deployment for demo 12D (not tested)

2023-12-12 11:09:39 +01:00 · 2023-12-12 11:09:39 +01:00 · 553bc3efe1
parent df05735979
commit 553bc3efe1
4 changed files with 145 additions and 2 deletions
--- a/docker-compose_idhub-demo-12d.yml
+++ b/docker-compose_idhub-demo-12d.yml
@ -0,0 +1,67 @@
+version: "3.9"
+services:
+
+  idhub1:
+    container_name: idhub1
+    init: true
+    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
+    environment:
+      - DEPLOYMENT=${IDHUB_DEPLOYMENT}
+      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
+      - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
+      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
+      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
+      - PORT=${IDHUB_PORT:-9001}
+      - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
+      - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
+      - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
+      - CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS}
+      - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
+      - EMAIL_HOST=${IDHUB_EMAIL_HOST}
+      - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
+      - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
+      - EMAIL_PORT=${IDHUB_EMAIL_PORT}
+      - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
+      - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
+      - RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/
+      - ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code
+      - SUPPORTED_CREDENTIALS=['MembershipCard']
+    ports:
+      - 9001:9001
+    volumes:
+      - ./idhub1:/opt/idhub
+      - sharedsecret:/sharedsecret:rw
+
+  idhub2:
+    container_name: idhub2
+    init: true
+    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
+    environment:
+      - DEPLOYMENT=${IDHUB_DEPLOYMENT}
+      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
+      - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
+      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
+      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
+      - PORT=${IDHUB_PORT:-9002}
+      - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
+      - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
+      - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
+      - CSRF_TRUSTED_ORIGINS=${IDHUB_CSRF_TRUSTED_ORIGINS}
+      - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
+      - EMAIL_HOST=${IDHUB_EMAIL_HOST}
+      - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
+      - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
+      - EMAIL_PORT=${IDHUB_EMAIL_PORT}
+      - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
+      - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
+      - RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/
+      - ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code
+      - SUPPORTED_CREDENTIALS=['MembershipCard']
+    ports:
+      - 9002:9002
+    volumes:
+      - ./idhub2:/opt/idhub
+      - sharedsecret:/sharedsecret:rw
+
+volumes:
+  sharedsecret:
--- a/docker/idhub.Dockerfile
+++ b/docker/idhub.Dockerfile
@ -4,7 +4,10 @@ RUN apt update &&  apt-get install -y \
    python3-minimal \
    python3-pip \
    python3-dev \
-    python-is-python3
+    python-is-python3 \
+    git \
+    sqlite3 \
+    jq

 WORKDIR /opt/idhub

--- a/docker/idhub.entrypoint.sh
+++ b/docker/idhub.entrypoint.sh
@ -4,6 +4,40 @@ set -e
 set -u
 set -x

+_set() {
+        key="${1}"
+        value="${2}"
+        response_uri="${3}"
+        sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';"
+}
+
+_get() {
+        sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;"
+}
+
+config_oidc4vp() {
+        # populate your config
+        R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
+        local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
+        data="$(_get)"
+        echo "${data}" | jq --arg uri "${R_URI_CLEAN}" '{ ($uri): .}' > /sharedsecret/${file}
+
+        echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
+        sleep 2
+        # get other configs
+        for host in /sharedsecret/*; do
+                # we are flexible on querying for RESPONSE_URI: the first one based on regex
+                target_uri="$(cat "${host}" | jq -r 'keys[0]')"
+                filtered_data="$(cat "${host}" | jq --arg uri "${target_uri}" 'first(.[][] | select(.response_uri | test ($uri)))')"
+                client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
+                client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
+                response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
+
+                _set my_client_id ${client_id} ${response_uri}
+                _set my_client_secret ${client_secret} ${response_uri}
+        done
+}
+
 main() {
        idhub_dir='/opt/idhub'
        cd "${idhub_dir}"
@ -19,7 +53,7 @@ END
                exit 1
        fi

-        # detect if existing deployment
+        # detect if existing deployment (TODO only works with sqlite)
        if [ -f "${idhub_dir}/db.sqlite3" ]; then
                echo "INFO: detected EXISTING deployment"
                ./manage.py makemigrations
@ -33,6 +67,10 @@ END
                if [ "${DEPLOYMENT}" = 'DEVELOPMENT' ]; then
                        printf "This is DEVELOPMENT DEPLOYMENT: including demo hardcoded data\n  creating initial Datas\n" >&2
                        ./manage.py initial_datas
+
+                        if [ "${RESPONSE_URI}" ]; then
+                                config_oidc4vp
+                        fi
                else
                        printf "creating superuser \n  user: ${DJANGO_SUPERUSER_USERNAME}\n  password: ${DJANGO_SUPERUSER_PASSWORD}\n  email: ${DJANGO_SUPERUSER_EMAIL}\n" >&2
                        ## thanks https://stackoverflow.com/questions/6244382/how-to-automate-createsuperuser-on-django/59467533#59467533
--- a/idhub_build_demo_12d.sh
+++ b/idhub_build_demo_12d.sh
@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+set -u
+# DEBUG
+set -x
+
+# wallet and verifier idhub demo
+main() {
+        deployment="${1:-}"
+
+        # detach on production deployment
+        if [ "${deployment}" = 'prod' ]; then
+                detach='-d'
+        fi
+
+        # force recreate
+        rm -rf ./idhub1 ./idhub2
+
+        # detect if is new
+        if [ ! -f "./idhub1" ] && [ ! -f "./idhub2" ]; then
+                echo 'Detected new deployment, recreating git repos idhub1 and idhub2'
+                cp -rp IdHub idhub1
+                rm -f idhub1/db.sqlite3
+                cp -rp IdHub idhub2
+                rm -f idhub2/db.sqlite3
+        fi
+
+        idhub_dc_f='docker-compose_idhub-demo-12d.yml'
+        docker compose -f ${idhub_dc_f} down -v || true
+        make idhub_build \
+                && docker compose -f ${idhub_dc_f} up ${detach:-}
+}
+
+main "${@}"