106 lines
3.7 KiB
ReStructuredText
106 lines
3.7 KiB
ReStructuredText
Ozwillo contrib app for SICTIAM
|
|
===============================
|
|
|
|
Install on Debian
|
|
-----------------
|
|
|
|
1. add `hobo.contrib.ozwillo` to INSTALLED_APPS
|
|
|
|
2. copy files from examples/ into /etc/hobo/ozwillo/ (must be readable by all)
|
|
|
|
3. copy following line in /etc/sudoers.d/sictiam::
|
|
|
|
hobo ALL=(ALL:ALL) NOPASSWD: ALL
|
|
|
|
4. set the following variables in `/etc/hobo/settings.d/10_ozwillo.py`:
|
|
|
|
- OZWILLO_SECRET
|
|
- OZWILLO_ENV_DOMAIN (e.g: sictiam.dev.entrouvert.org)
|
|
- OZWILLO_DESTRUCTION_URI
|
|
- OZWILLO_DESTRUCTION_SECRET
|
|
- OZWILLO_PLATEFORM (https://dev.entrouvert.org/projects/sictiam/wiki/Raccordement_OpenID_Connect_%C3%A0_Ozwillo for the values)
|
|
- OZWILLO_SERVICES (use only for the destruction, explained down)
|
|
|
|
Exemple::
|
|
|
|
OZWILLO_DESTRUCTION_SECRET = "mysecret"
|
|
OZWILLO_DESTRUCTION_URI = "https://hobo-sve.test-demarches.sictiam.fr/ozwillo/delete-publik-instance/"
|
|
OZWILLO_ENABLED = True,
|
|
OZWILLO_ENV_DOMAIN = "test-demarches.sictiam.fr"
|
|
OZWILLO_PLATEFORM = "https://accounts.ozwillo-preprod.eu/"
|
|
OZWILLO_SECRET = "myothersecret"
|
|
OZWILLO_SERVICES = {
|
|
"authentic-multitenant": [
|
|
"connexion-",
|
|
"authentic2-multitenant-manage"
|
|
],
|
|
"combo_agent": [
|
|
"agents-",
|
|
"combo-manage"
|
|
],
|
|
"combo_usager": [
|
|
"",
|
|
"combo-manage"
|
|
],
|
|
"fargo": [
|
|
"porte-documents-",
|
|
"fargo-manage"
|
|
],
|
|
"hobo": [
|
|
"hobo-",
|
|
"hobo-manage"
|
|
],
|
|
"passerelle": [
|
|
"passerelle-",
|
|
"passerelle-manage"
|
|
],
|
|
"wcs": [
|
|
"demarches-",
|
|
"wcsctl"
|
|
]
|
|
}
|
|
|
|
Design
|
|
------
|
|
|
|
The views create-publik-instance receive an ozwillo request with some clients
|
|
informations (secret and id), the ozwillo user sending the request, the
|
|
organization name (which is the collectivity's name to deploy) and the
|
|
registration uri (where you're supposed to POST when the job's done).
|
|
|
|
The script modify a template_recipe by replacing every 'instance_name' by the
|
|
actual organization name, and same for the combo user extract (rewritting all
|
|
the url_redirect fields).
|
|
|
|
The script then launch a cook and three commands :
|
|
- the import of the combo user with the modified extract
|
|
- the import of the combo agent
|
|
- a runscript creating a role (same as the one in wcs linked to the form sve
|
|
'agents sve'), a provider (the details are in the page linked for the parameter
|
|
OZWILLO_PLATEFORM) and an admin User in Authentic who is the ozwillo user
|
|
sending the request.
|
|
|
|
In the final acknowledgement response, the script sends a 'services'
|
|
dictionnary for ozillo to set some links and parameters in its backoffice about
|
|
the app deployed).
|
|
|
|
OZWILLO_SERVICES is a dict following this pattern: 'service_user':
|
|
['service_prefix', 'service_command_manager']. E.G::
|
|
|
|
{
|
|
"authentic-multitenant": ["connexion-", "authentic2-multitenant-manage"],
|
|
"combo_agent": ["agents-", "combo-manage"],
|
|
"combo_usager": ["", "combo-manage"],
|
|
"fargo": ["porte-documents-", "fargo-manage"],
|
|
"hobo": ["hobo-", "hobo-manage"],
|
|
"passerelle": ["passerelle-", "passerelle-manage"],
|
|
"wcs": ["demarches-", "wcsctl"]
|
|
}
|
|
|
|
Destruction
|
|
===========
|
|
|
|
For the complete destruction of w.c.s. instances it's necessary that in the
|
|
default skeleton (`/var/lib/wcs/skeletons/export.zip`) the `config.pck` file
|
|
contains a key `postgresql.createdb-connection-params`.
|