Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade 5.4 symfony and separate EntityMapper #263

Merged
merged 4 commits into from
Jul 10, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ With Vagrant (each of these steps may take several minutes!):
```bash
ISLANDORA_BUILD_BASE=true vagrant up # Create the base box on a bare Ubuntu.
vagrant package --output islandora_base # Shut down the VM and save it as a file, islandora_base, which is created in this directory.
vagrant destroy # You will be prompted to enter 'y' to destroy this VM
ISLANDORA_BUILD_BASE=true vagrant destroy # You will be prompted to enter 'y' to destroy the base box VM
vagrant up # It will show it is importing the islandora_base base box, then will provision Islandora.
```

Expand Down
2 changes: 0 additions & 2 deletions inventory/vagrant/group_vars/crayfish.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
---
crayfish_db: "{{ islandora_db }}"

crayfish_fedora_base_url: "http://{{ hostvars[groups['tomcat'][0]].ansible_host }}:8080/fcrepo/rest"
crayfish_drupal_base_url: "http://{{ hostvars[groups['webserver'][0]].ansible_host }}:{{ apache_listen_port }}"
16 changes: 0 additions & 16 deletions roles/internal/Islandora-Devops.crayfish/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@ crayfish_services:
- Homarus
- Hypercube
- Recast
# Default crayfish static JWT token
crayfish_syn_token: islandora
# Webserver path to install to
crayfish_install_dir: /var/www/html/Crayfish
# Crayfish log directory
Expand Down Expand Up @@ -48,11 +46,6 @@ Some OS dependent variables are set in vars/* but can be overridden if desired:
# - poppler-utils
```
=======
`crayfish_db` can be set to:
- pgsql
- mysql

Depending what database you would like to use. If not set it defaults to _mysql_

There are lots more configuration settings in [defaults/main.yml](defaults/main.yml)

Expand All @@ -67,15 +60,6 @@ The module depends on the following. Links are provided to roles known to work w
* [PHP](https://galaxy.ansible.com/geerlingguy/php/)
* [Composer](https://galaxy.ansible.com/geerlingguy/composer/)
* [git](https://galaxy.ansible.com/geerlingguy/git/)
* database
- [pgsql](https://galaxy.ansible.com/geerlingguy/postgresql/)
- [mysql](https://galaxy.ansible.com/geerlingguy/mysql/)

## Example Playbook

Examples from the role tests:
* [Postgresql](tests/pgsql.yml)
* [Mysql](tests/mysql.yml)

## License

Expand Down
2 changes: 1 addition & 1 deletion roles/internal/Islandora-Devops.crayfish/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
crayfish_version_tag: 3.x
crayfish_version_tag: upgrade-5.4-symfony
whikloj marked this conversation as resolved.
Show resolved Hide resolved

crayfish_services:
- Houdini
Expand Down
5 changes: 0 additions & 5 deletions roles/internal/Islandora-Devops.crayfish/tasks/install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,6 @@
vars:
ssl_key_public_output_path: "{{ crayfish_install_dir }}/public.key"

- name: Install auth config
template:
src: "syn-settings.xml.jp2"
dest: "{{ crayfish_install_dir }}/syn-settings.xml"

- name: Configure crayfish code (Symfony)
include_tasks: "./tasks/symfony_config.yml"
with_items: "{{ crayfish_services }}"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
### This file is managed with Ansible ###
crayfish_commons:
fedora_base_uri: {{ crayfish_homarus_fedora_base_url }}
syn_config: {{ crayfish_homarus_jwt_config }}
apix_middleware_enabled: false
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
### This file is managed with Ansible ###
lexik_jwt_authentication:
# Need secret key to generate a token, this is not necessary for normal usage as the key is generated by Drupal.
secret_key: ''
# This is required if you have set a passphrase on the secret key, this is generally not needed.
pass_phrase: ''
# This is the public key from the pair generated by Drupal and is required to validate the JWTs
public_key: '{{ crayfish_install_dir }}/public.key'
# By default lexik_jwt looks for the username key in the payload, we use sub
user_identity_field: sub
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# This file managed by Ansible

