overwrite commit

Because we use staging for German people, we need a new environment for
our demo

.sops.yaml

@@ -4,6 +4,7 @@ creation_rules:
     - age:
       - age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x # jacques
       - age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 # github-repo
+      - age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw # argocd
       - age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg # Anthony Le-Courric
       - age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 # Antoine Lebaud
       - age1hnhuzj96ktkhpyygvmz0x9h8mfvssz7ss6emmukags644mdhf4msajk93r # Samuel Paccoud

src/backend/core/api/__init__.py

@@ -8,6 +8,8 @@ from rest_framework import views as drf_views
 from rest_framework.decorators import api_view
 from rest_framework.response import Response
 
+from ..models import Document, User, RoleChoices, DocumentAccess
+
 
 def exception_handler(exc, context):
     """Handle Django ValidationError as an accepted exception.
@@ -38,3 +40,32 @@ def get_frontend_configuration(request):
     }
     frontend_configuration.update(settings.FRONTEND_CONFIGURATION)
     return Response(frontend_configuration)
+
+
+
+@api_view(["POST"])
+def create_summary(request):
+    """Wip."""
+
+    data = request.data
+
+    document = Document(
+        title="Votre résumé",
+        link_reach="authenticated",
+        link_role="reader",
+    )
+
+    document.save()
+    owner_user = User.objects.get(email=data["owner"])
+
+    document_access = DocumentAccess(
+        user=owner_user,
+        document=document,
+        role=RoleChoices.OWNER
+    )
+    document_access.save()
+
+    document.content = data["content"]
+    document.save()
+
+    return Response({"id": document.id})

src/backend/core/urls.py

@@ -5,7 +5,7 @@ from django.urls import include, path, re_path
 
 from rest_framework.routers import DefaultRouter
 
-from core.api import viewsets
+from core.api import viewsets, create_summary
 from core.authentication.urls import urlpatterns as oidc_urls
 
 # - Main endpoints
@@ -44,6 +44,7 @@ urlpatterns = [
             [
                 *router.urls,
                 *oidc_urls,
+                path("summary/", create_summary, name="create_summary"),
                 re_path(
                     r"^documents/(?P<resource_id>[0-9a-z-]*)/",
                     include(document_related_router.urls),

src/backend/impress/settings.py

@@ -458,16 +458,25 @@ class Base(Configuration):
     AI_BASE_URL = values.Value(None, environ_name="AI_BASE_URL", environ_prefix=None)
     AI_MODEL = values.Value(None, environ_name="AI_MODEL", environ_prefix=None)
 
-    AI_DOCUMENT_RATE_THROTTLE_RATES = {
-        "minute": 5,
-        "hour": 100,
-        "day": 500,
-    }
-    AI_USER_RATE_THROTTLE_RATES = {
-        "minute": 3,
-        "hour": 50,
-        "day": 200,
-    }
+    AI_DOCUMENT_RATE_THROTTLE_RATES = values.DictValue(
+        {
+            "minute": 5,
+            "hour": 100,
+            "day": 500,
+        },
+        environ_name="AI_DOCUMENT_RATE_THROTTLE_RATES",
+        environ_prefix=None,
+    )
+
+    AI_USER_RATE_THROTTLE_RATES = values.DictValue(
+        {
+            "minute": 3,
+            "hour": 50,
+            "day": 200,
+        },
+        environ_name="AI_USER_RATE_THROTTLE_RATES",
+        environ_prefix=None,
+    )
 
     USER_OIDC_FIELDS_TO_FULLNAME = values.ListValue(
         default=["first_name", "last_name"],

