-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Port API to FastAPI #133 #134
base: main
Are you sure you want to change the base?
Conversation
@louise-davies As I mentioned, earlier there are a few things I want to check
|
c76ad13
to
6221365
Compare
6221365
to
a470be7
Compare
b76ccfb
to
0fb5fa1
Compare
Yes, they create them if they don't already exist. But no they weren't updated to have
Yes they would do if they are required. The
I wouldn't think so, unless it's installed differently all the ansible scripts do is set up directories/files, install packages into virtualenv & set up the apache config to run the WSGI script.
Shouldn't matter - we don't really care how the
Again, we don't parse the error message so no concern, would just display a "Signed out due to token invalidation" message
See above
See above
See above
We don't care about the specific body or code, as long as it's a 2XX code
Any failure to verify like refresh is not parsed, and will just result in a generic "Signed out due to token invalidation"
We don't parse the message so no concern
Again, we don't parse the message and the error code is still an error code so error handling will work the same
See above, we don't parse the message
See above
See above
We don't parse success messages either, it just returns the body. So the message the admins see will change slightly but not a concern in my opinion.
We don't parse the error
See above
See above
See above
See above
Like with the maintenance endpoint, we don't parse success messages, it just returns the body. So the message the admins see will change slightly but not a concern in my opinion. Overall, I think the changes to the API endpoints themselves don't require any changes in SG and overall look for the better, whereas scigateway-ansible will need updating but it's relatively easy to do so I think |
@louise-davies Thank you for providing these answers! Sounds like we don't need to do anything in SciGateway which is good news.
That's right, it now uses Pydantic models which automatically validate the data stored in the JSON files.
Correct. The configuration is now handled using Pydantic Settings which allows for loading config values from system environment variables or the
There is no WSGI script anymore as FastAPI is ASGI and in the world of containers the app is run in production mode using the FastAPI CLI command line program which internally uses a production-ready Uvicorn ASGI server. I have never run a FastAPI app on an apache server like that so we should look at how we get it to work. |
@VKTB ah yeah, forgot about the WSGI to ASGI change. Will probably just have to set up a system service for the API, and use Apache to reverse proxy to whatever port we run it on - so slightly more changes to the ansible scripts than I thought |
@louise-davies I am not sure if you read through the description of the PR but can I get your thoughts on the below two points please?
|
@VKTB sorry, missed those two questions
It's probably acceptable for now to have them read at start up - admin usernames change rarely and e.g. require a restart to ICAT so it's no different here. The token blacklist hasn't really been used but would make more sense to be hot-editable. But equally, doing an apache reload is not a massive downtime really so I'm happy keeping the functionality as it is here and if it needs changing in the future we can change it then.
Setting a timeout is probably sensible - not sure what a sensible timeout would be but since it's configurable it's fine. |
@louise-davies That's great, thank you! |
Description
severity
key value pair to thescheduled_maintenance.json
filelogging.ini
file.env file
instead of the oldconfig.json
. The config is loaded when the first starts up which means that updates to the theAUTHENTICATION__JWT_REFRESH_TOKEN_BLACKLIST
andAUTHENTICATION__ADMIN_USERS
values now require the application to be restarted to take effect. If this is a problem then I suggest that we store these values in separate files like we do with the active usernames in LDAP JWT Auth.requests
calls so I added an option in the config to allow for this to be set. I set it to 5 seconds in the example file (hopefully this is enough?).Dockerfile
to have multistages:dev
for local developmenttest
for running the testsprod
for productiontests
CI job to run the tests in a Docker containerTesting Instructions
Add a set up instructions describing how the reviewer should test the code
/docs
) work as expectedAgile Board Tracking
closes #93
closes #94
closes #95
closes #129
closes #133