.env.example

@@ -16,10 +16,9 @@ MUSICIAN_DOMAIN='musician.example.org'
 ####
 
 # Please fill in these three variables
-DEVICEHUB_API_DLT='http://fixme.dlt.example.com'
+DEVICEHUB_API_DLT='http://$FIXME_IP_API_DLT'
-DEVICEHUB_API_DLT_TOKEN=fixme_apsdfiojai8gji34kjl354kljwkljfsdgoj32i4jo23jiojoi
+DEVICEHUB_API_DLT_TOKEN=$FIXME_TOKEN
-DEVICEHUB_API_RESOLVER='http://fixme.apiresolver.example.com'
+DEVICEHUB_API_RESOLVER='http://$FIXME_IP_API_RESOLVER'
-DEVICEHUB_VERIFY_URL='http://idhub2-ereuse.demo.pangea.org/promotion/select_wallet'
 # you might change or register ID_FEDERATED if you change DEVICEHUB_HOST
 DEVICEHUB_ID_FEDERATED='DH12'
 # TODO this should be guessed by DEVICEHUB_HOST, and avoid hardcode of ID_FEDERATED
@@ -47,8 +46,8 @@ DEVICEHUB_SERVER_ID_EMAIL_DEMO='user5000@example.com'
 DEVICEHUB_CLIENT_ID_EMAIL_DEMO='user5001@example.com'
 DEVICEHUB_PASSWORD_DEMO='1234'
 
-DEVICEHUB_JWT_PASS='fixme_ajpfoiafjsn3nlk3n4'
+DEVICEHUB_JWT_PASS='uncomment-it-and-fill-this'
-DEVICEHUB_SECRET_KEY='fixme_aspijoio3j24n23nlsdlkfsadljksafdljk'
+DEVICEHUB_SECRET_KEY='uncomment-it-and-fill-this'
 
 # important to import snapshots (step 15)
 #   rel path starts with ./
@@ -94,6 +93,7 @@ IDHUB_SYNC_ORG_DEV='n'
 
 IDHUB_PILOT_TEST__ADMIN_EMAIL='admin@example.com'
 IDHUB_PILOT_TEST__ADMIN_PASSWORD='1234'
+IDHUB_PILOT_LAFEDE__ADMIN_EMAIL='masked@example.com'
 
 # AUTHENTIK aka goauthentik
 ####

.gitignore

@@ -8,8 +8,6 @@ django-musician
 IdHub
 authentik
 ssikit_trustchain
-IdHub_E2E_testing
-devicehub-teal
 
 idhub__*
 idhub1__*

Makefile

@@ -34,9 +34,6 @@ devicehub_tag := ${devicehub_branch}__${devicehub_commit}
 devicehub_tag := latest
 devicehub_image := ${project}/devicehub:${devicehub_tag}
 
-postgres_tag := latest
-postgres_image := ${project}/postgres:${postgres_tag}
-
 ####
 # idhub image tag
 ####
@@ -59,16 +56,6 @@ orchestra_build:
 .PHONY: musician_build
 musician_build:
 	docker build -f docker/musician.Dockerfile -t ${musician_image}  -t ${project}/musician:latest .
-.PHONY: devicehub_build
-devicehub_build:
-	# thanks src https://stackoverflow.com/questions/1789594/how-do-i-write-the-cd-command-in-a-makefile
-	cd devicehub-teal; \
-	docker build -f docker/devicehub.Dockerfile -t ${devicehub_image} -t ${project}/devicehub:latest .
-.PHONY: postgres_build
-postgres_build:
-	# thanks src https://stackoverflow.com/questions/1789594/how-do-i-write-the-cd-command-in-a-makefile
-	cd devicehub-teal; \
-	docker build -f docker/postgres.Dockerfile -t ${postgres_image} -t ${project}/postgres:latest .
 
 docker_build:
 	docker build -f docker/orchestra.Dockerfile -t ${orchestra_image}  -t ${project}/orchestra:latest .

README.md

@@ -28,8 +28,8 @@
 
 - **Pangea**:
     - Instances:
-        - https://idhub1.demo.pangea.org
+        - https://idhub1-pangea.demo.pangea.org
-        - https://idhub2.demo.pangea.org
+        - https://idhub2-pangea.demo.pangea.org
     - Motivation: The case of Pangea as a web/internet service provider, with member organisations that receive services. These organisations have allocated several resources units (mail accounts, blogs, etc.). Only authorised users with a specific role should be able to access the Musician (Administration Control Panel of resources).
     - Scenarios:
         - Scenario 1-> 'Login with Organisation A (Idp)'. The staff members of organisation A, with the appropiate role, can authenticate themselves by providing their organisation credentials (username and password) to access a service in Pangea (Musician).
@@ -41,13 +41,6 @@
         - Scenario 2-> 'Present a verifiable credential'. The staff members of organisation A, with the appropiate credentials, present them to Pangea in order to access the Musician service.
 
             Actors-> **Pangea**: IdP (goauthentik), IdHub (as verifier), Musician, Orchestra (with also nginx API rproxy). **Organisation A**: IdHub (as user wallet)
-- **ereuse**:
-    - Instances:
-        - https://idhub1-ereuse.demo.pangea.org
-        - https://idhub2-ereuse.demo.pangea.org
-        - https://devicehub.demo.pangea.org
-    - Motivation: TODO
-    - Scenarios: TODO
 - **generic**: https://idhub.demo.pangea.org
     - Motivation: For demo purposes, for showing other people different than the intended pilot what we do. It is currently similar to lafede pilot
 

build__pilot-ereuse.sh

@@ -1,32 +0,0 @@
-#!/bin/sh
-
-set -e
-set -u
-# DEBUG
-set -x
-
-main() {
-        cd "$(dirname "${0}")"
-
-        # includes functions:
-        #   common_start
-        #   common_end
-        . ./build__common.sh
-
-        # vars used in common_start and end
-        target='pilot-ereuse'
-        idhubs='idhub1 idhub2'
-
-        # TEMP, move to release when it is in release
-        idhub_branch='release'
-
-        common_start
-
-        # common_end builds idhub
-        #   these are extra builds specific for this pilot
-        make postgres_build
-        make devicehub_build
-        common_end
-}
-
-main "${@}"

