Commit Graph

185 Commits (d551f46bbf893fbf5306e625f945a8bc47dd3d6f)

Author SHA1 Message Date
elena bd27ef4b6a
DD- facilita la instalacion desde el dd-ctl 2022-10-30 20:09:09 +01:00
Evilham 651d5f8e90
[dd-ctl] Fix previously introduced shellcheck issue
Caught in CI and introduced when disabling the circles app.
2022-10-30 20:04:49 +01:00
Evilham 071bcd827f
[dd-admin] Fix issue propagating changes to NC
There was erroneous logic that only propagated the first attribute of
many, so some attribute changes were never propagated to NextCloud.
2022-10-30 20:01:44 +01:00
Evilham 895a20abba
[dd-admin] Fix email schemas in certain API endpoints
Dot character was not being properly escaped, we switch to using
bracket expressions to avoid possible future issues.
2022-10-23 19:45:40 +02:00
Evilham d2fb24379a
[nextcloud] Disable circles app
People get confused, and we really only use circles.
2022-10-18 11:05:11 +02:00
elena 089876ff28 moodle new atto plugin 2022-10-18 08:37:26 +00:00
elena 226d0f7861 new moodle plugins to install 2022-10-18 08:37:26 +00:00
Evilham 559a90fba9
[mail] Refactor queue for easier maintenance, use name
We thought the name parameter was the account name to be shown in the
plugin, but it is the contents of the "From" email header instead.

While changing that, we also update the code to better match the open
Pull Request upstream that adds the update-account to the mail plugin
for nextcloud.
2022-10-17 19:06:59 +02:00
elena 3102b3c1f4 conflicts resolved 2022-09-26 07:37:39 +00:00
Evilham fdc3d74958
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 19:14:02 +02:00
Evilham 8cbff5b8c6
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 08:39:40 +02:00
Evilham ede83e1514
[moodle] Reduce unnecessary diff against upstream 2022-09-23 06:52:33 +02:00
Evilham 3ae974432a
[registry] Add dd-sso-admin as an image
This would be the first image that is already distributed directly
from the registry to improve setup and maintenance.
2022-09-22 12:48:13 +02:00
Evilham 3c53a5aead
[wp] Fix multisite installation
While there we also simplify DD by removing an the unnecessary wp-cli
container.
2022-09-22 12:40:31 +02:00
Evilham 7d7c2ddfcf
[containers] Add healthcheck for SSO redirections
This will help us catch issues in e.g. moodle, nextcloud and wp.
2022-09-22 11:52:15 +02:00
Evilham 397655232f
[dd-ctl] Moodle plugins install: reduce verbosity
This was polluting the logs making debugging difficult.
2022-09-06 19:37:29 +02:00
Evilham 66e009abff
[dd-ctl] Fix installation
By toying with the new CI we discover that:
Commit 075529f472 gets into an endless
loop:
    WARNING:root:Could not get moodle SAML2 crt certificate. Retrying...
See: https://ci.dd-work.space/#/builders/4/builds/62/steps/8/logs/stdio

But by reverting 52f99c38bb it works as
expected.
See: https://ci.dd-work.space/#/builders/4/builds/67/steps/8/logs/stdio

Upon investigation, we were not waiting for moodle to be fully up
because 'healthy' is a substring of 'unhealthy' and grep wasn't taking
that into account.
2022-09-06 19:35:23 +02:00
Evilham 08a36cce9f
[dd-ctl] Bundle up some docker commands
This ought to be faster and is easier to read.
2022-09-06 19:30:12 +02:00
Evilham 34761e028b
[sso-admin] Improve postup's idempotency
The class was only checking whether or not a specific token exists in
moodle, and it should ensure that it has access to the right permissions

Reported by:	@elena61
2022-09-06 19:29:37 +02:00
Evilham 075529f472
[haproxy] Remove leftovers, fix config selection
dd-apps/docker/haproxy seems to be a leftover and is not being used
anywhere.

Also fix the config selection for HAProxy.
2022-08-30 22:17:57 +02:00
Evilham 72f9d927e1
[haproxy] Support other HAProxy configurations
This can be used by setting up HAPROXY_CONF in dd.conf, which will
determine which config file will be used.

We also add haproxy.proxy-protocol.conf which is cleaner than
haproxy.conf and allows the PROXY protocol on certain ports.
With this setup it is possible to e.g. run DD without a public IPv4
address by proxying it from an edge server.
2022-08-30 20:47:42 +02:00
elena 993b5f0e24 fixed mysql-connector-python version. fixed mariadb conection user and pwd 2022-08-30 16:58:30 +02:00
Evilham 52f99c38bb
[shellcheck] Fix ShellCheck issues
Detected on the CI we are testing.
2022-08-30 14:41:19 +02:00
Evilham 5bb3afe2aa
[dd-ctl] Fix installations without docker
When we improved the update process, we introduced a deadlock when not
having docker.

By separating update from repo-update we can differentiate those cases:
- update: full update of an existing installation
- repo-update: bring repository to latest stand
2022-08-30 12:42:08 +02:00
Evilham 2d057ec6bc
[sso-admin] Fix regression on new installations
When introducing typing, we erroneously started passing an empty parent
Id instead of None, and the underlying Keycloak library failed to create
the groups.

