local-it
/
integrate
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

test setup kind of works

main
Philipp Rothmann 2022-04-22 18:34:48 +02:00
parent b92ea36a94
commit 6251d40055
13 changed files with 869 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile
View File

@ -4,14 +4,24 @@ init:
. ./env/bin/activate
pip3 install -r requirements.txt
up:
docker-compose -f compose.authentik.yml up -d
docker-compose -f compose.wekan.yml up -d
down:
docker-compose -f compose.authentik.yml down -v
docker-compose -f compose.wekan.yml down -v
run:
./env/bin/uvicorn app.main:app --reload --host 0.0.0.0
run integration:
docker-compose -f compose.authentik.yml up -d
./env/bin/uvicorn app.main:app --reload --host 0.0.0.0
test:
./env/bin/pytest app
.PHONY: init run test

6
README.md
View File

@ -8,12 +8,16 @@ integrate all the api's
```
make init
make up
# wait a moment for containers to start
make test
make run
make down
```
https://pydantic-docs.helpmanual.io/
https://jsontopydantic.com/
https://pydantic-docs.helpmanual.io/datamodel_code_generator/
https://pydantic-docs.helpmanual.io/datamodel_code_generator/
https://docs.python.org/3/library/unittest.mock.html

14
app/authentik/api.py
View File

@ -21,6 +21,11 @@ class Authentik:
self.event_rule = None
self.event_rule_link = None
# check connection
r= requests.get(url=f"{self.base}/admin/version", headers=self.headers)
assert r.status_code == 200
def get(self, endpoint: str, params: Dict = {}) -> Request:
return requests.get(url=f"{self.base}{endpoint}", params=params, headers=self.headers)
@ -132,6 +137,14 @@ class Authentik:
return r.json()
raise Exception(r.status_code, r.url, r.text)
def get_user_by_pk(self, pk: str) -> Optional[User]:
r = self.get(f"core/users/{pk}").json()
if "pk" in r:
return User(**r)
raise Exception(r)
def get_user(self, user: User) -> Optional[User]:
if user.pk:
r = self.get(f"core/users/{user.pk}").json()
@ -144,6 +157,7 @@ class Authentik:
r = r["results"][0]
if "pk" in r:
print(r)
return User(**r)
raise Exception(r)

2
app/authentik/models.py
View File

@ -10,7 +10,7 @@ class UsersObjItem(BaseModel):
username: str
name: str
is_active: bool
last_login: str
last_login: Optional[str]
email: str
avatar: str
attributes: Dict[str, Any]

5
app/authentik/test_authentik.py
View File

@ -7,7 +7,10 @@ import pytest
@pytest.fixture
def api() -> Authentik:
return Authentik(base="http://localhost:9000/", token="foobar123", )
try:
return Authentik(base="http://localhost:9000/", token="foobar123", )
except:
pytest.skip("API not reachable? Did you start docker-compose?")
def test_get_user_by_username(api: Authentik):

34
app/event_controller.py
View File

@ -1,8 +1,38 @@
from pydantic import BaseModel
from fastapi import FastAPI
from app.authentik.api import Authentik
from app.authentik.models import User
from app.wekan.api import Wekan
from app.settings import AuthentikSettings
class Authentik_Hook_Model(BaseModel):
pk: str
app: str
name: str
model_name: str
class Http_request(BaseModel):
args: dict
path: str
method: str
authentikSettings = AuthentikSettings()
class Event_Controller:
def __init__(self):
self.jobs = []
pass
def handle_model_created_event(self, model):
pass
def register_api(self, authentik: Authentik, wekan: Wekan):
self.authentik = authentik
self.wekan = wekan
def handle_model_created_event(self, model: Authentik_Hook_Model):
user: User = self.authentik.get_user_by_pk(model.pk)
if not self.wekan.get_user(user.name):
self.wekan.create_user(username=user.username, email=user.email, password="")
return True

58
app/main.py
View File

@ -2,67 +2,45 @@ import logging
import structlog
from unicodedata import name
from urllib.error import HTTPError
from fastapi import Depends, FastAPI, Request
from fastapi import Depends, FastAPI, Request, BackgroundTasks
from pydantic import BaseModel
from app.authentik.api import Authentik
from app.authentik.models import User
from app.event_controller import Event_Controller
from app.event_controller import Authentik_Hook_Model, Event_Controller, Http_request
from .wekan.api import Wekan
import json
logging = structlog.get_logger()
class Authentik_Hook_Model(BaseModel):
pk: str
app: str
name: str
model_name: str
class Http_request(BaseModel):
args: dict
path: str
method: str
app = FastAPI()
@app.get("/")
async def root():
return {'message': 'Hello World'}
@app.post("/authentik/hook/")
async def hook(model: Authentik_Hook_Model,
http_request: Http_request,
event_controller: Event_Controller = Depends(Event_Controller)):
# print(await request.body())
event_controller: Event_Controller = Depends()):
logging.info(model)
logging.info(http_request)
if http_request.path == "/api/v3/core/users/":
event_controller.handle_model_created_event(model)
return 200
# model_created = json.loads(r['body'].split("model_created: ")[1])["model"]
# hook wekan.create_user(model_created["pk"])
# @app.get("/authentik/create_hook/")
# async def hook(request: Request):
# a = Authentik(base="http://localhost:9000/", token="foobar123")
# res = a.create_web_hook()
# logging.info(res)
@app.get("/authentik/create_hook/")
async def hook(request: Request):
a = Authentik(base="http://localhost:9000/", token="foobar123")
res = a.create_web_hook()
logging.info(res)
@app.get("/authentik/users/create_demo_user/")
async def create_demo_user(request: Request):
a = Authentik(base="http://localhost:9000/", token="foobar123")
try:
user = a.create_user(
User(username="demo", name="dmeo", email="foo@example.org"))
except Exception as e: # TODO
return e
logging.info(user)
return user.dict
# @app.get("/authentik/users/create_demo_user/")
# async def create_demo_user(request: Request):
# a = Authentik(base="http://localhost:9000/", token="foobar123")
# try:
# user = a.create_user(
# User(username="demo", name="dmeo", email="foo@example.org"))
# except Exception as e: # TODO
# return e
# logging.info(user)
# return user.dict

17
app/settings.py
View File

@ -1,10 +1,19 @@
from pydantic import BaseSettings, Field
class Settings(BaseSettings):
wekan_baseurl: str = Field(..., env="WEKAN_URL")
wekan_user: str = Field(..., env="WEKAN_USER")
wekan_pw: str = Field(..., env="WEKAN_PASS")
class WekanSettings(BaseSettings):
baseurl: str
user: str
password: str
class Config:
env_file = '.env'
env_prefix = 'WEKAN_'
class AuthentikSettings(BaseSettings):
baseurl: str
token: str
class Config:
env_file = '.env'
env_prefix = 'AUTHENTIK_'

22
app/test_event_controller.py 100644
View File

@ -0,0 +1,22 @@
from app.authentik.models import User
from pytest_mock import MockerFixture
from .event_controller import Authentik_Hook_Model, Event_Controller
import pytest
def test_handle_model_created_event(mocker: MockerFixture):
mock_user = User(pk="5", username="asd", name="asd", email="asd@example.org")
wekan_mock = mocker.MagicMock()
wekan_mock.get_user.return_value = None
authentik_mock = mocker.MagicMock()
authentik_mock.get_user_by_pk.return_value = mock_user
model = Authentik_Hook_Model(pk=mock_user.pk, app="authentik_core", name=mock_user.name, model_name="user")
ec = Event_Controller()
ec.register_api(authentik_mock, wekan_mock)
ec.handle_model_created_event(model)
ec.authentik.get_user_by_pk.assert_called()
ec.authentik.get_user_by_pk.assert_called_with("5")
ec.wekan.get_user.assert_called()
ec.wekan.get_user.assert_called_with("asd")
ec.wekan.create_user.assert_called()
ec.wekan.create_user.assert_called_with(username=mock_user.username, email=mock_user.email, password="")

13
app/test_main.py
View File

@ -1,4 +1,5 @@
from fastapi.testclient import TestClient
import pytest
from app.wekan.api import Wekan
@ -12,8 +13,7 @@ def test_read_main():
assert response.status_code == 200
assert response.json() == {"message": "Hello World"}
def test_hook():
def test_hook_fails_for_wrong_input():
d = """{
"body": "Test Notification from transport hook",
"severity": "notice",
@ -21,14 +21,9 @@ def test_hook():
"user_username": "akadmin"
}"""
response = client.post("/authentik/hook/", data=d)
print(response.text)
assert response.status_code == 422
# mock = mocker.patch('app.wekan.api.Wekan.create_user',
# return_value='fake user')
# print(mock.mock_calls)
#
def test_hook_model_created(mocker):
mock = mocker.patch("app.event_controller.Event_Controller.handle_model_created_event")
d = """
@ -43,4 +38,4 @@ def test_hook_model_created(mocker):
assert model.pk == "5"
assert model.app == "authentik_core"
assert model.name == "asd"
assert model.model_name == "user"
assert model.model_name == "user"

7
app/wekan/test_wekan.py
View File

@ -1,3 +1,4 @@
import requests
from app.wekan.models import User, UserBase
from .api import Wekan
import pytest
@ -5,9 +6,10 @@ import pytest
@pytest.fixture
def api() -> Wekan:
try:
return Wekan("https://board.lit.yksflip.de", "api", "foobar123")
r = requests.post("http://localhost:3000/users/register", json={"username": "api", "password": "foobar123", "email": "foo@example.org"})
return Wekan("http://localhost:3000", "api", "foobar123")
except:
pytest.skip("API not reachable?")
pytest.skip("API not reachable? Did you start docker-compose?")
def test_get_user(api: Wekan):
@ -29,4 +31,5 @@ def test_create_user(api: Wekan):
def test_delete_user(api: Wekan):
api.create_user("foo", "foo@bar.com", "")
api.delete_user("foo") # TODO: doesn't work?
pytest.skip("smth wrong with wekan api")
assert api.get_user("foo") == None

739
compose.wekan.yml 100644
View File

@ -0,0 +1,739 @@
version: '2'
# Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
#---------------------------------------------------------------------------------------------------------
# ==== CREATING USERS AND LOGGING IN TO WEKAN ====
# https://github.com/wekan/wekan/wiki/Adding-users
#---------------------------------------------------------------------------------------------------------
# ==== FORGOT PASSWORD ====
# https://github.com/wekan/wekan/wiki/Forgot-Password
#---------------------------------------------------------------------------------------------------------
# ==== Upgrading Wekan to new version =====
# NOTE: MongoDB has changed from 3.x to 4.x, in that case you need backup/restore with --noIndexRestore
# see https://github.com/wekan/wekan/wiki/Backup
# 1) Stop Wekan:
# docker-compose stop
# 2) Remove old Wekan app (wekan-app only, not that wekan-db container that has all your data)
# docker rm wekan-app
# 3) Get newest docker-compose.yml from https://github.com/wekan/wekan to have correct image,
# for example: "image: quay.io/wekan/wekan" or version tag "image: quay.io/wekan/wekan:v4.52"
# 4) Start Wekan:
# docker-compose up -d
#----------------------------------------------------------------------------------
# ==== OPTIONAL: DEDICATED DOCKER USER ====
# 1) Optionally create a dedicated user for Wekan, for example:
# sudo useradd -d /home/wekan -m -s /bin/bash wekan
# 2) Add this user to the docker group, then logout+login or reboot:
# sudo usermod -aG docker wekan
# 3) Then login as user wekan.
# 4) Create this file /home/wekan/docker-compose.yml with your modifications.
#----------------------------------------------------------------------------------
# ==== RUN DOCKER AS SERVICE ====
# 1a) Running Docker as service, on Systemd like Debian 9, Ubuntu 16.04, CentOS 7:
# sudo systemctl enable docker
# sudo systemctl start docker
# 1b) Running Docker as service, on init.d like Debian 8, Ubuntu 14.04, CentOS 6:
# sudo update-rc.d docker defaults
# sudo service docker start
# ----------------------------------------------------------------------------------
# ==== USAGE OF THIS docker-compose.yml ====
# 1) For seeing does Wekan work, try this and check with your web browser:
# docker-compose up
# 2) Stop Wekan and start Wekan in background:
# docker-compose stop
# docker-compose up -d
# 3) See running Docker containers:
# docker ps
# 4) Stop Docker containers:
# docker-compose stop
# ----------------------------------------------------------------------------------
# ===== INSIDE DOCKER CONTAINERS, AND BACKUP/RESTORE ====
# https://github.com/wekan/wekan/wiki/Backup
# If really necessary, repair MongoDB: https://github.com/wekan/wekan-mongodb/issues/6#issuecomment-424004116
# 1) Going inside containers:
# a) Wekan app, does not contain data
# docker exec -it wekan-app bash
# b) MongoDB, contains all data
# docker exec -it wekan-db bash
# 2) Copying database to outside of container:
# docker exec -it wekan-db bash
# cd /data
# mongodump
# exit
# docker cp wekan-db:/data/dump .
# 3) Restoring database
# # 1) Stop wekan
# docker stop wekan-app
# # 2) Go inside database container
# docker exec -it wekan-db bash
# # 3) and data directory
# cd /data
# # 4) Remove previous dump
# rm -rf dump
# # 5) Exit db container
# exit
# # 6) Copy dump to inside docker container
# docker cp dump wekan-db:/data/
# # 7) Go inside database container
# docker exec -it wekan-db bash
# # 8) and data directory
# cd /data
# # 9) Restore
# mongorestore --drop
# # 10) Exit db container
# exit
# # 11) Start wekan
# docker start wekan-app
#-------------------------------------------------------------------------
services:
wekandb:
#-------------------------------------------------------------------------------------
# ==== MONGODB AND METEOR VERSION ====
# a) mongodb latest, like 3.2 - 4.4 or newer https://hub.docker.com/_/mongo?tab=description
# 2020-12-03:
# - Mongo image copied from Docker Hub mongo:4.4.2-bionic to Quay
# to avoid Docker Hub rate limits.
# Quay image does work:
# image: quay.io/wekan/mongo:4.4.2-bionic
# Docker Hub MongoDB image does work:
image: mongo:4.4
#-------------------------------------------------------------------------------------
container_name: wekan-db
restart: always
# command: mongod --oplogSize 128
# Syslog: mongod --syslog --oplogSize 128 --quiet
# Disable MongoDB logs:
command: mongod --logpath /dev/null --oplogSize 128 --quiet
networks:
- wekan-tier
expose:
- 27017
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- wekan-db:/data/db
- wekan-db-dump:/dump
wekan:
#-------------------------------------------------------------------------------------
# ==== MONGODB AND METEOR VERSION ====
# a) Quay automatic builds do work work, https://quay.io/wekan/wekan
image: quay.io/wekan/wekan
# b) Using specific version tag:
# image: quay.io/wekan/wekan:v4.52
# c) Docker Hub builds do work https://hub.docker.com/r/wekanteam/wekan
# image: wekanteam/wekan
#-------------------------------------------------------------------------------------
container_name: wekan-app
restart: always
networks:
- wekan-tier
#-------------------------------------------------------------------------------------
# ==== BUILD wekan-app DOCKER CONTAINER FROM SOURCE, if you uncomment these ====
# ==== and use commands: docker-compose up -d --build
#build:
# context: .
# dockerfile: Dockerfile
#-------------------------------------------------------------------------------------
ports:
# Docker outsideport:insideport. Do not add anything extra here.
# For example, if you want to have wekan on port 3001,
# use 3001:8080 . Do not add any extra address etc here, that way it does not work.
# remove port mapping if you use nginx reverse proxy, port 8080 is already exposed to wekan-tier network
- 3000:8080
environment:
#-----------------------------------------------------------------
# ==== WRITEABLE PATH FOR FILE UPLOADS ====
- WRITABLE_PATH=/data
#-----------------------------------------------------------------
# ==== MONGO_URL ====
- MONGO_URL=mongodb://wekandb:27017/wekan
#---------------------------------------------------------------
# ==== ROOT_URL SETTING ====
# Change ROOT_URL to your real Wekan URL, for example:
# If you have Caddy/Nginx/Apache providing SSL
# - https://example.com
# - https://boards.example.com
# This can be problematic with avatars https://github.com/wekan/wekan/issues/1776
# - https://example.com/wekan
# If without https, can be only wekan node, no need for Caddy/Nginx/Apache if you don't need them
# - http://example.com
# - http://boards.example.com
# - http://192.168.1.100 <=== using at local LAN
- ROOT_URL=http://localhost # <=== using only at same laptop/desktop where Wekan is installed
#---------------------------------------------------------------
# ==== EMAIL SETTINGS ====
# Email settings are only at MAIL_URL and MAIL_FROM.
# Admin Panel has test button, but it's not used for settings.
# see https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
# For SSL in email, change smtp:// to smtps://
# NOTE: Special characters need to be url-encoded in MAIL_URL.
# You can encode those characters for example at: https://www.urlencoder.org
#- MAIL_URL=smtp://user:pass@mailserver.example.com:25/
- MAIL_URL=smtp://<mail_url>:25/?ignoreTLS=true&tls={rejectUnauthorized:false}
- MAIL_FROM=Wekan Notifications <noreply.wekan@mydomain.com>
# Currently MAIL_SERVICE is not in use.
#- MAIL_SERVICE=Outlook365
#- MAIL_SERVICE_USER=firstname.lastname@hotmail.com
#- MAIL_SERVICE_PASSWORD=SecretPassword
#---------------------------------------------------------------
# https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132
# Add more Node heap, this is done by default at Dockerfile:
# - NODE_OPTIONS="--max_old_space_size=4096"
# Add more stack, this is done at Dockerfile:
# bash -c "ulimit -s 65500; exec node --stack-size=65500 main.js"
#---------------------------------------------------------------
# ==== OPTIONAL: MONGO OPLOG SETTINGS =====
# https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587
# We've fixed our CPU usage problem today with an environment
# change around Wekan. I wasn't aware during implementation
# that if you're using more than 1 instance of Wekan
# (or any MeteorJS based tool) you're supposed to set
# MONGO_OPLOG_URL as an environment variable.
# Without setting it, Meteor will perform a poll-and-diff
# update of it's dataset. With it, Meteor will update from
# the OPLOG. See here
# https://blog.meteor.com/tuning-meteor-mongo-livedata-for-scalability-13fe9deb8908
# After setting
# MONGO_OPLOG_URL=mongodb://<username>:<password>@<mongoDbURL>/local?authSource=admin&replicaSet=rsWekan
# the CPU usage for all Wekan instances dropped to an average
# of less than 10% with only occasional spikes to high usage
# (I guess when someone is doing a lot of work)
# - MONGO_OPLOG_URL=mongodb://<username>:<password>@<mongoDbURL>/local?authSource=admin&replicaSet=rsWekan
#---------------------------------------------------------------
# ==== OPTIONAL: KADIRA PERFORMANCE MONITORING FOR METEOR ====
# https://github.com/edemaine/kadira-compose
# https://github.com/meteor/meteor-apm-agent
# https://blog.meteor.com/kadira-apm-is-now-open-source-490469ffc85f
#- APM_OPTIONS_ENDPOINT=http://<kadira-ip>:11011
#- APM_APP_ID=
#- APM_APP_SECRET=
#---------------------------------------------------------------
# ==== OPTIONAL: LOGS AND STATS ====
# https://github.com/wekan/wekan/wiki/Logs
#
# Daily export of Wekan changes as JSON to Logstash and ElasticSearch / Kibana (ELK)
# https://github.com/wekan/wekan-logstash
#
# Statistics Python script for Wekan Dashboard
# https://github.com/wekan/wekan-stats
#
# Console, file, and zulip logger on database changes https://github.com/wekan/wekan/pull/1010
# with fix to replace console.log by winston logger https://github.com/wekan/wekan/pull/1033
# but there could be bug https://github.com/wekan/wekan/issues/1094
#
# There is Feature Request: Logging date and time of all activity with summary reports,
# and requesting reason for changing card to other column https://github.com/wekan/wekan/issues/1598
#---------------------------------------------------------------
# ==== NUMBER OF SEARCH RESULTS PER PAGE BY DEFAULT ====
#- RESULTS_PER_PAGE=20
#---------------------------------------------------------------
# ==== WEKAN API AND EXPORT BOARD ====
# Wekan Export Board works when WITH_API=true.
# https://github.com/wekan/wekan/wiki/REST-API
# https://github.com/wekan/wekan-gogs
# If you disable Wekan API with false, Export Board does not work.
- WITH_API=true
#---------------------------------------------------------------
# ==== PASSWORD BRUTE FORCE PROTECTION ====
#https://atmospherejs.com/lucasantoniassi/accounts-lockout
#Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
#- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
#- ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
#- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
#- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
#- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
#- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
#---------------------------------------------------------------
# ==== ACCOUNT OPTIONS ====
# https://docs.meteor.com/api/accounts-multi.html#AccountsCommon-config
# Defaults below. Uncomment to change. wekan/server/accounts-common.js
# - ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS=90
#---------------------------------------------------------------
# ==== RICH TEXT EDITOR IN CARD COMMENTS ====
# https://github.com/wekan/wekan/pull/2560
- RICHER_CARD_COMMENT_EDITOR=false
#---------------------------------------------------------------
# ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
# https://github.com/wekan/wekan/issues/2518
- CARD_OPENED_WEBHOOK_ENABLED=false
#---------------------------------------------------------------
# ==== Allow to shrink attached/pasted image ====
# https://github.com/wekan/wekan/pull/2544
#-MAX_IMAGE_PIXEL=1024
#-IMAGE_COMPRESS_RATIO=80
#---------------------------------------------------------------
# ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE =====
# Number of days after a notification is read before we remove it.
# Default: 2
#- NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2
#---------------------------------------------------------------
# ==== BIGEVENTS DUE ETC NOTIFICATIONS =====
# https://github.com/wekan/wekan/pull/2541
# Introduced a system env var BIGEVENTS_PATTERN default as "NONE",
# so any activityType matches the pattern, system will send out
# notifications to all board members no matter they are watching
# or tracking the board or not. Owner of the wekan server can
# disable the feature by setting this variable to "NONE" or
# change the pattern to any valid regex. i.e. '|' delimited
# activityType names.
# a) Example
#- BIGEVENTS_PATTERN=due
# b) All
#- BIGEVENTS_PATTERN=received|start|due|end
# c) Disabled
- BIGEVENTS_PATTERN=NONE
#---------------------------------------------------------------
# ==== EMAIL DUE DATE NOTIFICATION =====
# https://github.com/wekan/wekan/pull/2536
# System timelines will be showing any user modification for
# dueat startat endat receivedat, also notification to
# the watchers and if any card is due, about due or past due.
#
# Notify due days, default is None, 2 days before and on the event day
#- NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0
#
# Notify due at hour of day. Default every morning at 8am. Can be 0-23.
# If env variable has parsing error, use default. Notification sent to watchers.
#- NOTIFY_DUE_AT_HOUR_OF_DAY=8
#-----------------------------------------------------------------
# ==== EMAIL NOTIFICATION TIMEOUT, ms =====
# Default: 30000 ms = 30s
#- EMAIL_NOTIFICATION_TIMEOUT=30000
#-----------------------------------------------------------------
# ==== CORS =====
# CORS: Set Access-Control-Allow-Origin header.
#- CORS=*
# CORS_ALLOW_HEADERS: Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API.
#- CORS_ALLOW_HEADERS=Authorization,Content-Type
# CORS_EXPOSE_HEADERS: Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations
#- CORS_EXPOSE_HEADERS=*
#-----------------------------------------------------------------
# ==== MATOMO INTEGRATION ====
# Optional: Integration with Matomo https://matomo.org that is installed to your server
# The address of the server where Matomo is hosted.
#- MATOMO_ADDRESS=https://example.com/matomo
# The value of the site ID given in Matomo server for Wekan
#- MATOMO_SITE_ID=1
# The option do not track which enables users to not be tracked by matomo
#- MATOMO_DO_NOT_TRACK=true
# The option that allows matomo to retrieve the username:
#- MATOMO_WITH_USERNAME=true
#-----------------------------------------------------------------
# ==== BROWSER POLICY AND TRUSTED IFRAME URL ====
# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
# Setting this to false is not recommended, it also disables all other browser policy protections
# and allows all iframing etc. See wekan/server/policy.js
- BROWSER_POLICY_ENABLED=true
# When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
#- TRUSTED_URL=https://intra.example.com
#-----------------------------------------------------------------
# ==== OUTGOING WEBHOOKS ====
# What to send to Outgoing Webhook, or leave out. If commented out the default values will be: cardId,listId,oldListId,boardId,comment,user,card,commentId,swimlaneId,customerField,customFieldValue
#- WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
#-----------------------------------------------------------------
# ==== Debug OIDC OAuth2 etc ====
#- DEBUG=true
#-----------------------------------------------------------------
# ==== OAUTH2 ORACLE on premise identity manager OIM ====
#- ORACLE_OIM_ENABLED=true
#-----------------------------------------------------------------
# ==== OAUTH2 AZURE ====
# https://github.com/wekan/wekan/wiki/Azure
# 1) Register the application with Azure. Make sure you capture
# the application ID as well as generate a secret key.
# 2) Configure the environment variables. This differs slightly
# by installation type, but make sure you have the following:
#- OAUTH2_ENABLED=true
# Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299
#- OAUTH2_CA_CERT=ABCD1234
# Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
#- OAUTH2_ADFS_ENABLED=false
# OAuth2 login style: popup or redirect.
#- OAUTH2_LOGIN_STYLE=redirect
# Application GUID captured during app registration:
#- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
# Secret key generated during app registration:
#- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#- OAUTH2_SERVER_URL=https://login.microsoftonline.com/
#- OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
#- OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
#- OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
# The claim name you want to map to the unique ID field:
#- OAUTH2_ID_MAP=email
# The claim name you want to map to the username field:
#- OAUTH2_USERNAME_MAP=email
# The claim name you want to map to the full name field:
#- OAUTH2_FULLNAME_MAP=name
# The claim name you want to map to the email field:
#- OAUTH2_EMAIL_MAP=email
#-----------------------------------------------------------------
# ==== OAUTH2 Nextcloud ====
# 1) Register the application with Nextcloud: https://your.nextcloud/index.php/settings/admin/security
# Make sure you capture the application ID as well as generate a secret key.
# Use https://your.wekan/_oauth/oidc for the redirect URI.
# 2) Configure the environment variables. This differs slightly
# by installation type, but make sure you have the following:
#- OAUTH2_ENABLED=true
# OAuth2 login style: popup or redirect.
#- OAUTH2_LOGIN_STYLE=redirect
# Application GUID captured during app registration:
#- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
# Secret key generated during app registration:
#- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#- OAUTH2_SERVER_URL=https://your-nextcloud.tld
#- OAUTH2_AUTH_ENDPOINT=/index.php/apps/oauth2/authorize
#- OAUTH2_USERINFO_ENDPOINT=/ocs/v2.php/cloud/user?format=json
#- OAUTH2_TOKEN_ENDPOINT=/index.php/apps/oauth2/api/v1/token
# The claim name you want to map to the unique ID field:
#- OAUTH2_ID_MAP=id
# The claim name you want to map to the username field:
#- OAUTH2_USERNAME_MAP=id
# The claim name you want to map to the full name field:
#- OAUTH2_FULLNAME_MAP=display-name
# The claim name you want to map to the email field:
#- OAUTH2_EMAIL_MAP=email
#-----------------------------------------------------------------
# ==== OAUTH2 KEYCLOAK ====
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
#- OAUTH2_ENABLED=true
# OAuth2 login style: popup or redirect.
#- OAUTH2_LOGIN_STYLE=redirect
#- OAUTH2_CLIENT_ID=<Keycloak create Client ID>
#- OAUTH2_SERVER_URL=<Keycloak server name>/auth
#- OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
#- OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
#- OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
#- OAUTH2_SECRET=<keycloak client secret>
#-----------------------------------------------------------------
# ==== OAUTH2 DOORKEEPER ====
# https://github.com/wekan/wekan/issues/1874
# https://github.com/wekan/wekan/wiki/OAuth2
# Enable the OAuth2 connection
#- OAUTH2_ENABLED=true
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
# OAuth2 login style: popup or redirect.
#- OAUTH2_LOGIN_STYLE=redirect
# OAuth2 Client ID.
#- OAUTH2_CLIENT_ID=abcde12345
# OAuth2 Secret.
#- OAUTH2_SECRET=54321abcde
# OAuth2 Server URL.
#- OAUTH2_SERVER_URL=https://chat.example.com
# OAuth2 Authorization Endpoint.
#- OAUTH2_AUTH_ENDPOINT=/oauth/authorize
# OAuth2 Userinfo Endpoint.
#- OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
# OAuth2 Token Endpoint.
#- OAUTH2_TOKEN_ENDPOINT=/oauth/token
# OAUTH2 ID Token Whitelist Fields.
#- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=""
# OAUTH2 Request Permissions.
#- OAUTH2_REQUEST_PERMISSIONS=openid profile email
# OAuth2 ID Mapping
#- OAUTH2_ID_MAP=
