From 466fa4fbfdb1b2b3a7cfd844f6cc8515b23bd2b1 Mon Sep 17 00:00:00 2001 From: davidwilby Date: Thu, 2 Mar 2023 14:41:16 +0000 Subject: [PATCH 1/8] add teamware privacy policy variables --- gate-teamware/README.md | 7 +++++++ gate-teamware/templates/deployment-backend.yaml | 13 +++++++++++++ gate-teamware/values.yaml | 14 ++++++++++++++ 3 files changed, 34 insertions(+) diff --git a/gate-teamware/README.md b/gate-teamware/README.md index 0a305ca..6fa205f 100644 --- a/gate-teamware/README.md +++ b/gate-teamware/README.md @@ -134,6 +134,13 @@ and the deployments may need to be manually updated using `kubectl rollout resta ## Changelog +### Version 0.2.3 + +No breaking changes. + +Minor changes: +- `privacyPolicy` key added containing `host` and `admin`, each containing `name`, `address` and `contact` fields to hold contact details for the app's privacy policy and terms & conditions. + ### Version 0.2.1 **Breaking changes** diff --git a/gate-teamware/templates/deployment-backend.yaml b/gate-teamware/templates/deployment-backend.yaml index 4a0fc43..b97ffe3 100644 --- a/gate-teamware/templates/deployment-backend.yaml +++ b/gate-teamware/templates/deployment-backend.yaml @@ -136,6 +136,19 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }} + # Privacy Policy Settings + - name: PP_HOST_NAME + value: {{ $.Values.privacyPolicy.host.name | quote }} + - name: PP_HOST_ADDRESS + value: {{ $.Values.privacyPolicy.host.address | quote }} + - name: PP_HOST_CONTACT + value: {{ $.Values.privacyPolicy.host.contact | quote }} + - name: PP_ADMIN_NAME + value: {{ $.Values.privacyPolicy.admin.name | quote }} + - name: PP_ADMIN_ADDRESS + value: {{ $.Values.privacyPolicy.admin.address | quote }} + - name: PP_ADMIN_CONTACT + value: {{ $.Values.privacyPolicy.admin.contact | quote }} volumeMounts: - name: email-client-cert mountPath: /email-client-cert diff --git a/gate-teamware/values.yaml b/gate-teamware/values.yaml index 90b26cb..bb5b032 100644 --- a/gate-teamware/values.yaml +++ b/gate-teamware/values.yaml @@ -316,6 +316,20 @@ email: # client secret and "refresh-token" for the GMail API refresh token. secretName: "" +privacyPolicy: + # Contact details of the host and administrator of the teamware instance + host: + # Name of the host + name: "" + # Host's physical address + address: "" + # A method of contacting the host, field supports HTML for e.g. linking to a form + contact: "" + admin: + name: "" + address: "" + contact: "" + # Database settings - see the bitnami postgresql chart documentation for full # details postgresql: From ea3fbe77f959d27846c23260e99b6387e9df4936 Mon Sep 17 00:00:00 2001 From: davidwilby Date: Thu, 2 Mar 2023 14:48:57 +0000 Subject: [PATCH 2/8] actually increment the chart version --- gate-teamware/Chart.yaml | 2 +- gate-teamware/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gate-teamware/Chart.yaml b/gate-teamware/Chart.yaml index 34facef..47cea51 100644 --- a/gate-teamware/Chart.yaml +++ b/gate-teamware/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.3 +version: 0.2.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/gate-teamware/README.md b/gate-teamware/README.md index 6fa205f..9094301 100644 --- a/gate-teamware/README.md +++ b/gate-teamware/README.md @@ -134,7 +134,7 @@ and the deployments may need to be manually updated using `kubectl rollout resta ## Changelog -### Version 0.2.3 +### Version 0.2.4 No breaking changes. From a0f56a65f5101575b5d166a12d3844ad88ecf1d1 Mon Sep 17 00:00:00 2001 From: davidwilby Date: Thu, 2 Mar 2023 15:07:17 +0000 Subject: [PATCH 3/8] add description of new keys to README --- gate-teamware/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/gate-teamware/README.md b/gate-teamware/README.md index 9094301..fabcf1b 100644 --- a/gate-teamware/README.md +++ b/gate-teamware/README.md @@ -57,6 +57,15 @@ Things you will commonly need to override include: - `replicaCount` (default 1) - the number of replicas of the Django container to run. Alternatively you can set `backend.autoscaling.enabled` to `true` for auto-scaling based on CPU usage - `staticFiles` - `replicaCount` (default 1) - the same for the static files nginx, though this is highly unlikely to need more than one replica as it's a simple static file server +- `privacyPolicy` - contact details of the service's host and administrator to be rendered in the privacy policy and terms & conditions. + - `host` - the organisation