Add provision_server management command

[RuthShryock]

Checklist

1. If you've added code that should be tested, add tests
2. If you've changed APIs, update (or create!) the documentation
3. Ensure the tests pass
4. Make sure that your code lints and that you've followed our coding style
5. Write a title and, if necessary, a description of your work suitable for publishing in our release notes
6. Mention any related issues in this repository (as #ISSUE) and in other repositories (as kobotoolbox/other#ISSUE)
7. Open an issue in the docs if there are UI/UX changes

Description

Automates setup of social applications and constance configurations through running ./manage.py provision_server along with specified arguments.

Notes

This command has two subcommands socialapp and config.
Example: ./manage.py provision_server config MFA_ENABLED=False SUPERUSER_AUTH_ENFORCEMENT=True will disable MFA and enable authentication for superusers.
(The config subcommand can take an infinite number of key-value pairs.)

[bufke]

I would expect this to work but it doesn't /manage.py provision_server socialapp --provider goog --provider_id g --name name --client_id abc --settings "{}" is it easy to allow keyword arguments? It would make it easier to omit optional values.

[bufke]

I like the documentation in general, good work. Especially the argument docs. I would add an example command here too, for quick learning.

[bufke]

This doesn't work, you need to have a lookup based on a unique field - maybe name? The first time it works. Then with a different name, I still get "Social app for my_first_name already exists" even though I changed the name.

[bufke]

I'd probably inline this as it's setting a variable that is used exactly once. Minor, fine-to-ignore, comment.

[bufke]

Interesting way to validate json, I imagine it works fine. I don't think it's possible to error in the dumps line, so that can be moved outside of the try, except.

Or actually I think you could achieve the validation with

try:
   json.loads(value)
except json.JSONDecodeError ...

you don't really need the value, right? You're just converting to and then from json to validate it I assume.

If you end up keeping this code - I might try to break it out so it's not so nested. I don't typically say one must "Don't repeat yourself" when repeating just twice. But in this case it might help reduce the nesting.

[bufke]

Is this needed? I know that json technically isn't supposed to start with an array. But this works for me

>>> data = "[1, 2]"
>>> import json
>>> json.loads(data)
[1, 2]
>>> json.dumps(json.loads(data))
'[1, 2]'

[notion-workspace]

Task 3 - helm automation

[bufke]

I don't think this does anything, does it? It serializes to a string but the result isn't saved anywhere.

[bufke]

Very minor but if you could do this

kwargs.get('secret', os.getenv('SOCIAL_APP_SECRET', ''))

That would prefer the kwarg over the env var (Seems right to me) 🤷

[bufke]

I think this is catching the same error and then re-raising it? Why not allow the original exception to be raised? If you want to catch it and add more context, do that. Or leave it alone. Catching and raising without any benefit is obfuscating the error.

[bufke]

This line can be omitted, you don't need to repeat the args in get_or_create again in defaults. The usage of get_or_create makes a lot of sense though.

[bufke]

Thanks, I'm pretty sure I can just merge after this one change.