Merge branch 'main' into feature/message_fixes

This commit is contained in:
Dan 2023-02-17 12:01:38 -05:00
commit 50d3ee544b
52 changed files with 707 additions and 288 deletions

View File

@ -78,12 +78,12 @@ jobs:
- { python: "3.11", os: "ubuntu-latest", session: "docs-build" }
env:
NOXSESSION: ${{ matrix.session }}
SPIFF_DATABASE_TYPE: ${{ matrix.database }}
FORCE_COLOR: "1"
PRE_COMMIT_COLOR: "always"
DB_PASSWORD: password
FLASK_SESSION_SECRET_KEY: super_secret_key
FORCE_COLOR: "1"
NOXSESSION: ${{ matrix.session }}
PRE_COMMIT_COLOR: "always"
SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD: password
SPIFFWORKFLOW_BACKEND_DATABASE_TYPE: ${{ matrix.database }}
steps:
- name: Check out the repository

View File

@ -56,7 +56,7 @@ jobs:
path: pr/
cypress-run:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
@ -88,7 +88,7 @@ jobs:
working-directory: ./spiffworkflow-backend
run: ./keycloak/bin/wait_for_keycloak 5
- name: Cypress run
uses: cypress-io/github-action@v4
uses: cypress-io/github-action@v5
with:
working-directory: ./spiffworkflow-frontend
browser: chrome
@ -101,6 +101,7 @@ jobs:
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
# pass GitHub token to allow accurately detecting a build vs a re-run build
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CYPRESS_SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK: "true"
- name: get_backend_logs_from_docker_compose
if: failure()
working-directory: ./spiffworkflow-backend

View File

@ -115,3 +115,32 @@ jobs:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
quickstart-guide-test:
runs-on: ubuntu-latest
needs: [create_frontend_docker_container, create_backend_docker_container, create_demo-proxy]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Apps
run: ./bin/run_arena_with_docker_compose
- name: wait_for_backend
working-directory: ./spiffworkflow-backend
run: ./bin/wait_for_server_to_be_up 5 8000
- name: wait_for_frontend
working-directory: ./spiffworkflow-frontend
run: ./bin/wait_for_frontend_to_be_up 5 8001
- name: Cypress run
uses: cypress-io/github-action@v5
with:
working-directory: ./spiffworkflow-frontend
browser: chrome
# just run one test to make sure we didn't completely break it
spec: cypress/e2e/process_groups.cy.js
env:
# pass GitHub token to allow accurately detecting a build vs a re-run build
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CYPRESS_SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK: "false"
CYPRESS_SPIFFWORKFLOW_FRONTEND_USERNAME: "admin"
CYPRESS_SPIFFWORKFLOW_FRONTEND_PASSWORD: "admin"
SPIFFWORKFLOW_FRONTEND_PORT: 8001

View File

@ -0,0 +1,14 @@
#!/usr/bin/env bash
function error_handler() {
>&2 echo "Exited with BAD EXIT CODE '${2}' in ${0} script at line: ${1}."
exit "$2"
}
trap 'error_handler ${LINENO} $?' ERR
set -o errtrace -o errexit -o nounset -o pipefail
mkdir -p spiffworkflow
cd spiffworkflow
wget https://raw.githubusercontent.com/sartography/spiff-arena/main/docker-compose.yml
docker compose pull
docker compose up -d

View File

@ -7,9 +7,9 @@ services:
condition: service_healthy
environment:
APPLICATION_ROOT: "/"
PORT0: "${SPIFF_FRONTEND_PORT:-8001}"
PORT0: "${SPIFFWORKFLOW_FRONTEND_PORT:-8001}"
ports:
- "${SPIFF_FRONTEND_PORT:-8001}:${SPIFF_FRONTEND_PORT:-8001}/tcp"
- "${SPIFFWORKFLOW_FRONTEND_PORT:-8001}:${SPIFFWORKFLOW_FRONTEND_PORT:-8001}/tcp"
spiffworkflow-backend:
container_name: spiffworkflow-backend
@ -18,24 +18,25 @@ services:
spiffworkflow-db:
condition: service_healthy
environment:
APPLICATION_ROOT: "/"
SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT: "/"
SPIFFWORKFLOW_BACKEND_ENV: "local_development"
FLASK_DEBUG: "0"
FLASK_SESSION_SECRET_KEY: "${FLASK_SESSION_SECRET_KEY:-super_secret_key}"
OPEN_ID_SERVER_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}/openid"
SPIFFWORKFLOW_FRONTEND_URL: "http://localhost:${SPIFF_FRONTEND_PORT:-8001}"
# WARNING: Frontend is a static site which assumes frontend port - 1 on localhost.
SPIFFWORKFLOW_BACKEND_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}"
SPIFFWORKFLOW_BACKEND_PORT: "${SPIFF_BACKEND_PORT:-8000}"
SPIFFWORKFLOW_BACKEND_UPGRADE_DB: "true"
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR: "/app/process_models"
SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL: "http://spiffworkflow-connector:8004"
SPIFFWORKFLOW_BACKEND_DATABASE_URI: "mysql+mysqlconnector://root:${SPIFF_MYSQL_PASS:-my-secret-pw}@spiffworkflow-db:${SPIFF_MYSQL_PORT:-8003}/spiffworkflow_backend_development"
BPMN_SPEC_ABSOLUTE_DIR: "/app/process_models"
SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA: "false"
SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID: "spiffworkflow-backend"
SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY: "my_open_id_secret_key"
SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL: "http://localhost:${SPIFF_BACKEND_PORT:-8000}/openid"
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME: "example.yml"
RUN_BACKGROUND_SCHEDULER: "true"
OPEN_ID_CLIENT_ID: "spiffworkflow-backend"
OPEN_ID_CLIENT_SECRET_KEY: "my_open_id_secret_key"
CONNECTOR_PROXY_URL: "http://spiffworkflow-connector:8004"
SPIFFWORKFLOW_BACKEND_PORT: "${SPIFF_BACKEND_PORT:-8000}"
SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER: "true"
SPIFFWORKFLOW_BACKEND_UPGRADE_DB: "true"
SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND: "http://localhost:${SPIFFWORKFLOW_FRONTEND_PORT:-8001}"
ports:
- "${SPIFF_BACKEND_PORT:-8000}:${SPIFF_BACKEND_PORT:-8000}/tcp"
volumes:

View File

@ -10,12 +10,12 @@ set -o errtrace -o errexit -o nounset -o pipefail
# run migrations
export FLASK_APP=/app/src/spiffworkflow_backend
if [[ "${WAIT_FOR_DB_TO_BE_READY:-}" == "true" ]]; then
if [[ "${SPIFFWORKFLOW_BACKEND_WAIT_FOR_DB_TO_BE_READY:-}" == "true" ]]; then
echo 'Waiting for db to be ready...'
poetry run python ./bin/wait_for_db_to_be_ready.py
fi
if [[ "${DOWNGRADE_DB:-}" == "true" ]]; then
if [[ "${SPIFFWORKFLOW_BACKEND_DOWNGRADE_DB:-}" == "true" ]]; then
echo 'Downgrading database...'
poetry run flask db downgrade
fi
@ -40,8 +40,8 @@ fi
additional_args=""
if [[ "${APPLICATION_ROOT:-}" != "/" ]]; then
additional_args="${additional_args} -e SCRIPT_NAME=${APPLICATION_ROOT}"
if [[ "${SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT:-}" != "/" ]]; then
additional_args="${additional_args} -e SCRIPT_NAME=${SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT}"
fi
# HACK: if loading fixtures for acceptance tests when we do not need multiple workers
@ -56,8 +56,8 @@ if [[ "${SPIFFWORKFLOW_BACKEND_RUN_DATA_SETUP:-}" != "false" ]]; then
fi
# Assure that the the Process Models Directory is initialized as a git repo
git init "${BPMN_SPEC_ABSOLUTE_DIR}"
git config --global --add safe.directory "${BPMN_SPEC_ABSOLUTE_DIR}"
git init "${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR}"
git config --global --add safe.directory "${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR}"
export IS_GUNICORN="true"
# THIS MUST BE THE LAST COMMAND!

