Merge branch 'noosfero-token'

This implements creating an user in the Noosfero dabatase, an grabbing its API key for use in the Colab Noosfero plugin

Merge branch 'noosfero-token'
This implements creating an user in the Noosfero dabatase, an grabbing its API key for use in the Colab Noosfero plugin
Antonio Terceiro
2 parents 5755b947 6a9c0495
Showing 8 changed files with 58 additions and 7 deletions Show diff stats
Rakefile
cookbooks/colab/recipes/default.rb
cookbooks/colab/templates/noosfero.py.erb
cookbooks/noosfero/files/noosfero-create-api-user
cookbooks/noosfero/recipes/default.rb
cookbooks/postgresql/recipes/noosfero.rb
cookbooks/postgresql/templates/centos/pg_hba.conf.erb
roles/database_server.rb
@@ -136,6 +136,7 @@ task :bootstrap_common =&gt; &#39;config/local/ssh_config&#39;
 unless ENV['nodeps']
   task 'converge:integration' => 'converge:database'
+  task 'converge:integration' => 'converge:social'
   task 'converge:social'      => 'converge:database'
 end
@@ -148,6 +148,10 @@ template &#39;/etc/colab/plugins.d/noosfero.py&#39; do
   group 'colab'
   mode 0640
   notifies :restart, 'service[colab]'
+  get_private_token = lambda do
+    `psql --tuples-only --host database --user colab -c "select private_token from users where login = 'admin-noosfero'" noosfero`.strip
+  end
+  variables(:get_private_token => get_private_token)
 end
 template '/etc/colab/plugins.d/spb.py' do
@@ -10,6 +10,8 @@ verbose_name = &#39;Noosfero Plugin&#39;
 upstream = 'http://<%= node['peers']['social'] %>:80/social/'
+private_token = '<%= @get_private_token.call %>'
+
 urls = {
     'include': 'colab_noosfero.urls',
     'namespace': 'noosfero',  # TODO: do not allow to change namespace
@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+
+login = ARGV[0]
+email = ARGV[1]
+password = SecureRandom.random_number.to_s
+
+user = User.find_by_login(login)
+exit(0) if user
+
+user = User.create!(
+  login: login,
+  email: email,
+  password: password,
+  password_confirmation: password
+)
+user.activate
+user.generate_private_token_if_not_exist
@@ -51,17 +51,24 @@ execute &#39;plugins:enable&#39; do
   command '/usr/lib/noosfero/script/noosfero-plugins enable ' + plugins.join(' ')
 end
+plugins_spb = [
+  'software_communities',
+  'gov_user',
+  'spb_migrations',
+]
+
+# HACK disable plugins_spb before migrating
+# FIXME fix the plugins to not depend on other pugins
+execute 'noosfero:plugins_spb:disable' do
+  command '/usr/lib/noosfero/script/noosfero-plugins disable ' + plugins_spb.join(' ')
+end
+
 execute 'noosfero:migrate' do
   command 'RAILS_ENV=production SCHEMA=/dev/null bundle exec rake db:migrate'
   cwd '/usr/lib/noosfero'
   user 'noosfero'
 end
-plugins_spb = [
-  'software_communities',
-  'gov_user',
-  'spb_migrations',
-]
 #FIXME: We did it, because we have to enable each plugin and migrate it separately.
 plugins_spb.each do |plugin|
@@ -127,6 +134,21 @@ cookbook_file &#39;/usr/lib/noosfero/config/noosfero.yml&#39; do
   source 'noosfero.yml'
   notifies :restart, 'service[noosfero]'
 end
+
+cookbook_file "/usr/local/bin/noosfero-create-api-user" do
+  mode 0755
+end
+
+execute 'create-admin-token-noosfero' do
+  command [
+    "RAILS_ENV=production bundle exec rails runner",
+    "/usr/local/bin/noosfero-create-api-user",
+    "admin-noosfero", # username
+    "noosfero@localhost.localdomain", # email
+  ].join(' ')
+  cwd '/usr/lib/noosfero'
+  user 'noosfero'
+end
 ###############################################
 #  SELinux: permission to access static files noosfero
 ################################################
@@ -14,3 +14,7 @@ execute &#39;createdb:noosfero&#39; do
   end
 end
+execute 'grant:noosfero:colab' do
+  command 'psql -c "GRANT SELECT ON users TO colab" noosfero'
+  user 'postgres'
+end
@@ -10,3 +10,4 @@ host    all             all             ::1/128                 ident
 host    colab     colab       <%= node['peers']['integration'] %>/32  trust
 host    gitlab    gitlab      <%= node['peers']['integration'] %>/32  trust
 host    noosfero  noosfero    <%= node['peers']['social'] %>/32       trust
+host    noosfero  colab       <%= node['peers']['integration'] %>/32  trust
@@ -3,7 +3,7 @@ description &#39;Database server&#39;
 run_list *[
   'recipe[postgresql]',
   'recipe[redis]',
-  'recipe[postgresql::colab]',
-  'recipe[postgresql::gitlab]',
+  'recipe[postgresql::colab]', # must come before the other apps
   'recipe[postgresql::noosfero]',
+  'recipe[postgresql::gitlab]',
 ]
	@@ -136,6 +136,7 @@ task :bootstrap_common => 'config/local/ssh_config'		@@ -136,6 +136,7 @@ task :bootstrap_common => 'config/local/ssh_config'
