TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-11 21:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

finish

Browse Source
This commit is contained in:
Elio Bischof
2023-05-19 19:34:07 +02:00
parent a8f32f226e
commit c98201f3cf
2 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
acceptance/docker-compose.yaml
View File

@@ -34,13 +34,16 @@ services:
- zitadel
setup:
user: '$UID'
container_name: setup
build: .
environment:
KEY: /key/zitadel-admin-sa.json
SERVICE: http://zitadel:8080
WRITE_ENVIRONMENT_FILE: /apps/login/.env.local
volumes:
- "./machinekey:/key"
- "../apps/login:/apps/login"
depends_on:
wait_for_zitadel:
condition: 'service_completed_successfully'

43
acceptance/setup.sh
View File

@@ -2,20 +2,24 @@
set -ex
# The path to the instance admin service account
KEY=${KEY:-./machinekey/zitadel-admin-sa.json}
# The audience for which the key is used
echo "Using key path ${KEY} to the instance admin service account."
AUDIENCE=${AUDIENCE:-http://localhost:8080}
# The Service can differ from the audience, for example in docker compose (http://zitadel:8080)
echo "Using audience ${AUDIENCE} for which the key is used."
SERVICE=${SERVICE:-$AUDIENCE}
echo "Using the service ${SERVICE} to connect to ZITADEL. For example in docker compose this can differ from the audience."
WRITE_ENVIRONMENT_FILE=${WRITE_ENVIRONMENT_FILE:-$(dirname "$0")/../apps/login/.env.local}
echo "Writing environment file to ${WRITE_ENVIRONMENT_FILE} when done."
# Defer the Host header sent in requests that ZITADEL maps to an instance from the JWT audience
AUDIENCE_HOST="$(echo $AUDIENCE | cut -d/ -f3)"
echo "Deferred the Host header ${AUDIENCE_HOST} which will be sent in requests that ZITADEL then maps to a virtual instance"
# Create JWT from Admin SA KEY
JWT=$(zitadel-tools key2jwt --key ${KEY} --audience ${AUDIENCE})
echo "Created JWT from Admin service account key ${JWT}"
# Get Token
TOKEN_RESPONSE=$(curl --request POST \
--url ${SERVICE}/oauth/v2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
@@ -23,20 +27,25 @@ TOKEN_RESPONSE=$(curl --request POST \
--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
--data scope='openid profile email urn:zitadel:iam:org:project:id:zitadel:aud' \
--data assertion="${JWT}")
echo "Got response from token endpoint:"
echo "${TOKEN_RESPONSE}" | jq
# Extract Token
TOKEN=$(echo -n ${TOKEN_RESPONSE} | jq -r '.access_token')
echo "Extracted access token ${TOKEN}"
# Verify authentication
curl --request POST \
--url ${SERVICE}/oidc/v1/userinfo \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header "Authorization: Bearer ${TOKEN}" \
--header "Host: ${AUDIENCE_HOST}"
# Get default org
curl --request GET \
ORG_RESPONSE=$(curl --request GET \
--url ${SERVICE}/admin/v1/orgs/default \
--header 'Accept: application/json' \
--header "Authorization: Bearer ${TOKEN}" \
--header "Host: ${AUDIENCE_HOST}"
--header "Host: ${AUDIENCE_HOST}")
echo "Got default org response:"
echo "${ORG_RESPONSE}" | jq
ORG_ID=$(echo -n ${ORG_RESPONSE} | jq -r '.org.id')
echo "Extracted default org id ${ORG_ID}"
echo "ZITADEL_API_URL=${AUDIENCE}
ZITADEL_ORG_ID=${ORG_ID}
ZITADEL_SERVICE_USER_TOKEN=${TOKEN}" > ${WRITE_ENVIRONMENT_FILE}
echo "Wrote environment file ${WRITE_ENVIRONMENT_FILE}"
cat ${WRITE_ENVIRONMENT_FILE}