View File

@ -7,8 +7,8 @@ function error_handler() {
trap 'error_handler ${LINENO} $?' ERR
set -o errtrace -o errexit -o nounset -o pipefail
BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models)
export BPMN_SPEC_ABSOLUTE_DIR
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models)
export SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR
if [[ -z "${SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE:-}" ]]; then
export SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE=run

View File

@ -31,16 +31,16 @@ if [[ -z "${SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE:-}" ]]; then
export SPIFFWORKFLOW_BACKEND_DOCKER_COMPOSE_PROFILE=run
fi
if [[ -z "${SPIFFWORKFLOW_FRONTEND_URL:-}" ]]; then
export SPIFFWORKFLOW_FRONTEND_URL='http://167.172.242.138:7001'
if [[ -z "${SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND:-}" ]]; then
export SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND='http://167.172.242.138:7001'
fi
if [[ -z "${SPIFFWORKFLOW_BACKEND_URL:-}" ]]; then
export SPIFFWORKFLOW_BACKEND_URL='http://167.172.242.138:7000'
fi
if [[ -z "${OPEN_ID_SERVER_URL:-}" ]]; then
export OPEN_ID_SERVER_URL='http://167.172.242.138:7002'
if [[ -z "${SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL:-}" ]]; then
export SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL='http://167.172.242.138:7002'
fi
git pull

View File

@ -7,19 +7,19 @@ function error_handler() {
trap 'error_handler ${LINENO} $?' ERR
set -o errtrace -o errexit -o nounset -o pipefail
if [[ -z "${BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then
if [[ -z "${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then
script_dir="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../../sample-process-models"
if [[ ! -d "$BPMN_SPEC_ABSOLUTE_DIR" ]]; then
BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../sample-process-models"
if [[ ! -d "$BPMN_SPEC_ABSOLUTE_DIR" ]]; then
>&2 echo "ERROR: Could not find a location for the sample processes. Last tried: $BPMN_SPEC_ABSOLUTE_DIR"
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../../sample-process-models"
if [[ ! -d "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ]]; then
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../sample-process-models"
if [[ ! -d "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ]]; then
>&2 echo "ERROR: Could not find a location for the sample processes. Last tried: $SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"
exit 1
fi
fi
pushd "$BPMN_SPEC_ABSOLUTE_DIR" >/dev/null 2>&1
pushd "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" >/dev/null 2>&1
if [[ "$(git rev-parse --abbrev-ref HEAD)" == "main" ]]; then
>&2 echo "ERROR: please do not use the main branch of sample-process-models. use dev"
exit 1
@ -27,4 +27,4 @@ if [[ -z "${BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then
popd >/dev/null 2>&1
fi
realpath "$BPMN_SPEC_ABSOLUTE_DIR"
realpath "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"

View File

@ -9,8 +9,8 @@ from spiffworkflow_backend.models.process_instance import ProcessInstanceModel
def main(process_instance_id: str):
"""Main."""
os.environ["SPIFFWORKFLOW_BACKEND_ENV"] = "local_development"
if os.environ.get("BPMN_SPEC_ABSOLUTE_DIR") is None:
os.environ["BPMN_SPEC_ABSOLUTE_DIR"] = "hey"
if os.environ.get("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR") is None:
os.environ["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = "hey"
flask_env_key = "FLASK_SESSION_SECRET_KEY"
os.environ[flask_env_key] = "whatevs"
app = create_app()

View File

@ -21,8 +21,8 @@ if [[ -z "${5:-}" ]]; then
exit 1
fi
if [[ -z "$git_commit_password" && -z "${GIT_SSH_PRIVATE_KEY:-}" ]]; then
>&2 echo "ERROR: A git password or GIT_SSH_PRIVATE_KEY must be provided"
if [[ -z "$git_commit_password" && -z "${SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY:-}" ]]; then
>&2 echo "ERROR: A git password or SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY must be provided"
exit 1
fi
@ -43,10 +43,10 @@ function run() {
git config --local user.name "$git_commit_username"
git config --local user.email "$git_commit_email"
if [[ -n "${GIT_SSH_PRIVATE_KEY:-}" ]]; then
if [[ -n "${SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY:-}" ]]; then
tmpfile=$(mktemp /tmp/tmp_git.XXXXXX)
chmod 600 "$tmpfile"
echo "$GIT_SSH_PRIVATE_KEY" >"$tmpfile"
echo "$SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY" >"$tmpfile"
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${tmpfile} -F /dev/null"
else
PAT="${git_commit_username}:${git_commit_password}"
@ -57,7 +57,7 @@ function run() {
git commit -m "$git_commit_message"
git push --set-upstream origin "$git_branch"
if [[ -z "${GIT_SSH_PRIVATE_KEY:-}" ]]; then
if [[ -z "${SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY:-}" ]]; then
git config --unset --local http.extraHeader
fi
fi

View File

@ -9,18 +9,18 @@ set -o errtrace -o errexit -o nounset -o pipefail
export FLASK_SESSION_SECRET_KEY="this_is_recreate_db_secret_key"
if [[ -z "${BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then
if [[ -z "${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR:-}" ]]; then
script_dir="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../../sample-process-models"
if [[ ! -d "$BPMN_SPEC_ABSOLUTE_DIR" ]]; then
BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../sample-process-models"
if [[ ! -d "$BPMN_SPEC_ABSOLUTE_DIR" ]]; then
>&2 echo "ERROR: Could not find a location for the sample processes. Last tried: $BPMN_SPEC_ABSOLUTE_DIR"
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../../sample-process-models"
if [[ ! -d "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ]]; then
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR="${script_dir}/../../sample-process-models"
if [[ ! -d "$SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" ]]; then
>&2 echo "ERROR: Could not find a location for the sample processes. Last tried: $SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"
exit 1
fi
fi
export BPMN_SPEC_ABSOLUTE_DIR
export SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR
fi
tasks=""
@ -40,7 +40,7 @@ if [[ "${1:-}" == "clean" ]]; then
# TODO: check to see if the db already exists and we can connect to it. also actually clean it up.
# start postgres in background with one db
if [[ "${SPIFF_DATABASE_TYPE:-}" == "postgres" ]]; then
if [[ "${SPIFFWORKFLOW_BACKEND_DATABASE_TYPE:-}" == "postgres" ]]; then
if ! docker exec -it postgres-spiff psql -U spiffworkflow_backend spiffworkflow_backend_testing -c "select 1"; then
docker run --name postgres-spiff -p 5432:5432 -e POSTGRES_PASSWORD=spiffworkflow_backend -e POSTGRES_USER=spiffworkflow_backend -e POSTGRES_DB=spiffworkflow_backend_testing -d postgres
sleep 4 # classy

View File

@ -17,11 +17,11 @@ if [[ -z "${SPIFFWORKFLOW_BACKEND_ENV:-}" ]]; then
export SPIFFWORKFLOW_BACKEND_ENV=local_development
fi
BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models)
export BPMN_SPEC_ABSOLUTE_DIR
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=$(./bin/find_sample_process_models)
export SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR
export FLASK_SESSION_SECRET_KEY=super_secret_key
export APPLICATION_ROOT="/"
export SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT="/"
if [[ -n "${SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA:-}" ]]; then
./bin/boot_server_in_docker
@ -29,13 +29,13 @@ else
export FLASK_DEBUG=1
if [[ "${SPIFFWORKFLOW_BACKEND_RUN_DATA_SETUP:-}" != "false" ]]; then
RUN_BACKGROUND_SCHEDULER=false SPIFFWORKFLOW_BACKEND_FAIL_ON_INVALID_PROCESS_MODELS=false poetry run python bin/save_all_bpmn.py
SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER=false SPIFFWORKFLOW_BACKEND_FAIL_ON_INVALID_PROCESS_MODELS=false poetry run python bin/save_all_bpmn.py
fi
if [[ -z "${RUN_BACKGROUND_SCHEDULER:-}" ]]; then
RUN_BACKGROUND_SCHEDULER=true
if [[ -z "${SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER:-}" ]]; then
SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER=true
fi
# this line blocks
RUN_BACKGROUND_SCHEDULER="${RUN_BACKGROUND_SCHEDULER}" FLASK_APP=src/spiffworkflow_backend poetry run flask run -p 7000
SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER="${SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER}" FLASK_APP=src/spiffworkflow_backend poetry run flask run -p 7000
fi

View File

@ -11,8 +11,8 @@ from spiffworkflow_backend.services.secret_service import SecretService
def main(env_file: str):
"""Main."""
os.environ["SPIFFWORKFLOW_BACKEND_ENV"] = "local_development"
if os.environ.get("BPMN_SPEC_ABSOLUTE_DIR") is None:
os.environ["BPMN_SPEC_ABSOLUTE_DIR"] = "hey"
if os.environ.get("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR") is None:
os.environ["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = "hey"
flask_env_key = "FLASK_SESSION_SECRET_KEY"
os.environ[flask_env_key] = "whatevs"
app = create_app()

View File

@ -7,14 +7,12 @@ function error_handler() {
trap 'error_handler ${LINENO} $?' ERR
set -o errtrace -o errexit -o nounset -o pipefail
max_attempts="${1:-}"
if [[ -z "$max_attempts" ]]; then
max_attempts=100
fi
max_attempts="${1:-100}"
port="${2:-7000}"
echo "waiting for backend to come up..."
attempts=0
while [[ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:7000/v1.0/status)" != "200" ]]; do
while [[ "$(curl -s -o /dev/null -w '%{http_code}' "http://localhost:${port}/v1.0/status")" != "200" ]]; do
if [[ "$attempts" -gt "$max_attempts" ]]; then
>&2 echo "ERROR: Server not up after $max_attempts attempts. There is probably a problem"
exit 1
@ -22,3 +20,4 @@ while [[ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:7000/v1.0/st
attempts=$(( attempts + 1 ))
sleep 1
done
echo "backend up"

