This repository contains downstream distribution for the Kiwi TCMS open source test management system, dubbed Enterprise Edition, which contains the following changes:
- Based on
kiwitcms/kiwi
Docker image - Compatible only with PostgreSQL !!!
- Versioned static files
- NGINX replaced by OpenResty with embedded Lua support
- Render Mermaid.js diagrams in Markdown fenced code blocks as PNG. Example
See an example flowchart below: ```mermaid flowchart LR Start --> Stop ```
- Add-ons:
- django-ses - Amazon SES email backend
- dj-database-url - DB configuration
via
DATABASE_URL
- django-prometheus - Export Django monitoring metrics for Prometheus.io
- kiwitcms-github-app - extra integration with GitHub
- kiwitcms-tenants - multi-tenant support
- kiwitcms-trackers-integration - integration with extra issue trackers
- sentry-sdk - automatic error reporting with Sentry
- social-auth-app-django - extra authentication backends
- social-auth-kerberos - MIT Kerberos authentication backend
- django-python3-ldap - LDAP authentication backend
- Let's Encrypt certbot
- certbot-dns plugins
- Supported environment variables, configurable on the container:
DATABASE_URL
- short-hand database connection configuration, according to this this URL schema; Replaces individual database configuration via settings override, see exampleKIWI_TENANTS_DOMAIN
- FQDN for the multi-tenant configuration, e.g. tcms.my-company.org, see kiwitcms-tenants for more infoNGX_AUTHENTICATED_RATE
- req/sec for authenticated URLs; default 300 r/s, see etc/rate-limit.luaNGX_AUTHENTICATED_BURST
- burst rate for authenticated URLs; default 100, see etc/rate-limit.luaNGX_ERRORS_RATE
- req/sec for URLs resulting in 4xx, 5xx errors; default 1 r/m, see etc/rate-limit.luaNGX_ERRORS_BURST
- burst rate for URLs resulting in 4xx, 5xx errors; default 1, see etc/rate-limit.luaNGX_STATIC_RATE
- req/sec for static files; default 300 r/s, see etc/rate-limit.luaNGX_STATIC_BURST
- burst rate for static files; default 100, see etc/rate-limit.luaNGX_UPLOADS_RATE
- req/sec for uploaded files; default 10 r/s, see etc/rate-limit.luaNGX_UPLOADS_BURST
- burst rate for uploaded files; default 10, see etc/rate-limit.lua
While the software itself is open source we do not provide public
access to the resulting kiwitcms/enterprise
container image.
This is made available only to our subscribers, see https://kiwitcms.org/containers/
and https://kiwitcms.org/#subscriptions for more information.
If you want to use Kiwi TCMS free of charge head to http://kiwitcms.org!
-
Create your docker-compose.yml similar to our docker-compose.testing. Make sure to define the
KIWI_TENANTS_DOMAIN
environment variable. -
Once your containers are running execute:
docker exec -it web /Kiwi/manage.py initial_setup
NOTE: the domain value provided during
initial_setup
should be the same or one-level up from the value ofKIWI_TENANTS_DOMAIN
.
For more information see https://kiwitcms.readthedocs.io/en/latest/installing_docker.html#initial-configuration-of-running-container and https://github.com/kiwitcms/tenants/#first-boot-configuration
-
For initial configuration of Let's Encrypt SSL certificates execute the command:
docker exec -it -u0 web /Kiwi/bin/lets-encrypt <secondary-fqdn> <tertiary-fqdn> <etc>
- the value of
KIWI_TENANTS_DOMAIN
will be the primary domain on the SSL certificate - additional domain names may be specified as arguments
- WARNINGS::
- true
wildcard certificates
are only possible via certbot's DNS plugins while this script uses
--webroot
- for full control you may want to execute the
certbot
command directly - you need to bind-mount
/etc/letsencrypt/
and/Kiwi/ssl/
inside the container if you want the Let's Encrypt certificates to persist a restart
- true
wildcard certificates
are only possible via certbot's DNS plugins while this script uses
- the value of
In case you need to customize and extend the container image we recommend to use the
existing image as a baseline and incorporate all of your changes on top of it. For example
create a Dockerfile
like so:
FROM quay.io/kiwitcms/enterprise
# your own changes go here
then build your own image with the command
docker build -f Dockerfile.customized -t kiwitcms/customized .
.
Rebuilding from source is not recommended b/c it will result in slightly different images compared to what we provide online to subscribers. There is no way for the Kiwi TCMS team to test or provide any guarantees on container images rebuilt by anyone but us!
In the event that you need to do so then use the make docker-image
command and watchout
for errors during the build process. The buildroot generally needs Python 3,
the make
and docker
commands, the wheel
and twine
Python packages.