# OAuth2 Username Mapping
#- OAUTH2_USERNAME_MAP=
# OAuth2 Fullname Mapping
#- OAUTH2_FULLNAME_MAP=
# OAuth2 Email Mapping
#- OAUTH2_EMAIL_MAP=
#-----------------------------------------------------------------
# ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ====
# https://github.com/wekan/wekan/wiki/LDAP
# For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys
# Most settings work both on Snap and Docker below.
# Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
#
# The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap.
#- DEFAULT_AUTHENTICATION_METHOD=ldap
#
# Enable or not the connection by the LDAP
#- LDAP_ENABLE=true
#
# The port of the LDAP server
#- LDAP_PORT=389
#
# The host server for the LDAP server
#- LDAP_HOST=localhost
#
#-----------------------------------------------------------------
# ==== LDAP AD Simple Auth ====
#
# Set to true, if you want to connect with Active Directory by Simple Authentication.
# When using AD Simple Auth, LDAP_BASEDN is not needed.
#
# Example:
#- LDAP_AD_SIMPLE_AUTH=true
#
# === LDAP User Authentication ===
#
# a) Option to login to the LDAP server with the user's own username and password, instead of
# an administrator key. Default: false (use administrator key).
#
# b) When using AD Simple Auth, set to true, when login user is used for binding,
# and LDAP_BASEDN is not needed.
#
# Example:
#- LDAP_USER_AUTHENTICATION=true
#
# Which field is used to find the user for the user authentication. Default: uid.
#- LDAP_USER_AUTHENTICATION_FIELD=uid
#
# === LDAP Default Domain ===
#
# a) In case AD SimpleAuth is configured, the default domain is appended to the given
# loginname for creating the correct username for the bind request to AD.
#
# b) The default domain of the ldap it is used to create email if the field is not map
# correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
#
# Example :
#- LDAP_DEFAULT_DOMAIN=mydomain.com
#
#-----------------------------------------------------------------
# ==== LDAP BASEDN Auth ====
#
# The base DN for the LDAP Tree
#- LDAP_BASEDN=ou=user,dc=example,dc=org
#
#-----------------------------------------------------------------
# Fallback on the default authentication method
#- LDAP_LOGIN_FALLBACK=false
#
# Reconnect to the server if the connection is lost
#- LDAP_RECONNECT=true
#
# Overall timeout, in milliseconds
#- LDAP_TIMEOUT=10000
#
# Specifies the timeout for idle LDAP connections in milliseconds
#- LDAP_IDLE_TIMEOUT=10000
#
# Connection timeout, in milliseconds
#- LDAP_CONNECT_TIMEOUT=10000
#
# If the LDAP needs a user account to search
#- LDAP_AUTHENTIFICATION=true
#
# The search user DN - You need quotes when you have spaces in parameters
# 2 examples:
#- LDAP_AUTHENTIFICATION_USERDN=CN=ldap admin,CN=users,DC=domainmatter,DC=lan
#- LDAP_AUTHENTIFICATION_USERDN=CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com
#
# The password for the search user
#- LDAP_AUTHENTIFICATION_PASSWORD=pwd
#
# Enable logs for the module
#- LDAP_LOG_ENABLED=true
#
# If the sync of the users should be done in the background
#- LDAP_BACKGROUND_SYNC=false
#
# At which interval does the background task sync.
# The format must be as specified in:
# https://bunkat.github.io/later/parsers.html#text
#- LDAP_BACKGROUND_SYNC_INTERVAL='every 1 hour'
#
#- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
#
#- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
#
# If using LDAPS: LDAP_ENCRYPTION=ssl
#- LDAP_ENCRYPTION=false
#
# The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
#- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE-----
#
# Reject Unauthorized Certificate
#- LDAP_REJECT_UNAUTHORIZED=false
#
# Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
#- LDAP_USER_SEARCH_FILTER=
#
# base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
#- LDAP_USER_SEARCH_SCOPE=one
#
# Which field is used to find the user, like uid / sAMAccountName
#- LDAP_USER_SEARCH_FIELD=sAMAccountName
#
# Used for pagination (0=unlimited)
#- LDAP_SEARCH_PAGE_SIZE=0
#
# The limit number of entries (0=unlimited)
#- LDAP_SEARCH_SIZE_LIMIT=0
#
# Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap.
#- LDAP_GROUP_FILTER_ENABLE=false
#
# The object class for filtering. Example: group
#- LDAP_GROUP_FILTER_OBJECTCLASS=
#
# The attribute of a group identifying it. Example: cn
#- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
#
# The attribute inside a group object listing its members. Example: member
#- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
#
# The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE. Example: 'dn' if the users dn is saved as value into the attribute.
#- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
#
# The group name (id) that matches all users.
#- LDAP_GROUP_FILTER_GROUP_NAME=
#
# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid
#- LDAP_UNIQUE_IDENTIFIER_FIELD=
#
# LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
#- LDAP_UTF8_NAMES_SLUGIFY=true
#
# LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName
#- LDAP_USERNAME_FIELD=sAMAccountName