View File

@ -50,25 +50,25 @@ services:
build:
context: .
environment:
- APPLICATION_ROOT=/
- SPIFFWORKFLOW_BACKEND_ENV=${SPIFFWORKFLOW_BACKEND_ENV:-local_development}
- FLASK_DEBUG=0
- FLASK_SESSION_SECRET_KEY=${FLASK_SESSION_SECRET_KEY:-super_secret_key}
- OPEN_ID_SERVER_URL=${OPEN_ID_SERVER_URL:-http://localhost:7002/realms/spiffworkflow}
- SPIFFWORKFLOW_FRONTEND_URL=${SPIFFWORKFLOW_FRONTEND_URL:-http://localhost:7001}
- SPIFFWORKFLOW_BACKEND_URL=${SPIFFWORKFLOW_BACKEND_URL:-http://localhost:7000}
- SPIFFWORKFLOW_BACKEND_PORT=7000
- SPIFFWORKFLOW_BACKEND_UPGRADE_DB=true
- SPIFFWORKFLOW_BACKEND_APPLICATION_ROOT=/
- SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=/app/process_models
- SPIFFWORKFLOW_BACKEND_DATABASE_URI=mysql+mysqlconnector://root:${SPIFFWORKFLOW_BACKEND_MYSQL_ROOT_DATABASE:-my-secret-pw}@localhost:7003/${SPIFFWORKFLOW_BACKEND_DATABASE_NAME:-spiffworkflow_backend_development}
- BPMN_SPEC_ABSOLUTE_DIR=/app/process_models
- SPIFFWORKFLOW_BACKEND_ENV=${SPIFFWORKFLOW_BACKEND_ENV:-local_development}
- SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA=${SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA:-false}
- SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL=${SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL:-http://localhost:7002/realms/spiffworkflow}
- SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME=${SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME:-acceptance_tests.yml}
- RUN_BACKGROUND_SCHEDULER=true
- SPIFFWORKFLOW_BACKEND_PORT=7000
- SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER=true
- SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND=${SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND:-http://localhost:7001}
- SPIFFWORKFLOW_BACKEND_UPGRADE_DB=true
- SPIFFWORKFLOW_BACKEND_URL=${SPIFFWORKFLOW_BACKEND_URL:-http://localhost:7000}
ports:
- "7000:7000"
network_mode: host
volumes:
- ${BPMN_SPEC_ABSOLUTE_DIR:-../../sample-process-models}:/app/process_models
- ${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR:-../../sample-process-models}:/app/process_models
- ./log:/app/log
healthcheck:
test: curl localhost:7000/v1.0/status --fail
@ -82,7 +82,7 @@ services:
profiles:
- debug
volumes:
- ${BPMN_SPEC_ABSOLUTE_DIR:-../../sample-process-models}:/app/process_models
- ${SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR:-../../sample-process-models}:/app/process_models
- ./:/app
command: /app/bin/boot_in_docker_debug_mode

View File

@ -7,14 +7,12 @@ function error_handler() {
trap 'error_handler ${LINENO} $?' ERR
set -o errtrace -o errexit -o nounset -o pipefail
max_attempts="${1:-}"
if [[ -z "$max_attempts" ]]; then
max_attempts=100
fi
max_attempts="${1:-100}"
port="${2:-7002}"
echo "waiting for backend to come up..."
echo "waiting for keycloak to come up..."
attempts=0
while [[ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:7002/realms/master/.well-known/openid-configuration)" != "200" ]]; do
while [[ "$(curl -s -o /dev/null -w '%{http_code}' "http://localhost:${port}/realms/master/.well-known/openid-configuration")" != "200" ]]; do
if [[ "$attempts" -gt "$max_attempts" ]]; then
>&2 echo "ERROR: Server not up after $max_attempts attempts. There is probably a problem"
exit 1
@ -22,3 +20,4 @@ while [[ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:7002/realms/
attempts=$(( attempts + 1 ))
sleep 1
done
echo "keycloak up"

View File

@ -396,7 +396,7 @@
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"otpPolicyCodeReusable" : false,
"otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ],
"otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
@ -970,6 +970,29 @@
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "6c8829ab-d37c-4638-99b0-c83e732dc02f",
"createdTimestamp" : 1676566095383,
"username" : "infra3.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "infra3.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "167" ]
},
"credentials" : [ {
"id" : "06476e91-a1db-4f9c-848b-f9ba120a200e",
"type" : "password",
"createdDate" : 1676566095417,
"secretData" : "{\"value\":\"00UdICckafKEytSulbqdURfya9ZO4UlmAlQQ6R/he44Jv0wkYGIk/vadNE5ACgmIBunoj6jANVbu87ZWNxp1Dw==\",\"salt\":\"etUtwyB9nvChOvyw1P0xkA==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "b8d0d90e-9a7e-446c-9984-082cb315af8f",
"createdTimestamp" : 1675718484095,
@ -1202,6 +1225,52 @@
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "8763cdfb-46d4-4585-a17f-57acc1e44646",
"createdTimestamp" : 1676566095195,
"username" : "legal2.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "legal2.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "165" ]
},
"credentials" : [ {
"id" : "9322a6c5-0c19-48ee-aa92-c28eae605e95",
"type" : "password",
"createdDate" : 1676566095260,
"secretData" : "{\"value\":\"yfqeGYoyN5ZZM7SoAbVvDCM/J3fwhS17A1/L1GkLZoB3+844lK5g7iWJjrnrmBpzNAPjKKDx0aTGdEWetxt9Qg==\",\"salt\":\"zvh/FXb9F/wdWUupHwNFjw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "adba601b-d3c0-43fc-ae7e-cb6120ab342d",
"createdTimestamp" : 1676566095313,
"username" : "legal3.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "legal3.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "166" ]
},
"credentials" : [ {
"id" : "d1bb52f8-92b1-4873-a356-e9dc9739e1e6",
"type" : "password",
"createdDate" : 1676566095348,
"secretData" : "{\"value\":\"END4w4oxI1H5C5l4dqeYqrClb0y+vx3tuI484ELpqouEIol5P/piTiv8Q5/ECbb3jj8opjUFZZfvc12VIukCWw==\",\"salt\":\"e0EvbNYHC9jdqPkX3AneYw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "588e69b9-7534-4073-861d-500475b12b24",
"createdTimestamp" : 1675718484566,
@ -1357,6 +1426,52 @@
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "2a5d7caa-2c3e-4404-a133-ec220c0307db",
"createdTimestamp" : 1676566095780,
"username" : "peopleops.partner2.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "peopleops.partner2.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "173" ]
},
"credentials" : [ {
"id" : "64fc835c-b693-4fed-ab9f-952cbaadbbfd",
"type" : "password",
"createdDate" : 1676566095815,
"secretData" : "{\"value\":\"w5nUlwlH1Z46WGhfejPIiRW6OkE9bcjHNCVySUDzMIpkbCm3f78XfuvdGSDeCpJ/FQCJuFo5ciDJ7ExXLyLfnQ==\",\"salt\":\"nz1xSxci+NFsyPZPhFDtZQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "2df3aa5e-5e5b-4c4a-b9bc-3a916c651632",
"createdTimestamp" : 1676566095846,
"username" : "peopleops.partner3.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "peopleops.partner3.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "174" ]
},
"credentials" : [ {
"id" : "efaaec98-45c7-45cc-b4a4-32708882b72f",
"type" : "password",
"createdDate" : 1676566095880,
"secretData" : "{\"value\":\"B9M+AGxXUX4/+ce0y6AgFBm4F7phl5+6zToumcfheXglqcag2jr7iqLTtvwVkz3w8x7rmxUrzs7rkJPhK+/Jpg==\",\"salt\":\"rLFkhDJLxRuCNw7PNswlSQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "dbf941e7-0b45-4bc6-ae9e-d7153d32ce47",
"createdTimestamp" : 1676302143401,
@ -1519,21 +1634,67 @@
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "d0355a9b-43d2-4111-b294-07c4dfa261b1",
"createdTimestamp" : 1676302144418,
"username" : "ppg.ba.sme1",
"id" : "2cc27223-369b-4abb-b7b3-7c3668bb4695",
"createdTimestamp" : 1676566095589,
"username" : "ppg.ba1.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "ppg.ba.sme1@status.im",
"email" : "ppg.ba1.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "139" ]
"spiffworkflow-employeeid" : [ "170" ]
},
"credentials" : [ {
"id" : "cca986d0-d323-4c62-8752-989f4fc7551e",
"id" : "80015df9-1c37-4c2c-9862-e4c5bf3c7fe1",
"type" : "password",
"createdDate" : 1676302144451,
"secretData" : "{\"value\":\"WcgfAuHzOZIaE5n1+cNRqkHfur2P9HQg5sn+xoucHSGyu0ibXd19LK+x6ITyoG153VEhws6PvPIB195MlSxOsw==\",\"salt\":\"lChW81Tfy5VZruOu/x0RZA==\",\"additionalParameters\":{}}",
"createdDate" : 1676566095623,
"secretData" : "{\"value\":\"aHhv9WD2OpLT99Pt8adXov9qlO+mHdZc/YnLcwmg/FN1GZ5s1ExKD+PgiJnbUMyiIrEoTaMImRlG0+CaXNB8pA==\",\"salt\":\"WG3QARMAE6XD4CYMq/vVog==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "ccdd9a3c-2df1-4b01-8cd0-f983e2975044",
"createdTimestamp" : 1676566095652,
"username" : "ppg.ba2.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "ppg.ba2.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "171" ]
},
"credentials" : [ {
"id" : "1a1b635b-78a0-4e1b-be27-54fa8e5bf46e",
"type" : "password",
"createdDate" : 1676566095686,
"secretData" : "{\"value\":\"lvIpCEkCU7VjWkc5HVjIpbEX3m2y0qRAm6vpUOF6jsC3kPOU32kGTpXtoAXRMQYqzwwrZPezkWiBWSc9tZQZmw==\",\"salt\":\"4vtZJjWkwRZZpQHL0y2cFQ==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "6d570a0f-66dc-4059-a9b5-17bcfaf92c25",
"createdTimestamp" : 1676566095715,
"username" : "ppg.ba3.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "ppg.ba3.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "172" ]
},
"credentials" : [ {
"id" : "81737a3e-74be-48e7-8540-47df7189f6b8",
"type" : "password",
"createdDate" : 1676566095750,
"secretData" : "{\"value\":\"92827vUG05pG+5KqIU0x3YP8KzAygyflfN7ClS+87JOuSvQjElY8yaLtUNftZn2nr2EK/ud1HHfVPdjNHqv3lQ==\",\"salt\":\"ggPrdGdcE+U8spc6rzMAow==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
@ -1633,6 +1794,52 @@
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "7cf99174-49f1-4036-9eff-f7ba111a691f",
"createdTimestamp" : 1676566095455,
"username" : "security2.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "security2.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "168" ]
},
"credentials" : [ {
"id" : "2402ab6b-c06f-4db6-a2ab-e2a0d63c7082",
"type" : "password",
"createdDate" : 1676566095491,
"secretData" : "{\"value\":\"SKxvUtsnbbqUMfcNnIU9YnrsrfCE7MH801Mf50pL9rj5/k+ZIrB2nDowGVjip0wdIgiYZbdT7mwHjmc2KBrmoQ==\",\"salt\":\"Ww6KCOsMjQmMkEAP0Pabfg==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "01daff17-0ead-4ca1-ae90-9da59ac2878d",
"createdTimestamp" : 1676566095522,
"username" : "security3.sme",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "security3.sme@status.im",
"attributes" : {
"spiffworkflow-employeeid" : [ "169" ]
},
"credentials" : [ {
"id" : "99ccf7fb-a8a5-44c1-82a8-074af6f1a21d",
"type" : "password",
"createdDate" : 1676566095557,
"secretData" : "{\"value\":\"LBBgnnqfxU+NqlT33rPCk2IyDrQQs9wdTG0syZ2GyovKe3iwBmarBio+0kSKiWWZQmF085ZO3jeR82hc1TDv3A==\",\"salt\":\"T6qwoJLQaXdaPBZZvhVCvw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "b768e3ef-f905-4493-976c-bc3408c04bec",
"createdTimestamp" : 1675447832524,
@ -2968,7 +3175,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-role-list-mapper" ]
"allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ]
}
}, {
"id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd",
@ -2986,7 +3193,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper" ]
"allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper" ]
}
}, {
"id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c",
@ -3076,7 +3283,7 @@
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
"id" : "b575ba3a-ceeb-4fcc-8921-906f534107e1",
"id" : "01b4b17c-bb82-41c3-b5b5-b9aadd21cb23",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@ -3098,7 +3305,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "2c8efabb-b397-4bb5-9c62-c7528d755e29",
"id" : "57574e2d-3c3d-4286-9fd1-d7f4ab86c6c1",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@ -3127,7 +3334,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "7838ba09-a8a1-4478-bacb-c20abaff7d05",
"id" : "1eb0e67c-2856-475e-8563-5eca431fd9d0",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -3149,7 +3356,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "be4254ab-bdb7-4cca-8fa4-14956f460620",
"id" : "ff023867-aad5-4d19-a7da-60904727cd77",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -3171,7 +3378,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "3dc1581f-38dc-48d1-9e73-7aa45b38eae8",
"id" : "c4f2f1e4-a32c-4559-9fe3-f88cc6cb63da",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -3193,7 +3400,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "8b280bec-2423-4590-bc28-8873e4f9c2e8",
"id" : "bfb28a5f-98d9-4ce0-ae8d-75a7ba1ad331",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
@ -3215,7 +3422,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "8bc16848-7275-42a7-aaa4-30693d379600",
"id" : "8b2075bd-9ad7-44c3-9a06-bc60a13beb7a",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
@ -3237,7 +3444,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "727a7c7e-aceb-420a-be17-7e1aa1a19ef0",
"id" : "1fdcbed7-e44b-4473-ab7b-25037309660b",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@ -3260,7 +3467,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "db654134-730a-4e50-841e-5ff9e206625f",
"id" : "2f6e9208-b0e6-4941-9bd5-8f83ebc25b6c",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@ -3282,7 +3489,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "06ced0a0-aec5-43dd-8b39-7d7ea7a5faf8",
"id" : "f059067e-d626-4be3-868f-4c8780318497",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@ -3318,7 +3525,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "0f8f80e3-56eb-49a1-8b7d-e22242699b78",
"id" : "c35098b5-3785-4f52-90e3-39b8f3841f0c",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@ -3354,7 +3561,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "a67ef3ee-332a-4f40-b2dc-69a3d7967808",
"id" : "c78934b6-5386-49e7-89e8-9efe1088f5b2",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@ -3383,7 +3590,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "e2e2fffa-81d3-4a4d-adb2-a0154e2f86cd",
"id" : "7a08791f-0c8b-4e11-a588-f5856b75337b",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@ -3398,7 +3605,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "fc418578-3c89-4f68-ad8f-825929669979",
"id" : "11e93dce-9673-4c99-ae7a-0edaf1c9b7e4",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@ -3421,7 +3628,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "31a9e34e-c499-4842-a085-a7ea0a4cab78",
"id" : "dbb50df7-ec6e-4a34-97f5-b484f1d8a76c",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@ -3443,7 +3650,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "ec66a031-7712-438a-91e7-564736cb3f75",
"id" : "d7a3dff9-249b-4811-9f36-b78119a4ce3f",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
@ -3465,7 +3672,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "013a75a6-ae0d-459e-80eb-1681957b769b",
"id" : "ed4891ad-657c-45ac-9388-6c50d191124d",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@ -3481,7 +3688,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "e011c6be-e1d0-4f94-80b1-2e2b2eb61832",
"id" : "f7c308b0-58de-4ed2-bf69-394144698e5a",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@ -3517,7 +3724,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "4f7c3405-ce05-4799-a001-cb6404c72625",
"id" : "3fb75774-a3a5-4e01-bc4a-4e564451601d",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
@ -3553,7 +3760,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "7bde2ab3-96b9-4323-be48-dfae94c84df1",
"id" : "822d5c02-9ab3-4a9b-8fa4-1f020c5ffe08",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@ -3569,13 +3776,13 @@
} ]
} ],
"authenticatorConfig" : [ {
"id" : "82c6898c-ff7c-442a-9ae1-8e1972634e01",
"id" : "0e613377-2aaa-4fed-bb7d-4dea69d5c340",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
"id" : "5cfbdf35-1766-4eb3-a404-3560ae3f4cac",
"id" : "ac6b9188-f0ec-48ec-852a-8e3b331b33a6",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"

View File

@ -2,12 +2,12 @@ email,spiffworkflow-employeeid
# admin@spiffworkflow.org
amir@status.im
app.program.lead@status.im,121
core@status.im,113
core1.contributor@status.im,155
core2.contributor@status.im,156
core3.contributor@status.im,157
core4.contributor@status.im,158
core5.contributor@status.im,159
core@status.im,113
dao.project.lead@status.im
desktop.program.lead@status.im
desktop.project.lead@status.im
@ -19,26 +19,35 @@ infra.project-lead@status.im,130
infra.sme@status.im,119
infra1.sme@status.im,131
infra2.sme@status.im,132
infra3.sme@status.im,167
jakub@status.im
jarrad@status.im
lead@status.im,114
legal.project-lead@status.im,133
legal.sme@status.im,125
legal1.sme@status.im,134
legal2.sme@status.im,165
legal3.sme@status.im,166
manuchehr@status.im,110
peopleops.project-lead@status.im,147
peopleops.partner.sme@status.im,148
peopleops.partner1.sme@status.im,149
peopleops.partner2.sme@status.im,173
peopleops.partner3.sme@status.im,174
peopleops.partner@status.im,150
peopleops.project-lead@status.im,147
peopleops.talent.sme@status.im,143
peopleops.talent1.sme@status.im,142
peopleops.talent@status.im,141
ppg.ba.project-lead@status.im,137
ppg.ba.sme1@status.im,139
ppg.ba.sme@status.im,138
ppg.ba1.sme@status.im,170
ppg.ba2.sme@status.im,171
ppg.ba3.sme@status.im,172
ppg.ba@status.im,127
sasha@status.im,112
security.project-lead@status.im,151
security.sme@status.im,123
security1.sme@status.im,135
security2.sme@status.im,168
security3.sme@status.im,169
services.lead@status.im,122

