sme@status.im,166 manuchehr@status.im,110 -peopleops.project-lead@status.im,147 peopleops.partner.sme@status.im,148 peopleops.partner1.sme@status.im,149 +peopleops.partner2.sme@status.im,173 +peopleops.partner3.sme@status.im,174 peopleops.partner@status.im,150 +peopleops.project-lead@status.im,147 peopleops.talent.sme@status.im,143 peopleops.talent1.sme@status.im,142 peopleops.talent@status.im,141 ppg.ba.project-lead@status.im,137 -ppg.ba.sme1@status.im,139 ppg.ba.sme@status.im,138 +ppg.ba1.sme@status.im,170 +ppg.ba2.sme@status.im,171 +ppg.ba3.sme@status.im,172 ppg.ba@status.im,127 sasha@status.im,112 security.project-lead@status.im,151 security.sme@status.im,123 security1.sme@status.im,135 +security2.sme@status.im,168 +security3.sme@status.im,169 services.lead@status.im,122 diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py index 2edb57f7..ad5dcb0f 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py @@ -45,7 +45,10 @@ def load_config_file(app: Flask, env_config_module: str) -> None: app.config.from_object(env_config_module) print(f"loaded config: {env_config_module}") except ImportStringError as exception: - if os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT") != "true": + if ( + os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT") + != "true" + ): raise ModuleNotFoundError( f"Cannot find config module: {env_config_module}" ) from exception From 5342b50bac6062e578575ddbdce546e8e3984975 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 16 Feb 2023 12:09:44 -0500 Subject: [PATCH 12/24] added some support for using the backend openid server for cypress tests w/ burnettk --- .github/workflows/frontend_tests.yml | 1 + .../openid_blueprint/templates/login.html | 6 ++--- spiffworkflow-frontend/cypress.config.js | 2 +- .../cypress/e2e/process_groups.cy.js | 2 +- .../cypress/support/commands.js | 22 ++++++++++++++----- .../src/components/ProcessGroupListTiles.tsx | 8 ++++++- 6 files changed, 29 insertions(+), 12 deletions(-) diff --git a/.github/workflows/frontend_tests.yml b/.github/workflows/frontend_tests.yml index f4ec6360..b0ed9bc4 100644 --- a/.github/workflows/frontend_tests.yml +++ b/.github/workflows/frontend_tests.yml @@ -101,6 +101,7 @@ jobs: CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} # pass GitHub token to allow accurately detecting a build vs a re-run build GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK: "true" - name: get_backend_logs_from_docker_compose if: failure() working-directory: ./spiffworkflow-backend diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/templates/login.html b/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/templates/login.html index a64322a4..858355c3 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/templates/login.html +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/templates/login.html @@ -15,16 +15,16 @@

Important: This login form is for demonstration purposes only. In production systems you should be using a real Open ID System.

- +

- +

- +