From dd0488cbe898a731408cde867c1ce657b52e92e6 Mon Sep 17 00:00:00 2001 From: pedro Date: Wed, 6 Mar 2024 14:50:05 +0100 Subject: [PATCH] adjust env vars and docker entrypoint also update autotest and nightly instances for more details, see https://gitea.pangea.org/trustchain-oc1-orchestral/IdHub/issues/160 --- docker-compose__instance-autotest-pair.yml | 18 ++++------------ docker-compose__instance-autotest.yml | 8 ++------ docker-compose__instance-nightly.yml | 6 +----- docker/idhub.entrypoint.sh | 24 ++++++++++------------ 4 files changed, 18 insertions(+), 38 deletions(-) diff --git a/docker-compose__instance-autotest-pair.yml b/docker-compose__instance-autotest-pair.yml index 3657d5a..39a7b1e 100644 --- a/docker-compose__instance-autotest-pair.yml +++ b/docker-compose__instance-autotest-pair.yml @@ -11,15 +11,10 @@ services: - ENABLE_EMAIL=false - ENABLE_2FACTOR_AUTH=false - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - PORT=${IDHUB_PORT:-9001} - - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} - - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} - - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} - DOMAIN=idhub1-autotest.demo.pangea.org - - CSRF_TRUSTED_ORIGINS=https://idhub1-autotest.demo.pangea.org - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} @@ -28,10 +23,10 @@ services: - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - RESPONSE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/ - - ALLOW_CODE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/allow_code - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard'] - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV} - - ORG_FILE=examples/organizations__instance_autotest-pair.csv + - OIDC_ORGS=examples/organizations__instance_autotest-pair.csv + - OIDC_REDIRECT=true ports: - 9071:9001 volumes: @@ -47,15 +42,10 @@ services: - ENABLE_EMAIL=false - ENABLE_2FACTOR_AUTH=false - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - PORT=${IDHUB_PORT:-9001} - - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} - - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} - - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} - DOMAIN=idhub2-autotest.demo.pangea.org - - CSRF_TRUSTED_ORIGINS=https://idhub2-autotest.demo.pangea.org - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} @@ -64,10 +54,10 @@ services: - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - RESPONSE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/ - - ALLOW_CODE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/allow_code - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard'] - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV} - - ORG_FILE=examples/organizations__instance_autotest-pair.csv + - OIDC_ORGS=examples/organizations__instance_autotest-pair.csv + - OIDC_REDIRECT=true ports: - 9072:9001 volumes: diff --git a/docker-compose__instance-autotest.yml b/docker-compose__instance-autotest.yml index c0393f2..533b9b2 100644 --- a/docker-compose__instance-autotest.yml +++ b/docker-compose__instance-autotest.yml @@ -11,15 +11,10 @@ services: - ENABLE_EMAIL=false - ENABLE_2FACTOR_AUTH=false - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - PORT=${IDHUB_PORT:-9001} - - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} - - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} - - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} - DOMAIN=idhub-autotest.demo.pangea.org - - CSRF_TRUSTED_ORIGINS=https://idhub-autotest.demo.pangea.org - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} @@ -27,7 +22,8 @@ services: - EMAIL_PORT=${IDHUB_EMAIL_PORT} - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - - SUPPORTED_CREDENTIALS=['FederationMembership', 'CourseCredential'] + - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard'] + - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV} ports: - 9041:9001 volumes: diff --git a/docker-compose__instance-nightly.yml b/docker-compose__instance-nightly.yml index 1a79a48..fbe4887 100644 --- a/docker-compose__instance-nightly.yml +++ b/docker-compose__instance-nightly.yml @@ -11,15 +11,10 @@ services: - ENABLE_EMAIL=false - ENABLE_2FACTOR_AUTH=false - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - PORT=${IDHUB_PORT:-9001} - - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} - - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} - - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} - DOMAIN=idhub-nightly.demo.pangea.org - - CSRF_TRUSTED_ORIGINS=https://idhub-nightly.demo.pangea.org - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} @@ -28,6 +23,7 @@ services: - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard'] + - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV} ports: - 9061:9001 volumes: diff --git a/docker/idhub.entrypoint.sh b/docker/idhub.entrypoint.sh index 1260825..2bd21e2 100755 --- a/docker/idhub.entrypoint.sh +++ b/docker/idhub.entrypoint.sh @@ -36,7 +36,7 @@ deployment_strategy() { printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2 ./manage.py initial_datas - if [ "${RESPONSE_URI:-}" ]; then + if [ "${OIDC_ORGS:-}" ]; then config_oidc4vp fi fi @@ -45,8 +45,8 @@ deployment_strategy() { _set() { key="${1}" value="${2}" - response_uri="${3}" - sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';" + domain="${3}" + sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where domain='${domain}';" } _get() { @@ -55,25 +55,23 @@ _get() { config_oidc4vp() { # populate your config - R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}" - local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')" + local file="${DOMAIN}" data="$(_get)" - echo "${data}" | jq --arg uri "${RESPONSE_URI}" '{ ($uri): .}' > /sharedsecret/${file} + echo "${data}" | jq --arg domain "${DOMAIN}" '{ ($domain): .}' > /sharedsecret/${file} echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose sleep 2 # get other configs for host in /sharedsecret/*; do - # we are flexible on querying for RESPONSE_URI: the first one based on regex - target_uri="$(cat "${host}" | jq -r 'keys[0]')" - if [ "${target_uri}" != "${RESPONSE_URI}" ]; then - filtered_data="$(cat "${host}" | jq --arg uri "${RESPONSE_URI}" 'first(.[][] | select(.response_uri | test ($uri)))')" + # we are flexible on querying for DOMAIN: the first one based on regex + target_domain="$(cat "${host}" | jq -r 'keys[0]')" + if [ "${target_domain}" != "${DOMAIN}" ]; then + filtered_data="$(cat "${host}" | jq --arg domain "${DOMAIN}" 'first(.[][] | select(.domain | test ($domain)))')" client_id="$(echo "${filtered_data}" | jq -r '.client_id')" client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')" - response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')" - _set my_client_id ${client_id} ${target_uri} - _set my_client_secret ${client_secret} ${target_uri} + _set my_client_id ${client_id} ${target_domain} + _set my_client_secret ${client_secret} ${target_domain} fi done }