From 1f9969b45de5e1306ff29b78fabfb5f67912006f Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Tue, 17 Dec 2024 10:48:46 +0100 Subject: [PATCH] local tenant init job actuator endpoint and legacy py script clean up --- docs/tenant-setup.md | 5 + local-environment/local-initializer/build.sh | 4 - local-environment/local-initializer/init.sh | 19 -- local-environment/local-initializer/setup.py | 248 ------------------ local-environment/request.http | 4 + .../server/init/PermissionSetUpJob.kt | 4 - .../server/management/ManagementConfig.kt | 73 ++++++ .../{ => cleanup}/DatabaseTtlEntryCleanJob.kt | 16 +- .../DatabaseTtlEntryCleanJobEndPoint.kt | 2 +- .../{ => management}/init/AccountSetUpJob.kt | 10 +- .../init/ClientApplicationSetUpJob.kt | 10 +- .../init/KeySetUpJob.kt} | 17 +- .../management/init/TenantSetUpEndPoint.kt | 24 ++ .../DatabaseTtlEntryCleanJobTest.kt | 2 +- tenant-installer.Dockerfile | 2 +- 15 files changed, 122 insertions(+), 318 deletions(-) create mode 100644 docs/tenant-setup.md delete mode 100644 local-environment/local-initializer/build.sh delete mode 100755 local-environment/local-initializer/init.sh delete mode 100644 local-environment/local-initializer/setup.py delete mode 100644 src/main/kotlin/com/vauthenticator/server/init/PermissionSetUpJob.kt create mode 100644 src/main/kotlin/com/vauthenticator/server/management/ManagementConfig.kt rename src/main/kotlin/com/vauthenticator/server/management/{ => cleanup}/DatabaseTtlEntryCleanJob.kt (77%) rename src/main/kotlin/com/vauthenticator/server/management/{ => cleanup}/DatabaseTtlEntryCleanJobEndPoint.kt (90%) rename src/main/kotlin/com/vauthenticator/server/{ => management}/init/AccountSetUpJob.kt (85%) rename src/main/kotlin/com/vauthenticator/server/{ => management}/init/ClientApplicationSetUpJob.kt (89%) rename src/main/kotlin/com/vauthenticator/server/{init/keySetUpJob.kt => management/init/KeySetUpJob.kt} (62%) create mode 100644 src/main/kotlin/com/vauthenticator/server/management/init/TenantSetUpEndPoint.kt rename src/test/kotlin/com/vauthenticator/server/management/{ => cleanup}/DatabaseTtlEntryCleanJobTest.kt (97%) diff --git a/docs/tenant-setup.md b/docs/tenant-setup.md new file mode 100644 index 00000000..5c13964d --- /dev/null +++ b/docs/tenant-setup.md @@ -0,0 +1,5 @@ +# Tenant Setup + +## Abstract + +## How to diff --git a/local-environment/local-initializer/build.sh b/local-environment/local-initializer/build.sh deleted file mode 100644 index e71cfbb2..00000000 --- a/local-environment/local-initializer/build.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -./setup.sh -./init.sh \ No newline at end of file diff --git a/local-environment/local-initializer/init.sh b/local-environment/local-initializer/init.sh deleted file mode 100755 index 265d3e00..00000000 --- a/local-environment/local-initializer/init.sh +++ /dev/null @@ -1,19 +0,0 @@ -export $(cat env) - -MASTER_KEY=$(grep target_key_id ../local-tenant-iac/resources/terraform.tfstate | awk -F ":" '{print $2}'| sed "s/\"//g" | sed 's/ //g') -export MASTER_KEY=$MASTER_KEY -echo "MASTER_KEY=$MASTER_KEY" - -pip3 install -r requirements.txt - -echo "MASTER_KEY: $MASTER_KEY" -echo "TABLES_SUFFIX: $TABLES_SUFFIX" - -echo "KMS_ENDPOINT: $KMS_ENDPOINT" -echo "DYNAMO_DB_ENDPOINT: $DYNAMO_DB_ENDPOINT" - -python3 setup.py admin@email.com $TABLES_SUFFIX $MASTER_KEY host.docker.internal - -aws iam create-access-key --user-name vauthenticator-local-dev --endpoint http://host.docker.internal:4566 > user-access-key.json -echo "Local User IAM VAuthenticator AccessKeyId: "$(cat user-access-key.json | jq -r .AccessKey.AccessKeyId) -echo "Local User IAM