- Based on Kiwi TCMS v13.7
- Add dependency on
dict-hash
package - Update django-ses from 4.2.0 to 4.3.0
- Update dj-database-url from 2.2.0 to 2.3.0
- Update certbot from 2.11.0 to 3.0.1
- Update certbot-dns-* plugins from 2.11.0 to 3.0.1
- Update sentry-sdk from 2.16.0 to 2.19.0
- Based on Kiwi TCMS v13.6
- Update django-ses from 4.1.0 to 4.2.0
- Update kiwitcms-tenants from 3.1.0 to 3.2.1
- Update sentry-sdk from 2.12.0 to 2.16.0
- Update value for
Content-Security-Policy
header to match upstream Kiwi TCMS
- Based on Kiwi TCMS v13.5
- Update django-python3-ldap from 0.15.6 to 0.15.8
- Update kiwitcms-github-app from 2.0.0 to 2.0.1
- Update kiwitcms-tenants from 3.0.0 to 3.1.0
- Update kiwitcms-trackers-integration from 0.7.0 to 1.0.0
- Update sentry-sdk from 2.5.1 to 2.12.0
- Update social-auth-app-django from 5.4.1 to 5.4.2
- Based on Kiwi TCMS v13.4
- Relicense this source code under GNU Affero General Public License v3 or later
- Prior versions are still licensed under GNU General Public License v3
- Support Mermaid.js syntax in Markdown fenced code blocks. Closes Issue #3116
- Update certbot from 2.10.0 to 2.11.0
- Update certbot-dns-* plugins from 2.10.0 to 2.11.0
- Update django-ses from 4.0.0 to 4.1.0
- Update dj-database-url from 2.1.0 to 2.2.0
- Update kiwitcms-github-app from 1.7.0 to 2.0.0
- Update kiwitcms-tenants from 2.8.3 to 3.0.0
- Update sentry-sdk from 2.2.0 to 2.5.1
- Based on Kiwi TCMS v13.3
- Update kiwitcms-github-app from 1.6.0 to 1.7.0
- Update sentry-sdk from 2.0.1 to 2.2.0
- Preserve
/static/ca.crt
file inside the container
- Update certbot from 2.9.0 to 2.10.0
- Upgrade certbot-dns-* plugins from 2.9.0 to 2.10.0
- Update django-python3-ldap from 0.15.5 to 0.15.6
- Update django-ses from 3.5.2 to 4.0.0
- Update kiwitcms-tenants from 2.6.0 to 2.8.3
- Update sentry-sdk from 1.40.5 to 2.0.1
- Update social-auth-app-django from 5.4.0 to 5.4.1
- Update documentation related to production deployments
- Add test for file uploads via browser UI
- Fix for 404 errors when uploading files caused by different default configuration between OpenResty and NGINX
- Based on Kiwi TCMS v13.1.1
- Fix a bug introduced in v13.1
-
Based on Kiwi TCMS v13.1
-
Replace NGINX with OpenResty with built-in support for Lua scripting
-
Implement request limits configurable via environment variables
-
Initial integration with Let's Encrypt. Closes Issue #253
WARNINGS::
- true
wildcard certificates
are only possible via certbot's DNS plugins while current integration uses
--webroot
- you need to bind-mount
/etc/letsencrypt/
and/Kiwi/ssl/
inside the container if you want the Let's Encrypt certificates to persist a restart
- true
wildcard certificates
are only possible via certbot's DNS plugins while current integration uses
-
Replace
raven
withsentry-sdk
-
Override
HEALTHCHECK
command -
Add more tests for container and http functionality
- Based on Kiwi TCMS v13.0
- Update container runtime from Python 3.9 to Python 3.11
- Update django-ses from 3.5.0 to 3.5.2
- Update kiwitcms-github-app from 1.5.1 to 1.6.0
- Update kiwitcms-tenants from 2.5.2 to 2.6.0
- Update kiwitcms-trackers-integration from 0.6.0 to 0.7.0
- Update social-auth-kerberos from 0.2.4 to 0.3.0
- Start testing with upstream Postgres container image
- Assert that Personal API Tokens is listed in PLUGINS menu
- Adjust search path for images during test
-
Based on Kiwi TCMS v12.7
-
Update kiwitcms-tenants from 2.5.1 to 2.5.2
-
Update kiwitcms-trackers-integration from 0.5.0 to 0.6.0
Provides functionality for personal API tokens. Accessible via PLUGINS -> Personal API tokens menu!
WARNING: in order for users to be able to define personal API tokens for 3rd party bug-trackers they will need to be assigned permissions.
Database administrators should consider granting the following permissions::
tracker_integrations | api token | Can add api token tracker_integrations | api token | Can change api token tracker_integrations | api token | Can delete api token tracker_integrations | api token | Can view api token
either individually per-user basis or via groups!
-
Update python3-saml from 1.15.0 to 1.16.0
-
Update social-auth-app-django from 5.2.0 to 5.4.0
- Based on Kiwi TCMS v12.6.1
- Update dj-database-url from 2.0.0 to 2.1.0
- Based on Kiwi TCMS v12.5
- Update django-python3-ldap from 0.15.4 to 0.15.5
- Install django-prometheus inside container
- Pin Selenium to 4.9.1 b/c of failures with 4.10.0
- Based on Kiwi TCMS v12.4
- Update kiwitcms-trackers-integration from 0.4.0 to 0.5.0
- Based on Kiwi TCMS v12.3
- Update dj-database-url from 1.3.0 to 2.0.0
- Update django-ses from 3.3.0 to 3.5.0
- Update kiwitcms-tenants from 2.5.0 to 2.5.1
- Explicitly set permissions to read-all
- Enable checkov linter
- Based on Kiwi TCMS v12.2
- Update social-auth-app-django from 5.0.0 to 5.2.0
- Based on Kiwi TCMS v12.1
- Update dj-database-url from 1.2.0 to 1.3.0
- Update kiwitcms-github-app from 1.4.1 to 1.5.1
- Update kiwitcms-trackers-integration from 0.3.0 to 0.4.0
- Add test for missing migrations
- Based on Kiwi TCMS v12.0
- Update kiwitcms-github-app from 1.4.0 to 1.4.1
- Update kiwitcms-tenants from 2.4.0 to 2.5.0
- Based on Kiwi TCMS v11.7
- Update dj-database-url from 1.0.0 to 1.2.0
- Update django-python3-ldap from 0.15.3 to 0.15.4
- Update django-ses from 3.2.2 to 3.3.0
- Update kiwitcms-tenants from 2.3.2 to 2.4.0 to allow customization of tenant logo in navigation
- Update python3-saml from 1.14.0 to 1.15.0
- Add CodeQL workflow for GitHub code scanning
- Adjust ldap commands for Ubuntu 22.04.1 during testing in CI
- Based on Kiwi TCMS v11.6
- Update containers for RHEL 9, CentOS Stream 9 and Python 3.9
- Update actions/checkout from 2 to 3
- Update django-ses from 3.1.2 to 3.2.2
- Update kiwitcms-tenants from 2.3.1 to 2.3.2
- Update kiwitcms-trackers-integration from 0.2.0 to 0.3.0. Supports integration with OpenProject and Mantis BT. Closes Issue #2203 and Issue #879
- Update kiwitcms-tenants from 2.3.0 to 2.3.1
- Based on Kiwi TCMS v11.5
- Update django-python3-ldap from 0.15.2 to 0.15.3
- Update django-ses from 3.1.0 to 3.1.2
- Update kiwitcms-tenants from 2.1.1 to 2.3.0
- Update kiwitcms-github-app from 1.3.3 to 1.4.0
- Based on Kiwi TCMS v11.4
- Update django-python3-ldap from 0.13.1 to 0.15.2
- Update django-ses from 3.0.1 to 3.1.0
- Update dj-database-url from 0.5.0 to 1.0.0
- Add more icons for extra GitHub login backends
- Add images for various Google login backends
- Based on Kiwi TCMS v11.3
- Update kiwitcms-tenants from 2.1.0 to 2.1.1 to fix a bug in tenant groups admin page
- Based on Kiwi TCMS v11.3
- Update django-ses from 2.6.0 to 3.0.1
- Update kiwitcms-tenants from 1.11.0 to 2.1.0 for tenant groups support
- Based on Kiwi TCMS v11.2
- Update django-ses from 2.4.0 to 2.6.0
- Update python3-saml from 1.13.0 to 1.14.0
- Revert "Use django.contrib.staticfiles.storage from Django==3.2.12". Instead use the implementation from latest Django version. Closes Issue #140
- Start building kiwitcms/enterprise on aarch64
- Add changelog check & docker release automation
- Add test for PSA login URLs on login page. References Issue #83
- Add SAML & Azure AD logo images
- Update GitHub Actions
- Hard-code testing with Keycloak 16.1.1 to workaround significant differences with Keycloak v17 container
- Based on Kiwi TCMS v11.1
- Update kiwitcms-github-app from 1.3.2 to 1.3.3
- Update django-ses from 2.3.1 to 2.4.0
