Commit Graph

47 Commits

Author SHA1 Message Date
Fabre Florian 09c687878d WIP📝(backend) add documentation
Add documentation for env & Find+Docs configuration in dev mode
Add documentation for release

Signed-off-by: Fabre Florian <ffabre@hybird.org>
2025-10-13 10:37:01 +02:00
Fabre Florian 43265acf36 🔧(backend) query of a part of a word return results
Improve opensearch query in order to find parts of a word in the documents
(e.g: "bee" will match bee, beehive, beetle, beer, etc...)

Signed-off-by: Fabre Florian <ffabre@hybird.org>
2025-10-10 14:47:31 +02:00
Fabre Florian 79208765c9 🔧(backend) skip token claims validation in development mode
The previous commit has allowed to run Docs and Find projects
stacks together with a tweak : Find must use the keycloak OIDC
endpoints of Docs on the 'nginx' domain for ResourceServer authentication
and introspection.

This configuration broke the OIDC token claims validation because the iss
from the token of the 'impress' user is 'localhost' and not 'nginx'.

To fix it in deveolopment mode we add a OIDC_RS_VERIFY_CLAIMS setting that
controls the token claims validation in FinderResourceServerBackend:
 - Enabled by default
 - Forced in production mode

Signed-off-by: Fabre Florian <ffabre@hybird.org>
2025-10-08 18:03:05 +02:00
Fabre Florian 15f58e68c8 🔧(backend) setup Find app dockers to work with Docs
Populate a service configuration "docs" for development.
Move OIDC endpoints to the "impress" realm to allow introspection
of Docs tokens.
Upgrade version of dependencies (fix some security issues).

Signed-off-by: Fabre Florian <ffabre@hybird.org>
2025-10-08 18:03:05 +02:00
Fabre Florian 0dd513a4d3 (backend) improve unit tests
Add tests for schema validation
Use strict list comparison in some search access control tests

Signed-off-by: Fabre Florian <ffabre@hybird.org>
2025-10-02 15:51:27 +02:00
Fabre Florian 7c2a60eb6f (backend) setup search api view as OIDC resource server
New fulltext search view for indexed documents with OIDC authentication
Extract token information through introspection to get the audience & user info
Limit access to documents :
 - public & authenticated with linkreach to the user
 - owned by the user
Check intersection between the allowed services linked to the
audience/client_id and the requested ones.

Signed-off-by: Fabre Florian <ffabre@hybird.org>
2025-09-23 10:00:45 +02:00
Fabre Florian 23c4412114 (views) be a bit more permissive for indexable document content
In indexation view, raise a validation error only when both the
title & content of a document are empty.

