From 2fc9d1ac9dbb3557541c449820f4bba4cd4b7313 Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@tomclegg.ca>
Date: Mon, 24 Aug 2020 10:06:50 -0400
Subject: [PATCH] 16314: Remove SSO from arvbox.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
---
 tools/arvbox/bin/arvbox                       | 14 ---
 .../arvbox/lib/arvbox/docker/Dockerfile.demo  |  6 --
 tools/arvbox/lib/arvbox/docker/Dockerfile.dev |  1 -
 tools/arvbox/lib/arvbox/docker/api-setup.sh   |  5 --
 .../lib/arvbox/docker/cluster-config.sh       | 20 ++---
 tools/arvbox/lib/arvbox/docker/common.sh      |  1 -
 .../arvbox/docker/service/ready/run-service   |  3 +-
 .../docker/service/sso/log/main/.gitstub      |  0
 .../lib/arvbox/docker/service/sso/log/run     |  1 -
 .../arvbox/lib/arvbox/docker/service/sso/run  |  1 -
 .../lib/arvbox/docker/service/sso/run-service | 88 -------------------
 11 files changed, 10 insertions(+), 130 deletions(-)
 delete mode 100644 tools/arvbox/lib/arvbox/docker/service/sso/log/main/.gitstub
 delete mode 120000 tools/arvbox/lib/arvbox/docker/service/sso/log/run
 delete mode 120000 tools/arvbox/lib/arvbox/docker/service/sso/run
 delete mode 100755 tools/arvbox/lib/arvbox/docker/service/sso/run-service

diff --git a/tools/arvbox/bin/arvbox b/tools/arvbox/bin/arvbox
index 292a4fd746..46acc8baf2 100755
--- a/tools/arvbox/bin/arvbox
+++ b/tools/arvbox/bin/arvbox
@@ -44,10 +44,6 @@ if test -z "$ARVADOS_ROOT" ; then
     ARVADOS_ROOT="$ARVBOX_DATA/arvados"
 fi
 
-if test -z "$SSO_ROOT" ; then
-    SSO_ROOT="$ARVBOX_DATA/sso-devise-omniauth-provider"
-fi
-
 if test -z "$COMPOSER_ROOT" ; then
     COMPOSER_ROOT="$ARVBOX_DATA/composer"
 fi
@@ -126,7 +122,6 @@ wait_for_arvbox() {
 docker_run_dev() {
     docker run \
 	   "--volume=$ARVADOS_ROOT:/usr/src/arvados:rw" \
-           "--volume=$SSO_ROOT:/usr/src/sso:rw" \
            "--volume=$COMPOSER_ROOT:/usr/src/composer:rw" \
            "--volume=$WORKBENCH2_ROOT:/usr/src/workbench2:rw" \
            "--volume=$PG_DATA:/var/lib/postgresql:rw" \
@@ -238,9 +233,6 @@ run() {
         if ! test -d "$ARVADOS_ROOT" ; then
             git clone https://git.arvados.org/arvados.git "$ARVADOS_ROOT"
         fi
-        if ! test -d "$SSO_ROOT" ; then
-            git clone https://github.com/arvados/sso-devise-omniauth-provider.git "$SSO_ROOT"
-        fi
         if ! test -d "$COMPOSER_ROOT" ; then
             git clone https://github.com/arvados/composer.git "$COMPOSER_ROOT"
             git -C "$COMPOSER_ROOT" checkout arvados-fork
@@ -267,11 +259,6 @@ run() {
                        /usr/local/lib/arvbox/runsu.sh \
                        /usr/local/lib/arvbox/waitforpostgres.sh
 
-                docker exec -ti \
-                       $ARVBOX_CONTAINER \
-                       /usr/local/lib/arvbox/runsu.sh \
-                       /var/lib/arvbox/service/sso/run-service --only-setup
-
                 docker exec -ti \
                        $ARVBOX_CONTAINER \
                        /usr/local/lib/arvbox/runsu.sh \
@@ -572,7 +559,6 @@ case "$subcmd" in
 	       "$ARVBOX_BASE/$1/gopath" \
 	       "$ARVBOX_BASE/$1/Rlibs" \
 	       "$ARVBOX_BASE/$1/arvados" \
-	       "$ARVBOX_BASE/$1/sso-devise-omniauth-provider" \
 	       "$ARVBOX_BASE/$1/composer" \
 	       "$ARVBOX_BASE/$1/workbench2" \
 	       "$ARVBOX_BASE/$2"
diff --git a/tools/arvbox/lib/arvbox/docker/Dockerfile.demo b/tools/arvbox/lib/arvbox/docker/Dockerfile.demo
index 34d3845eaf..6bc43e2b7a 100644
--- a/tools/arvbox/lib/arvbox/docker/Dockerfile.demo
+++ b/tools/arvbox/lib/arvbox/docker/Dockerfile.demo
@@ -4,7 +4,6 @@
 
 FROM arvados/arvbox-base
 ARG arvados_version
-ARG sso_version=master
 ARG composer_version=arvados-fork
 ARG workbench2_version=master
 
@@ -12,9 +11,6 @@ RUN cd /usr/src && \
     git clone --no-checkout https://github.com/arvados/arvados.git && \
     git -C arvados checkout ${arvados_version} && \
     git -C arvados pull && \
-    git clone --no-checkout https://github.com/arvados/sso-devise-omniauth-provider.git sso && \
-    git -C sso checkout ${sso_version} && \
-    git -C sso pull && \
     git clone --no-checkout https://github.com/arvados/composer.git && \
     git -C composer checkout ${composer_version} && \
     git -C composer pull && \
@@ -27,7 +23,6 @@ ADD service/ /var/lib/arvbox/service
 RUN ln -sf /var/lib/arvbox/service /etc
 RUN mkdir -p /var/lib/arvados
 RUN echo "production" > /var/lib/arvados/api_rails_env
-RUN echo "production" > /var/lib/arvados/sso_rails_env
 RUN echo "production" > /var/lib/arvados/workbench_rails_env
 
 RUN /usr/local/lib/arvbox/createusers.sh
@@ -36,7 +31,6 @@ RUN sudo -u arvbox /var/lib/arvbox/service/api/run-service --only-deps
 RUN sudo -u arvbox /var/lib/arvbox/service/composer/run-service --only-deps
 RUN sudo -u arvbox /var/lib/arvbox/service/workbench2/run-service --only-deps
 RUN sudo -u arvbox /var/lib/arvbox/service/keep-web/run-service --only-deps
-RUN sudo -u arvbox /var/lib/arvbox/service/sso/run-service --only-deps
 RUN sudo -u arvbox /var/lib/arvbox/service/workbench/run-service --only-deps
 RUN sudo -u arvbox /var/lib/arvbox/service/doc/run-service --only-deps
 RUN sudo -u arvbox /var/lib/arvbox/service/vm/run-service --only-deps
diff --git a/tools/arvbox/lib/arvbox/docker/Dockerfile.dev b/tools/arvbox/lib/arvbox/docker/Dockerfile.dev
index 22668253e1..c7621e387d 100644
--- a/tools/arvbox/lib/arvbox/docker/Dockerfile.dev
+++ b/tools/arvbox/lib/arvbox/docker/Dockerfile.dev
@@ -9,7 +9,6 @@ ADD service/ /var/lib/arvbox/service
 RUN ln -sf /var/lib/arvbox/service /etc
 RUN mkdir -p /var/lib/arvados
 RUN echo "development" > /var/lib/arvados/api_rails_env
-RUN echo "development" > /var/lib/arvados/sso_rails_env
 RUN echo "development" > /var/lib/arvados/workbench_rails_env
 
 RUN mkdir /etc/test-service && \
diff --git a/tools/arvbox/lib/arvbox/docker/api-setup.sh b/tools/arvbox/lib/arvbox/docker/api-setup.sh
index 4ed25e03c0..6a261bf4c5 100755
--- a/tools/arvbox/lib/arvbox/docker/api-setup.sh
+++ b/tools/arvbox/lib/arvbox/docker/api-setup.sh
@@ -28,7 +28,6 @@ else
     secret_token=$(cat /var/lib/arvados/api_secret_token)
     blob_signing_key=$(cat /var/lib/arvados/blob_signing_key)
     management_token=$(cat /var/lib/arvados/management_token)
-    sso_app_secret=$(cat /var/lib/arvados/sso_app_secret)
     database_pw=$(cat /var/lib/arvados/api_database_pw)
     vm_uuid=$(cat /var/lib/arvados/vm-uuid)
 