VAuthenticator SecretAccessKey: "$(cat user-access-key.json | jq -r .AccessKey.SecretAccessKey) \ No newline at end of file diff --git a/local-environment/local-initializer/setup.py b/local-environment/local-initializer/setup.py deleted file mode 100644 index fa43d650..00000000 --- a/local-environment/local-initializer/setup.py +++ /dev/null @@ -1,248 +0,0 @@ -import bcrypt -import boto3 -import os -import sys -import uuid -import psycopg2 -import base64 -from dotenv import load_dotenv - - -def str2bool(v): - return v.lower() in ("True") - - -load_dotenv(dotenv_path="env") - -isProduction = str2bool(os.getenv("IS_PRODUCITON")) -print(isProduction) - - -def dynamodbClient(): - dynamodb_endpoint = os.getenv('DYNAMO_DB_ENDPOINT') - if dynamodb_endpoint is None: - client = boto3.resource('dynamodb') - else: - client = boto3.resource('dynamodb', endpoint_url=dynamodb_endpoint) - return client - - -def kmsClient(): - kms_endpoint = os.getenv('KMS_ENDPOINT') - if kms_endpoint is None: - client = boto3.client("kms") - else: - client = boto3.client('kms', endpoint_url=kms_endpoint) - return client - - -dynamodb = dynamodbClient() -kms_client = kmsClient() - - -def create_schema(): - with open("./schema.sql", "r") as file: - cur.execute(file.read()) - conn.commit() - - -def store_account(): - password = str(uuid.uuid4()) if isProduction else "secret" - print(f'default user password: {password}') - encodedPassword = pass_encoded(password) - table = dynamodb.Table(f"VAuthenticator_Account{table_suffix}") - table.put_item(Item={ - "user_name": user_name, - "password": encodedPassword, - "phone": "", - "birthDate": "", - "locale": "en", - "firstName": "Admin", - "lastName": "", - "email": user_name, - "emailVerified": True, - "enabled": True, - "credentialsNonExpired": True, - "accountNonLocked": True, - "accountNonExpired": True, - "mandatory_action": "NO_ACTION", - "authorities": set(["ROLE_USER", "VAUTHENTICATOR_ADMIN"]) - }) - cur.execute(f""" - INSERT INTO Account ( - account_non_expired, - account_non_locked, - credentials_non_expired, - enabled, - username, - password, - email, - email_verified, - first_name, - last_name, - birth_date, - phone, - locale, - mandatory_action - ) VALUES (True,True,True,True, - '{user_name}','{encodedPassword}','{user_name}',True,'Admin','',null,'','en','NO_ACTION') - """) - cur.execute(f"INSERT INTO ACCOUNT_ROLE (account_username, role_name) VALUES ('{user_name}','ROLE_USER')") - cur.execute(f"INSERT INTO ACCOUNT_ROLE (account_username, role_name) VALUES ('{user_name}','VAUTHENTICATOR_ADMIN')") - conn.commit() - - -def store_roles(): - table = dynamodb.Table(f"VAuthenticator_Role{table_suffix}") - table.put_item(Item={"role_name": "ROLE_USER", "description": "Generic user role"}) - table.put_item(Item={"role_name": "VAUTHENTICATOR_ADMIN", "description": "VAuthenticator admin role"}) - - cur.execute("INSERT INTO Role (name,description) VALUES ('ROLE_USER','Generic user role') ") - cur.execute("INSERT INTO Role (name,description) VALUES ('VAUTHENTICATOR_ADMIN','VAuthenticator admin role') ") - conn.commit() - - -def store_sso_client_applications(): - client_id = str(uuid.uuid4()) if isProduction else "vauthenticator-management-ui" - print(f'client id: {client_id}') - - client_secret = str(uuid.uuid4()) if isProduction else "secret" - print(f'client secret: {client_secret}') - print(f'client_id={client_id}&client_secret={client_secret}') - - table = dynamodb.Table(f"VAuthenticator_ClientApplication{table_suffix}") - scopes = set( - ["openid", "profile", "email", "admin:reset-password", "admin:change-password", "admin:key-reader", - "admin:key-editor", - "admin:email-template-reader", "admin:email-template-writer"]) - - if