-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.sh
executable file
·145 lines (129 loc) · 7.08 KB
/
config.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/bin/bash
ACCOUNT=arxiv.1password.com
if [ ! -r .env.localdb ] ; then
PLATFORM=linux/amd64
GCP_PROJECT=arxiv-development
echo DOCKER_NETWORK=host >> .env.localdb
# IRL, this is a secure "password" for encrypting JWT token
JWT_SECRET=jwt-secret
echo JWT_SECRET=$JWT_SECRET >> .env.localdb
# IRL, this is a secure "password" for encrypting tapir cookie
CLASSIC_SESSION_HASH=classic-secret
echo CLASSIC_SESSION_HASH=$CLASSIC_SESSION_HASH >> .env.localdb
echo DOCKER_PLATFORM=$PLATFORM >> .env.localdb
# This is what nginx runs
HTTP_PORT=5100
echo NGINX_PORT=$HTTP_PORT >> .env.localdb
# keycloak and its database
KC_PORT=21501
KC_HOST_PUBLIC=localhost
# would be "keycloak" if the network is NOT host network
KC_HOST_PRIVATE=localhost
echo KC_PORT=$KC_PORT >> .env.localdb
echo KC_HOST_PUBLIC=$KC_HOST_PUBLIC >> .env.localdb
echo KC_HOST_PRIVATE=$KC_HOST_PRIVATE >> .env.localdb
echo KC_URL_PUBLIC=http://$KC_HOST_PUBLIC:$KC_PORT >> .env.localdb
echo KC_URL_PRIVATE=http://$KC_HOST_PRIVATE:$KC_PORT >> .env.localdb
echo KC_DOCKER_TAG=gcr.io/$GCP_PROJECT/arxiv-keycloak/keycloak >> .env.localdb
# kc db
echo KC_DB_HOST_PUBLIC=localhost >> .env.localdb
echo KC_DB_HOST_PRIVATE=auth-db >> .env.localdb
echo KC_DB_PORT=21502 >> .env.localdb
echo KC_DB_USER=keycloak >> .env.localdb
echo KC_DB_PASS=$(op item get wos2wdt56jx2gjmvb4awlxk3ay --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "vlf6422dpbnqhne535fpgg4vqm") | .value') >> .env.localdb
echo KC_ADMIN_PASSWORD=$(op item get bdmmxlepkfsqy5hfgfunpsli2i --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "password") | .value') >> .env.localdb
echo GCP_PROJECT=$GCP_PROJECT >> .env.localdb
echo KC_JDBC_CONNECTION="?ssl=false&sslmode=disable" >> .env.localdb
echo GCP_CRED= >> .env.localdb
echo ARXIV_USER_SECRET=$(op item get bdmmxlepkfsqy5hfgfunpsli2i --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "gxogpm2ztuyfeyvzjrwx4gqogi") | .value') >> .env.localdb
# audit logging to GCP subsub
# keycloak-tapir bridge uses this to update the tapir tables
echo GCP_EVENT_TOPIC_ID=keycloak-arxiv-events >> .env.localdb
echo GCP_ADMIN_EVENT_TOPIC_ID=keycloak-arxiv-events >> .env.localdb
#
# This is the oauth2 handshake (simple http auth secret)
# Don't use this anywhere else since this is in github. Just for testing
# This needs to be set to Keycloak's client.
echo KEYCLOAK_CLIENT_SECRET=f3dc975132f09b27d90f >> .env.localdb
#
# oauth2 client - aka cookie maker
#
AAA_PORT=21503
echo ARXIV_OAUTH2_CLIENT_TAG=gcr.io/$GCP_PROJECT/arxiv-keycloak/arxiv-oauth2-client >> .env.localdb
echo ARXIV_OAUTH2_CLIENT_APP_NAME= arxiv-oauth2-client >> .env.localdb
echo ARXIV_OAUTH2_APP_PORT=$AAA_PORT >> .env.localdb
#
# where aaa is hosted
#
echo AAA_CALLBACK_URL=http://localhost:$HTTP_PORT/aaa/callback >> .env.localdb
echo AAA_LOGIN_REDIRECT_URL=http://localhost:$HTTP_PORT/aaa/login >> .env.localdb
#
# arxiv mysql db
#
# if you are using non-host docker network, this would be "arxiv-db" to match the container name
# Do not use "localhost". It is special cased to use the Unix socket
ARXIV_DB_HOST=127.0.0.1
ARXIV_DB_PORT=21504
echo ARXIV_DB_HOST=${ARXIV_DB_HOST} >> .env.localdb
echo ARXIV_DB_PORT=${ARXIV_DB_PORT} >> .env.localdb
echo CLASSIC_DB_URI="mysql+mysqldb://arxiv:arxiv_password@${ARXIV_DB_HOST}:${ARXIV_DB_PORT}/arXiv?ssl=false&ssl_mode=DISABLED" >> .env.localdb
#
# legacy auth provider
#
LEGACY_AUTH_PORT=21505
echo LEGACY_AUTH_PORT=${LEGACY_AUTH_PORT} >> .env.localdb
# This is the dev-token but for local, use something else
# echo LEGACY_AUTH_API_TOKEN=$(op item get bdmmxlepkfsqy5hfgfunpsli2i --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "rs25xevxhbvy6l2aom7z633rti") | .value') >> .env.localdb
echo LEGACY_AUTH_API_TOKEN=legacy-api-token >> .env.localdb
echo LEGACY_AUTH_DOCKER_TAG=gcr.io/$GCP_PROJECT/arxiv-keycloak/legacy-auth-provider >> .env.localdb
#
# pubsub emulator port
#
PUBSUB_PORT=21507
# You'd need to define
echo PUBSUB_EMULATOR_PORT=${PUBSUB_PORT} >> .env.localdb
echo PUBSUB_EMULATOR_HOST=0.0.0.0:${PUBSUB_PORT} >> .env.localdb
# See https://cloud.google.com/pubsub/docs/emulator
#
# Keycloak to tapir birdge
echo KC_TAPIR_BRIDGE_DOCKER_TAG=gcr.io/$GCP_PROJECT/arxiv-keycloak/kc-tapir-bridge >> .env.localdb
# keycloak-arxiv-events-sub is the default so you don't need for the python code but this is used to create
# for subscription during the pubsub setup.
# see GCP_EVENT_TOPIC_ID, GCP_ADMIN_EVENT_TOPIC_ID
echo KC_TAPIR_BRIDGE_SUBSCRIPTION=keycloak-arxiv-events-sub >> .env.localdb
#
#
echo TESTSITE_TAG=testsite >> .env.localdb
echo TESTSITE_PORT=21509 >> .env.localdb
#
# This is not strictry necessary but here
#
echo ADMIN_API_PORT=21510 >> .env.localdb
echo ADMIN_API_URL=http://localhost:$HTTP_PORT/admin-api >> .env.localdb
echo ADMIN_CONSOLE_PORT=21511 >> .env.localdb
echo ADMIN_CONSOLE_URL=http://localhost:$HTTP_PORT/admin-console >> .env.localdb
fi
if [ ! -r .env.devdb ] ; then
echo KC_DOCKER_TAG=gcr.io/$GCP_PROJECT/keycloak >> .env.devdb
echo KC_DB_HOST_PUBLIC=$(op item get wos2wdt56jx2gjmvb4awlxk3ay --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "fnxbox5ugfkr2ol5wtqbk6wkwq") | .value') >> .env.devdb
echo KC_DB_HOST_PRIVATE=$(op item get wos2wdt56jx2gjmvb4awlxk3ay --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "o4idffxy6bns7nihak4q4lo3xe") | .value') >> .env.devdb
echo KC_DB_USER=keycloak >> .env.devdb
echo KC_DB_PASS=$(op item get wos2wdt56jx2gjmvb4awlxk3ay --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "vlf6422dpbnqhne535fpgg4vqm") | .value') >> .env.devdb
echo KC_ADMIN_PASSWORD=$(op item get bdmmxlepkfsqy5hfgfunpsli2i --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "password") | .value') >> .env.devdb
echo GCP_PROJECT=$GCP_PROJECT >> .env.devdb
echo KC_JDBC_CONNECTION= >> .env.devdb
echo GCP_CRED=$(op item get bdmmxlepkfsqy5hfgfunpsli2i --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "bwh5wxl5lw4yfc3lf53azij4ny") | .value') >> .env.devdb
echo ARXIV_USER_SECRET=$(op item get bdmmxlepkfsqy5hfgfunpsli2i --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "gxogpm2ztuyfeyvzjrwx4gqogi") | .value') >> .env.devdb
echo LEGACY_AUTH_API_TOKEN=$(op item get bdmmxlepkfsqy5hfgfunpsli2i --account arxiv.1password.com --format=json | jq -r '.fields[] | select(.id == "rs25xevxhbvy6l2aom7z633rti") | .value') >> .env.devdb
fi
if [ ! -r .env ] ; then
ln -s .env.localdb .env
fi
if [ x"$KC_DB" = x"" ] ; then
KC_DB=localdb
fi
if [ -z $1 ] ; then
cat .env.$KC_DB
else
gawk -F = -e "/^$1=/ {print substr(\$0,length(\" $1=\"),999)}" .env.$KC_DB
fi