Canonical SSO provider

Merge ~suligap/canonical-identity-provider:talisker-init-with-sentry-overhaul into canonical-identity-provider:master

  1. Git
  2. lp:~suligap/canonical-identity-provider
  3. talisker-init-with-sentry-overhaul
  4. Merge into master
Proposed by Przemysław Suliga
Status: Merged
Approved by: Przemysław Suliga
Approved revision: 99cd5cebf1a79b106e2bcd2295a51b667d56968c
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~suligap/canonical-identity-provider:talisker-init-with-sentry-overhaul
Merge into: canonical-identity-provider:master
Diff against target: 160 lines (+14/-21)
5 files modified
Makefile (+2/-1)
django_project/settings_base.py (+9/-12)
django_project/settings_devel.py (+0/-1)
requirements.txt (+3/-3)
src/identityprovider/wsgi.py (+0/-4)
Reviewer Review Type Date Requested Status
Daniel Manrique (community) Approve
Review via email: mp+384254@code.launchpad.net

Commit message

Switch to talisker and simplify/standardise the Sentry config

Description of the change

Description in the commit message.

Required dependencies MP: https://code.launchpad.net/~suligap/canonical-identity-provider/dependencies-talisker/+merge/384255.

Looks like the charm itself is already talisker aware and will use it instead of gunicorn if it's installed: https://bazaar.launchpad.net/~ubuntuone-pqm-team/canonical-identity-provider/charm/view/head:/playbook.yaml#L89

To post a comment you must log in.
Revision history for this message
Daniel Manrique (roadmr) wrote :

LGTM, I like that the changes are pretty well-localized and not too intrusive.

review: Approve
Revision history for this message
Przemysław Suliga (suligap) wrote :

Thanks for the reviews Daniel!

I've added the mentioned soft request timeout config for talisker in https://code.launchpad.net/~suligap/canonical-identity-provider/charm-talisker-soft-request-timeout/+merge/384493

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/Makefile b/Makefile
index d76add8..8b077a1 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,7 @@ CONFIGMANAGER = config-manager.txt
6CONN_CHECK_CONFIG_PATH ?= /tmp/sso_conn_check_config.yaml6CONN_CHECK_CONFIG_PATH ?= /tmp/sso_conn_check_config.yaml
7DJANGO_SETTINGS_MODULE ?= settings7DJANGO_SETTINGS_MODULE ?= settings
8ENV = $(CURDIR)/env8ENV = $(CURDIR)/env
9GUNICORN = $(ENV)/bin/talisker
9JUJU_ENV ?= local10JUJU_ENV ?= local
10JUJU_REPO ?= ../.juju-repo11JUJU_REPO ?= ../.juju-repo
11LOCAL_SETTINGS_DIR ?= $(CURDIR)/../local_config12LOCAL_SETTINGS_DIR ?= $(CURDIR)/../local_config
@@ -200,7 +201,7 @@ manage: ## Run django management commands
200run: ARGS=0.0.0.0:8000201run: ARGS=0.0.0.0:8000
201run: PID_ID=gunicorn202run: PID_ID=gunicorn
202run: collectstatic django-check ## Start development server203run: collectstatic django-check ## Start development server
203 $(ENV)/bin/gunicorn django_project.wsgi:application --workers=2 --reload --pid=logs/$(PID_ID).pid --bind=$(ARGS) --timeout=99999 --error-logfile=- --access-logfile=- $(SSL_CONFIG)204 DEVEL=1 $(GUNICORN) django_project.wsgi:application --workers=2 --reload --pid=logs/$(PID_ID).pid --bind=$(ARGS) --error-logfile=- --access-logfile=- $(SSL_CONFIG)
204205
205run-ssl: dev-sso.crt206run-ssl: dev-sso.crt
206 $(MAKE) run SSL_CONFIG="--certfile=dev-sso.crt --keyfile=dev-sso.key --ssl-version 2" ARGS=0.0.0.0:8443 SSO_ROOT_URL=https://sso-xenial:8443 PID_ID=gunicorn-ssl207 $(MAKE) run SSL_CONFIG="--certfile=dev-sso.crt --keyfile=dev-sso.key --ssl-version 2" ARGS=0.0.0.0:8443 SSO_ROOT_URL=https://sso-xenial:8443 PID_ID=gunicorn-ssl
diff --git a/django_project/settings_base.py b/django_project/settings_base.py
index e0aa795..561acbf 100644
--- a/django_project/settings_base.py
+++ b/django_project/settings_base.py
@@ -214,6 +214,7 @@ INSTALLED_APPS = [
214 'pgtools',214 'pgtools',
215 'piston',215 'piston',
216 'preflight',216 'preflight',
217 'raven.contrib.django.raven_compat',
217 'saml2idp',218 'saml2idp',
218219
219 # own apps220 # own apps
@@ -221,8 +222,6 @@ INSTALLED_APPS = [
221 'identityprovider',222 'identityprovider',
222 'ubuntu_sso_saml',223 'ubuntu_sso_saml',
223 'webui',224 'webui',
224 'raven.contrib.django.raven_compat',
225 'canonical_raven',
226]225]
227INTERNAL_IPS = []226INTERNAL_IPS = []
228LANGUAGES = [227LANGUAGES = [
@@ -357,6 +356,12 @@ LOGGING = {
357 'filters': [],356 'filters': [],
358 'handlers': ['file'],357 'handlers': ['file'],
359 },358 },
359 'talisker.wsgi': {
360 'level': 'WARNING',
361 'propagate': False,
362 'filters': [],
363 'handlers': ['file'],
364 },
360 },365 },
361 'root': {366 'root': {
362 'level': 'INFO',367 'level': 'INFO',
@@ -383,7 +388,6 @@ MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage'
383MIDDLEWARE_CLASSES = [388MIDDLEWARE_CLASSES = [
384 ('raven.contrib.django.raven_compat.middleware'389 ('raven.contrib.django.raven_compat.middleware'
385 '.SentryResponseErrorIdMiddleware'),390 '.SentryResponseErrorIdMiddleware'),
386 'canonical_raven.middleware.RavenContextMiddleware',
387 'api.v20.utils.EnsureJSONResponseOnAPIErrorMiddleware',391 'api.v20.utils.EnsureJSONResponseOnAPIErrorMiddleware',
388 'identityprovider.middleware.http.SetRemoteAddrFromForwardedFor',392 'identityprovider.middleware.http.SetRemoteAddrFromForwardedFor',
389 'identityprovider.middleware.statsd.PistonRequestTimingMiddleware',393 'identityprovider.middleware.statsd.PistonRequestTimingMiddleware',
@@ -470,15 +474,8 @@ RAVEN_CONFIG = {
470 # 'dsn': 'http://api:key@sentry.host/project_id',474 # 'dsn': 'http://api:key@sentry.host/project_id',
471 'release': version_info['revno'],475 'release': version_info['revno'],
472 'string_max_length': 16000,476 'string_max_length': 16000,
473 'install_sql_hook': False,
474 'CELERY_LOGLEVEL': logging.WARN,477 'CELERY_LOGLEVEL': logging.WARN,
475 'processors': [478 # talisker takes care of setting safe defaults for raven.
476 'raven.processors.SanitizePasswordsProcessor',
477 'raven.processors.RemoveStackLocalsProcessor',
478 'raven.processors.RemovePostDataProcessor',
479 'canonical_raven.processors.RemoveCookiesProcessor',
480 'canonical_raven.processors.SanitizeTimelineDjangoProcessor',
481 ],
482}479}
483READ_ONLY_MODE = False480READ_ONLY_MODE = False
484ROOT_URLCONF = 'django_project.urls'481ROOT_URLCONF = 'django_project.urls'
@@ -500,6 +497,7 @@ SECURE_PROXY_SSL_HEADER = None
500SECURE_SSL_REDIRECT = False497SECURE_SSL_REDIRECT = False
501SEND_BROKEN_LINK_EMAILS = False498SEND_BROKEN_LINK_EMAILS = False
502SENTRY_CELERY_LOGLEVEL = logging.WARN499SENTRY_CELERY_LOGLEVEL = logging.WARN
500SENTRY_CLIENT = 'talisker.django.SentryClient'
503SERVER_EMAIL = 'noreply@ubuntu.com'501SERVER_EMAIL = 'noreply@ubuntu.com'
504SESSION_CACHE_ALIAS = 'default'502SESSION_CACHE_ALIAS = 'default'
505SESSION_COOKIE_AGE = 1209600503SESSION_COOKIE_AGE = 1209600
@@ -614,7 +612,6 @@ TWOFACTOR_TTL = 48 * 3600 # 48 hs
614USE_ETAGS = False612USE_ETAGS = False
615USE_I18N = True613USE_I18N = True
616USE_L10N = True614USE_L10N = True
617USE_SENTRY = True
618USE_THOUSAND_SEPARATOR = False615USE_THOUSAND_SEPARATOR = False
619USE_TZ = False616USE_TZ = False
620USE_X_FORWARDED_HOST = False617USE_X_FORWARDED_HOST = False
diff --git a/django_project/settings_devel.py b/django_project/settings_devel.py
index a3466f8..da15108 100644
--- a/django_project/settings_devel.py
+++ b/django_project/settings_devel.py
@@ -47,4 +47,3 @@ TWOFACTOR_MANDATORY_TEAMS = ['ubuntuone-hackers']
47# Load a minimal blacklist in development so as to not need too much47# Load a minimal blacklist in development so as to not need too much
48# time and memory and not break any tests48# time and memory and not break any tests
49PASSWORD_BLACKLIST_FILE = os.path.join(BASE_DIR, "blacklist-devel.txt")49PASSWORD_BLACKLIST_FILE = os.path.join(BASE_DIR, "blacklist-devel.txt")
50USE_SENTRY = False
diff --git a/requirements.txt b/requirements.txt
index 39def16..0577502 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,4 @@
1bson==0.3.41bson==0.3.4
2canonical-raven==0.0.3
3cffi==1.6.02cffi==1.6.0
4conn-check-configs==1.0.33conn-check-configs==1.0.3
5convoy==0.4.14convoy==0.4.1
@@ -17,7 +16,7 @@ django-secure==1.0.1
17django-statsd-mozilla==0.4.016django-statsd-mozilla==0.4.0
18enum34==1.1.617enum34==1.1.6
19gargoyle-yplan==1.2.518gargoyle-yplan==1.2.5
20gunicorn==19.3.019gunicorn==19.10.0
21idna==2.120idna==2.1
22ipaddress==1.0.1621ipaddress==1.0.16
23lazr.authentication==0.1.322lazr.authentication==0.1.3
@@ -36,13 +35,14 @@ pyasn1==0.1.9
36pycparser==2.1435pycparser==2.14
37pymacaroons==0.10.036pymacaroons==0.10.0
38python-openid==2.2.537python-openid==2.2.5
39raven==6.0.038raven==6.10.0
40requests==2.10.039requests==2.10.0
41requests-oauthlib==0.4.240requests-oauthlib==0.4.2
42saml2idp==0.1841saml2idp==0.18
43six==1.10.042six==1.10.0
44ssoclient==2.1.143ssoclient==2.1.1
45statsd==3.144statsd==3.1
45talisker[django,gunicorn,raven]==0.18.0
46testresources==0.2.746testresources==0.2.7
47timeline==0.0.447timeline==0.0.4
48timeline-django==0.0.548timeline-django==0.0.5
diff --git a/src/identityprovider/wsgi.py b/src/identityprovider/wsgi.py
index b8ce74c..492858c 100644
--- a/src/identityprovider/wsgi.py
+++ b/src/identityprovider/wsgi.py
@@ -2,8 +2,6 @@ import uuid
22
3import oops_wsgi3import oops_wsgi
44
5from canonical_raven.middleware import Sentry
6
7from django.conf import settings5from django.conf import settings
8from oops_wsgi import django as oops_wsgi_django6from oops_wsgi import django as oops_wsgi_django
9from timeline.wsgi import make_app as timeline_wsgi_make_app7from timeline.wsgi import make_app as timeline_wsgi_make_app
@@ -77,6 +75,4 @@ def make_app():
77 app = oops_wsgi.make_app(75 app = oops_wsgi.make_app(
78 app, config, oops_on_status=['500'],76 app, config, oops_on_status=['500'],
79 soft_start_timeout=settings.HANDLER_TIMEOUT_MILLIS)77 soft_start_timeout=settings.HANDLER_TIMEOUT_MILLIS)
80 if settings.USE_SENTRY:
81 app = Sentry(app, soft_start_timeout=settings.HANDLER_TIMEOUT_MILLIS)
82 return app78 return app

Subscribers

People subscribed via source and target branches