From 6251d40055de97ddb2615840df4bf4e6cc8233e9 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Fri, 22 Apr 2022 18:34:48 +0200 Subject: [PATCH] test setup kind of works --- Makefile | 12 +- README.md | 6 +- app/authentik/api.py | 14 + app/authentik/models.py | 2 +- app/authentik/test_authentik.py | 5 +- app/event_controller.py | 34 +- app/main.py | 58 +-- app/settings.py | 17 +- app/test_event_controller.py | 22 + app/test_main.py | 13 +- app/wekan/test_wekan.py | 7 +- compose.wekan.yml | 739 ++++++++++++++++++++++++++++++++ requirements.txt | 1 + 13 files changed, 869 insertions(+), 61 deletions(-) create mode 100644 app/test_event_controller.py create mode 100644 compose.wekan.yml diff --git a/Makefile b/Makefile index 2c0177f..7dec298 100644 --- a/Makefile +++ b/Makefile @@ -4,14 +4,24 @@ init: . ./env/bin/activate pip3 install -r requirements.txt +up: + docker-compose -f compose.authentik.yml up -d + docker-compose -f compose.wekan.yml up -d + +down: + docker-compose -f compose.authentik.yml down -v + docker-compose -f compose.wekan.yml down -v + run: ./env/bin/uvicorn app.main:app --reload --host 0.0.0.0 run integration: - docker-compose -f compose.authentik.yml up -d ./env/bin/uvicorn app.main:app --reload --host 0.0.0.0 test: ./env/bin/pytest app + + + .PHONY: init run test \ No newline at end of file diff --git a/README.md b/README.md index 9b801ee..9535277 100644 --- a/README.md +++ b/README.md @@ -8,12 +8,16 @@ integrate all the api's ``` make init +make up +# wait a moment for containers to start make test make run +make down ``` https://pydantic-docs.helpmanual.io/ https://jsontopydantic.com/ -https://pydantic-docs.helpmanual.io/datamodel_code_generator/ \ No newline at end of file +https://pydantic-docs.helpmanual.io/datamodel_code_generator/ +https://docs.python.org/3/library/unittest.mock.html \ No newline at end of file diff --git a/app/authentik/api.py b/app/authentik/api.py index 428fa1a..f9af8a7 100644 --- a/app/authentik/api.py +++ b/app/authentik/api.py @@ -21,6 +21,11 @@ class Authentik: self.event_rule = None self.event_rule_link = None + # check connection + r= requests.get(url=f"{self.base}/admin/version", headers=self.headers) + assert r.status_code == 200 + + def get(self, endpoint: str, params: Dict = {}) -> Request: return requests.get(url=f"{self.base}{endpoint}", params=params, headers=self.headers) @@ -132,6 +137,14 @@ class Authentik: return r.json() raise Exception(r.status_code, r.url, r.text) + def get_user_by_pk(self, pk: str) -> Optional[User]: + r = self.get(f"core/users/{pk}").json() + if "pk" in r: + return User(**r) + raise Exception(r) + + + def get_user(self, user: User) -> Optional[User]: if user.pk: r = self.get(f"core/users/{user.pk}").json() @@ -144,6 +157,7 @@ class Authentik: r = r["results"][0] if "pk" in r: + print(r) return User(**r) raise Exception(r) diff --git a/app/authentik/models.py b/app/authentik/models.py index e471d80..3d62daa 100644 --- a/app/authentik/models.py +++ b/app/authentik/models.py @@ -10,7 +10,7 @@ class UsersObjItem(BaseModel): username: str name: str is_active: bool - last_login: str + last_login: Optional[str] email: str avatar: str attributes: Dict[str, Any] diff --git a/app/authentik/test_authentik.py b/app/authentik/test_authentik.py index 8c9856f..b5c26de 100644 --- a/app/authentik/test_authentik.py +++ b/app/authentik/test_authentik.py @@ -7,7 +7,10 @@ import pytest @pytest.fixture def api() -> Authentik: - return Authentik(base="http://localhost:9000/", token="foobar123", ) + try: + return Authentik(base="http://localhost:9000/", token="foobar123", ) + except: + pytest.skip("API not reachable? Did you start docker-compose?") def test_get_user_by_username(api: Authentik): diff --git a/app/event_controller.py b/app/event_controller.py index cdf86c6..1c48b61 100644 --- a/app/event_controller.py +++ b/app/event_controller.py @@ -1,8 +1,38 @@ +from pydantic import BaseModel +from fastapi import FastAPI +from app.authentik.api import Authentik +from app.authentik.models import User +from app.wekan.api import Wekan +from app.settings import AuthentikSettings + + + +class Authentik_Hook_Model(BaseModel): + pk: str + app: str + name: str + model_name: str + + +class Http_request(BaseModel): + args: dict + path: str + method: str + +authentikSettings = AuthentikSettings() class Event_Controller: def __init__(self): + self.jobs = [] pass - def handle_model_created_event(self, model): - pass \ No newline at end of file + def register_api(self, authentik: Authentik, wekan: Wekan): + self.authentik = authentik + self.wekan = wekan + + def handle_model_created_event(self, model: Authentik_Hook_Model): + user: User = self.authentik.get_user_by_pk(model.pk) + if not self.wekan.get_user(user.name): + self.wekan.create_user(username=user.username, email=user.email, password="") + return True diff --git a/app/main.py b/app/main.py index e93efba..8c22982 100644 --- a/app/main.py +++ b/app/main.py @@ -2,67 +2,45 @@ import logging import structlog from unicodedata import name from urllib.error import HTTPError -from fastapi import Depends, FastAPI, Request +from fastapi import Depends, FastAPI, Request, BackgroundTasks from pydantic import BaseModel - from app.authentik.api import Authentik from app.authentik.models import User -from app.event_controller import Event_Controller +from app.event_controller import Authentik_Hook_Model, Event_Controller, Http_request from .wekan.api import Wekan import json logging = structlog.get_logger() - -class Authentik_Hook_Model(BaseModel): - pk: str - app: str - name: str - model_name: str - - -class Http_request(BaseModel): - args: dict - path: str - method: str - - app = FastAPI() - @app.get("/") async def root(): return {'message': 'Hello World'} - @app.post("/authentik/hook/") async def hook(model: Authentik_Hook_Model, http_request: Http_request, - event_controller: Event_Controller = Depends(Event_Controller)): - # print(await request.body()) + event_controller: Event_Controller = Depends()): logging.info(model) logging.info(http_request) if http_request.path == "/api/v3/core/users/": event_controller.handle_model_created_event(model) return 200 - # model_created = json.loads(r['body'].split("model_created: ")[1])["model"] - # hook wekan.create_user(model_created["pk"]) +# @app.get("/authentik/create_hook/") +# async def hook(request: Request): +# a = Authentik(base="http://localhost:9000/", token="foobar123") +# res = a.create_web_hook() +# logging.info(res) -@app.get("/authentik/create_hook/") -async def hook(request: Request): - a = Authentik(base="http://localhost:9000/", token="foobar123") - res = a.create_web_hook() - logging.info(res) - - -@app.get("/authentik/users/create_demo_user/") -async def create_demo_user(request: Request): - a = Authentik(base="http://localhost:9000/", token="foobar123") - try: - user = a.create_user( - User(username="demo", name="dmeo", email="foo@example.org")) - except Exception as e: # TODO - return e - logging.info(user) - return user.dict +# @app.get("/authentik/users/create_demo_user/") +# async def create_demo_user(request: Request): +# a = Authentik(base="http://localhost:9000/", token="foobar123") +# try: +# user = a.create_user( +# User(username="demo", name="dmeo", email="foo@example.org")) +# except Exception as e: # TODO +# return e +# logging.info(user) +# return user.dict diff --git a/app/settings.py b/app/settings.py index 1d67e33..e3d14c6 100644 --- a/app/settings.py +++ b/app/settings.py @@ -1,10 +1,19 @@ from pydantic import BaseSettings, Field -class Settings(BaseSettings): - wekan_baseurl: str = Field(..., env="WEKAN_URL") - wekan_user: str = Field(..., env="WEKAN_USER") - wekan_pw: str = Field(..., env="WEKAN_PASS") +class WekanSettings(BaseSettings): + baseurl: str + user: str + password: str class Config: env_file = '.env' + env_prefix = 'WEKAN_' + +class AuthentikSettings(BaseSettings): + baseurl: str + token: str + + class Config: + env_file = '.env' + env_prefix = 'AUTHENTIK_' \ No newline at end of file diff --git a/app/test_event_controller.py b/app/test_event_controller.py new file mode 100644 index 0000000..81e6ebe --- /dev/null +++ b/app/test_event_controller.py @@ -0,0 +1,22 @@ +from app.authentik.models import User +from pytest_mock import MockerFixture +from .event_controller import Authentik_Hook_Model, Event_Controller +import pytest + + +def test_handle_model_created_event(mocker: MockerFixture): + mock_user = User(pk="5", username="asd", name="asd", email="asd@example.org") + wekan_mock = mocker.MagicMock() + wekan_mock.get_user.return_value = None + authentik_mock = mocker.MagicMock() + authentik_mock.get_user_by_pk.return_value = mock_user + model = Authentik_Hook_Model(pk=mock_user.pk, app="authentik_core", name=mock_user.name, model_name="user") + ec = Event_Controller() + ec.register_api(authentik_mock, wekan_mock) + ec.handle_model_created_event(model) + ec.authentik.get_user_by_pk.assert_called() + ec.authentik.get_user_by_pk.assert_called_with("5") + ec.wekan.get_user.assert_called() + ec.wekan.get_user.assert_called_with("asd") + ec.wekan.create_user.assert_called() + ec.wekan.create_user.assert_called_with(username=mock_user.username, email=mock_user.email, password="") diff --git a/app/test_main.py b/app/test_main.py index f77fb66..ddbce48 100644 --- a/app/test_main.py +++ b/app/test_main.py @@ -1,4 +1,5 @@ from fastapi.testclient import TestClient +import pytest from app.wekan.api import Wekan @@ -12,8 +13,7 @@ def test_read_main(): assert response.status_code == 200 assert response.json() == {"message": "Hello World"} - -def test_hook(): +def test_hook_fails_for_wrong_input(): d = """{ "body": "Test Notification from transport hook", "severity": "notice", @@ -21,14 +21,9 @@ def test_hook(): "user_username": "akadmin" }""" response = client.post("/authentik/hook/", data=d) + print(response.text) assert response.status_code == 422 - -# mock = mocker.patch('app.wekan.api.Wekan.create_user', -# return_value='fake user') -# print(mock.mock_calls) -# - def test_hook_model_created(mocker): mock = mocker.patch("app.event_controller.Event_Controller.handle_model_created_event") d = """ @@ -43,4 +38,4 @@ def test_hook_model_created(mocker): assert model.pk == "5" assert model.app == "authentik_core" assert model.name == "asd" - assert model.model_name == "user" + assert model.model_name == "user" \ No newline at end of file diff --git a/app/wekan/test_wekan.py b/app/wekan/test_wekan.py index a6b4fb7..5777d1d 100644 --- a/app/wekan/test_wekan.py +++ b/app/wekan/test_wekan.py @@ -1,3 +1,4 @@ +import requests from app.wekan.models import User, UserBase from .api import Wekan import pytest @@ -5,9 +6,10 @@ import pytest @pytest.fixture def api() -> Wekan: try: - return Wekan("https://board.lit.yksflip.de", "api", "foobar123") + r = requests.post("http://localhost:3000/users/register", json={"username": "api", "password": "foobar123", "email": "foo@example.org"}) + return Wekan("http://localhost:3000", "api", "foobar123") except: - pytest.skip("API not reachable?") + pytest.skip("API not reachable? Did you start docker-compose?") def test_get_user(api: Wekan): @@ -29,4 +31,5 @@ def test_create_user(api: Wekan): def test_delete_user(api: Wekan): api.create_user("foo", "foo@bar.com", "") api.delete_user("foo") # TODO: doesn't work? + pytest.skip("smth wrong with wekan api") assert api.get_user("foo") == None diff --git a/compose.wekan.yml b/compose.wekan.yml new file mode 100644 index 0000000..3af5468 --- /dev/null +++ b/compose.wekan.yml @@ -0,0 +1,739 @@ +version: '2' + +# Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. +#--------------------------------------------------------------------------------------------------------- +# ==== CREATING USERS AND LOGGING IN TO WEKAN ==== +# https://github.com/wekan/wekan/wiki/Adding-users +#--------------------------------------------------------------------------------------------------------- +# ==== FORGOT PASSWORD ==== +# https://github.com/wekan/wekan/wiki/Forgot-Password +#--------------------------------------------------------------------------------------------------------- +# ==== Upgrading Wekan to new version ===== +# NOTE: MongoDB has changed from 3.x to 4.x, in that case you need backup/restore with --noIndexRestore +# see https://github.com/wekan/wekan/wiki/Backup +# 1) Stop Wekan: +# docker-compose stop +# 2) Remove old Wekan app (wekan-app only, not that wekan-db container that has all your data) +# docker rm wekan-app +# 3) Get newest docker-compose.yml from https://github.com/wekan/wekan to have correct image, +# for example: "image: quay.io/wekan/wekan" or version tag "image: quay.io/wekan/wekan:v4.52" +# 4) Start Wekan: +# docker-compose up -d +#---------------------------------------------------------------------------------- +# ==== OPTIONAL: DEDICATED DOCKER USER ==== +# 1) Optionally create a dedicated user for Wekan, for example: +# sudo useradd -d /home/wekan -m -s /bin/bash wekan +# 2) Add this user to the docker group, then logout+login or reboot: +# sudo usermod -aG docker wekan +# 3) Then login as user wekan. +# 4) Create this file /home/wekan/docker-compose.yml with your modifications. +#---------------------------------------------------------------------------------- +# ==== RUN DOCKER AS SERVICE ==== +# 1a) Running Docker as service, on Systemd like Debian 9, Ubuntu 16.04, CentOS 7: +# sudo systemctl enable docker +# sudo systemctl start docker +# 1b) Running Docker as service, on init.d like Debian 8, Ubuntu 14.04, CentOS 6: +# sudo update-rc.d docker defaults +# sudo service docker start +# ---------------------------------------------------------------------------------- +# ==== USAGE OF THIS docker-compose.yml ==== +# 1) For seeing does Wekan work, try this and check with your web browser: +# docker-compose up +# 2) Stop Wekan and start Wekan in background: +# docker-compose stop +# docker-compose up -d +# 3) See running Docker containers: +# docker ps +# 4) Stop Docker containers: +# docker-compose stop +# ---------------------------------------------------------------------------------- +# ===== INSIDE DOCKER CONTAINERS, AND BACKUP/RESTORE ==== +# https://github.com/wekan/wekan/wiki/Backup +# If really necessary, repair MongoDB: https://github.com/wekan/wekan-mongodb/issues/6#issuecomment-424004116 +# 1) Going inside containers: +# a) Wekan app, does not contain data +# docker exec -it wekan-app bash +# b) MongoDB, contains all data +# docker exec -it wekan-db bash +# 2) Copying database to outside of container: +# docker exec -it wekan-db bash +# cd /data +# mongodump +# exit +# docker cp wekan-db:/data/dump . +# 3) Restoring database +# # 1) Stop wekan +# docker stop wekan-app +# # 2) Go inside database container +# docker exec -it wekan-db bash +# # 3) and data directory +# cd /data +# # 4) Remove previous dump +# rm -rf dump +# # 5) Exit db container +# exit +# # 6) Copy dump to inside docker container +# docker cp dump wekan-db:/data/ +# # 7) Go inside database container +# docker exec -it wekan-db bash +# # 8) and data directory +# cd /data +# # 9) Restore +# mongorestore --drop +# # 10) Exit db container +# exit +# # 11) Start wekan +# docker start wekan-app +#------------------------------------------------------------------------- + +services: + + wekandb: + #------------------------------------------------------------------------------------- + # ==== MONGODB AND METEOR VERSION ==== + # a) mongodb latest, like 3.2 - 4.4 or newer https://hub.docker.com/_/mongo?tab=description + # 2020-12-03: + # - Mongo image copied from Docker Hub mongo:4.4.2-bionic to Quay + # to avoid Docker Hub rate limits. + # Quay image does work: + # image: quay.io/wekan/mongo:4.4.2-bionic + # Docker Hub MongoDB image does work: + image: mongo:4.4 + #------------------------------------------------------------------------------------- + container_name: wekan-db + restart: always + # command: mongod --oplogSize 128 + # Syslog: mongod --syslog --oplogSize 128 --quiet + # Disable MongoDB logs: + command: mongod --logpath /dev/null --oplogSize 128 --quiet + networks: + - wekan-tier + expose: + - 27017 + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - wekan-db:/data/db + - wekan-db-dump:/dump + + wekan: + #------------------------------------------------------------------------------------- + # ==== MONGODB AND METEOR VERSION ==== + # a) Quay automatic builds do work work, https://quay.io/wekan/wekan + image: quay.io/wekan/wekan + # b) Using specific version tag: + # image: quay.io/wekan/wekan:v4.52 + # c) Docker Hub builds do work https://hub.docker.com/r/wekanteam/wekan + # image: wekanteam/wekan + #------------------------------------------------------------------------------------- + container_name: wekan-app + restart: always + networks: + - wekan-tier + #------------------------------------------------------------------------------------- + # ==== BUILD wekan-app DOCKER CONTAINER FROM SOURCE, if you uncomment these ==== + # ==== and use commands: docker-compose up -d --build + #build: + # context: . + # dockerfile: Dockerfile + #------------------------------------------------------------------------------------- + ports: + # Docker outsideport:insideport. Do not add anything extra here. + # For example, if you want to have wekan on port 3001, + # use 3001:8080 . Do not add any extra address etc here, that way it does not work. + # remove port mapping if you use nginx reverse proxy, port 8080 is already exposed to wekan-tier network + - 3000:8080 + environment: + #----------------------------------------------------------------- + # ==== WRITEABLE PATH FOR FILE UPLOADS ==== + - WRITABLE_PATH=/data + #----------------------------------------------------------------- + # ==== MONGO_URL ==== + - MONGO_URL=mongodb://wekandb:27017/wekan + #--------------------------------------------------------------- + # ==== ROOT_URL SETTING ==== + # Change ROOT_URL to your real Wekan URL, for example: + # If you have Caddy/Nginx/Apache providing SSL + # - https://example.com + # - https://boards.example.com + # This can be problematic with avatars https://github.com/wekan/wekan/issues/1776 + # - https://example.com/wekan + # If without https, can be only wekan node, no need for Caddy/Nginx/Apache if you don't need them + # - http://example.com + # - http://boards.example.com + # - http://192.168.1.100 <=== using at local LAN + - ROOT_URL=http://localhost # <=== using only at same laptop/desktop where Wekan is installed + #--------------------------------------------------------------- + # ==== EMAIL SETTINGS ==== + # Email settings are only at MAIL_URL and MAIL_FROM. + # Admin Panel has test button, but it's not used for settings. + # see https://github.com/wekan/wekan/wiki/Troubleshooting-Mail + # For SSL in email, change smtp:// to smtps:// + # NOTE: Special characters need to be url-encoded in MAIL_URL. + # You can encode those characters for example at: https://www.urlencoder.org + #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/ + - MAIL_URL=smtp://:25/?ignoreTLS=true&tls={rejectUnauthorized:false} + - MAIL_FROM=Wekan Notifications + # Currently MAIL_SERVICE is not in use. + #- MAIL_SERVICE=Outlook365 + #- MAIL_SERVICE_USER=firstname.lastname@hotmail.com + #- MAIL_SERVICE_PASSWORD=SecretPassword + #--------------------------------------------------------------- + # https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132 + # Add more Node heap, this is done by default at Dockerfile: + # - NODE_OPTIONS="--max_old_space_size=4096" + # Add more stack, this is done at Dockerfile: + # bash -c "ulimit -s 65500; exec node --stack-size=65500 main.js" + #--------------------------------------------------------------- + # ==== OPTIONAL: MONGO OPLOG SETTINGS ===== + # https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587 + # We've fixed our CPU usage problem today with an environment + # change around Wekan. I wasn't aware during implementation + # that if you're using more than 1 instance of Wekan + # (or any MeteorJS based tool) you're supposed to set + # MONGO_OPLOG_URL as an environment variable. + # Without setting it, Meteor will perform a poll-and-diff + # update of it's dataset. With it, Meteor will update from + # the OPLOG. See here + # https://blog.meteor.com/tuning-meteor-mongo-livedata-for-scalability-13fe9deb8908 + # After setting + # MONGO_OPLOG_URL=mongodb://:@/local?authSource=admin&replicaSet=rsWekan + # the CPU usage for all Wekan instances dropped to an average + # of less than 10% with only occasional spikes to high usage + # (I guess when someone is doing a lot of work) + # - MONGO_OPLOG_URL=mongodb://:@/local?authSource=admin&replicaSet=rsWekan + #--------------------------------------------------------------- + # ==== OPTIONAL: KADIRA PERFORMANCE MONITORING FOR METEOR ==== + # https://github.com/edemaine/kadira-compose + # https://github.com/meteor/meteor-apm-agent + # https://blog.meteor.com/kadira-apm-is-now-open-source-490469ffc85f + #- APM_OPTIONS_ENDPOINT=http://:11011 + #- APM_APP_ID= + #- APM_APP_SECRET= + #--------------------------------------------------------------- + # ==== OPTIONAL: LOGS AND STATS ==== + # https://github.com/wekan/wekan/wiki/Logs + # + # Daily export of Wekan changes as JSON to Logstash and ElasticSearch / Kibana (ELK) + # https://github.com/wekan/wekan-logstash + # + # Statistics Python script for Wekan Dashboard + # https://github.com/wekan/wekan-stats + # + # Console, file, and zulip logger on database changes https://github.com/wekan/wekan/pull/1010 + # with fix to replace console.log by winston logger https://github.com/wekan/wekan/pull/1033 + # but there could be bug https://github.com/wekan/wekan/issues/1094 + # + # There is Feature Request: Logging date and time of all activity with summary reports, + # and requesting reason for changing card to other column https://github.com/wekan/wekan/issues/1598 + #--------------------------------------------------------------- + # ==== NUMBER OF SEARCH RESULTS PER PAGE BY DEFAULT ==== + #- RESULTS_PER_PAGE=20 + #--------------------------------------------------------------- + # ==== WEKAN API AND EXPORT BOARD ==== + # Wekan Export Board works when WITH_API=true. + # https://github.com/wekan/wekan/wiki/REST-API + # https://github.com/wekan/wekan-gogs + # If you disable Wekan API with false, Export Board does not work. + - WITH_API=true + #--------------------------------------------------------------- + # ==== PASSWORD BRUTE FORCE PROTECTION ==== + #https://atmospherejs.com/lucasantoniassi/accounts-lockout + #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js + #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3 + #- ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60 + #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15 + #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 + #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 + #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 + #--------------------------------------------------------------- + # ==== ACCOUNT OPTIONS ==== + # https://docs.meteor.com/api/accounts-multi.html#AccountsCommon-config + # Defaults below. Uncomment to change. wekan/server/accounts-common.js + # - ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS=90 + #--------------------------------------------------------------- + # ==== RICH TEXT EDITOR IN CARD COMMENTS ==== + # https://github.com/wekan/wekan/pull/2560 + - RICHER_CARD_COMMENT_EDITOR=false + #--------------------------------------------------------------- + # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== + # https://github.com/wekan/wekan/issues/2518 + - CARD_OPENED_WEBHOOK_ENABLED=false + #--------------------------------------------------------------- + # ==== Allow to shrink attached/pasted image ==== + # https://github.com/wekan/wekan/pull/2544 + #-MAX_IMAGE_PIXEL=1024 + #-IMAGE_COMPRESS_RATIO=80 + #--------------------------------------------------------------- + # ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE ===== + # Number of days after a notification is read before we remove it. + # Default: 2 + #- NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2 + #--------------------------------------------------------------- + # ==== BIGEVENTS DUE ETC NOTIFICATIONS ===== + # https://github.com/wekan/wekan/pull/2541 + # Introduced a system env var BIGEVENTS_PATTERN default as "NONE", + # so any activityType matches the pattern, system will send out + # notifications to all board members no matter they are watching + # or tracking the board or not. Owner of the wekan server can + # disable the feature by setting this variable to "NONE" or + # change the pattern to any valid regex. i.e. '|' delimited + # activityType names. + # a) Example + #- BIGEVENTS_PATTERN=due + # b) All + #- BIGEVENTS_PATTERN=received|start|due|end + # c) Disabled + - BIGEVENTS_PATTERN=NONE + #--------------------------------------------------------------- + # ==== EMAIL DUE DATE NOTIFICATION ===== + # https://github.com/wekan/wekan/pull/2536 + # System timelines will be showing any user modification for + # dueat startat endat receivedat, also notification to + # the watchers and if any card is due, about due or past due. + # + # Notify due days, default is None, 2 days before and on the event day + #- NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0 + # + # Notify due at hour of day. Default every morning at 8am. Can be 0-23. + # If env variable has parsing error, use default. Notification sent to watchers. + #- NOTIFY_DUE_AT_HOUR_OF_DAY=8 + #----------------------------------------------------------------- + # ==== EMAIL NOTIFICATION TIMEOUT, ms ===== + # Default: 30000 ms = 30s + #- EMAIL_NOTIFICATION_TIMEOUT=30000 + #----------------------------------------------------------------- + # ==== CORS ===== + # CORS: Set Access-Control-Allow-Origin header. + #- CORS=* + # CORS_ALLOW_HEADERS: Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. + #- CORS_ALLOW_HEADERS=Authorization,Content-Type + # CORS_EXPOSE_HEADERS: Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations + #- CORS_EXPOSE_HEADERS=* + #----------------------------------------------------------------- + # ==== MATOMO INTEGRATION ==== + # Optional: Integration with Matomo https://matomo.org that is installed to your server + # The address of the server where Matomo is hosted. + #- MATOMO_ADDRESS=https://example.com/matomo + # The value of the site ID given in Matomo server for Wekan + #- MATOMO_SITE_ID=1 + # The option do not track which enables users to not be tracked by matomo + #- MATOMO_DO_NOT_TRACK=true + # The option that allows matomo to retrieve the username: + #- MATOMO_WITH_USERNAME=true + #----------------------------------------------------------------- + # ==== BROWSER