add pilot ereuse (untested on prod)
README WIP
This commit is contained in:
parent
300f705bf7
commit
b0b160f088
12
.env.example
12
.env.example
|
@ -16,9 +16,10 @@ MUSICIAN_DOMAIN='musician.example.org'
|
||||||
####
|
####
|
||||||
|
|
||||||
# Please fill in these three variables
|
# Please fill in these three variables
|
||||||
DEVICEHUB_API_DLT='http://$FIXME_IP_API_DLT'
|
DEVICEHUB_API_DLT='http://fixme.dlt.example.com'
|
||||||
DEVICEHUB_API_DLT_TOKEN=$FIXME_TOKEN
|
DEVICEHUB_API_DLT_TOKEN=fixme_apsdfiojai8gji34kjl354kljwkljfsdgoj32i4jo23jiojoi
|
||||||
DEVICEHUB_API_RESOLVER='http://$FIXME_IP_API_RESOLVER'
|
DEVICEHUB_API_RESOLVER='http://fixme.apiresolver.example.com'
|
||||||
|
DEVICEHUB_VERIFY_URL='http://idhub2-ereuse.demo.pangea.org/promotion/select_wallet'
|
||||||
# you might change or register ID_FEDERATED if you change DEVICEHUB_HOST
|
# you might change or register ID_FEDERATED if you change DEVICEHUB_HOST
|
||||||
DEVICEHUB_ID_FEDERATED='DH12'
|
DEVICEHUB_ID_FEDERATED='DH12'
|
||||||
# TODO this should be guessed by DEVICEHUB_HOST, and avoid hardcode of ID_FEDERATED
|
# TODO this should be guessed by DEVICEHUB_HOST, and avoid hardcode of ID_FEDERATED
|
||||||
|
@ -46,8 +47,8 @@ DEVICEHUB_SERVER_ID_EMAIL_DEMO='user5000@example.com'
|
||||||
DEVICEHUB_CLIENT_ID_EMAIL_DEMO='user5001@example.com'
|
DEVICEHUB_CLIENT_ID_EMAIL_DEMO='user5001@example.com'
|
||||||
DEVICEHUB_PASSWORD_DEMO='1234'
|
DEVICEHUB_PASSWORD_DEMO='1234'
|
||||||
|
|
||||||
DEVICEHUB_JWT_PASS='uncomment-it-and-fill-this'
|
DEVICEHUB_JWT_PASS='fixme_ajpfoiafjsn3nlk3n4'
|
||||||
DEVICEHUB_SECRET_KEY='uncomment-it-and-fill-this'
|
DEVICEHUB_SECRET_KEY='fixme_aspijoio3j24n23nlsdlkfsadljksafdljk'
|
||||||
|
|
||||||
# important to import snapshots (step 15)
|
# important to import snapshots (step 15)
|
||||||
# rel path starts with ./
|
# rel path starts with ./
|
||||||
|
@ -93,7 +94,6 @@ IDHUB_SYNC_ORG_DEV='n'
|
||||||
|
|
||||||
IDHUB_PILOT_TEST__ADMIN_EMAIL='admin@example.com'
|
IDHUB_PILOT_TEST__ADMIN_EMAIL='admin@example.com'
|
||||||
IDHUB_PILOT_TEST__ADMIN_PASSWORD='1234'
|
IDHUB_PILOT_TEST__ADMIN_PASSWORD='1234'
|
||||||
IDHUB_PILOT_LAFEDE__ADMIN_EMAIL='masked@example.com'
|
|
||||||
|
|
||||||
# AUTHENTIK aka goauthentik
|
# AUTHENTIK aka goauthentik
|
||||||
####
|
####
|
||||||
|
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -8,6 +8,8 @@ django-musician
|
||||||
IdHub
|
IdHub
|
||||||
authentik
|
authentik
|
||||||
ssikit_trustchain
|
ssikit_trustchain
|
||||||
|
IdHub_E2E_testing
|
||||||
|
devicehub-teal
|
||||||
|
|
||||||
idhub__*
|
idhub__*
|
||||||
idhub1__*
|
idhub1__*
|
||||||
|
|
13
Makefile
13
Makefile
|
@ -34,6 +34,9 @@ devicehub_tag := ${devicehub_branch}__${devicehub_commit}
|
||||||
devicehub_tag := latest
|
devicehub_tag := latest
|
||||||
devicehub_image := ${project}/devicehub:${devicehub_tag}
|
devicehub_image := ${project}/devicehub:${devicehub_tag}
|
||||||
|
|
||||||
|
postgres_tag := latest
|
||||||
|
postgres_image := ${project}/postgres:${postgres_tag}
|
||||||
|
|
||||||
####
|
####
|
||||||
# idhub image tag
|
# idhub image tag
|
||||||
####
|
####
|
||||||
|
@ -56,6 +59,16 @@ orchestra_build:
|
||||||
.PHONY: musician_build
|
.PHONY: musician_build
|
||||||
musician_build:
|
musician_build:
|
||||||
docker build -f docker/musician.Dockerfile -t ${musician_image} -t ${project}/musician:latest .
|
docker build -f docker/musician.Dockerfile -t ${musician_image} -t ${project}/musician:latest .
|
||||||
|
.PHONY: devicehub_build
|
||||||
|
devicehub_build:
|
||||||
|
# thanks src https://stackoverflow.com/questions/1789594/how-do-i-write-the-cd-command-in-a-makefile
|
||||||
|
cd devicehub-teal; \
|
||||||
|
docker build -f docker/devicehub.Dockerfile -t ${devicehub_image} -t ${project}/devicehub:latest .
|
||||||
|
.PHONY: postgres_build
|
||||||
|
postgres_build:
|
||||||
|
# thanks src https://stackoverflow.com/questions/1789594/how-do-i-write-the-cd-command-in-a-makefile
|
||||||
|
cd devicehub-teal; \
|
||||||
|
docker build -f docker/postgres.Dockerfile -t ${postgres_image} -t ${project}/postgres:latest .
|
||||||
|
|
||||||
docker_build:
|
docker_build:
|
||||||
docker build -f docker/orchestra.Dockerfile -t ${orchestra_image} -t ${project}/orchestra:latest .
|
docker build -f docker/orchestra.Dockerfile -t ${orchestra_image} -t ${project}/orchestra:latest .
|
||||||
|
|
11
README.md
11
README.md
|
@ -28,8 +28,8 @@
|
||||||
|
|
||||||
- **Pangea**:
|
- **Pangea**:
|
||||||
- Instances:
|
- Instances:
|
||||||
- https://idhub1-pangea.demo.pangea.org
|
- https://idhub1.demo.pangea.org
|
||||||
- https://idhub2-pangea.demo.pangea.org
|
- https://idhub2.demo.pangea.org
|
||||||
- Motivation: The case of Pangea as a web/internet service provider, with member organisations that receive services. These organisations have allocated several resources units (mail accounts, blogs, etc.). Only authorised users with a specific role should be able to access the Musician (Administration Control Panel of resources).
|
- Motivation: The case of Pangea as a web/internet service provider, with member organisations that receive services. These organisations have allocated several resources units (mail accounts, blogs, etc.). Only authorised users with a specific role should be able to access the Musician (Administration Control Panel of resources).
|
||||||
- Scenarios:
|
- Scenarios:
|
||||||
- Scenario 1-> 'Login with Organisation A (Idp)'. The staff members of organisation A, with the appropiate role, can authenticate themselves by providing their organisation credentials (username and password) to access a service in Pangea (Musician).
|
- Scenario 1-> 'Login with Organisation A (Idp)'. The staff members of organisation A, with the appropiate role, can authenticate themselves by providing their organisation credentials (username and password) to access a service in Pangea (Musician).
|
||||||
|
@ -41,6 +41,13 @@
|
||||||
- Scenario 2-> 'Present a verifiable credential'. The staff members of organisation A, with the appropiate credentials, present them to Pangea in order to access the Musician service.
|
- Scenario 2-> 'Present a verifiable credential'. The staff members of organisation A, with the appropiate credentials, present them to Pangea in order to access the Musician service.
