GateNLP · ianroberts · Mar 10, 2023 · Mar 2, 2023 · Mar 2, 2023 · Mar 2, 2023
diff --git a/gate-teamware/Chart.yaml b/gate-teamware/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.3
+version: 0.2.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/gate-teamware/README.md b/gate-teamware/README.md
@@ -39,6 +39,7 @@ Things you will commonly need to override include:
     - `secret` - name of the secret holding the TLS certificate for the configured `hostName`.  Whether this is required or optional depends on the cluster and its configured ingress controller, e.g. the GATE cluster is set up to use a `*.gate.ac.uk` wildcard certificate for ingresses that do not specify their own, so on that cluster if the `hostName` matches that wildcard then a separate secret is not required.
   - `enabled` - using the ingress is the simplest way to expose the Teamware application correctly, but if you are unable to install an ingress controller in your cluster you can set this property to `false` and establish an alternative way to expose the Teamware services at the correct URLs - this could be a separate reverse proxy deployed manually into your cluster as a `LoadBalancer` service, or by making the `backend` and `staticFiles` services be type `NodePort` and replicating the ingress rules at an external gateway of some kind.  All requests to the `publicUrl` need to go to the backend service, _except_ those where the path prefix is `/static` which should go to the static service instead.
 - `email` settings to be able to send registration and password reminder emails
+  - `activationEnabled` (default `false`) - do we require new accounts to verify their email addresses before use by way of an emailed verification code?
   - `adminAddress` - email address of the administrator, used as the "from" address on generated emails
   - `backend` - "smtp" to send mail via an SMTP server, "gmail" to use the GMail API.
   - for the "smtp" backend:
@@ -57,6 +58,16 @@ Things you will commonly need to override include:
   - `replicaCount` (default 1) - the number of replicas of the Django container to run.  Alternatively you can set `backend.autoscaling.enabled` to `true` for auto-scaling based on CPU usage
 - `staticFiles`
   - `replicaCount` (default 1) - the same for the static files nginx, though this is highly unlikely to need more than one replica as it's a simple static file server
+- `privacyPolicy` - settings related to the privacy policy and terms & conditions.
+  - `host` - the organisation or individual responsible for managing the deployment of the teamware instance.
+    - `name` - host organisation/individual's name.
+    - `address` - physical address.
+    - `contact` - a means of contact, supports HTML for e.g. email or contact form links.
+  - `admin` - the individual or organisation responsible for managing users of the teamware instance, if this is not the same as the `host`.  Any of these values that are left un-set will default to the corresponding `host` value.
+    - `name` - admin organisation/individual's name.
+    - `address` - physical address.
+    - `contact` - a means of contact, supports HTML for e.g. email or contact form links.
+  - `customPoliciesConfigMap` - if any of the default policies are not suitable for your needs or not compatible with the law governing your location, then you will need to [provide your own custom policies](https://gatenlp.github.io/gate-teamware/development/developerguide/#including-a-custom-privacy-policy-and-or-terms-conditions) as Markdown files.  Create a ConfigMap with entries named `privacy-policy.md` and/or `terms-and-conditions.md` (whichever of the standard policies you want to override), provide the name of the ConfigMap in this setting, and Teamware will use your custom policy or policies in place of the standard ones.
 
 You can also set `resources`, `nodeSelector`, `affinity` and/or `tolerations` if required, under both the `backend` and `staticFiles` sections
 
@@ -134,6 +145,13 @@ and the deployments may need to be manually updated using `kubectl rollout resta
 
 ## Changelog
 
+### Version 0.2.4
+
+No breaking changes.
+
+Minor changes:
+- `privacyPolicy` key added containing `host` and `admin`, each containing `name`, `address` and `contact` fields to hold contact details for the app's privacy policy and terms & conditions.
+
 ### Version 0.2.1
 
 **Breaking changes**

diff --git a/gate-teamware/templates/deployment-backend.yaml b/gate-teamware/templates/deployment-backend.yaml
@@ -132,15 +132,52 @@ spec:
                 key: refresh-token
           {{- end }}{{/* if backend gmail */}}
           {{- end }}{{/* with .Values.email */}}
+
+          {{- with $.Values.privacyPolicy }}
+          # Privacy Policy Settings
+          {{- with .host.name }}
+          - name: PP_HOST_NAME
+            value: {{ . | quote }}
+          {{- end }}
+          {{- with .host.address }}
+          - name: PP_HOST_ADDRESS
+            value: {{ . | quote }}
+          {{- end }}
+          {{- with .host.contact }}
+          - name: PP_HOST_CONTACT
+            value: {{ . | quote }}
+          {{- end }}
+          {{- with .admin.name }}
+          - name: PP_ADMIN_NAME
+            value: {{ . | quote }}
+          {{- end }}
+          {{- with .admin.address }}
+          - name: PP_ADMIN_ADDRESS
+            value: {{ . | quote }}
+          {{- end }}
+          {{- with .admin.contact }}
+          - name: PP_ADMIN_CONTACT
+            value: {{ . | quote }}
+          {{- end }}{{/* with .admin.contact */}}
+          {{- end }}{{/* with $.Values.privacyPolicy */}}
+
           {{- with .extraEnv }}
             {{- toYaml . | nindent 10 }}
           {{- end }}
-          {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }}
+
+          {{- if or (and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret) $.Values.privacyPolicy.customPoliciesConfigMap }}
           volumeMounts:
+          {{- end }}
+          {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }}
           - name: email-client-cert
             mountPath: /email-client-cert
             readOnly: true
           {{- end }}{{/* if smtp client cert */}}
+          {{- if $.Values.privacyPolicy.customPoliciesConfigMap }}
+          - name: custom-policies
+            mountPath: /app/custom-policies
+            readOnly: true
+          {{- end }}{{/* if custom policies */}}
           livenessProbe:
             httpGet:
               path: /
@@ -157,12 +194,20 @@ spec:
                 value: {{ $.Values.hostName | quote }}
           resources:
             {{- toYaml .resources | nindent 12 }}
-      {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }}
+
+      {{- if or (and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret) $.Values.privacyPolicy.customPoliciesConfigMap }}
       volumes:
+      {{- end }}
+      {{- if and $.Values.email.smtp.security $.Values.email.smtp.clientCertSecret }}
       - name: email-client-cert
         secret:
           secretName: {{ $.Values.email.smtp.clientCertSecret | quote }}
       {{- end }}{{/* if smtp client cert */}}
+      {{- if $.Values.privacyPolicy.customPoliciesConfigMap }}
+        - name: custom-policies
+          configMap:
+            name: {{ $.Values.privacyPolicy.customPoliciesConfigMap }}
+      {{- end }}{{/* if custom policies */}}
       {{- with .nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/gate-teamware/values.yaml b/gate-teamware/values.yaml
@@ -316,6 +316,32 @@ email:
     # client secret and "refresh-token" for the GMail API refresh token.
     secretName: ""
 
+privacyPolicy:
+  # name of a pre-existing ConfigMap containing entries for a custom privacy-policy.md
+  # and/or terms-and-conditions.md, which will override the default ones provided by Teamware
+  customPoliciesConfigMap: ""
+  # Contact details of the host and administrator of the teamware instance
+  host:
+    # Name of the organization that hosts this teamware instance, e.g. "Annotation4U Ltd."
+    name: ""
+    # Host's physical address (e.g. 123 Somewhere Street, London, SW1A 1AA, UK)
+    address: ""
+    # A method of contacting the host, field supports HTML (inline elements such as
+    # <a> or <span> only), e.g.
+    #
+    # contact: |
+    #   <a href="https://annotation4u.com/contact" target="_blank">Contact Annotation4U</a>
+    contact: ""
+  admin:
+    # Name of the organization that is responsible for administering this
+    # teamware instance, if not the same as the host
+    name: ""
+    # Administrator's physical address, if not the same as the host
+    address: ""
+    # A method of contacting the administrator, if not the same as the host.  This
+    # field supports HTML.
+    contact: ""
+
 # Database settings - see the bitnami postgresql chart documentation for full
 # details
 postgresql: