-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: fetching of a secured Algolia key [BB-8083] #887
base: master
Are you sure you want to change the base?
Conversation
Thanks for the pull request, @0x29a! What's next?Please work through the following steps to get your changes ready for engineering review: 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. 🔘 Let us know that your PR is ready for review:Who will review my changes?This repository is currently unmaintained. To get help with finding a technical reviewer, tag the community contributions project manager for this PR in a comment and let them know that your changes are ready for review:
Where can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:
When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
- I tested this: in feat: fetching of a secured Algolia key [BB-8083] open-craft/frontend-app-learner-portal-enterprise#1, which matches the code from this PR (this PR has an additional replacement of the duplicated code in the
AcademyDetailPage
) - I read through the code
- I checked for accessibility issues: n/a
- Includes documentation: n/a
@@ -22,17 +24,41 @@ export const useRenderContactHelpText = (enterpriseConfig) => { | |||
return renderContactHelpText; | |||
}; | |||
|
|||
let cachedApiKey = null; | |||
|
|||
export const useAlgoliaSearchApiKey = (config) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[inform] We've been starting to use @tanstack/react-query
's useQuery
hook to make API GET
requests moving forward, as it removes a fair amount of boilerplate (e.g., loading states, useEffect
, etc.), the need for custom client-side caching support, etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for letting me know, @adamstankiewicz. Would you like me to re-write this using useQuery
, or it's fine as is?
@0x29a I've run the tests, but looks like there are some conflicts that need attention. |
6c9c804
to
0510cef
Compare
0510cef
to
52c8526
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #887 +/- ##
==========================================
+ Coverage 84.87% 84.97% +0.10%
==========================================
Files 320 338 +18
Lines 6399 7102 +703
Branches 1552 1739 +187
==========================================
+ Hits 5431 6035 +604
- Misses 941 1035 +94
- Partials 27 32 +5 ☔ View full report in Codecov by Sentry. |
@e0d, thanks. I rebased the branch and fixed all linting & tests issues. |
Hi @0x29a! Flagging that some branch conflicts have popped up for when you have a minute. Thanks! |
Hi @mphilbrick211, unless the base branch gets some major changes that make changes in dependent PRs fundamentally wrong, I'd prefer to fix conflicts after PRs are reviewed and approved or refused. Here is why:
Does this make sense? @e0d, maybe you have suggestions on what we can improve from our side to streamline the review process? |
Hi @openedx/2u-titans! Is someone able to review / merge this for us? |
This is the same approach we've taken with Meilisearch in Redwood for the new Course Search feature: a unique API key is generated for every user, so they can make queries against Meilisearch directly but only see results that they're allowed to see. Question: why would we want to leave the option in place for the "old" way with a shared key - is that still useful? |
I think it is, @bradenmacdonald. Here is what @tecoholic wrote in our internal ticket:
I didn't realize this when was implementing the backend part. If we want to get rid of the "old" way, the |
Hi @0x29a! Is this pull request still in progress? |
Description
Adds a fallback mechanism, so when the
ALGOLIA_SEARCH_API_KEY
environment variable is not set, the key is fetched from the endpoint defined by theALGOLIA_SECURED_KEY_ENDPOINT
environment variable. It expects this endpoint to return a JSON like:This is intended, but not limited to, to be used with openedx/edx-enterprise#1962.
Testing steps
We're going to test this and openedx/edx-enterprise#1962 PRs at once by creating three courses and three enterprise customers, uploading them to Algolia through
enterprise-catalog
and checking that learners are able to browse catalogs of their enterprises with the help of this MFE, but unable to access courses of enterprises they don't belong to.Prerequisites
You'll need an Algolia account. Create an application and
enterprise-catalog
index. Write down the application id, admin API key, and search API key somewhere.Installing master devstack
After that:
cd ../edx-platform
ENTERPRISE_ALGOLIA_SEARCH_API_KEY = '<YOUR_ALGOLIA_SEARCH_(NOT ADMIN)_API_KEY>'
to the end oflms/envs/devstack.py
.Installing edx-enterprise fork
Installing enterprise-catalog
After that:
enterprise_catalog/apps/catalog/constants.py
and add'source'
to theCONTENT_PRODUCT_SOURCE_ALLOW_LIST
set.enterprise_catalog/settings/devstack.py
:make dev.provision
.Installing frontend-app-learner-portal-enterprise
Leave this terminal open, do all the remaining steps in a separate one.
Creating test entities
ABC
,XYZ
, andPSY
for all fields, like here:Course Start Date
andEnrollment Start Date
for each course here to01/01/2019
.Source
name here: http://localhost:18381/admin/course_metadata/source/add/ABC
toXYZ
andPSY
for each query.XXX
,YYY
,ZZZ
. Change their slugs respectively.XXX
should be assigned to the query selectingABC
course,YYY
->XYZ
andZZZ
->PSY.
Indexing
Go to the
<DEVSTACK_WORKSPACE>
and replace incourse_discovery/settings/base.py
this:with this:
Then, go to the
<DEVSTACK_WORKSPACE>/devstack
directory run the following to pull the data from LMS to Course Discovery:Then:
./manage.py populate_default_product_source ./manage.py update_index --disable-change-limit exit
Now we need to copy course queries and other enterprise-related data from LMS to
enterprise-catalog
. Run the following:After that you should see three of your course queries here.
Now, go to the
<DEVSTACK_WORKSPACE>/enterprise-catalog
and run the following to fetch content metadata (courses and course runs) from Course Discovery:After that you should see
Course
andCourse Run
objects for each of your courses here. If you don't, then something went wrong. Also,Json metadata
for each course should contain a non-emptyadvertised_course_run_uuid
.Now you can upload all courses to Algolia:
If everything go fine, you should see three courses in your
enterprise-catalog
Algolia index.Enrolling users
abc@example.com
.XXX
enterprise customer and clickManager Learners
(example of the admin panel URL).abc@example.com
user to thecourse-v1:ABC+ABC+ABC
course. SpecifyAudit
track andtest
reason for manual enrollment.YYY
enterprise customer andcourse-v1:XYZ+XYZ+XYZ
course, so we have a single learner present in two different enterprises.Testing frontend-app-learner-portal-enterprise
abc@example.com
.http://localhost:8734
.abc@example.com
, you should be offered to choose an organization. ChooseXXX
.ABC
course here.YYY
, you should see theXYZ
course.Now, open the browser dev tools and locate a query like this:
Edit and Resend
(that's for Firefox).Body
field and clickSend
:ABC
andXYZ
courses, omitting thePSY
course.To test the default MFE behavior, try setting the
ALGOLIA_SEARCH_API_KEY
environment variable, re-starting the npm server and testing that the MFE is pulling all courses from the index.