Skip to content

Commit

Permalink
408 analytics per tenant (#479)
Browse files Browse the repository at this point in the history
* add ability to determine config.analytics per tenant
co-authored-by: rob <[email protected]>

* add the private key value to the admin settings

* hyrax analytics are off by default.

analytics will be programmatically determined by setting the appropriate values in the admin settings.

* adjust terminology to show that other analytics apps can be used besides google

* readme cleanup. add extra hints to settings page. disable Style/EvalWithLocation rubocop setting for google.rb method

* update other references to google env variables and hyrax analytics implementations

* Update app/services/hyrax/analytics/google.rb

Co-authored-by: Rob Kaufman <[email protected]>

* Update app/services/hyrax/analytics/google.rb

Co-authored-by: Rob Kaufman <[email protected]>

* too overzealous :sweat-smile:

* putting these back. they need to be removed in #482 instead

* rubocop fixes

---------

Co-authored-by: Rob Kaufman <[email protected]>
  • Loading branch information
alishaevn and orangewolf authored May 18, 2023
1 parent 04b2255 commit 80d1aaf
Show file tree
Hide file tree
Showing 8 changed files with 292 additions and 102 deletions.
15 changes: 2 additions & 13 deletions .env
Original file line number Diff line number Diff line change
Expand Up @@ -47,16 +47,5 @@ HYKU_MULTITENANT=true
# allow registered users to create curation concerns (Works, Collections, and FileSets)
HYKU_RESTRICT_CREATE_AND_DESTROY_PERMISSIONS=true

##START## Enable Google Analytics
# Uncomment to enable and configure Google Analytics, see README for instructions.
HYRAX_ANALYTICS=true
GOOGLE_ANALYTICS_ID=see-1pass
GOOGLE_OAUTH_APP_NAME=palni-palci-demo
GOOGLE_OAUTH_APP_VERSION=1.0
GOOGLE_OAUTH_PRIVATE_KEY_SECRET=notasecret
GOOGLE_OAUTH_PRIVATE_KEY_PATH=cred.p12
GOOGLE_OAUTH_CLIENT_EMAIL=[email protected]

# AND comment this out
# HYRAX_ANALYTICS=false
##END## Enable Google Analytics
# Refer to the README for how to configure analytics
HYRAX_ANALYTICS=false
90 changes: 23 additions & 67 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -143,82 +143,45 @@ switch!('myaccount')
```

## Analytics Feature
Hyku currently only supports the configuration of one Google Analytics account for the basic functionality of this feature. Hyku currently only support Google Analytics with the Universal Analytics property for this feature.
Hyku currently only supports Google Analytics with the Universal Analytics property for this feature. An account will need to be established per tenant.

Note: Google has announced they will stop processing data using the Universal Analytics property on July 1, 2023 or July 1, 2024 for Analytics 360 properties.

To enable analytics tracking and reporting features within Hyku, please follow the directions below.
Analytics tracking and reporting features will be turned off by default. To enable them within Hyku, please follow the directions below.

### Setup a Google Analytics Account
### Create the account
#### Google
- Create an Analytics account: https://support.google.com/analytics/answer/10269537?hl=en
- Enable the "Google Analytics API": https://developers.google.com/identity/protocols/oauth2/web-server#enable-apis
- Create a Service Account:
- Create a Service Account:
- https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount
- Please select the p12 format when making your service account key.
- Note the private key secret so we can add as an env variable in the subsequent steps below.
- Configure OAuth 2.0 consent screen: https://support.google.com/cloud/answer/10311615?hl=en&ref_topic=3473162
- Create an OAuth 2.0 Client ID: https://developers.google.com/identity/protocols/oauth2/web-server#creatingcred

### Set the Environment Variables
In Hyku there are a few areas to set the environment variables needed for each of your environments development/staging/prodeuction/etc.
#### Matomo
<!-- TODO -->

- Uncomment the config/analytics.yml file where the below mentioned environment variables will connect to our application.
### Set the Account Settings
This applies to each of your environments: development/staging/production/etc.
Dashboard >> Settings >> Account