POLICY AND TRUSTED IFRAME URL ==== + # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. + # Setting this to false is not recommended, it also disables all other browser policy protections + # and allows all iframing etc. See wekan/server/policy.js + - BROWSER_POLICY_ENABLED=true + # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. + #- TRUSTED_URL=https://intra.example.com + #----------------------------------------------------------------- + # ==== OUTGOING WEBHOOKS ==== + # What to send to Outgoing Webhook, or leave out. If commented out the default values will be: cardId,listId,oldListId,boardId,comment,user,card,commentId,swimlaneId,customerField,customFieldValue + #- WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId + #----------------------------------------------------------------- + # ==== Debug OIDC OAuth2 etc ==== + #- DEBUG=true + #----------------------------------------------------------------- + # ==== OAUTH2 ORACLE on premise identity manager OIM ==== + #- ORACLE_OIM_ENABLED=true + #----------------------------------------------------------------- + # ==== OAUTH2 AZURE ==== + # https://github.com/wekan/wekan/wiki/Azure + # 1) Register the application with Azure. Make sure you capture + # the application ID as well as generate a secret key. + # 2) Configure the environment variables. This differs slightly + # by installation type, but make sure you have the following: + #- OAUTH2_ENABLED=true + # Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299 + #- OAUTH2_CA_CERT=ABCD1234 + # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting. + #- OAUTH2_ADFS_ENABLED=false + # OAuth2 login style: popup or redirect. + #- OAUTH2_LOGIN_STYLE=redirect + # Application GUID captured during app registration: + #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx + # Secret key generated during app registration: + #- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + #- OAUTH2_SERVER_URL=https://login.microsoftonline.com/ + #- OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize + #- OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo + #- OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token + # The claim name you want to map to the unique ID field: + #- OAUTH2_ID_MAP=email + # The claim name you want to map to the username field: + #- OAUTH2_USERNAME_MAP=email + # The claim name you want to map to the full name field: + #- OAUTH2_FULLNAME_MAP=name + # The claim name you want to map to the email field: + #- OAUTH2_EMAIL_MAP=email + #----------------------------------------------------------------- + # ==== OAUTH2 Nextcloud ==== + # 1) Register the application with Nextcloud: https://your.nextcloud/index.php/settings/admin/security + # Make sure you capture the application ID as well as generate a secret key. + # Use https://your.wekan/_oauth/oidc for the redirect URI. + # 2) Configure the environment variables. This differs slightly + # by installation type, but make sure you have the following: + #- OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #- OAUTH2_LOGIN_STYLE=redirect + # Application GUID captured during app registration: + #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx + # Secret key generated during app registration: + #- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + #- OAUTH2_SERVER_URL=https://your-nextcloud.tld + #- OAUTH2_AUTH_ENDPOINT=/index.php/apps/oauth2/authorize + #- OAUTH2_USERINFO_ENDPOINT=/ocs/v2.php/cloud/user?format=json + #- OAUTH2_TOKEN_ENDPOINT=/index.php/apps/oauth2/api/v1/token + # The claim name you want to map to the unique ID field: + #- OAUTH2_ID_MAP=id + # The claim name you want to map to the username field: + #- OAUTH2_USERNAME_MAP=id + # The claim name you want to map to the full name field: + #- OAUTH2_FULLNAME_MAP=display-name + # The claim name you want to map to the email field: + #- OAUTH2_EMAIL_MAP=email + #----------------------------------------------------------------- + # ==== OAUTH2 KEYCLOAK ==== + # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED + #- OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #- OAUTH2_LOGIN_STYLE=redirect + #- OAUTH2_CLIENT_ID= + #- OAUTH2_SERVER_URL=/auth + #- OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth + #- OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo + #- OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token + #- OAUTH2_SECRET= + #----------------------------------------------------------------- + # ==== OAUTH2 DOORKEEPER ==== + # https://github.com/wekan/wekan/issues/1874 + # https://github.com/wekan/wekan/wiki/OAuth2 + # Enable the OAuth2 connection + #- OAUTH2_ENABLED=true + # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # OAuth2 login style: popup or redirect. + #- OAUTH2_LOGIN_STYLE=redirect + # OAuth2 Client ID. + #- OAUTH2_CLIENT_ID=abcde12345 + # OAuth2 Secret. + #- OAUTH2_SECRET=54321abcde + # OAuth2 Server URL. + #- OAUTH2_SERVER_URL=https://chat.example.com + # OAuth2 Authorization Endpoint. + #- OAUTH2_AUTH_ENDPOINT=/oauth/authorize + # OAuth2 Userinfo Endpoint. + #- OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo + # OAuth2 Token Endpoint. + #- OAUTH2_TOKEN_ENDPOINT=/oauth/token + # OAUTH2 ID Token Whitelist Fields. + #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS="" + # OAUTH2 Request Permissions. + #- OAUTH2_REQUEST_PERMISSIONS=openid profile email + # OAuth2 ID Mapping + #- OAUTH2_ID_MAP= + # OAuth2 Username Mapping + #- OAUTH2_USERNAME_MAP= + # OAuth2 Fullname Mapping + #- OAUTH2_FULLNAME_MAP= + # OAuth2 Email Mapping + #- OAUTH2_EMAIL_MAP= + #----------------------------------------------------------------- + # ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ==== + # https://github.com/wekan/wekan/wiki/LDAP + # For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys + # Most settings work both on Snap and Docker below. + # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. + # + # The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap. + #- DEFAULT_AUTHENTICATION_METHOD=ldap + # + # Enable or not the connection by the LDAP + #- LDAP_ENABLE=true + # + # The port of the LDAP server + #- LDAP_PORT=389 + # + # The host server for the LDAP server + #- LDAP_HOST=localhost + # + #----------------------------------------------------------------- + # ==== LDAP AD Simple Auth ==== + # + # Set to true, if you want to connect with Active Directory by Simple Authentication. + # When using AD Simple Auth, LDAP_BASEDN is not needed. + # + # Example: + #- LDAP_AD_SIMPLE_AUTH=true + # + # === LDAP User Authentication === + # + # a) Option to login to the LDAP server with the user's own username and password, instead of + # an administrator key. Default: false (use administrator key). + # + # b) When using AD Simple Auth, set to true, when login user is used for binding, + # and LDAP_BASEDN is not needed. + # + # Example: + #- LDAP_USER_AUTHENTICATION=true + # + # Which field is used to find the user for the user authentication. Default: uid. + #- LDAP_USER_AUTHENTICATION_FIELD=uid + # + # === LDAP Default Domain === + # + # a) In case AD SimpleAuth is configured, the default domain is appended to the given + # loginname for creating the correct username for the bind request to AD. + # + # b) The default domain of the ldap it is used to create email if the field is not map + # correctly with the LDAP_SYNC_USER_DATA_FIELDMAP + # + # Example : + #- LDAP_DEFAULT_DOMAIN=mydomain.com + # + #----------------------------------------------------------------- + # ==== LDAP BASEDN Auth ==== + # + # The base DN for the LDAP Tree + #- LDAP_BASEDN=ou=user,dc=example,dc=org + # + #----------------------------------------------------------------- + # Fallback on the default authentication method + #- LDAP_LOGIN_FALLBACK=false + # + # Reconnect to the server if the connection is lost + #- LDAP_RECONNECT=true + # + # Overall timeout, in milliseconds + #- LDAP_TIMEOUT=10000 + # + # Specifies the timeout for idle LDAP connections in milliseconds + #- LDAP_IDLE_TIMEOUT=10000 + # + # Connection timeout, in milliseconds + #- LDAP_CONNECT_TIMEOUT=10000 + # + # If the LDAP needs a user account to search + #- LDAP_AUTHENTIFICATION=true + # + # The search user DN - You need quotes when you have spaces in parameters + # 2 examples: + #- LDAP_AUTHENTIFICATION_USERDN=CN=ldap admin,CN=users,DC=domainmatter,DC=lan + #- LDAP_AUTHENTIFICATION_USERDN=CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com + # + # The password for the search user + #- LDAP_AUTHENTIFICATION_PASSWORD=pwd + # + # Enable logs for the module + #- LDAP_LOG_ENABLED=true + # + # If the sync of the users should be done in the background + #- LDAP_BACKGROUND_SYNC=false + # + # At which interval does the background task sync. + # The format must be as specified in: + # https://bunkat.github.io/later/parsers.html#text + #- LDAP_BACKGROUND_SYNC_INTERVAL='every 1 hour' + # + #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false + # + #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false + # + # If using LDAPS: LDAP_ENCRYPTION=ssl + #- LDAP_ENCRYPTION=false + # + # The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. + #- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE----- + # + # Reject Unauthorized Certificate + #- LDAP_REJECT_UNAUTHORIZED=false + # + # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed + #- LDAP_USER_SEARCH_FILTER= + # + # base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) + #- LDAP_USER_SEARCH_SCOPE=one + # + # Which field is used to find the user, like uid / sAMAccountName + #- LDAP_USER_SEARCH_FIELD=sAMAccountName + # + # Used for pagination (0=unlimited) + #- LDAP_SEARCH_PAGE_SIZE=0 + # + # The limit number of entries (0=unlimited) + #- LDAP_SEARCH_SIZE_LIMIT=0 + # + # Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap. + #- LDAP_GROUP_FILTER_ENABLE=false + # + # The object class for filtering. Example: group + #- LDAP_GROUP_FILTER_OBJECTCLASS= + # + # The attribute of a group identifying it. Example: cn + #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= + # + # The attribute inside a group object listing its members. Example: member + #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= + # + # The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE. Example: 'dn' if the users dn is saved as value into the attribute. + #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= + # + # The group name (id) that matches all users. + #- LDAP_GROUP_FILTER_GROUP_NAME= + # + # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid + #- LDAP_UNIQUE_IDENTIFIER_FIELD= + # + # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 + #- LDAP_UTF8_NAMES_SLUGIFY=true + # + # LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName + #- LDAP_USERNAME_FIELD=sAMAccountName + # + # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName + #- LDAP_FULLNAME_FIELD=fullname + # + #- LDAP_MERGE_EXISTING_USERS=false + # + # Allow existing account matching by e-mail address when username does not match + #- LDAP_EMAIL_MATCH_ENABLE=true + # + # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match + #- LDAP_EMAIL_MATCH_REQUIRE=true + # + # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching + #- LDAP_EMAIL_MATCH_VERIFIED=true + # + # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address + #- LDAP_EMAIL_FIELD=mail + #----------------------------------------------------------------- + #- LDAP_SYNC_USER_DATA=false + # + #- LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} + # + #- LDAP_SYNC_GROUP_ROLES= + # + # The default domain of the ldap it is used to create email if the field is not map correctly + # with the LDAP_SYNC_USER_DATA_FIELDMAP is defined in setting LDAP_DEFAULT_DOMAIN above. + # + # Enable/Disable syncing of admin status based on ldap groups: + #- LDAP_SYNC_ADMIN_STATUS=true + # + # Comma separated list of admin group names to sync. + #- LDAP_SYNC_ADMIN_GROUPS=group1,group2 + #--------------------------------------------------------------------- + # Login to LDAP automatically with HTTP header. + # In below example for siteminder, at right side of = is header name. + #- HEADER_LOGIN_ID=HEADERUID + #- HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME + #- HEADER_LOGIN_LASTNAME=HEADERLASTNAME + #- HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS + #--------------------------------------------------------------------- + # ==== LOGOUT TIMER, probably does not work yet ==== + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #- LOGOUT_WITH_TIMER= + # + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #- LOGOUT_IN= + # + # LOGOUT_ON_HOURS : The number of hours + # example : LOGOUT_ON_HOURS=9 + #- LOGOUT_ON_HOURS= + # + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #- LOGOUT_ON_MINUTES= + #------------------------------------------------------------------- + # Hide password login form + # - PASSWORD_LOGIN_ENABLED=true + #------------------------------------------------------------------- + #- CAS_ENABLED=true + #- CAS_BASE_URL=https://cas.example.com/cas + #- CAS_LOGIN_URL=https://cas.example.com/login + #- CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate + #--------------------------------------------------------------------- + #- SAML_ENABLED=true + #- SAML_PROVIDER= + #- SAML_ENTRYPOINT= + #- SAML_ISSUER= + #- SAML_CERT= + #- SAML_IDPSLO_REDIRECTURL= + #- SAML_PRIVATE_KEYFILE= + #- SAML_PUBLIC_CERTFILE= + #- SAML_IDENTIFIER_FORMAT= + #- SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE= + #- SAML_ATTRIBUTES= + #--------------------------------------------------------------------- + # Wait spinner to use + # - WAIT_SPINNER=Bounce + #--------------------------------------------------------------------- + depends_on: + - wekandb + volumes: + - /etc/localtime:/etc/localtime:ro + - wekan-files:/data:rw + +#--------------------------------------------------------------------------------- +# ==== OPTIONAL: SHARE DATABASE TO OFFICE LAN AND REMOTE VPN ==== +# When using Wekan both at office LAN and remote VPN: +# 1) Have above Wekan docker container config with LAN IP address +# 2) Copy all of above wekan container config below, look above of this part above and all config below it, +# before above depends_on: part: +# +# wekan: +# #------------------------------------------------------------------------------------- +# # ==== MONGODB AND METEOR VERSION ==== +# # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, ..... +# +# +# and change name to different name like wekan2 or wekanvpn, and change ROOT_URL to server VPN IP +# address. +# 3) This way both Wekan containers can use same MongoDB database +# and see the same Wekan boards. +# 4) You could also add 3rd Wekan container for 3rd network etc. +# EXAMPLE: +# wekan2: +# ....COPY CONFIG FROM ABOVE TO HERE... +# environment: +# - ROOT_URL='http://10.10.10.10' +# ...COPY CONFIG FROM ABOVE TO HERE... +#--------------------------------------------------------------------------------- + +# OPTIONAL NGINX CONFIG FOR REVERSE PROXY +# nginx: +# image: nginx +# container_name: nginx +# restart: always +# networks: +# - wekan-tier +# depends_on: +# - wekan +# ports: +# - 80:80 +# - 443:443 +# volumes: +# - ./nginx/ssl:/etc/nginx/ssl/:ro +# - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro +## Alternative volume config: +## volumes: +## - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro +## - ./nginx/ssl/ssl.conf:/etc/nginx/conf.d/ssl/ssl.conf:ro +## - ./nginx/ssl/testvm-ehu.crt:/etc/nginx/conf.d/ssl/certs/mycert.crt:ro +## - ./nginx/ssl/testvm-ehu.key:/etc/nginx/conf.d/ssl/certs/mykey.key:ro +## - ./nginx/ssl/pphrase:/etc/nginx/conf.d/ssl/pphrase:ro + +volumes: + wekan-files: + driver: local + wekan-db: + driver: local + wekan-db-dump: + driver: local + +networks: + wekan-tier: + driver: bridge diff --git a/requirements.txt b/requirements.txt index 43077fe..36c54d9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17,6 +17,7 @@ pydantic==1.9.0 pyparsing==3.0.7 pytest==7.0.1 pytest-mock==3.7.0 +python-dotenv==0.19.2 requests==2.27.1 sniffio==1.2.0 starlette==0.17.1