Closes #15
2022-08-29 12:22:58 +02:00
Evilham 3f08973d7c
[wordpress] Reduce diff / upstream contribution
Now that https://github.com/keycloak/keycloak/pull/12966 has landed on
keycloak we can use that commit as a base for our file, therefore
reducing the resulting diff.
2022-08-29 12:08:42 +02:00
Jose Antonio Exposito Garcia b58e43f5d4 install package in worpdress docker for plugin gsite 2022-08-26 12:55:06 +00:00
Evilham 701be40cf5
[sso-admin] load svg from DOMAIN
This was previously using digitaldemocratic.net
2022-08-08 13:10:47 +02:00
Evilham c39f780cce
[dd.conf.sample] Document how MANAGED_EMAIL_DOMAIN 2022-08-08 12:19:26 +02:00
Evilham 519146a58f
[sso-admin] Fix bug in user_parser 2022-08-08 12:05:42 +02:00
Evilham 3fa0d48858
[dd-ctl] Adapt update subcommand with all actions
This way existing installations can just run ./dd-ctl update and have a
working environment with the latest version.
2022-08-08 11:58:04 +02:00
Evilham e3b1513725
[dd-ctl] [moodle] Do not use plugin dd.conf vars
This was a bad design choice since it doesn't allow us to easily manage
the intended plugin version and therefore keep them up to date.

As a short-term mechanism, we change the used variables to have the
_OVERRIDE suffix and default in dd-ctl to the actual URLs, while also
removing them from dd.conf.sample.

This solves the issue in both current and future installations; in a
near future we want to have these dependencies in a .tsv file where they
can easily be managed.
2022-08-08 11:42:28 +02:00
Evilham 80ff9cce22
[dd-ctl] [nc] forms plugin branch + occ upgrade
When installing / upgrading plugins it is often the case that occ
upgrade needs to run.
2022-08-08 11:40:57 +02:00
elena 151ddd5515 moodle plugins BBB and JITSI last version 2022-08-08 10:11:20 +02:00
Evilham f46162269e
[custom.sample] Apply x-net pink to sample files 2022-08-08 09:52:44 +02:00
Evilham 8309771a1c
[sso-avatars] Also use env var for minio container
From minio's documentation:
- MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated in lieu of
  MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively
- In order to rotate secrets we only need to change
  MINIO_ROOT_{USER,PASSWORD}

Using this commit and the previous one affecting keycloak we can use
per-instance keys as opposed to the current state.
In order to achieve this, AVATARS_ACCESS_KEY and AVATARS_SECRET_KEY must
be set to the desired values.

The only guidelines as to how to generate ACCESS_KEY and SECRET_KEY are:

> Specify a unique, random, and long string for both the ACCESSKEY and
> SECRETKEY. Your organization may have specific internal or regulatory
> requirements around generating values for use with access or secret keys.

See:
- https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_ACCESS_KEY
- https://docs.min.io/minio/baremetal/security/minio-identity-management/user-management.html
2022-08-08 09:40:51 +02:00
Evilham 1ba5e51c41
bugfix in user_parser 2022-08-06 21:47:57 +02:00
Evilham 38d4e517b3
[sso-avatars] Actually use environment variables
This was needed because previously the DEFAULT_SERVER_URL was hardcoded
in the compiled keycloak module and that URL has changed.

For consistency sso-admin uses the same environment variables (except it
needs AVATARS_SERVER_HOST instead of AVATARS_SERVER_URL).
2022-08-06 21:47:35 +02:00
elena beb0350e9a Merge branch 'main' into develop 2022-08-05 15:42:57 +02:00
elena 6ad8df956e Merge branch 'develop' of https://gitlab.com/DD-workspace/DD into develop 2022-08-05 15:42:52 +02:00
elena bf0aeaf991 ADMIN: fix moodle db name 2022-08-05 15:42:27 +02:00
Evilham 7bcb222d18
[nc] user_saml: update to 5.0.2
We checked this works fine in multiple environments.

Reviewed with:	@elena61
2022-08-05 11:58:00 +02:00
elena 5c3967cbe6
variable format changed 2022-08-05 10:55:13 +02:00
elena 77342f6e8a
FIX: role changed on admin and on moodle 2022-08-05 10:55:11 +02:00
elena d9d9fc8ef0 variable format changed 2022-08-05 09:43:58 +02:00
Evilham 86baf7bd69
[sso-admin] Add compatibility keys in outgoing API 2022-08-04 14:42:17 +02:00
Evilham 822ed98ab4
[dd-sso-admin] bugfix and add tracing for 3p cbs 2022-08-04 14:05:02 +02:00
elena 8152d24b29 Merge branch 'main' into develop 2022-08-04 09:48:39 +02:00
Evilham 0eb8f5f549
[sso-admin] Fix issue when editing users
Co-written with:	@elena61
2022-08-04 09:24:37 +02:00
Xnet Xnet cb219ac87f Update README.md 2022-08-03 11:46:10 +00:00