isProduction: - scopes.add("mfa:always") - - table.put_item(Item={ - "client_id": client_id, - "client_secret": pass_encoded(client_secret), - "with_pkce": False, - "scopes": scopes, - "authorized_grant_types": set(["AUTHORIZATION_CODE", "REFRESH_TOKEN"]), - "web_server_redirect_uri": "http://local.management.vauthenticator.com:8080/login/oauth2/code/client", - "access_token_validity": 180, - "refresh_token_validity": 3600, - "auto_approve": True, - "post_logout_redirect_uris": "http://local.management.vauthenticator.com:8080/secure/admin/index", - "logout_uris": "http://local.management.vauthenticator.com:8080/logout", - }) - serialized_scopes = ','.join(scopes) - cur.execute( - f"INSERT INTO CLIENT_APPLICATION (client_app_id, secret,scopes,with_pkce,authorized_grant_types,web_server_redirect_uri,access_token_validity,refresh_token_validity,auto_approve,post_logout_redirect_uri,logout_uri) VALUES ('{client_id}','{pass_encoded(client_secret)}', '{serialized_scopes}',false,'AUTHORIZATION_CODE,REFRESH_TOKEN','http://local.management.vauthenticator.com:8080/login/oauth2/code/client','180','3600','true','http://local.management.vauthenticator.com:8080/secure/admin/index','http://local.management.vauthenticator.com:8080/logout')" - ) - - serialized_client_id = f"mfa-{client_id}" - - scopes.add("mfa:always") - table.put_item(Item={ - "client_id": f"mfa-{client_id}", - "client_secret": pass_encoded(client_secret), - "with_pkce": False, - "scopes": scopes, - "authorized_grant_types": set(["AUTHORIZATION_CODE", "REFRESH_TOKEN"]), - "web_server_redirect_uri": "http://local.management.vauthenticator.com:8080/login/oauth2/code/client", - "access_token_validity": 180, - "refresh_token_validity": 3600, - "auto_approve": True, - "post_logout_redirect_uris": "http://local.management.vauthenticator.com:8080/secure/admin/index", - "logout_uris": "http://local.management.vauthenticator.com:8080/logout", - }) - serialized_scopes = ','.join(scopes) - cur.execute( - f"INSERT INTO CLIENT_APPLICATION (client_app_id, secret,scopes,with_pkce,authorized_grant_types,web_server_redirect_uri,access_token_validity,refresh_token_validity,auto_approve,post_logout_redirect_uri,logout_uri) VALUES ('{serialized_client_id}','{pass_encoded(client_secret)}','{serialized_scopes}',false,'AUTHORIZATION_CODE,REFRESH_TOKEN','http://local.management.vauthenticator.com:8080/login/oauth2/code/client','180','3600','true','http://local.management.vauthenticator.com:8080/secure/admin/index','http://local.management.vauthenticator.com:8080/logout')" - ) - conn.commit() - - -def store_client_applications(): - client_id = str(uuid.uuid4()) if isProduction else "admin" - print(f'client id: {client_id}') - - client_secret = str(uuid.uuid4()) if isProduction else "secret" - print(f'client secret: {client_secret}') - print(f'client_id={client_id}&client_secret={client_secret}') - - table = dynamodb.Table(f"VAuthenticator_ClientApplication{table_suffix}") - scopes = set( - ["openid", "profile", "email", "admin:signup", "admin:welcome", "admin:email-verify", "admin:reset-password", - "admin:change-password", "admin:key-reader", "admin:key-editor", "admin:client-app-reader", - "admin:client-app-writer", "admin:client-app-eraser", "admin:email-template-reader", - "admin:email-template-writer", "mfa:always"]) - table.put_item(Item={ - "client_id": client_id, - "client_secret": pass_encoded(client_secret), - "with_pkce": False, - "scopes": scopes, - "authorized_grant_types": set(["CLIENT_CREDENTIALS"]), - "web_server_redirect_uri": "", - "access_token_validity": 