automate OIDC setup for devicehub server & client
This commit is contained in:
parent
260ac90f86
commit
b423a53cfe
|
@ -1,15 +1,13 @@
|
|||
version: "3.9"
|
||||
services:
|
||||
|
||||
devicehub:
|
||||
devicehub-id-server:
|
||||
init: true
|
||||
# TODO
|
||||
image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__eafcac09
|
||||
#build .
|
||||
image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__54511e1b
|
||||
environment:
|
||||
- DB_USER=${DB_USER}
|
||||
- DB_PASSWORD=${DB_PASSWORD}
|
||||
- DB_HOST=postgres
|
||||
- DB_HOST=postgres-id-server
|
||||
- DB_DATABASE=${DB_DATABASE}
|
||||
- HOST=${HOST}
|
||||
- EMAIL_DEMO=${EMAIL_DEMO}
|
||||
|
@ -19,15 +17,18 @@ services:
|
|||
- API_DLT=${API_DLT}
|
||||
- API_RESOLVER=${API_RESOLVER}
|
||||
- API_DLT_TOKEN=${API_DLT_TOKEN}
|
||||
- DEVICEHUB_HOST=${DEVICEHUB_HOST}
|
||||
- ID_FEDERATED=${ID_FEDERATED}
|
||||
- DEVICEHUB_HOST=${SERVER_ID_DEVICEHUB_HOST}
|
||||
- ID_FEDERATED=${SERVER_ID_FEDERATED}
|
||||
- URL_MANUALS=${URL_MANUALS}
|
||||
- ID_SERVICE=${SERVER_ID_SERVICE}
|
||||
- AUTHORIZED_CLIENT_URL=${CLIENT_ID_DEVICEHUB_HOST}
|
||||
ports:
|
||||
- 5000:5000
|
||||
volumes:
|
||||
- ${SNAPSHOTS_PATH}:/mnt/snapshots:ro
|
||||
- shared:/shared:rw
|
||||
|
||||
postgres:
|
||||
postgres-id-server:
|
||||
image: dkr-dsg.ac.upc.edu/devicehub/postgres:dpp_docker__eafcac09
|
||||
# 4. To create the database.
|
||||
# 5. Give permissions to the corresponding users in the database.
|
||||
|
@ -36,8 +37,52 @@ services:
|
|||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
- POSTGRES_USER=${DB_USER}
|
||||
- POSTGRES_DB=${DB_DATABASE}
|
||||
# DEBUG
|
||||
#ports:
|
||||
# - 5432:5432
|
||||
# TODO persistence
|
||||
#volumes:
|
||||
# - pg_data:/var/lib/postgresql/data
|
||||
|
||||
devicehub-id-client:
|
||||
init: true
|
||||
image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__54511e1b
|
||||
environment:
|
||||
- DB_USER=${DB_USER}
|
||||
- DB_PASSWORD=${DB_PASSWORD}
|
||||
- DB_HOST=postgres-id-client
|
||||
- DB_DATABASE=${DB_DATABASE}
|
||||
- HOST=${HOST}
|
||||
- EMAIL_DEMO=${EMAIL_DEMO}
|
||||
- PASSWORD_DEMO=${PASSWORD_DEMO}
|
||||
- JWT_PASS=${JWT_PASS}
|
||||
- SECRET_KEY=${SECRET_KEY}
|
||||
- API_DLT=${API_DLT}
|
||||
- API_RESOLVER=${API_RESOLVER}
|
||||
- API_DLT_TOKEN=${API_DLT_TOKEN}
|
||||
- DEVICEHUB_HOST=${CLIENT_ID_DEVICEHUB_HOST}
|
||||
- SERVER_ID_HOST=${SERVER_ID_DEVICEHUB_HOST}
|
||||
- ID_FEDERATED=${CLIENT_ID_FEDERATED}
|
||||
- URL_MANUALS=${URL_MANUALS}
|
||||
- ID_SERVICE=${CLIENT_ID_SERVICE}
|
||||
ports:
|
||||
- 5432:5432
|
||||
- 5001:5001
|
||||
volumes:
|
||||
- ${SNAPSHOTS_PATH}:/mnt/snapshots:ro
|
||||
- shared:/shared:ro
|
||||
|
||||
postgres-id-client:
|
||||
image: dkr-dsg.ac.upc.edu/devicehub/postgres:dpp_docker__eafcac09
|
||||
# 4. To create the database.
|
||||
# 5. Give permissions to the corresponding users in the database.
|
||||
# extra src https://github.com/docker-library/docs/blob/master/postgres/README.md#environment-variables
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
- POSTGRES_USER=${DB_USER}
|
||||
- POSTGRES_DB=${DB_DATABASE}
|
||||
# DEBUG
|
||||
#ports:
|
||||
# - 5432:5432
|
||||
# TODO persistence
|
||||
#volumes:
|
||||
# - pg_data:/var/lib/postgresql/data
|
||||
|
@ -45,3 +90,6 @@ services:
|
|||
|
||||
# TODO https://testdriven.io/blog/dockerizing-django-with-postgres-gunicorn-and-nginx/
|
||||
#nginx
|
||||
|
||||
volumes:
|
||||
shared:
|
||||
|
|
|
@ -102,15 +102,48 @@ handle_federated_id() {
|
|||
|
||||
}
|
||||
|
||||
main() {
|
||||
config_oidc() {
|
||||
# TODO test allowing more than 1 client
|
||||
if [ "${ID_SERVICE}" = "server_id" ]; then
|
||||
|
||||
gen_env_vars
|
||||
client_description="client identity from docker compose demo"
|
||||
|
||||
wait_for_postgres
|
||||
# in AUTHORIZED_CLIENT_URL we remove anything before ://
|
||||
flask add_contract_oidc \
|
||||
"${EMAIL_DEMO}" \
|
||||
"${client_description}" \
|
||||
"${AUTHORIZED_CLIENT_URL}" \
|
||||
> /shared/client_id_${AUTHORIZED_CLIENT_URL#*://}
|
||||
|
||||
init_flagfile='/container_initialized'
|
||||
elif [ "${ID_SERVICE}" = "client_id" ]; then
|
||||
|
||||
# in DEVICEHUB_HOST we remove anything before ://
|
||||
CLIENT_ID_CONFIG="/shared/client_id_${DEVICEHUB_HOST#*://}"
|
||||
|
||||
# wait that the file generated by the server_id is readable
|
||||
while true; do
|
||||
if [ -f "${CLIENT_ID_CONFIG}" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
client_id="$(cat "${CLIENT_ID_CONFIG}" | jq -r '.client_id')"
|
||||
client_secret="$(cat "${CLIENT_ID_CONFIG}" | jq -r '.client_secret')"
|
||||
|
||||
flask add_client_oidc \
|
||||
"${SERVER_ID_HOST}" \
|
||||
"${client_id}" \
|
||||
"${client_secret}"
|
||||
|
||||
else
|
||||
big_error "Something went wrong ${ID_SERVICE} is not server_id nor client_id"
|
||||
fi
|
||||
}
|
||||
|
||||
config_phase() {
|
||||
init_flagfile='/already_configured'
|
||||
if [ ! -f "${init_flagfile}" ]; then
|
||||
|
||||
# 7, 8, 9, 11
|
||||
init_data
|
||||
|
||||
|
@ -133,9 +166,21 @@ main() {
|
|||
# # 16.
|
||||
flask check_install "${EMAIL_DEMO}" ${PASSWORD_DEMO}
|
||||
|
||||
# config server or client ID
|
||||
config_oidc
|
||||
|
||||
# remain next command as the last operation for this if conditional
|
||||
touch "${init_flagfile}"
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
|
||||
gen_env_vars
|
||||
|
||||
wait_for_postgres
|
||||
|
||||
config_phase
|
||||
|
||||
# 17. Use gunicorn
|
||||
# thanks https://akira3030.github.io/formacion/articulos/python-flask-gunicorn-docker.html
|
||||
|
|
|
@ -9,7 +9,10 @@ API_RESOLVER='http://$IP_API_RESOLVER'
|
|||
ID_FEDERATED='$ID'
|
||||
URL_MANUALS='http://$IP_MANUALS'
|
||||
|
||||
DEVICEHUB_HOST='http://devicehub.example.com'
|
||||
SERVER_ID_DEVICEHUB_HOST='http://devicehub-server-id.example.com'
|
||||
CLIENT_ID_DEVICEHUB_HOST='http://devicehub-client-id.example.com'
|
||||
SERVER_ID_SERVICE='server_id'
|
||||
CLIENT_ID_SERVICE='client_id'
|
||||
HOST='localhost'
|
||||
|
||||
SCHEMA='dbtest'
|
||||
|
|
Reference in a new issue