TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-10 22:22:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

simplify setup

Browse Source
This commit is contained in:
Elio Bischof
2024-10-16 20:55:37 +02:00
parent 4cb17953b0
commit cb8f071729
7 changed files with 38 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
acceptance/Dockerfile
View File

@@ -1,6 +1,5 @@
FROM golang:1.19-alpine FROM golang:1.19-alpine
RUN apk add curl jq RUN apk add curl jq
RUN go install github.com/zitadel/zitadel-tools@v0.4.0
COPY setup.sh /setup.sh COPY setup.sh /setup.sh
RUN chmod +x /setup.sh RUN chmod +x /setup.sh
ENTRYPOINT [ "/setup.sh" ] ENTRYPOINT [ "/setup.sh" ]

8
acceptance/docker-compose.yaml
View File

@@ -6,7 +6,7 @@ services:
ports: ports:
- "8080:8080" - "8080:8080"
volumes: volumes:
- ./machinekey:/machinekey - ./pat:/pat
- ./zitadel.yaml:/zitadel.yaml - ./zitadel.yaml:/zitadel.yaml
depends_on: depends_on:
db: db:
@@ -46,11 +46,11 @@ services:
container_name: setup container_name: setup
build: . build: .
environment: environment:
KEY: /key/zitadel-admin-sa.json PAT_FILE: /pat/zitadel-admin-sa.pat
SERVICE: http://zitadel:8080 ZITADEL_API_INTERNAL_URL: http://zitadel:8080
WRITE_ENVIRONMENT_FILE: /apps/login/.env.local WRITE_ENVIRONMENT_FILE: /apps/login/.env.local
volumes: volumes:
- "./machinekey:/key" - "./pat:/pat"
- "../apps/login:/apps/login" - "../apps/login:/apps/login"
depends_on: depends_on:
wait_for_zitadel: wait_for_zitadel:

0
acceptance/machinekey/.gitignore → acceptance/pat/.gitignore vendored
View File

0
acceptance/machinekey/.gitkeep → acceptance/pat/.gitkeep
View File

1
acceptance/pat/zitadel-admin-sa.pat Normal file
View File

@@ -0,0 +1 @@
fEJWwOJ3lFAn-COq0QxdXz_xCGrmp8Kj2l4i-xGWbh1UM2OtNwNz3_MblwOf_Lsd13B8ORk

137
acceptance/setup.sh
View File

@@ -1,125 +1,34 @@
#!/bin/sh #!/bin/sh
set -e set -ex
KEY=${KEY:-./machinekey/zitadel-admin-sa.json} PAT_FILE=${PAT_FILE:-./pat/zitadel-admin-sa.pat}
echo "Using key path ${KEY} to the instance admin service account." ZITADEL_API_PROTOCOL="${ZITADEL_API_PROTOCOL:-http}"
ZITADEL_API_DOMAIN="${ZITADEL_API_DOMAIN:-localhost}"
ZITADEL_API_PORT="${ZITADEL_API_PORT:-8080}"
ZITADEL_API_URL="${ZITADEL_API_URL:-${ZITADEL_API_PROTOCOL}://${ZITADEL_API_DOMAIN}:${ZITADEL_API_PORT}}"
ZITADEL_API_INTERNAL_URL="${ZITADEL_API_INTERNAL_URL:-${ZITADEL_API_URL}}"
AUDIENCE=${AUDIENCE:-http://localhost:8080} if [ -z "${PAT}" ]; then
echo "Using audience ${AUDIENCE} for which the key is used." echo "Reading PAT from file ${PAT_FILE}"
PAT=$(cat ${PAT_FILE})
fi
SERVICE=${SERVICE:-$AUDIENCE} if [ -z "${ZITADEL_SERVICE_USER_ID}" ]; then
echo "Using the service ${SERVICE} to connect to ZITADEL. For example in docker compose this can differ from the audience." echo "Reading ZITADEL_SERVICE_USER_ID from userinfo endpoint"
USERINFO_RESPONSE=$(curl -s --request POST \
--url "${ZITADEL_API_INTERNAL_URL}/oidc/v1/userinfo" \
--header "Authorization: Bearer ${PAT}" \
--header "Host: ${ZITADEL_API_DOMAIN}")
echo "Received userinfo response: ${USERINFO_RESPONSE}"
ZITADEL_SERVICE_USER_ID=$(echo "${USERINFO_RESPONSE}" | jq --raw-output '.sub')
fi
WRITE_ENVIRONMENT_FILE=${WRITE_ENVIRONMENT_FILE:-$(dirname "$0")/../apps/login/.env.local} WRITE_ENVIRONMENT_FILE=${WRITE_ENVIRONMENT_FILE:-$(dirname "$0")/../apps/login/.env.local}
echo "Writing environment file to ${WRITE_ENVIRONMENT_FILE} when done." echo "Writing environment file to ${WRITE_ENVIRONMENT_FILE} when done."
AUDIENCE_HOST="$(echo $AUDIENCE | cut -d/ -f3)" echo "ZITADEL_API_URL=${ZITADEL_API_URL}
echo "Deferred the Host header ${AUDIENCE_HOST} which will be sent in requests that ZITADEL then maps to a virtual instance" ZITADEL_SERVICE_USER_ID=${ZITADEL_SERVICE_USER_ID}
ZITADEL_SERVICE_USER_TOKEN=${PAT}" > ${WRITE_ENVIRONMENT_FILE}
JWT=$(zitadel-tools key2jwt --key ${KEY} --audience ${AUDIENCE})
echo "Created JWT from Admin service account key ${JWT}"
TOKEN_RESPONSE=$(curl -s --request POST \
--url ${SERVICE}/oauth/v2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header "Host: ${AUDIENCE_HOST}" \
--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
--data scope='openid profile email urn:zitadel:iam:org:project:id:zitadel:aud' \
--data assertion="${JWT}")
echo "Got response from token endpoint:"
echo "${TOKEN_RESPONSE}" | jq
TOKEN=$(echo -n ${TOKEN_RESPONSE} | jq --raw-output '.access_token')
echo "Extracted access token ${TOKEN}"
ORG_RESPONSE=$(curl -s --request GET \
--url ${SERVICE}/admin/v1/orgs/default \
--header 'Accept: application/json' \
--header "Authorization: Bearer ${TOKEN}" \
--header "Host: ${AUDIENCE_HOST}")
echo "Got default org response:"
echo "${ORG_RESPONSE}" | jq
ORG_ID=$(echo -n ${ORG_RESPONSE} | jq --raw-output '.org.id')
echo "Extracted default org id ${ORG_ID}"
echo "ZITADEL_API_URL=${AUDIENCE}
ZITADEL_ORG_ID=${ORG_ID}
ZITADEL_SERVICE_USER_TOKEN=${TOKEN}" > ${WRITE_ENVIRONMENT_FILE}
echo "Wrote environment file ${WRITE_ENVIRONMENT_FILE}" echo "Wrote environment file ${WRITE_ENVIRONMENT_FILE}"
cat ${WRITE_ENVIRONMENT_FILE} cat ${WRITE_ENVIRONMENT_FILE}
if ! grep -q 'localhost' ${WRITE_ENVIRONMENT_FILE}; then
echo "Not developing against localhost, so creating a human user might not be necessary"
exit 0
fi
HUMAN_USER_USERNAME="zitadel-admin@zitadel.localhost"
HUMAN_USER_PASSWORD="Password1!"
HUMAN_USER_PAYLOAD=$(cat << EOM
{
"userName": "${HUMAN_USER_USERNAME}",
"profile": {
"firstName": "ZITADEL",
"lastName": "Admin",
"displayName": "ZITADEL Admin",
"preferredLanguage": "en"
},
"email": {
"email": "zitadel-admin@zitadel.localhost",
"isEmailVerified": true
},
"password": "${HUMAN_USER_PASSWORD}",
"passwordChangeRequired": false
}
EOM
)
echo "Creating human user"
echo "${HUMAN_USER_PAYLOAD}" | jq
HUMAN_USER_RESPONSE=$(curl -s --request POST \
--url ${SERVICE}/management/v1/users/human/_import \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header "Authorization: Bearer ${TOKEN}" \
--header "Host: ${AUDIENCE_HOST}" \
--data-raw "${HUMAN_USER_PAYLOAD}")
echo "Create human user response"
echo "${HUMAN_USER_RESPONSE}" | jq
if [ "$(echo -n "${HUMAN_USER_RESPONSE}" | jq --raw-output '.code')" == "6" ]; then
echo "admin user already exists"
exit 0
fi
HUMAN_USER_ID=$(echo -n ${HUMAN_USER_RESPONSE} | jq --raw-output '.userId')
echo "Extracted human user id ${HUMAN_USER_ID}"
HUMAN_ADMIN_PAYLOAD=$(cat << EOM
{
"userId": "${HUMAN_USER_ID}",
"roles": [
"IAM_OWNER"
]
}
EOM
)
echo "Granting iam owner to human user"
echo "${HUMAN_ADMIN_PAYLOAD}" | jq
HUMAN_ADMIN_RESPONSE=$(curl -s --request POST \
--url ${SERVICE}/admin/v1/members \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header "Authorization: Bearer ${TOKEN}" \
--header "Host: ${AUDIENCE_HOST}" \
--data-raw "${HUMAN_ADMIN_PAYLOAD}")
echo "Grant iam owner to human user response"
echo "${HUMAN_ADMIN_RESPONSE}" | jq
echo "You can now log in at ${AUDIENCE}/ui/login"
echo "username: ${HUMAN_USER_USERNAME}"
echo "password: ${HUMAN_USER_PASSWORD}"

13
acceptance/zitadel.yaml
View File

@@ -1,12 +1,19 @@
FirstInstance: FirstInstance:
MachineKeyPath: /machinekey/zitadel-admin-sa.json PatPath: /pat/zitadel-admin-sa.pat
Org: Org:
Human:
UserName: zitadel-admin
FirstName: ZITADEL
LastName: Admin
Password: Password1!
PasswordChangeRequired: true
PreferredLanguage: en
Machine: Machine:
Machine: Machine:
Username: zitadel-admin-sa Username: zitadel-admin-sa
Name: Admin Name: Admin
MachineKey: Pat:
Type: 1 ExpirationDate: 2099-01-01T00:00:00Z
Database: Database:
EventPushConnRatio: 0.2 # 4 EventPushConnRatio: 0.2 # 4