|
||||||
|
|
||||||
Actors-> **Pangea**: IdP (goauthentik), IdHub (as verifier), Musician, Orchestra (with also nginx API rproxy). **Organisation A**: IdHub (as user wallet)
|
Actors-> **Pangea**: IdP (goauthentik), IdHub (as verifier), Musician, Orchestra (with also nginx API rproxy). **Organisation A**: IdHub (as user wallet)
|
||||||
|
- **ereuse**:
|
||||||
|
- Instances:
|
||||||
|
- https://idhub1-ereuse.demo.pangea.org
|
||||||
|
- https://idhub2-ereuse.demo.pangea.org
|
||||||
|
- https://devicehub.demo.pangea.org
|
||||||
|
- Motivation: TODO
|
||||||
|
- Scenarios: TODO
|
||||||
- **generic**: https://idhub.demo.pangea.org
|
- **generic**: https://idhub.demo.pangea.org
|
||||||
- Motivation: For demo purposes, for showing other people different than the intended pilot what we do. It is currently similar to lafede pilot
|
- Motivation: For demo purposes, for showing other people different than the intended pilot what we do. It is currently similar to lafede pilot
|
||||||
|
|
||||||
|
|
32
build__pilot-ereuse.sh
Executable file
32
build__pilot-ereuse.sh
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
set -u
|
||||||
|
# DEBUG
|
||||||
|
set -x
|
||||||
|
|
||||||
|
main() {
|
||||||
|
cd "$(dirname "${0}")"
|
||||||
|
|
||||||
|
# includes functions:
|
||||||
|
# common_start
|
||||||
|
# common_end
|
||||||
|
. ./build__common.sh
|
||||||
|
|
||||||
|
# vars used in common_start and end
|
||||||
|
target='pilot-ereuse'
|
||||||
|
idhubs='idhub1 idhub2'
|
||||||
|
|
||||||
|
# TEMP, move to release when it is in release
|
||||||
|
idhub_branch='release'
|
||||||
|
|
||||||
|
common_start
|
||||||
|
|
||||||
|
# common_end builds idhub
|
||||||
|
# these are extra builds specific for this pilot
|
||||||
|
make postgres_build
|
||||||
|
make devicehub_build
|
||||||
|
common_end
|
||||||
|
}
|
||||||
|
|
||||||
|
main "${@}"
|
115
docker-compose__pilot-ereuse.yml
Normal file
115
docker-compose__pilot-ereuse.yml
Normal file
|
@ -0,0 +1,115 @@
|
||||||
|
services:
|
||||||
|
|
||||||
|
idhub1:
|
||||||
|
init: true
|
||||||
|
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||||
|
environment:
|
||||||
|
- DOMAIN=idhub1-ereuse.demo.pangea.org
|
||||||
|
- CREATE_TEST_USERS=true
|
||||||
|
- ENABLE_EMAIL=false
|
||||||
|
- ENABLE_2FACTOR_AUTH=false
|
||||||
|
- LANGUAGE_CODE=ca
|
||||||
|
- INITIAL_ADMIN_EMAIL=${IDHUB_PILOT_TEST__ADMIN_EMAIL}
|
||||||
|
- INITIAL_ADMIN_PASSWORD=${IDHUB_PILOT_TEST__ADMIN_PASSWORD}
|
||||||
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||||
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||||
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||||
|
- PORT=${IDHUB_PORT:-9001}
|
||||||
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||||
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||||
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||||
|
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
|
||||||
|
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||||
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||||
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||||
|
- SUPPORTED_CREDENTIALS=['MembershipCard']
|
||||||
|
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||||
|
- OIDC_OIRGS=examples/organizations__pilot_ereuse.csv
|
||||||
|
- OIDC_REDIRECT=true
|
||||||
|
ports:
|
||||||
|
- 9101:9001
|
||||||
|
volumes:
|
||||||
|
- ./idhub1__pilot-ereuse:/opt/idhub
|
||||||
|
- sharedsecret:/sharedsecret:rw
|
||||||
|
|
||||||
|
idhub2:
|
||||||
|
init: true
|
||||||
|
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
||||||
|
environment:
|
||||||
|
- DOMAIN=idhub2-ereuse.demo.pangea.org
|
||||||
|
- ENABLE_EMAIL=false
|
||||||
|
- ENABLE_2FACTOR_AUTH=false
|
||||||
|
- LANGUAGE_CODE=ca
