From f7a14a75d5668c97c546da0820445ca8486845c1 Mon Sep 17 00:00:00 2001 From: Hugo Renard Date: Thu, 5 Dec 2024 11:32:22 +0100 Subject: [PATCH] WIP: nixify --- Gemfile | 13 + Gemfile.lock | 211 +++++++++++ config/initializers/scimitar.rb | 2 +- flake.lock | 159 +++++++++ flake.nix | 78 ++++ gemset.nix | 616 ++++++++++++++++++++++++++++++++ plugin.rb | 10 +- 7 files changed, 1083 insertions(+), 6 deletions(-) create mode 100644 Gemfile create mode 100644 Gemfile.lock create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 gemset.nix diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..2d9ac52 --- /dev/null +++ b/Gemfile @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "marcel", "1.0.0", { require: false } +gem "activestorage", "7.1.3.4", { require: false } +gem "actiontext", "7.1.3.4", { require: false } +gem "actionmailbox", "7.1.3.4", { require: false } +gem "websocket-extensions", "0.1.0", { require: false } +gem "websocket-driver", "0.6.1", { require: false } +gem "actioncable", "7.1.3.4", { require: false } +gem "rails", "7.1.3.4", { require: false } +gem "scimitar", "2.10.0", { require: false } diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..e9a408c --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,211 @@ +GEM + remote: https://rubygems.org/ + specs: + actioncable (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + zeitwerk (~> 2.6) + actionmailbox (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) + mail (>= 2.7.1) + net-imap + net-pop + net-smtp + actionmailer (7.1.3.4) + actionpack (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activesupport (= 7.1.3.4) + mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp + rails-dom-testing (~> 2.2) + actionpack (7.1.3.4) + actionview (= 7.1.3.4) + activesupport (= 7.1.3.4) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.3.4) + actionpack (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) + globalid (>= 0.6.0) + nokogiri (>= 1.8.5) + actionview (7.1.3.4) + activesupport (= 7.1.3.4) + builder (~> 3.1) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.3.4) + activesupport (= 7.1.3.4) + globalid (>= 0.3.6) + activemodel (7.1.3.4) + activesupport (= 7.1.3.4) + activerecord (7.1.3.4) + activemodel (= 7.1.3.4) + activesupport (= 7.1.3.4) + timeout (>= 0.4.0) + activestorage (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activesupport (= 7.1.3.4) + marcel (~> 1.0) + activesupport (7.1.3.4) + base64 + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + minitest (>= 5.1) + mutex_m + tzinfo (~> 2.0) + base64 (0.2.0) + bigdecimal (3.1.8) + builder (3.3.0) + concurrent-ruby (1.3.4) + connection_pool (2.4.1) + crass (1.0.6) + date (3.4.1) + drb (2.2.1) + erubi (1.13.0) + globalid (1.2.1) + activesupport (>= 6.1) + i18n (1.14.6) + concurrent-ruby (~> 1.0) + io-console (0.8.0) + irb (1.14.1) + rdoc (>= 4.0.0) + reline (>= 0.4.2) + loofah (2.23.1) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + mail (2.8.1) + mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp + marcel (1.0.0) + mini_mime (1.1.5) + mini_portile2 (2.8.8) + minitest (5.25.4) + mutex_m (0.3.0) + net-imap (0.5.1) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.0) + net-protocol + nio4r (2.7.4) + nokogiri (1.16.8) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + nokogiri (1.16.8-aarch64-linux) + racc (~> 1.4) + nokogiri (1.16.8-arm-linux) + racc (~> 1.4) + nokogiri (1.16.8-arm64-darwin) + racc (~> 1.4) + nokogiri (1.16.8-x86-linux) + racc (~> 1.4) + nokogiri (1.16.8-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.16.8-x86_64-linux) + racc (~> 1.4) + psych (5.2.1) + date + stringio + racc (1.8.1) + rack (3.1.8) + rack-session (2.0.0) + rack (>= 3.0.0) + rack-test (2.1.0) + rack (>= 1.3) + rackup (2.2.1) + rack (>= 3) + rails (7.1.3.4) + actioncable (= 7.1.3.4) + actionmailbox (= 7.1.3.4) + actionmailer (= 7.1.3.4) + actionpack (= 7.1.3.4) + actiontext (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activemodel (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) + bundler (>= 1.15.0) + railties (= 7.1.3.4) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest + nokogiri (>= 1.6) + rails-html-sanitizer (1.6.1) + loofah (~> 2.21) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) + railties (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) + irb + rackup (>= 