src/helm/env.d/docs-ia/custom-secrets.enc.yaml

@@ -0,0 +1,67 @@
+aiBaseUrl: ENC[AES256_GCM,data:HKUEyJUP94wrZU6p6ezRc2c+hDBj2m2/Jw==,iv:qMka2VprAKjU8Q8F5+mtm6MY5cPWHdIBDjADiPHR1iQ=,tag:ykOJhJ07gFHALF7ZpAp5ig==,type:str]
+aiApiKey: ENC[AES256_GCM,data:zY59S7I7DnPXlb6OcwFNsJdocXTJKVtcfvPl1nkgC9o=,iv:go72+zykuJpPLiLxkrLwP6lVjnGCnzBMoXLtnPivvuQ=,tag:cvV1UIHx/IrbftwsUGsviQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNDl5OW83MUwwejVCSE10
+            SkV3SGZHZWpONnZqYWlCUmdJZmppM2d5YmxFCnRvTExZMnlwZTJUYkhXcWVSMnNr
+            QjBubVhYbkxFVUlQUFRNcHRiWGhueGsKLS0tIFBrYUhQNVhpQ2wwZjhObzVzME5E
+            QmtMOC9waTZTekc1alpBdXRHbWpNME0KTtfTufsr+kZ0/y3gaZjU+lT8QAIakzoh
+            rCojnZgi7chIJPwFRbNeDizVPtvawET+pEYBUGpEXVLTOVt91rWhKQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNFRrem9JV0diME5QMW9M
+            T2dMVExBYWVPYzY4ck5aNzJBN1FYc1ZMM1g4CmM3UkUxLzN2dnlhUVFsUXRQY0tL
+            aW9NSlQ1aG9mb2MxT3ZRRTZjNUMyVWsKLS0tIElXVFFmdEtEZnJ0eVRFR21heE5W
+            dU5RSkd4ZG9qa2U3MGM3VjFqMERNRUkK3yJXuOTlIv+X+vb07olarV+RfCcxVJ7e
+            WOPfC7S3RfRaf5Ic//rGHeaO7NSV9qFRIeyhM+DP3HclCI4nh1A14A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZWp6SzV5N2MxbVdRcEd4
+            WmN3d1Frc1MweUt4M21tdFZmRXRJUTRQREV3Cm1RM2lyYUVYTjdmR29nT0piS3dR
+            OTQxdU80NmF4eG45VE1uQ1VXb29ubU0KLS0tIFNxb0RyRXJWV0xheDZLa1NTNWtC
+            bTBMWkh1VEF3bW9wdm5vTTRmR1NYcHMKsPhh5zKRBKYnabQfK4x85hJ56nTM/b1t
+            PAvBgYYwYRwVdv7UP6FsNnU+fIxV1g19PF7iLZlZVwfuNgIASPJtAg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNmh3TC9IYmlnYlBEZHVB
+            YitRNEZucWhaY0xJdEdsZWlaKzhSYTFYY1dFClVqdFM4TmpsWC9YQ3RUcEpnVURH
+            NjV0QU1COG4vQkhGeWdyeUhjUWpyZDAKLS0tIHJnOWVIZmFGRHNLWXVnSUFieFBt
+            d1R6d0hLZloxRmtlczd1UGtaTERqYW8KqTie+Oq9dqzdBoaLueL/OCEvwHfMiSpZ
+            wPJkOhJYLQAf+0WfO1CxrWOMmTPyXwR8vNXEnhitBwrg8s/h1fYEhw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSzNqZS93YUQ4MmVoUGF5
+            OXFxVlppalVIeGtsemM0Q0gzVXRmQUw4YUV3CkVBNFhkVWRTdGZsTnVnTGQySUc3
+            dHNxNlJFOVZjcVZ3ckNlU3hxMXRYbGMKLS0tIDVuMlVNdUNNU09jc2dPY2RPamt2
+            Zk9DenZpUEx4QXMxZEZsVHVaRGFqSDAKw2rmGTV5iWXApdqBRaNLFYBc7qYadLGc
+            NRztmZNOGgG9N0P+Zv+1IEXotLJ/8CnCpyYaV3JbAYmGGZFYZTBLQg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1hnhuzj96ktkhpyygvmz0x9h8mfvssz7ss6emmukags644mdhf4msajk93r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTVBMb1NjNkRla3BEMjc0
+            dVNxTTJTVGxudW9hMVVIYXh3aGVIOUVWR0EwCk0weVltQStJb1cxYWlTdStHZUgx
+            eEI1R2xqSGNzOTJUeGJLK2NOVGhPVnMKLS0tIHhLUFJvVHBWeWdxTXJWS1NScGZq
+            WWpmQmwvSjR3dlNZQy80MEhNVVZtdUkKCGDakeuRxdIgFwVS8D9mBT6VUUp1JTLW
+            t18K0eHuNQW4M9ZrxSrrTHQkQ60e3/GJym7OAkhnwA7dt+G9hg6Jbw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-18T09:35:17Z"
+    mac: ENC[AES256_GCM,data:Rk8HeFcfsSPEZdfM6LYGrZgMl6uev+0nrLApyqtke1gXUj5cAGymNmKAmRUuE3IO5iHFn13c67FPDYeK28FSgPZ6r+ae/IE+ypCT6UnLx/HznLUdmo6dI81SNeUlCGPwgVe2V+/LThknF85MSo5fQks2/OzoRinDBhGfgt8e2so=,iv:V/nrhZnxfMr2uJbdza6ATHmZN41F982jO7UhjOjBh30=,tag:avXISYuDAvYywbFxfgnwGQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0

src/helm/env.d/docs-ia/secrets.enc.yaml

@@ -0,0 +1 @@
+../../../../secrets/numerique-gouv/impress/env/docs-ia/secrets.enc.yaml

