Commit 56a3ef76 authored by Pablo Panero's avatar Pablo Panero
Browse files

Merge branch 'dev' into 'master'

Dev

See merge request webservices/cern-search/cern-search-rest-api!39
parents c50f8403 8fcdcd9c
......@@ -71,7 +71,7 @@ tag_image_dev: &tag_image_openshift
- oc tag --source=docker ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} ${RESOURCE}:${CI_COMMIT_TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}
variables:
TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
NAMESAPCE: ${NAMESPACE_DEV}
NAMESPACE: ${NAMESPACE_DEV}
OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
########## PROD ##########
......@@ -80,16 +80,14 @@ tag_image_prod:
<<: *tag_image_openshift
variables:
TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}
NAMESAPCE: ${NAMESPACE_PROD}
NAMESPACE: ${NAMESPACE_PROD}
OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_PROD}
########## DEV ##########
### Import image into OpenShift. Import $CI_COMMIT_TAG if present or 'latest' if not.
import_image_dev: &import_image_openshift
import_image_dev:
stage: import_image
environment: staging
only:
- tags
image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
script:
- oc import-image ${RESOURCE}:${CI_COMMIT_TAG:-latest} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}
......@@ -101,11 +99,17 @@ import_image_dev: &import_image_openshift
########## PROD ##########
### Import image into OpenShift. Import $CI_COMMIT_TAG if present or 'latest' if not.
import_image_prod:
<<: *import_image_openshift
stage: import_image
environment: master
only:
- tags
image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
script:
- oc import-image ${RESOURCE}:${CI_COMMIT_TAG:-latest} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}
variables:
TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}
NAMESAPCE: ${NAMESPACE_PROD}
OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_PROD}
NAMESPACE: ${NAMESPACE_PROD}
########## PROD ##########
deploy_production:
......@@ -119,6 +123,6 @@ deploy_production:
- oc --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE} tag ${RESOURCE}:${CI_COMMIT_TAG} ${RESOURCE}:stable
variables:
TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}
NAMESAPCE: ${NAMESPACE_PROD}
OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_PROD}
NAMESPACE: ${NAMESPACE_PROD}
GIT_STRATEGY: none
......@@ -15,6 +15,7 @@ documents and search among them when needed!
* [Debugging using a superuser](#debugging-using-a-superuser)
3. [ACLs and permissions](#acls-and-permissions)
4. [Setup](#setup)
* [Master project - Image Stream](#Master+project+-+Image+Stream)
5. [Configuration](#configuration)
......@@ -83,8 +84,8 @@ Lets assume the following JSON schema and Elasticsearch mapping for our demo doc
```json
{
"title": "Custom record schema v0.0.1",
"id": "http://<host:port>/schemas/cernsearch-test/test-doc_v0.0.1.json",
"$schema": "http://<host:port>/schemas/cernsearch-test/test-doc_v0.0.1.json",
"id": "http://<host:port>/schemas/cernsearch-test/doc_v0.0.1.json",
"$schema": "http://<host:port>/schemas/cernsearch-test/doc_v0.0.1.json",
"type": "object",
"properties": {
"_access": {
......@@ -187,14 +188,14 @@ curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \
-i 'http://<host:port>/api/records/' --data '
{
"_access": {
"delete": ["test-egroup@cern.ch"],
"delete": ["test-egroup@cern.ch"],
"owner": ["test-egroup@cern.ch"],
"read": ["test-egroup@cern.ch", "test-egroup-two@cern.ch"],
"read": ["test-egroup@cern.ch", "test-egroup-two@cern.ch"],
"update": ["test-egroup@cern.ch"]
},
"description": "This is an awesome description for our first uploaded document",
"title": "Demo document"
"$schema": "http://0.0.0.0/schemas/test-doc_v0.0.1.json"
"$schema": "http://0.0.0.0/schemas/cernsearch-test/doc_v0.0.1.json"
}
'
```
......@@ -415,7 +416,30 @@ This means the groups will be taken upon the first login of the user and never u
## Setup
An instance can be deployed using the OpenShift template (can be found in _template/cern-search-api.yml_)
An instance can be deployed using the OpenShift template (can be found in _template/cern-search-api.yml_). However, the CERN setup (and therefore the template) does not include the ``ImageStream``. In this case, a master project has been setup (e.g. test-cern-search-master) where the image will be push by the ``gitlab-ci`` pipeline. Afterwards, the child projects (instances) will pull this image due to the image change trigger.
### Master project - Image Stream
To push the new images to the master project first you need to login in the corresponding OpenShift instance (``oc login openshift-url.cern.ch``) and then work on the appropriate project (``oc project <project name>``). Finally you need to create the ImageStream before running the pipeline:
```bash
oc create -n openshift -f - <<EOF
apiVersion: v1
kind: ImageStream
metadata:
annotations:
description: <DESCRIPTION>
labels:
app: <APP_NAME>
name: <NAME>
spec:
dockerImageRepository: {gitlab-registry-url}
EOF
```
Another option would be to add ``--confirm`` to the ``import-image`` command in the CI file.
Finally you need to [gran permissions](https://docs.openshift.org/latest/dev_guide/managing_images.html#allowing-pods-to-reference-images-across-projects) to reference the image across projects, and set up the [image change trigger](https://docs.openshift.org/latest/architecture/core_concepts/builds_and_image_streams.html#image-stream-triggers) in the deployment config of the app.