or individual responsible for managing the deployment of the teamware instance. + - `name` - host organisation/individual's name. + - `address` - physical address. + - `contact` - a means of contact, supports HTML for e.g. email or contact form links. + - `admin` - the individual or organisation responsible for managing users of the teamware instance. + - `name` - admin organisation/individual's name. + - `address` - physical address. + - `contact` - a means of contact, supports HTML for e.g. email or contact form links. You can also set `resources`, `nodeSelector`, `affinity` and/or `tolerations` if required, under both the `backend` and `staticFiles` sections From 004d41a50631c770056622ca70108cf42a7d5aab Mon Sep 17 00:00:00 2001 From: Ian Roberts Date: Thu, 2 Mar 2023 15:15:54 +0000 Subject: [PATCH 4/8] Moved privacy policy related env declarations outside {{if}} block and simplified expressions using {{with}} --- .../templates/deployment-backend.yaml | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/gate-teamware/templates/deployment-backend.yaml b/gate-teamware/templates/deployment-backend.yaml index b97ffe3..32336bc 100644 --- a/gate-teamware/templates/deployment-backend.yaml +++ b/gate-teamware/templates/deployment-backend.yaml @@ -132,23 +132,25 @@ spec: key: refresh-token {{- end }}{{/* if backend gmail */}} {{- end }}{{/* with .Values.email */}} - {{- with .extraEnv }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }} + {{- with $.Values.privacyPolicy }} # Privacy Policy Settings - name: PP_HOST_NAME - value: {{ $.Values.privacyPolicy.host.name | quote }} + value: {{ .host.name | quote }} - name: PP_HOST_ADDRESS - value: {{ $.Values.privacyPolicy.host.address | quote }} + value: {{ .host.address | quote }} - name: PP_HOST_CONTACT - value: {{ $.Values.privacyPolicy.host.contact | quote }} + value: {{ .host.contact | quote }} - name: PP_ADMIN_NAME - value: {{ $.Values.privacyPolicy.admin.name | quote }} + value: {{ .admin.name | quote }} - name: PP_ADMIN_ADDRESS - value: {{ $.Values.privacyPolicy.admin.address | quote }} + value: {{ .admin.address | quote }} - name: PP_ADMIN_CONTACT - value: {{ $.Values.privacyPolicy.admin.contact | quote }} + value: {{ .admin.contact | quote }} + {{- end }} + {{- with .extraEnv }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }} volumeMounts: - name: email-client-cert mountPath: /email-client-cert From d15eedc1175b4bdbf7ea1c54e6b7901cd06a5fef Mon Sep 17 00:00:00 2001 From: Ian Roberts Date: Thu, 2 Mar 2023 15:29:34 +0000 Subject: [PATCH 5/8] If a given privacyPolicy.*.* setting is not provided, leave the corresponding env var completely unset rather than explicitly setting it to an empty string value. --- .../templates/deployment-backend.yaml | 29 ++++++++++++++----- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/gate-teamware/templates/deployment-backend.yaml b/gate-teamware/templates/deployment-backend.yaml index 32336bc..35ab778 100644 --- a/gate-teamware/templates/deployment-backend.yaml +++ b/gate-teamware/templates/deployment-backend.yaml @@ -132,24 +132,39 @@ spec: key: refresh-token {{- end }}{{/* if backend gmail */}} {{- end }}{{/* with .Values.email */}} + {{- with $.Values.privacyPolicy }} # Privacy Policy Settings + {{- with .host.name }} - name: PP_HOST_NAME - value: {{ .host.name | quote }} + value: {{ . | quote }} + {{- end }} + {{- with .host.address }} - name: PP_HOST_ADDRESS - value: {{ .host.address | quote }} + value: {{ . | quote }} + {{- end }} + {{- with .host.contact }} - name: PP_HOST_CONTACT - value: {{ .host.contact | quote }} + value: {{ . | quote }} + {{- end }} + {{- with .admin.name }} - name: PP_ADMIN_NAME - value: {{ .admin.name | quote }} + value: {{ . | quote }} + {{- end }} + {{- with .admin.address }} - name: PP_ADMIN_ADDRESS - value: {{ .admin.address | quote }} - - name: PP_ADMIN_CONTACT - value: {{ .admin.contact | quote }} + value: {{ . | quote }} {{- end }} + {{- with .admin.contact }} + - name: PP_ADMIN_CONTACT + value: {{ . | quote }} + {{- end }}{{/* with .admin.contact */}} + {{- end }}{{/* with $.Values.privacyPolicy */}} + {{- with .extraEnv }} {{- toYaml . | nindent 10 }} {{- end }} + {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }} volumeMounts: - name: email-client-cert From d21bb9528ce0e15809dc1798fa1ec7c27946a948 Mon Sep 17 00:00:00 2001 From: Ian Roberts Date: Thu, 2 Mar 2023 15:57:16 +0000 Subject: [PATCH 6/8] More detailed documentation on the relationship between host & admin --- gate-teamware/README.md | 4 ++-- gate-teamware/values.yaml | 15 ++++++++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/gate-teamware/README.md b/gate-teamware/README.md index fabcf1b..8812716 100644 --- a/gate-teamware/README.md +++ b/gate-teamware/README.md @@ -57,12 +57,12 @@ Things you will commonly need to override include: - `replicaCount` (default 1) - the number of replicas of the Django container to run. Alternatively you can set `backend.autoscaling.enabled` to `true` for auto-scaling based on CPU usage - `staticFiles` - `replicaCount` (default 1) - the same for the static files nginx, though this is highly unlikely to need more than one replica as it's a simple static file server -- `privacyPolicy` - contact details of the service's host and administrator to be rendered in the privacy policy and terms & conditions. +- `privacyPolicy` - settings related to the privacy policy and terms & conditions. - `host` - the organisation or individual responsible for managing the deployment of the teamware instance. - `name` - host organisation/individual's name. - `address` - physical address. - `contact` - a means of contact, supports HTML for e.g. email or contact form links. - - `admin` - the individual or organisation responsible for managing users of the teamware instance. + - `admin` - the individual or organisation responsible for managing users of the teamware instance, if this is not the same as the `host`. Any of these values that are left un-set will default to the corresponding `host` value. - `name` - admin organisation/individual's name. - `address` - physical address. - `contact` - a means of contact, supports HTML for e.g. email or contact form links. diff --git a/gate-teamware/values.yaml b/gate-teamware/values.yaml index bb5b032..f6b8093 100644 --- a/gate-teamware/values.yaml +++ b/gate-teamware/values.yaml @@ -319,15 +319,24 @@ email: privacyPolicy: # Contact details of the host and administrator of the teamware instance host: - # Name of the host + # Name of the organization that hosts this teamware instance, e.g. "Annotation4U Ltd." name: "" - # Host's physical address + # Host's physical address (e.g. 123 Somewhere Street, London, SW1A 1AA, UK) address: "" - # A method of contacting the host, field supports HTML for e.g. linking to a form + # A method of contacting the host, field supports HTML (inline elements such as + # or only), e.g. + # + # contact: | + # Contact Annotation4U contact: "" admin: + # Name of the organization that is responsible for administering this + # teamware instance, if not the same as the host name: "" + # Administrator's physical address, if not the same as the host address: "" + # A method of contacting the administrator, if not the same as the host. This + # field supports HTML. contact: "" # Database settings - see the bitnami postgresql chart documentation for full From d4886e92e8dcabf69e38d52fb1f93b7fd8e51f6d Mon Sep 17 00:00:00 2001 From: Ian Roberts Date: Fri, 10 Mar 2023 11:47:02 +0000 Subject: [PATCH 7/8] Allow mounting of custom policies via a ConfigMap --- gate-teamware/README.md | 1 + .../templates/deployment-backend.yaml | 19 +++++++++++++++++-- gate-teamware/values.yaml | 3 +++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/gate-teamware/README.md b/gate-teamware/README.md index 8812716..381298d 100644 --- a/gate-teamware/README.md +++ b/gate-teamware/README.md @@ -66,6 +66,7 @@ Things you will commonly need to override include: - `name` - admin organisation/individual's name. - `address` - physical address. - `contact` - a means of contact, supports HTML for e.g. email or contact form links. + - `customPoliciesConfigMap` - if any of the default policies are not suitable for your needs or not compatible with the law governing your location, then you will need to [provide your own custom policies](https://gatenlp.github.io/gate-teamware/development/developerguide/#including-a-custom-privacy-policy-and-or-terms-conditions) as Markdown files. Create a ConfigMap with entries named `privacy-policy.md` and/or `terms-and-conditions.md` (whichever of the standard policies you want to override), provide the name of the ConfigMap in this setting, and Teamware will use your custom policy or policies in place of the standard ones. You can also set `resources`, `nodeSelector`, `affinity` and/or `tolerations` if required, under both the `backend` and `staticFiles` sections diff --git a/gate-teamware/templates/deployment-backend.yaml b/gate-teamware/templates/deployment-backend.yaml index 35ab778..b14af58 100644 --- a/gate-teamware/templates/deployment-backend.yaml +++ b/gate-teamware/templates/deployment-backend.yaml @@ -165,12 +165,19 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} - {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }} + {{- if or (and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret) $.Values.privacyPolicy.customPoliciesConfigMap }} volumeMounts: + {{- end }} + {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }} - name: email-client-cert mountPath: /email-client-cert readOnly: true {{- end }}{{/* if smtp client cert */}} + {{- if $.Values.privacyPolicy.customPoliciesConfigMap }} + - name: custom-policies + mountPath: /app/custom-policies + readOnly: true + {{- end }}{{/* if custom policies */}} livenessProbe: httpGet: path: / @@ -187,12 +194,20 @@ spec: value: {{ $.Values.hostName | quote }} resources: {{- toYaml .resources | nindent 12 }} - {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }} + + {{- if or (and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret) $.Values.privacyPolicy.customPoliciesConfigMap }} volumes: + {{- end }} + {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }} - name: email-client-cert secret: secretName: {{ $.Values.email.smtp.clientCertSecret | quote }} {{- end }}{{/* if smtp client cert */}} + {{- if $.Values.privacyPolicy.customPoliciesConfigMap }} + - name: custom-policies + configMap: + name: {{ $.Values.privacyPolicy.customPoliciesConfigMap }} + {{- end }}{{/* if custom policies */}} {{- with .nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/gate-teamware/values.yaml b/gate-teamware/values.yaml index f6b8093..fdade24 100644 --- a/gate-teamware/values.yaml +++ b/gate-teamware/values.yaml @@ -317,6 +317,9 @@ email: secretName: "" privacyPolicy: + # name of a pre-existing ConfigMap containing entries for a custom privacy-policy.md + # and/or terms-and-conditions.md, which will override the default ones provided by Teamware + customPoliciesConfigMap: "" # Contact details of the host and administrator of the teamware instance host: # Name of the organization that hosts this teamware instance, e.g. "Annotation4U Ltd." From b5d7b48cce100cb55766bf4764f7fd42af108a10 Mon Sep 17 00:00:00 2001 From: Ian Roberts Date: Fri, 10 Mar 2023 13:57:21 +0000 Subject: [PATCH 8/8] Document the "email activation required" setting --- gate-teamware/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/gate-teamware/README.md b/gate-teamware/README.md index 381298d..f1eb173 100644 --- a/gate-teamware/README.md +++ b/gate-teamware/README.md @@ -39,6 +39,7 @@ Things you will commonly need to override include: - `secret` - name of the secret holding the TLS certificate for the configured `hostName`. Whether this is required or optional depends on the cluster and its configured ingress controller, e.g. the GATE cluster is set up to use a `*.gate.ac.uk` wildcard certificate for ingresses that do not specify their own, so on that cluster if the `hostName` matches that wildcard then a separate secret is not required. - `enabled` - using the ingress is the simplest way to expose the Teamware application correctly, but if you are unable to install an ingress controller in your cluster you can set this property to `false` and establish an alternative way to expose the Teamware services at the correct URLs - this could be a separate reverse proxy deployed manually into your cluster as a `LoadBalancer` service, or by making the `backend` and `staticFiles` services be type `NodePort` and replicating the ingress rules at an external gateway of some kind. All requests to the `publicUrl` need to go to the backend service, _except_ those where the path prefix is `/static` which should go to the static service instead. - `email` settings to be able to send registration and password reminder emails + - `activationEnabled` (default `false`) - do we require new accounts to verify their email addresses before use by way of an emailed verification code? - `adminAddress` - email address of the administrator, used as the "from" address on generated emails - `backend` - "smtp" to send mail via an SMTP server, "gmail" to use the GMail API. - for the "smtp" backend: