[ FEATURE CAS ] add dockerfile and other build stuff

79fd3913 · zkuang · 85e9b0d3 · 79fd3913 · 79fd3913 · 79fd3913
Commit 79fd3913 authored Feb 28, 2020 by zkuang
Showing with 227 additions and 14 deletions

Dockerfile Dockerfile +12 -0

settings.py account/settings.py +34 -14

models.py models.py +0 -0

requirements.txt requirements.txt +2 -0

wait-for-it.sh wait-for-it.sh +179 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
+FROM python:3.8
+
+ADD . /opt/sso
+
+WORKDIR /opt/sso
+RUN pip install -i https://mirrors.aliyun.com/pypi/simple/ pip -U && \
+    pip config set global.index-url https://mirrors.aliyun.com/pypi/simple/ && \
+    pip install -r requirements.txt
+
+RUN mv ./models.py /usr/local/lib/python3.8/site-packages/mama_cas/models.py
+CMD [ "gunicorn", "-b", "0.0.0.0:80", "account.wsgi"]
\ No newline at end of file
--- a/account/settings.py
+++ b/account/settings.py
@@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
 """

 import os
+import json

 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -20,12 +21,12 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/

 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '1gboig1)_)ljuz_h0&8m%s84ybxz4*z!w0pu$0qi#mobo#poae'
+SECRET_KEY = os.environ.get('SECRET_KEY') # '1gboig1)_)ljuz_h0&8m%s84ybxz4*z!w0pu$0qi#mobo#poae'

 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False

-ALLOWED_HOSTS = ['sso.gzego.com']
+ALLOWED_HOSTS = json.loads(os.environ.get('ALLOWED_HOSTS')) # ['sso.gzego.com']


 # Application definition
@@ -77,11 +78,11 @@ WSGI_APPLICATION = 'account.wsgi.application'
 DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
-        'NAME': 'sso',
-        'USER': 'cas',
-        'PASSWORD': '123456',
-        'HOST': 'mysql',   # Or an IP Address that your DB is hosted on
-        'PORT': '3306',
+        'NAME': os.environ.get('DB_NAME'), # 'sso',
+        'USER': os.environ.get('DB_USERNAME'), # 'cas',
+        'PASSWORD': os.environ.get('DB_PASSWORD'), # '123456',
+        'HOST': os.environ.get('DB_HOST'), # 'mysql',   # Or an IP Address that your DB is hosted on
+        'PORT': os.environ.get('DB_PORT'), # '3306',
    }
 }

@@ -130,13 +131,32 @@ STATIC_ROOT = os.path.join(BASE_DIR, 'static')

 MAMA_CAS_ENABLE_SINGLE_SIGN_OUT = True

-MAMA_CAS_SERVICES = [
-    {
-        'SERVICE': 'http://carbinet.gzego.com:8080/api/cas',
+# the service env variable is a json string like this:
+#             redirect_url                              logout_url                              redirect_url            logout_url
+# ["http://carbinet.gzego.com:8080/api/cas", "http://carbinet.gzego.com:8080/api/cas/logout", ".................", "................."]
+#
+
+def make_service_config(redirect_url, logout_url):
+    return {
+        'SERVICE': redirect_url,
        'CALLBACKS': [
            'mama_cas.callbacks.user_model_attributes',
        ],
        'LOGOUT_ALLOW': True,
-        'LOGOUT_URL': 'http://carbinet.gzego.com:8080/api/cas/logout',
-    },
- ]
\ No newline at end of file
+        'LOGOUT_URL': logout_url,
+    }
+
+service_urls = json.loads(os.environ.get('CAS_SERVICES'))
+MAMA_CAS_SERVICES = [make_service_config(redirect, logout) for redirect, logout in zip(service_urls[0::2], service_urls[1::2])]
+
+
+# MAMA_CAS_SERVICES = [
+#     {
+#         'SERVICE': 'http://carbinet.gzego.com:8080/api/cas',
+#         'CALLBACKS': [
+#             'mama_cas.callbacks.user_model_attributes',
+#         ],
+#         'LOGOUT_ALLOW': True,
+#         'LOGOUT_URL': 'http://carbinet.gzego.com:8080/api/cas/logout',
+#     },
+#  ]
\ No newline at end of file
--- a/models.py
+++ b/models.py
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,8 +4,10 @@ chardet==3.0.4
 Django==3.0.3
 django-cas-ng==4.1.0
 django-mama-cas==2.4.0
+gunicorn==20.0.4
 idna==2.9
 lxml==4.5.0
+mysqlclient==1.4.6
 python-cas==1.5.0
 pytz==2019.3
 requests==2.23.0

