2023-05-19 16:20:01 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
2023-05-19 19:46:10 +02:00
|
|
|
set -e
|
2023-05-19 16:20:01 +02:00
|
|
|
|
|
|
|
|
KEY=${KEY:-./machinekey/zitadel-admin-sa.json}
|
2023-05-19 19:34:07 +02:00
|
|
|
echo "Using key path ${KEY} to the instance admin service account."
|
|
|
|
|
|
2023-05-19 16:20:01 +02:00
|
|
|
AUDIENCE=${AUDIENCE:-http://localhost:8080}
|
2023-05-19 19:34:07 +02:00
|
|
|
echo "Using audience ${AUDIENCE} for which the key is used."
|
|
|
|
|
|
2023-05-19 16:20:01 +02:00
|
|
|
SERVICE=${SERVICE:-$AUDIENCE}
|
2023-05-19 19:34:07 +02:00
|
|
|
echo "Using the service ${SERVICE} to connect to ZITADEL. For example in docker compose this can differ from the audience."
|
|
|
|
|
|
|
|
|
|
WRITE_ENVIRONMENT_FILE=${WRITE_ENVIRONMENT_FILE:-$(dirname "$0")/../apps/login/.env.local}
|
|
|
|
|
echo "Writing environment file to ${WRITE_ENVIRONMENT_FILE} when done."
|
2023-05-19 16:20:01 +02:00
|
|
|
|
|
|
|
|
AUDIENCE_HOST="$(echo $AUDIENCE | cut -d/ -f3)"
|
2023-05-19 19:34:07 +02:00
|
|
|
echo "Deferred the Host header ${AUDIENCE_HOST} which will be sent in requests that ZITADEL then maps to a virtual instance"
|
2023-05-19 16:20:01 +02:00
|
|
|
|
|
|
|
|
JWT=$(zitadel-tools key2jwt --key ${KEY} --audience ${AUDIENCE})
|
2023-05-19 19:34:07 +02:00
|
|
|
echo "Created JWT from Admin service account key ${JWT}"
|
2023-05-19 16:20:01 +02:00
|
|
|
|
2023-05-19 19:46:10 +02:00
|
|
|
TOKEN_RESPONSE=$(curl -s --request POST \
|
2023-05-19 16:20:01 +02:00
|
|
|
--url ${SERVICE}/oauth/v2/token \
|
|
|
|
|
--header 'Content-Type: application/x-www-form-urlencoded' \
|
|
|
|
|
--header "Host: ${AUDIENCE_HOST}" \
|
|
|
|
|
--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
|
2023-05-19 17:57:16 +02:00
|
|
|
--data scope='openid profile email urn:zitadel:iam:org:project:id:zitadel:aud' \
|
2023-05-19 16:20:01 +02:00
|
|
|
--data assertion="${JWT}")
|
2023-05-19 19:34:07 +02:00
|
|
|
echo "Got response from token endpoint:"
|
|
|
|
|
echo "${TOKEN_RESPONSE}" | jq
|
2023-05-19 16:20:01 +02:00
|
|
|
|
|
|
|
|
TOKEN=$(echo -n ${TOKEN_RESPONSE} | jq -r '.access_token')
|
2023-05-19 19:34:07 +02:00
|
|
|
echo "Extracted access token ${TOKEN}"
|
2023-05-19 16:20:01 +02:00
|
|
|
|
2023-05-19 19:46:10 +02:00
|
|
|
ORG_RESPONSE=$(curl -s --request GET \
|
2023-05-19 16:20:01 +02:00
|
|
|
--url ${SERVICE}/admin/v1/orgs/default \
|
|
|
|
|
--header 'Accept: application/json' \
|
|
|
|
|
--header "Authorization: Bearer ${TOKEN}" \
|
2023-05-19 19:34:07 +02:00
|
|
|
--header "Host: ${AUDIENCE_HOST}")
|
|
|
|
|
echo "Got default org response:"
|
|
|
|
|
echo "${ORG_RESPONSE}" | jq
|
|
|
|
|
|
|
|
|
|
ORG_ID=$(echo -n ${ORG_RESPONSE} | jq -r '.org.id')
|
|
|
|
|
echo "Extracted default org id ${ORG_ID}"
|
|
|
|
|
|
2023-05-23 18:40:58 +02:00
|
|
|
ENVIRONMENT_BACKUP_FILE=${WRITE_ENVIRONMENT_FILE}
|
|
|
|
|
# If the original file already exists, rename it
|
|
|
|
|
if [[ -e ${WRITE_ENVIRONMENT_FILE} ]]; then
|
|
|
|
|
if grep -q 'localhost' ${WRITE_ENVIRONMENT_FILE}; then
|
|
|
|
|
echo "Current environment file ${WRITE_ENVIRONMENT_FILE} contains localhost. Overwriting:"
|
|
|
|
|
cat ${WRITE_ENVIRONMENT_FILE}
|
|
|
|
|
else
|
|
|
|
|
i=0
|
|
|
|
|
# If a backup file already exists, increment counter until a free filename is found
|
|
|
|
|
while [[ -e ${ENVIRONMENT_BACKUP_FILE}.${i}.bak ]]; do
|
|
|
|
|
let "i++"
|
|
|
|
|
if [[ ${i} -eq 50 ]]; then
|
|
|
|
|
echo "Warning: Too many backup files (limit is 50), overwriting ${ENVIRONMENT_BACKUP_FILE}.${i}.bak"
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
mv ${WRITE_ENVIRONMENT_FILE} ${ENVIRONMENT_BACKUP_FILE}.${i}.bak
|
|
|
|
|
echo "Renamed existing environment file to ${ENVIRONMENT_BACKUP_FILE}.${i}.bak"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2023-05-19 19:34:07 +02:00
|
|
|
echo "ZITADEL_API_URL=${AUDIENCE}
|
|
|
|
|
ZITADEL_ORG_ID=${ORG_ID}
|
|
|
|
|
ZITADEL_SERVICE_USER_TOKEN=${TOKEN}" > ${WRITE_ENVIRONMENT_FILE}
|
|
|
|
|
echo "Wrote environment file ${WRITE_ENVIRONMENT_FILE}"
|
|
|
|
|
cat ${WRITE_ENVIRONMENT_FILE}
|
