Compare commits

...

8 Commits

Author SHA1 Message Date
Jonathan Perret 5e0ea8321c WIP of using an Alpine Python base image
We have to remain with debian as a base for the development image
since we install Playwright in the image.
2025-05-07 12:19:03 +02:00
Jonathan Perret ae2d4a573b Deploy release v1.0.6 to production. 2025-03-11 16:34:02 +01:00
Jonathan Perret 5be05fe43e v1.0.6 release 2025-03-11 16:31:50 +01:00
Jonathan Perret f90df5c2c6 Merge pull request #27 from numerique-gouv/allow-more-affiliations
Allow more affiliations
2025-03-11 16:02:10 +01:00
Jonathan Perret 6bbcd95069 🔧(config) allow more affiliations
We agreed with RENATER to allow people having one of the following
affiliations: faculty, staff, employee, researcher, teacher.
2025-03-11 15:42:27 +01:00
Jonathan Perret b839c32b50 Merge pull request #26 from numerique-gouv/satosa-8.5.1
⬆️ (deps) upgrade to SATOSA 8.5.1
2025-03-11 15:38:15 +01:00
Jonathan Perret 9b062aa27d ⬆️ (deps) upgrade to SATOSA 8.5.1 2025-03-11 15:23:36 +01:00
Jonathan Perret 4a2ece217b Deploy release v1.0.5 to production. 2025-03-06 19:48:00 +01:00
6 changed files with 49 additions and 20 deletions
+4
View File
@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0),
and this project adheres to
[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [1.0.6] - 2025-03-11
- upgrade to SATOSA 8.5.1
- allow faculty, staff, employee, researcher, teacher affiliations
## [1.0.5] - 2025-03-06
- add allowlist for URL paths to nginx ingress
- allow customizing log levels per logger
+34 -13
View File
@@ -1,17 +1,11 @@
# ---- base image to inherit from ----
FROM python:3.11-slim-bookworm as common
# ---- Development image ----
FROM python:3.11-slim-bookworm AS development
# Install xmlsec1 dependencies required for xmlsec (for SAML)
# Needs to be kept before the `pip install`
RUN apt-get update && \
apt-get -y upgrade && \
apt-get install -y \
pkg-config \
gcc \
xmlsec1 \
libxml2-dev \
libxmlsec1-dev \
libxmlsec1-openssl && \
apt-get install --no-install-recommends -y xmlsec1 && \
rm -rf /var/lib/apt/lists/*
# We want the most up-to-date stable pip release
@@ -40,9 +34,6 @@ COPY docker/files/usr/local/etc/gunicorn/satosa.py /usr/local/etc/gunicorn/satos
# The default command runs gunicorn WSGI server in satosa's main module
CMD ["gunicorn", "-c", "/usr/local/etc/gunicorn/satosa.py"]
# ---- Development image ----
FROM common as development
# Playwright browsers
ENV PLAYWRIGHT_BROWSERS_PATH=/pw-browsers
RUN pip install playwright
@@ -67,7 +58,37 @@ COPY ./src/satosa /app/
USER ${DOCKER_USER}
# ---- Production image (keep last so it is the default target) ----
FROM common as production
FROM python:3.11-alpine AS production
# Install xmlsec (for SAML)
# Needs to be kept before the `pip install`
RUN apk add xmlsec bash
# We want the most up-to-date stable pip release
RUN pip install --upgrade pip
ENV PYTHONUNBUFFERED=1
# Give the "root" group the same permissions as the "root" user on /etc/passwd
# to allow a user belonging to the root group to add new users; typically the
# docker user (see entrypoint).
RUN chmod g=u /etc/passwd
# We wrap commands run in this container by the following entrypoint that
# creates a user on-the-fly with the container user ID (see USER) and root group
# ID.
COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
# Un-privileged user running the application
ARG DOCKER_USER
# Gunicorn
RUN mkdir -p /usr/local/etc/gunicorn
COPY docker/files/usr/local/etc/gunicorn/satosa.py /usr/local/etc/gunicorn/satosa.py
# The default command runs gunicorn WSGI server in satosa's main module
CMD ["gunicorn", "-c", "/usr/local/etc/gunicorn/satosa.py"]
# Copy oidc2fer application (see .dockerignore)
COPY ./src/satosa /app/
@@ -1,7 +1,7 @@
image:
repository: lasuite/oidc2fer
pullPolicy: Always
tag: "v1.0.4"
tag: "v1.0.6"
satosa:
replicas: 2
@@ -3,11 +3,11 @@ name: Saml2
config:
disco_srv: !ENV SAML2_DISCOVERY_URL
entityid_endpoint: true
mirror_force_authn: 'no'
memorize_idp: 'no'
use_memorized_idp_when_force_authn: 'no'
send_requester_id: 'no'
enable_metadata_reload: 'no'
mirror_force_authn: false
memorize_idp: false
use_memorized_idp_when_force_authn: false
send_requester_id: false
enable_metadata_reload: false
acs_selection_strategy: prefer_matching_host
sp_config:
name: Passerelle OIDC vers FER
@@ -13,4 +13,8 @@ config:
# later in the PrimaryIdentifier processor.
- ".+"
eduPersonAffiliation:
- "^faculty$"
- "^staff$"
- "^employee$"
- "^researcher$"
- "^teacher$"
+1 -1
View File
@@ -23,7 +23,7 @@ license = { file = "LICENSE" }
readme = "README.md"
requires-python = ">=3.11"
dependencies = [
"SATOSA==8.4.0",
"SATOSA==8.5.1",
"gunicorn==22.0.0",
"redis==5.0.4",
"JSON-log-formatter==1.0",