--- a/wait-for-it.sh
+++ b/wait-for-it.sh
+#!/usr/bin/env bash
+#   Use this script to test if a given TCP host/port are available
+
+WAITFORIT_cmdname=${0##*/}
+
+echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
+
+usage()
+{
+    cat << USAGE >&2
+Usage:
+    $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args]
+    -h HOST | --host=HOST       Host or IP under test
+    -p PORT | --port=PORT       TCP port under test
+                                Alternatively, you specify the host and port as host:port
+    -s | --strict               Only execute subcommand if the test succeeds
+    -q | --quiet                Don't output any status messages
+    -t TIMEOUT | --timeout=TIMEOUT
+                                Timeout in seconds, zero for no timeout
+    -- COMMAND ARGS             Execute command with args after the test finishes
+USAGE
+    exit 1
+}
+
+wait_for()
+{
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    else
+        echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout"
+    fi
+    WAITFORIT_start_ts=$(date +%s)
+    while :
+    do
+        if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then
+            nc -z $WAITFORIT_HOST $WAITFORIT_PORT
+            WAITFORIT_result=$?
+        else
+            (echo > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1
+            WAITFORIT_result=$?
+        fi
+        if [[ $WAITFORIT_result -eq 0 ]]; then
+            WAITFORIT_end_ts=$(date +%s)
+            echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds"
+            break
+        fi
+        sleep 1
+    done
+    return $WAITFORIT_result
+}
+
+wait_for_wrapper()
+{
+    # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
+    if [[ $WAITFORIT_QUIET -eq 1 ]]; then
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    else
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    fi
+    WAITFORIT_PID=$!
+    trap "kill -INT -$WAITFORIT_PID" INT
+    wait $WAITFORIT_PID
+    WAITFORIT_RESULT=$?
+    if [[ $WAITFORIT_RESULT -ne 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    fi
+    return $WAITFORIT_RESULT
+}
+
+# process arguments
+while [[ $# -gt 0 ]]
+do
+    case "$1" in
+        *:* )
+        WAITFORIT_hostport=(${1//:/ })
+        WAITFORIT_HOST=${WAITFORIT_hostport[0]}
+        WAITFORIT_PORT=${WAITFORIT_hostport[1]}
+        shift 1
+        ;;
+        --child)
+        WAITFORIT_CHILD=1
+        shift 1
+        ;;
+        -q | --quiet)
+        WAITFORIT_QUIET=1
+        shift 1
+        ;;
+        -s | --strict)
+        WAITFORIT_STRICT=1
+        shift 1
+        ;;
+        -h)
+        WAITFORIT_HOST="$2"
+        if [[ $WAITFORIT_HOST == "" ]]; then break; fi
+        shift 2
+        ;;
+        --host=*)
+        WAITFORIT_HOST="${1#*=}"
+        shift 1
+        ;;
+        -p)
+        WAITFORIT_PORT="$2"
+        if [[ $WAITFORIT_PORT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --port=*)
+        WAITFORIT_PORT="${1#*=}"
+        shift 1
+        ;;
+        -t)
+        WAITFORIT_TIMEOUT="$2"
+        if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --timeout=*)
+        WAITFORIT_TIMEOUT="${1#*=}"
+        shift 1
+        ;;
+        --)
+        shift
+        WAITFORIT_CLI=("$@")
+        break
+        ;;
+        --help)
+        usage
+        ;;
+        *)
+        echoerr "Unknown argument: $1"
+        usage
+        ;;
+    esac
+done
+
+if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then
+    echoerr "Error: you need to provide a host and port to test."
+    usage
+fi
+
+WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15}
+WAITFORIT_STRICT=${WAITFORIT_STRICT:-0}
+WAITFORIT_CHILD=${WAITFORIT_CHILD:-0}
+WAITFORIT_QUIET=${WAITFORIT_QUIET:-0}
+
+# check to see if timeout is from busybox?
+WAITFORIT_TIMEOUT_PATH=$(type -p timeout)
+WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH)
+if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then
+        WAITFORIT_ISBUSY=1
+        WAITFORIT_BUSYTIMEFLAG="-t"
+
+else
+        WAITFORIT_ISBUSY=0
+        WAITFORIT_BUSYTIMEFLAG=""
+fi
+
+if [[ $WAITFORIT_CHILD -gt 0 ]]; then
+    wait_for
+    WAITFORIT_RESULT=$?
+    exit $WAITFORIT_RESULT
+else
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        wait_for_wrapper
+        WAITFORIT_RESULT=$?
+    else
+        wait_for
+        WAITFORIT_RESULT=$?
+    fi
+fi
+
+if [[ $WAITFORIT_CLI != "" ]]; then
+    if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then
+        echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess"
+        exit $WAITFORIT_RESULT
+    fi
+    exec "${WAITFORIT_CLI[@]}"
+else
+    exit $WAITFORIT_RESULT
+fi
\ No newline at end of file