docker-compose__pilot-ereuse.yml

@@ -1,115 +0,0 @@
-services:
-
-  idhub1:
-    init: true
-    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
-    environment:
-      - DOMAIN=idhub1-ereuse.demo.pangea.org
-      - CREATE_TEST_USERS=true
-      - ENABLE_EMAIL=false
-      - ENABLE_2FACTOR_AUTH=false
-      - LANGUAGE_CODE=ca
-      - INITIAL_ADMIN_EMAIL=${IDHUB_PILOT_TEST__ADMIN_EMAIL}
-      - INITIAL_ADMIN_PASSWORD=${IDHUB_PILOT_TEST__ADMIN_PASSWORD}
-      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
-      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
-      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
-      - PORT=${IDHUB_PORT:-9001}
-      - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
-      - EMAIL_HOST=${IDHUB_EMAIL_HOST}
-      - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
-      - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
-      - EMAIL_PORT=${IDHUB_EMAIL_PORT}
-      - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
-      - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
-      - SUPPORTED_CREDENTIALS=['MembershipCard']
-      - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
-      - OIDC_OIRGS=examples/organizations__pilot_ereuse.csv
-      - OIDC_REDIRECT=true
-    ports:
-      - 9101:9001
-    volumes:
-      - ./idhub1__pilot-ereuse:/opt/idhub
-      - sharedsecret:/sharedsecret:rw
-
-  idhub2:
-    init: true
-    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
-    environment:
-      - DOMAIN=idhub2-ereuse.demo.pangea.org
-      - ENABLE_EMAIL=false
-      - ENABLE_2FACTOR_AUTH=false
-      - LANGUAGE_CODE=ca
-      - INITIAL_ADMIN_EMAIL=${IDHUB_PILOT_TEST__ADMIN_EMAIL}
-      - INITIAL_ADMIN_PASSWORD=${IDHUB_PILOT_TEST__ADMIN_PASSWORD}
-      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
-      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
-      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
-      - PORT=${IDHUB_PORT:-9002}
-      - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
-      - EMAIL_HOST=${IDHUB_EMAIL_HOST}
-      - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
-      - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
-      - EMAIL_PORT=${IDHUB_EMAIL_PORT}
-      - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
-      - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
-      - SUPPORTED_CREDENTIALS=['EOperatorClaim']
-      - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
-      - OIDC_OIRGS=examples/organizations__pilot_ereuse.csv
-      - OIDC_REDIRECT=true
-    ports:
-      - 9102:9001
-    volumes:
-      - ./idhub2__pilot-ereuse:/opt/idhub
-      - sharedsecret:/sharedsecret:rw
-
-  devicehub:
-    init: true
-    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/devicehub:latest
-    environment:
-      - HOST=devicehub.demo.pangea.org
-      - DEVICEHUB_HOST=https://devicehub.demo.pangea.org
-      - ID_FEDERATED=DH9
-      - DB_USER=${DEVICEHUB_DB_USER}
-      - DB_PASSWORD=${DEVICEHUB_DB_PASSWORD}
-      - DB_HOST=postgres-dh
-      - DB_DATABASE=${DEVICEHUB_DB_DATABASE}
-      - EMAIL_DEMO=${DEVICEHUB_SERVER_ID_EMAIL_DEMO}
-      - PASSWORD_DEMO=${DEVICEHUB_PASSWORD_DEMO}
-      - JWT_PASS=${DEVICEHUB_JWT_PASS}
-      - SECRET_KEY=${DEVICEHUB_SECRET_KEY}
-      - API_DLT=${DEVICEHUB_API_DLT}
-      - API_RESOLVER=${DEVICEHUB_API_RESOLVER}
-      - API_DLT_TOKEN=${DEVICEHUB_API_DLT_TOKEN}
-      - VERIFY_URL=${DEVICEHUB_VERIFY_URL}
-      - EREUSE_PILOT=y
-      - URL_MANUALS=${DEVICEHUB_URL_MANUALS}
-      - ID_SERVICE=${DEVICEHUB_SERVER_ID_SERVICE}
-      - AUTHORIZED_CLIENT_URL=${DEVICEHUB_CLIENT_ID_DEVICEHUB_HOST}
-      - DPP_MODULE=y
-      - CONFIG_OIDC=n
-      - IMPORT_SNAPSHOTS=n
-    ports:
-      - 5000:5000
-    volumes:
-      - devicehub:/opt/devicehub:rw
-
-  postgres-dh:
-    image: dkr-dsg.ac.upc.edu/ereuse/postgres:latest
-    # 4. To create the database.
-    # 5. Give permissions to the corresponding users in the database.
-    #   extra src https://github.com/docker-library/docs/blob/master/postgres/README.md#environment-variables
-    environment:
-      - POSTGRES_PASSWORD=${DEVICEHUB_DB_PASSWORD}
-      - POSTGRES_USER=${DEVICEHUB_DB_USER}
-      - POSTGRES_DB=${DEVICEHUB_DB_DATABASE}
-    # DEBUG
-    #ports:
-    #  - 5432:5432
-    # TODO persistence
-    #volumes:
-    #  - pg_data:/var/lib/postgresql/data
-
-volumes:
-  sharedsecret:
-  devicehub:

docker/idhub.entrypoint.sh

@@ -29,6 +29,7 @@ deployment_strategy() {
         # detect if existing deployment (TODO only works with sqlite)
         if [ -f "${idhub_dir}/db.sqlite3" ]; then
                 echo "INFO: detected EXISTING deployment"
+                ./manage.py makemigrations
                 ./manage.py migrate
 
                 # warn admin that it should re-enter password to keep the service working

pull-repos.sh

@@ -37,7 +37,6 @@ main() {
         # we only use this to get idhub dependency
         #   didkit-0.3.2-cp311-cp311-manylinux_2_34_x86_64.whl
         _pull 'git@gitea.pangea.org:trustchain-oc1-orchestral/ssikit_trustchain.git' 'master'
-        _pull 'git@gitea.pangea.org:trustchain-oc1-orchestral/devicehub-teal' 'idhub'
 
 }