feat(api): LDAP authentication

[Kooper]

Bring back LDAP authentication as discussed in #1140

Basically it is a rollback of 2883c0c on the up2date codebase, with updated versions of involved components.

Changes have been tested with LDAP server, which currently works for Deis v1

[deis-admin]

Thanks for the contribution! Please ensure your commits follow our style guide. This code will be tested once a Deis maintainer reviews it.

[deis-bot]

@helgi, @mboersma and @bacongobbler are potential reviewers of this pull request based on my analysis of git blame information. Thanks @Kooper!

[Kooper]

Can not reproduce the failure which TravisCI reports :(
In my environment database creation and unit tests run without any problems:

# sudo -u postgres make test-unit
cd rootfs \
		&& coverage run manage.py test --settings=api.settings.testing --noinput registry api scheduler.tests \
		&& coverage report -m
Creating test database for alias 'default'...
............................................................................................................................................................................................................................................................................................................................
----------------------------------------------------------------------
Ran 316 tests in 665.885s

OK
Destroying test database for alias 'default'...
Name                                                       Stmts   Miss Branch BrPart  Cover   Missing
------------------------------------------------------------------------------------------------------
api/authentication.py                                         12      3      0      0    75%   12, 23-24
...

[Kooper]

I managed to reproduce the problem. Will investigate and fix it...

[bacongobbler]

Apologies for the lack of response. Glad you sorted it out. Let us know if you need help, we're also available on slack.deis.io

[Kooper]

Well, the problem is caused by missing migrations for model of django_auth_ldap module.
The module uses model entirely for testing purposes, defining TestUser/TestProfile classes, which references django.auth. As the module does not declare migrations - there is a dependency problem upon database schema creation, when models are imported before test.

Now I in doubt of proper resolution: I don't want to import TestUser/TestProfile as an ordinary migrations as it makes no sense in production configuration (albeit in Deis v1 it was so - just checked our production installation of v1). But I also didn't find how to prohibit Django loading model of django_auto_ldap.

Here how it looks in details - 'Synchronizing apps without migrations' stage is running prior to defined migrations, and 'Running deferred SQL' tries to reference auth_user which doesn't exist yet.

Operations to perform:
  Synchronize unmigrated apps: corsheaders, django_auth_ldap, gunicorn, humanize, jsonfield, messages, rest_framework
  Apply all migrations: api, auth, authtoken, contenttypes, guardian, sessions
Running pre-migrate handlers for application auth
Running pre-migrate handlers for application contenttypes
Running pre-migrate handlers for application sessions
Running pre-migrate handlers for application corsheaders
Running pre-migrate handlers for application guardian
Running pre-migrate handlers for application jsonfield
Running pre-migrate handlers for application rest_framework
Running pre-migrate handlers for application authtoken
Running pre-migrate handlers for application api
Running pre-migrate handlers for application django_auth_ldap
Synchronizing apps without migrations:
  Creating tables...
    Creating table corsheaders_corsmodel
    Creating table django_auth_ldap_testuser
    Creating table django_auth_ldap_testprofile
    Running deferred SQL...
CREATE INDEX "django_auth_ldap_testuser_identifier_8359accd_like" ON "django_auth_ldap_testuser" ("identifier" varchar_pattern_ops)
ALTER TABLE "django_auth_ldap_testprofile" ADD CONSTRAINT "django_auth_ldap_testprofile_user_id_9f1e9774_fk_auth_user_id" FOREIGN KEY ("user_id") REFERENCES "auth_user" ("id") DEFERRABLE INITIALLY DEFERRED
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/django/db/backends/utils.py", line 62, in execute
    return self.cursor.execute(sql)
psycopg2.ProgrammingError: relation "auth_user" does not exist

[kmala]

Jenkins, Add to whitelist.

[codecov-io]

Current coverage is 87.56% (diff: 100%)

Merging #1156 into master will decrease coverage by 0.01%

@@             master      #1156   diff @@
==========================================
  Files            43         43          
  Lines          3799       3795     -4   
  Methods           0          0          
  Messages          0          0          
  Branches        664        661     -3   
==========================================
- Hits           3327       3323     -4   
  Misses          308        308          
  Partials        164        164          

Powered by Codecov. Last update 51cab9d...38275ea

[Kooper]

I finally figured out that INSTALLED_APPS contains list of model for import. With django-auth-ldap there is no model except for testing module itself, so it shouldn't be included into this list.

[rvadim]

We need this PR, when it will be merged?

[bacongobbler]

@kmala marked it for v2.10 for review. It's jut a matter of finding the time to review it :)

[bacongobbler]

I think the last thing this PR needs is documentation at https://github.com/deis/workflow before it's ready to be merged.

[kmala]

@bacongobbler this is the docs PR deis/workflow#649

[bacongobbler]

Nice, how did I miss that?!

Anyways, this looks good to me. e2e tests are passing so this will be disabled by default.

[bacongobbler]

closes #1140

[rvadim]

I tested this PR in our infrastructure, already. Working great.

[kmala]

corresponding docs PR deis/workflow#649

[kmala]

@rvadim Thanks for the contribution.