idhub.entrypoint: refactor oidc waiting interval

instead of sleep, waits that all idhubs have wrote its content in
/sharedsecret/ dir
This commit is contained in:
pedro 2024-03-18 10:05:16 +01:00
parent d990d46dd9
commit 1e1a339917

View file

@ -35,6 +35,10 @@ deployment_strategy() {
# warn admin that it should re-enter password to keep the service working # warn admin that it should re-enter password to keep the service working
./manage.py send_mail_admins ./manage.py send_mail_admins
else else
# this file helps all docker containers to guess number of hosts involved
# right now is only needed by new deployment for oidc
touch /sharedsecret/${DOMAIN}
# move the migrate thing in docker entrypoint # move the migrate thing in docker entrypoint
# inspired by https://medium.com/analytics-vidhya/django-with-docker-and-docker-compose-python-part-2-8415976470cc # inspired by https://medium.com/analytics-vidhya/django-with-docker-and-docker-compose-python-part-2-8415976470cc
echo "INFO detected NEW deployment" echo "INFO detected NEW deployment"
@ -60,14 +64,24 @@ _get() {
sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;" sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;"
} }
_lines () {
local myfile="${1}"
cat "${myfile}" | wc -l
}
config_oidc4vp() { config_oidc4vp() {
# populate your config # populate your config
local file="${DOMAIN}"
data="$(_get)" data="$(_get)"
echo "${data}" | jq --arg domain "${DOMAIN}" '{ ($domain): .}' > /sharedsecret/${file} echo "${data}" | jq --arg domain "${DOMAIN}" '{ ($domain): .}' > /sharedsecret/${DOMAIN}
while true; do
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
sleep 2 ## break when no empty files left
if ! wc -l /sharedsecret/* | awk '{print $1;}' | grep -qE '^0$'; then
break
fi
sleep 1
done
# get other configs # get other configs
for host in /sharedsecret/*; do for host in /sharedsecret/*; do
# we are flexible on querying for DOMAIN: the first one based on regex # we are flexible on querying for DOMAIN: the first one based on regex