180, - "refresh_token_validity": 3600, - "auto_approve": True, - "post_logout_redirect_uris": "", - "logout_uris": "", - }) - serialized_scopes = ','.join(scopes) - cur.execute( - f"INSERT INTO CLIENT_APPLICATION (client_app_id, secret,scopes,with_pkce,authorized_grant_types,web_server_redirect_uri,access_token_validity,refresh_token_validity,auto_approve,post_logout_redirect_uri,logout_uri) VALUES ('{client_id}','{pass_encoded(client_secret)}','{serialized_scopes}',false,'CLIENT_CREDENTIALS','http://local.management.vauthenticator.com:8080/login/oauth2/code/client','180','3600','true','http://local.management.vauthenticator.com:8080/secure/admin/index','http://local.management.vauthenticator.com:8080/logout')" - ) - conn.commit() - - -def store_key(): - key_table_name=f'VAuthenticator_Signature_Keys{table_suffix}' - key_pair = kms_client.generate_data_key_pair(KeyId=input_master_key, KeyPairSpec='RSA_2048') - - master_key_id = key_pair["KeyId"].split("/")[1] - key_id = str(uuid.uuid4()) - encrypted_private_key = base64.b64encode(key_pair["PrivateKeyCiphertextBlob"]).decode() - public_key = base64.b64encode(key_pair["PublicKey"]).decode() - - table = dynamodb.Table(key_table_name) - table.put_item(Item={ - "master_key_id": master_key_id, - "key_id": key_id, - "encrypted_private_key": encrypted_private_key, - "public_key": public_key, - "key_purpose": "SIGNATURE", - "key_type": "ASYMMETRIC", - "enabled": True - }) - - cur.execute( - f"INSERT INTO KEYS (master_key_id, key_id, key_purpose, key_type, encrypted_private_key, public_key, enabled, key_expiration_date_timestamp) VALUES ('{master_key_id}', '{key_id}', 'SIGNATURE', 'ASYMMETRIC', '{encrypted_private_key}','{public_key}', true, 0)") - conn.commit() - - -def pass_encoded(password): - encode = str.encode(password) - return bcrypt.hashpw(encode, bcrypt.gensalt(12)).decode() - - -if __name__ == '__main__': - user_name = sys.argv[1] - table_suffix = sys.argv[2] - input_master_key = sys.argv[3] - database_host=sys.argv[4] - - conn = psycopg2.connect(database="postgres", - host=database_host, - user="postgres", - password="postgres", - port="5432") - cur = conn.cursor() - create_schema() - - store_roles() - store_account() - store_client_applications() - store_sso_client_applications() - store_key() - - cur.close() - conn.close() diff --git a/local-environment/request.http b/local-environment/request.http index 06ae8efe..54e87b50 100644 --- a/local-environment/request.http +++ b/local-environment/request.http @@ -6,6 +6,10 @@ GET {{actuatorHost}}/actuator POST {{actuatorHost}}/actuator/database-clean-up +### acgtuator tenant setup job +POST {{actuatorHost}}/actuator/tenant-setup + + ### login page GET {{host}}/login diff --git a/src/main/kotlin/com/vauthenticator/server/init/PermissionSetUpJob.kt b/src/main/kotlin/com/vauthenticator/server/init/PermissionSetUpJob.kt deleted file mode 100644 index 66396595..00000000 --- a/src/main/kotlin/com/vauthenticator/server/init/PermissionSetUpJob.kt +++ /dev/null @@ -1,4 +0,0 @@ -package com.vauthenticator.server.init - -class PermissionSetUpJob { -} \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/management/ManagementConfig.kt b/src/main/kotlin/com/vauthenticator/server/management/ManagementConfig.kt new file mode 100644 index 00000000..5d7a2fce --- /dev/null +++ b/src/main/kotlin/com/vauthenticator/server/management/ManagementConfig.kt @@ -0,0 +1,73 @@ +package com.vauthenticator.server.management + +import com.vauthenticator.server.account.domain.AccountRepository +import com.vauthenticator.server.keys.domain.KeyRepository +import com.vauthenticator.server.keys.domain.KeyStorage +import com.vauthenticator.server.management.cleanup.DatabaseTtlEntryCleanJob +import com.vauthenticator.server.management.cleanup.DatabaseTtlEntryCleanJobEndPoint +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.context.annotation.Profile +import org.springframework.jdbc.core.JdbcTemplate +import com.vauthenticator.server.management.init.