You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (Jira)" <ji...@apache.org> on 2020/11/20 22:28:00 UTC
[jira] [Commented] (AIRAVATA-3383) Automate creating a
settings_local.py file for local development
[ https://issues.apache.org/jira/browse/AIRAVATA-3383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17236481#comment-17236481 ]
Marcus Christie commented on AIRAVATA-3383:
-------------------------------------------
Adding {{manage-clients}} role to the portal client gives it the necessary permissions to create clients. Example of using the REST API with the {{pga}} client:
{code}
curl -u $CLIENT_ID:$CLIENT_SECRET -d grant_type=client_credentials https://iamdev.scigap.org/auth/realms/default/protocol/openid-connect/token
curl -H "Authorization: Bearer $ACCESS_TOKEN" https://iamdev.scigap.org/auth/admin/realms/default/clients
curl -v -X POST -d '{"clientId": "test1"}' -H "Content-Type: application/json" -H "Authorization: Bearer $ACCESS_TOKEN" https://iamdev.scigap.org/auth/admin/realms/default/clients
{code}
My plan is to assume that the Django portal Keycloak client has {{manage-clients}} and can use the REST API to generate a client for a user.
> Automate creating a settings_local.py file for local development
> ----------------------------------------------------------------
>
> Key: AIRAVATA-3383
> URL: https://issues.apache.org/jira/browse/AIRAVATA-3383
> Project: Airavata
> Issue Type: Bug
> Components: Django Portal
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Major
>
> Make it easier for gateway developers to get a settings_local.py for local development. What we tend to do is copy the settings_local.py for the deployed Django portal instance and then modify it to work for local development.
> Here are some differences between the production and local dev settings_local.py
> - comment out production settings like DEBUG, STATIC_ROOT, ALLOWED_HOSTS
> - comment out the MySQL database engine - local dev will use sqlite db instead
> -- need to also remove the db password or mask it
> - set GATEWAY_DATA_STORE_REMOTE_API so that locally the user sees the files on the remote deployed gateway
> - comment out FILE_UPLOAD_TEMP_DIR
> - comment out the TUS settings
> Also, for the Keycloak OAuth login to work we need to add {{http://localhost:8000/}} and {{http://localhost:8000/auth/callback*}}.
> Improvements that could be made:
> - ideally, we would create a new Keycloak client for the realm that has as little privileges as necessary. The Keycloak client used for the production deployed Django portals has 'manage-users' role. The Keycloak client for local development should only allow logging in to localhost.
> - might be good to create a SQLite configuration that names the database file uniquely, but that is maybe something that is only useful is working on more than one gateway
--
This message was sent by Atlassian Jira
(v8.3.4#803005)