Merge main into stable/4.0.x. Update 20230822

* commit 'f58d71b82d2dabfe11710b91120f9e9e139c8b65': Add auth-*-key secrets to media (OpenSlides#230) Extend project automation (OpenSlides#227) Fix backendAction secrets (OpenSlides#226) rename env-vars (OpenSlides#225)
peb-adr · Aug 22, 2023 · 77438dc · 77438dc
2 parents e4fc8ef + f58d71b
commit 77438dc
Show file tree

Hide file tree

Showing 13 changed files with 154 additions and 80 deletions.
diff --git a/.github/workflows/project-automation.yml b/.github/workflows/project-automation.yml
@@ -0,0 +1,32 @@
+name: Project automation
+on:
+  workflow_call:
+    inputs:
+      resource_node_id:
+        required: true
+        type: string
+      status_value:
+        required: true
+        type: string
+    secrets:
+      AUTOMATION_APP_ID:
+        required: true
+      AUTOMATION_APP_INSTALLATION_ID:
+        required: true
+      AUTOMATION_APP_PRIVATE_KEY:
+        required: true
+
+jobs:
+  workflow_call:
+    name: Set status
+    runs-on: ubuntu-latest
+    steps:
+      - uses: leonsteinhaeuser/project-beta-automations@v2.1.0
+        with:
+          gh_app_ID: ${{ secrets.AUTOMATION_APP_ID }}
+          gh_app_installation_ID: ${{ secrets.AUTOMATION_APP_INSTALLATION_ID }}
+          gh_app_secret_key: ${{ secrets.AUTOMATION_APP_PRIVATE_KEY }}
+          organization: OpenSlides
+          project_id: 2
+          resource_node_id: ${{ inputs.resource_node_id }}
+          status_value: ${{ inputs.status_value }}
diff --git a/.github/workflows/project-issue-closed.yml b/.github/workflows/project-issue-closed.yml
@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  issues:
+    types:
+      - closed
+
+jobs:
+  issue_closed:
+    name: Issue closed
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.issue.node_id }}
+      status_value: "Done"
diff --git a/.github/workflows/project-issue-opened.yml b/.github/workflows/project-issue-opened.yml
@@ -0,0 +1,15 @@
+name: Project automation
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  issue_opened:
+    name: Issue opened
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.issue.node_id }}
+      status_value: "Backlog"
diff --git a/.github/workflows/project-pull-request-closed.yml b/.github/workflows/project-pull-request-closed.yml
@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - closed
+
+jobs:
+  pull_request_closed:
+    name: Pull request closed
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Done"
diff --git a/.github/workflows/project-pull-request-opened.yml b/.github/workflows/project-pull-request-opened.yml
@@ -0,0 +1,15 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  pull_request_opened:
+    name: Pull request opened
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Work in progress"
diff --git a/.github/workflows/project-pull-request-review-requested.yml b/.github/workflows/project-pull-request-review-requested.yml
@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - review_requested
+
+jobs:
+  pull_request_review_requested:
+    name: Pull request review requested
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Review in progress"
diff --git a/.github/workflows/set-project.yml b/.github/workflows/set-project.yml
diff --git a/pkg/config/default-config.yml b/pkg/config/default-config.yml
@@ -29,11 +29,6 @@ defaultEnvironment:
   DATASTORE_READER_PORT: 9010
   DATASTORE_WRITER_HOST: datastoreWriter
   DATASTORE_WRITER_PORT: 9011
-  DATASTORE_DATABASE_HOST: postgres
-  DATASTORE_DATABASE_PORT: 5432
-  DATASTORE_DATABASE_NAME: openslides
-  DATASTORE_DATABASE_USER: openslides
-  DATASTORE_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
 
   AUTOUPDATE_HOST: autoupdate
   AUTOUPDATE_PORT: 9012
@@ -43,46 +38,45 @@ defaultEnvironment:
 
   VOTE_HOST: vote
   VOTE_PORT: 9013
-  VOTE_DATABASE_HOST: postgres
-  VOTE_DATABASE_PORT: 5432
-  VOTE_DATABASE_NAME: openslides
-  VOTE_DATABASE_USER: openslides
-  VOTE_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
-  VOTE_REDIS_HOST: redis
-  VOTE_REDIS_PORT: 6379
 
   CACHE_HOST: redis
   CACHE_PORT: 6379
-
   MESSAGE_BUS_HOST: redis
   MESSAGE_BUS_PORT: 6379
 
   MEDIA_HOST: media
   MEDIA_PORT: 9006
-  MEDIA_DATABASE_HOST: postgres
-  MEDIA_DATABASE_PORT: 5432
-  MEDIA_DATABASE_NAME: openslides
-  MEDIA_DATABASE_USER: openslides
-  MEDIA_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
-  MEDIA_BLOCK_SIZE: 4096
-  MEDIA_PRESENTER_HOST: backendPresenter
-  MEDIA_PRESENTER_PORT: 9003
 
   ICC_HOST: icc
   ICC_PORT: 9007
-  ICC_REDIS_HOST: redis
-  ICC_REDIS_PORT: 6379
 
   MANAGE_HOST: manage
   MANAGE_PORT: 9008
-  MANAGE_AUTH_PASSWORD_FILE: /run/secrets/manage_auth_password
-  MANAGE_ACTION_HOST: backendManage
+
+  DATABASE_HOST: postgres
+  DATABASE_PORT: 5432
+  DATABASE_NAME: openslides
+  DATABASE_USER: openslides
+  DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
+  MEDIA_DATABASE_HOST: postgres
+  MEDIA_DATABASE_PORT: 5432
+  MEDIA_DATABASE_NAME: openslides
+  MEDIA_DATABASE_USER: openslides
+  MEDIA_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
+  VOTE_DATABASE_HOST: postgres
+  VOTE_DATABASE_PORT: 5432
+  VOTE_DATABASE_NAME: openslides
+  VOTE_DATABASE_USER: openslides
+  VOTE_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
 
   INTERNAL_AUTH_PASSWORD_FILE: /run/secrets/internal_auth_password
+  MANAGE_AUTH_PASSWORD_FILE: /run/secrets/manage_auth_password
+  AUTH_TOKEN_KEY_FILE: /run/secrets/auth_token_key
+  AUTH_COOKIE_KEY_FILE: /run/secrets/auth_cookie_key
+  SUPERADMIN_PASSWORD_FILE: /run/secrets/superadmin
 
   OPENSLIDES_LOGLEVEL: info
   OPENSLIDES_DEVELOPMENT: "false"
-
   SYSTEM_URL: localhost:8000
 
 # You can extend or replace parts of the defaultEnvironment.
@@ -97,6 +91,9 @@ services:
   datastoreReader:
     environment:
       NUM_WORKERS: 8
+  manage:
+    environment:
+      ACTION_HOST: backendManage
 
 # All properties from the "defaults" section are available here.
 #

diff --git a/pkg/config/default-docker-compose.yml b/pkg/config/default-docker-compose.yml
@@ -91,6 +91,7 @@ services:
     secrets:
       - auth_token_key
       - auth_cookie_key
+      - internal_auth_password
       - postgres_password
     {{- with .AdditionalContent }}{{ marshalContent 4 . }}{{- end }}
   {{- end }}
@@ -245,6 +246,7 @@ services:
     secrets:
       - auth_token_key
       - auth_cookie_key
+      - internal_auth_password
     {{- with .AdditionalContent }}{{ marshalContent 4 . }}{{- end }}
   {{- end }}
 
@@ -301,6 +303,8 @@ services:
       - frontend
       - data
     secrets:
+      - auth_token_key
+      - auth_cookie_key
       - postgres_password
     {{- with .AdditionalContent }}{{ marshalContent 4 . }}{{- end }}
   {{- end }}

diff --git a/pkg/initialdata/initialdata.go b/pkg/initialdata/initialdata.go
@@ -5,13 +5,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"path"
 	"strings"
 
 	"github.com/OpenSlides/openslides-manage-service/pkg/connection"
 	"github.com/OpenSlides/openslides-manage-service/pkg/fehler"
 	"github.com/OpenSlides/openslides-manage-service/pkg/setpassword"
-	"github.com/OpenSlides/openslides-manage-service/pkg/setup"
 	"github.com/OpenSlides/openslides-manage-service/pkg/shared"
 	"github.com/OpenSlides/openslides-manage-service/proto"
 	"github.com/spf13/cobra"
@@ -103,7 +101,7 @@ type backendAction interface {
 }
 
 // InitialData sets initial data in the datastore.
-func InitialData(ctx context.Context, in *proto.InitialDataRequest, runPath string, ba backendAction) (*proto.InitialDataResponse, error) {
+func InitialData(ctx context.Context, in *proto.InitialDataRequest, superadminSecretFile string, ba backendAction) (*proto.InitialDataResponse, error) {
 	initialData := in.Data
 	if initialData == nil {
 		// The backend expects at least an empty object.
@@ -133,8 +131,7 @@ func InitialData(ctx context.Context, in *proto.InitialDataRequest, runPath stri
 		return nil, fmt.Errorf("requesting backend action %q: %w", name, err)
 	}
 
-	p := path.Join(runPath, setup.SecretsDirName, setup.SuperadminFileName)
-	if err := SetSuperadminPassword(ctx, p, ba); err != nil {
+	if err := SetSuperadminPassword(ctx, superadminSecretFile, ba); err != nil {
 		return nil, fmt.Errorf("setting superadmin password: %w", err)
 	}
 

diff --git a/pkg/initialdata/initialdata_test.go b/pkg/initialdata/initialdata_test.go
@@ -114,7 +114,8 @@ func TestInitialDataServerAll(t *testing.T) {
 
 	// Run tests
 	t.Run("running the first time", func(t *testing.T) {
-		resp, err := initialdata.InitialData(ctx, in, testDir, ma)
+		p := path.Join(testDir, setup.SecretsDirName, setup.SuperadminFileName)
+		resp, err := initialdata.InitialData(ctx, in, p, ma)
 		if err != nil {
 			t.Fatalf("running InitialData() failed: %v", err)
 		}

diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -29,8 +29,6 @@ import (
 	"google.golang.org/grpc/metadata"
 )
 
-const runDir = "/run"
-
 // Run starts the manage server.
 func Run(cfg *Config) error {
 	logger, err := shared.NewLogger(cfg.OpenSlidesLoglevel)
@@ -105,7 +103,7 @@ func (s *srv) InitialData(ctx context.Context, in *proto.InitialDataRequest) (*p
 		return nil, fmt.Errorf("getting internal auth password from file: %w", err)
 	}
 	a := backendaction.New(s.config.manageBackendActionURL(), pw, backendaction.ActionRoute)
-	return initialdata.InitialData(ctx, in, runDir, a)
+	return initialdata.InitialData(ctx, in, s.config.SuperadminPasswordFile, a)
 
 }
 
@@ -208,23 +206,19 @@ type Config struct {
 	// variables. The first value is the name of the environment variable. After
 	// a comma the default value can be given. If no default value is given, then
 	// an empty string is used. The type of a env field has to be string.
-	Port                   string `env:"MANAGE_PORT,9008"`
-	ManageAuthPasswordFile string `env:"MANAGE_AUTH_PASSWORD_FILE,/run/secrets/manage_auth_password"`
+	Port                     string `env:"MANAGE_PORT,9008"`
+	ManageAuthPasswordFile   string `env:"MANAGE_AUTH_PASSWORD_FILE,/run/secrets/manage_auth_password"`
+	InternalAuthPasswordFile string `env:"INTERNAL_AUTH_PASSWORD_FILE,/run/secrets/internal_auth_password"`
+	SuperadminPasswordFile   string `env:"SUPERADMIN_PASSWORD_FILE,/run/secrets/superadmin"`
 
-	// Hint: The env var for the host is MANAGE_ACTION_HOST but the env vars for
-	// protocol and port don't have the MANAGE_ prefix because the backend
-	// itself does not distiguish between an common backend container and a
-	// manage backend container. So protocol and port are the same for all backend containers.
 	ManageActionProtocol string `env:"ACTION_PROTOCOL,http"`
-	ManageActionHost     string `env:"MANAGE_ACTION_HOST,backendManage"`
+	ManageActionHost     string `env:"ACTION_HOST,backendManage"`
 	ManageActionPort     string `env:"ACTION_PORT,9002"`
 
 	DatastoreReaderProtocol string `env:"DATASTORE_READER_PROTOCOL,http"`
 	DatastoreReaderHost     string `env:"DATASTORE_READER_HOST,datastore-reader"`
 	DatastoreReaderPort     string `env:"DATASTORE_READER_PORT,9010"`
 
-	InternalAuthPasswordFile string `env:"INTERNAL_AUTH_PASSWORD_FILE,/run/secrets/internal_auth_password"`
-
 	OpenSlidesDevelopment string `env:"OPENSLIDES_DEVELOPMENT,0"`
 	OpenSlidesLoglevel    string `env:"OPENSLIDES_LOGLEVEL,info"`
 }