From 0936daab27f0bb5182ed9a66f90066bdc0f6a8ff Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sun, 3 Mar 2024 14:13:19 +0100 Subject: [PATCH] local setup procedure improvements --- local-environment/README.md | 27 +++++++++++++++++---------- scripts/setup.py | 11 ++++++++--- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/local-environment/README.md b/local-environment/README.md index bbc18bc..39b13ad 100644 --- a/local-environment/README.md +++ b/local-environment/README.md @@ -17,13 +17,20 @@ Here there are all the needed scripts to orchestrate all the process to configur - docker-compose up - create an .env file like this: ```` - TABLES_SUFFIX=xxx - ACCOUNT_ID=xxxx - VAUTHENTICATOR_BUCKET=xxxx - VAUTHENTICATOR_MANAGEMENT_UI_BUCKET=xxxx - TF_STATE_BUCKET=xxxx - MASTER_KEY=will be available on the aws console or in the terraform resource apply console log + IS_PRODUCITON=False + DYNAMO_DB_ENDPOINT=http://localhost:4566 + KMS_ENDPOINT=http://localhost:4566 + + ACCOUNT_ID=000000000000 + AWS_ACCESS_KEY_ID=xxxx + AWS_SECRET_ACCESS_KEY=xxxx AWS_REGION=xxxx + + TABLES_SUFFIX=_Local_Staging + + VAUTHENTICATOR_BUCKET=vauthenticator-local-dev-document-bucket + VAUTHENTICATOR_MANAGEMENT_UI_BUCKET=vauthenticator-management-ui-local-dev-document-bucket + MASTER_KEY=will be available on the aws console or in the terraform resource apply console log ```` - run the setup.sh ``` @@ -36,9 +43,9 @@ Here there are all the needed scripts to orchestrate all the process to configur - Property name is: `key.master-key: ${MASTER_KEY}` - create the IAM key and set up the required environment variables like below ``` - AWS_ACCESS_KEY_ID=xxxx - AWS_SECRET_ACCESS_KEY=xxxx - AWS_REGION=xxxx + AWS_ACCESS_KEY_ID=it is irrelevant + AWS_SECRET_ACCESS_KEY=it is irrelevant + AWS_REGION=could be whatever aws region you would like to configure.. in local stack all will be local ``` - run the init.sh: After that the init.sh is executed you will have configured. @@ -54,4 +61,4 @@ Here there are all the needed scripts to orchestrate all the process to configur - password: secret -- to reset all the environment use the ```./dispose.sh``` script \ No newline at end of file +- to reset all the environment you can destroy your local compose environment \ No newline at end of file diff --git a/scripts/setup.py b/scripts/setup.py index 2c34b06..a3258ed 100644 --- a/scripts/setup.py +++ b/scripts/setup.py @@ -6,9 +6,12 @@ from dotenv import load_dotenv +def str2bool(v): + return v.lower() in ("True") + load_dotenv(dotenv_path="../local-environment/.env") -isProduction = bool(os.getenv("IS_PRODUCITON")) +isProduction = str2bool(os.getenv("IS_PRODUCITON")) print(isProduction) @@ -53,6 +56,7 @@ def store_account(): "credentialsNonExpired": True, "accountNonLocked": True, "accountNonExpired": True, + "mandatory_action": "NO_ACTION", "authorities": set(["ROLE_USER", "VAUTHENTICATOR_ADMIN"]) }) @@ -73,7 +77,8 @@ def store_sso_client_applications(): table = dynamodb.Table(f"VAuthenticator_ClientApplication{table_suffix}") scopes = set( - ["openid", "profile", "email", "admin:reset-password", "admin:change-password", "admin:key-reader", "admin:key-editor", + ["openid", "profile", "email", "admin:reset-password", "admin:change-password", "admin:key-reader", + "admin:key-editor", "admin:mail-template-reader", "admin:mail-template-writer"]) if isProduction: scopes.add("mfa:always") @@ -83,7 +88,7 @@ def store_sso_client_applications(): "client_secret": pass_encoded(client_secret), "with_pkce": False, "scopes": scopes, - "authorized_grant_types": set(["AUTHORIZATION_CODE"]), + "authorized_grant_types": set(["AUTHORIZATION_CODE", "REFRESH_TOKEN"]), "web_server_redirect_uri": "http://local.management.vauthenticator.com:8080/login/oauth2/code/client", "authorities": set(["ROLE_USER", "VAUTHENTICATOR_ADMIN"]), "access_token_validity": 180,