Merge pull request #278982 from felbinger/master

python311Packages.mozilla-django-oidc: init at 4.0.1; peering-manager: add oidc support

Author: JohnRTitor

nixos/modules/services/web-apps/peering-manager.nix

@@ -16,6 +16,8 @@ let
       ln -s ${configFile} $out/opt/peering-manager/peering_manager/configuration.py
     '' + lib.optionalString cfg.enableLdap ''
       ln -s ${cfg.ldapConfigPath} $out/opt/peering-manager/peering_manager/ldap_config.py
+    '' + lib.optionalString cfg.enableOidc ''
+      ln -s ${cfg.oidcConfigPath} $out/opt/peering-manager/peering_manager/oidc_config.py
     '';
   })).override {
     inherit (cfg) plugins;
@@ -139,6 +141,24 @@ in {
         See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6-ldap/#configuration) for possible options.
       '';
     };
+
+    enableOidc = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable OIDC-Authentication for Peering Manager.
+
+        This requires a configuration file being pass through `oidcConfigPath`.
+      '';
+    };
+
+    oidcConfigPath = mkOption {
+      type = types.path;
+      description = ''
+        Path to the Configuration-File for OIDC-Authentication, will be loaded as `oidc_config.py`.
+        See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6b-oidc/#configuration) for possible options.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -173,7 +193,10 @@ in {
           PEERINGDB_API_KEY = file.readline()
       '';
 
-      plugins = lib.mkIf cfg.enableLdap (ps: [ ps.django-auth-ldap ]);
+      plugins = (ps:
+        (lib.optionals cfg.enableLdap [ ps.django-auth-ldap ]) ++
+        (lib.optionals cfg.enableOidc (with ps; [ mozilla-django-oidc pyopenssl josepy ]))
+      );
     };
 
     system.build.peeringManagerPkg = pkg;

pkgs/development/python-modules/mozilla-django-oidc/default.nix

@@ -0,0 +1,54 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, setuptools
+, djangorestframework
+, django
+, josepy
+, requests
+, cryptography
+}:
+
+buildPythonPackage rec {
+  pname = "mozilla-django-oidc";
+  version = "4.0.1";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "mozilla";
+    repo = "mozilla-django-oidc";
+    rev = version;
+    hash = "sha256-72F1aLLIId+YClTrpOz3bL8LSq6ZhZjjtv8V/GJGkqs=";
+  };
+
+  nativeBuildInputs = [
+    setuptools
+  ];
+
+  nativeCheckInputs = [
+    djangorestframework
+  ];
+
+  checkPhase = ''
+    runHook preCheck
+
+    PYTHONPATH=.:$PYTHONPATH DJANGO_SETTINGS_MODULE=tests.settings django-admin test
+
+    runHook postCheck
+  '';
+
+  dependencies = [
+    django
+    josepy
+    requests
+    cryptography
+  ];
+
+  meta = {
+    description = "Django OpenID Connect library";
+    homepage = "https://github.com/mozilla/mozilla-django-oidc";
+    changelog = "https://github.com/mozilla/mozilla-django-oidc/releases/tag/${src.rev}";
+    license = lib.licenses.mpl20;
+    maintainers = with lib.maintainers; [ felbinger ];
+  };
+}

pkgs/top-level/python-packages.nix

@@ -7809,6 +7809,8 @@ self: super: with self; {
 
   mox3 = callPackage ../development/python-modules/mox3 { };
 
+  mozilla-django-oidc = callPackage ../development/python-modules/mozilla-django-oidc { };
+
   mpd2 = callPackage ../development/python-modules/mpd2 { };
 
   mpegdash = callPackage ../development/python-modules/mpegdash { };