- Update python3-saml from 1.12.0 to 1.13.0
- Workaround UnicodeDecodeError while building the docker image
- Based on Kiwi TCMS v11.0
- Update kiwitcms-tenants from 1.8.0 to 1.11.0
- Based on Kiwi TCMS v10.5
- Update django-python3-ldap from 0.13.0 to 0.13.1
- Update kiwitcms-github-app from 1.3.1 to 1.3.2
- Based on Kiwi TCMS v10.5
- Update django-python3-ldap from 0.12.0 to 0.12.1
- Update django-ses from 2.3.0 to 2.3.1
- Update kiwitcms-tenants from 1.7.0 to 1.8.0
- Update kiwitcms-github-app from 1.3.0 to 1.3.1
- Based on Kiwi TCMS v10.4
- Update django-ses from 2.2.1 to 2.3.0
- Update python3-saml from 1.11.0 to 1.12.0
- Update social-auth-app-django from 4.0.0 to 5.0.0
- Use initial_setup during testing. Closes Issue #88
- Fix new pylint issues and start using f-strings
- Test "ADMIN -> Users and Groups" menu redirect
- Based on Kiwi TCMS v10.3
- Container image based on Red Hat Universal Base Image
- Update django-ses from 2.1.1 to 2.2.1
- Update python3-saml from 1.10.1 to 1.11.0
- Add GitLab login icon
- Based on Kiwi TCMS v10.2
- Update django-ses from 2.0.0 to 2.1.1
- Update django-python3-ldap from 0.11.4 to 0.12.0
- Update documentation around initial config
- Based on Kiwi TCMS v10.1
- Fix URL to Python Social Auth documentation
- Support read-only view on tenants for anonymous users. Contains a
database migration to rename
on_trial
field topublicly_readable
- Document initial configuration. Site administrators should add the
tenants.change_tenant
permission to users/groups who are allowed to make their tenants publicly visible. Fixes Issue #87, References Issue #88 - Document the build process. Fixes Issue #89
- Verify support for Keycloak logins. Fixes Issue #86
- Update kiwitcms-github-app from 1.2.4 to 1.3.0
- Update kiwitcms-tenants from 1.5.0 to 1.6.0
- Based on Kiwi TCMS v10.1
- Container image built with Python 3.8
- Update kiwitcms-tenants from 1.4.3 to 1.4.4
- Based on Kiwi TCMS v10.0
- Update django-ses from 1.0.3 to 2.0.0
- Add python3-saml to dependencies, needed by Python Social Auth SAML backend
- Based on Kiwi TCMS v10.0
- Update kiwitcms-github-app from 1.2.2 to 1.2.4
- Update kiwitcms-tenants from 1.4.2 to 1.4.3
- Update django-python3-ldap from 0.11.3 to 0.11.4
- Based on Kiwi TCMS v9.0
- Update kiwitcms-github-app from 1.2.1 to 1.2.2
- Update kiwitcms-tenants from 1.3.1 to 1.4.2
- Based on Kiwi TCMS v8.9
- Based on Kiwi TCMS v8.8
- Update kiwitcms-github-app from 1.2 to 1.2.1
- Based on Kiwi TCMS v8.7
- Overrides for setting
PUBLIC_VIEWS
have been removed b/c this setting has been removed upstream - Update django-ses from 1.0.2 to 1.0.3
- Update kiwitcms-github-app from 1.1 to 1.2
- Update kiwitcms-tenants from 1.2.1 to 1.3.1
- Based on Kiwi TCMS v8.6
- Update django-ses from 1.0.1 to 1.0.2
- Update kiwitcms-github-app from 1.0 to 1.1
- Based on Kiwi TCMS v8.5
- Update kiwitcms-tenants from 1.2 to 1.2.1
- Based on Kiwi TCMS v8.5
- Update django-ses from 0.8.14 to 1.0.1
- Update kiwitcms-tenants from 1.1.1 to 1.2
- Update social-auth-app-django from 3.4.0 to 4.0.0
- Start tagging non-Enterprise images of
kiwitcms/kiwi
- will be provided via separate private repository for enterprise customers
- Based on Kiwi TCMS v8.4
- Update social-auth-app-django from 3.1.0 to 3.4.0
- Add django-python3-ldap add-on for LDAP logins
- Convert into a proper Kiwi TCMS plugin before installing into docker image
- Update kiwitcms-tenants from 1.0.1 to 1.1.1
- Ship with kiwitcms-github-app plugin
- Add icon for kerberos login backend
- Add translation source strings
- Add
tcms_settings_dir/
like other plugins - Make
enterprise.py
settings idempotent - Update LICENSE to GPLv3
- Fix pyllint issues
- Add tests in CI