adjust env vars and docker entrypoint
also update autotest and nightly instances for more details, see https://gitea.pangea.org/trustchain-oc1-orchestral/IdHub/issues/160
This commit is contained in:
parent
cdf8c20a07
commit
dd0488cbe8
|
@ -11,15 +11,10 @@ services:
|
||||||
- ENABLE_EMAIL=false
|
- ENABLE_EMAIL=false
|
||||||
- ENABLE_2FACTOR_AUTH=false
|
- ENABLE_2FACTOR_AUTH=false
|
||||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
|
||||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||||
- PORT=${IDHUB_PORT:-9001}
|
- PORT=${IDHUB_PORT:-9001}
|
||||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
|
||||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
|
||||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
|
||||||
- DOMAIN=idhub1-autotest.demo.pangea.org
|
- DOMAIN=idhub1-autotest.demo.pangea.org
|
||||||
- CSRF_TRUSTED_ORIGINS=https://idhub1-autotest.demo.pangea.org
|
|
||||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||||
|
@ -28,10 +23,10 @@ services:
|
||||||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||||
- RESPONSE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/
|
- RESPONSE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/
|
||||||
- ALLOW_CODE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/allow_code
|
|
||||||
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
||||||
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||||
- ORG_FILE=examples/organizations__instance_autotest-pair.csv
|
- OIDC_ORGS=examples/organizations__instance_autotest-pair.csv
|
||||||
|
- OIDC_REDIRECT=true
|
||||||
ports:
|
ports:
|
||||||
- 9071:9001
|
- 9071:9001
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -47,15 +42,10 @@ services:
|
||||||
- ENABLE_EMAIL=false
|
- ENABLE_EMAIL=false
|
||||||
- ENABLE_2FACTOR_AUTH=false
|
- ENABLE_2FACTOR_AUTH=false
|
||||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
|
||||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||||
- PORT=${IDHUB_PORT:-9001}
|
- PORT=${IDHUB_PORT:-9001}
|
||||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
|
||||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
|
||||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
|
||||||
- DOMAIN=idhub2-autotest.demo.pangea.org
|
- DOMAIN=idhub2-autotest.demo.pangea.org
|
||||||
- CSRF_TRUSTED_ORIGINS=https://idhub2-autotest.demo.pangea.org
|
|
||||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||||
|
@ -64,10 +54,10 @@ services:
|
||||||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||||
- RESPONSE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/
|
- RESPONSE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/
|
||||||
- ALLOW_CODE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/allow_code
|
|
||||||
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
||||||
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||||
- ORG_FILE=examples/organizations__instance_autotest-pair.csv
|
- OIDC_ORGS=examples/organizations__instance_autotest-pair.csv
|
||||||
|
- OIDC_REDIRECT=true
|
||||||
ports:
|
ports:
|
||||||
- 9072:9001
|
- 9072:9001
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -11,15 +11,10 @@ services:
|
||||||
- ENABLE_EMAIL=false
|
- ENABLE_EMAIL=false
|
||||||
- ENABLE_2FACTOR_AUTH=false
|
- ENABLE_2FACTOR_AUTH=false
|
||||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
|
||||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||||
- PORT=${IDHUB_PORT:-9001}
|
- PORT=${IDHUB_PORT:-9001}
|
||||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
|
||||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
|
||||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
|
||||||
- DOMAIN=idhub-autotest.demo.pangea.org
|
- DOMAIN=idhub-autotest.demo.pangea.org
|
||||||
- CSRF_TRUSTED_ORIGINS=https://idhub-autotest.demo.pangea.org
|
|
||||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||||
|
@ -27,7 +22,8 @@ services:
|
||||||
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||||
- SUPPORTED_CREDENTIALS=['FederationMembership', 'CourseCredential']
|
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
||||||
|
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||||
ports:
|
ports:
|
||||||
- 9041:9001
|
- 9041:9001
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -11,15 +11,10 @@ services:
|
||||||
- ENABLE_EMAIL=false
|
- ENABLE_EMAIL=false
|
||||||
- ENABLE_2FACTOR_AUTH=false
|
- ENABLE_2FACTOR_AUTH=false
|
||||||
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||||
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
|
||||||
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||||
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||||
- PORT=${IDHUB_PORT:-9001}
|
- PORT=${IDHUB_PORT:-9001}
|
||||||
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
|
||||||
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
|
||||||
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
|
||||||
- DOMAIN=idhub-nightly.demo.pangea.org
|
- DOMAIN=idhub-nightly.demo.pangea.org
|
||||||
- CSRF_TRUSTED_ORIGINS=https://idhub-nightly.demo.pangea.org
|
|
||||||
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||||
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||||
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||||
|
@ -28,6 +23,7 @@ services:
|
||||||
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||||
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||||
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
|
||||||
|
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||||
ports:
|
ports:
|
||||||
- 9061:9001
|
- 9061:9001
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -36,7 +36,7 @@ deployment_strategy() {
|
||||||
printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
|
printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
|
||||||
./manage.py initial_datas
|
./manage.py initial_datas
|
||||||
|
|
||||||
if [ "${RESPONSE_URI:-}" ]; then
|
if [ "${OIDC_ORGS:-}" ]; then
|
||||||
config_oidc4vp
|
config_oidc4vp
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -45,8 +45,8 @@ deployment_strategy() {
|
||||||
_set() {
|
_set() {
|
||||||
key="${1}"
|
key="${1}"
|
||||||
value="${2}"
|
value="${2}"
|
||||||
response_uri="${3}"
|
domain="${3}"
|
||||||
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';"
|
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where domain='${domain}';"
|
||||||
}
|
}
|
||||||
|
|
||||||
_get() {
|
_get() {
|
||||||
|
@ -55,25 +55,23 @@ _get() {
|
||||||
|
|
||||||
config_oidc4vp() {
|
config_oidc4vp() {
|
||||||
# populate your config
|
# populate your config
|
||||||
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
|
local file="${DOMAIN}"
|
||||||
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
|
|
||||||
data="$(_get)"
|
data="$(_get)"
|
||||||
echo "${data}" | jq --arg uri "${RESPONSE_URI}" '{ ($uri): .}' > /sharedsecret/${file}
|
echo "${data}" | jq --arg domain "${DOMAIN}" '{ ($domain): .}' > /sharedsecret/${file}
|
||||||
|
|
||||||
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
|
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
|
||||||
sleep 2
|
sleep 2
|
||||||
# get other configs
|
# get other configs
|
||||||
for host in /sharedsecret/*; do
|
for host in /sharedsecret/*; do
|
||||||
# we are flexible on querying for RESPONSE_URI: the first one based on regex
|
# we are flexible on querying for DOMAIN: the first one based on regex
|
||||||
target_uri="$(cat "${host}" | jq -r 'keys[0]')"
|
target_domain="$(cat "${host}" | jq -r 'keys[0]')"
|
||||||
if [ "${target_uri}" != "${RESPONSE_URI}" ]; then
|
if [ "${target_domain}" != "${DOMAIN}" ]; then
|
||||||
filtered_data="$(cat "${host}" | jq --arg uri "${RESPONSE_URI}" 'first(.[][] | select(.response_uri | test ($uri)))')"
|
filtered_data="$(cat "${host}" | jq --arg domain "${DOMAIN}" 'first(.[][] | select(.domain | test ($domain)))')"
|
||||||
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
|
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
|
||||||
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
|
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
|
||||||
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
|
|
||||||
|
|
||||||
_set my_client_id ${client_id} ${target_uri}
|
_set my_client_id ${client_id} ${target_domain}
|
||||||
_set my_client_secret ${client_secret} ${target_uri}
|
_set my_client_secret ${client_secret} ${target_domain}
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue