Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update base image #117

Closed
wants to merge 49 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
720b6e3
pyeudiw conf
peppelinux Jul 21, 2023
eca8166
fix: discovery page and entity configuration endpoint
peppelinux Jul 21, 2023
97feb84
fix: openid4vp backend base_url
peppelinux Jul 21, 2023
3be2e8e
feat: qrcode templates
peppelinux Jul 21, 2023
6c8ecb2
chore: openid4vp backend example conf
peppelinux Jul 23, 2023
ab742d5
feat: added mongodb in pyeudiw backend conf
peppelinux Jul 28, 2023
3d1b93a
feat: aligne pyeudiw backend conf
peppelinux Aug 1, 2023
38f6aa4
chore: alignment of openid4vp backend example with pyeudiw dev branch
peppelinux Aug 5, 2023
dc9629b
chore: pyeudiw backend example update
peppelinux Aug 11, 2023
9567b77
aligned pyeudiw backend assets
peppelinux Aug 18, 2023
e7d5bd1
fix: pyeudiw v0.5.0 alignments
peppelinux Aug 20, 2023
2536386
uwsgi setup nginx and spid idps js
Aug 21, 2023
186001f
chore: uwsgi examples init scripts and nginx improvements
peppelinux Aug 22, 2023
15cc23b
feat: nginx hardening
Sep 5, 2023
dee8a04
eudi small alignments
peppelinux Sep 13, 2023
2ba1bd3
Merge branch 'eudi' of https://github.com/italia/satosa-saml2spid int…
peppelinux Sep 21, 2023
ed02089
uwsgi not truncating long debug messages
peppelinux Sep 21, 2023
766930c
Docker revamping (#90)
Nov 16, 2023
6072f53
fix: compose and and idp button
peppelinux Nov 16, 2023
84c3e7e
fix: spid backend target routing
peppelinux Nov 16, 2023
ffe9067
chore: spid-saml-check animated gif
peppelinux Nov 16, 2023
75dfbed
fix: general configuration and documentation
peppelinux Nov 17, 2023
9ccced7
Merge branch 'master' of https://github.com/italia/Satosa-Saml2Spid i…
peppelinux Nov 17, 2023
5d24cf0
Feat: by clicking on my name, you have a dropdown (#93)
Gartic99 Nov 20, 2023
a70e6c2
Merged PR #81 into EUDI (#94)
Gartic99 Nov 27, 2023
d10df79
Satosa-Saml2Spid/Eudi - Readme Review for initial setup of the enviro…
davidelongo-ey Dec 2, 2023
4135d61
ci: only py3.10 since it will be tested using docker
Dec 2, 2023
74e976d
fix: djangosaml2 example sp templates and conf
peppelinux Dec 5, 2023
e3ca116
chore: README wallet demo
peppelinux Dec 5, 2023
0d6f53b
Merge branch 'eudi' of https://github.com/italia/Satosa-Saml2Spid int…
peppelinux Dec 5, 2023
f790fe8
chore: updated discovery page image
peppelinux Dec 5, 2023
76c65d6
chore: updated discovery page image
peppelinux Dec 5, 2023
682590c
chore: README editorials
peppelinux Dec 5, 2023
691193a
fix: wallet demo animated gif dimensions
peppelinux Dec 5, 2023
24a585b
fix: wallet demo animated gif dimensions
peppelinux Dec 5, 2023
5a843f4
fix: sumamry
peppelinux Dec 5, 2023
d03c902
update CI workflow (Revision 1) (#96)
davidelongo-ey Dec 6, 2023
4ad448e
ADD django_sp in Docker-compose and revisited CI workflow (#97)
davidelongo-ey Dec 19, 2023
9bf36a2
feat: qrcode loaded by client (#98)
Gartic99 Dec 19, 2023
c9a9b54
Remove `apply_conf.sh` script (#103)
salvatorelaiso Jan 22, 2024
f1f4f29
Add in "External references" readme section the reference of pyeudiw …
davidelongo-ey Jan 22, 2024
851e899
Merge branch 'master' into eudi
Jan 23, 2024
396fc1f
Fixes pre release 0.8.0 (#105)
Gartic99 Jan 24, 2024
267ff8d
Fix CI pre-release (#107)
salvatorelaiso Jan 24, 2024
995f62c
fix: healthcheck
Feb 1, 2024
f17340c
fix: revert `pyeudiw` to PyPI distributed one
Feb 1, 2024
1efc35f
fix: update Satosa base to Alpine 3.19.1
Feb 1, 2024
aa85cce
fix: update Django base to Alpine 3.19.1
Feb 1, 2024
f454232
fix: automatic packages lib folder linking
Feb 6, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 2 additions & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
*
# Add exception for the directories you actually want to include in the context
!example
!example_sp
!requirements.txt
!oids.conf
!build_spid_certs.sh
!build_spid_certs.sh
48 changes: 20 additions & 28 deletions .github/workflows/python-app.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ name: Satosa-Saml2Spid

