compose: fix lookupproxy deployment

compose/base.yml

@@ -11,9 +11,8 @@ services:
 
   # Lookup proxy service
   lookupproxy:
-    build:
-      context: .
-      dockerfile: ./lookupproxy.Dockerfile
+    image: uisautomation/lookupproxy
+    entrypoint: ["/tmp/wait-for-it.sh", "lookupproxy-db:5432", "--", "/tmp/start-devserver.sh"]
     expose:
       - "8080"
     ports:
@@ -23,6 +22,10 @@ services:
       - "hydra"
     env_file:
       - lookupproxy.env
+    volumes:
+      - ./start-devserver.sh:/tmp/start-devserver.sh
+      - ./wait-for-it.sh:/tmp/wait-for-it.sh
+      - ./lookupproxysettings.py:/usr/src/app/settings.py
   lookupproxy-db:
     image: postgres
     env_file:

compose/create-oauth2-clients.sh

@@ -16,6 +16,7 @@ hydra connect \
 # corresponding clients did not exist
 hydra clients delete smswebapp || echo "-- smswebapp not deleted"
 hydra clients delete lookupproxy || echo "-- lookupproxy not deleted"
+hydra clients delete lookupproxyserver || echo "-- lookupproxyserver not deleted"
 
 # Create smswebapp client which can request scopes to access the lookup proxy
 # and to introspect tokens from hydra.
@@ -34,6 +35,13 @@ hydra clients create \
     --response-types token \
     --allowed-scopes lookup:anonymous
 
+# Create lookupproxyserver client which can request scopes to introspect tokens
+hydra clients create \
+    --id lookupproxyserver --secret lookupproxysecret \
+    --grant-types client_credentials \
+    --response-types token \
+    --allowed-scopes hydra.introspect
+
 # We need to create a Hydra policy allowing the smswebapp to introspect tokens.
 # Delete a policy if it is already in place and re-create it
 hydra policies delete introspect-policy \

compose/lookupproxy.env

@@ -5,7 +5,7 @@
 PORT=8080
 
 # Use the developer-specific settings.
-DJANGO_SETTINGS_MODULE=lookupproxy.settings.developer
+DJANGO_SETTINGS_MODULE=settings
 
 # Set the secret key.
 DJANGO_SECRET_KEY="$zaxY\Vowc,sp9EIs31cj^T5C~0D%5HI[<Xa9P,[jxr=X67}"
@@ -22,5 +22,11 @@ POSTGRES_DB=lookupproxy
 POSTGRES_USER=lookupproxyuser
 POSTGRES_PASSWORD=databasePass
 
+OAUTH2_TOKEN_URL=http://hydra:4444/oauth2/token
+OAUTH2_INTROSPECT_URL=http://hydra:4444/oauth2/introspect
+OAUTH2_AUTH_URL=http://localhost:4444/oauth2/auth
+OAUTH2_CLIENT_ID=lookupproxyserver
+OAUTH2_CLIENT_SECRET=lookupproxysecret
+
 # To allow talking to OAuth2 endpoint over HTTP
 OAUTHLIB_INSECURE_TRANSPORT=1

compose/lookupproxysettings.py

@@ -0,0 +1,38 @@
+import os
+
+from lookupproxy.settings.base import *  # noqa: F403
+
+DEBUG = True
+
+ALLOWED_HOSTS = ['*']
+
+OAUTH2_TOKEN_URL = os.environ.get('OAUTH2_TOKEN_URL')
+OAUTH2_INTROSPECT_URL = os.environ.get('OAUTH2_INTROSPECT_URL')
+OAUTH2_CLIENT_ID = os.environ.get('OAUTH2_CLIENT_ID')
+OAUTH2_CLIENT_SECRET = os.environ.get('OAUTH2_CLIENT_SECRET')
+OAUTH2_INTROSPECT_SCOPES = ['hydra.introspect']
+
+SWAGGER_SETTINGS['SECURITY_DEFINITIONS']['oauth2']['authorizationUrl'] = (  # noqa: F405
+    os.environ.get('OAUTH2_AUTH_URL')
+)
+
+# For the moment, the lookup certificates in test do not match the root hard-coded into the client.
+LOOKUP_API_ENDPOINT_HOST = 'www.lookup.cam.ac.uk'
+
+# Ensure that logging is shown in the console.
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'handlers': {
+        'console': {
+            'class': 'logging.StreamHandler',
+        },
+    },
+    'loggers': {
+        '': {
+            'handlers': ['console'],
+            'level': 'INFO',
+            'propagate': True,
+        },
+    },
+}