Add policy template for Compose deployments

changes/GH-8090.other

@@ -0,0 +1 @@
+Add policy template for Docker Compose deployments. [buchi]

opengever/policytemplates/cli.py

@@ -21,18 +21,30 @@ def run(self):
         args.append('-O')
         args.append(target_dir)
 
-        policy = input("What policy type do you want to create?\n 1: GEVER \n 2: Teamraum\n")
+        policy = input(
+            "What policy type do you want to create?\n"
+            " 1: GEVER (Compose)\n"
+            " 2: Teamraum (Compose)\n"
+            " 3: GEVER (Buildout)\n"
+            " 4: Teamraum (Buildout)\n"
+        )
         if policy == 1:
+            template = 'opengever.policytemplates:compose_template'
             init_file = 'opengever/policytemplates/gever.ini'
         elif policy == 2:
+            template = 'opengever.policytemplates:compose_template'
+            init_file = 'opengever/policytemplates/teamraum.ini'
+        elif policy == 3:
+            template = 'opengever.policytemplates:policy_template'
+            init_file = 'opengever/policytemplates/gever.ini'
+        elif policy == 4:
+            template = 'opengever.policytemplates:policy_template'
             init_file = 'opengever/policytemplates/teamraum.ini'
         else:
             print('Invalid choice')
             sys.exit()
 
-        template = 'opengever.policytemplates:policy_template'
         args.append(template)
-
         args.append('--config={}'.format(init_file))
         if 'opengever.core.testserver.OPENGEVER_TESTSERVER' in remainder:
             remainder.remove('opengever.core.testserver.OPENGEVER_TESTSERVER')

