Upgrade to Juniper

README.rst

@@ -36,11 +36,11 @@ Operations
 Creating a user
 ~~~~~~~~~~~~~~~
 
-The discovery user interface will be available at http://discovery.localhost for a local instance, and at ``DISCOVERY_HOST`` (by default: http(s)://discovery.<your lms host>) in production. In order to run commands from the UI, a user must be created::
+The discovery user interface will be available at http://discovery.local.overhang.io for a local test instance, and at ``DISCOVERY_HOST`` (by default: http(s)://discovery.<your lms host>) in production. In order to run commands from the UI, a user must be created::
   
   tutor local run discovery ./manage.py createsuperuser
 
-Then, you must login with this user at http://discovery.localhost/admin.
+Then, you must login with this user at http://discovery.local.overhang.io/admin.
 
 Alternatively, you can login with oauth2 using a pre-existing user created on the LMS/CMS by accessing http(s)://discovery.<your lms host>/login. To do so, the proper domain names must exist and point to the production server.
 
@@ -72,7 +72,7 @@ To debug the course discovery service, you are encouraged to mount the course-di
 
     tutor dev runserver -v ~/projets/openedx/repos/course-discovery/:/openedx/discovery discovery
     
-You can then access the development server at http://localhost:8381. Feel free to add breakpoints (``import pdb; pdb.set_trace()``) anywhere in your source code to debug your application.
+You can then access the development server at http://discovery.local.overhang.io:8381. Feel free to add breakpoints (``import pdb; pdb.set_trace()``) anywhere in your source code to debug your application.
 
 Alternatively, you may bind-mount a local course-discovery repository by adding the following to ``$(tutor config printroot)/env/dev/docker-compose.override.yml``::
     

setup.py

@@ -29,7 +29,7 @@ setup(
     long_description=readme,
     packages=find_packages(exclude=["tests*"]),
     include_package_data=True,
-    install_requires=["tutor-openedx"],
+    install_requires=["tutor-openedx>=10.0.0,<11.0.0"],
     python_requires=">=3.5",
     entry_points={"tutor.plugin.v0": ["discovery = tutordiscovery.plugin"]},
     classifiers=[

tutordiscovery/__about__.py

@@ -1 +1 @@
-__version__ = "0.1.18"
+__version__ = "10.0.0"

tutordiscovery/patches/local-docker-compose-dev-services

@@ -1,6 +1,10 @@
 discovery:
   environment:
     DJANGO_SETTINGS_MODULE: course_discovery.settings.tutor.development
-    command: ./manage.py runserver 0.0.0.0:8000
+  command: ./manage.py runserver 0.0.0.0:8381
   ports:
-        - "8381:8000"
+    - "8381:8381"
+  networks:
+    default:
+      aliases:
+        - "{{ DISCOVERY_HOST }}"

tutordiscovery/patches/local-docker-compose-jobs-services

@@ -0,0 +1,7 @@
+discovery-job:
+  image: {{ DOCKER_REGISTRY }}{{ DISCOVERY_DOCKER_IMAGE }}
+  environment:
+    DJANGO_SETTINGS_MODULE: course_discovery.settings.tutor.production
+  volumes:
+    - ../plugins/discovery/apps/settings/tutor:/openedx/discovery/course_discovery/settings/tutor:ro
+  depends_on: {{ [("lms", ACTIVATE_LMS), ("mysql", ACTIVATE_MYSQL)]|list_if }}

tutordiscovery/patches/nginx-extra

@@ -11,7 +11,7 @@ server {
 {% endif %}
 server {
