adjust env vars and docker entrypoint
also update autotest and nightly instances for more details, see https://gitea.pangea.org/trustchain-oc1-orchestral/IdHub/issues/160
This commit is contained in:
parent
cdf8c20a07
commit
dd0488cbe8
|
@ -11,15 +11,10 @@ services:
|
|||
- ENABLE_EMAIL=false
|
||||
- ENABLE_2FACTOR_AUTH=false
|
||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||
- PORT=${IDHUB_PORT:-9001}
|
||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||
- DOMAIN=idhub1-autotest.demo.pangea.org
|
||||
- CSRF_TRUSTED_ORIGINS=https://idhub1-autotest.demo.pangea.org
|
||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||
|
@ -28,10 +23,10 @@ services:
|
|||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||
- RESPONSE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/
|
||||
- ALLOW_CODE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/allow_code
|
||||
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
||||
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||
- ORG_FILE=examples/organizations__instance_autotest-pair.csv
|
||||
- OIDC_ORGS=examples/organizations__instance_autotest-pair.csv
|
||||
- OIDC_REDIRECT=true
|
||||
ports:
|
||||
- 9071:9001
|
||||
volumes:
|
||||
|
@ -47,15 +42,10 @@ services:
|
|||
- ENABLE_EMAIL=false
|
||||
- ENABLE_2FACTOR_AUTH=false
|
||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||
- PORT=${IDHUB_PORT:-9001}
|
||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||
- DOMAIN=idhub2-autotest.demo.pangea.org
|
||||
- CSRF_TRUSTED_ORIGINS=https://idhub2-autotest.demo.pangea.org
|
||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||
|
@ -64,10 +54,10 @@ services:
|
|||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||
- RESPONSE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/
|
||||
- ALLOW_CODE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/allow_code
|
||||
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
||||
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||
- ORG_FILE=examples/organizations__instance_autotest-pair.csv
|
||||
- OIDC_ORGS=examples/organizations__instance_autotest-pair.csv
|
||||
- OIDC_REDIRECT=true
|
||||
ports:
|
||||
- 9072:9001
|
||||
volumes:
|
||||
|
|
|
@ -11,15 +11,10 @@ services:
|
|||
- ENABLE_EMAIL=false
|
||||
- ENABLE_2FACTOR_AUTH=false
|
||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||
- PORT=${IDHUB_PORT:-9001}
|
||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||
- DOMAIN=idhub-autotest.demo.pangea.org
|
||||
- CSRF_TRUSTED_ORIGINS=https://idhub-autotest.demo.pangea.org
|
||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||
|
@ -27,7 +22,8 @@ services:
|
|||
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||
- SUPPORTED_CREDENTIALS=['FederationMembership', 'CourseCredential']
|
||||
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
||||
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||
ports:
|
||||
- 9041:9001
|
||||
volumes:
|
||||
|
|
|
@ -11,15 +11,10 @@ services:
|
|||
- ENABLE_EMAIL=false
|
||||
- ENABLE_2FACTOR_AUTH=false
|
||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||
- PORT=${IDHUB_PORT:-9001}
|
||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
||||
- DOMAIN=idhub-nightly.demo.pangea.org
|
||||
- CSRF_TRUSTED_ORIGINS=https://idhub-nightly.demo.pangea.org
|
||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||
|
@ -28,6 +23,7 @@ services:
|
|||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
||||
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||
ports:
|
||||
- 9061:9001
|
||||
volumes:
|
||||
|
|
|
@ -36,7 +36,7 @@ deployment_strategy() {
|
|||
printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
|
||||
./manage.py initial_datas
|
||||
|
||||
if [ "${RESPONSE_URI:-}" ]; then
|
||||
if [ "${OIDC_ORGS:-}" ]; then
|
||||
config_oidc4vp
|
||||
fi
|
||||
fi
|
||||
|
@ -45,8 +45,8 @@ deployment_strategy() {
|
|||
_set() {
|
||||
key="${1}"
|
||||
value="${2}"
|
||||
response_uri="${3}"
|
||||
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';"
|
||||
domain="${3}"
|
||||
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where domain='${domain}';"
|
||||
}
|
||||
|
||||
_get() {
|
||||
|
@ -55,25 +55,23 @@ _get() {
|
|||
|
||||
config_oidc4vp() {
|
||||
# populate your config
|
||||
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
|
||||
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
|
||||
local file="${DOMAIN}"
|
||||
data="$(_get)"
|
||||
echo "${data}" | jq --arg uri "${RESPONSE_URI}" '{ ($uri): .}' > /sharedsecret/${file}
|
||||
echo "${data}" | jq --arg domain "${DOMAIN}" '{ ($domain): .}' > /sharedsecret/${file}
|
||||
|
||||
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
|
||||
sleep 2
|
||||
# get other configs
|
||||
for host in /sharedsecret/*; do
|
||||
# we are flexible on querying for RESPONSE_URI: the first one based on regex
|
||||
target_uri="$(cat "${host}" | jq -r 'keys[0]')"
|
||||
if [ "${target_uri}" != "${RESPONSE_URI}" ]; then
|
||||
filtered_data="$(cat "${host}" | jq --arg uri "${RESPONSE_URI}" 'first(.[][] | select(.response_uri | test ($uri)))')"
|
||||
# we are flexible on querying for DOMAIN: the first one based on regex
|
||||
target_domain="$(cat "${host}" | jq -r 'keys[0]')"
|
||||
if [ "${target_domain}" != "${DOMAIN}" ]; then
|
||||
filtered_data="$(cat "${host}" | jq --arg domain "${DOMAIN}" 'first(.[][] | select(.domain | test ($domain)))')"
|
||||
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
|
||||
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
|
||||
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
|
||||
|
||||
_set my_client_id ${client_id} ${target_uri}
|
||||
_set my_client_secret ${client_secret} ${target_uri}
|
||||
_set my_client_id ${client_id} ${target_domain}
|
||||
_set my_client_secret ${client_secret} ${target_domain}
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
|
Reference in a new issue