on:
push:
branches: [ master, dev ]
branches: [ master, dev, eudi ]
pull_request:
branches: [ master, dev ]
branches: [ master, dev, eudi ]

jobs:
build:
Expand All @@ -18,64 +18,56 @@ jobs:
fail-fast: false
matrix:
python-version:
- '3.9'
- '3.10'
- '3.11'

steps:
- uses: actions/checkout@v3
- name: Install xmlsec1
run: sudo apt-get install -y xmlsec1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install system dependencies
run: |
sudo apt update
sudo apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
pip install -r example_sp/djangosaml2_sp/requirements.txt
pip install spid-sp-test>=1.2.8
pip install flake8
pip install satosa_oidcop>=1.0
- name: Lint with flake8
run: |
## stop the build if there are Python syntax errors or undefined names
flake8 --count --select=E9,F63,F7,F82 --show-source --statistics example
## exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 --max-line-length 120 --count --exit-zero --statistics example
- name: run djangosaml2 SP
- name: Create docker-example folder
run: |
cd example_sp/djangosaml2_sp/
bash run.sh &
sleep 5
mkdir -p docker-example
cp -r example/. docker-example
- name: docker compose
run: |
cd Docker-compose
./run-docker-compose.sh
docker ps -a
- name: djangosaml2 SP metadata to Proxy
run: |
wget http://localhost:8000/saml2/metadata -O example/metadata/sp/djangosaml2_sp.xml
- name: run satosa-saml2spid
run: |
cd example
cd docker-example
mkdir -p metadata/idp
mkdir -p metadata/sp
export SATOSA_APP=`python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])'`
uwsgi --wsgi-file $SATOSA_APP/satosa/wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 &
sleep 5
- name: Metadata proxy to djangosaml2 SP
run: |
wget --no-check-certificate https://localhost:10000/Saml2IDP/metadata -O example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml
wget --no-check-certificate https://localhost/Saml2IDP/metadata -O example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml
- name: spid-sp-test SPID metadata, requests and responses
run: |
cd example
cd docker-example
spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml
spid_sp_test --metadata-url https://localhost:10000/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr
spid_sp_test --metadata-url https://localhost/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr
- name: spid-sp-test CIE id metadata
run: |
cd example
spid_sp_test --profile cie-sp-public --metadata-url https://localhost:10000/cieSaml2/metadata
cd docker-example
spid_sp_test --profile cie-sp-public --metadata-url https://localhost/cieSaml2/metadata
- name: spid-sp-test eIDAS FiCEP metadata
run: |
cd example
spid_sp_test --profile ficep-eidas-sp --metadata-url https://localhost:10000/spidSaml2/metadata
cd docker-example
spid_sp_test --profile ficep-eidas-sp --metadata-url https://localhost/spidSaml2/metadata
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,4 @@ example/private/*
*pyFF_example/entities
example_sp/djangosaml2_sp/sqlite3.db
project/*
docker-example/*
1 change: 1 addition & 0 deletions compose-Satosa-Saml2Spid/.env → Docker-compose/.env
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
MONGO_DBUSER=satosa
MONGO_DBPASSWORD=thatpassword
HOSTNAME=localhost
KEYS_FOLDER=./pki
117 changes: 117 additions & 0 deletions Docker-compose/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
# Docker Compose

## Table of Contents

1. [What do you need?](#what-do-you-need?)
2. [Run the composition](#run-the-composition)
3. [Stop the composition](#stop-the-composition)
4. [Remove/Delete volumes](#remove/delete-volumes)
5. [Demo data](#demo-data)
6. [Env file](#env-file)
7. [docker-compose.yml](#docker-compose.yml)

## Requirements

In order to execute the run script you need:

* jq
* docker-compose

Installation example in Ubuntu:

```
sudo apt install jq docker-compose
```

For docker-compose you can also [see here](https://docs.docker.com/compose/install/other/).