@@ -37,10 +36,6 @@ $RAILS_ENV:
   uuid_prefix: $uuid_prefix
   secret_token: $secret_token
   blob_signing_key: $blob_signing_key
-  sso_app_secret: $sso_app_secret
-  sso_app_id: arvados-server
-  sso_provider_url: "https://$localip:${services[sso]}"
-  sso_insecure: false
   workbench_address: "https://$localip/"
   websocket_address: "wss://$localip:${services[websockets-ssl]}/websocket"
   git_repo_ssh_base: "git@$localip:"
diff --git a/tools/arvbox/lib/arvbox/docker/cluster-config.sh b/tools/arvbox/lib/arvbox/docker/cluster-config.sh
index 4798cb6ccd..1413984655 100755
--- a/tools/arvbox/lib/arvbox/docker/cluster-config.sh
+++ b/tools/arvbox/lib/arvbox/docker/cluster-config.sh
@@ -39,11 +39,6 @@ if ! test -s /var/lib/arvados/system_root_token ; then
 fi
 system_root_token=$(cat /var/lib/arvados/system_root_token)
 
-if ! test -s /var/lib/arvados/sso_app_secret ; then
-    ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_app_secret
-fi
-sso_app_secret=$(cat /var/lib/arvados/sso_app_secret)
-
 if ! test -s /var/lib/arvados/vm-uuid ; then
     echo $uuid_prefix-2x53u-$(ruby -e 'puts rand(2**400).to_s(36)[0,15]') > /var/lib/arvados/vm-uuid
 fi
@@ -83,8 +78,6 @@ Clusters:
         ExternalURL: "https://$localip:${services[workbench]}"
       Workbench2:
         ExternalURL: "https://$localip:${services[workbench2-ssl]}"
-      SSO:
-        ExternalURL: "https://$localip:${services[sso]}"
       Keepproxy:
         ExternalURL: "https://$localip:${services[keepproxy-ssl]}"
         InternalURLs:
@@ -139,13 +132,18 @@ Clusters:
       DefaultReplication: 1
       TrustAllContent: true
     Login:
-      SSO:
+      Test:
         Enable: true
-        ProviderAppSecret: $sso_app_secret
-        ProviderAppID: arvados-server
+        Users:
+          admin:
+            Email: admin@example.com
+            Password: admin
+          user:
+            Email: user@example.com
+            Password: user
     Users:
       NewUsersAreActive: true
-      AutoAdminFirstUser: true
+      AutoAdminUserWithEmail: admin@example.com
       AutoSetupNewUsers: true
       AutoSetupNewUsersWithVmUUID: $vm_uuid
       AutoSetupNewUsersWithRepository: true
diff --git a/tools/arvbox/lib/arvbox/docker/common.sh b/tools/arvbox/lib/arvbox/docker/common.sh
index 89864d5d18..05491c5361 100644
--- a/tools/arvbox/lib/arvbox/docker/common.sh
+++ b/tools/arvbox/lib/arvbox/docker/common.sh
@@ -33,7 +33,6 @@ services=(
   [api]=8004
   [controller]=8003
   [controller-ssl]=8000
-  [sso]=8900
   [composer]=4200
   [arv-git-httpd-ssl]=9000
   [arv-git-httpd]=9001
diff --git a/tools/arvbox/lib/arvbox/docker/service/ready/run-service b/tools/arvbox/lib/arvbox/docker/service/ready/run-service
index 470d105375..21cb7d48c6 100755
--- a/tools/arvbox/lib/arvbox/docker/service/ready/run-service
+++ b/tools/arvbox/lib/arvbox/docker/service/ready/run-service
@@ -67,8 +67,7 @@ if ! [[ -z "$waiting" ]] ; then
 