Take into account:
......
......@@ -62,8 +62,8 @@ JSONSCHEMAS_REGISTER_ENDPOINTS_UI = False
# TODO use ES central service. Change INDEXER_RECORD_TO_INDEX = 'invenio_indexer.utils.default_record_to_index'
INDEXER_DEFAULT_DOC_TYPE = os.getenv('CERN_SEARCH_DEFAULT_DOC_TYPE', 'test-doc_v0.0.1')
INDEXER_DEFAULT_INDEX = os.getenv('CERN_SEARCH_DEFAULT_INDEX', 'cernsearch-test-test-doc_v0.0.1')
INDEXER_DEFAULT_DOC_TYPE = os.getenv('CERN_SEARCH_DEFAULT_DOC_TYPE', 'doc_v0.0.1')
INDEXER_DEFAULT_INDEX = os.getenv('CERN_SEARCH_DEFAULT_INDEX', 'cernsearch-test-doc_v0.0.1')
# Search configuration
# =====================
......
......@@ -70,7 +70,7 @@ class RecordPermission(object):
"""Create a record permission."""
# Allow everything for testing
if action in cls.list_actions:
return cls(record, has_owner_permission, user)
return cls(record, has_list_permission, user)
elif action in cls.create_actions:
return cls(record, has_owner_permission, user)
elif action in cls.read_actions:
......@@ -106,6 +106,11 @@ def get_index_from_request(record=None):
current_app.config['INDEXER_DEFAULT_DOC_TYPE'])
def has_list_permission(user, record=None):
"""Check if user is authenticated and has create access"""
return user.is_authenticated
def has_update_permission(user, record):
"""Check if user is authenticated and has update access"""
if user.is_authenticated:
......
{
"title": "Webservice Generic Website schema v1.0.0",
"id": "http://localhost:5000/schemas/webservices/generic_website_v1.0.0.json",
"$schema": "http://localhost:5000/schemas/webservices/generic_website_v1.0.0.json",
"type": "object",
"properties": {
"_access": {
"type": "object",
"properties": {
"owner":{
"type": "array",
"items": {
"type": "string"
}
},
"read":{
"type": "array",
"items": {
"type": "string"
}
},
"update":{
"type": "array",
"items": {
"type": "string"
}
},
"delete":{
"type": "array",
"items": {
"type": "string"
}
}
}
},
"name": {
"type": "string",
"description": "Website name or title."
},
"url": {
"type": "string",
"description": "Website URL."
},
"origin": {
"type": "string",
"description": "Website origin. Meaning FL or ATT, or SRC if its equals than url."
},
"last_updated": {
"type": "string",
"description": "Datetime of when the web page content was last updated."
},
"content": {
"type": "string",
"description": "Website content."
},
"extras": {
"type": "array",
"items": {
"type": "string"
},
"description": "Attachments and followed links present in the website"
},
"custom_pid": {
"type": "string"
},
"$schema": {
"type": "string"
}
}
}
\ No newline at end of file
{
"settings": {
"index.percolator.map_unmapped_fields_as_string": true,
"index.mapping.total_fields.limit": 50
},
"mappings": {
"generic_website_v1.0.0": {
"numeric_detection": true,
"_meta": {
"_owner": "CernSearch-Administrators@cern.ch"
},
"properties": {
"_access": {
"type": "nested",
"properties": {
"owner":{
"type": "keyword"
},
"read": {
"type": "keyword"
},
"update": {
"type": "keyword"
},
"delete": {
"type": "keyword"
}
}
},
"name": {
"type": "text",
"fields": {
"english": {
"type": "text",
"analyzer": "english"
},
"french": {
"type": "text",
"analyzer": "french"
}
}
},
"url": {
"type": "keyword"
},
"origin": {
"type": "keyword"
},
"content": {
"type": "text",
"fields": {
"english": {
"type": "text",
"analyzer": "english"
},
"french": {
"type": "text",
"analyzer": "french"
}
}
},
"extras": {
"type": "text",
"fields": {
"english": {
"type": "text",
"analyzer": "english"
},
"french": {
"type": "text",
"analyzer": "french"
}
}
},
"last_updated": {
"type": "date",
"format": "YYYY-MM-DDZHH:MM"
},
"custom_pid": {
"type": "keyword"
},
"$schema": {
"type": "keyword"
}
}
}
}
}
\ No newline at end of file
......@@ -8,4 +8,4 @@ and parsed by ``setup.py``.
from __future__ import absolute_import, print_function
__version__ = '0.0.2'
\ No newline at end of file
__version__ = '0.1.0b'
\ No newline at end of file
......@@ -91,11 +91,13 @@ setup(
],
'invenio_search.mappings': [
'cernsearch-test = cern_search_rest_api.modules.cernsearch.cernsearch_test.mappings',
'cernsearch-indico = cern_search_rest_api.modules.cernsearch.indico.mappings'
'cernsearch-indico = cern_search_rest_api.modules.cernsearch.indico.mappings',
'cernsearch-webservices = cern_search_rest_api.modules.cernsearch.webservices.mappings'
],
'invenio_jsonschemas.schemas': [
'cernsearch-test = cern_search_rest_api.modules.cernsearch.cernsearch_test.jsonschemas',
'cernsearch-indico = cern_search_rest_api.modules.cernsearch.indico.jsonschemas'
'cernsearch-indico = cern_search_rest_api.modules.cernsearch.indico.jsonschemas',
'cernsearch-webservices = cern_search_rest_api.modules.cernsearch.webservices.jsonschemas'
],
},
extras_require=extras_require,
......
#####################################################################################
##### DEPRECATED #####
##### Use gitlab.cern.ch/webservices/cern-search/cern-search-rest-api-openshift #####
#####################################################################################
apiVersion: v1
kind: Template
metadata:
......@@ -257,8 +262,6 @@ objects:
weight: 100
wildcardPolicy: None
# TODO: Delete when automated in OpenShift/GitLab CI
##############################
######## IMAGE STREAM ########
##############################
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment