Simple UI and workflow to manage projects and users enrolment for any cloud environment.
Table of Contents
- Tech Stack
- Quick Start
Designed to be simple and seamlessly connect with an existing workflow, this app was created to replace PDF forms previously used to request projects (tenants) and user creation into our cloud environment. To prevent security challenges and ensure all requests go through a documented approval workflow, the system automatically sends requests to our helpdesk system, creating tickets then processed by our team. This allows for greater customization (such as variations from default quotas) and gives us the ability to ask more questions if necessary.
To prevent un-eligible requests, the app can be connected to DACO to verify a user's permissions. This setting was made optional, as it is very specific to our domain.
Using the app, Principal Investigators can detail a reasearch project and request a cloud tenant to be created. The application is then reviewed by the team, and the tenant/project is created in our cloud environment. Once created, the PI can invite users to join their projects by mentioning their email address.
Users then receive an invitation and fill-out the registration form. Their own respective cloud accounts will then be created by the team.
Here are some of this app's features:
- User authentication through OpenID Connect (Google)
- User DACO permissions validation (optional)
- Email-based workflows
- Admin role, to approve projects and users
- Register and manage projects
- Register and manage users
The application is built with a ReactJS front-end, Django Rest Framework powered back-end, and is easily deployable using Docker (docker-compose).
The goal of this guide is to get a working application quickly up and running using docker-compose. This can be used as a demo or in production, and requires the following:
Google API credentials need to be setup via Google Cloud Console – Instructions Here
All users logging into the application via the Google sign-in require a DACO account, for more information visit https://icgc.org/daco
Both config files (details below) need to be configured before running the initial
Step 1 - Config Files
There are two configuration templates that need to be copied and completed. The first is the env.template in the project root, the second is the config.template.js file in enrolment-ui/docker-assets-config/config/config.template.js
- The env.template becomes the .env file in the
- The config.template.js file becomes the config.js file in
env.template –> .env
.env enrolment-service/ enrolment-ui/ ...
DB_NAME- Setting used to setup Postgres Container
DB_USER- Setting used to setup Postgres Container
DB_PASS- Setting used to setup Postgres Container
DB_SERVICE- Setting used to setup Postgres Container
DB_PORT- Setting used to setup Postgres Container
Django Admin User
DJANGO_SUPER_USER- Django admin user name
DJANGO_SUPER_MAIL- Django admin user's email address
DJANGO_SUPER_PASS- Password (recommend you delete this after initial setup)
ICGC DACO Credentials
ICGC_CLIENT_KEY- Needed to interact with DACO Service
ICGC_CLIENT_SECRET- Needed to interact with DACO Service
ICGC_TOKEN- Needed to interact with DACO Service
ICGC_TOKEN_SECRET- Needed to interact with DACO Service
ICGC_BASE_URL- Needed to interact with DACO Service
SMTP_URL- DNS Server IP or DNS
SMTP_FROM- Email address to be used as sender for all notifications
RESOURCE_ADMIN_EMAIL- Email to receive admin notifications (ex. new project created)
DEBUG- Whether or not to run Django in debug mode
DJANGO_LOG_LEVEL- Controls the log level coming from Django:
- DEBUG: Low level system information for debugging purposes
- INFO: General system information
- WARNING: Information describing a minor problem that has occurred.
- ERROR: Information describing a major problem that has occurred.
- CRITICAL: Information describing a critical problem that has occurred.
config.template.js –> config.js
enrolment-service/ enrolment-ui/ |__ config/ |__ docker-assets-config/ |__ assets/ |__ config/ |__ config.template.js |__ config.js ...
clientId- OAuth 2.0 client ID from https://console.cloud.google.com/apis/credentials?project=__YOUR_PROJECT_NAME__
multiLingual- Enable/Disable language toggle in Application
peFullTerms- Link to Project Enrolment terms and conditions (shown on last step of application)
Step 2 - Docker Compose
sudo docker-compose build
sudo docker-compose up
Step 3 - Social Application Config (Django Admin)
As mentioned before, Google API credentials must be created in order for the login to work. Once that is setup, you will have the necessary information to complete this step. The following will assume a
docker-compose running on a local machine with the default port mapping setup in the compose file, you can substitute
localhost for your URL/IP where applicable if this is running remote.
Create Social App in Django Admin + Google Cloud Console
- In your browser to go
- Login with your admin credentials
- Click the Social applications link at the bottom of the screen
- Click the
ADD SOCIAL APPLICATION +button
- Complete the fields:
- Go to your Google Cloud console credentials page and click your application link
for work in local development, you may use
local.enrolment.cancercollaboratory.org, by adding it to your hosts file, and replacing the commented lines in
Step 4 - Run
At this point if you visit the front-end
http://localhost you will see the login page, now ready to login and authorize DACO approved Gmail addresses as well as accepting internal logins using the Django admin login setup in the config.
While developing, you are able to use 'python -m smtpd -n -c DebuggingServer localhost:1025' to mock an email server. This tool logs the email to terminal; useful to test and debug notifications, etc.