|
||||||
|
- INITIAL_ADMIN_EMAIL=${IDHUB_PILOT_TEST__ADMIN_EMAIL}
|
||||||
|
- INITIAL_ADMIN_PASSWORD=${IDHUB_PILOT_TEST__ADMIN_PASSWORD}
|
||||||
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
||||||
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
||||||
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
||||||
|
- PORT=${IDHUB_PORT:-9002}
|
||||||
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
||||||
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
||||||
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
||||||
|
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
|
||||||
|
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
||||||
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
||||||
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
||||||
|
- SUPPORTED_CREDENTIALS=['EOperatorClaim']
|
||||||
|
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
|
||||||
|
- OIDC_OIRGS=examples/organizations__pilot_ereuse.csv
|
||||||
|
- OIDC_REDIRECT=true
|
||||||
|
ports:
|
||||||
|
- 9102:9001
|
||||||
|
volumes:
|
||||||
|
- ./idhub2__pilot-ereuse:/opt/idhub
|
||||||
|
- sharedsecret:/sharedsecret:rw
|
||||||
|
|
||||||
|
devicehub:
|
||||||
|
init: true
|
||||||
|
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/devicehub:latest
|
||||||
|
environment:
|
||||||
|
- HOST=devicehub.demo.pangea.org
|
||||||
|
- DEVICEHUB_HOST=https://devicehub.demo.pangea.org
|
||||||
|
- ID_FEDERATED=DH9
|
||||||
|
- DB_USER=${DEVICEHUB_DB_USER}
|
||||||
|
- DB_PASSWORD=${DEVICEHUB_DB_PASSWORD}
|
||||||
|
- DB_HOST=postgres-dh
|
||||||
|
- DB_DATABASE=${DEVICEHUB_DB_DATABASE}
|
||||||
|
- EMAIL_DEMO=${DEVICEHUB_SERVER_ID_EMAIL_DEMO}
|
||||||
|
- PASSWORD_DEMO=${DEVICEHUB_PASSWORD_DEMO}
|
||||||
|
- JWT_PASS=${DEVICEHUB_JWT_PASS}
|
||||||
|
- SECRET_KEY=${DEVICEHUB_SECRET_KEY}
|
||||||
|
- API_DLT=${DEVICEHUB_API_DLT}
|
||||||
|
- API_RESOLVER=${DEVICEHUB_API_RESOLVER}
|
||||||
|
- API_DLT_TOKEN=${DEVICEHUB_API_DLT_TOKEN}
|
||||||
|
- VERIFY_URL=${DEVICEHUB_VERIFY_URL}
|
||||||
|
- EREUSE_PILOT=y
|
||||||
|
- URL_MANUALS=${DEVICEHUB_URL_MANUALS}
|
||||||
|
- ID_SERVICE=${DEVICEHUB_SERVER_ID_SERVICE}
|
||||||
|
- AUTHORIZED_CLIENT_URL=${DEVICEHUB_CLIENT_ID_DEVICEHUB_HOST}
|
||||||
|
- DPP_MODULE=y
|
||||||
|
- CONFIG_OIDC=n
|
||||||
|
- IMPORT_SNAPSHOTS=n
|
||||||
|
ports:
|
||||||
|
- 5000:5000
|
||||||
|
volumes:
|
||||||
|
- devicehub:/opt/devicehub:rw
|
||||||
|
|
||||||
|
postgres-dh:
|
||||||
|
image: dkr-dsg.ac.upc.edu/ereuse/postgres:latest
|
||||||
|
# 4. To create the database.
|
||||||
|
# 5. Give permissions to the corresponding users in the database.
|
||||||
|
# extra src https://github.com/docker-library/docs/blob/master/postgres/README.md#environment-variables
|
||||||
|
environment:
|
||||||
|
- POSTGRES_PASSWORD=${DEVICEHUB_DB_PASSWORD}
|
||||||
|
- POSTGRES_USER=${DEVICEHUB_DB_USER}
|
||||||
|
- POSTGRES_DB=${DEVICEHUB_DB_DATABASE}
|
||||||
|
# DEBUG
|
||||||
|
#ports:
|
||||||
|
# - 5432:5432
|
||||||
|
# TODO persistence
|
||||||
|
#volumes:
|
||||||
|
# - pg_data:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
sharedsecret:
|
||||||
|
devicehub:
|
|
@ -37,6 +37,7 @@ main() {
|
||||||
# we only use this to get idhub dependency
|
# we only use this to get idhub dependency
|
||||||
# didkit-0.3.2-cp311-cp311-manylinux_2_34_x86_64.whl
|
# didkit-0.3.2-cp311-cp311-manylinux_2_34_x86_64.whl
|
||||||
_pull 'git@gitea.pangea.org:trustchain-oc1-orchestral/ssikit_trustchain.git' 'master'
|
_pull 'git@gitea.pangea.org:trustchain-oc1-orchestral/ssikit_trustchain.git' 'master'
|
||||||
|
_pull 'git@gitea.pangea.org:trustchain-oc1-orchestral/devicehub-teal' 'idhub'
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Reference in a new issue