automate OIDC setup for devicehub server & client

This commit is contained in:
pedro 2023-09-21 18:15:54 +02:00
parent 260ac90f86
commit b423a53cfe
3 changed files with 113 additions and 17 deletions

View file

@ -1,15 +1,13 @@
version: "3.9"
services:
devicehub:
devicehub-id-server:
init: true
# TODO
image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__eafcac09
#build .
image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__54511e1b
environment:
- DB_USER=${DB_USER}
- DB_PASSWORD=${DB_PASSWORD}
- DB_HOST=postgres
- DB_HOST=postgres-id-server
- DB_DATABASE=${DB_DATABASE}
- HOST=${HOST}
- EMAIL_DEMO=${EMAIL_DEMO}
@ -19,15 +17,18 @@ services:
- API_DLT=${API_DLT}
- API_RESOLVER=${API_RESOLVER}
- API_DLT_TOKEN=${API_DLT_TOKEN}
- DEVICEHUB_HOST=${DEVICEHUB_HOST}
- ID_FEDERATED=${ID_FEDERATED}
- DEVICEHUB_HOST=${SERVER_ID_DEVICEHUB_HOST}
- ID_FEDERATED=${SERVER_ID_FEDERATED}
- URL_MANUALS=${URL_MANUALS}
- ID_SERVICE=${SERVER_ID_SERVICE}
- AUTHORIZED_CLIENT_URL=${CLIENT_ID_DEVICEHUB_HOST}
ports:
- 5000:5000
volumes:
- ${SNAPSHOTS_PATH}:/mnt/snapshots:ro
- shared:/shared:rw
postgres:
postgres-id-server:
image: dkr-dsg.ac.upc.edu/devicehub/postgres:dpp_docker__eafcac09
# 4. To create the database.
# 5. Give permissions to the corresponding users in the database.
@ -36,8 +37,52 @@ services:
- POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_USER=${DB_USER}
- POSTGRES_DB=${DB_DATABASE}
# DEBUG
#ports:
# - 5432:5432
# TODO persistence
#volumes:
# - pg_data:/var/lib/postgresql/data
devicehub-id-client:
init: true
image: dkr-dsg.ac.upc.edu/devicehub/devicehub:dpp_docker__54511e1b
environment:
- DB_USER=${DB_USER}
- DB_PASSWORD=${DB_PASSWORD}
- DB_HOST=postgres-id-client
- DB_DATABASE=${DB_DATABASE}
- HOST=${HOST}
- EMAIL_DEMO=${EMAIL_DEMO}
- PASSWORD_DEMO=${PASSWORD_DEMO}
- JWT_PASS=${JWT_PASS}
- SECRET_KEY=${SECRET_KEY}
- API_DLT=${API_DLT}
- API_RESOLVER=${API_RESOLVER}
- API_DLT_TOKEN=${API_DLT_TOKEN}
- DEVICEHUB_HOST=${CLIENT_ID_DEVICEHUB_HOST}
- SERVER_ID_HOST=${SERVER_ID_DEVICEHUB_HOST}
- ID_FEDERATED=${CLIENT_ID_FEDERATED}
- URL_MANUALS=${URL_MANUALS}
- ID_SERVICE=${CLIENT_ID_SERVICE}
ports:
- 5432:5432
- 5001:5001
volumes:
- ${SNAPSHOTS_PATH}:/mnt/snapshots:ro
- shared:/shared:ro
postgres-id-client:
image: dkr-dsg.ac.upc.edu/devicehub/postgres:dpp_docker__eafcac09
# 4. To create the database.
# 5. Give permissions to the corresponding users in the database.
# extra src https://github.com/docker-library/docs/blob/master/postgres/README.md#environment-variables
environment:
- POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_USER=${DB_USER}
- POSTGRES_DB=${DB_DATABASE}
# DEBUG
#ports:
# - 5432:5432
# TODO persistence
#volumes:
# - pg_data:/var/lib/postgresql/data
@ -45,3 +90,6 @@ services:
# TODO https://testdriven.io/blog/dockerizing-django-with-postgres-gunicorn-and-nginx/
#nginx
volumes:
shared:

View file

@ -102,15 +102,48 @@ handle_federated_id() {
}
main() {
config_oidc() {
# TODO test allowing more than 1 client
if [ "${ID_SERVICE}" = "server_id" ]; then
gen_env_vars
client_description="client identity from docker compose demo"
wait_for_postgres
# in AUTHORIZED_CLIENT_URL we remove anything before ://
flask add_contract_oidc \
"${EMAIL_DEMO}" \
"${client_description}" \
"${AUTHORIZED_CLIENT_URL}" \
> /shared/client_id_${AUTHORIZED_CLIENT_URL#*://}
init_flagfile='/container_initialized'
elif [ "${ID_SERVICE}" = "client_id" ]; then
# in DEVICEHUB_HOST we remove anything before ://
CLIENT_ID_CONFIG="/shared/client_id_${DEVICEHUB_HOST#*://}"
# wait that the file generated by the server_id is readable
while true; do
if [ -f "${CLIENT_ID_CONFIG}" ]; then
break
fi
sleep 1
done
client_id="$(cat "${CLIENT_ID_CONFIG}" | jq -r '.client_id')"
client_secret="$(cat "${CLIENT_ID_CONFIG}" | jq -r '.client_secret')"
flask add_client_oidc \
"${SERVER_ID_HOST}" \
"${client_id}" \
"${client_secret}"
else
big_error "Something went wrong ${ID_SERVICE} is not server_id nor client_id"
fi
}
config_phase() {
init_flagfile='/already_configured'
if [ ! -f "${init_flagfile}" ]; then
# 7, 8, 9, 11
init_data
@ -133,9 +166,21 @@ main() {
# # 16.
flask check_install "${EMAIL_DEMO}" ${PASSWORD_DEMO}
# config server or client ID
config_oidc
# remain next command as the last operation for this if conditional
touch "${init_flagfile}"
fi
}
main() {
gen_env_vars
wait_for_postgres
config_phase
# 17. Use gunicorn
# thanks https://akira3030.github.io/formacion/articulos/python-flask-gunicorn-docker.html

View file

@ -9,7 +9,10 @@ API_RESOLVER='http://$IP_API_RESOLVER'
ID_FEDERATED='$ID'
URL_MANUALS='http://$IP_MANUALS'
DEVICEHUB_HOST='http://devicehub.example.com'
SERVER_ID_DEVICEHUB_HOST='http://devicehub-server-id.example.com'
CLIENT_ID_DEVICEHUB_HOST='http://devicehub-client-id.example.com'
SERVER_ID_SERVICE='server_id'
CLIENT_ID_SERVICE='client_id'
HOST='localhost'
SCHEMA='dbtest'