musician: make it build and run, missing IDP binds

2024-01-23 09:10:41 +01:00 · 2024-01-23 09:10:41 +01:00 · a10075e80e
parent 21d8c34e1b
commit a10075e80e
3 changed files with 60 additions and 17 deletions
--- a/.env.example
+++ b/.env.example
@ -6,10 +6,11 @@
 # MUSICIAN
 ####

-#MUSICIAN_SECRET_KEY='uncomment-it-and-fill-this'
+MUSICIAN_SECRET_KEY='changeme_v9&&N$Lt9t*5EGwm0w'
 # specially useful if you want to deploy in a specific domain
-#MUSICIAN_API_BASE_URL='https://orchestra.example.org'
-#MUSICIAN_ALLOWED_HOSTS='musician.example.org'
+MUSICIAN_API_BASE_URL='https://orchestra.example.org'
+MUSICIAN_ALLOWED_HOSTS='musician.example.org'
+DOMAIN='musician.example.org'

 # DEVICEHUB
 ####
--- a/docker-compose__pilot-pangea.yml
+++ b/docker-compose__pilot-pangea.yml
@ -21,6 +21,7 @@ services:
      - SECRET_KEY=${MUSICIAN_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
      - API_BASE_URL=${MUSICIAN_API_BASE_URL:-http://nginx-orchestra-api:3000}
      - ALLOWED_HOSTS=${MUSICIAN_ALLOWED_HOSTS:-*}
+      - DOMAIN=${MUSICIAN_DOMAIN}
    # TODO configure volumes
    #volumes:
    #  - .:/home
--- a/docker/musician.entrypoint.sh
+++ b/docker/musician.entrypoint.sh
@ -1,21 +1,62 @@
 #!/bin/sh

 set -e
-set -u
-#set -x
+# TODO fix the env so configures it to idp, then uncomment this checker
+#set -u
+# DEBUG
+set -x

+# this function is similar to the client_id part of config_oidc (devicehub)
+oidc_config() {
+        # in DEVICEHUB_HOST we remove anything before ://
+        client_id_config="/shared/client_id_${SERVER_ID_HOST#*://}"
+        CLIENT_ID=
+        CLIENT_SECRET=
+
+        # wait that the file generated by the server_id is readable
+        while true; do
+                if [ -f "${client_id_config}" ]; then
+                        CLIENT_ID="$(cat "${client_id_config}" | jq -r '.client_id')"
+                        CLIENT_SECRET="$(cat "${client_id_config}" | jq -r '.client_secret')"
+                        if [ "${CLIENT_ID}" ] && [ "${CLIENT_SECRET}" ]; then
+                                break
+                        fi
+                fi
+                sleep 1
+        done
+}
+
+populate_env() {
+        cat > .env <<END
+SECRET_KEY="${SECRET_KEY}"
+API_BASE_URL="${API_BASE_URL}"
+ALLOWED_HOSTS="${ALLOWED_HOSTS:-.localhost,127.0.0.1}"
+STATIC_ROOT="${STATIC_ROOT:-/static/}"
+DEBUG="True"
+CLIENT_ID="${CLIENT_ID}"
+CLIENT_SECRET="${CLIENT_SECRET}"
+SERVER_ID_HOST="${SERVER_ID_HOST}"
+# path for goautentik idp (TODO)
+#OIDC_PROVIDER="${SERVER_ID_HOST}/application/o/authorize"
+# path for devicehub idp
+OIDC_PROVIDER="${SERVER_ID_HOST}/oauth/authorize"
+END
+}
+
+main() {
        # go to the same path as the script
        cd "$(dirname ${0})"

-cat > .env <<END
-SECRET_KEY=${SECRET_KEY}
-API_BASE_URL=${API_BASE_URL}
-ALLOWED_HOSTS=${ALLOWED_HOSTS:-.localhost,127.0.0.1}
-STATIC_ROOT=${STATIC_ROOT:-/static/}
-DEBUG=True
-END
+        # TODO fix the env so configures it to idp, then uncomment this command:
+        #oidc_config
+
+        populate_env

        # move the migrate thing in docker entrypoint
        #   inspired by https://medium.com/analytics-vidhya/django-with-docker-and-docker-compose-python-part-2-8415976470cc
        ./manage.py migrate
        ./manage.py runserver 0.0.0.0:8080
+}
+
+main "${@}"
+