Feature/485 tokenauth setup config

docker/setup_configuration/data.yaml

@@ -1,3 +1,20 @@
+token_tokenauth_config_enable: true
+token_tokenauth:
+  items:
+    - identifier: token-1
+      token: 18b2b74ef994314b84021d47b9422e82b685d82f
+      contact_person: Person 1
+      email: person-1@example.com
+      organization: Organization 1
+      application: Application 1
+      administration: Administration 1
+
+sites_config_enable: true
+sites_config:
+  items:
+    - domain: example.com
+      name: Example site
+
 zgw_consumers_config_enable: true
 zgw_consumers:
   services:

requirements/base.in

@@ -6,6 +6,7 @@ jsonschema
 furl
 
 # Common ground libraries
+django-setup-configuration>=0.4.0
 notifications-api-common[setup-configuration]
 zgw-consumers[setup-configuration]
 mozilla-django-oidc-db[setup-configuration]

src/objects/setup_configuration/models/sites.py

@@ -0,0 +1,17 @@
+from django.contrib.sites.models import Site
+
+from django_setup_configuration.models import ConfigurationModel
+
+
+class SiteConfigurationModel(ConfigurationModel):
+    class Meta:
+        django_model_refs = {
+            Site: (
+                "domain",
+                "name",
+            )
+        }
+
+
+class SitesConfigurationModel(ConfigurationModel):
+    items: list[SiteConfigurationModel]

src/objects/setup_configuration/models/token_auth.py

@@ -0,0 +1,24 @@
+from django_setup_configuration.models import ConfigurationModel
+from pydantic import Field
+
+from objects.token.models import TokenAuth
+
+
+class TokenAuthConfigurationModel(ConfigurationModel):
+    class Meta:
+        django_model_refs = {
+            TokenAuth: (
+                "identifier",
+                "token",
+                "contact_person",
+                "email",
+                "organization",
+                "application",
+                "administration",
+                "is_superuser",
+            )
+        }
+
+
+class TokenAuthGroupConfigurationModel(ConfigurationModel):
+    items: list[TokenAuthConfigurationModel]

src/objects/setup_configuration/steps/sites.py

@@ -0,0 +1,37 @@
+from django.contrib.sites.models import Site
+from django.core.exceptions import ValidationError
+from django.db import IntegrityError
+
+from django_setup_configuration.configuration import BaseConfigurationStep
+from django_setup_configuration.exceptions import ConfigurationRunFailed
+
+from objects.setup_configuration.models.sites import SitesConfigurationModel
+
+
+class SitesConfigurationStep(BaseConfigurationStep):
+    config_model = SitesConfigurationModel
+    verbose_name = "Sites configuration"
+
+    namespace = "sites_config"
+    enable_setting = "sites_config_enable"
+
+    def execute(self, model: SitesConfigurationModel) -> None:
+        for item in model.items:
+            site_kwargs = dict(domain=item.domain, name=item.name)
+            site_instance = Site(**site_kwargs)
+
+            try:
+                site_instance.full_clean(exclude=("id",), validate_unique=False)
+            except ValidationError as exception:
+                exception_message = (
+                    f"Validation error(s) occured for site {item.domain}."
+                )
+                raise ConfigurationRunFailed(exception_message) from exception
+
+            try:
+                Site.objects.update_or_create(
+                    domain=item.domain, defaults=dict(name=item.name)
+                )
+            except IntegrityError as exception:
+                exception_message = f"Failed configuring site {item.domain}."
+                raise ConfigurationRunFailed(exception_message) from exception

src/objects/setup_configuration/steps/token_auth.py

@@ -0,0 +1,72 @@
+import logging
+
+from django.core.exceptions import ValidationError
+from django.db import IntegrityError
+
+from django_setup_configuration.configuration import BaseConfigurationStep
+from django_setup_configuration.exceptions import ConfigurationRunFailed
+
+from objects.setup_configuration.models.token_auth import (
+    TokenAuthGroupConfigurationModel,
+)
+from objects.token.models import TokenAuth
+
+logger = logging.getLogger(__name__)
+
+
+class TokenAuthConfigurationStep(
+    BaseConfigurationStep[TokenAuthGroupConfigurationModel]
+):
+    """
+    Configure tokens for other applications to access Objects API
+    """
+
+    namespace = "token_tokenauth"
+    enable_setting = "token_tokenauth_config_enable"
+
+    verbose_name = "Configuration to set up authentication tokens for objects"
+    config_model = TokenAuthGroupConfigurationModel
+
+    def execute(self, model: TokenAuthGroupConfigurationModel) -> None:
+        for item in model.items:
+            logger.info(f"Configuring {item.identifier}")
+
+            model_kwargs = {
+                "identifier": item.identifier,
+                "token": item.token,
+                "contact_person": item.contact_person,
+                "email": item.email,
+                "organization": item.organization,
+                "application": item.application,
+                "administration": item.administration,
+                "is_superuser": item.is_superuser,
+            }
+
+            token_instance = TokenAuth(**model_kwargs)
+
+            try:
+                token_instance.full_clean(exclude=("id",), validate_unique=False)
+            except ValidationError as exception:
+                exception_message = (
+                    f"Validation error(s) occured for {item.identifier}."
+                )
+                raise ConfigurationRunFailed(exception_message) from exception
+
+            logger.debug(f"No validation errors found for {item.identifier}")
+
+            try:
+                logger.debug(f"Saving {item.identifier}")
+
+                TokenAuth.objects.update_or_create(
+                    identifier=item.identifier,
+                    defaults={
+                        key: value
+                        for key, value in model_kwargs.items()
+                        if key != "identifier"
+                    },
+                )
+            except IntegrityError as exception:
+                exception_message = f"Failed configuring token {item.identifier}."
+                raise ConfigurationRunFailed(exception_message) from exception
+
+            logger.info(f"Configured {item.identifier}")

src/objects/setup_configuration/tests/files/sites_empty_database.yaml

@@ -0,0 +1,8 @@
+sites_config_enable: true
+sites_config:
+  items:
+    - domain: example.com
+      name: Example site
+
+    - domain: alternative.example.com
+      name: Alternative example site

src/objects/setup_configuration/tests/files/sites_existing_sites.yaml

@@ -0,0 +1,8 @@
+sites_config_enable: true
+sites_config:
+  items:
+    - domain: example.com
+      name: Example site (revised)
+
+    - domain: test.example.com
+      name: Test site

src/objects/setup_configuration/tests/files/sites_idempotent_step.yaml

@@ -0,0 +1,8 @@
+sites_config_enable: true
+sites_config:
+  items:
+    - domain: example.com
+      name: Example site
+
+    - domain: alternative.example.com
+      name: Alternative example site

src/objects/setup_configuration/tests/files/sites_invalid_domain.yaml

@@ -0,0 +1,8 @@
+sites_config_enable: true
+sites_config:
+  items:
+    - domain: example.com
+      name: Example site
+
+    - domain: foobar whitespace.com
+      name: Invalid site

src/objects/setup_configuration/tests/files/token_auth_invalid_setup.yaml

@@ -0,0 +1,3 @@
+token_tokenauth_config_enable: true
+token_tokenauth:
+  items:

src/objects/setup_configuration/tests/files/token_auth_valid_setup_complete.yaml

@@ -0,0 +1,20 @@
+token_tokenauth_config_enable: true
+token_tokenauth:
+  items:
+    - identifier: token-1
+      token: 18b2b74ef994314b84021d47b9422e82b685d82f
+      contact_person: Person 1
+      email: person-1@example.com
+      organization: Organization 1
+      application: Application 1
+      administration: Administration 1
+      is_superuser: True
+
+    - identifier: token-2
+      token: e882642bd0ec2482adcdc97258c2e6f98cb06d85
+      contact_person: Person 2
+      email: person-2@example.com
+      organization: Organization 2
+      application: Application 2
+      administration: Administration 2
+      is_superuser: True

src/objects/setup_configuration/tests/files/token_auth_valid_setup_default.yaml

@@ -0,0 +1,12 @@
+token_tokenauth_config_enable: true
+token_tokenauth:
+  items:
+    - identifier: token-1
+      token: 18b2b74ef994314b84021d47b9422e82b685d82f
+      contact_person: Person 1
+      email: person-1@example.com
+
+    - identifier: token-2
+      token: e882642bd0ec2482adcdc97258c2e6f98cb06d85
+      contact_person: Person 2
+      email: person-2@example.com

src/objects/setup_configuration/tests/test_site_config.py

@@ -0,0 +1,100 @@
+from pathlib import Path
+
+from django.contrib.sites.models import Site
+from django.db.models import QuerySet
+from django.test import TestCase
+
+from django_setup_configuration.exceptions import ConfigurationRunFailed
+from django_setup_configuration.test_utils import execute_single_step
+
+from objects.setup_configuration.steps.sites import SitesConfigurationStep
+
+TEST_FILES = (Path(__file__).parent / "files").resolve()
+
+
+class SitesConfigurationStepTests(TestCase):
+    def test_empty_database(self):
+        test_file_path = str(TEST_FILES / "sites_empty_database.yaml")
+
+        execute_single_step(SitesConfigurationStep, yaml_source=test_file_path)
+
+        sites: QuerySet[Site] = Site.objects.all()
+
+        self.assertEqual(sites.count(), 2)
+
+        example_site: Site = sites.get(name="Example site")
+        self.assertEqual(example_site.domain, "example.com")
+
+        alternative_site: Site = sites.get(name="Alternative example site")
+        self.assertEqual(alternative_site.domain, "alternative.example.com")
+
+    def test_existing_sites(self):
+        test_file_path = str(TEST_FILES / "sites_existing_sites.yaml")
+
+        example_site, _ = Site.objects.get_or_create(
+            domain="example.com", defaults=dict(name="Example site")
+        )
+
+        alternative_site = Site.objects.create(
+            domain="alternative.example.com",
+            name="Alternative example site",
+        )
+
+        execute_single_step(SitesConfigurationStep, yaml_source=test_file_path)
+
+        sites: QuerySet[Site] = Site.objects.order_by("name")
+
+        self.assertEqual(sites.count(), 3)
+
+        example_site: Site = sites.get(name="Example site (revised)")
+        self.assertEqual(example_site.domain, "example.com")
+
+        alternative_site: Site = sites.get(name="Alternative example site")
+        self.assertEqual(alternative_site.domain, "alternative.example.com")
+
+        test_site: Site = sites.get(name="Test site")
+        self.assertEqual(test_site.domain, "test.example.com")
+
+    def test_invalid_domain(self):
+        test_file_path = str(TEST_FILES / "sites_invalid_domain.yaml")
+
+        with self.assertRaises(ConfigurationRunFailed):
+            execute_single_step(SitesConfigurationStep, yaml_source=test_file_path)
+
+        sites: QuerySet[Site] = Site.objects.all()
+
+        # the default test site created during test runs
+        self.assertEqual(sites.count(), 1)
+
+        site: Site = sites.get()
+
+        self.assertEqual(site.domain, "example.com")
+
+    def test_idempotent_step(self):
+        test_file_path = str(TEST_FILES / "sites_idempotent_step.yaml")
+
+        execute_single_step(SitesConfigurationStep, yaml_source=test_file_path)
+
+        sites: QuerySet[Site] = Site.objects.all()
+
+        self.assertEqual(sites.count(), 2)
+
+        example_site: Site = sites.get(name="Example site")
+        self.assertEqual(example_site.domain, "example.com")
+
+        alternative_site: Site = sites.get(name="Alternative example site")
+        self.assertEqual(alternative_site.domain, "alternative.example.com")
+
+        execute_single_step(SitesConfigurationStep, yaml_source=test_file_path)
+
+        self.assertEqual(Site.objects.count(), 2)
+
+        example_site.refresh_from_db()
+
+        self.assertEqual(example_site.name, "Example site")
+        self.assertEqual(example_site.domain, "example.com")
+
+        alternative_site.refresh_from_db()
+
+        self.assertEqual(alternative_site.name, "Alternative example site")
+        self.assertEqual(alternative_site.domain, "alternative.example.com")