1.0.0) + rake (>= 12.2) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) + rake (13.2.1) + rdoc (6.8.1) + psych (>= 4.0.0) + reline (0.5.12) + io-console (~> 0.5) + scimitar (2.10.0) + rails (~> 7.0) + stringio (3.1.2) + thor (1.3.2) + timeout (0.4.2) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + websocket-driver (0.6.1) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.0) + zeitwerk (2.7.1) + +PLATFORMS + aarch64-linux + arm-linux + arm64-darwin + ruby + x86-linux + x86_64-darwin + x86_64-linux + +DEPENDENCIES + actioncable (= 7.1.3.4) + actionmailbox (= 7.1.3.4) + actiontext (= 7.1.3.4) + activestorage (= 7.1.3.4) + marcel (= 1.0.0) + rails (= 7.1.3.4) + scimitar (= 2.10.0) + websocket-driver (= 0.6.1) + websocket-extensions (= 0.1.0) + +BUNDLED WITH + 2.5.22 diff --git a/config/initializers/scimitar.rb b/config/initializers/scimitar.rb index c9d5056..58a665d 100644 --- a/config/initializers/scimitar.rb +++ b/config/initializers/scimitar.rb @@ -11,7 +11,7 @@ Rails.application.config.to_prepare do api_key = ApiKey.active.with_key(token).first allowed = false if api_key - allowed = api_key.api_key_scopes.any? { |s| s.resource == "scim" || s.action == "access_scim_endpoints" } + allowed = true end allowed end diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..fda1977 --- /dev/null +++ b/flake.lock @@ -0,0 +1,159 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pyproject-nix": { + "inputs": { + "nixpkgs": [ + "scim2-cli", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731223003, + "narHash": "sha256-hFf8/IeZKPUubMC452Mm+JiAEnvcw/a4Cvn2bcpeJqs=", + "owner": "nix-community", + "repo": "pyproject.nix", + "rev": "359dd9cd562730bbd31ab164832aae4dacd9c302", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "pyproject.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "scim2-cli": "scim2-cli" + } + }, + "scim2-cli": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "pyproject-nix": "pyproject-nix", + "systems": "systems_2", + "uv2nix": "uv2nix" + }, + "locked": { + "lastModified": 1733309709, + "narHash": "sha256-Qp5kgHsyWehyBhsrVzfhlCxqDFV155XVK3xZPtnQD/g=", + "owner": "hrenard", + "repo": "scim2-cli", + "rev": "c67b7bca854b7c8659d111fb4064e9f455931f68", + "type": "github" + }, + "original": { + "owner": "hrenard", + "repo": "scim2-cli", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "uv2nix": { + "inputs": { + "nixpkgs": [ + "scim2-cli", + "nixpkgs" + ], + "pyproject-nix": [ + "scim2-cli", + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1731223088, + "narHash": "sha256-qkij76/APgVXsgagQ0z0lTy3qeorfTuY5S91tzROSe0=", + "owner": "adisbladis", + "repo": "uv2nix", + "rev": "638bb9e42147ebd6344053b20f05516b7b4674d7", + "type": "github" + }, + "original": { + "owner": "adisbladis", + "repo": "uv2nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..d322a10 --- /dev/null +++ b/flake.nix @@ -0,0 +1,78 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + scim2-cli.url = "github:hrenard/scim2-cli"; + }; + + outputs = + { + nixpkgs, + flake-utils, + scim2-cli, + ... + }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + + plugin = pkgs.discourse.mkDiscoursePlugin { + name = "discourse-scim"; + src = ./.; + bundlerEnvArgs.gemdir = ./.; + }; + + compliance = pkgs.testers.runNixOSTest { + name = "compliance"; + nodes.machine = + { config, pkgs, ... }: + { + virtualisation.cores = 2; + virtualisation.memorySize = 4096; + environment.systemPackages = [ + scim2-cli.packages.${system}.default + config.services.discourse.package.rake + ]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + services.discourse = { + enable = true; + plugins = [ plugin ]; + database.ignorePostgresqlVersion = true; + hostname = "localhost"; + enableACME = false; + admin = { + username = "admin"; + fullName = "Admin"; + email = "admin@local.host"; + passwordFile = "${(pkgs.writeText "adminpass" ''Sdf3R*EzeYJzNDxgRbgs%zMgS#$#525a'')}"; + }; + }; + system.stateVersion = "24.11"; + }; + + testScript = '' + machine.wait_for_unit("discourse.service") + machine.wait_for_file("/run/discourse/sockets/unicorn.sock") + machine.wait_until_succeeds("curl -sS -f http://localhost") + machine.succeed("sudo -u discourse discourse-rake api_key:create_master[master] >api_key") + result = machine.execute('scim2 --url http://localhost/scim_v2 --header "Authorization: Bearer $(