## Run the composition

Copy the folder `example` to `docker-example` and do your configuration.

### Start the Compose

Execute the run script for the first time:

```
./run-docker-compose.sh
```

The following docker volumes are created, if they doesn't exist yet:

* satosa-saml2spid_nginx_certs
* satosa-saml2spid_mongodata

The *satosa-saml2spid_nginx_certs* is populated with data from [nginx/certs/](nginx/certs)`,
*satosa-saml2spid_mongodata* is populated by MongoDB container with its storage.

After having executed the docker compose you can see the logs of the running containers:
```
docker-compose -f docker-compose.yml logs -f
```

After the first run, you can start the docker compose with the run script or by this commands:

```
docker-compose pull; docker-compose down -v; docker-compose up -d; docker-compose logs -f
```
### Where is your data?

Command:

```
docker volume ls
```

Output:

```
DRIVER VOLUME NAME
local satosa-saml2spid_mongodata
local satosa-saml2spid_nginx_certs
```

In RedHat and Ubuntu based OS the Docker volumes directory is at:

```
# ls -1 /var/lib/docker/volumes/
satosa-saml2spid_mongodata
satosa-saml2spid_nginx_certs
```

## Stop the composition

```
./stop-docker-compose.sh
```

This script stops all containers of the composition and detaches the volumes, but keeps the data on the persistent volumes.

## Remove/Delete volumes

If you want to start from scratch, or just clear all persistent data, just run the following script:

```
./rm-persistent-volumes.sh
```

First, the containers of the composition are stopped and the volumes are detached.

Then you are asked if you want to delete the volumes and if you answer yes, you have to confirm volume by volume.

## Demo data

Demo data for a test client are inserted into the DB during the first run of the composition.

See [mongo readme](../README.mongo.md) to have some example of demo data.

## Env file

```
# cat .env
MONGO_DBUSER=satosa
MONGO_DBPASSWORD=thatpassword
HOSTNAME=localhost
```

See [mongo readme](../README.mongo.md) for explanation of environment variables of MongoDB.
165 changes: 165 additions & 0 deletions Docker-compose/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
version: '3'
services:
satosa-mongo:
image: mongo
container_name: satosa-mongo
restart: always
environment:
MONGO_INITDB_DATABASE: oidcop
MONGO_INITDB_ROOT_USERNAME: "${MONGO_DBUSER}"
MONGO_INITDB_ROOT_PASSWORD: "${MONGO_DBPASSWORD}"
volumes:
- mongodata:/data/db
- /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
- ./mongo/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh
ports:
- '27017-27019:27017-27019'
networks:
- satosa-saml2spid

satosa-mongo-express:
image: mongo-express
container_name: satosa-mongo-express
restart: always
ports:
- 8082:8081
environment:
ME_CONFIG_BASICAUTH_USERNAME: satosauser
ME_CONFIG_BASICAUTH_PASSWORD: satosapw
ME_CONFIG_MONGODB_ADMINUSERNAME: "${MONGO_DBUSER}"
ME_CONFIG_MONGODB_ADMINPASSWORD: "${MONGO_DBPASSWORD}"
ME_CONFIG_MONGODB_URL: mongodb://${MONGO_DBUSER}:${MONGO_DBPASSWORD}@satosa-mongo:27017/
networks:
- satosa-saml2spid
## START: PARTE NUOVA
django_sp:
build:
context: ../
args:
- NODE_ENV=local
dockerfile: example_sp/django.Dockerfile
container_name: django_sp
#restart: always
working_dir: /django_sp
entrypoint: "sh ../entrypoint.sh"
volumes:
- /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
- ../example_sp/djangosaml2_sp:/django_sp:rw
ports:
- "8000:8000"
networks:
- satosa-saml2spid
## END: PARTE NUOVA
satosa-saml2spid:
#image: ghcr.io/italia/satosa-saml2spid:latest
#image: satosa-saml2spid:latest
build:
context: ../
args:
- NODE_ENV=local
dockerfile: satosa.Dockerfile
container_name: satosa-saml2spid
depends_on:
- satosa-mongo
environment:
- BASE_DIR=/satosa_proxy
- SATOSA_BY_DOCKER=1

- SATOSA_BASE=https://$HOSTNAME
- SATOSA_BASE_STATIC=https://$HOSTNAME/static
- SATOSA_DISCO_SRV=https://$HOSTNAME/static/disco.html
- SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=https://$HOSTNAME/static/error_page.html

- MONGODB_PASSWORD=${MONGO_DBPASSWORD}
- MONGODB_USERNAME=${MONGO_DBUSER}

- SATOSA_CONTACT_PERSON_EMAIL_ADDRESS=support.example@organization.org
- SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER=+3906123456789
- SATOSA_CONTACT_PERSON_FISCALCODE=01234567890
- SATOSA_CONTACT_PERSON_GIVEN_NAME=Name
- SATOSA_CONTACT_PERSON_IPA_CODE=ispra_rm
- SATOSA_CONTACT_PERSON_MUNICIPALITY=H501
- SATOSA_ENCRYPTION_KEY=CHANGE_ME!

- SATOSA_ORGANIZATION_DISPLAY_NAME_EN=Resource provided by Example Organization
- SATOSA_ORGANIZATION_DISPLAY_NAME_IT=Resource provided by Example Organization
- SATOSA_ORGANIZATION_NAME_EN=Resource provided by Example Organization
- SATOSA_ORGANIZATION_NAME_IT=Resource provided by Example Organization
- SATOSA_ORGANIZATION_URL_EN=https://example_organization.org
- SATOSA_ORGANIZATION_URL_IT=https://example_organization.org
- SATOSA_PRIVATE_KEY=${KEYS_FOLDER}/privkey.pem
- SATOSA_PUBLIC_KEY=${KEYS_FOLDER}/cert.pem
- SATOSA_SALT=CHANGE_ME!
- SATOSA_STATE_ENCRYPTION_KEY=CHANGE_ME!
- SATOSA_UI_DESCRIPTION_EN=Resource description
- SATOSA_UI_DESCRIPTION_IT=Resource description
- SATOSA_UI_DISPLAY_NAME_EN=Resource Display Name
- SATOSA_UI_DISPLAY_NAME_IT=Resource Display Name
- SATOSA_UI_INFORMATION_URL_EN=https://example_organization.org/information_url_en
- SATOSA_UI_INFORMATION_URL_IT=https://example_organization.org/information_url_en
- SATOSA_UI_LOGO_HEIGHT=60
- SATOSA_UI_LOGO_URL=https://example_organization.org/logo.png
- SATOSA_UI_LOGO_WIDTH=80
- SATOSA_UI_PRIVACY_URL_EN=https://example_organization.org/privacy_en
- SATOSA_UI_PRIVACY_URL_IT=https://example_organization.org/privacy_en
- SATOSA_USER_ID_HASH_SALT=CHANGE_ME!
- SATOSA_REQUESTED_ATTRIBUTES=[]

- GET_IDEM_MDQ_KEY=true
expose:
- 10000
ports:
- "10000:10000"
volumes:
- /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
- ../docker-example:/satosa_proxy:rw
working_dir: /satosa_proxy
entrypoint: "sh entrypoint.sh"
networks:
- satosa-saml2spid
healthcheck:
test: wget -O - https://satosa-nginx/Saml2IDP/metadata --no-check-certificate || exit 1
interval: 30s
retries: 10
start_period: 30s
timeout: 30s

satosa-nginx:
image: nginx:alpine
container_name: satosa-nginx
depends_on:
- satosa-saml2spid
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf_uwsgi_pass:/etc/nginx/nginx.conf:ro
- ./nginx/50x.html:/usr/share/nginx/html/50x.html:ro
- ./nginx/404.html:/usr/share/nginx/html/404.html:ro
- ./nginx/403.html:/usr/share/nginx/html/403.html:ro
- nginx_certs:/etc/nginx/certs:ro
- ../docker-example/static:/var/www/html
networks:
- satosa-saml2spid

spid-samlcheck:
image: italia/spid-saml-check
container_name: spid-samlcheck
ports:
- "8443:8443"
networks:
- satosa-saml2spid

volumes:

mongodata:
name: satosa-saml2spid_mongodata
external: true

nginx_certs:
name: satosa-saml2spid_nginx_certs
external: true

networks:
satosa-saml2spid:
name: satosa-saml2spid
File renamed without changes.
File renamed without changes.
File renamed without changes.
Loading
Loading