src/helm/env.d/docs-ia/values.impress.yaml.gotmpl

@@ -0,0 +1,186 @@
+image:
+  repository: lasuite/impress-backend
+  pullPolicy: Always
+  tag: "vdemo"
+
+backend:
+  migrateJobAnnotations:
+    argocd.argoproj.io/hook: PreSync
+    argocd.argoproj.io/hook-delete-policy: HookSucceeded
+  envVars:
+    AI_API_KEY:
+      secretKeyRef:
+        name: backend
+        key: AI_API_KEY
+    AI_BASE_URL:
+      secretKeyRef:
+        name: backend
+        key: AI_BASE_URL
+    AI_DOCUMENT_RATE_THROTTLE_RATES: '{"minute": 5000, "hour": 5000, "day": 5000}'
+    AI_MODEL: ministral-8b-latest
+    AI_USER_RATE_THROTTLE_RATES: '{"minute": 5000, "hour": 5000, "day": 5000}'
+    DJANGO_CSRF_TRUSTED_ORIGINS: http://docs-ia.beta.numerique.gouv.fr,https://docs-ia.beta.numerique.gouv.fr
+    DJANGO_CONFIGURATION: Production
+    DJANGO_ALLOWED_HOSTS: "*"
+    DJANGO_SECRET_KEY:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SECRET_KEY
+    DJANGO_SETTINGS_MODULE: impress.settings
+    DJANGO_SUPERUSER_EMAIL:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SUPERUSER_EMAIL
+    DJANGO_SUPERUSER_PASSWORD:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SUPERUSER_PASSWORD
+    DJANGO_EMAIL_HOST: "smtp.tem.scw.cloud"
+    DJANGO_EMAIL_PORT: 587
+    DJANGO_EMAIL_USE_TLS: True
+    DJANGO_EMAIL_FROM: "noreply@docs.beta.numerique.gouv.fr"
+    DJANGO_EMAIL_HOST_USER:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_EMAIL_HOST_USER
+    DJANGO_EMAIL_HOST_PASSWORD:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_EMAIL_HOST_PASSWORD
+    DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
+    OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks
+    OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
+    OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
+    OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo
+    OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end
+    OIDC_RP_CLIENT_ID:
+      secretKeyRef:
+        name: backend
+        key: OIDC_RP_CLIENT_ID
+    OIDC_RP_CLIENT_SECRET:
+      secretKeyRef:
+        name: backend
+        key: OIDC_RP_CLIENT_SECRET
+    OIDC_RP_SIGN_ALGO: RS256
+    OIDC_RP_SCOPES: "openid email"
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://docs-ia.beta.numerique.gouv.fr
+    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
+    LOGIN_REDIRECT_URL: https://docs-ia.beta.numerique.gouv.fr
+    LOGIN_REDIRECT_URL_FAILURE: https://docs-ia.beta.numerique.gouv.fr
+    LOGOUT_REDIRECT_URL: https://docs-ia.beta.numerique.gouv.fr
+    DB_HOST:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: host
+    DB_NAME:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: database
+    DB_USER:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: username
+    DB_PASSWORD:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: password
+    DB_PORT:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: port
+    POSTGRES_USER:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: username
+    POSTGRES_DB:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: database
+    POSTGRES_PASSWORD:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: password
+    REDIS_URL:
+      secretKeyRef:
+        name: redis.redis.libre.sh
+        key: url
+    AWS_S3_ENDPOINT_URL:
+      secretKeyRef:
+        name: impress-media-storage.bucket.libre.sh
+        key: url
+    AWS_S3_ACCESS_KEY_ID:
+      secretKeyRef:
+        name: impress-media-storage.bucket.libre.sh
+        key: accessKey
+    AWS_S3_SECRET_ACCESS_KEY:
+      secretKeyRef:
+        name: impress-media-storage.bucket.libre.sh
+        key: secretKey
+    AWS_STORAGE_BUCKET_NAME:
+      secretKeyRef:
+        name: impress-media-storage.bucket.libre.sh
+        key: bucket
+    AWS_S3_REGION_NAME: local
+    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
+
+  createsuperuser:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - |
+        python manage.py createsuperuser --email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
+    restartPolicy: Never
+
+frontend:
+  image:
+    repository: lasuite/impress-frontend
+    pullPolicy: Always
+    tag: "vdemo"
+
+yProvider:
+  image:
+    repository: lasuite/impress-y-provider
+    pullPolicy: Always
+    tag: "vdemo"
+
+ingress:
+  enabled: true
+  host: docs-ia.beta.numerique.gouv.fr
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+
+ingressWS:
+  enabled: true
+  host: docs-ia.beta.numerique.gouv.fr
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+
+ingressAdmin:
+  enabled: true
+  host: docs-ia.beta.numerique.gouv.fr
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start
+    nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth
+
+ingressMedia:
+  enabled: true
+  host: docs-ia.beta.numerique.gouv.fr
+
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
+    nginx.ingress.kubernetes.io/auth-url: https://docs-ia.beta.numerique.gouv.fr/api/v1.0/documents/retrieve-auth/
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /docs-ia-impress-media-storage/$1
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/upstream-vhost: s3.margaret-hamilton.indiehosters.net
+
+serviceMedia:
+  host: s3.margaret-hamilton.indiehosters.net
+  port: 443
+

src/helm/helmfile.yaml

@@ -58,6 +58,7 @@ releases:
       - env.d/{{ .Environment.Name }}/values.impress.yaml.gotmpl
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
+      - env.d/{{ .Environment.Name }}/custom-secrets.enc.yaml
 
 environments:
   dev:
@@ -70,6 +71,11 @@ environments:
       - version: 0.0.1
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
+  docs-ia:
+    values:
+      - version: 0.0.1
+    secrets:
+      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
   preprod:
     values:
       - version: 0.0.1