# To disable Syn checking, set syn_enabled=false in crayfish_commons.yaml and remove this configuration file.
### This file managed by Ansible ###
### To disable authentication, set crayfish_homarus_jwt_enabled to false.
security:

# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
enable_authenticator_manager: true
# https://symfony.com/doc/5.4/security.html#where-do-users-come-from-user-providers
providers:
jwt_user_provider:
id: Islandora\Crayfish\Commons\Syn\JwtUserProvider
users_in_memory: { memory: null }
jwt:
lexik_jwt: ~

firewalls:
dev:
Expand All @@ -16,25 +16,20 @@ security:
# Need stateless or it reloads the User based on a token.
stateless: true
{%if crayfish_homarus_jwt_enabled == true %}
anonymous: false

provider: jwt_user_provider
guard:
authenticators:
- Islandora\Crayfish\Commons\Syn\JwtAuthenticator
provider: jwt
jwt: ~

# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/5.4/security.html#firewalls-authentication

# https://symfony.com/doc/current/security/impersonating_user.html
# https://symfony.com/doc/5.4/security/impersonating_user.html
# switch_user: true

{% else %}
anonymous: true
{% endif %}

# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
{% else %}
anonymous: true
{% endif %}
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# Files in the packages/ subdirectory configure your dependencies.

# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
# https://symfony.com/doc/5.4/best_practices/configuration.html#application-related-configuration

parameters:
app.executable: {{ crayfish_homarus_executable_config.executable }}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
### This file is managed with Ansible ###
crayfish_commons:
fedora_base_uri: {{ crayfish_houdini_fedora_base_url }}
syn_config: {{ crayfish_houdini_jwt_config }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
### This file is managed with Ansible ###
lexik_jwt_authentication:
# Need secret key to generate a token, this is not necessary for normal usage as the key is generated by Drupal.
secret_key: ''
# This is required if you have set a passphrase on the secret key, this is generally not needed.
pass_phrase: ''
# This is the public key from the pair generated by Drupal and is required to validate the JWTs
public_key: '{{ crayfish_install_dir }}/public.key'
# By default lexik_jwt looks for the username key in the payload, we use sub
user_identity_field: sub
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# This file managed by Ansible

# To disable Syn checking, set syn_enabled=false in crayfish_commons.yaml and remove this configuration file.
### This file managed by Ansible ###
### To disable authentication, set crayfish_houdini_jwt_enabled to false.
security:

# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
enable_authenticator_manager: true
# https://symfony.com/doc/5.4/security.html#where-do-users-come-from-user-providers
providers:
jwt_user_provider:
id: Islandora\Crayfish\Commons\Syn\JwtUserProvider
users_in_memory: { memory: null }
jwt:
lexik_jwt: ~

firewalls:
dev:
Expand All @@ -16,25 +16,20 @@ security:
# Need stateless or it reloads the User based on a token.
stateless: true
{%if crayfish_houdini_jwt_enabled == true %}
anonymous: false

provider: jwt_user_provider
guard:
authenticators:
- Islandora\Crayfish\Commons\Syn\JwtAuthenticator
provider: jwt
jwt: ~

# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/5.4/security.html#firewalls-authentication

# https://symfony.com/doc/current/security/impersonating_user.html
# https://symfony.com/doc/5.4/security/impersonating_user.html
# switch_user: true

{% else %}
anonymous: true
{% endif %}

# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
{% else %}
anonymous: true
{% endif %}
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# Files in the packages/ subdirectory configure your dependencies.

# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
# https://symfony.com/doc/5.4/best_practices/configuration.html#application-related-configuration

parameters:
app.executable: {{ crayfish_houdini_executable_config.executable }}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
### This file is managed with Ansible ###
crayfish_commons:
fedora_base_uri: {{ crayfish_hypercube_fedora_base_url }}
syn_config: {{ crayfish_hypercube_jwt_config }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
### This file is managed with Ansible ###
lexik_jwt_authentication:
# Need secret key to generate a token, this is not necessary for normal usage as the key is generated by Drupal.
secret_key: ''
# This is required if you have set a passphrase on the secret key, this is generally not needed.
pass_phrase: ''
# This is the public key from the pair generated by Drupal and is required to validate the JWTs
public_key: '{{ crayfish_install_dir }}/public.key'
# By default lexik_jwt looks for the username key in the payload, we use sub
user_identity_field: sub
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# This file managed by Ansible

