Poetry

.dockerignore

@@ -5,4 +5,6 @@
 !example_sp
 !requirements.txt
 !oids.conf
-!build_spid_certs.sh
+!build_spid_certs.sh
+!pyproject.toml
+!poetry.lock

.github/workflows/python-app.yml

@@ -5,9 +5,9 @@ name: iam-proxy-italia
 
 on:
   push:
-    branches: [ master, dev, eudi ]
+    branches: [ master, dev ]
   pull_request:
-    branches: [ master, dev, eudi ]
+    branches: [ master, dev ]
 
 jobs:
   build:
@@ -30,11 +30,15 @@ jobs:
         python-version: ${{ matrix.python-version }}
     - name: Install Python dependencies
       run: |
-        pip install spid-sp-test>=1.2.17
-        pip install flake8
+        pip install --upgrade pip
+        pip install flake8 pipx poetry
+        pip install --upgrade packaging
+        poetry install
+        source $(poetry env info | grep -m1 Path  | awk -F" " {'print $2'})/bin/activate
+        pip install "spid-sp-test>=1.2.17"
     - name: Ispect Python dependencies
       run: |
-        pip list
+        poetry show --tree
     - name: Lint with flake8
       run: |
         ## stop the build if there are Python syntax errors or undefined names
@@ -65,13 +69,19 @@ jobs:
     - name: spid-sp-test SPID metadata, requests and responses
       run: |
         cd Docker-compose/satosa-project
+        source $(poetry env info | grep -m1 Path | awk -F" " {'print $2'})/bin/activate
+        export PATH=$PATH:$(poetry env info | grep -m1 Path | awk -F" " {'print $2'})/bin
         spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml
         spid_sp_test --metadata-url https://localhost/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8443" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr
     - name: spid-sp-test CIE id metadata
       run: |
         cd Docker-compose/satosa-project
+        source $(poetry env info | grep -m1 Path | awk -F" " {'print $2'})/bin/activate
+        export PATH=$PATH:$(poetry env info | grep -m1 Path | awk -F" " {'print $2'})/bin
         spid_sp_test --profile cie-sp-public --metadata-url https://localhost/cieSaml2/metadata
     - name: spid-sp-test eIDAS FiCEP metadata
       run: |
         cd Docker-compose/satosa-project
+        source $(poetry env info | grep -m1 Path | awk -F" " {'print $2'})/bin/activate
+        export PATH=$PATH:$(poetry env info | grep -m1 Path | awk -F" " {'print $2'})/bin
         spid_sp_test --profile ficep-eidas-sp --metadata-url https://localhost/spidSaml2/metadata

Docker-compose/docker-compose.yml

@@ -61,13 +61,13 @@ services:
       - iam-proxy-italia
 
   iam-proxy-italia:
-    image: ghcr.io/italia/iam-proxy-italia:latest
+    #image: ghcr.io/italia/iam-proxy-italia:latest
     #image: iam-proxy-italia:latest
-    #build: 
-    #    context: ../      
-    #    args: 
-    #        - NODE_ENV=local        
-    #    dockerfile: Dockerfile
+    build: 
+        context: ../      
+        args: 
+            - NODE_ENV=local        
+        dockerfile: Dockerfile
     container_name: iam-proxy-italia
     # depends_on:
     #  - satosa-mongo

Docker-compose/run-docker-compose.sh

@@ -36,7 +36,7 @@ function update {
     docker compose -f docker-compose.yml down -v
     echo -e "\n"
     echo -e "Tiro su la composizione, in caso, con le nuove versioni delle immagini. \n"
-docker compose -f docker-compose.yml build django_sp
+    docker compose -f docker-compose.yml build django_sp
   fi
 }
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21.2
 
 # Metadata params
 ARG BUILD_DATE
@@ -18,19 +18,24 @@ LABEL org.opencontainers.image.authors=$AUTHORS \
       org.opencontainers.image.revision=$VCS_REF \
       org.opencontainers.image.description="Docker Image di iam-proxy-italia."
 