         gemlockcount=0
         for l in /usr/src/arvados/services/api/Gemfile.lock \
-                     /usr/src/arvados/apps/workbench/Gemfile.lock \
-                     /usr/src/sso/Gemfile.lock ; do
+                     /usr/src/arvados/apps/workbench/Gemfile.lock ; do
             gc=$(cat $l \
                         | grep -vE "(GEM|PLATFORMS|DEPENDENCIES|BUNDLED|GIT|$^|remote:|specs:|revision:)" \
                         | sed 's/^ *//' | sed 's/(.*)//' | sed 's/ *$//' | sort | uniq | wc -l)
diff --git a/tools/arvbox/lib/arvbox/docker/service/sso/log/main/.gitstub b/tools/arvbox/lib/arvbox/docker/service/sso/log/main/.gitstub
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/tools/arvbox/lib/arvbox/docker/service/sso/log/run b/tools/arvbox/lib/arvbox/docker/service/sso/log/run
deleted file mode 120000
index d6aef4a77d..0000000000
--- a/tools/arvbox/lib/arvbox/docker/service/sso/log/run
+++ /dev/null
@@ -1 +0,0 @@
-/usr/local/lib/arvbox/logger
\ No newline at end of file
diff --git a/tools/arvbox/lib/arvbox/docker/service/sso/run b/tools/arvbox/lib/arvbox/docker/service/sso/run
deleted file mode 120000
index a388c8b67b..0000000000
--- a/tools/arvbox/lib/arvbox/docker/service/sso/run
+++ /dev/null
@@ -1 +0,0 @@
-/usr/local/lib/arvbox/runsu.sh
\ No newline at end of file
diff --git a/tools/arvbox/lib/arvbox/docker/service/sso/run-service b/tools/arvbox/lib/arvbox/docker/service/sso/run-service
deleted file mode 100755
index e30e34f7c1..0000000000
--- a/tools/arvbox/lib/arvbox/docker/service/sso/run-service
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/bin/bash
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-exec 2>&1
-set -ex -o pipefail
-
-. /usr/local/lib/arvbox/common.sh
-
-cd /usr/src/sso
-if test -s /var/lib/arvados/sso_rails_env ; then
-  export RAILS_ENV=$(cat /var/lib/arvados/sso_rails_env)
-else
-  export RAILS_ENV=development
-fi
-
-run_bundler --without=development
-bundle exec passenger-config build-native-support
-bundle exec passenger-config install-standalone-runtime
-
-if test "$1" = "--only-deps" ; then
-    exit
-fi
-
-set -u
-
-uuid_prefix=$(cat /var/lib/arvados/api_uuid_prefix)
-
-if ! test -s /var/lib/arvados/sso_secret_token ; then
-  ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_secret_token
-fi
-secret_token=$(cat /var/lib/arvados/sso_secret_token)
-
-openssl verify -CAfile $root_cert $server_cert
-
-cat >config/application.yml <<EOF
-$RAILS_ENV:
-  uuid_prefix: $uuid_prefix
-  secret_token: $secret_token
-  default_link_url: "http://$localip"
-  allow_account_registration: true
-EOF
-
-(cd config && /usr/local/lib/arvbox/yml_override.py application.yml)
-
-if ! test -f /var/lib/arvados/sso_database_pw ; then
-    ruby -e 'puts rand(2**128).to_s(36)' > /var/lib/arvados/sso_database_pw
-fi
-database_pw=$(cat /var/lib/arvados/sso_database_pw)
-
-if ! (psql postgres -c "\du" | grep "^ arvados_sso ") >/dev/null ; then
-    psql postgres -c "create user arvados_sso with password '$database_pw'"
-    psql postgres -c "ALTER USER arvados_sso CREATEDB;"
-fi
-
-sed "s/password:.*/password: $database_pw/" <config/database.yml.example >config/database.yml
-
-if ! test -f /var/lib/arvados/sso_database_setup ; then
-   bundle exec rake db:setup
-
-   app_secret=$(cat /var/lib/arvados/sso_app_secret)
-
-   bundle exec rails console <<EOF
-c = Client.new
-c.name = "joshid"
-c.app_id = "arvados-server"
-c.app_secret = "$app_secret"
-c.save!
-EOF
-
-   touch /var/lib/arvados/sso_database_setup
-fi
-
-rm -rf tmp
-mkdir -p tmp/cache
-
-bundle exec rake assets:precompile
-bundle exec rake db:migrate
-
-set +u
-if test "$1" = "--only-setup" ; then
-    exit
-fi
-
-exec bundle exec passenger start --port=${services[sso]} \
-     --ssl --ssl-certificate=/var/lib/arvados/server-cert-${localip}.pem \
-     --ssl-certificate-key=/var/lib/arvados/server-cert-${localip}.key
-- 
2.30.2