# To disable Syn checking, set syn_enabled=false in crayfish_commons.yaml and remove this configuration file.
### This file managed by Ansible ###
### To disable authentication, set crayfish_hypercube_jwt_enabled to false.
security:

# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
enable_authenticator_manager: true
# https://symfony.com/doc/5.4/security.html#where-do-users-come-from-user-providers
providers:
jwt_user_provider:
id: Islandora\Crayfish\Commons\Syn\JwtUserProvider
users_in_memory: { memory: null }
jwt:
lexik_jwt: ~

firewalls:
dev:
Expand All @@ -16,25 +16,20 @@ security:
# Need stateless or it reloads the User based on a token.
stateless: true
{%if crayfish_hypercube_jwt_enabled == true %}
anonymous: false

provider: jwt_user_provider
guard:
authenticators:
- Islandora\Crayfish\Commons\Syn\JwtAuthenticator
provider: jwt
jwt: ~

# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/5.4/security.html#firewalls-authentication

# https://symfony.com/doc/current/security/impersonating_user.html
# https://symfony.com/doc/5.4/security/impersonating_user.html
# switch_user: true

{% else %}
anonymous: true
{% endif %}

# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
{% else %}
anonymous: true
{% endif %}
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# Files in the packages/ subdirectory configure your dependencies.

# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
# https://symfony.com/doc/5.4/best_practices/configuration.html#application-related-configuration

parameters:
app.tesseract_executable: {{ crayfish_hypercube_tesseract_executable }}
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
### This file is managed with Ansible ###
lexik_jwt_authentication:
# Need secret key to generate a token, this is not necessary for normal usage as the key is generated by Drupal.
secret_key: ''
# This is required if you have set a passphrase on the secret key, this is generally not needed.
pass_phrase: ''
# This is the public key from the pair generated by Drupal and is required to validate the JWTs
public_key: '{{ crayfish_install_dir }}/public.key'
# By default lexik_jwt looks for the username key in the payload, we use sub
user_identity_field: sub
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# This file managed by Ansible

# To disable Syn checking, set syn_enabled=false in crayfish_commons.yaml and remove this configuration file.
### This file managed by Ansible ###
### To disable authentication, set crayfish_milliner_jwt_enabled to false.
security:

# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
enable_authenticator_manager: true
# https://symfony.com/doc/5.4/security.html#where-do-users-come-from-user-providers
providers:
jwt_user_provider:
id: Islandora\Crayfish\Commons\Syn\JwtUserProvider
users_in_memory: { memory: null }
jwt:
lexik_jwt: ~

firewalls:
dev:
Expand All @@ -16,25 +16,20 @@ security:
# Need stateless or it reloads the User based on a token.
stateless: true
{%if crayfish_milliner_jwt_enabled == true %}
anonymous: false

provider: jwt_user_provider
guard:
authenticators:
- Islandora\Crayfish\Commons\Syn\JwtAuthenticator
provider: jwt
jwt: ~

# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/5.4/security.html#firewalls-authentication

# https://symfony.com/doc/current/security/impersonating_user.html
# https://symfony.com/doc/5.4/security/impersonating_user.html
# switch_user: true

{% else %}
anonymous: true
{% endif %}

# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
{% else %}
anonymous: true
{% endif %}
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# Files in the packages/ subdirectory configure your dependencies.

# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
# https://symfony.com/doc/5.4/best_practices/configuration.html#application-related-configuration
parameters:
app.fedora_base_url: {{ crayfish_milliner_fedora_base_url }}
app.drupal_base_url: {{ crayfish_milliner_drupal_base_url }}
Expand Down Expand Up @@ -34,6 +34,7 @@ services:
$modifiedDatePredicate: '%app.modified_date_predicate%'
$stripFormatJsonld: '%app.strip_format_jsonld%'
$isFedora6: '%app.isFedora6%'
$fedoraBaseUrl: '%app.fedora_base_url%'

# controllers are imported separately to make sure services can be injected
# as action arguments even if you don't extend any base controller class
Expand Down
Loading