adjust env vars and docker entrypoint

also update autotest and nightly instances

for more details, see
https://gitea.pangea.org/trustchain-oc1-orchestral/IdHub/issues/160
This commit is contained in:
pedro 2024-03-06 14:50:05 +01:00
parent cdf8c20a07
commit dd0488cbe8
4 changed files with 18 additions and 38 deletions

View file

@ -11,15 +11,10 @@ services:
- ENABLE_EMAIL=false
- ENABLE_2FACTOR_AUTH=false
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=idhub1-autotest.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub1-autotest.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@ -28,10 +23,10 @@ services:
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- RESPONSE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/
- ALLOW_CODE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/allow_code
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
- ORG_FILE=examples/organizations__instance_autotest-pair.csv
- OIDC_ORGS=examples/organizations__instance_autotest-pair.csv
- OIDC_REDIRECT=true
ports:
- 9071:9001
volumes:
@ -47,15 +42,10 @@ services:
- ENABLE_EMAIL=false
- ENABLE_2FACTOR_AUTH=false
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=idhub2-autotest.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub2-autotest.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@ -64,10 +54,10 @@ services:
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- RESPONSE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/
- ALLOW_CODE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/allow_code
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
- ORG_FILE=examples/organizations__instance_autotest-pair.csv
- OIDC_ORGS=examples/organizations__instance_autotest-pair.csv
- OIDC_REDIRECT=true
ports:
- 9072:9001
volumes:

View file

@ -11,15 +11,10 @@ services:
- ENABLE_EMAIL=false
- ENABLE_2FACTOR_AUTH=false
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=idhub-autotest.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub-autotest.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@ -27,7 +22,8 @@ services:
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- SUPPORTED_CREDENTIALS=['FederationMembership', 'CourseCredential']
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
ports:
- 9041:9001
volumes:

View file

@ -11,15 +11,10 @@ services:
- ENABLE_EMAIL=false
- ENABLE_2FACTOR_AUTH=false
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=idhub-nightly.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub-nightly.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@ -28,6 +23,7 @@ services:
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
ports:
- 9061:9001
volumes:

View file

@ -36,7 +36,7 @@ deployment_strategy() {
printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
./manage.py initial_datas
if [ "${RESPONSE_URI:-}" ]; then
if [ "${OIDC_ORGS:-}" ]; then
config_oidc4vp
fi
fi
@ -45,8 +45,8 @@ deployment_strategy() {
_set() {
key="${1}"
value="${2}"
response_uri="${3}"
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';"
domain="${3}"
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where domain='${domain}';"
}
_get() {
@ -55,25 +55,23 @@ _get() {
config_oidc4vp() {
# populate your config
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
local file="${DOMAIN}"
data="$(_get)"
echo "${data}" | jq --arg uri "${RESPONSE_URI}" '{ ($uri): .}' > /sharedsecret/${file}
echo "${data}" | jq --arg domain "${DOMAIN}" '{ ($domain): .}' > /sharedsecret/${file}
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
sleep 2
# get other configs
for host in /sharedsecret/*; do
# we are flexible on querying for RESPONSE_URI: the first one based on regex
target_uri="$(cat "${host}" | jq -r 'keys[0]')"
if [ "${target_uri}" != "${RESPONSE_URI}" ]; then
filtered_data="$(cat "${host}" | jq --arg uri "${RESPONSE_URI}" 'first(.[][] | select(.response_uri | test ($uri)))')"
# we are flexible on querying for DOMAIN: the first one based on regex
target_domain="$(cat "${host}" | jq -r 'keys[0]')"
if [ "${target_domain}" != "${DOMAIN}" ]; then
filtered_data="$(cat "${host}" | jq --arg domain "${DOMAIN}" 'first(.[][] | select(.domain | test ($domain)))')"
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
_set my_client_id ${client_id} ${target_uri}
_set my_client_secret ${client_secret} ${target_uri}
_set my_client_id ${client_id} ${target_domain}
_set my_client_secret ${client_secret} ${target_domain}
fi
done
}