View File

@ -115,7 +115,7 @@ def create_app() -> flask.app.Flask:
# need to continually keep asking for the same path.
origins_re = [
r"^https?:\/\/%s(.*)" % o.replace(".", r"\.")
for o in app.config["CORS_ALLOW_ORIGINS"]
for o in app.config["SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS"]
]
CORS(app, origins=origins_re, max_age=3600, supports_credentials=True)
@ -128,7 +128,7 @@ def create_app() -> flask.app.Flask:
# do not start the scheduler twice in flask debug mode
if (
app.config["RUN_BACKGROUND_SCHEDULER"]
app.config["SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER"]
and os.environ.get("WERKZEUG_RUN_MAIN") != "true"
):
start_scheduler(app)
@ -147,13 +147,15 @@ def get_hacked_up_app_for_script() -> flask.app.Flask:
os.environ["SPIFFWORKFLOW_BACKEND_ENV"] = "local_development"
flask_env_key = "FLASK_SESSION_SECRET_KEY"
os.environ[flask_env_key] = "whatevs"
if "BPMN_SPEC_ABSOLUTE_DIR" not in os.environ:
if "SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR" not in os.environ:
home = os.environ["HOME"]
full_process_model_path = (
f"{home}/projects/github/sartography/sample-process-models"
)
if os.path.isdir(full_process_model_path):
os.environ["BPMN_SPEC_ABSOLUTE_DIR"] = full_process_model_path
os.environ["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = (
full_process_model_path
)
else:
raise Exception(f"Could not find {full_process_model_path}")
app = create_app()
@ -198,20 +200,28 @@ def configure_sentry(app: flask.app.Flask) -> None:
return None
return event
sentry_errors_sample_rate = app.config.get("SENTRY_ERRORS_SAMPLE_RATE")
sentry_errors_sample_rate = app.config.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE"
)
if sentry_errors_sample_rate is None:
raise Exception("SENTRY_ERRORS_SAMPLE_RATE is not set somehow")
raise Exception(
"SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE is not set somehow"
)
sentry_traces_sample_rate = app.config.get("SENTRY_TRACES_SAMPLE_RATE")
sentry_traces_sample_rate = app.config.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE"
)
if sentry_traces_sample_rate is None:
raise Exception("SENTRY_TRACES_SAMPLE_RATE is not set somehow")
raise Exception(
"SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE is not set somehow"
)
# profiling doesn't work on windows, because of an issue like https://github.com/nvdv/vprof/issues/62
# but also we commented out profiling because it was causing segfaults (i guess it is marked experimental)
# profiles_sample_rate = 0 if sys.platform.startswith("win") else 1
sentry_sdk.init(
dsn=app.config.get("SENTRY_DSN"),
dsn=app.config.get("SPIFFWORKFLOW_BACKEND_SENTRY_DSN"),
integrations=[
FlaskIntegration(),
],

View File

@ -17,17 +17,17 @@ def setup_database_uri(app: Flask) -> None:
"""Setup_database_uri."""
if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_URI") is None:
database_name = f"spiffworkflow_backend_{app.config['ENV_IDENTIFIER']}"
if app.config.get("SPIFF_DATABASE_TYPE") == "sqlite":
if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") == "sqlite":
app.config["SQLALCHEMY_DATABASE_URI"] = (
f"sqlite:///{app.instance_path}/db_{app.config['ENV_IDENTIFIER']}.sqlite3"
)
elif app.config.get("SPIFF_DATABASE_TYPE") == "postgres":
elif app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") == "postgres":
app.config["SQLALCHEMY_DATABASE_URI"] = (
f"postgresql://spiffworkflow_backend:spiffworkflow_backend@localhost:5432/{database_name}"
)
else:
# use pswd to trick flake8 with hardcoded passwords
db_pswd = os.environ.get("DB_PASSWORD")
db_pswd = app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD")
if db_pswd is None:
db_pswd = ""
app.config["SQLALCHEMY_DATABASE_URI"] = (
@ -45,22 +45,30 @@ def load_config_file(app: Flask, env_config_module: str) -> None:
app.config.from_object(env_config_module)
print(f"loaded config: {env_config_module}")
except ImportStringError as exception:
if os.environ.get("TERRAFORM_DEPLOYED_ENVIRONMENT") != "true":
if (
os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT")
!= "true"
):
raise ModuleNotFoundError(
f"Cannot find config module: {env_config_module}"
) from exception
def _set_up_tenant_specific_fields_as_list_of_strings(app: Flask) -> None:
tenant_specific_fields = app.config.get("OPEN_ID_TENANT_SPECIFIC_FIELDS")
tenant_specific_fields = app.config.get(
"SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"
)
if tenant_specific_fields is None or tenant_specific_fields == "":
app.config["OPEN_ID_TENANT_SPECIFIC_FIELDS"] = []
app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"] = []
else:
app.config["OPEN_ID_TENANT_SPECIFIC_FIELDS"] = tenant_specific_fields.split(",")
if len(app.config["OPEN_ID_TENANT_SPECIFIC_FIELDS"]) > 3:
app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"] = (
tenant_specific_fields.split(",")
)
if len(app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"]) > 3:
raise ConfigurationError(
"OPEN_ID_TENANT_SPECIFIC_FIELDS can have a maximum of 3 fields"
"SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS can have a"
" maximum of 3 fields"
)
@ -80,7 +88,7 @@ def setup_config(app: Flask) -> None:
env_config_prefix = "spiffworkflow_backend.config."
if (
os.environ.get("TERRAFORM_DEPLOYED_ENVIRONMENT") == "true"
os.environ.get("SPIFFWORKFLOW_BACKEND_TERRAFORM_DEPLOYED_ENVIRONMENT") == "true"
and os.environ.get("SPIFFWORKFLOW_BACKEND_ENV") is not None
):
load_config_file(app, f"{env_config_prefix}terraform_deployed_environment")
@ -116,8 +124,10 @@ def setup_config(app: Flask) -> None:
# src/spiffworkflow_backend/config/secrets.py
app.config.from_pyfile(os.path.join("config", "secrets.py"), silent=True)
if app.config["BPMN_SPEC_ABSOLUTE_DIR"] is None:
raise ConfigurationError("BPMN_SPEC_ABSOLUTE_DIR config must be set")
if app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] is None:
raise ConfigurationError(
"SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set"
)
app.config["PROCESS_UUID"] = uuid.uuid4()

View File

@ -2,44 +2,52 @@
import re
from os import environ
BPMN_SPEC_ABSOLUTE_DIR = environ.get("BPMN_SPEC_ABSOLUTE_DIR")
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR = environ.get(
"SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"
)
cors_allow_all = "*"
CORS_ALLOW_ORIGINS = re.split(
r",\s*", environ.get("CORS_ALLOW_ORIGINS", default=cors_allow_all)
SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS = re.split(
r",\s*",
environ.get("SPIFFWORKFLOW_BACKEND_CORS_ALLOW_ORIGINS", default=cors_allow_all),
)
RUN_BACKGROUND_SCHEDULER = (
environ.get("RUN_BACKGROUND_SCHEDULER", default="false") == "true"
SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = (
environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false")
== "true"
)
SPIFFWORKFLOW_FRONTEND_URL = environ.get(
"SPIFFWORKFLOW_FRONTEND_URL", default="http://localhost:7001"
SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND = environ.get(
"SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND", default="http://localhost:7001"
)
SPIFFWORKFLOW_BACKEND_URL = environ.get(
"SPIFFWORKFLOW_BACKEND_URL", default="http://localhost:7000"
)
# service task connector proxy
CONNECTOR_PROXY_URL = environ.get(
"CONNECTOR_PROXY_URL", default="http://localhost:7004"
SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = environ.get(
"SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL", default="http://localhost:7004"
)
# Open ID server
OPEN_ID_SERVER_URL = environ.get(
"OPEN_ID_SERVER_URL",
default="http://localhost:7002/realms/spiffworkflow"
# "OPEN_ID_SERVER_URL", default="http://localhost:7000/openid"
# use "http://localhost:7000/openid" for running with simple openid
# server hosted by spiffworkflow-backend
SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = environ.get(
"SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL",
default="http://localhost:7002/realms/spiffworkflow",
)
# Replace above line with this to use the built-in Open ID Server.
# OPEN_ID_SERVER_URL = environ.get("OPEN_ID_SERVER_URL", default="http://localhost:7000/openid")
OPEN_ID_CLIENT_ID = environ.get("OPEN_ID_CLIENT_ID", default="spiffworkflow-backend")
OPEN_ID_CLIENT_SECRET_KEY = environ.get(
"OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"
SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID = environ.get(
"SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID", default="spiffworkflow-backend"
)
SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY = environ.get(
"SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY",
default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
) # noqa: S105
# Tenant specific fields is a comma separated list of field names that we will convert to list of strings
# and store in the user table's tenant_specific_field_n columns. You can have up to three items in this
# comma-separated list.
OPEN_ID_TENANT_SPECIFIC_FIELDS = environ.get("OPEN_ID_TENANT_SPECIFIC_FIELDS")
SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS = environ.get(
"SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"
)
SPIFFWORKFLOW_BACKEND_LOG_TO_FILE = (
environ.get("SPIFFWORKFLOW_BACKEND_LOG_TO_FILE", default="false") == "true"
@ -50,13 +58,21 @@ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get(
)
# Sentry Configuration
SENTRY_DSN = environ.get("SENTRY_DSN", default="")
SENTRY_ERRORS_SAMPLE_RATE = environ.get(
"SENTRY_ERRORS_SAMPLE_RATE", default="1"
SPIFFWORKFLOW_BACKEND_SENTRY_DSN = environ.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_DSN", default=""
)
SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE = environ.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_ERRORS_SAMPLE_RATE", default="1"
) # send all errors
SENTRY_TRACES_SAMPLE_RATE = environ.get(
"SENTRY_TRACES_SAMPLE_RATE", default="0.01"
SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE = environ.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_TRACES_SAMPLE_RATE", default="0.01"
) # send 1% of traces
SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG = environ.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG", default=None
)
SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG = environ.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG", default=None
)
SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get(
"SPIFFWORKFLOW_BACKEND_LOG_LEVEL", default="info"
@ -64,31 +80,63 @@ SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get(
# When a user clicks on the `Publish` button, this is the default branch this server merges into.
# I.e., dev server could have `staging` here. Staging server might have `production` here.
GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO")
GIT_BRANCH = environ.get("GIT_BRANCH")
GIT_CLONE_URL_FOR_PUBLISHING = environ.get("GIT_CLONE_URL")
GIT_COMMIT_ON_SAVE = environ.get("GIT_COMMIT_ON_SAVE", default="false") == "true"
GIT_SSH_PRIVATE_KEY = environ.get("GIT_SSH_PRIVATE_KEY")
GIT_USERNAME = environ.get("GIT_USERNAME")
GIT_USER_EMAIL = environ.get("GIT_USER_EMAIL")
SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH"
)
# This is the branch that the app automatically commits to every time the user clicks the save button
# or otherwise changes a process model.
# If publishing is enabled, the contents of this "staging area" / "scratch pad" / WIP spot will be used
# as the relevant contents for process model that the user wants to publish.
SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH"
)
SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL"
)
SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = (
environ.get("SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE", default="false") == "true"
)
SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"
)
SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME")
SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL"
)
SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET = environ.get(
"SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET", default=None
)
SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY", default=None
)
SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD", default=None
)
# Database Configuration
SPIFF_DATABASE_TYPE = environ.get(
"SPIFF_DATABASE_TYPE", default="mysql"
SPIFFWORKFLOW_BACKEND_DATABASE_TYPE = environ.get(
"SPIFFWORKFLOW_BACKEND_DATABASE_TYPE", default="mysql"
) # can also be sqlite, postgres
# Overide above with specific sqlalchymy connection string.
SPIFFWORKFLOW_BACKEND_DATABASE_URI = environ.get(
"SPIFFWORKFLOW_BACKEND_DATABASE_URI", default=None
)
SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID = environ.get(
"SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID",
SPIFFWORKFLOW_BACKEND_SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID = environ.get(
"SPIFFWORKFLOW_BACKEND_SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID",
default="Message_SystemMessageNotification",
)
ALLOW_CONFISCATING_LOCK_AFTER_SECONDS = int(
environ.get("ALLOW_CONFISCATING_LOCK_AFTER_SECONDS", default="600")
SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS = int(
environ.get(
"SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS", default="600"
)
)
SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP = environ.get(
"SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP", default="everybody"
)
# this is only used in CI. use SPIFFWORKFLOW_BACKEND_DATABASE_URI instead for real configuration
SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD = environ.get(
"SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD", default=None
)

