-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Django Admin -> Changes to replace Admin API #4473
Conversation
- Migrated logic pertaining to all Django Admin changes from API PR.
Terraform plan for meta No changes. Your infrastructure matches the configuration.
✅ Plan applied in Deploy to Development and Management Environment #870 |
Terraform plan for dev Plan: 1 to add, 2 to change, 1 to destroy.Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
!~ update in-place
-/+ destroy and then create replacement
Terraform will perform the following actions:
# module.dev.module.clamav.cloudfoundry_app.clamav_api will be updated in-place
!~ resource "cloudfoundry_app" "clamav_api" {
!~ docker_image = "ghcr.io/gsa-tts/fac/clamav@sha256:0188c58cf771da2914275f870a05aeb45b4b25d8a9e71be06cd854da719c8ed5" -> "ghcr.io/gsa-tts/fac/clamav@sha256:145e77e6c09e4ec690e8c898f7fd14aaa6f4fdff03b4e4af3001bd4944f945a9"
id = "779bbc51-f78a-4186-90eb-5acb68d7d746"
name = "fac-av-dev"
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# module.dev.module.cors.null_resource.cors_header must be replaced
-/+ resource "null_resource" "cors_header" {
!~ id = "*******************" -> (known after apply)
!~ triggers = { # forces replacement
!~ "always_run" = "2024-11-27T17:55:48Z" -> (known after apply)
}
}
# module.dev.module.file_scanner_clamav.cloudfoundry_app.clamav_api will be updated in-place
!~ resource "cloudfoundry_app" "clamav_api" {
!~ docker_image = "ghcr.io/gsa-tts/fac/clamav@sha256:0188c58cf771da2914275f870a05aeb45b4b25d8a9e71be06cd854da719c8ed5" -> "ghcr.io/gsa-tts/fac/clamav@sha256:145e77e6c09e4ec690e8c898f7fd14aaa6f4fdff03b4e4af3001bd4944f945a9"
id = "65c83416-4126-4785-99c2-5e1adb810422"
name = "fac-av-dev-fs"
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 1 to add, 2 to change, 1 to destroy. ❌ Error applying plan in Deploy to Development and Management Environment #870 |
@rnovak338 I think you meant to request a review from @jperson1 |
I requested the whole FAC team so you may have gotten pinged. But yes this is pretty technical, so I just need devs on this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested successfully, and it worked perfectly!
Couple of notes from discussion with Bobby:
|
- Removed matthew.jadud@gsa.gov from staffusers. - Removed requirement for user to exist when adding a new `userpermission`.
- Lowercasing emails that are added to TribalApiAccessKeyIds. - Creating logs for CRUD operations through the Django Admin Panel, using the factory `LogEntry` model. - New signal for listening to new `LogEntry` records, then modifying its contents for more readable output.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Terraform plan for meta No changes. Your infrastructure matches the configuration.
📝 Plan generated in Pull Request Checks #3987 |
Terraform plan for dev Plan: 1 to add, 2 to change, 1 to destroy.Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
!~ update in-place
-/+ destroy and then create replacement
Terraform will perform the following actions:
# module.dev.module.clamav.cloudfoundry_app.clamav_api will be updated in-place
!~ resource "cloudfoundry_app" "clamav_api" {
!~ docker_image = "ghcr.io/gsa-tts/fac/clamav@sha256:0188c58cf771da2914275f870a05aeb45b4b25d8a9e71be06cd854da719c8ed5" -> "ghcr.io/gsa-tts/fac/clamav@sha256:145e77e6c09e4ec690e8c898f7fd14aaa6f4fdff03b4e4af3001bd4944f945a9"
id = "779bbc51-f78a-4186-90eb-5acb68d7d746"
name = "fac-av-dev"
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# module.dev.module.cors.null_resource.cors_header must be replaced
-/+ resource "null_resource" "cors_header" {
!~ id = "*******************" -> (known after apply)
!~ triggers = { # forces replacement
!~ "always_run" = "2024-11-27T17:55:48Z" -> (known after apply)
}
}
# module.dev.module.file_scanner_clamav.cloudfoundry_app.clamav_api will be updated in-place
!~ resource "cloudfoundry_app" "clamav_api" {
!~ docker_image = "ghcr.io/gsa-tts/fac/clamav@sha256:0188c58cf771da2914275f870a05aeb45b4b25d8a9e71be06cd854da719c8ed5" -> "ghcr.io/gsa-tts/fac/clamav@sha256:145e77e6c09e4ec690e8c898f7fd14aaa6f4fdff03b4e4af3001bd4944f945a9"
id = "65c83416-4126-4785-99c2-5e1adb810422"
name = "fac-av-dev-fs"
# (17 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 1 to add, 2 to change, 1 to destroy. ✅ Plan applied in Deploy to Development and Management Environment #870 |
All changes from #4427 in relation to the Django Admin updates. This PR enhances Django Admin to provide the team more accessibility to enabling tribal access and API keys for users.
staffusers.json
file, which dictates access to Django Admin. The only way we can bring in new users is through a PR that manipulates this file. This means we can keep track historically of who gets added/removed from the Django Admin staff list.onboarding.md
andoffboarding.md
have been updated to reflect this change.read-only
,helpdesk
, andsuperuser
.User permissions
andTribal api access key ids
) to allow support forhelpdesk
andsuperuser
privileges to add/remove content. Previously, this was only accessible through the Admin API.Log entries
table, which will keep track of any changes made directly through Django Admin. Shown below:NOTE - this PR does NOT remove any Admin API logic (yet).
How to test
Getting into Django Admin
staffusers.json
list for users that exist in theauth_users
table. However, your account will only populate here if you log into Login.gov at least once. Hence, step 3).localhost:8000/admin
and log in. You should be able to get into Django Admin at this point.Feedback as of 11/26
userpermission
using an email that does not exist in the system.userpermission
table, then create auserpermission
for your email using caps.TribalApiAccessKeyId
with an uppercase letter email (and use whatever text you'd like for thekey_id
).TribalApiAccessKeyId
record.Log entries
table and validate that the entire changelog was stored.PR Checklist: Submitter
main
into your branch shortly before creating the PR. (You should also be mergingmain
into your branch regularly during development.)git status | grep migrations
. If there are any results, you probably need to add them to the branch for the PR. Your PR should have only one new migration file for each of the component apps, except in rare circumstances; you may need to delete some and re-runpython manage.py makemigrations
to reduce the number to one. (Also, unless in exceptional circumstances, your PR should not delete any migration files.)PR Checklist: Reviewer
make docker-clean; make docker-first-run && docker compose up
; then rundocker compose exec web /bin/bash -c "python manage.py test"
The larger the PR, the stricter we should be about these points.
Pre Merge Checklist: Merger
-/+ resource "null_resource" "cors_header"
should be destroying and recreating its self and~ resource "cloudfoundry_app" "clamav_api"
might be updating itssha256
for thefac-file-scanner
andfac-av-${ENV}
by default.main
.