Re: [pylons-discuss] Migration from Flask - options?

[Theron Luhn]

> With respect to 2.0, sorry everyone but I've been dragging my feet on an 
> issue in the new security api so it isn't out yet!

Hey Michael, anything I can do to help out with the security API?

—Theron

> On Aug 31, 2020, at 10:23 AM, Michael Merickel  wrote:
> 
> The 2.0 security system is pretty backward compatible so I'd recommend just 
> starting with 1.x but I might suggest using the master version of 
> pyramid-cookiecutter-starter as it has significant improvements to the 
> default test fixtures for new projects.
> 
> With respect to 2.0, sorry everyone but I've been dragging my feet on an 
> issue in the new security api so it isn't out yet! Mailing list activity is a 
> great motivator though!
> 
> - Michael
> 
>> On Aug 31, 2020, at 12:12, 'Jonathan Vanasco' via pylons-discuss 
>> mailto:pylons-discuss@googlegroups.com>> 
>> wrote:
>> 
>> I've done a handful of side-by-side migrations or deployments.
>> 
>> I think you already identified the generally best approach IMHO:
>> 
>> >  Conceptually the simplest would be to have a auth cookie that is 
>> valid in both, it could be set to only be created in one and honoured in the 
>> other.
>> 
>> However I recommend it with one caveat -- I would approach this 
>> functionality as if it were it's own authentication micro-service.  It can 
>> live in one of the two processes, it doesn't need a third, but I would 
>> structure the UX, tests and development as if it were totally independent -- 
>> so the cookie value would just contain login state the core account info 
>> needed for auth and permissions.  If either process needs to store other 
>> data in a cookie, use another cookie.
>> 
>> Reading Pyramid cookies in Flask is pretty simple, Pyramid sessions just 
>> automate loading webob cookies with defaults
>> 
>> * https://github.com/Pylons/pyramid/blob/master/src/pyramid/session.py 
>> 
>> * https://github.com/Pylons/webob/blob/master/src/webob/cookies.py 
>> 
>> 
>> 
>> In terms of Pyramid versions, if you need Python2 support - 1.10 is your 
>> only option.  Otherwise, just pay attention to the deprecations on Pyramid2 
>> and you should be able to transition from 1.10 to 2 very easily if you don't 
>> want to run the pre-release.  Michael Merickel is the expert on this, but I 
>> think he and his team have done a great job in planning the 2.0 changes by 
>> offering a lot of "forward compatibility' options in 1.10 to prepare us for 
>> switching to 2.0.  I could be wrong, but I think almost every one of the 2.0 
>> changes can be elected in 1.10.  The only difference I know of is the 
>> drastic change to authentication/authorization (which may be worth using the 
>> pre-release). 
>> 
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "pylons-discuss" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to pylons-discuss+unsubscr...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/pylons-discuss/b0d9e559-d070-4522-82ef-217af2c63de2o%40googlegroups.com
>>  
>> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to pylons-discuss+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/pylons-discuss/7146D524-E61C-4B70-A78A-505F42059524%40gmail.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/E73950A4-35F7-455D-B7CD-D42CDC3DD870%40luhn.com.

Re: [pylons-discuss] Migration from Flask - options?

[Peter Wilkinson]

Thanks everyone for the great responses!

I’m planning on having a go at making an authentication policy along the lines 
of SessionAuthenticationPolicy and have the Flask cookie signing bits imported 
just to handle that.

The apps are definitely going to dealt with as seperate, the migration is a 
good chance to sanitise the structure from years of accumulated cruft.

This is a 3.8+ only app so I could start with 2.0 - are there any areas that 
are likely to change in it? Everything that I’ve read in the changes looks nice 
and simple to deal with.

Another thing… I’ve jumped onto the IRC channel a few times and not seen any 
traffic, potentially timezone differences being on the other side of the world 
but is there much activity there?

Peter W.



> On 1 Sep 2020, at 3:23 am, Michael Merickel  wrote:
> 
> The 2.0 security system is pretty backward compatible so I'd recommend just 
> starting with 1.x but I might suggest using the master version of 
> pyramid-cookiecutter-starter as it has significant improvements to the 
> default test fixtures for new projects.
> 
> With respect to 2.0, sorry everyone but I've been dragging my feet on an 
> issue in the new security api so it isn't out yet! Mailing list activity is a 
> great motivator though!
> 
> - Michael
> 
>> On Aug 31, 2020, at 12:12, 'Jonathan Vanasco' via pylons-discuss 
>> mailto:pylons-discuss@googlegroups.com>> 
>> wrote:
>> 
>> I've done a handful of side-by-side migrations or deployments.
>> 
>> I think you already identified the generally best approach IMHO:
>> 
>> >  Conceptually the simplest would be to have a auth cookie that is 
>> valid in both, it could be set to only be created in one and honoured in the 
>> other.
>> 
>> However I recommend it with one caveat -- I would approach this 
>> functionality as if it were it's own authentication micro-service.  It can 
>> live in one of the two processes, it doesn't need a third, but I would 
>> structure the UX, tests and development as if it were totally independent -- 
>> so the cookie value would just contain login state the core account info 
>> needed for auth and permissions.  If either process needs to store other 
>> data in a cookie, use another cookie.
>> 
>> Reading Pyramid cookies in Flask is pretty simple, Pyramid sessions just 
>> automate loading webob cookies with defaults
>> 
>> * https://github.com/Pylons/pyramid/blob/master/src/pyramid/session.py 
>> 
>> * https://github.com/Pylons/webob/blob/master/src/webob/cookies.py 
>> 
>> 
>> 
>> In terms of Pyramid versions, if you need Python2 support - 1.10 is your 
>> only option.  Otherwise, just pay attention to the deprecations on Pyramid2 
>> and you should be able to transition from 1.10 to 2 very easily if you don't 
>> want to run the pre-release.  Michael Merickel is the expert on this, but I 
>> think he and his team have done a great job in planning the 2.0 changes by 
>> offering a lot of "forward compatibility' options in 1.10 to prepare us for 
>> switching to 2.0.  I could be wrong, but I think almost every one of the 2.0 
>> changes can be elected in 1.10.  The only difference I know of is the 
>> drastic change to authentication/authorization (which may be worth using the 
>> pre-release). 
>> 
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "pylons-discuss" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to pylons-discuss+unsubscr...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/pylons-discuss/b0d9e559-d070-4522-82ef-217af2c63de2o%40googlegroups.com
>>  
>> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to pylons-discuss+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/pylons-discuss/7146D524-E61C-4B70-A78A-505F42059524%40gmail.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/E2C884F2-47F4-42B3-BA41-80827DC02C04%40thirdfloor.com.au.

Re: [pylons-discuss] Migration from Flask - options?

[Michael Merickel]

The 2.0 security system is pretty backward compatible so I'd recommend just 
starting with 1.x but I might suggest using the master version of 
pyramid-cookiecutter-starter as it has significant improvements to the default 
test fixtures for new projects.

With respect to 2.0, sorry everyone but I've been dragging my feet on an issue 
in the new security api so it isn't out yet! Mailing list activity is a great 
motivator though!

- Michael

> On Aug 31, 2020, at 12:12, 'Jonathan Vanasco' via pylons-discuss 
>  wrote:
> 
> I've done a handful of side-by-side migrations or deployments.
> 
> I think you already identified the generally best approach IMHO:
> 
> >  Conceptually the simplest would be to have a auth cookie that is valid 
> in both, it could be set to only be created in one and honoured in the other.
> 
> However I recommend it with one caveat -- I would approach this functionality 
> as if it were it's own authentication micro-service.  It can live in one of 
> the two processes, it doesn't need a third, but I would structure the UX, 
> tests and development as if it were totally independent -- so the cookie 
> value would just contain login state the core account info needed for auth 
> and permissions.  If either process needs to store other data in a cookie, 
> use another cookie.
> 
> Reading Pyramid cookies in Flask is pretty simple, Pyramid sessions just 
> automate loading webob cookies with defaults
> 
> * https://github.com/Pylons/pyramid/blob/master/src/pyramid/session.py 
> 
> * https://github.com/Pylons/webob/blob/master/src/webob/cookies.py 
> 
> 
> 
> In terms of Pyramid versions, if you need Python2 support - 1.10 is your only 
> option.  Otherwise, just pay attention to the deprecations on Pyramid2 and 
> you should be able to transition from 1.10 to 2 very easily if you don't want 
> to run the pre-release.  Michael Merickel is the expert on this, but I think 
> he and his team have done a great job in planning the 2.0 changes by offering 
> a lot of "forward compatibility' options in 1.10 to prepare us for switching 
> to 2.0.  I could be wrong, but I think almost every one of the 2.0 changes 
> can be elected in 1.10.  The only difference I know of is the drastic change 
> to authentication/authorization (which may be worth using the pre-release). 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to pylons-discuss+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/pylons-discuss/b0d9e559-d070-4522-82ef-217af2c63de2o%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/7146D524-E61C-4B70-A78A-505F42059524%40gmail.com.

Re: [pylons-discuss] Migration from Flask - options?

['Jonathan Vanasco' via pylons-discuss]

I've done a handful of side-by-side migrations or deployments.

I think you already identified the generally best approach IMHO:

>  Conceptually the simplest would be to have a auth cookie that is 
valid in both, it could be set to only be created in one and honoured in 
the other.

However I recommend it with one caveat -- I would approach this 
functionality as if it were it's own authentication micro-service.  It can 
live in one of the two processes, it doesn't need a third, but I would 
structure the UX, tests and development as if it were totally independent 
-- so the cookie value would just contain login state the core account info 
needed for auth and permissions.  If either process needs to store other 
data in a cookie, use another cookie.

Reading Pyramid cookies in Flask is pretty simple, Pyramid sessions just 
automate loading webob cookies with defaults

* https://github.com/Pylons/pyramid/blob/master/src/pyramid/session.py
* https://github.com/Pylons/webob/blob/master/src/webob/cookies.py


In terms of Pyramid versions, if you need Python2 support - 1.10 is your 
only option.  Otherwise, just pay attention to the deprecations on Pyramid2 
and you should be able to transition from 1.10 to 2 very easily if you 
don't want to run the pre-release.  Michael Merickel is the expert on this, 
but I think he and his team have done a great job in planning the 2.0 
changes by offering a lot of "forward compatibility' options in 1.10 to 
prepare us for switching to 2.0.  I could be wrong, but I think almost 
every one of the 2.0 changes can be elected in 1.10.  The only difference I 
know of is the drastic change to authentication/authorization (which may be 
worth using the pre-release). 


-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/b0d9e559-d070-4522-82ef-217af2c63de2o%40googlegroups.com.