🏗️(common) replace Django app with SATOSA

We mostly import SATOSA and launch its WSGI app.

.dockerignore

@@ -20,7 +20,6 @@ docs
 *.log
 
 # Development/test cache & configurations
-data
 .cache
 .circleci
 .git

.github/workflows/oidc2fer.yml

@@ -62,7 +62,7 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: src/backend
+        working-directory: src/satosa
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
@@ -73,7 +73,7 @@ jobs:
       - name: Install development dependencies
         run: |
           # Python's xmlsec requirement
-          sudo apt-get update -y -q && sudo apt-get install -y -q libxmlsec1-dev
+          sudo apt-get update -y -q && sudo apt-get install -y -q xmlsec1 libxmlsec1-dev
           pip install --user .[dev]
       - name: Check code formatting with ruff
         run: ~/.local/bin/ruff format . --diff
@@ -86,29 +86,19 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: src/backend
-
-    env:
-      DJANGO_CONFIGURATION: Test
-      DJANGO_SETTINGS_MODULE: oidc2fer.settings
-      DJANGO_SECRET_KEY: ThisIsAnExampleKeyForTestPurposeOnly
-      OIDC_OP_JWKS_ENDPOINT: /endpoint-for-test-purpose-only
+        working-directory: src/satosa
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-      - name: Create writable /data
-        run: |
-          sudo mkdir -p /data/media && \
-          sudo mkdir -p /data/static
       - name: Install Python
         uses: actions/setup-python@v3
         with:
           python-version: '3.11'
       - name: Install development dependencies
         run: |
           # Python's xmlsec requirement
-          sudo apt-get update -y -q && sudo apt-get install -y -q libxmlsec1-dev
+          sudo apt-get update -y -q && sudo apt-get install -y -q xmlsec1 libxmlsec1-dev
           pip install --user .[dev]
       - name: Run tests
-        run: ~/.local/bin/pytest -n 2
+        run: ~/.local/bin/pytest

.gitignore

@@ -47,12 +47,6 @@ env.d/terraform
 # npm
 node_modules
 
-# Mails
-src/backend/core/templates/mail/
-
-# Typescript client
-src/frontend/tsclient
-
 # Swagger
 **/swagger.json
 
@@ -71,9 +65,6 @@ src/frontend/tsclient
 db.sqlite3
 .mypy_cache
 
-# Site media
-/data/
-
 # IDEs
 .idea/
 .vscode/

Dockerfile

@@ -1,5 +1,3 @@
-# Django OIDC2FER
-
 # ---- base image to inherit from ----
 FROM python:3.11-slim-bookworm as base
 
@@ -10,6 +8,7 @@ RUN apt-get update && \
     apt-get install -y \
         pkg-config \
         gcc \
+        xmlsec1 \
         libxml2-dev \
         libxmlsec1-dev \
         libxmlsec1-openssl && \
@@ -24,37 +23,11 @@ FROM base as back-builder
 WORKDIR /builder
 
 # Copy required python dependencies
-COPY ./src/backend /builder
+COPY ./src/satosa /builder
 
 RUN mkdir /install && \
   pip install --prefix=/install .
 
-# ---- static link collector ----
-FROM base as link-collector
-ARG OIDC2FER_STATIC_ROOT=/data/static
-
-# Install rdfind
-RUN apt-get update && \
-    apt-get install -y \
-      rdfind && \
-    rm -rf /var/lib/apt/lists/*
-
-# Copy installed python dependencies
-COPY --from=back-builder /install /usr/local
-
-# Copy oidc2fer application (see .dockerignore)
-COPY ./src/backend /app/
-
-WORKDIR /app
-
-# collectstatic
-RUN DJANGO_CONFIGURATION=Build DJANGO_JWT_PRIVATE_SIGNING_KEY=Dummy \
-    python manage.py collectstatic --noinput
-
-# Replace duplicated file by a symlink to decrease the overall size of the
-# final image
-RUN rdfind -makesymlinks true -followsymlinks true -makeresultsfile false ${OIDC2FER_STATIC_ROOT}
-
 # ---- Core application image ----
 FROM base as core
 
@@ -78,7 +51,7 @@ RUN chmod g=u /etc/passwd
 COPY --from=back-builder /install /usr/local
 
 # Copy oidc2fer application (see .dockerignore)
-COPY ./src/backend /app/
+COPY ./src/satosa /app/
 
 WORKDIR /app
 
@@ -87,8 +60,22 @@ WORKDIR /app
 # ID.
 ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
 
+# ---- Production image ----
+FROM core as production
+
+# Gunicorn
+RUN mkdir -p /usr/local/etc/gunicorn
+COPY docker/files/usr/local/etc/gunicorn/satosa.py /usr/local/etc/gunicorn/satosa.py
+
+# Un-privileged user running the application
+ARG DOCKER_USER
+USER ${DOCKER_USER}
+
+# The default command runs gunicorn WSGI server in satosa's main module
+CMD ["gunicorn", "-c", "/usr/local/etc/gunicorn/satosa.py", "satosa.wsgi:app"]
+
 # ---- Development image ----
-FROM core as development
+FROM production as development
 
 # Switch back to the root user to install development dependencies
 USER root:root
@@ -101,25 +88,3 @@ RUN pip install -e .[dev]
 # Restore the un-privileged user running the application
 ARG DOCKER_USER
 USER ${DOCKER_USER}
-
-# Run django development server
-CMD python manage.py runserver 0.0.0.0:8000
-
-# ---- Production image ----
-FROM core as production
-
-ARG OIDC2FER_STATIC_ROOT=/data/static
-
-# Gunicorn
-RUN mkdir -p /usr/local/etc/gunicorn
-COPY docker/files/usr/local/etc/gunicorn/oidc2fer.py /usr/local/etc/gunicorn/oidc2fer.py
-
-# Un-privileged user running the application
-ARG DOCKER_USER
-USER ${DOCKER_USER}
-
-# Copy statics
-COPY --from=link-collector ${OIDC2FER_STATIC_ROOT} ${OIDC2FER_STATIC_ROOT}
-
-# The default command runs gunicorn WSGI server in oidc2fer's main module
-CMD gunicorn -c /usr/local/etc/gunicorn/oidc2fer.py oidc2fer.wsgi:application

Makefile

@@ -39,35 +39,24 @@ COMPOSE_EXEC_APP    = $(COMPOSE_EXEC) app-dev
 COMPOSE_RUN         = $(COMPOSE) run --rm
 COMPOSE_RUN_APP     = $(COMPOSE_RUN) app-dev
 
-# -- Backend
-MANAGE              = $(COMPOSE_RUN_APP) python manage.py
-
 # ==============================================================================
 # RULES
 
 default: help
 
-data/media:
-	@mkdir -p data/media
-
-data/static:
-	@mkdir -p data/static
-
 # -- Project
 
 create-env-files: ## Copy the dist env files to env files
 create-env-files: \
-	env.d/development/common
+	env.d/development/common \
+	env.d/development/satosa
 .PHONY: create-env-files
 
 bootstrap: ## Prepare Docker images for the project
 bootstrap: \
-	data/media \
-	data/static \
 	create-env-files \
 	build \
-	run \
-	migrate
+	run
 .PHONY: bootstrap
 
 # -- Docker/compose
@@ -122,42 +111,17 @@ lint-pylint: ## lint back-end python sources with pylint only on changed files f
 .PHONY: lint-pylint
 
 test: ## run project tests
-	@$(MAKE) test-back-parallel
+	@$(MAKE) test-back
 .PHONY: test
 
 test-back: ## run back-end tests
 	@args="$(filter-out $@,$(MAKECMDGOALS))" && \
 	bin/pytest $${args:-${1}}
 .PHONY: test-back
 
-test-back-parallel: ## run all back-end tests in parallel
-	@args="$(filter-out $@,$(MAKECMDGOALS))" && \
-	bin/pytest -n auto $${args:-${1}}
-.PHONY: test-back-parallel
-
-superuser: ## Create an admin superuser with password "admin"
-	@echo "$(BOLD)Creating a Django superuser$(RESET)"
-	@$(MANAGE) createsuperuser --email admin@example.com --password admin
-.PHONY: superuser
-
-shell: ## connect to database shell
-	@$(MANAGE) shell #_plus
-.PHONY: dbshell
-
-# -- Database
-
-dbshell: ## connect to database shell
-	docker compose exec app-dev python manage.py dbshell
-.PHONY: dbshell
-
-resetdb: ## flush database and create a superuser "admin"
-	@echo "$(BOLD)Flush database$(RESET)"
-	@$(MANAGE) flush
-	@${MAKE} superuser
-.PHONY: resetdb
-
 env.d/development/common:
 	cp -n env.d/development/common.dist env.d/development/common
+	cp -n env.d/development/satosa.dist env.d/development/satosa
 
 # -- Misc
 clean: ## restore repository state as it was freshly cloned

README.md

@@ -47,17 +47,6 @@ Finally, you can check all available Make rules using:
 $ make help
 ```
 
-### Django admin
-
-You can access the Django admin site at
-[http://localhost:8071/admin](http://localhost:8071/admin).
-
-You first need to create a superuser account:
-
-```bash
-$ make superuser
-```
-
 ## Contributing
 
 This project is intended to be community-driven, so please, do not hesitate to

bin/_config.sh

@@ -84,15 +84,6 @@ function _dc_exec() {
     _docker_compose exec $user_args "$@"
 }
 
-# _django_manage: wrap django's manage.py command with docker compose
-#
-# usage : _django_manage [ARGS...]
-#
-# ARGS : django's manage.py command arguments
-function _django_manage() {
-    _dc_run "app-dev" python manage.py "$@"
-}
-
 # _set_openstack_project: select an OpenStack project from the openrc files defined in the
 # terraform directory.
 #

bin/pylint

@@ -27,12 +27,12 @@ do
 done
 
 if [[ -n "${diff_from}" ]]; then
-    # Run pylint only on modified files located in src/backend
-    # (excluding deleted files and migration files)
+    # Run pylint only on modified files located in src/satosa
+    # (excluding deleted files)
     # shellcheck disable=SC2207
-    paths=($(git diff "${diff_from}" --name-only --diff-filter=d -- src/backend ':!**/migrations/*.py' | grep -E '^src/backend/.*\.py$'))
+    paths=($(git diff "${diff_from}" --name-only --diff-filter=d -- src/satosa | grep -E '^src/satosa/.*\.py$'))
 fi
 
 # Fix docker vs local path when project sources are mounted as a volume
-read -ra paths <<< "$(echo "${paths[@]}" | sed "s|src/backend/||g")"
+read -ra paths <<< "$(echo "${paths[@]}" | sed "s|src/satosa/||g")"
 _dc_run app-dev pylint "${paths[@]}" "${args[@]}"

bin/pytest

@@ -3,6 +3,5 @@
 source "$(dirname "${BASH_SOURCE[0]}")/_config.sh"
 
 _dc_run \
-    -e DJANGO_CONFIGURATION=Test \
     app-dev \
     pytest "$@"

docker-compose.yml

@@ -9,16 +9,12 @@ services:
     image: oidc2fer:development
     environment:
       - PYLINTHOME=/app/.pylint.d
-      - DJANGO_CONFIGURATION=Development
     env_file:
       - env.d/development/common
-    ports:
-      - "8071:8000"
+      - env.d/development/satosa
     volumes:
-      - ./src/backend:/app
-      - ./data/media:/data/media
-      - ./data/static:/data/static
-
+      - ./src/satosa:/app
+
   app:
     build:
       context: .
@@ -27,20 +23,14 @@ services:
         DOCKER_USER: ${DOCKER_USER:-1000}
     user: ${DOCKER_USER:-1000}
     image: oidc2fer:production
-    environment:
-      - DJANGO_CONFIGURATION=Demo
     env_file:
       - env.d/development/common
-    volumes:
-      - ./data/media:/data/media
+      - env.d/development/satosa
 
   nginx:
     image: nginx:1.25
     ports:
+      - "8081:8081"
       - "8082:8082"
-      - "8088:8088"
     volumes:
       - ./docker/files/etc/nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./data/media:/data/media:ro
-    depends_on:
-      - app