* refactor: enterprise dependencies for EdxRestAPIClient replacement
This is a part of https://github.com/openedx/public-engineering/issues/42
- add settings for enterprise-backend-service DOT application
- update utils used by enterprise to get rid of EdxRestAPIClient
- original utils stays in the code (to keep edx-platform api
clients working) till the
https://github.com/openedx/public-engineering/issues/39 deprecation
work will be done
* fix: fix typo in the docstring
Rendering asset URLs requires HTML blocks to be associated with a course key.
This change allows HTML blocks to be associated with libraries and still
render without error.
Tests which @requires_blockstore (i.e. the Blockstore service) have
been made to run as a unit test using the installed Blockstore app, and
will be run by the platform CI.
The Blockstore service tests can still be run manually by setting
EDXAPP_RUN_BLOCKSTORE_TESTS=1
Related fixes:
* adds blockstore bundle storage settings
* let the studio devstack and test servers serve static files from
the /media URL This allows the blockstore/content libraries API to
serve blockstore assets in dev.
* Wrap ContentLibrary creation in an atomic transaction, so that if it
fails, the related bundle can be deleted directly from the database
during the exception handler. (Previously, we called a REST API which
deleted it as part of a separate service.)
* adds blockstore as a requirement and an installed app, with
configurable bundle storage settings.
* adds waffle switch and setting to allow use of blockstore's python API
instead of REST API in live testservers and in production.
* adds database router which, when a `blockstore` DATABASE connection is
configured, allows the platform to use the blockstore service's
database instead of the default edxapp database.
* replaces blockstore_api exceptions and models with blockstore.app.api classes
* minor fixes to the blockstore_api to make the Blockstore REST API
return data packaged the same as the Blockstore Python API.
Previously, our rate-limiting code trusted the entire `X-Forwarded-For`
header, allowing a malicious client to spoof that header and evade
rate-limiting. This commit introduces a new module and setting
allowing us to make a more conservative choice of IPs.
- Create new `openedx.core.djangoapps.util.ip` module for producing
the IP "external chain" for requests based on the XFF header and the
REMOTE_ADDR.
- Include a function that gives the safest choice of IPs.
- Add new setting `CLOSEST_CLIENT_IP_FROM_HEADERS` for configuring how
the external chain is derived (i.e. setting the trust
boundary). Currently has a default, but we may want to make it
mandatory in the future.
- Change `django-ratelimit` code to use the proximate IP in the external
chain -- the one just outside the trust boundary.
Also:
- Change `XForwardedForMiddleware` to use more conservative choice for
its `REMOTE_ADDR` override
- Other adjustments to `XForwardedForMiddleware` as needed in order to
initialize new module and support code that needs the real
`REMOTE_ADDR` value
- Metrics for observability into the change (and XFF composition)
- Feature switch to restore legacy mode if needed
This also gives us a path forward to removing use of the django-ipware
package, which is no longer maintained and has a handful of bugs that make it
difficult to use safely.
Internal ticket: ARCHBOM-2056
[MICROBA-1507]
* adds new functionality for retrieving and submitting scheduled tasks to Celery
* add an InstructorTaskSchedule factory for unit testing
* adds unit tests for processing scheduled tasks
Specifically:
- enrollment has ended or not begun (whoops!)
- is full (at/over max enrollment)
Before this change in these cases, we would still show an enroll
button which wasn't functional, causing user confusion.
AA-1245
Overrides the SystemWideEnterpriseUserRoleAssignment.get_assignments() method to return
a list of (role, context) assignments, where the first item in the list corresponds
to the currently active enterprise for the user. Also ensures that
EnterpriseSystemWideUserRoleAssignment.get_assignments() can handle null values that might be returned by get_context().
The only way to access the legacy courseware is now through the
Studio preview feature (and at some point, when the MFE supports a
preview mode, we can then remove even that).
This drops the courseware.use_legacy_frontend waffle.
[MICROBA-1696]
* Introduce an ADR with details on the proposed approach to scheduled instructor tasks to support scheduled bulk email
* Introduce an ADR with details on how scheduled instructor tasks will be processed
The ony use is a GET request in admin portal so this view need not be post/put friendly right now.
It may actually get removed in an upcoming iteration, or stay readonly.
Fixes: SEC-1418
Co-authored-by: Binod Pant <bpant@edx.org>
The ony use is a GET request in admin portal so this view need not be post/put friendly right now.
It may actually get removed in an upcoming iteration, or stay readonly.
Fixes: SEC-1418