136		136
137	unless ENV['nodeps']	137	unless ENV['nodeps']
138	task 'converge:integration' => 'converge:database'	138	task 'converge:integration' => 'converge:database'
		139	+ task 'converge:integration' => 'converge:social'
139	task 'converge:social' => 'converge:database'	140	task 'converge:social' => 'converge:database'
140	end	141	end
141		142
	@@ -10,6 +10,8 @@ verbose_name = 'Noosfero Plugin'		@@ -10,6 +10,8 @@ verbose_name = 'Noosfero Plugin'
10		10
11	upstream = 'http://<%= node['peers']['social'] %>:80/social/'	11	upstream = 'http://<%= node['peers']['social'] %>:80/social/'
12		12
		13	+private_token = '<%= @get_private_token.call %>'
		14	+
13	urls = {	15	urls = {
14	'include': 'colab_noosfero.urls',	16	'include': 'colab_noosfero.urls',
15	'namespace': 'noosfero', # TODO: do not allow to change namespace	17	'namespace': 'noosfero', # TODO: do not allow to change namespace
@@ -0,0 +1,17 @@		@@ -0,0 +1,17 @@
	1	+#!/usr/bin/env ruby
	2	+
	3	+login = ARGV[0]
	4	+email = ARGV[1]
	5	+password = SecureRandom.random_number.to_s
	6	+
	7	+user = User.find_by_login(login)
	8	+exit(0) if user
	9	+
	10	+user = User.create!(
	11	+ login: login,
	12	+ email: email,
	13	+ password: password,
	14	+ password_confirmation: password
	15	+)
	16	+user.activate
	17	+user.generate_private_token_if_not_exist
	@@ -51,17 +51,24 @@ execute 'plugins:enable' do		@@ -51,17 +51,24 @@ execute 'plugins:enable' do
51	command '/usr/lib/noosfero/script/noosfero-plugins enable ' + plugins.join(' ')	51	command '/usr/lib/noosfero/script/noosfero-plugins enable ' + plugins.join(' ')
52	end	52	end
53		53
		54	+plugins_spb = [
		55	+ 'software_communities',
		56	+ 'gov_user',
		57	+ 'spb_migrations',
		58	+]
		59	+
		60	+# HACK disable plugins_spb before migrating
		61	+# FIXME fix the plugins to not depend on other pugins
		62	+execute 'noosfero:plugins_spb:disable' do
		63	+ command '/usr/lib/noosfero/script/noosfero-plugins disable ' + plugins_spb.join(' ')
		64	+end
		65	+
54	execute 'noosfero:migrate' do	66	execute 'noosfero:migrate' do
55	command 'RAILS_ENV=production SCHEMA=/dev/null bundle exec rake db:migrate'	67	command 'RAILS_ENV=production SCHEMA=/dev/null bundle exec rake db:migrate'
56	cwd '/usr/lib/noosfero'	68	cwd '/usr/lib/noosfero'
57	user 'noosfero'	69	user 'noosfero'
58	end	70	end
59		71
60	-plugins_spb = [
61	- 'software_communities',
62	- 'gov_user',
63	- 'spb_migrations',
64	-]
65		72
66	#FIXME: We did it, because we have to enable each plugin and migrate it separately.	73	#FIXME: We did it, because we have to enable each plugin and migrate it separately.
67	plugins_spb.each do \|plugin\|	74	plugins_spb.each do \|plugin\|
	@@ -127,6 +134,21 @@ cookbook_file '/usr/lib/noosfero/config/noosfero.yml' do		@@ -127,6 +134,21 @@ cookbook_file '/usr/lib/noosfero/config/noosfero.yml' do
127	source 'noosfero.yml'	134	source 'noosfero.yml'
128	notifies :restart, 'service[noosfero]'	135	notifies :restart, 'service[noosfero]'
129	end	136	end
		137	+
		138	+cookbook_file "/usr/local/bin/noosfero-create-api-user" do
		139	+ mode 0755
		140	+end
		141	+
		142	+execute 'create-admin-token-noosfero' do
		143	+ command [
		144	+ "RAILS_ENV=production bundle exec rails runner",
		145	+ "/usr/local/bin/noosfero-create-api-user",
		146	+ "admin-noosfero", # username
		147	+ "noosfero@localhost.localdomain", # email
		148	+ ].join(' ')
		149	+ cwd '/usr/lib/noosfero'
		150	+ user 'noosfero'
		151	+end
130	###############################################	152	###############################################
131	# SELinux: permission to access static files noosfero	153	# SELinux: permission to access static files noosfero
132	################################################	154	################################################
	@@ -14,3 +14,7 @@ execute 'createdb:noosfero' do		@@ -14,3 +14,7 @@ execute 'createdb:noosfero' do
14	end	14	end
15	end	15	end
16		16
		17	+execute 'grant:noosfero:colab' do
		18	+ command 'psql -c "GRANT SELECT ON users TO colab" noosfero'
		19	+ user 'postgres'
		20	+end
	@@ -10,3 +10,4 @@ host all all ::1/128 ident		@@ -10,3 +10,4 @@ host all all ::1/128 ident
10	host colab colab <%= node['peers']['integration'] %>/32 trust	10	host colab colab <%= node['peers']['integration'] %>/32 trust
11	host gitlab gitlab <%= node['peers']['integration'] %>/32 trust	11	host gitlab gitlab <%= node['peers']['integration'] %>/32 trust
12	host noosfero noosfero <%= node['peers']['social'] %>/32 trust	12	host noosfero noosfero <%= node['peers']['social'] %>/32 trust
		13	+host noosfero colab <%= node['peers']['integration'] %>/32 trust