Page MenuHomePhabricator
Create Task
Maniphest T370664

Enable SSO for Patchdemo
Closed, ResolvedPublic1 Estimated Story Points
Actions

Description

Patchdemo uses the Wikimedia IdP (identity provider) for SSO (single sign on) which is required before users can CAE (create an environment) (ok, I made that last one up.) This has been turned off on our k8s (kubernetes) instance for development, and needs to be reenabled. We will likely be able to use the old patchdemo client with our patchdemo

  • Determine how to inject oauth php array in patchdemo's config.php (either by reading from environment, or init container to patch)
    • current values are in in the patchdemo root config.php on patchdemo4-production instance in the catalyst Cloud VPS project
  • modify the patchdemo helm chart inject the values

Details

Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
Add Oauth Callback Config as CI variablerepos/test-platform/catalyst/patchdemo!27kindrobotT370664-callback-configmaster
Enable oauth configuration through helm and gitlab CI variablesrepos/test-platform/catalyst/patchdemo!25kindrobotT370664-ssomaster
Customize query in GitLab

Related Objects
Search...

Event Timeline

SDunlap created this task.Jul 22 2024, 3:56 PM
Restricted Application added subscribers: matmarex, Aklapper. · View Herald TranscriptJul 22 2024, 3:56 PM
SDunlap updated the task description. (Show Details)Jul 22 2024, 3:59 PM
SDunlap added a parent task: T370076: [Go Live] Move patchdemo.wmcloud.org to Kubernetes in the catalyst WMCS project.Jul 22 2024, 4:10 PM
matmarex updated the task description. (Show Details)Jul 22 2024, 4:13 PM
matmarex removed a subscriber: Batorsz.
matmarex added a comment.Jul 22 2024, 4:31 PM

This is for the instance at https://patchdemo.catalyst.wmcloud.org, right?

If so, you will need to:

  1. Fill out the form at https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth1a to create a new "consumer". Have a look at https://meta.wikimedia.org/wiki/Special:OAuthListConsumers/view/5d6fcc21ccf92e5844a6f656bb9099b6 as an example (this is the existing consumer for legacy Patch demo), but choose a different name or version, and use the new domain in the callback URL. Consumers such as these that only require user identity verification should be auto-approved.
  2. In the Patch demo config.php file, fill out the oauth section, providing the same callback as you did in the form, and the key and secret you should get after submitting it. Have a look at the config on the patchdemo4-production instance for an example.

I think you won't be able to re-use the credentials that patchdemo4-production uses (which you can see in that config.php file), because they only work to authenticate the user for the patchdemo.wmcloud.org domain. But if the Catalyst instance replaces the legacy instance in the future, we'll need to copy those credentials there.

thcipriani subscribed.Jul 22 2024, 4:42 PM
In T370664#10003514, @matmarex wrote:

This is for the instance at https://patchdemo.catalyst.wmcloud.org, right?

No, this task is for ensuring the k8s version of patchdemo has sign in just like https://patchdemo.wmcloud.org/ and we'll eventually have the k8s instance served by that url. So I think we'll need to update credentials in the k8s application to use the same creds as the virtual machine instance—that's the goal of this task.

matmarex added a comment.Jul 22 2024, 9:48 PM

Oh, in that case, yes, you just need to copy them from the old config.php to the new config.php. Y'all should already have access to it.

thcipriani updated the task description. (Show Details)Jul 29 2024, 4:34 PM
thcipriani edited projects, added Catalyst (PatchDemo GoLive); removed Catalyst.Aug 5 2024, 4:13 PM
thcipriani assigned this task to SDunlap.Aug 5 2024, 4:28 PM
thcipriani set the point value for this task to 1.
thcipriani moved this task from Backlog to Ready on the Catalyst (PatchDemo GoLive) board.
SDunlap moved this task from Ready to In progress on the Catalyst (PatchDemo GoLive) board.Aug 6 2024, 2:58 PM
CodeReviewBot added a comment.Aug 13 2024, 3:13 PM

kindrobot merged https://gitlab.wikimedia.org/repos/qte/catalyst/patchdemo/-/merge_requests/25

Enable oauth configuration through helm and gitlab CI variables

CodeReviewBot added a project: Patch-For-Review.Aug 13 2024, 3:55 PM

kindrobot opened https://gitlab.wikimedia.org/repos/qte/catalyst/patchdemo/-/merge_requests/27

Add Oauth Callback Config as CI variable

CodeReviewBot added a comment.Aug 13 2024, 4:23 PM

kindrobot merged https://gitlab.wikimedia.org/repos/qte/catalyst/patchdemo/-/merge_requests/27

Add Oauth Callback Config as CI variable

SDunlap moved this task from In progress to Waiting for review on the Catalyst (PatchDemo GoLive) board.Aug 13 2024, 9:16 PM
thcipriani closed this task as Resolved.Aug 19 2024, 4:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits