entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 16 Releases Activity

ozwillo: improve README.txt (#18785) 

- give a clear installation procedure.
- improve formatting.
This commit is contained in:
Benjamin Dauvergne 2017-09-19 12:11:20 +02:00
parent 84e96dc891
commit 0eb9d90fc7
2 changed files with 98 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
hobo/contrib/ozwillo/README.rst Normal file
View File

@ -0,0 +1,98 @@
Ozwillo contrib app for SICTIAM
===============================
Install on Debian
-----------------
1. add `hobo.contrib.ozwillo` to INSTALLED_APPS
2. copy files from examples/ into /etc/hobo/ozwillo/ (must be readable by all)
3. copy following line in /etc/sudoers.d/sictiam::
hobo ALL=(ALL:ALL) NOPASSWD: ALL
4. set the following variables in `/etc/hobo/settings.py`:
- OZWILLO_SECRET
- OZWILLO_ENV_DOMAIN (e.g: sictiam.dev.entrouvert.org)
- OZWILLO_DESTRUCTION_URI
- OZWILLO_DESTRUCTION_SECRET
- OZWILLO_PLATEFORM (https://dev.entrouvert.org/projects/sictiam/wiki/Raccordement_OpenID_Connect_%C3%A0_Ozwillo for the values)
- OZWILLO_SERVICES (use only for the destruction, explained down)
Exemple::
OZWILLO_DESTRUCTION_SECRET = "mysecret"
OZWILLO_DESTRUCTION_URI = "https://hobo-sve.test-demarches.sictiam.fr/ozwillo/delete-publik-instance/"
OZWILLO_ENABLED = True,
OZWILLO_ENV_DOMAIN = "test-demarches.sictiam.fr"
OZWILLO_PLATEFORM = "https://accounts.ozwillo-preprod.eu/"
OZWILLO_SECRET = "myothersecret"
OZWILLO_SERVICES = {
"authentic-multitenant": [
"connexion-",
"authentic2-multitenant-manage"
],
"combo_agent": [
"agents-",
"combo-manage"
],
"combo_usager": [
"",
"combo-manage"
],
"fargo": [
"porte-documents-",
"fargo-manage"
],
"hobo": [
"hobo-",
"hobo-manage"
],
"passerelle": [
"passerelle-",
"passerelle-manage"
],
"wcs-au-quotidien": [
"demarches-",
"wcsctl"
]
}
Design
------
The views create-publik-instance receive an ozwillo request with some clients
informations (secret and id), the ozwillo user sending the request, the
organization name (which is the collectivity's name to deploy) and the
registration uri (where you're supposed to POST when the job's done).
The script modify a template_recipe by replacing every 'instance_name' by the
actual organization name, and same for the combo user extract (rewritting all
the url_redirect fields).
The script then launch a cook and three commands :
- the import of the combo user with the modified extract
- the import of the combo agent
- a runscript creating a role (same as the one in wcs linked to the form sve
'agents sve'), a provider (the details are in the page linked for the parameter
OZWILLO_PLATEFORM) and an admin User in Authentic who is the ozwillo user
sending the request.
In the final acknowledgement response, the script sends a 'services'
dictionnary for ozillo to set some links and parameters in its backoffice about
the app deployed).
OZWILLO_SERVICES is a dict following this pattern: 'service_user':
['service_prefix', 'service_command_manager']. E.G::
{
"authentic-multitenant": ["connexion-", "authentic2-multitenant-manage"],
"combo_agent": ["agents-", "combo-manage"],
"combo_usager": ["", "combo-manage"],
"fargo": ["porte-documents-", "fargo-manage"],
"hobo": ["hobo-", "hobo-manage"],
"passerelle": ["passerelle-", "passerelle-manage"],
"wcs-au-quotidien": ["demarches-", "wcsctl"]
}

34
hobo/contrib/ozwillo/README.txt
View File

@ -1,34 +0,0 @@
To run this plugin well, you have to set some files in /etc/hobo/ozwillo :
- the files are in the folder examples. (don't forget to replace the instance name in the combo import-site-template.json by 'instance_name').
- it's a common recipe for your publik, and two extracts of user and agent combo.
- hobo has to be in the sudoers
You have to set several var in a settings.json too :
-OZWILLO_SECRET
-OZWILLO_ENV_DOMAIN (e.g: sictiam.dev.entrouvert.org)
-OZWILLO_DESTRUCTION_URI
-OZWILLO_DESTRUCTION_SECRET
-OZWILLO_PLATEFORM (https://dev.entrouvert.org/projects/sictiam/wiki/Raccordement_OpenID_Connect_%C3%A0_Ozwillo for the values)
-OZWILLO_SERVICES (use only for the destruction, explained down)
And finally you have to enable in INSTALLED_APPS hobo.contrib.ozwillo.
The views create-publik-instance receive an ozwillo request with some clients informations (secret and id), the ozwillo user sending the request, the organization name (which is the collectivity's name to deploy) and the registration uri (where you're supposed to POST when the job's done).
The script modify a template_recipe by replacing every 'instance_name' by the actual organization name, and same for the combo user extract (rewritting all the url_redirect fields).
The script then launch a cook and three commands :
- the import of the combo user with the modified extract
- the import of the combo agent
- a runscript creating a role (same as the one in wcs linked to the form sve 'agents sve'), a provider (the details are in the page linked for the parameter OZWILLO_PLATEFORM) and an admin User in Authentic who is the ozwillo user sending the request.
In the final acknolegment response, the script sends a 'services' dictionnary for ozillo to set some links and parameters in its backoffice about the app deployed).
OZWILLO_SERVICES is a dict following this pattern: 'service_user': ['service_prefix', 'service_command_manager']. E.G:
{
"authentic-multitenant": ["connexion-", "authentic2-multitenant-manage"],
"combo_agent": ["agents-", "combo-manage"],
"combo_usager": ["", "combo-manage"],
"fargo": ["porte-documents-", "fargo-manage"],
"hobo": ["hobo-", "hobo-manage"],
"passerelle": ["passerelle-", "passerelle-manage"],
"wcs-au-quotidien": ["demarches-", "wcsctl"]
}