-COPY requirements.txt /
-
 ENV BASEDIR="/satosa_proxy"
+RUN mkdir $BASEDIR
+
+RUN addgroup -S satosa && adduser -S satosa -G satosa && chown satosa:satosa $BASEDIR
 
 # "tzdata"  package is required to set timezone with TZ environment
 # "mailcap" package is required to add mimetype support
-RUN apk add --update --no-cache tzdata mailcap xmlsec libffi-dev openssl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash jq yq-go pcre-dev
-
-RUN python3 -m venv .venv && . .venv/bin/activate && pip3 install --upgrade pip setuptools \
-      && pip3 install -r requirements.txt --ignore-installed --root-user-action=ignore && mkdir $BASEDIR \
-      && addgroup -S satosa && adduser -S satosa -G satosa \
-      && chown satosa:satosa $BASEDIR
-
-RUN pip list
+RUN apk add --update --no-cache tzdata mailcap xmlsec libffi-dev openssl-dev python3-dev py3-pip openssl build-base gcc wget bash pcre-dev
+
+COPY poetry.lock /
+COPY pyproject.toml /
+
+RUN python3 -m venv .venv && . .venv/bin/activate
+RUN pip3 install --upgrade pip --break-system-packages
+RUN pip3 install flake8 pipx poetry --break-system-packages 
+RUN poetry self update
+RUN poetry config virtualenvs.in-project true
+RUN poetry install
+RUN poetry add setuptools
 
 WORKDIR $BASEDIR/

README-Setup.md

@@ -28,15 +28,20 @@ Within the directory `/{your path}/iam-proxy-italia` execute the following comma
 
 ```
 pip install --upgrade pip
-pip install virtualenv
+pip install flake8 pipx poetry
+pip install --upgrade packaging
+poetry config virtualenvs.in-project true
+poetry install
+source .venv/bin/activate
+pip install "spid-sp-test>=1.2.17"
 
 mkdir satosa_proxy && cd satosa_proxy
-virtualenv -ppython3 satosa.env
-source satosa.env/bin/activate
 
 git clone https://github.com/italia/iam-proxy-italia.git repository
 cd repository
-pip install -r requirements.txt
+
+poetry install
+poetry env info
 ```
 
 ## Configure the Proxy
@@ -64,7 +69,6 @@ Remember to:
 This project uses [SATOSA_oidcop](https://github.com/UniversitaDellaCalabria/SATOSA-oidcop) as OAuth2/OIDC frontend module.
 Comment/uncomment the following statement in the proxy_configuration to enable it.
 
-https://github.com/italia/iam-proxy-italia/blob/oidcop/example/proxy_conf.yaml#L32
 
 ### Configuration by environment variables
 

README.md

@@ -1,7 +1,7 @@
 # IAM Proxy Italia
 
-IAM Proxy Italia is the SAML2/OIDC IAM Proxy based on [SATOSA](https://github.com/IdentityPython/SATOSA)
-for **SAML-to-SAML**, **OIDC-to-SAML**, **SAML-to-Wallet** and **OIDC-to-Wallet** interoperability
+IAM Proxy Italia is the distribution of the [SATOSA](https://github.com/IdentityPython/SATOSA) SAML2/OIDC IAM Proxy allowing
+**SAML-to-SAML**, **OIDC-to-SAML**, **SAML-to-Wallet** and **OIDC-to-Wallet** interoperability
 with the  **Italian Digital Identity Systems**.
 
 ## Table of Contents

example/entrypoint.sh

@@ -11,7 +11,7 @@ if [[ $GET_IDEM_MDQ_KEY == true ]]; then
   wget $REMOTE_DATA_LOCATION
   status=$?
   while [[ $status != 0 && $MAX_RETRY -gt 0 ]]; do
-    echo "Retrying download from registry.spid.gov.it..."
+    echo "Retrying download from registry.spid.gov.it ..."
     wget $REMOTE_DATA_LOCATION
     status=$?
     MAX_RETRY=$((MAX_RETRY-1))
@@ -25,6 +25,8 @@ if [[ $GET_IDEM_MDQ_KEY == true ]]; then
   echo "Downloaded IDEM MDQ key"
 fi
 
+poetry show
+
 wsgi_file=/.venv/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa/wsgi.py
 wsgi_cmd="uwsgi --ini /satosa_proxy/uwsgi_setup/uwsgi/uwsgi.ini.docker --wsgi-file $wsgi_file"
 if [[ $SATOSA_DEBUG == true ]]; then