   {% if ACTIVATE_HTTPS %}listen 443 {{ "" if WEB_PROXY else "ssl" }};{% else %}listen 80;{% endif %}
-  server_name discovery.localhost {{ DISCOVERY_HOST }};
+  server_name {{ DISCOVERY_HOST }};
 
   {% if ACTIVATE_HTTPS and not WEB_PROXY %}
   ssl_certificate /etc/letsencrypt/live/{{ DISCOVERY_HOST }}/fullchain.pem;

tutordiscovery/plugin.py

@@ -12,6 +12,7 @@ config = {
         "MYSQL_PASSWORD": "{{ 8|random_string }}",
         "SECRET_KEY": "{{ 20|random_string }}",
         "OAUTH2_SECRET": "{{ 8|random_string }}",
+        "OAUTH2_SECRET_SSO": "{{ 8|random_string }}",
     },
     "defaults": {
         "VERSION": __version__,
@@ -22,6 +23,8 @@ config = {
         "MYSQL_USERNAME": "discovery",
         "OAUTH2_KEY": "discovery",
         "OAUTH2_KEY_DEV": "discovery-dev",
+        "OAUTH2_KEY_SSO": "discovery-sso",
+        "OAUTH2_KEY_SSO_DEV": "discovery-sso-dev",
     },
 }
 

tutordiscovery/templates/discovery/apps/settings/partials/common.py

@@ -1,7 +1,5 @@
 SECRET_KEY = "{{ DISCOVERY_SECRET_KEY }}"
 ALLOWED_HOSTS = [
-    "localhost",
-    "discovery.localhost",
     "discovery",
     "{{ DISCOVERY_HOST }}"
 ]
@@ -59,15 +57,33 @@ LOGGING["handlers"]["local"] = {
     "filename": "/var/log/discovery.log",
     "formatter": "standard",
 }
+LOGGING["loggers"]["algoliasearch_django"] = {"level": "WARNING"}
 
+{% set jwt_rsa_key = rsa_import_key(JWT_RSA_PRIVATE_KEY) %}
+import json
 JWT_AUTH["JWT_ISSUER"] = "{{ JWT_COMMON_ISSUER }}"
 JWT_AUTH["JWT_AUDIENCE"] = "{{ JWT_COMMON_AUDIENCE }}"
 JWT_AUTH["JWT_SECRET_KEY"] = "{{ JWT_COMMON_SECRET_KEY }}"
-SOCIAL_AUTH_EDX_OIDC_SECRET = "{{ DISCOVERY_OAUTH2_SECRET }}"
-SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY = SOCIAL_AUTH_EDX_OIDC_SECRET
-SOCIAL_AUTH_EDX_OIDC_ISSUER = "{{ JWT_COMMON_ISSUER }}"
-SOCIAL_AUTH_EDX_OIDC_URL_ROOT = "http://lms:8000/oauth2"
-SOCIAL_AUTH_REDIRECT_IS_HTTPS = {% if ACTIVATE_HTTPS %}True{% else %}False{% endif %}
+# TODO assign a discovery-specific public key
+JWT_AUTH["JWT_PUBLIC_SIGNING_JWK_SET"] = json.dumps(
+    {
+        "keys": [
+            {
+                "kid": "openedx",
+                "kty": "RSA",
+                "e": "{{ jwt_rsa_key.e|long_to_base64 }}",
+                "n": "{{ jwt_rsa_key.n|long_to_base64 }}",
+            }
+        ]
+    }
+)
+JWT_AUTH["JWT_ISSUERS"] = [
+    {
+        "ISSUER": "{{ JWT_COMMON_ISSUER }}",
+        "AUDIENCE": "{{ JWT_COMMON_AUDIENCE }}",
+        "SECRET_KEY": "{{ OPENEDX_SECRET_KEY }}"
+    }
+]
 
 EDX_DRF_EXTENSIONS = {
     'OAUTH2_USER_INFO_URL': '{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/oauth2/user_info',

tutordiscovery/templates/discovery/apps/settings/tutor/development.py

@@ -2,9 +2,13 @@ from ..devstack import *
 
 {% include "discovery/apps/settings/partials/common.py" %}
 
-# The following urls should be accessible from the outside by a discovery web user in
-# order to use the /login endpoint
-SOCIAL_AUTH_EDX_OIDC_PUBLIC_URL_ROOT = "http://localhost:8000/oauth2"
-SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL = "http://localhost:8000/logout"
-BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL = SOCIAL_AUTH_EDX_OIDC_URL_ROOT
-SOCIAL_AUTH_EDX_OIDC_KEY = "{{ DISCOVERY_OAUTH2_KEY_DEV }}"
+BACKEND_SERVICE_EDX_OAUTH2_KEY = "{{ DISCOVERY_OAUTH2_KEY_DEV }}"
+BACKEND_SERVICE_EDX_OAUTH2_SECRET = "{{ DISCOVERY_OAUTH2_SECRET }}"
+BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL = "http://lms:8000/oauth2"
+
+SOCIAL_AUTH_EDX_OAUTH2_KEY = "{{ DISCOVERY_OAUTH2_KEY_SSO_DEV }}"
+SOCIAL_AUTH_EDX_OAUTH2_SECRET = "{{ DISCOVERY_OAUTH2_SECRET_SSO }}"
+SOCIAL_AUTH_EDX_OAUTH2_ISSUER = "http://{{ DISCOVERY_HOST }}:8381"
+SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = "http://{{ DISCOVERY_HOST }}:8381"
+SOCIAL_AUTH_EDX_OAUTH2_PUBLIC_URL_ROOT = SOCIAL_AUTH_EDX_OAUTH2_ISSUER
+SOCIAL_AUTH_EDX_OAUTH2_LOGOUT_URL = SOCIAL_AUTH_EDX_OAUTH2_ISSUER + "/logout"

tutordiscovery/templates/discovery/apps/settings/tutor/production.py

@@ -2,12 +2,15 @@ from ..production import *
 
 {% include "discovery/apps/settings/partials/common.py" %}
 
-# The following urls should be accessible from the outside by a discovery web user in
-# order to use the /login endpoint
-SOCIAL_AUTH_EDX_OIDC_PUBLIC_URL_ROOT = "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/oauth2"
-SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL = "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/logout"
-BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL = SOCIAL_AUTH_EDX_OIDC_URL_ROOT
-SOCIAL_AUTH_EDX_OIDC_KEY = "{{ DISCOVERY_OAUTH2_KEY }}"
+BACKEND_SERVICE_EDX_OAUTH2_KEY = "{{ DISCOVERY_OAUTH2_KEY }}"
+BACKEND_SERVICE_EDX_OAUTH2_SECRET = "{{ DISCOVERY_OAUTH2_SECRET }}"
+BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL = "http://lms:8000/oauth2"
 
-COMPRESS_ENABLED = True
-COMPRESS_OFFLINE = True
+SOCIAL_AUTH_EDX_OAUTH2_KEY = "{{ DISCOVERY_OAUTH2_KEY_SSO }}"
+SOCIAL_AUTH_EDX_OAUTH2_SECRET = "{{ DISCOVERY_OAUTH2_SECRET_SSO }}"
+SOCIAL_AUTH_EDX_OAUTH2_ISSUER = "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}"
+SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = SOCIAL_AUTH_EDX_OAUTH2_ISSUER
+SOCIAL_AUTH_EDX_OAUTH2_PUBLIC_URL_ROOT = SOCIAL_AUTH_EDX_OAUTH2_ISSUER
+SOCIAL_AUTH_EDX_OAUTH2_LOGOUT_URL = SOCIAL_AUTH_EDX_OAUTH2_ISSUER + "/logout"
+
+SOCIAL_AUTH_REDIRECT_IS_HTTPS = {% if ACTIVATE_HTTPS %}True{% else %}False{% endif %}

tutordiscovery/templates/discovery/build/discovery/Dockerfile

@@ -6,7 +6,7 @@ RUN apt update && \
 ENV LC_ALL en_US.UTF-8
 
 ARG DISCOVERY_REPOSITORY=https://github.com/edx/course-discovery.git
-ARG DISCOVERY_VERSION=open-release/ironwood.2
+ARG DISCOVERY_VERSION=open-release/juniper.1
 RUN mkdir -p /openedx/discovery && \
     git clone $DISCOVERY_REPOSITORY --branch $DISCOVERY_VERSION --depth 1 /openedx/discovery
 WORKDIR /openedx/discovery
@@ -22,7 +22,7 @@ RUN pip install --upgrade pip setuptools
 
 # Install a recent version of nodejs
 RUN pip install nodeenv
-RUN nodeenv /openedx/nodeenv --node=8.9.3 --prebuilt
+RUN nodeenv /openedx/nodeenv --node=12.13.0 --prebuilt
 ENV PATH /openedx/nodeenv/bin:${PATH}
 
 # Install python and nodejs requirements

tutordiscovery/templates/discovery/hooks/discovery/init

@@ -1,40 +1,20 @@
-export DJANGO_SETTINGS_MODULE=course_discovery.settings.tutor.production
-
 make migrate
 
-# Creating partners: the courses-api-url and oidc-url-root need to be accessible
-# from inside the discovery container in order to successfully run init.
-# TODO add --ecommerce-api-url parameters
 # Development partners
 ./manage.py create_or_update_partner  \
   --site-id 1 \
-  --site-domain discovery.localhost \
+  --site-domain {{ DISCOVERY_HOST }}:8381 \
   --code dev --name "Open edX - development" \
-  --courses-api-url "http://lms:8000/api/courses/v1/" \
-  --oidc-url-root "http://lms:8000/oauth2" \
-  --oidc-key "{{ DISCOVERY_OAUTH2_KEY }}" \
-  --oidc-secret "{{ DISCOVERY_OAUTH2_SECRET }}"
+  --lms-url="http://lms:8000" \
+  --courses-api-url "http://{{ LMS_HOST }}:8000/api/courses/v1/"
  
-./manage.py create_or_update_partner  \
-  --site-id 3 \
-  --site-domain localhost \
-  --code dev8381 --name "Open edX - development (localhost:8381)" \
-  --courses-api-url "http://lms:8000/api/courses/v1/" \
-  --oidc-url-root "http://lms:8000/oauth2" \
-  --oidc-key "{{ DISCOVERY_OAUTH2_KEY_DEV }}" \
-  --oidc-secret "{{ DISCOVERY_OAUTH2_SECRET }}"
-
-{% if DISCOVERY_HOST != "discovery.localhost" %}
 # Production partner
 ./manage.py create_or_update_partner  \
   --site-id 2 \
   --site-domain {{ DISCOVERY_HOST }} \
   --code openedx --name "Open edX" \
-  --courses-api-url "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/api/courses/v1/" \
-  --oidc-url-root "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/oauth2" \
-  --oidc-key "{{ DISCOVERY_OAUTH2_KEY }}" \
-  --oidc-secret "{{ DISCOVERY_OAUTH2_SECRET }}"
-{% endif %}
+  --lms-url="http://lms:8000" \
+  --courses-api-url "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}/api/courses/v1/"
 
-./manage.py refresh_course_metadata --partner_code=dev
+./manage.py refresh_course_metadata --partner_code=openedx
 ./manage.py update_index --disable-change-limit

tutordiscovery/templates/discovery/hooks/lms/init

@@ -1,26 +1,46 @@
-export DJANGO_SETTINGS_MODULE=$SERVICE_VARIANT.envs.$SETTINGS
-
 ./manage.py lms manage_user discovery discovery@{{ LMS_HOST }} --staff --superuser
 ./manage.py lms manage_user lms_catalog_service_user lms_catalog_service_user@{{ LMS_HOST }}
 
 # Development client
-./manage.py lms create_oauth2_client \
-    "http://localhost:8381" \
-    "http://localhost:8381/complete/edx-oidc/" \
-    confidential \
-    --client_name discovery-dev \
-    --client_id {{ DISCOVERY_OAUTH2_KEY_DEV }} \
-    --client_secret {{ DISCOVERY_OAUTH2_SECRET }} \
-    --username discovery \
-    --trusted
+./manage.py lms create_dot_application \
+    --grant-type client-credentials \
+    --redirect-uris "http://{{ DISCOVERY_HOST }}:8381/complete/edx-oauth2/" \
+    --client-id {{ DISCOVERY_OAUTH2_KEY_DEV }} \
+    --client-secret {{ DISCOVERY_OAUTH2_SECRET }} \
+    --scopes user_id \
+    --skip-authorization \
+    --update \
+    discovery-dev \
+    discovery
+./manage.py lms create_dot_application \
+    --grant-type authorization-code \
+    --redirect-uris "http://{{ DISCOVERY_HOST }}:8381/complete/edx-oauth2/" \
+    --client-id {{ DISCOVERY_OAUTH2_KEY_SSO_DEV }} \
+    --client-secret {{ DISCOVERY_OAUTH2_SECRET_SSO }} \
+    --scopes user_id \
+    --skip-authorization \
+    --update \
+    discovery-sso-dev \
+    discovery
 
 # Production client
-./manage.py lms create_oauth2_client \
-    "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ DISCOVERY_HOST }}" \
-    "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ DISCOVERY_HOST }}/complete/edx-oidc/" \
-    confidential \
-    --client_name discovery \
-    --client_id {{ DISCOVERY_OAUTH2_KEY }} \
-    --client_secret {{ DISCOVERY_OAUTH2_SECRET }} \
-    --username discovery \
-    --trusted
+./manage.py lms create_dot_application \
+    --grant-type client-credentials \
+    --redirect-uris "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ DISCOVERY_HOST }}/complete/edx-oauth2/" \
+    --client-id {{ DISCOVERY_OAUTH2_KEY }} \
+    --client-secret {{ DISCOVERY_OAUTH2_SECRET }} \
+    --scopes user_id \
+    --skip-authorization \
+    --update \
+    discovery \
+    discovery
+./manage.py lms create_dot_application \
+    --grant-type authorization-code \
+    --redirect-uris "{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://{{ DISCOVERY_HOST }}/complete/edx-oauth2/" \
+    --client-id {{ DISCOVERY_OAUTH2_KEY_SSO }} \
+    --client-secret {{ DISCOVERY_OAUTH2_SECRET_SSO }} \
+    --scopes user_id \
+    --skip-authorization \
+    --update \
+    discovery-sso \
+    discovery