opengever/policytemplates/compose_template/.mrbob.ini

@@ -0,0 +1,256 @@
+[template]
+post_render = opengever.policytemplates.hooks:post_render
+
+[questions]
+package.title.pre_ask_question = opengever.policytemplates.hooks:initialize
+
+package.title.question = Deployment title (e.g. Gemeinde Musterdorf)
+package.title.help = Used as deployment title and package title in readme and setup.py (e.g.  Gemeinde Musterdorf).
+package.title.required = True
+package.title.post_ask_question = opengever.policytemplates.hooks:post_package_title
+
+package.name.question = Package name (e.g. musterdorf)
+package.name.help = 2nd part of package name in "opengever.packagename" (e.g. musterdorf).
+package.name.required = True
+package.name.post_ask_question = opengever.policytemplates.hooks:post_package_name
+
+package.url.question = Git Repository URL
+package.url.help = Example: https://github.com/someorganisation/opengever.musterdorf
+package.url.required = True
+
+base.domain.question = Domain
+base.domain.help = Example: barfuss.domain.tld
+base.domain.required = True
+base.domain.post_ask_question = opengever.policytemplates.hooks:post_base_domain
+
+base.ogds_db_name.question = OGDS DB Name
+base.ogds_db_name.required = True
+
+base.ogds_db_user.question = OGDS DB User
+base.ogds_db_user.default = zope
+base.ogds_db_user.required = True
+
+base.ogds_db_password.question = OGDS DB Password
+base.ogds_db_password.required = True
+
+base.apps_endpoint_url.question = Apps endpoint url
+base.apps_endpoint_url.required = True
+
+base.bumblebee_app_id.question = Bumblebee app id
+base.bumblebee_app_id.required = False
+
+base.bumblebee_secret.question = Bumblebee secret
+base.bumblebee_secret.required = False
+
+base.workspace_secret.question = Workspace secret
+base.workspace_secret.required = False
+
+deployment.mail_domain.question = Mail domain
+deployment.mail_domain.required = True
+
+deployment.mail_from_address.question = Mail from address
+deployment.mail_from.address.required = True
+
+base.server_name.question = Server name
+base.server_name.help = Example: hostname.domain.tld
+base.server_name.required = True
+base.server_name.post_ask_question = opengever.policytemplates.hooks:post_server_name
+
+base.deployment_number.question = Deployment number (e.g. 07)
+base.deployment_number.help = Two digits, e.g. 07
+base.deployment_number.required = True
+
+adminunit.title.question = AdminUnit title
+adminunit.title.required = True
+adminunit.title.post_ask_question = opengever.policytemplates.hooks:post_adminunit_title
+
+adminunit.id.question = AdminUnit id
+adminunit.id.required = True
+adminunit.id.post_ask_question = opengever.policytemplates.hooks:post_adminunit_id
+
+adminunit.abbreviation.question = AdminUnit abbreviation / reference number prefix
+adminunit.abbreviation.required = True
+
+adminunit.public_url.question = AdminUnit public_url
+adminunit.public_url.required = True
+
+adminunit.site_url.question = AdminUnit site_url
+adminunit.site_url.required = True
+
+orgunit.title.question = OrgUnit title
+orgunit.title.required = True
+
+orgunit.id.question = OrgUnit id
+orgunit.id.required = True
+
+deployment.ldap_bind_dn.question = LDAP Bind DN
+deployment.ldap_bind_dn.required = True
+
+deployment.ldap_bind_password.question = LDAP Bind Password
+deployment.ldap_bind_password.required = True
+
+deployment.ldap_ou.question = LDAP ou name
+deployment.ldap_ou.help = The base LDAP ou which contains a Groups and a Users ou. I.e. "ou=CustomerXY,ou=OneGovGEVER,dc=4teamwork,dc=ch"
+deployment.ldap_ou.required = True
+
+orgunit.users_group.question = Users group
+orgunit.users_group.required = True
+
+orgunit.inbox_group.question = Inbox group
+orgunit.inbox_group.required = True
+
+deployment.administrator_group.question = Administrator group
+deployment.administrator_group.required = True
+
+deployment.limited_admin_group.question = Limited admin group
+deployment.limited_admin_group.required = True
+
+deployment.rolemanager_group.question = Rolemanager group
+deployment.rolemanager_group.required = True
+
+deployment.records_manager_group.question = Records Manager group
+deployment.records_manager_group.required = True
+
+deployment.archivist_group.question = Archivist group
+deployment.archivist_group.required = True
+
+setup.use_lenient_dossier_resolver.question = Use lenient dossier resolver
+setup.use_lenient_dossier_resolver.required = True
+setup.use_lenient_dossier_resolver.default = true
+setup.use_lenient_dossier_resolver.post_ask_question = mrbob.hooks:to_boolean
+
+setup.enable_activity_feature.question = Enable activity feature
+setup.enable_activity_feature.required = True
+setup.enable_activity_feature.default = true
+setup.enable_activity_feature.post_ask_question = mrbob.hooks:to_boolean
+
+setup.enable_meeting_feature.question = Enable meeting feature
+setup.enable_meeting_feature.required = True
+setup.enable_meeting_feature.default = false
+setup.enable_meeting_feature.post_ask_question = opengever.policytemplates.hooks:post_enable_meeting_feature
+
+setup.enable_docproperty_feature.question = Enable docproperty feature
+setup.enable_docproperty_feature.required = True
+setup.enable_docproperty_feature.default = true
+setup.enable_docproperty_feature.post_ask_question = mrbob.hooks:to_boolean
+
+setup.nof_templates.question = Number of initial templates
+setup.nof_templates.default = 0
+setup.nof_templates.post_ask_question = opengever.policytemplates.hooks:post_nof_templates
+
+setup.maximum_repository_depth.question = Maximum repository depth
+setup.maximum_repository_depth.post_ask_question = opengever.policytemplates.hooks:post_maximum_repository_depth
+
+setup.reference_prefix_starting_point.question = Reference prefix starting point
+setup.reference_prefix_starting_point.post_ask_question = opengever.policytemplates.hooks:post_reference_prefix_starting_point
+
+setup.reference_number_formatter.question = Reference number formatter (dotted|grouped_by_three|no_client_id_dotted)
+setup.reference_number_formatter.choices = dotted;grouped_by_three;no_client_id_dotted
+setup.reference_number_formatter.choices_case_sensitive = yes
+setup.reference_number_formatter.choices_delimiter = ;
+setup.reference_number_formatter.post_ask_question = opengever.policytemplates.hooks:post_reference_number_formatter
+
+setup.maximum_dossier_depth.question = Maximum dossier depth
+setup.maximum_dossier_depth.post_ask_question = opengever.policytemplates.hooks:post_maximum_dossier_depth
+
+setup.maximum_mail_size.question = Maximum mail size (MB)
+setup.maximum_mail_size.post_ask_question = opengever.policytemplates.hooks:post_maximum_mail_size
+
+setup.preserved_as_paper.question = "Preserved as paper" default
+setup.preserved_as_paper.required = True
+setup.preserved_as_paper.default = true
+setup.preserved_as_paper.post_ask_question = mrbob.hooks:to_boolean
+
+setup.enable_private_folder.question = Enable private folder feature
+setup.enable_private_folder.required = True
+setup.enable_private_folder.default = true
+setup.enable_private_folder.post_ask_question = mrbob.hooks:to_boolean
+
+setup.dossier_templates.question = Enable dossier template feature
+setup.dossier_templates.required = True
+setup.dossier_templates.default = true
+setup.dossier_templates.post_ask_question = mrbob.hooks:to_boolean
+
+setup.ech0147_export.question = Enable ech0147 export feature
+setup.ech0147_export.required = True
+setup.ech0147_export.default = false
+setup.ech0147_export.post_ask_question = mrbob.hooks:to_boolean
+
+setup.ech0147_import.question = Enable ech0147 import feature
+setup.ech0147_import.required = True
+setup.ech0147_import.default = false
+setup.ech0147_import.post_ask_question = mrbob.hooks:to_boolean
+
+setup.officeatwork.question = Enable Office at Work feature
+setup.officeatwork.required = True
+setup.officeatwork.default = false
+setup.officeatwork.post_ask_question = mrbob.hooks:to_boolean
+
+setup.officeconnector_attach.question = Enable Officeconnector attach to Outlook feature
+setup.officeconnector_attach.required = True
+setup.officeconnector_attach.default = true
+setup.officeconnector_attach.post_ask_question = mrbob.hooks:to_boolean
+
+setup.officeconnector_checkout.question = Enable Officeconnector direct checkout and edit feature
+setup.officeconnector_checkout.required = True
+setup.officeconnector_checkout.default = true
+setup.officeconnector_checkout.post_ask_question = mrbob.hooks:to_boolean
+
+setup.repositoryfolder_documents_tab.question = Show documents tab in repository folders
+setup.repositoryfolder_documents_tab.required = True
+setup.repositoryfolder_documents_tab.default = true
+setup.repositoryfolder_documents_tab.post_ask_question = mrbob.hooks:to_boolean
+
+setup.repositoryfolder_tasks_tab.question = Show tasks tab in repository folders
+setup.repositoryfolder_tasks_tab.required = True
+setup.repositoryfolder_tasks_tab.default = true
+setup.repositoryfolder_tasks_tab.post_ask_question = mrbob.hooks:to_boolean
+
+setup.repositoryfolder_proposals_tab.question = Show proposals tab in repository folders
+setup.repositoryfolder_proposals_tab.required = True
+setup.repositoryfolder_proposals_tab.default = true
+setup.repositoryfolder_proposals_tab.post_ask_question = mrbob.hooks:to_boolean
+
+deployment.workspace_creators_group.question = Workspace creators group
+deployment.workspace_creators_group.default = tr_creators
+deployment.workspace_creators_group.required = False
+
+deployment.workspace_users_group.question = Workspace users group
+deployment.workspace_users_group.default = tr_users
+deployment.workspace_users_group.required = False
+
+setup.invitation_group_dn.question = Invitation Group DN
+setup.invitation_group_dn.help = If not set, the OrgUnit's users_group_id is used.
+
+setup.hubspot.question = Enable HubSpot feature
+setup.hubspot.required = True
+setup.hubspot.default = false
+setup.hubspot.post_ask_question = mrbob.hooks:to_boolean
+
+setup.bumblebee_auto_refresh.question = Enable Bumblebee auto refresh
+setup.bumblebee_auto_refresh.required = True
+setup.bumblebee_auto_refresh.default = true
+setup.bumblebee_auto_refresh.post_ask_question = mrbob.hooks:to_boolean
+
+setup.enable_workspace_meeting_feature.question = Enable Workspace meeting feature
+setup.enable_workspace_meeting_feature.required = True
+setup.enable_workspace_meeting_feature.default = true
+setup.enable_workspace_meeting_feature.post_ask_question = mrbob.hooks:to_boolean
+
+setup.enable_todo_feature.question = Enable ToDo feature
+setup.enable_todo_feature.required = True
+setup.enable_todo_feature.default = true
+setup.enable_todo_feature.post_ask_question = mrbob.hooks:to_boolean
+
+ianus.db_name.question = Ianus DB Name
+ianus.db_name.required = True
+ianus.db_name.pre_ask_question = opengever.policytemplates.hooks:pre_ianus_db_name
+
+ianus.db_user.question = Ianus DB User
+ianus.db_user.required = True
+
+ianus.db_password.question = Ianus DB Password
+ianus.db_password.required = True
+
+ianus.db_host.question = Ianus DB Host
+ianus.db_host.required = True

opengever/policytemplates/compose_template/opengever.+package.name+/.gitattributes

@@ -0,0 +1,2 @@
+*.env filter=sops-dotenv
+*.env diff=sops-diff

opengever/policytemplates/compose_template/opengever.+package.name+/.gitignore

@@ -0,0 +1,9 @@
+.DS_Store
+*.mo
+*.pyc
+*.pyo
+/var/
+.age.key
+compose.yaml
+compose.override.yaml
+.env

opengever/policytemplates/compose_template/opengever.+package.name+/.sops.yaml

@@ -0,0 +1,6 @@
+creation_rules:
+  - encrypted_regex: "(_SECRET|_PASSWORD|_USER|_BIND_DN|_SECRET_KEY)$"
+    mac_only_encrypted: true
+    key_groups:
+      - age:
+          - replace_with_age_public_key

opengever/policytemplates/compose_template/opengever.+package.name+/.tokenauth_keys/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

opengever/policytemplates/compose_template/opengever.+package.name+/bin/setup-sops.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+if ! [ -x "$(command -v sops)" ]; then
+  echo 'Error: sops command not found.' >&2
+  exit 1
+fi
+if ! [ -x "$(command -v age)" ]; then
+  echo 'Error: age command not found.' >&2
+  exit 1
+fi
+
+root_dir=$(git rev-parse --show-toplevel)
+if [ ! -f "$root_dir/.age.key" ]; then
+  if [ -x "$(command -v op)" ]; then
+    echo "No age key found. Retrieving from 1Password..."
+    repo_name="$(basename $(git remote get-url origin))"
+    repo_name="${repo_name%.git}"
+    op read "op://SOPS/${repo_name}/notesPlain" -o "${root_dir}/.age.key"
+  else
+    echo "Error: age key not found."
+    exit 1
+  fi
+fi
+
+git config --local filter.sops-dotenv.clean "./bin/sops-encrypt.sh %f"
+git config --local filter.sops-dotenv.smudge "./bin/sops-decrypt.sh"
+git config --local filter.sops-dotenv.required true
+git config --local diff.sops-diff.textconv cat

opengever/policytemplates/compose_template/opengever.+package.name+/bin/sops-decrypt.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+export SOPS_AGE_KEY_FILE=$(pwd)/.age.key
+sops --decrypt --input-type dotenv --output-type dotenv /dev/stdin

opengever/policytemplates/compose_template/opengever.+package.name+/bin/sops-encrypt.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+export SOPS_AGE_KEY_FILE=$(pwd)/.age.key
+
+INPUT=$(cat)
+ENCRYPTED=$(sops --encrypt --input-type dotenv --output-type dotenv /dev/stdin <<<"${INPUT}")
+CONTENTS=$(git cat-file -p "HEAD:${1}" 2>/dev/null)
+DECRYPTED=$(sops --decrypt --input-type dotenv --output-type dotenv /dev/stdin <<<"${CONTENTS}" 2>/dev/null)
+
+if [[ -z "${CONTENTS}" || "${DECRYPTED}" != "${INPUT}" ]]
+then
+  echo "${ENCRYPTED}"
+else
+  echo "${CONTENTS}"
+fi