You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (Jira)" <ji...@apache.org> on 2021/06/08 19:45:00 UTC

[jira] [Updated] (AIRAVATA-3383) Automate creating a settings_local.py file for local development

     [ https://issues.apache.org/jira/browse/AIRAVATA-3383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marcus Christie updated AIRAVATA-3383:
--------------------------------------
    Description: 
Make it easier for gateway developers to get a settings_local.py for local development. What we tend to do is copy the settings_local.py for the deployed Django portal instance (/var/www/portals/django-gateway/airavata-django-portal/django_airavata/settings_local.py) and then modify it to work for local development.

Here are some differences between the production and local dev settings_local.py
 - comment out production settings like DEBUG, STATIC_ROOT, ALLOWED_HOSTS
 - comment out the MySQL database engine - local dev will use sqlite db instead
 -- need to also remove the db password or mask it
 - comment out/remove the Email settings
 - set GATEWAY_DATA_STORE_REMOTE_API so that locally the user sees the files on the remote deployed gateway (for example {{[https://geochemsim.org/api]}})
 - comment out FILE_UPLOAD_TEMP_DIR
 - comment out the TUS settings

Also, for the Keycloak OAuth login to work we need to add {{[http://localhost:8000/]}} and {{[http://localhost:8000/auth/callback*]}}. Also {{[http://127.0.0.1:8000/]}} and {{[http://127.0.0.1:8000/auth/callback*]}}

Improvements that could be made:
 - ideally, we would create a new Keycloak client for the realm that has as little privileges as necessary. The Keycloak client used for the production deployed Django portals has 'manage-users' role. The Keycloak client for local development should only allow logging in to localhost.
 - might be good to create a SQLite configuration that names the database file uniquely, but that is maybe something that is only useful is working on more than one gateway

h5. TODO
 - [x] verify that client can be created for local portal development using the REST API
 - [ ] script to add manage-clients role to portal client service accounts (they currently only get manage-users role)
 - [ ] update TenantManagementKeycloakImpl to add manage-clients to newly created portal client service accounts
 - [ ] Django portal: implement creating portal client using REST API
 - [ ] Django portal: implement creating settings_local.py download
 - [ ] handle clients that don't have "Direct Access Grants Enabled" - redirect to Keycloak login page to login with username/password (see comment below)

  was:
Make it easier for gateway developers to get a settings_local.py for local development. What we tend to do is copy the settings_local.py for the deployed Django portal instance (/var/www/portals/django-gateway/airavata-django-portal/django_airavata/settings_local.py) and then modify it to work for local development.

Here are some differences between the production and local dev settings_local.py
- comment out production settings like DEBUG, STATIC_ROOT, ALLOWED_HOSTS
- comment out the MySQL database engine - local dev will use sqlite db instead
-- need to also remove the db password or mask it
- comment out/remove the Email settings
- set GATEWAY_DATA_STORE_REMOTE_API so that locally the user sees the files on the remote deployed gateway (for example {{https://geochemsim.org/api}})
- comment out FILE_UPLOAD_TEMP_DIR
- comment out the TUS settings

Also, for the Keycloak OAuth login to work we need to add {{http://localhost:8000/}} and {{http://localhost:8000/auth/callback*}}. Also {{http://127.0.0.1:8000/}} and {{http://127.0.0.1:8000/auth/callback*}}

Improvements that could be made:
- ideally, we would create a new Keycloak client for the realm that has as little privileges as necessary. The Keycloak client used for the production deployed Django portals has 'manage-users' role. The Keycloak client for local development should only allow logging in to localhost.
- might be good to create a SQLite configuration that names the database file uniquely, but that is maybe something that is only useful is working on more than one gateway

h5. TODO

- [ ] verify that client can be created for local portal development using the REST API
- [ ] script to add manage-clients role to portal client service accounts (they currently only get manage-users role)
- [ ] update TenantManagementKeycloakImpl to add manage-clients to newly created portal client service accounts
- [ ] Django portal: implement creating portal client using REST API
- [ ] Django portal: implement creating settings_local.py download
- [ ] handle clients that don't have "Direct Access Grants Enabled" - redirect to Keycloak login page to login with username/password (see comment below)


> Automate creating a settings_local.py file for local development
> ----------------------------------------------------------------
>
>                 Key: AIRAVATA-3383
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-3383
>             Project: Airavata
>          Issue Type: Bug
>          Components: Django Portal
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
>
> Make it easier for gateway developers to get a settings_local.py for local development. What we tend to do is copy the settings_local.py for the deployed Django portal instance (/var/www/portals/django-gateway/airavata-django-portal/django_airavata/settings_local.py) and then modify it to work for local development.
> Here are some differences between the production and local dev settings_local.py
>  - comment out production settings like DEBUG, STATIC_ROOT, ALLOWED_HOSTS
>  - comment out the MySQL database engine - local dev will use sqlite db instead
>  -- need to also remove the db password or mask it
>  - comment out/remove the Email settings
>  - set GATEWAY_DATA_STORE_REMOTE_API so that locally the user sees the files on the remote deployed gateway (for example {{[https://geochemsim.org/api]}})
>  - comment out FILE_UPLOAD_TEMP_DIR
>  - comment out the TUS settings
> Also, for the Keycloak OAuth login to work we need to add {{[http://localhost:8000/]}} and {{[http://localhost:8000/auth/callback*]}}. Also {{[http://127.0.0.1:8000/]}} and {{[http://127.0.0.1:8000/auth/callback*]}}
> Improvements that could be made:
>  - ideally, we would create a new Keycloak client for the realm that has as little privileges as necessary. The Keycloak client used for the production deployed Django portals has 'manage-users' role. The Keycloak client for local development should only allow logging in to localhost.
>  - might be good to create a SQLite configuration that names the database file uniquely, but that is maybe something that is only useful is working on more than one gateway
> h5. TODO
>  - [x] verify that client can be created for local portal development using the REST API
>  - [ ] script to add manage-clients role to portal client service accounts (they currently only get manage-users role)
>  - [ ] update TenantManagementKeycloakImpl to add manage-clients to newly created portal client service accounts
>  - [ ] Django portal: implement creating portal client using REST API
>  - [ ] Django portal: implement creating settings_local.py download
>  - [ ] handle clients that don't have "Direct Access Grants Enabled" - redirect to Keycloak login page to login with username/password (see comment below)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)