View File

@ -1,14 +1,15 @@
"""Demo environment."""
from os import environ
GIT_COMMIT_ON_SAVE = True
GIT_USERNAME = "demo"
GIT_USER_EMAIL = "demo@example.com"
SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = True
SPIFFWORKFLOW_BACKEND_GIT_USERNAME = "demo"
SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = "demo@example.com"
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get(
"SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME",
default="terraform_deployed_environment.yml",
)
RUN_BACKGROUND_SCHEDULER = (
environ.get("RUN_BACKGROUND_SCHEDULER", default="false") == "true"
SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = (
environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false")
== "true"
)

View File

@ -1,9 +1,14 @@
"""Dev."""
from os import environ
GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO", default="staging")
GIT_USERNAME = environ.get("GIT_USERNAME", default="sartography-automated-committer")
GIT_USER_EMAIL = environ.get(
"GIT_USER_EMAIL", default="sartography-automated-committer@users.noreply.github.com"
SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH", default="staging"
)
SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_USERNAME", default="sartography-automated-committer"
)
SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL",
default="sartography-automated-committer@users.noreply.github.com",
)
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = "dev.yml"

View File

@ -9,11 +9,15 @@ SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get(
"SPIFFWORKFLOW_BACKEND_LOG_LEVEL", default="debug"
)
RUN_BACKGROUND_SCHEDULER = (
environ.get("RUN_BACKGROUND_SCHEDULER", default="false") == "true"
SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = (
environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false")
== "true"
)
GIT_CLONE_URL_FOR_PUBLISHING = environ.get(
"GIT_CLONE_URL", default="https://github.com/sartography/sample-process-models.git"
SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL",
default="https://github.com/sartography/sample-process-models.git",
)
SPIFFWORKFLOW_BACKEND_GIT_USERNAME = "sartography-automated-committer"
SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = (
f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com"
)
GIT_USERNAME = "sartography-automated-committer"
GIT_USER_EMAIL = f"{GIT_USERNAME}@users.noreply.github.com"

View File

@ -1,10 +1,15 @@
"""Qa1."""
from os import environ
GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO", default="qa2")
GIT_USERNAME = environ.get("GIT_USERNAME", default="sartography-automated-committer")
GIT_USER_EMAIL = environ.get(
"GIT_USER_EMAIL", default=f"{GIT_USERNAME}@users.noreply.github.com"
SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH", default="qa2"
)
SPIFFWORKFLOW_BACKEND_GIT_USERNAME = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_USERNAME", default="sartography-automated-committer"
)
SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL",
default=f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com",
)
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get(
"SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="qa1.yml"

View File

@ -4,7 +4,11 @@ from os import environ
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get(
"SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME", default="qa1.yml"
)
SPIFFWORKFLOW_FRONTEND_URL = "https://qa2.spiffworkflow.org"
OPEN_ID_SERVER_URL = "https://qa2.spiffworkflow.org/keycloak/realms/spiffworkflow"
SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND = "https://qa2.spiffworkflow.org"
SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = (
"https://qa2.spiffworkflow.org/keycloak/realms/spiffworkflow"
)
SPIFFWORKFLOW_BACKEND_URL = "https://qa2.spiffworkflow.org/api"
CONNECTOR_PROXY_URL = "https://qa2.spiffworkflow.org/connector-proxy"
SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = (
"https://qa2.spiffworkflow.org/connector-proxy"
)

View File

@ -2,9 +2,14 @@
from os import environ
environment_identifier_for_this_config_file_only = environ["SPIFFWORKFLOW_BACKEND_ENV"]
OPEN_ID_SERVER_URL = f"https://keycloak.{environment_identifier_for_this_config_file_only}.spiffworkflow.org/realms/sartography"
GIT_BRANCH = environ.get("GIT_BRANCH", default="main")
GIT_CLONE_URL_FOR_PUBLISHING = environ.get(
"GIT_CLONE_URL",
SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = (
f"https://keycloak.{environment_identifier_for_this_config_file_only}"
".spiffworkflow.org/realms/sartography"
)
SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH", default="main"
)
SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL",
default="https://github.com/sartography/sartography-process-models.git",
)

View File

@ -1,7 +1,11 @@
"""Staging."""
from os import environ
GIT_BRANCH = environ.get("GIT_BRANCH", default="staging")
GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO", default="main")
GIT_COMMIT_ON_SAVE = False
SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH", default="staging"
)
SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH", default="main"
)
SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = False
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = "staging.yml"

View File

@ -4,26 +4,36 @@ from os import environ
# default.py already ensured that this key existed as was not None
environment_identifier_for_this_config_file_only = environ["SPIFFWORKFLOW_BACKEND_ENV"]
GIT_COMMIT_ON_SAVE = True
GIT_USERNAME = "sartography-automated-committer"
GIT_USER_EMAIL = f"{GIT_USERNAME}@users.noreply.github.com"
SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = True
SPIFFWORKFLOW_BACKEND_GIT_USERNAME = "sartography-automated-committer"
SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL = (
f"{SPIFFWORKFLOW_BACKEND_GIT_USERNAME}@users.noreply.github.com"
)
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get(
"SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME",
default="terraform_deployed_environment.yml",
)
RUN_BACKGROUND_SCHEDULER = (
environ.get("RUN_BACKGROUND_SCHEDULER", default="false") == "true"
SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER = (
environ.get("SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER", default="false")
== "true"
)
OPEN_ID_SERVER_URL = f"https://keycloak.{environment_identifier_for_this_config_file_only}.spiffworkflow.org/realms/spiffworkflow"
SPIFFWORKFLOW_FRONTEND_URL = (
SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL = (
f"https://keycloak.{environment_identifier_for_this_config_file_only}"
".spiffworkflow.org/realms/spiffworkflow"
)
SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND = (
f"https://{environment_identifier_for_this_config_file_only}.spiffworkflow.org"
)
SPIFFWORKFLOW_BACKEND_URL = (
f"https://api.{environment_identifier_for_this_config_file_only}.spiffworkflow.org"
)
CONNECTOR_PROXY_URL = f"https://connector-proxy.{environment_identifier_for_this_config_file_only}.spiffworkflow.org"
GIT_CLONE_URL_FOR_PUBLISHING = environ.get(
"GIT_CLONE_URL", default="https://github.com/sartography/sample-process-models.git"
SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL = (
f"https://connector-proxy.{environment_identifier_for_this_config_file_only}"
".spiffworkflow.org"
)
SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL = environ.get(
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL",
default="https://github.com/sartography/sample-process-models.git",
)

View File

@ -15,11 +15,11 @@ SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = environ.get(
SPIFFWORKFLOW_BACKEND_LOG_LEVEL = environ.get(
"SPIFFWORKFLOW_BACKEND_LOG_LEVEL", default="debug"
)
GIT_COMMIT_ON_SAVE = False
SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE = False
# NOTE: set this here since nox shoves tests and src code to
# different places and this allows us to know exactly where we are at the start
BPMN_SPEC_ABSOLUTE_DIR = os.path.join(
SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR = os.path.join(
os.path.dirname(__file__),
"..",
"..",

View File

@ -206,8 +206,12 @@ def handle_exception(exception: Exception) -> flask.wrappers.Response:
f" {exception.error_code}"
)
organization_slug = current_app.config.get("SENTRY_ORGANIZATION_SLUG")
project_slug = current_app.config.get("SENTRY_PROJECT_SLUG")
organization_slug = current_app.config.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_ORGANIZATION_SLUG"
)
project_slug = current_app.config.get(
"SPIFFWORKFLOW_BACKEND_SENTRY_PROJECT_SLUG"
)
if organization_slug and project_slug:
sentry_link = (
f"https://sentry.io/{organization_slug}/{project_slug}/events/{id}"

View File

@ -15,16 +15,16 @@
<form id="login" method="post" action="{{ url_for('openid.form_submit') }}">
<p><b>Important:</b> This login form is for demonstration purposes only. In production systems you should
be using a real Open ID System.</p>
<input type="text" class="cds--text-input" name="Uname" id="Uname" placeholder="Username">
<input type="text" class="cds--text-input" name="Uname" id="username" placeholder="Username">
<br><br>
<input type="Password" class="cds--text-input" name="Pass" id="Pass" placeholder="Password">
<input type="Password" class="cds--text-input" name="Pass" id="password" placeholder="Password">
<br><br>
<input type="hidden" name="state" value="{{state}}"/>
<input type="hidden" name="response_type" value="{{response_type}}"/>
<input type="hidden" name="client_id" value="{{client_id}}"/>
<input type="hidden" name="scope" value="{{scope}}"/>
<input type="hidden" name="redirect_uri" value="{{redirect_uri}}"/>
<input type="submit" name="log" class="cds--btn cds--btn--primary" value="Log In">
<input type="submit" name="log" class="cds--btn cds--btn--primary" id="spiff-login-button" value="Log In">
<br><br>
<!-- should maybe add this stuff in eventually, but this is just for testing.
<input type="checkbox" id="check">

View File

@ -305,7 +305,7 @@ def manual_complete_task(
def _commit_and_push_to_git(message: str) -> None:
"""Commit_and_push_to_git."""
if current_app.config["GIT_COMMIT_ON_SAVE"]:
if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE"]:
git_output = GitService.commit(message=message)
current_app.logger.info(f"git output: {git_output}")
else:

View File

@ -136,7 +136,7 @@ def process_instance_run(
finally:
processor.unlock_process_instance("Web")
if not current_app.config["RUN_BACKGROUND_SCHEDULER"]:
if not current_app.config["SPIFFWORKFLOW_BACKEND_RUN_BACKGROUND_SCHEDULER"]:
MessageService.process_message_instances()
process_instance_api = ProcessInstanceService.processor_to_process_instance_api(

View File

@ -225,10 +225,12 @@ def process_model_publish(
) -> flask.wrappers.Response:
"""Process_model_publish."""
if branch_to_update is None:
branch_to_update = current_app.config["GIT_BRANCH_TO_PUBLISH_TO"]
branch_to_update = current_app.config[
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH"
]
if branch_to_update is None:
raise MissingGitConfigsError(
"Missing config for GIT_BRANCH_TO_PUBLISH_TO. "
"Missing config for SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH. "
"This is required for publishing process models"
)
process_model_identifier = _un_modify_modified_process_model_id(

View File

@ -27,7 +27,9 @@ def authentication_list() -> flask.wrappers.Response:
available_authentications = ServiceTaskService.authentication_list()
response_json = {
"results": available_authentications,
"connector_proxy_base_url": current_app.config["CONNECTOR_PROXY_URL"],
"connector_proxy_base_url": current_app.config[
"SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL"
],
"redirect_url": f"{current_app.config['SPIFFWORKFLOW_BACKEND_URL']}/v1.0/authentication_callback",
}
@ -45,5 +47,5 @@ def authentication_callback(
f"{service}/{auth_method}", response, g.user.id, create_if_not_exists=True
)
return redirect(
f"{current_app.config['SPIFFWORKFLOW_FRONTEND_URL']}/admin/configuration"
f"{current_app.config['SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND']}/admin/configuration"
)

View File

@ -674,7 +674,7 @@ def _get_potential_owner_usernames(assigned_user: AliasedClass) -> Any:
potential_owner_usernames_from_group_concat_or_similar = func.group_concat(
assigned_user.username.distinct()
).label("potential_owner_usernames")
db_type = current_app.config.get("SPIFF_DATABASE_TYPE")
db_type = current_app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE")
if db_type == "postgres":
potential_owner_usernames_from_group_concat_or_similar = func.string_agg(

View File

@ -186,7 +186,9 @@ def set_new_access_token_in_cookie(
"""
tld = current_app.config["THREAD_LOCAL_DATA"]
domain_for_frontend_cookie: Optional[str] = re.sub(
r"^https?:\/\/", "", current_app.config["SPIFFWORKFLOW_FRONTEND_URL"]
r"^https?:\/\/",
"",
current_app.config["SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND"],
)
if domain_for_frontend_cookie and domain_for_frontend_cookie.startswith(
"localhost"
@ -351,7 +353,7 @@ def logout(id_token: str, redirect_url: Optional[str]) -> Response:
def logout_return() -> Response:
"""Logout_return."""
frontend_url = str(current_app.config["SPIFFWORKFLOW_FRONTEND_URL"])
frontend_url = str(current_app.config["SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND"])
return redirect(f"{frontend_url}/")

View File

@ -28,4 +28,4 @@ class GetFrontendUrl(Script):
**kwargs: Any
) -> Any:
"""Run."""
return current_app.config["SPIFFWORKFLOW_FRONTEND_URL"]
return current_app.config["SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND"]

View File

@ -63,17 +63,19 @@ class AuthenticationService:
@staticmethod
def client_id() -> str:
"""Returns the client id from the config."""
return current_app.config.get("OPEN_ID_CLIENT_ID", "")
return current_app.config.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID", "")
@staticmethod
def server_url() -> str:
"""Returns the server url from the config."""
return current_app.config.get("OPEN_ID_SERVER_URL", "")
return current_app.config.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL", "")
@staticmethod
def secret_key() -> str:
"""Returns the secret key from the config."""
return current_app.config.get("OPEN_ID_CLIENT_SECRET_KEY", "")
return current_app.config.get(
"SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY", ""
)
@classmethod
def open_id_endpoint_for_name(cls, name: str) -> str:

View File

@ -107,7 +107,9 @@ class AuthorizationService:
)
received_sign = auth_header.split("sha256=")[-1].strip()
secret = current_app.config["GITHUB_WEBHOOK_SECRET"].encode()
secret = current_app.config[
"SPIFFWORKFLOW_BACKEND_GITHUB_WEBHOOK_SECRET"
].encode()
expected_sign = HMAC(key=secret, msg=request.data, digestmod=sha256).hexdigest()
if not compare_digest(received_sign, expected_sign):
raise TokenInvalidError(
@ -504,7 +506,7 @@ class AuthorizationService:
user_attributes["service_id"] = user_info["sub"]
for field_index, tenant_specific_field in enumerate(
current_app.config["OPEN_ID_TENANT_SPECIFIC_FIELDS"]
current_app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"]
):
if tenant_specific_field in user_info:
field_number = field_index + 1

View File

@ -81,7 +81,7 @@ class ErrorHandlingService:
)
message_payload = {"message_text": message_text, "recipients": recipients}
message_identifier = current_app.config[
"SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID"
"SPIFFWORKFLOW_BACKEND_SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID"
]
message_model = MessageModel.query.filter_by(
identifier=message_identifier

View File

@ -40,7 +40,7 @@ class FileSystemService:
@staticmethod
def root_path() -> str:
"""Root_path."""
dir_name = current_app.config["BPMN_SPEC_ABSOLUTE_DIR"]
dir_name = current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"]
# ensure this is a string - thanks mypy...
return os.path.abspath(os.path.join(dir_name, ""))
@ -66,7 +66,7 @@ class FileSystemService:
@staticmethod
def process_model_relative_path(spec: ProcessModelInfo) -> str:
"""Get the file path to a process model relative to BPMN_SPEC_ABSOLUTE_DIR.
"""Get the file path to a process model relative to SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR.
If the full path is /path/to/process-group-a/group-b/process-model-a, it will return:
process-group-a/group-b/process-model-a

View File

@ -37,7 +37,9 @@ class GitService:
@classmethod
def get_current_revision(cls) -> str:
"""Get_current_revision."""
bpmn_spec_absolute_dir = current_app.config["BPMN_SPEC_ABSOLUTE_DIR"]
bpmn_spec_absolute_dir = current_app.config[
"SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"
]
# The value includes a carriage return character at the end, so we don't grab the last character
with FileSystemService.cd(bpmn_spec_absolute_dir):
return cls.run_shell_command_to_get_stdout(
@ -52,7 +54,9 @@ class GitService:
file_name: Optional[str] = None,
) -> str:
"""Get_instance_file_contents_for_revision."""
bpmn_spec_absolute_dir = current_app.config["BPMN_SPEC_ABSOLUTE_DIR"]
bpmn_spec_absolute_dir = current_app.config[
"SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"
]
process_model_relative_path = FileSystemService.process_model_relative_path(
process_model
)
@ -78,22 +82,31 @@ class GitService:
cls.check_for_basic_configs()
branch_name_to_use = branch_name
if branch_name_to_use is None:
branch_name_to_use = current_app.config["GIT_BRANCH"]
branch_name_to_use = current_app.config[
"SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH"
]
repo_path_to_use = repo_path
if repo_path is None:
repo_path_to_use = current_app.config["BPMN_SPEC_ABSOLUTE_DIR"]
if repo_path_to_use is None:
raise ConfigurationError("BPMN_SPEC_ABSOLUTE_DIR config must be set")
if current_app.config["GIT_SSH_PRIVATE_KEY"]:
os.environ["GIT_SSH_PRIVATE_KEY"] = current_app.config[
"GIT_SSH_PRIVATE_KEY"
repo_path_to_use = current_app.config[
"SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"
]
if repo_path_to_use is None:
raise ConfigurationError(
"SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set"
)
if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"]:
os.environ["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"] = (
current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY"]
)
git_username = ""
git_email = ""
if current_app.config["GIT_USERNAME"] and current_app.config["GIT_USER_EMAIL"]:
git_username = current_app.config["GIT_USERNAME"]
git_email = current_app.config["GIT_USER_EMAIL"]
if (
current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USERNAME"]
and current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL"]
):
git_username = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USERNAME"]
git_email = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL"]
shell_command_path = os.path.join(
current_app.root_path, "..", "..", "bin", "git_commit_bpmn_models_repo"
)
@ -104,16 +117,16 @@ class GitService:
branch_name_to_use,
git_username,
git_email,
current_app.config["GIT_USER_PASSWORD"],
current_app.config["SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD"],
]
return cls.run_shell_command_to_get_stdout(shell_command)
@classmethod
def check_for_basic_configs(cls) -> None:
"""Check_for_basic_configs."""
if current_app.config["GIT_BRANCH"] is None:
if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH"] is None:
raise MissingGitConfigsError(
"Missing config for GIT_BRANCH. "
"Missing config for SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH. "
"This is required for publishing process models"
)
@ -121,14 +134,17 @@ class GitService:
def check_for_publish_configs(cls) -> None:
"""Check_for_configs."""
cls.check_for_basic_configs()
if current_app.config["GIT_BRANCH_TO_PUBLISH_TO"] is None:
if (
current_app.config["SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH"]
is None
):
raise MissingGitConfigsError(
"Missing config for GIT_BRANCH_TO_PUBLISH_TO. "
"Missing config for SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_TARGET_BRANCH. "
"This is required for publishing process models"
)
if current_app.config["GIT_CLONE_URL_FOR_PUBLISHING"] is None:
if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL"] is None:
raise MissingGitConfigsError(
"Missing config for GIT_CLONE_URL_FOR_PUBLISHING. "
"Missing config for SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL."
" This is required for publishing process models"
)
@ -182,7 +198,10 @@ class GitService:
)
clone_url = webhook["repository"]["clone_url"]
if clone_url != current_app.config["GIT_CLONE_URL_FOR_PUBLISHING"]:
if (
clone_url
!= current_app.config["SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL"]
):
raise GitCloneUrlMismatchError(
"Configured clone url does not match clone url from webhook:"
f" {clone_url}"
@ -193,18 +212,20 @@ class GitService:
f"Could not find the 'ref' arg in the webhook boy: {webhook}"
)
if current_app.config["GIT_BRANCH"] is None:
if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH"] is None:
raise MissingGitConfigsError(
"Missing config for GIT_BRANCH. This is required for updating the"
" repository as a result of the webhook"
"Missing config for SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH. This is"
" required for updating the repository as a result of the webhook"
)
ref = webhook["ref"]
git_branch = current_app.config["GIT_BRANCH"]
git_branch = current_app.config["SPIFFWORKFLOW_BACKEND_GIT_SOURCE_BRANCH"]
if ref != f"refs/heads/{git_branch}":
return False
with FileSystemService.cd(current_app.config["BPMN_SPEC_ABSOLUTE_DIR"]):
with FileSystemService.cd(
current_app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"]
):
cls.run_shell_command(["git", "pull"])
return True
@ -223,11 +244,13 @@ class GitService:
# we are adding a guid to this so the flake8 issue has been mitigated
destination_process_root = f"/tmp/{clone_dir}" # noqa
git_clone_url = current_app.config["GIT_CLONE_URL_FOR_PUBLISHING"]
git_clone_url = current_app.config[
"SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL"
]
if git_clone_url.startswith("https://"):
git_clone_url = git_clone_url.replace(
"https://",
f"https://{current_app.config['GIT_USERNAME']}:{current_app.config['GIT_USER_PASSWORD']}@",
f"https://{current_app.config['SPIFFWORKFLOW_BACKEND_GIT_USERNAME']}:{current_app.config['SPIFFWORKFLOW_BACKEND_GIT_USER_PASSWORD']}@",
)
cmd = ["git", "clone", git_clone_url, destination_process_root]

View File

@ -1298,7 +1298,9 @@ class ProcessInstanceProcessor:
current_time_in_seconds = round(time.time())
lock_expiry_in_seconds = (
current_time_in_seconds
- current_app.config["ALLOW_CONFISCATING_LOCK_AFTER_SECONDS"]
- current_app.config[
"SPIFFWORKFLOW_BACKEND_ALLOW_CONFISCATING_LOCK_AFTER_SECONDS"
]
)
query_text = text(

View File

@ -18,7 +18,7 @@ class ConnectorProxyError(Exception):
def connector_proxy_url() -> Any:
"""Returns the connector proxy url."""
return current_app.config["CONNECTOR_PROXY_URL"]
return current_app.config["SPIFFWORKFLOW_BACKEND_CONNECTOR_PROXY_URL"]
class ServiceTaskDelegate:

View File

@ -7,14 +7,12 @@ function error_handler() {
trap 'error_handler ${LINENO} $?' ERR
set -o errtrace -o errexit -o nounset -o pipefail
max_attempts="${1:-}"
if [[ -z "$max_attempts" ]]; then
max_attempts=100
fi
max_attempts="${1:-100}"
port="${2:-7001}"
echo "waiting for backend to come up..."
echo "waiting for frontend to come up..."
attempts=0
while [[ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:7001)" != "200" ]]; do
while [[ "$(curl -s -o /dev/null -w '%{http_code}' "http://localhost:${port}")" != "200" ]]; do
if [[ "$attempts" -gt "$max_attempts" ]]; then
>&2 echo "ERROR: Server not up after $max_attempts attempts. There is probably a problem"
exit 1
@ -22,3 +20,4 @@ while [[ "$(curl -s -o /dev/null -w '%{http_code}' http://localhost:7001)" != "2
attempts=$(( attempts + 1 ))
sleep 1
done
echo "frontend up"

View File

@ -30,7 +30,7 @@ const cypressConfig = {
videoUploadOnPasses: false,
chromeWebSecurity: false,
e2e: {
baseUrl: 'http://localhost:7001',
baseUrl: `http://localhost:${process.env.SPIFFWORKFLOW_FRONTEND_PORT || 7001}`,
setupNodeEvents(on, config) {
deleteVideosOnSuccess(on)
require('@cypress/grep/src/plugin')(config);

View File

@ -33,7 +33,7 @@ describe('process-groups', () => {
cy.contains(newGroupDisplayName).should('not.exist');
// meaning the process group list page is loaded, so we can sign out safely without worrying about ajax requests failing
cy.get('.tile-process-group-content-container').should('exist');
cy.getBySel('process-groups-loaded').should('exist');
});
// process groups no longer has pagination post-tiles

View File

@ -43,17 +43,27 @@ Cypress.Commands.add('navigateToAdmin', () => {
Cypress.Commands.add('login', (selector, ...args) => {
cy.visit('/admin');
cy.get('#username').type('ciadmin1');
cy.get('#password').type('ciadmin1');
const username = Cypress.env('SPIFFWORKFLOW_FRONTEND_USERNAME') || 'ciadmin1';
const password = Cypress.env('SPIFFWORKFLOW_FRONTEND_PASSWORD') || 'ciadmin1';
cy.get('#username').type(username);
cy.get('#password').type(password);
if (Cypress.env('SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK') === true) {
cy.get('#kc-login').click();
} else {
cy.get('#spiff-login-button').click();
}
});
Cypress.Commands.add('logout', (selector, ...args) => {
cy.getBySel('logout-button').click();
if (Cypress.env('SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK') === true) {
// otherwise we can click logout, quickly load the next page, and the javascript
// doesn't have time to actually sign you out
cy.contains('Sign in to your account');
} else {
cy.get('#spiff-login-button').should('exist');
}
});
Cypress.Commands.add('createGroup', (groupId, groupDisplayName) => {

View File

@ -94,7 +94,13 @@ export default function ProcessGroupListTiles({
};
if (processGroups) {
return <>{processGroupArea()}</>;
return (
<>
{/* so we can check if the groups have loaded in cypress tests */}
<div data-qa="process-groups-loaded" hidden />
{processGroupArea()}
</>
);
}
return null;
}