Feature/update sample env files (#2320)

* Feature: update sample .env files

* Remove old production .env file

* Update DEVELOPMENT.md to reflect project state

* Update CHANGELOG.md before PR

* Link JIRA ticket # on relevant changes

CHANGELOG.MD

@@ -1,6 +1,20 @@
 # Change Log
+
 All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](https://semver.org/).
 
+
+## v1.0.1 - 2023-10-18
+
+> **Feature**: Update sample .env files - [🎟️DSENG-414](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-414)
+>- Sample .env files have been updated to reflect the current state of the project.
+>- *Breaking*: Keycloak URLs and resources now point to the BC Government's SSO service when using `sample.env` as a baseline
+>- *Breaking*: The `met_api` module has been updated slightly to consume Pathfinder SSO's API schema.
+
+- Changes to `DEVELOPMENT.md` to reflect the current state of the project
+- Remove one old production .env file with obsolete settings
+
+
 ## v1.0.0 - 2023-10-01
+
 - App handoff from EAO to GDX
 - Added changelog

DEVELOPMENT.md

@@ -9,13 +9,7 @@ The below docker compose command will setup the initial database structure and r
 docker compose -f ./tools/postgres/docker-compose.yml up -d
 ```
 
-## Keycloak 
-
-A local instance of keycloak might be necessary. The following configuration uses the database above, schema "keycloak". Run the following command:
-
-```
-docker compose -f ./tools/keycloak/docker-compose.yml up -d
-```
+⚠️ Note that the following sections assume your working directory is the listed component's root directory (e.g. `met-api`, `met-web`)
 
 ## met-web
 
@@ -51,7 +45,14 @@ Installing the packages:
 make setup
 ```
 
-Starting the app:
+Manually upgrading the database:
+*This wil also create some default data for the app if it does not exist*
+
+```
+make db
+```
+
+Starting the app (automatically upgrades the database):
 
 ```
 make run

met-api/sample.env

@@ -1,52 +1,45 @@
+# Changes Flask's run mode and the set of env vars are used to configure the app. You should not need to change this here.
 FLASK_ENV=development
 
-# local db variables
-DATABASE_USERNAME=met
-DATABASE_PASSWORD=met
-DATABASE_NAME=met
-DATABASE_HOST=localhost
-DATABASE_PORT=5432
-
-JWT_OIDC_TEST_ISSUER="http://localhost:8081/auth/realms/demo"
-JWT_OIDC_TEST_WELL_KNOWN_CONFIG="http://localhost:8081/auth/realms/demo/.well-known/openid-configuration"
-JWT_OIDC_TEST_ALGORITHMS="RS256"
-JWT_OIDC_TEST_AUDIENCE="met-web"
-JWT_OIDC_TEST_CLIENT_SECRET="1111111111"
-JWT_OIDC_TEST_JWKS_CACHE_TIMEOUT="6000"
-
-JWT_OIDC_WELL_KNOWN_CONFIG=https://localhost:8080/auth/realms/met/.well-known/openid-configuration
-JWT_OIDC_AUDIENCE=account
-JWT_OIDC_ISSUER=https://localhost:8080/auth/realms/met
-JWT_OIDC_ALGORITHMS=RS256
-JWT_OIDC_JWKS_URI=https://localhost:8080/auth/realms/met/protocol/openid-connect/certs
-JWT_OIDC_CACHING_ENABLED=True
-JWT_OIDC_JWKS_CACHE_TIMEOUT=3000000
-
-SITE_URL=http://localhost:3000
-KEYCLOAK_BASE_URL=https://localhost:8080
-KEYCLOAK_URL_REALM=met
-
-MET_ADMIN_CLIENT_ID=met-admin
-MET_ADMIN_CLIENT_SECRET=<GENERATED_CLIENT_SECRET>
-
-NOTIFICATIONS_EMAIL_ENDPOINT=https://localhost:5002/api/v1/notifications/email
-VERIFICATION_EMAIL_TEMPLATE_ID=c4cc1633-321a-4400-8a22-272acecd836a
-SUBSCRIBE_EMAIL_TEMPLATE_ID=9cd4942b-8ac9-49ae-a869-c800c57a7472
-REJECTED_EMAIL_TEMPLATE_ID=fede7ed2-4e4f-4278-9881-dadc21df8f11
-ACCESS_REQUEST_EMAIL_ADDRESS=[email protected]
-ACCESS_REQUEST_EMAIL_TEMPLATE_ID=41afa792-4c75-425a-9ad9-c558561d6669
-
-EAO_SUBMISSION_REPORT=614d387c-1fa9-4a04-af42-13a027a837d6
-EAO_ENGAGEMENT_CLOSEOUT=8c76a4dc-eec2-439b-8234-4c95234f128d
-EAO_VERIFICATION_EMAIL_TEMPLATE_ID=c08693e0-50eb-4815-9d1f-1036cdba9876
-
-
-
-CORS_ORIGIN=http://192.168.0.145:8000,http://192.168.0.145:3000,http://localhost:8000,http://localhost:3000,http://localhost:5000
-
-S3_BUCKET=<BUCKET_NAME>
-S3_ACCESS_KEY_ID=met-admin
-S3_SECRET_ACCESS_KEY=<GENERATED_S3_SECRET>
-S3_HOST=citz-gdx.objectstore.gov.bc.ca
-S3_REGION=us-east-1
-S3_SERVICE=execute-api
+# Database configuration. 
+# See DEVELOPMENT.md for instructions on how to set up the local database.
+DATABASE_HOST="localhost"
+DATABASE_PORT="5432"
+DATABASE_USERNAME="postgres"
+DATABASE_PASSWORD="postgres"
+DATABASE_NAME="met"
+
+# Email API endpoint
+NOTIFICATIONS_EMAIL_ENDPOINT=https://met-notify-api-dev.apps.gold.devops.gov.bc.ca/api/v1/notifications/email
+
+# Keycloak configuration. Keycloak is now hosted, and local keycloak instances are no longer needed.
+KEYCLOAK_BASE_URL=https://dev.loginproxy.gov.bc.ca/auth
+KEYCLOAK_REALMNAME=standard
+JWT_OIDC_AUDIENCE=modern-engagement-tools-4787
+JWT_OIDC_WELL_KNOWN_CONFIG=${KEYCLOAK_BASE_URL}/realms/${KEYCLOAK_REALMNAME}/.well-known/openid-configuration
+JWT_OIDC_JWKS_URI=${KEYCLOAK_BASE_URL}/realms/${KEYCLOAK_REALMNAME}/protocol/openid-connect/certs
+JWT_OIDC_ISSUER=${KEYCLOAK_BASE_URL}/realms/${KEYCLOAK_REALMNAME}
+
+# Authenticates the MET API with Keycloak for running tests.
+# Currently unused since the hosted Keycloak instance does not support API usage.
+MET_ADMIN_CLIENT_ID=
+MET_ADMIN_CLIENT_SECRET=
+
+# S3 configuration. Used for uploading custom header images, etc.
+S3_ACCESS_KEY_ID=
+S3_BUCKET=
+S3_HOST='citz-gdx.objectstore.gov.bc.ca'
+S3_REGION='us-east-1'
+S3_SECRET_ACCESS_KEY=
+S3_SERVICE='execute-api'
+
+# EPIC integration configuration
+EPIC_URL=https://eagle-dev.apps.silver.devops.gov.bc.ca/api/commentperiod
+EPIC_JWT_OIDC_ISSUER=${KEYCLOAK_BASE_URL}/auth/realms/eao-epic
+EPIC_KC_CLIENT_ID=eagle-admin-console
+EPIC_MILESTONE=5cf00c03a266b7e1877504e9
+EPIC_KEYCLOAK_SERVICE_ACCOUNT_ID=
+EPIC_KEYCLOAK_SERVICE_ACCOUNT_SECRET=
+
+# Allowed CORS origins
+CORS_ORIGIN=http://localhost:3000,http://localhost:5000

met-api/src/met_api/__init__.py

@@ -129,7 +129,7 @@ def setup_jwt_manager(app_context, jwt_manager):
     """Use flask app to configure the JWTManager to work for a particular Realm."""
 
     def get_roles(a_dict):
-        return a_dict['realm_access']['roles']  # pragma: no cover
+        return a_dict['client_roles']  # pragma: no cover
 
     app_context.config['JWT_ROLE_CALLBACK'] = get_roles
     jwt_manager.init_app(app_context)

met-web/sample.env

@@ -1,8 +1,18 @@
-REACT_APP_KEYCLOAK_CLIENT=
-REACT_APP_KEYCLOAK_REALM=
-REACT_APP_KEYCLOAK_URL=
-REACT_APP_FORMIO_JWT_SECRET=
-REACT_APP_FORM_ID=
+# Keycloak auth endpoint
+REACT_APP_KEYCLOAK_URL=https://dev.loginproxy.gov.bc.ca/auth
+REACT_APP_KEYCLOAK_REALM=standard
+
+# Resource identifier for the Keycloak client
+REACT_APP_KEYCLOAK_CLIENT=modern-engagement-tools-4787
+
+# The role needed to be considered an admin
+# TODO: Allocate a dedicated role for this on SSO
+REACT_APP_KEYCLOAK_ADMIN_ROLE=create_tenant
+
+# `met-api` endpoint
 REACT_APP_API_URL=http://localhost:5000/api
+
+# `analytics-api` endpoint
 REACT_APP_ANALYTICS_API_URL=http://localhost:5001/api
-REACT_APP_ENGAGEMENT_PROJECT_TYPES=Energy-Electricity,Energy - Petroleum & Natural Gas,Food Processing,Industrial,Mines,Other,Tourist Destination Resorts,Transportation,Waste Disposal,Water Management
+# Default tenant to assign when signing in for the first time
+REACT_APP_DEFAULT_TENANT=eao