adjust env vars and docker entrypoint

also update autotest and nightly instances

for more details, see
https://gitea.pangea.org/trustchain-oc1-orchestral/IdHub/issues/160
This commit is contained in:
pedro 2024-03-06 14:50:05 +01:00
parent cdf8c20a07
commit dd0488cbe8
4 changed files with 18 additions and 38 deletions

View File

@ -11,15 +11,10 @@ services:
- ENABLE_EMAIL=false - ENABLE_EMAIL=false
- ENABLE_2FACTOR_AUTH=false - ENABLE_2FACTOR_AUTH=false
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001} - PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=idhub1-autotest.demo.pangea.org - DOMAIN=idhub1-autotest.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub1-autotest.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@ -28,10 +23,10 @@ services:
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- RESPONSE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/ - RESPONSE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/
- ALLOW_CODE_URI=https://idhub1-autotest.demo.pangea.org/oidc4vp/allow_code
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard'] - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV} - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
- ORG_FILE=examples/organizations__instance_autotest-pair.csv - OIDC_ORGS=examples/organizations__instance_autotest-pair.csv
- OIDC_REDIRECT=true
ports: ports:
- 9071:9001 - 9071:9001
volumes: volumes:
@ -47,15 +42,10 @@ services:
- ENABLE_EMAIL=false - ENABLE_EMAIL=false
- ENABLE_2FACTOR_AUTH=false - ENABLE_2FACTOR_AUTH=false
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001} - PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=idhub2-autotest.demo.pangea.org - DOMAIN=idhub2-autotest.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub2-autotest.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@ -64,10 +54,10 @@ services:
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- RESPONSE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/ - RESPONSE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/
- ALLOW_CODE_URI=https://idhub2-autotest.demo.pangea.org/oidc4vp/allow_code
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard'] - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV} - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
- ORG_FILE=examples/organizations__instance_autotest-pair.csv - OIDC_ORGS=examples/organizations__instance_autotest-pair.csv
- OIDC_REDIRECT=true
ports: ports:
- 9072:9001 - 9072:9001
volumes: volumes:

View File

@ -11,15 +11,10 @@ services:
- ENABLE_EMAIL=false - ENABLE_EMAIL=false
- ENABLE_2FACTOR_AUTH=false - ENABLE_2FACTOR_AUTH=false
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001} - PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=idhub-autotest.demo.pangea.org - DOMAIN=idhub-autotest.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub-autotest.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@ -27,7 +22,8 @@ services:
- EMAIL_PORT=${IDHUB_EMAIL_PORT} - EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- SUPPORTED_CREDENTIALS=['FederationMembership', 'CourseCredential'] - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
ports: ports:
- 9041:9001 - 9041:9001
volumes: volumes:

View File

@ -11,15 +11,10 @@ services:
- ENABLE_EMAIL=false - ENABLE_EMAIL=false
- ENABLE_2FACTOR_AUTH=false - ENABLE_2FACTOR_AUTH=false
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001} - PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=idhub-nightly.demo.pangea.org - DOMAIN=idhub-nightly.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub-nightly.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@ -28,6 +23,7 @@ services:
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard'] - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
ports: ports:
- 9061:9001 - 9061:9001
volumes: volumes:

View File

@ -36,7 +36,7 @@ deployment_strategy() {
printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2 printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
./manage.py initial_datas ./manage.py initial_datas
if [ "${RESPONSE_URI:-}" ]; then if [ "${OIDC_ORGS:-}" ]; then
config_oidc4vp config_oidc4vp
fi fi
fi fi
@ -45,8 +45,8 @@ deployment_strategy() {
_set() { _set() {
key="${1}" key="${1}"
value="${2}" value="${2}"
response_uri="${3}" domain="${3}"
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where response_uri='${response_uri}';" sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where domain='${domain}';"
} }
_get() { _get() {
@ -55,25 +55,23 @@ _get() {
config_oidc4vp() { config_oidc4vp() {
# populate your config # populate your config
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}" local file="${DOMAIN}"
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
data="$(_get)" data="$(_get)"
echo "${data}" | jq --arg uri "${RESPONSE_URI}" '{ ($uri): .}' > /sharedsecret/${file} echo "${data}" | jq --arg domain "${DOMAIN}" '{ ($domain): .}' > /sharedsecret/${file}
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
sleep 2 sleep 2
# get other configs # get other configs
for host in /sharedsecret/*; do for host in /sharedsecret/*; do
# we are flexible on querying for RESPONSE_URI: the first one based on regex # we are flexible on querying for DOMAIN: the first one based on regex
target_uri="$(cat "${host}" | jq -r 'keys[0]')" target_domain="$(cat "${host}" | jq -r 'keys[0]')"
if [ "${target_uri}" != "${RESPONSE_URI}" ]; then if [ "${target_domain}" != "${DOMAIN}" ]; then
filtered_data="$(cat "${host}" | jq --arg uri "${RESPONSE_URI}" 'first(.[][] | select(.response_uri | test ($uri)))')" filtered_data="$(cat "${host}" | jq --arg domain "${DOMAIN}" 'first(.[][] | select(.domain | test ($domain)))')"
client_id="$(echo "${filtered_data}" | jq -r '.client_id')" client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')" client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
_set my_client_id ${client_id} ${target_uri} _set my_client_id ${client_id} ${target_domain}
_set my_client_secret ${client_secret} ${target_uri} _set my_client_secret ${client_secret} ${target_domain}
fi fi
done done
} }