-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add policy template for Compose deployments
- Loading branch information
Showing
42 changed files
with
1,136 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Add policy template for Docker Compose deployments. [buchi] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,256 @@ | ||
| [template] | ||
| post_render = opengever.policytemplates.hooks:post_render | ||
|
|
||
| [questions] | ||
| package.title.pre_ask_question = opengever.policytemplates.hooks:initialize | ||
|
|
||
| package.title.question = Deployment title (e.g. Gemeinde Musterdorf) | ||
| package.title.help = Used as deployment title and package title in readme and setup.py (e.g. Gemeinde Musterdorf). | ||
| package.title.required = True | ||
| package.title.post_ask_question = opengever.policytemplates.hooks:post_package_title | ||
|
|
||
| package.name.question = Package name (e.g. musterdorf) | ||
| package.name.help = 2nd part of package name in "opengever.packagename" (e.g. musterdorf). | ||
| package.name.required = True | ||
| package.name.post_ask_question = opengever.policytemplates.hooks:post_package_name | ||
|
|
||
| package.url.question = Git Repository URL | ||
| package.url.help = Example: https://github.com/someorganisation/opengever.musterdorf | ||
| package.url.required = True | ||
|
|
||
| base.domain.question = Domain | ||
| base.domain.help = Example: barfuss.domain.tld | ||
| base.domain.required = True | ||
| base.domain.post_ask_question = opengever.policytemplates.hooks:post_base_domain | ||
|
|
||
| base.ogds_db_name.question = OGDS DB Name | ||
| base.ogds_db_name.required = True | ||
|
|
||
| base.ogds_db_user.question = OGDS DB User | ||
| base.ogds_db_user.default = zope | ||
| base.ogds_db_user.required = True | ||
|
|
||
| base.ogds_db_password.question = OGDS DB Password | ||
| base.ogds_db_password.required = True | ||
|
|
||
| base.apps_endpoint_url.question = Apps endpoint url | ||
| base.apps_endpoint_url.required = True | ||
|
|
||
| base.bumblebee_app_id.question = Bumblebee app id | ||
| base.bumblebee_app_id.required = False | ||
|
|
||
| base.bumblebee_secret.question = Bumblebee secret | ||
| base.bumblebee_secret.required = False | ||
|
|
||
| base.workspace_secret.question = Workspace secret | ||
| base.workspace_secret.required = False | ||
|
|
||
| deployment.mail_domain.question = Mail domain | ||
| deployment.mail_domain.required = True | ||
|
|
||
| deployment.mail_from_address.question = Mail from address | ||
| deployment.mail_from.address.required = True | ||
|
|
||
| base.server_name.question = Server name | ||
| base.server_name.help = Example: hostname.domain.tld | ||
| base.server_name.required = True | ||
| base.server_name.post_ask_question = opengever.policytemplates.hooks:post_server_name | ||
|
|
||
| base.deployment_number.question = Deployment number (e.g. 07) | ||
| base.deployment_number.help = Two digits, e.g. 07 | ||
| base.deployment_number.required = True | ||
|
|
||
| adminunit.title.question = AdminUnit title | ||
| adminunit.title.required = True | ||
| adminunit.title.post_ask_question = opengever.policytemplates.hooks:post_adminunit_title | ||
|
|
||
| adminunit.id.question = AdminUnit id | ||
| adminunit.id.required = True | ||
| adminunit.id.post_ask_question = opengever.policytemplates.hooks:post_adminunit_id | ||
|
|
||
| adminunit.abbreviation.question = AdminUnit abbreviation / reference number prefix | ||
| adminunit.abbreviation.required = True | ||
|
|
||
| adminunit.public_url.question = AdminUnit public_url | ||
| adminunit.public_url.required = True | ||
|
|
||
| adminunit.site_url.question = AdminUnit site_url | ||
| adminunit.site_url.required = True | ||
|
|
||
| orgunit.title.question = OrgUnit title | ||
| orgunit.title.required = True | ||
|
|
||
| orgunit.id.question = OrgUnit id | ||
| orgunit.id.required = True | ||
|
|
||
| deployment.ldap_bind_dn.question = LDAP Bind DN | ||
| deployment.ldap_bind_dn.required = True | ||
|
|
||
| deployment.ldap_bind_password.question = LDAP Bind Password | ||
| deployment.ldap_bind_password.required = True | ||
|
|
||
| deployment.ldap_ou.question = LDAP ou name | ||
| deployment.ldap_ou.help = The base LDAP ou which contains a Groups and a Users ou. I.e. "ou=CustomerXY,ou=OneGovGEVER,dc=4teamwork,dc=ch" | ||
| deployment.ldap_ou.required = True | ||
|
|
||
| orgunit.users_group.question = Users group | ||
| orgunit.users_group.required = True | ||
|
|
||
| orgunit.inbox_group.question = Inbox group | ||
| orgunit.inbox_group.required = True | ||
|
|
||
| deployment.administrator_group.question = Administrator group | ||
| deployment.administrator_group.required = True | ||
|
|
||
| deployment.limited_admin_group.question = Limited admin group | ||
| deployment.limited_admin_group.required = True | ||
|
|
||
| deployment.rolemanager_group.question = Rolemanager group | ||
| deployment.rolemanager_group.required = True | ||
|
|
||
| deployment.records_manager_group.question = Records Manager group | ||
| deployment.records_manager_group.required = True | ||
|
|
||
| deployment.archivist_group.question = Archivist group | ||
| deployment.archivist_group.required = True | ||
|
|
||
| setup.use_lenient_dossier_resolver.question = Use lenient dossier resolver | ||
| setup.use_lenient_dossier_resolver.required = True | ||
| setup.use_lenient_dossier_resolver.default = true | ||
| setup.use_lenient_dossier_resolver.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.enable_activity_feature.question = Enable activity feature | ||
| setup.enable_activity_feature.required = True | ||
| setup.enable_activity_feature.default = true | ||
| setup.enable_activity_feature.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.enable_meeting_feature.question = Enable meeting feature | ||
| setup.enable_meeting_feature.required = True | ||
| setup.enable_meeting_feature.default = false | ||
| setup.enable_meeting_feature.post_ask_question = opengever.policytemplates.hooks:post_enable_meeting_feature | ||
|
|
||
| setup.enable_docproperty_feature.question = Enable docproperty feature | ||
| setup.enable_docproperty_feature.required = True | ||
| setup.enable_docproperty_feature.default = true | ||
| setup.enable_docproperty_feature.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.nof_templates.question = Number of initial templates | ||
| setup.nof_templates.default = 0 | ||
| setup.nof_templates.post_ask_question = opengever.policytemplates.hooks:post_nof_templates | ||
|
|
||
| setup.maximum_repository_depth.question = Maximum repository depth | ||
| setup.maximum_repository_depth.post_ask_question = opengever.policytemplates.hooks:post_maximum_repository_depth | ||
|
|
||
| setup.reference_prefix_starting_point.question = Reference prefix starting point | ||
| setup.reference_prefix_starting_point.post_ask_question = opengever.policytemplates.hooks:post_reference_prefix_starting_point | ||
|
|
||
| setup.reference_number_formatter.question = Reference number formatter (dotted|grouped_by_three|no_client_id_dotted) | ||
| setup.reference_number_formatter.choices = dotted;grouped_by_three;no_client_id_dotted | ||
| setup.reference_number_formatter.choices_case_sensitive = yes | ||
| setup.reference_number_formatter.choices_delimiter = ; | ||
| setup.reference_number_formatter.post_ask_question = opengever.policytemplates.hooks:post_reference_number_formatter | ||
|
|
||
| setup.maximum_dossier_depth.question = Maximum dossier depth | ||
| setup.maximum_dossier_depth.post_ask_question = opengever.policytemplates.hooks:post_maximum_dossier_depth | ||
|
|
||
| setup.maximum_mail_size.question = Maximum mail size (MB) | ||
| setup.maximum_mail_size.post_ask_question = opengever.policytemplates.hooks:post_maximum_mail_size | ||
|
|
||
| setup.preserved_as_paper.question = "Preserved as paper" default | ||
| setup.preserved_as_paper.required = True | ||
| setup.preserved_as_paper.default = true | ||
| setup.preserved_as_paper.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.enable_private_folder.question = Enable private folder feature | ||
| setup.enable_private_folder.required = True | ||
| setup.enable_private_folder.default = true | ||
| setup.enable_private_folder.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.dossier_templates.question = Enable dossier template feature | ||
| setup.dossier_templates.required = True | ||
| setup.dossier_templates.default = true | ||
| setup.dossier_templates.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.ech0147_export.question = Enable ech0147 export feature | ||
| setup.ech0147_export.required = True | ||
| setup.ech0147_export.default = false | ||
| setup.ech0147_export.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.ech0147_import.question = Enable ech0147 import feature | ||
| setup.ech0147_import.required = True | ||
| setup.ech0147_import.default = false | ||
| setup.ech0147_import.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.officeatwork.question = Enable Office at Work feature | ||
| setup.officeatwork.required = True | ||
| setup.officeatwork.default = false | ||
| setup.officeatwork.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.officeconnector_attach.question = Enable Officeconnector attach to Outlook feature | ||
| setup.officeconnector_attach.required = True | ||
| setup.officeconnector_attach.default = true | ||
| setup.officeconnector_attach.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.officeconnector_checkout.question = Enable Officeconnector direct checkout and edit feature | ||
| setup.officeconnector_checkout.required = True | ||
| setup.officeconnector_checkout.default = true | ||
| setup.officeconnector_checkout.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.repositoryfolder_documents_tab.question = Show documents tab in repository folders | ||
| setup.repositoryfolder_documents_tab.required = True | ||
| setup.repositoryfolder_documents_tab.default = true | ||
| setup.repositoryfolder_documents_tab.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.repositoryfolder_tasks_tab.question = Show tasks tab in repository folders | ||
| setup.repositoryfolder_tasks_tab.required = True | ||
| setup.repositoryfolder_tasks_tab.default = true | ||
| setup.repositoryfolder_tasks_tab.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| setup.repositoryfolder_proposals_tab.question = Show proposals tab in repository folders | ||
| setup.repositoryfolder_proposals_tab.required = True | ||
| setup.repositoryfolder_proposals_tab.default = true | ||
| setup.repositoryfolder_proposals_tab.post_ask_question = mrbob.hooks:to_boolean | ||
|
|
||
| deployment.workspace_creators_group.question = Workspace creators group | ||
| deployment.workspace_creators_group.default = tr_creators | ||
| deployment.workspace_creators_group.required = False | ||
|
|
||
| deployment.workspace_users_group.question = Workspace users group | ||
| deployment.workspace_users_group.default = tr_users | ||
| deployment.workspace_users_group.required = False | ||
|
|
||
| setup.invitation_group_dn.question = Invitation Group DN | ||
| setup.invitation_group_dn.help = If not set, the OrgUnit's users_group_id is used. | ||
| setup.hubspot.question = Enable HubSpot feature | ||
| setup.hubspot.required = True | ||
| setup.hubspot.default = false | ||
| setup.hubspot.post_ask_question = mrbob.hooks:to_boolean | ||
| setup.bumblebee_auto_refresh.question = Enable Bumblebee auto refresh | ||
| setup.bumblebee_auto_refresh.required = True | ||
| setup.bumblebee_auto_refresh.default = true | ||
| setup.bumblebee_auto_refresh.post_ask_question = mrbob.hooks:to_boolean | ||
| setup.enable_workspace_meeting_feature.question = Enable Workspace meeting feature | ||
| setup.enable_workspace_meeting_feature.required = True | ||
| setup.enable_workspace_meeting_feature.default = true | ||
| setup.enable_workspace_meeting_feature.post_ask_question = mrbob.hooks:to_boolean | ||
| setup.enable_todo_feature.question = Enable ToDo feature | ||
| setup.enable_todo_feature.required = True | ||
| setup.enable_todo_feature.default = true | ||
| setup.enable_todo_feature.post_ask_question = mrbob.hooks:to_boolean | ||
| ianus.db_name.question = Ianus DB Name | ||
| ianus.db_name.required = True | ||
| ianus.db_name.pre_ask_question = opengever.policytemplates.hooks:pre_ianus_db_name | ||
| ianus.db_user.question = Ianus DB User | ||
| ianus.db_user.required = True | ||
| ianus.db_password.question = Ianus DB Password | ||
| ianus.db_password.required = True | ||
| ianus.db_host.question = Ianus DB Host | ||
| ianus.db_host.required = True |
2 changes: 2 additions & 0 deletions
2
opengever/policytemplates/compose_template/opengever.+package.name+/.gitattributes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| *.env filter=sops-dotenv | ||
| *.env diff=sops-diff |
9 changes: 9 additions & 0 deletions
9
opengever/policytemplates/compose_template/opengever.+package.name+/.gitignore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| .DS_Store | ||
| *.mo | ||
| *.pyc | ||
| *.pyo | ||
| /var/ | ||
| .age.key | ||
| compose.yaml | ||
| compose.override.yaml | ||
| .env |
6 changes: 6 additions & 0 deletions
6
opengever/policytemplates/compose_template/opengever.+package.name+/.sops.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| creation_rules: | ||
| - encrypted_regex: "(_SECRET|_PASSWORD|_USER|_BIND_DN|_SECRET_KEY)$" | ||
| mac_only_encrypted: true | ||
| key_groups: | ||
| - age: | ||
| - replace_with_age_public_key |
2 changes: 2 additions & 0 deletions
2
...ever/policytemplates/compose_template/opengever.+package.name+/.tokenauth_keys/.gitignore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| * | ||
| !.gitignore |
28 changes: 28 additions & 0 deletions
28
opengever/policytemplates/compose_template/opengever.+package.name+/bin/setup-sops.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| if ! [ -x "$(command -v sops)" ]; then | ||
| echo 'Error: sops command not found.' >&2 | ||
| exit 1 | ||
| fi | ||
| if ! [ -x "$(command -v age)" ]; then | ||
| echo 'Error: age command not found.' >&2 | ||
| exit 1 | ||
| fi | ||
|
|
||
| root_dir=$(git rev-parse --show-toplevel) | ||
| if [ ! -f "$root_dir/.age.key" ]; then | ||
| if [ -x "$(command -v op)" ]; then | ||
| echo "No age key found. Retrieving from 1Password..." | ||
| repo_name="$(basename $(git remote get-url origin))" | ||
| repo_name="${repo_name%.git}" | ||
| op read "op://SOPS/${repo_name}/notesPlain" -o "${root_dir}/.age.key" | ||
| else | ||
| echo "Error: age key not found." | ||
| exit 1 | ||
| fi | ||
| fi | ||
|
|
||
| git config --local filter.sops-dotenv.clean "./bin/sops-encrypt.sh %f" | ||
| git config --local filter.sops-dotenv.smudge "./bin/sops-decrypt.sh" | ||
| git config --local filter.sops-dotenv.required true | ||
| git config --local diff.sops-diff.textconv cat |
3 changes: 3 additions & 0 deletions
3
opengever/policytemplates/compose_template/opengever.+package.name+/bin/sops-decrypt.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| #!/bin/bash | ||
| export SOPS_AGE_KEY_FILE=$(pwd)/.age.key | ||
| sops --decrypt --input-type dotenv --output-type dotenv /dev/stdin |
14 changes: 14 additions & 0 deletions
14
opengever/policytemplates/compose_template/opengever.+package.name+/bin/sops-encrypt.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| #!/bin/bash | ||
| export SOPS_AGE_KEY_FILE=$(pwd)/.age.key | ||
|
|
||
| INPUT=$(cat) | ||
| ENCRYPTED=$(sops --encrypt --input-type dotenv --output-type dotenv /dev/stdin <<<"${INPUT}") | ||
| CONTENTS=$(git cat-file -p "HEAD:${1}" 2>/dev/null) | ||
| DECRYPTED=$(sops --decrypt --input-type dotenv --output-type dotenv /dev/stdin <<<"${CONTENTS}" 2>/dev/null) | ||
|
|
||
| if [[ -z "${CONTENTS}" || "${DECRYPTED}" != "${INPUT}" ]] | ||
| then | ||
| echo "${ENCRYPTED}" | ||
| else | ||
| echo "${CONTENTS}" | ||
| fi |
Oops, something went wrong.