Signed-off-by: Fabre Florian <ffabre@hybird.org>
2025-09-15 10:00:26 +02:00
Samuel Paccoud - DINUM fec8c375a2 (views) add tests for access control for an authenticated user
The implementation is partial and fakes resource server but we can
already test the filtering logic in OpenSearch.
2025-08-07 18:22:00 +02:00
Samuel Paccoud - DINUM 3cb3bf3d8f ♻️(schema) stop forcing users to be uuid (represented by a sub)
The list of users allowed to access a document is a sub and is
not guaranteed to be a UUID.
2025-08-07 18:22:00 +02:00
Samuel Paccoud - DINUM b8b335d724 ♻️(views) split views in 2 urls: /index and /search
We need to make a POST to search documents so that we can post a
list of documents the current user has already "visited" This is
necessary to limited the number of documents we return among the
ones available to any authenticated or anonymous user.
2025-08-07 18:22:00 +02:00
Samuel Paccoud - DINUM 89923e694b (schema) add fields to the document
We need to index the tree structure information as well as an
active field that can be set to False when the item is deleted on
the remote service. We could delete the item from our search index
but it is safer to keep all documents synchronized and not only
those which are not deleted.
2025-08-07 17:42:02 +02:00
Samuel Paccoud - DINUM 6b80aa280a (backend) allow passing list of indices via the query string
The client should be able to choose on which indices, among those
to which it has access (check to be added later), the query should
run.
2025-08-05 22:56:41 +02:00
Samuel Paccoud - DINUM c8d1af667c 🧑‍💻(backend) simplify index name by using service name
We added a "find-" prefix for no good reason.
2025-08-05 22:54:53 +02:00
Samuel Paccoud - DINUM 5242417738 🧑‍💻(backend) rename Reach enum class to ReachEnum
enums.Reach was a bit too similar to enums.REACT
2025-08-05 22:54:53 +02:00
Samuel Paccoud - DINUM 7eaa284357 ⬆️(backend) replace "check" by "condition" in CheckConstraint
This change is required before upgrading to Django 6.0
2025-08-05 22:54:53 +02:00
Samuel Paccoud - DINUM d48c837c3e ♻️(backend) pass full service object as request.auth
We were passing the service name which is not what is expected on
this request property.
2025-08-05 16:34:32 +02:00
Samuel Paccoud - DINUM 51dee6475b 🧑‍💻(compose) allow connecting to find from another compose project
We need to connect to find from the app container of another project
that wants to index documents to our index. This requires sharing a
common network and exposing our app on it with a service name that
does not clash with the other project.
2025-07-19 19:08:01 +02:00
Samuel Paccoud - DINUM d8050bf63d 🧑‍💻(compose) allow running in parallel to other lasuite projects
While developping, we need to run find along other projects that
want to index documents to our index. For the two projects to run
along side each other, we need to avoid port conflicts.
2025-07-19 19:05:53 +02:00
Samuel Paccoud - DINUM e31cf57bcd ♻️(schemas) replace "is_public" field by "reach"
documents can be published under one of three reaches:
- public: anybody can see them
- authenticated: only logged-in users can see them
- restricted: only users listed in the "users" field or belonging
  to a group listed in the "groups" field can see them.
2025-07-19 19:04:39 +02:00
Manuel Raynaud f3fa0eca0c 🔖(helm) upgrade chart to version 0.0.2
We added new features to the helm chart. In order to use them we have to
release a new version.
2025-01-27 11:27:50 +01:00
Manuel Raynaud 234cc23b5e 🔧(helm) add annotations on job to force to replace them
A job can not be updated, to resolve this, we can add the argocd
annotation that will replace and force to recreate the jobs.
2025-01-27 11:10:12 +01:00
Manuel Raynaud abc0b772ef 🔧(actions) remove notify argocd action
The notify argocd steps is not used and can be removed.
2025-01-15 11:53:29 +01:00
Manuel Raynaud 460ba8d337 ♻️(helm) make some jobs optional and with a more unique name
The create superuser job should be optional. This job should not be
deployed every time, just when we want. Also, a job can not be patch, so
we have to change its name between version, like for the migrate command
that should be trigger when the appVersion or the chart version is
changing.
2025-01-15 11:53:29 +01:00
Manuel Raynaud cfe59dc986 🔧(back) redefine logging in production environment
The logging settings was not redefined leading to loosing logs in
production. This settings is changed to handle logs on the console
2025-01-15 10:19:55 +01:00
Manuel Raynaud faa4d0ac92 🔧(back) configure settings to detect current hostname in ALLOWED_HOSTS
In the ALLOWED_HOSTS settings we want to detect the current hostname and
allow it.
2025-01-14 16:13:00 +01:00
Manuel Raynaud 4fa36f0381 🔧(action) use helm chart master branch action 2025-01-14 10:23:44 +01:00
Manuel Raynaud 7674f8aae9 🔧(actions) allow override release in chart action 2025-01-14 10:13:05 +01:00
Manuel Raynaud e7ac83340f 🔧(action) allow to manually trigger helm action 2025-01-14 10:06:25 +01:00
Manuel Raynaud bc60d658cf 🔧(actions) push helm chart when code is merged in main branch 2025-01-14 09:57:37 +01:00
Manuel Raynaud 76f5f8d393 🔧(helm) enable security plugin in opensearch
We want to secure the connection to opensearch. This will also enable
authentification for the dashboard access. For now we use the default
admin user without custom configuration.
2025-01-14 09:48:15 +01:00
Manuel Raynaud 1a1c5641f7 💚(helm) fix helm linting
The helm lint was not working, values were missing about the
createsuperuser job
2025-01-14 09:48:15 +01:00
Manuel Raynaud 98627d015c ♻️(helm) move secrets to extra chart
The secrets are used only in developement. For other environment we will
manage them differently.
2025-01-14 09:48:15 +01:00
Manuel Raynaud de105be159 🚀(deploy) publish helm chart on gh-pages
We wanto to publish the helm chart on the gh-pages branch. For this we
use a github actions responsible to do it. Inpired by
numerique-gouv/meet
2025-01-14 09:48:15 +01:00
Manuel Raynaud a58e61c014 🔥(helm) remove non dev environments
Non dev environments will be managed externally, we don't want to deal
with secrets in open source repo anymore.
2025-01-14 09:48:15 +01:00
Manuel Raynaud fb4ab1e0e3 💚(CI) fix CI 2025-01-10 14:46:06 +01:00
Manuel Raynaud 78cf668cd7 🔨(kind) add help to pause and resume a cluster
Once started, the cluster can not be paused using kind or ctlptl
command. 2 helpers are added to pause and resume docker containers
running the cluster.
2025-01-10 14:46:06 +01:00
Manuel Raynaud 9a07f45777 ⬆️(back) upgrade all python dependencies
Upgrade all python depencies to their latest version
2025-01-10 14:46:06 +01:00
Manuel Raynaud 1b8dac65c7 ⬇️(compose) downgrade postgres to version 15
We want to target the version N-1 of postgres
2025-01-10 14:46:06 +01:00
Manuel Raynaud 66995b5f8c ⬆️(docker) update python to version 3.12
As we are working on a modern project, we can directly use python 3.12
2025-01-10 14:46:06 +01:00
Manuel Raynaud 9fc7e58414 🔧(core) update tilt and helm files to make it works
Opensearch was missing in the dev dependencies when deploying in a local
k8s using Tilt. Also the secrets and values have been updated
accordingly to make it works.
2025-01-10 14:46:06 +01:00
Manuel Raynaud 8a2876d25b 🔧(core) rename docker-compose.yml file in compose.yml
docker-compose.yml file is the legacy configuration file for
docker-compose version 1. Since version 2 is a plugin for docker, they
also changed the name of the configuration file to compose.yml. So we
rename this file.
2025-01-10 14:46:06 +01:00
Manuel Raynaud 065bd42798 🔨(core) merge scripts directory in bin directory
scripts directory was containing bash scripts but bin directory also
have bash scripts. We merge both in the bin one to find them in only one
place.
2025-01-10 14:46:06 +01:00
Manuel Raynaud 2172e005e8 🔥(core) remove code related to a frontend application
There is no frontend application in the find project. All code related
to a frontecnd application is removed.
2025-01-10 14:46:06 +01:00
Manuel Raynaud 325fd0a8dc ♻️(core) rename drive project in find
Initially the project was named drive and many references are still
present. We decided to revamp all the project to only have references to
find.
2025-01-10 14:46:06 +01:00
Jacques ROUSSEL 29edffa12d (secret) update sops recipients
Add Manuel to the recipient list in /dev/secrets.enc.yaml
2025-01-08 11:57:15 +01:00
Samuel Paccoud cb33899132 (backend) first working prototype
This is built from our boilerplate and adds a first working
prototype of indexing (single document or bulk) and searching
(with basic filtering and sorting. No authentication yet).

Run `make demo` to generate an index for development.
2024-09-02 20:15:41 +02:00
Samuel Paccoud 89aa094fc6 🎉(project) first project 2024-09-02 20:12:54 +02:00