```yaml
analytics:
google:
analytics_id: <%= ENV['GOOGLE_ANALYTICS_ID'] %>
app_name: <%= ENV['GOOGLE_OAUTH_APP_NAME'] %>
app_version: <%= ENV['GOOGLE_OAUTH_APP_VERSION'] %>
privkey_path: <%= ENV['GOOGLE_OAUTH_PRIVATE_KEY_PATH'] %>
privkey_secret: <%= ENV['GOOGLE_OAUTH_PRIVATE_KEY_SECRET'] %>
client_email: <%= ENV['GOOGLE_OAUTH_CLIENT_EMAIL'] %>
```
- For local development please see the .env file and see the "Enable Google Analytics" section.
```yaml
##START## Enable Google Analytics
# Uncomment to enable and configure Google Analytics, see README for instructions.
HYRAX_ANALYTICS=true
GOOGLE_ANALYTICS_ID=
GOOGLE_OAUTH_APP_NAME=
GOOGLE_OAUTH_APP_VERSION=
GOOGLE_OAUTH_PRIVATE_KEY_SECRET=n
GOOGLE_OAUTH_PRIVATE_KEY_PATH=prod-cred.p12
GOOGLE_OAUTH_CLIENT_EMAIL=palni-palci-demo@palni-palci-demo.iam.gserviceaccount.com

# AND comment this out
# HYRAX_ANALYTICS=false
##END## Enable Google Analytics
```

- For deployment to staging/production please update/add the variables and values to the helm values files located in the ops directory (example: staging-deploy.tmpl.yaml).

```yaml
- name: GOOGLE_ANALYTICS_ID
value: $GOOGLE_ANALYTICS_ID # Set in GitHub's Environment Secrets
- name: GOOGLE_OAUTH_APP_NAME
value: hyku-demo
- name: GOOGLE_OAUTH_APP_VERSION
value: '1.0'
- name: GOOGLE_OAUTH_PRIVATE_KEY_SECRET
value: $GOOGLE_OAUTH_PRIVATE_KEY_SECRET # Set in GitHub's Environment Secrets
- name: GOOGLE_OAUTH_PRIVATE_KEY_PATH
value: prod-cred.p12 # The p12 file is in root and named `prod-cred.p12`
- name: GOOGLE_OAUTH_PRIVATE_KEY_VALUE
value: $GOOGLE_OAUTH_PRIVATE_KEY_VALUE # Set in GitHub's Environment Secrets
- name: GOOGLE_OAUTH_CLIENT_EMAIL
value: set-me
- name: HYRAX_ANALYTICS
value: 'true'
```
To get the `GOOGLE_OAUTH_PRIVATE_KEY_VALUE` value to set the variable in GitHub's Environment Secrets, you need the path to the p12 file you got from setting up your Google Service Account and run the following in your console locally.
| Name | Description |
| ------------- | ------------- |
| ANALYTICS_ID | The Analytics account id. |
| ANALYTICS_OAUTH_APP_NAME | The name of the application. |
| ANALYTICS_OAUTH_APP_VERSION | The version of application. |
| ANALYTICS_OAUTH_PRIVATE_KEY_SECRET | The secret provided when you created the key. |
| ANALYTICS_OAUTH_PRIVATE_KEY_PATH | The full path to your p12, key file. |
| ANALYTICS_OAUTH_PRIVATE_KEY_VALUE | The value of the p12 file with base64 encryption. |
| ANALYTICS_OAUTH_CLIENT_EMAIL | OAuth Client email address. |

`base64 -i path/to/file.p12 | pbcopy`
- To get the `ANALYTICS_OAUTH_PRIVATE_KEY_VALUE` value, you need the path to the p12 file you got from setting up your Service Account and run the following in your console locally.
- `base64 -i path/to/file.p12 | pbcopy`
- Once you run this script the value is on your local computers clipboard. You will need to paste this into the corresponding account setting.
- You can use the `ANALYTICS_OAUTH_PRIVATE_KEY_VALUE` OR `ANALYTICS_OAUTH_PRIVATE_KEY_PATH` value. VALUE takes precedence.

Once you run this script the value is on your local computers clipboard. You will need to paste this into GitHubs Environment Secrets or however you/your organization are handling secrets.

## Environment Variables

Expand All @@ -237,13 +200,6 @@ Once you run this script the value is on your local computers clipboard. You wil
| FCREPO_PORT | port for the fedora repo | 8080 | no |
| FCREPO_TEST_PORT | Test port for the fedora repo, only if FCREPO_URL is blank | 8986 | yes |
| FCREPO_URL | URL of the fedora repo, including port and prefix, but not repo name. | http://fcrepo:8080/rest | no |
| GOOGLE_ANALYTICS_ID | The Google Analytics account id. Disabled if not set | - | no |
| GOOGLE_OAUTH_APP_NAME | The name of the application. | - | no |
| GOOGLE_OAUTH_APP_VERSION | The version of application. | - | no |
| GOOGLE_OAUTH_PRIVATE_KEY_SECRET | The secret provided by Google when you created the key. | - | no |
| GOOGLE_OAUTH_PRIVATE_KEY_PATH | The full path to your p12, key file. | - | no |
| GOOGLE_OAUTH_PRIVATE_KEY_VALUE | The value of the p12 file with base64 encryption, only set on deployment as that is how we get the p12 file on the server (see bin/web & bin/worker files) | - | no
| GOOGLE_OAUTH_CLIENT_EMAIL | OAuth Client email address. | - | no |
| HYKU_ADMIN_HOST | URL of the admin / proprietor host in a multitenant environment | hyku.test | no |
| HYKU_ADMIN_ONLY_TENANT_CREATION | Restrict signing up a new tenant to the admin | false | no | |
| HYKU_ALLOW_SIGNUP | Can users register themselves on a given Tenant | true | no |
Expand Down
27 changes: 25 additions & 2 deletions app/models/concerns/account_settings.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# frozen_string_literal: true

# All settings have a presedence order as follows
# All settings have a precedence order as follows
# Per Tenant Setting > ENV['HYKU_SETTING_NAME'] > ENV['HYRAX_SETTING_NAME'] > default

module AccountSettings
Expand Down Expand Up @@ -29,6 +29,13 @@ module AccountSettings
setting :google_scholarly_work_types, type: 'array', disabled: true
setting :geonames_username, type: 'string', default: ''
setting :gtm_id, type: 'string'
setting :analytics_id, type: 'string'
setting :analytics_oauth_app_name, type: 'string'
setting :analytics_oauth_app_version, type: 'string'
setting :analytics_oauth_private_key_secret, type: 'string'
setting :analytics_oauth_private_key_path, type: 'string'
setting :analytics_oauth_private_key_value, type: 'string'
setting :analytics_oauth_client_email, type: 'string'
setting :locale_name, type: 'string', disabled: true
setting :monthly_email_list, type: 'array', disabled: true
setting :oai_admin_email, type: 'string', default: '[email protected]'
Expand Down Expand Up @@ -58,7 +65,7 @@ module AccountSettings
class_methods do
def setting(name, args)
known_type = ['array', 'boolean', 'hash', 'string'].include?(args[:type])
raise "Setting type #{args[:type]} is not supported. Can not laod." unless known_type
raise "Setting type #{args[:type]} is not supported. Can not load." unless known_type

send("#{args[:type]}_settings") << name
all_settings[name] = args
Expand Down Expand Up @@ -156,6 +163,8 @@ def reload_library_config
config.uploader[:maxFileSize] = file_size_limit
end

reload_analytics

Devise.mailer_sender = contact_email

if s3_bucket.present?
Expand All @@ -181,4 +190,18 @@ def reload_library_config
ActionMailer::Base.default_url_options ||= {}
ActionMailer::Base.default_url_options[:protocol] = 'https'
end

def reload_analytics
# require the analytics to be set per tenant
Hyrax::Analytics.config.analytics_id = analytics_id
Hyrax::Analytics.config.app_name = analytics_oauth_app_name
Hyrax::Analytics.config.app_version = analytics_oauth_app_version
Hyrax::Analytics.config.privkey_secret = analytics_oauth_private_key_secret
Hyrax::Analytics.config.privkey_path = analytics_oauth_private_key_path
Hyrax::Analytics.config.privkey_value = analytics_oauth_private_key_value
Hyrax::Analytics.config.client_email = analytics_oauth_client_email

# only show analytics partials if analytics are set on the tenant
Hyrax.config.analytics = Hyrax::Analytics.config.valid?
end
end
Loading

0 comments on commit 80d1aaf

Please sign in to comment.