finish

acceptance/docker-compose.yaml

@@ -34,13 +34,16 @@ services:
       - zitadel
 
   setup:
+    user: '$UID'
     container_name: setup
     build: .
     environment:
       KEY: /key/zitadel-admin-sa.json
       SERVICE: http://zitadel:8080
+      WRITE_ENVIRONMENT_FILE: /apps/login/.env.local
     volumes:
     - "./machinekey:/key"
+    - "../apps/login:/apps/login"
     depends_on:
       wait_for_zitadel:
         condition: 'service_completed_successfully'

acceptance/setup.sh

@@ -2,20 +2,24 @@
 
 set -ex
 
-# The path to the instance admin service account
 KEY=${KEY:-./machinekey/zitadel-admin-sa.json}
-# The audience for which the key is used
+echo "Using key path ${KEY} to the instance admin service account."
+
 AUDIENCE=${AUDIENCE:-http://localhost:8080}
-# The Service can differ from the audience, for example in docker compose (http://zitadel:8080)
+echo "Using audience ${AUDIENCE} for which the key is used."
+
 SERVICE=${SERVICE:-$AUDIENCE}
+echo "Using the service ${SERVICE} to connect to ZITADEL. For example in docker compose this can differ from the audience."
+
+WRITE_ENVIRONMENT_FILE=${WRITE_ENVIRONMENT_FILE:-$(dirname "$0")/../apps/login/.env.local}
+echo "Writing environment file to ${WRITE_ENVIRONMENT_FILE} when done."
 
-# Defer the Host header sent in requests that ZITADEL maps to an instance from the JWT audience
 AUDIENCE_HOST="$(echo $AUDIENCE | cut -d/ -f3)"
+echo "Deferred the Host header ${AUDIENCE_HOST} which will be sent in requests that ZITADEL then maps to a virtual instance"
 
-# Create JWT from Admin SA KEY
 JWT=$(zitadel-tools key2jwt --key ${KEY} --audience ${AUDIENCE})
+echo "Created JWT from Admin service account key ${JWT}"
 
-# Get Token
 TOKEN_RESPONSE=$(curl --request POST \
   --url ${SERVICE}/oauth/v2/token \
   --header 'Content-Type: application/x-www-form-urlencoded' \
@@ -23,20 +27,25 @@ TOKEN_RESPONSE=$(curl --request POST \
   --data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
   --data scope='openid profile email urn:zitadel:iam:org:project:id:zitadel:aud' \
   --data assertion="${JWT}")
+echo "Got response from token endpoint:"
+echo "${TOKEN_RESPONSE}" | jq
 
-# Extract Token
 TOKEN=$(echo -n ${TOKEN_RESPONSE} | jq -r '.access_token')
+echo "Extracted access token ${TOKEN}"
 
-# Verify authentication
+ORG_RESPONSE=$(curl --request GET \
-curl --request POST \
-  --url ${SERVICE}/oidc/v1/userinfo \
-  --header 'Content-Type: application/x-www-form-urlencoded' \
-  --header "Authorization: Bearer ${TOKEN}" \
-  --header "Host: ${AUDIENCE_HOST}"
-
-# Get default org
-curl --request GET \
   --url ${SERVICE}/admin/v1/orgs/default \
   --header 'Accept: application/json' \
   --header "Authorization: Bearer ${TOKEN}" \
-  --header "Host: ${AUDIENCE_HOST}"
+  --header "Host: ${AUDIENCE_HOST}")
+echo "Got default org response:"
+echo "${ORG_RESPONSE}" | jq
+
+ORG_ID=$(echo -n ${ORG_RESPONSE} | jq -r '.org.id')
+echo "Extracted default org id ${ORG_ID}"
+
+echo "ZITADEL_API_URL=${AUDIENCE}
+ZITADEL_ORG_ID=${ORG_ID}
+ZITADEL_SERVICE_USER_TOKEN=${TOKEN}" > ${WRITE_ENVIRONMENT_FILE}
+echo "Wrote environment file ${WRITE_ENVIRONMENT_FILE}"
+cat ${WRITE_ENVIRONMENT_FILE}