Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(auth): integrate ldap #3031

Merged
merged 13 commits into from
Nov 29, 2023
Merged

feat(auth): integrate ldap #3031

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
6bd7747
Build LDAP in private cloud
matthewelwell Nov 20, 2023
3d6463d
Merge branch 'main' into chore/integrate-ldap
matthewelwell Nov 24, 2023
aab45c2
Make ldap group optional
matthewelwell Nov 24, 2023
b0c7b53
Test docker build
matthewelwell Nov 27, 2023
607d70a
Merge branch 'main' into chore/integrate-ldap
matthewelwell Nov 27, 2023
252efc5
Temp: run on self-hosted
matthewelwell Nov 29, 2023
f3943e8
Git credentials
matthewelwell Nov 29, 2023
09357ae
Use matt's machine
matthewelwell Nov 29, 2023
f5049c2
global git the things
matthewelwell Nov 29, 2023
2d16bd2
Do the things in the build
matthewelwell Nov 29, 2023
7d74c76
Use alpha version
matthewelwell Nov 29, 2023
2be63e7
Update flagsmith-ldap
matthewelwell Nov 29, 2023
9efbaf8
Remove temporary workflow updates
matthewelwell Nov 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/api-pull-request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ jobs:

- name: Install poetry
run: pipx install poetry

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, irrelevant to this PR but it was bothering me.

- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/platform-docker-publish-all-features-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,8 @@ jobs:
context: .
build-args: |
SAML_INSTALLED=1
POETRY_OPTS=--with saml,auth-controller
POETRY_OPTS=--with saml,auth-controller,ldap
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we're resorting to a private git dependency, this step will fail without adding credentials to the git client.

See one of the solutions.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm... I was assuming that the presence of the github token secret variable would suffice here but perhaps you're right. It's working currently where we manually checkout the packages but I guess that's because we're using a pre-built action. I'll have a play with this...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are providing a distinct token to the checkout action for the private repos, aren't we?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you're right, we are. Well caught, thanks!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See successful build here.

GH_TOKEN=${{ secrets.GH_PRIVATE_ACCESS_TOKEN }}

stop-runner:
needs: [start-runner, build-dockerhub]
Expand Down
5 changes: 5 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ ARG POETRY_VIRTUALENVS_CREATE=false
RUN make install-poetry
ENV PATH="$PATH:/root/.local/bin"

ARG GH_TOKEN
RUN if [ -n "${GH_TOKEN}" ]; \
then echo "https://${GH_TOKEN}:@github.com" > ${HOME}/.git-credentials \
&& git config --global credential.helper store; fi;

ARG POETRY_OPTS
RUN make install-packages opts="${POETRY_OPTS}"

Expand Down
5 changes: 5 additions & 0 deletions api/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@ ARG POETRY_VIRTUALENVS_CREATE=false
RUN make install-poetry
ENV PATH="$PATH:/root/.local/bin"

ARG GH_TOKEN
RUN if [ -n "${GH_TOKEN}" ]; \
then echo "https://${GH_TOKEN}:@github.com" > ${HOME}/.git-credentials \
&& git config --global credential.helper store; fi;

ARG POETRY_OPTS
RUN make install-packages opts="${POETRY_OPTS}"

Expand Down
61 changes: 55 additions & 6 deletions api/poetry.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions api/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,12 @@ optional = true
[tool.poetry.group.saml.dependencies]
pysaml2 = "^7.0.0"

[tool.poetry.group.ldap]
optional = true

[tool.poetry.group.ldap.dependencies]
flagsmith-ldap = { git = "https://github.com/flagsmith/flagsmith-ldap", tag = "v0.0.2" }

[tool.poetry.group.dev.dependencies]
django-test-migrations = "~1.2.0"
responses = "~0.22.0"
Expand Down