#
# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName
#- LDAP_FULLNAME_FIELD=fullname
#
#- LDAP_MERGE_EXISTING_USERS=false
#
# Allow existing account matching by e-mail address when username does not match
#- LDAP_EMAIL_MATCH_ENABLE=true
#
# LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
#- LDAP_EMAIL_MATCH_REQUIRE=true
#
# LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
#- LDAP_EMAIL_MATCH_VERIFIED=true
#
# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
#- LDAP_EMAIL_FIELD=mail
#-----------------------------------------------------------------
#- LDAP_SYNC_USER_DATA=false
#
#- LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
#
#- LDAP_SYNC_GROUP_ROLES=
#
# The default domain of the ldap it is used to create email if the field is not map correctly
# with the LDAP_SYNC_USER_DATA_FIELDMAP is defined in setting LDAP_DEFAULT_DOMAIN above.
#
# Enable/Disable syncing of admin status based on ldap groups:
#- LDAP_SYNC_ADMIN_STATUS=true
#
# Comma separated list of admin group names to sync.
#- LDAP_SYNC_ADMIN_GROUPS=group1,group2
#---------------------------------------------------------------------
# Login to LDAP automatically with HTTP header.
# In below example for siteminder, at right side of = is header name.
#- HEADER_LOGIN_ID=HEADERUID
#- HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME
#- HEADER_LOGIN_LASTNAME=HEADERLASTNAME
#- HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS
#---------------------------------------------------------------------
# ==== LOGOUT TIMER, probably does not work yet ====
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
# example : LOGOUT_WITH_TIMER=true
#- LOGOUT_WITH_TIMER=
#
# LOGOUT_IN : The number of days
# example : LOGOUT_IN=1
#- LOGOUT_IN=
#
# LOGOUT_ON_HOURS : The number of hours
# example : LOGOUT_ON_HOURS=9
#- LOGOUT_ON_HOURS=
#
# LOGOUT_ON_MINUTES : The number of minutes
# example : LOGOUT_ON_MINUTES=55
#- LOGOUT_ON_MINUTES=
#-------------------------------------------------------------------
# Hide password login form
# - PASSWORD_LOGIN_ENABLED=true
#-------------------------------------------------------------------
#- CAS_ENABLED=true
#- CAS_BASE_URL=https://cas.example.com/cas
#- CAS_LOGIN_URL=https://cas.example.com/login
#- CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
#---------------------------------------------------------------------
#- SAML_ENABLED=true
#- SAML_PROVIDER=
#- SAML_ENTRYPOINT=
#- SAML_ISSUER=
#- SAML_CERT=
#- SAML_IDPSLO_REDIRECTURL=
#- SAML_PRIVATE_KEYFILE=
#- SAML_PUBLIC_CERTFILE=
#- SAML_IDENTIFIER_FORMAT=
#- SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
#- SAML_ATTRIBUTES=
#---------------------------------------------------------------------
# Wait spinner to use
# - WAIT_SPINNER=Bounce
#---------------------------------------------------------------------
depends_on:
- wekandb
volumes:
- /etc/localtime:/etc/localtime:ro
- wekan-files:/data:rw
#---------------------------------------------------------------------------------
# ==== OPTIONAL: SHARE DATABASE TO OFFICE LAN AND REMOTE VPN ====
# When using Wekan both at office LAN and remote VPN:
# 1) Have above Wekan docker container config with LAN IP address
# 2) Copy all of above wekan container config below, look above of this part above and all config below it,
# before above depends_on: part:
#
# wekan:
# #-------------------------------------------------------------------------------------
# # ==== MONGODB AND METEOR VERSION ====
# # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, .....
#
#
# and change name to different name like wekan2 or wekanvpn, and change ROOT_URL to server VPN IP
# address.
# 3) This way both Wekan containers can use same MongoDB database
# and see the same Wekan boards.
# 4) You could also add 3rd Wekan container for 3rd network etc.
# EXAMPLE:
# wekan2:
# ....COPY CONFIG FROM ABOVE TO HERE...
# environment:
# - ROOT_URL='http://10.10.10.10'
# ...COPY CONFIG FROM ABOVE TO HERE...
#---------------------------------------------------------------------------------
# OPTIONAL NGINX CONFIG FOR REVERSE PROXY
# nginx:
# image: nginx
# container_name: nginx
# restart: always
# networks:
# - wekan-tier
# depends_on:
# - wekan
# ports:
# - 80:80
# - 443:443
# volumes:
# - ./nginx/ssl:/etc/nginx/ssl/:ro
# - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
## Alternative volume config:
## volumes:
## - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
## - ./nginx/ssl/ssl.conf:/etc/nginx/conf.d/ssl/ssl.conf:ro
## - ./nginx/ssl/testvm-ehu.crt:/etc/nginx/conf.d/ssl/certs/mycert.crt:ro
## - ./nginx/ssl/testvm-ehu.key:/etc/nginx/conf.d/ssl/certs/mykey.key:ro
## - ./nginx/ssl/pphrase:/etc/nginx/conf.d/ssl/pphrase:ro
volumes:
wekan-files:
driver: local
wekan-db:
driver: local
wekan-db-dump:
driver: local
networks:
wekan-tier:
driver: bridge

1
requirements.txt
View File

@ -17,6 +17,7 @@ pydantic==1.9.0
pyparsing==3.0.7
pytest==7.0.1
pytest-mock==3.7.0
python-dotenv==0.19.2
requests==2.27.1
sniffio==1.2.0
starlette==0.17.1