diff options
| -rw-r--r-- | genenetwork-development.scm | 69 |
1 files changed, 68 insertions, 1 deletions
diff --git a/genenetwork-development.scm b/genenetwork-development.scm index 08e50eb..966b0fa 100644 --- a/genenetwork-development.scm +++ b/genenetwork-development.scm @@ -1527,6 +1527,69 @@ gn-guile to display RDF pages." (xapian-db-path %xapian-directory))) +(define (gn-auth-test-flask config) + "Return a program-file that wraps flask with the gn-auth environment +derived from CONFIG. All arguments are forwarded to flask, allowing +the caller to invoke any flask CLI command (create-test-users, +delete-test-users, etc.) as the genenetwork user via sudo." + (match-record config <genenetwork-configuration> + (auth-db-path gn-auth-secrets gn-auth-repository repositories-checkout-directory) + (let* ((gn-auth-profile (profile + (content (package->development-manifest gn-auth)) + (allow-collisions? #t))) + (gn-auth-conf (mixed-text-file + "gn-auth-test.conf" + "AUTH_DB=\"" auth-db-path "\"\n" + "GN_AUTH_SECRETS=\"" gn-auth-secrets + "/gn-auth-secrets.py\"\n" + "CLIENTS_SSL_PUBLIC_KEYS_DIR=\"" gn-auth-secrets + "/clients-public-keys\"\n" + "SSL_PRIVATE_KEY=\"" gn-auth-secrets + "/gn-auth-ssl-private-key.pem\"\n")) + (gn-libs-checkout (string-append repositories-checkout-directory "/gn-libs")) + (gn-auth-checkout (string-append repositories-checkout-directory "/gn-auth"))) + (program-file + "gn-auth-test-flask" + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (define (hline) + "Print a horizontal line 50 '=' characters long." + (display (make-string 50 #\=)) + (newline) + (force-output)) + + (define (show-head-commit) + (hline) + (invoke #$(file-append git-minimal "/bin/git") + "log" "--max-count" "1") + (hline)) + (with-directory-excursion #$gn-libs-checkout + (show-head-commit)) + (with-directory-excursion #$gn-auth-checkout + (show-head-commit)) + + (setenv "PYTHONPATH" + (string-append #$gn-libs-checkout ":" + #$gn-auth-checkout ":" + #$gn-auth-profile + "/lib/python3.11/site-packages")) + (setenv "REQUESTS_CA_BUNDLE" + (string-append #$gn-auth-profile + "/etc/ssl/certs/ca-certificates.crt")) + (setenv "GN_AUTH_PROFILE" #$gn-auth-profile) + (setenv "GN_AUTH_CONF" #$gn-auth-conf) + (setenv "HOME" "/tmp") + (setenv "AUTHLIB_INSECURE_TRANSPORT" "true") + (apply invoke + (string-append #$gn-auth-profile "/bin/flask") + (cons* "--app" "gn_auth.wsgi:app" + (cdr (program-arguments)))))))))) + +(define %gn-auth-test-flask + (gn-auth-test-flask %genenetwork-configuration)) + (operating-system (host-name "genenetwork-development") (timezone "UTC") @@ -1552,7 +1615,11 @@ gn-guile to display RDF pages." (file-append shepherd "/bin/herd") " stop gn-auth, " (file-append shepherd "/bin/herd") " restart gn-auth\n" ;; Permit the acme user to restart nginx. - "\nacme ALL = NOPASSWD: " (file-append shepherd "/bin/herd") " restart nginx\n")) + "\nacme ALL = NOPASSWD: " (file-append shepherd "/bin/herd") " restart nginx\n" + ;; Permit the laminar user to run gn-auth test setup/teardown + ;; commands as the genenetwork user. + "\nlaminar ALL = (genenetwork) NOPASSWD: " + %gn-auth-test-flask "\n")) (services (cons* (service forge-service-type (forge-configuration (projects (list transform-genenetwork-database-project |