diff --git a/.env.example b/.env.example index 555aa27..eea77f8 100644 --- a/.env.example +++ b/.env.example @@ -63,8 +63,8 @@ verify_DB_USER=verify verify_SCHEMA_TYPE=federated # s3inbox -s3inbox_BROKER_PASSWORD=inbox -s3inbox_BROKER_ROUTINGKEY=inbox -s3inbox_BROKER_USER=inbox -s3inbox_DB_PASSWORD=inbox -s3inbox_DB_USER=inbox +inbox_BROKER_PASSWORD=inbox +inbox_BROKER_ROUTINGKEY=inbox +inbox_BROKER_USER=inbox +inbox_DB_PASSWORD=inbox +inbox_DB_USER=inbox diff --git a/.github/workflows/test_demo.yaml b/.github/workflows/test_demo.yaml index 34fc575..69b3be2 100644 --- a/.github/workflows/test_demo.yaml +++ b/.github/workflows/test_demo.yaml @@ -16,6 +16,7 @@ jobs: cp config/config.yaml.example config/config.yaml cp config/iss.json.example config/iss.json cp .env.example .env + sed -E -i 's/(_DB_PASSWORD=)([^ ]+)/\1\2New/;s/(_BROKER_PASSWORD=)([^ ]+)/\1\2New/ ' .env docker compose -f docker-compose-demo.yml up -d until [ "$(docker inspect data_loader --format='{{.State.Status}}')" = "exited" ]; do echo "waithg for data_loader to finish" diff --git a/docker-compose.yml b/docker-compose.yml index 3da7894..f89519f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,6 +14,8 @@ services: condition: service_healthy environment: - PGPASSWORD=${credentials_PGPASSWORD} + env_file: + - .env image: python:3.10-slim networks: - secure @@ -270,11 +272,11 @@ services: s3: condition: service_healthy environment: - - BROKER_PASSWORD=${s3inbox_BROKER_PASSWORD} - - BROKER_ROUTINGKEY=${s3inbox_BROKER_ROUTINGKEY} - - BROKER_USER=${s3inbox_BROKER_USER} - - DB_PASSWORD=${s3inbox_DB_PASSWORD} - - DB_USER=${s3inbox_DB_USER} + - BROKER_PASSWORD=${inbox_BROKER_PASSWORD} + - BROKER_ROUTINGKEY=${inbox_BROKER_ROUTINGKEY} + - BROKER_USER=${inbox_BROKER_USER} + - DB_PASSWORD=${inbox_DB_PASSWORD} + - DB_USER=${inbox_DB_USER} - SERVER_JWTPUBKEYURL=http://${DOCKERHOST:-dockerhost}:8080/oidc/jwk extra_hosts: - ${DOCKERHOST:-dockerhost}:host-gateway diff --git a/scripts/make_credentials.sh b/scripts/make_credentials.sh index 455cdf0..4aadfa5 100644 --- a/scripts/make_credentials.sh +++ b/scripts/make_credentials.sh @@ -12,13 +12,18 @@ pip install aiohttp Authlib joserfc requests > /dev/null for n in download finalize inbox ingest mapper sync verify; do echo "creating credentials for: $n" - ## password and permissions for MQ - body_data=$(jq -n -c --arg password "$n" --arg tags none '$ARGS.named') + db_password=$(eval echo \$$n"_DB_PASSWORD") + mq_password=$(eval echo \$$n"_BROKER_PASSWORD") + db_password=${db_password:-$n} + mq_password=${mq_password:-$n} + + ## setting passwords and permissions for MQ + body_data=$(jq -n -c --arg password "$mq_password" --arg tags none '$ARGS.named') curl -s -u test:test -X PUT "http://rabbitmq:15672/api/users/$n" -H "content-type:application/json" -d "${body_data}" curl -s -u test:test -X PUT "http://rabbitmq:15672/api/permissions/sda/$n" -H "content-type:application/json" -d '{"configure":"","write":"sda","read":".*"}' - - psql -U postgres -h postgres -d sda -c "ALTER ROLE $n LOGIN PASSWORD '$n';" + ## setting passwords and permissions for DB + psql -U postgres -h postgres -d sda -c "ALTER ROLE $n LOGIN PASSWORD '$db_password';" done # create EC256 key for signing the JWT tokens