* +import com.vauthenticator.server.oauth2.clientapp.domain.ClientApplicationRepository +import com.vauthenticator.server.password.domain.VAuthenticatorPasswordEncoder +import com.vauthenticator.server.role.domain.RoleRepository +import org.springframework.beans.factory.annotation.Value +import java.time.Clock + +@Configuration(proxyBeanMethods = false) +class TenantInitConfig { + + @Bean + fun accountSetUpJob( + roleRepository: RoleRepository, + accountRepository: AccountRepository, + passwordEncoder: VAuthenticatorPasswordEncoder + ) = AccountSetUpJob( + roleRepository, accountRepository, passwordEncoder + ) + + @Bean + fun clientApplicationSetUpJob( + clientApplicationRepository: ClientApplicationRepository, + passwordEncoder: VAuthenticatorPasswordEncoder + + ) = ClientApplicationSetUpJob(clientApplicationRepository, passwordEncoder) + + @Bean + fun keySetUpJob( + @Value("\${key.master-key}") maserKid: String, + keyStorage: KeyStorage, + keyRepository: KeyRepository + ) = KeySetUpJob( + maserKid, keyStorage, keyRepository + ) + + @Bean + fun tenantSetUpEndPoint( + accountSetUpJob: AccountSetUpJob, + clientApplicationSetUpJob: ClientApplicationSetUpJob, + keySetUpJob: KeySetUpJob + ) = + TenantSetUpEndPoint( + accountSetUpJob, + clientApplicationSetUpJob, + keySetUpJob + ) + +} + +@Profile("database") +@Configuration(proxyBeanMethods = false) +class DatabaseTtlEntryCleanJobConfig { + + @Bean + fun databaseTtlEntryCleanJob( + jdbcTemplate: JdbcTemplate + ) = DatabaseTtlEntryCleanJob(jdbcTemplate, Clock.systemUTC()) + + @Bean + fun databaseTtlEntryCleanJobEndPoint(databaseTtlEntryCleanJob: DatabaseTtlEntryCleanJob) = + DatabaseTtlEntryCleanJobEndPoint(databaseTtlEntryCleanJob) +} \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJob.kt b/src/main/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJob.kt similarity index 77% rename from src/main/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJob.kt rename to src/main/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJob.kt index 418157a2..efdf64bc 100644 --- a/src/main/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJob.kt +++ b/src/main/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJob.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.management +package com.vauthenticator.server.management.cleanup import org.slf4j.LoggerFactory import org.springframework.context.annotation.Bean @@ -53,17 +53,3 @@ class DatabaseTtlEntryCleanJob( } - -@Profile("database") -@Configuration(proxyBeanMethods = false) -class DatabaseTtlEntryCleanJobConfig() { - - @Bean - fun databaseTtlEntryCleanJob( - jdbcTemplate: JdbcTemplate - ) = DatabaseTtlEntryCleanJob(jdbcTemplate, Clock.systemUTC()) - - @Bean - fun databaseTtlEntryCleanJobEndPoint(databaseTtlEntryCleanJob: DatabaseTtlEntryCleanJob) = - DatabaseTtlEntryCleanJobEndPoint(databaseTtlEntryCleanJob) -} \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJobEndPoint.kt b/src/main/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJobEndPoint.kt similarity index 90% rename from src/main/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJobEndPoint.kt rename to src/main/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJobEndPoint.kt index c0b846aa..f45ad432 100644 --- a/src/main/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJobEndPoint.kt +++ b/src/main/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJobEndPoint.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.management +package com.vauthenticator.server.management.cleanup import org.springframework.boot.actuate.endpoint.annotation.Endpoint import org.springframework.boot.actuate.endpoint.annotation.WriteOperation diff --git a/src/main/kotlin/com/vauthenticator/server/init/AccountSetUpJob.kt b/src/main/kotlin/com/vauthenticator/server/management/init/AccountSetUpJob.kt similarity index 85% rename from src/main/kotlin/com/vauthenticator/server/init/AccountSetUpJob.kt rename to src/main/kotlin/com/vauthenticator/server/management/init/AccountSetUpJob.kt index 2fa869d0..12276200 100644 --- a/src/main/kotlin/com/vauthenticator/server/init/AccountSetUpJob.kt +++ b/src/main/kotlin/com/vauthenticator/server/management/init/AccountSetUpJob.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.init +package com.vauthenticator.server.management.init import com.vauthenticator.server.account.domain.Account import com.vauthenticator.server.account.domain.AccountMandatoryAction @@ -6,18 +6,14 @@ import com.vauthenticator.server.account.domain.AccountRepository import com.vauthenticator.server.password.domain.VAuthenticatorPasswordEncoder import com.vauthenticator.server.role.domain.Role import com.vauthenticator.server.role.domain.RoleRepository -import org.springframework.boot.ApplicationArguments -import org.springframework.boot.ApplicationRunner -import org.springframework.stereotype.Service import java.util.* -@Service class AccountSetUpJob( private val roleRepository: RoleRepository, private val accountRepository: AccountRepository, private val passwordEncoder: VAuthenticatorPasswordEncoder -) : ApplicationRunner { - override fun run(args: ApplicationArguments) { +) { + fun execute() { val userRole = Role("ROLE_USER", "Generic user role") val adminRole = Role("VAUTHENTICATOR_ADMIN", "VAuthenticator admin role") diff --git a/src/main/kotlin/com/vauthenticator/server/init/ClientApplicationSetUpJob.kt b/src/main/kotlin/com/vauthenticator/server/management/init/ClientApplicationSetUpJob.kt similarity index 89% rename from src/main/kotlin/com/vauthenticator/server/init/ClientApplicationSetUpJob.kt rename to src/main/kotlin/com/vauthenticator/server/management/init/ClientApplicationSetUpJob.kt index cec4f0cb..2983ecc0 100644 --- a/src/main/kotlin/com/vauthenticator/server/init/ClientApplicationSetUpJob.kt +++ b/src/main/kotlin/com/vauthenticator/server/management/init/ClientApplicationSetUpJob.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.init +package com.vauthenticator.server.management.init import com.vauthenticator.server.oauth2.clientapp.domain.* import com.vauthenticator.server.oauth2.clientapp.domain.AuthorizedGrantType.* @@ -6,16 +6,12 @@ import com.vauthenticator.server.oauth2.clientapp.domain.Scope.Companion.AVAILAB import com.vauthenticator.server.oauth2.clientapp.domain.Scope.Companion.MFA_ALWAYS import com.vauthenticator.server.oauth2.clientapp.domain.WithPkce.Companion.disabled import com.vauthenticator.server.password.domain.VAuthenticatorPasswordEncoder -import org.springframework.boot.ApplicationArguments -import org.springframework.boot.ApplicationRunner -import org.springframework.stereotype.Service -@Service class ClientApplicationSetUpJob( private val clientApplicationRepository: ClientApplicationRepository, private val passwordEncoder: VAuthenticatorPasswordEncoder -) : ApplicationRunner { - override fun run(args: ApplicationArguments) { +) { + fun execute() { clientApplicationRepository.save(m2mDefaultAdminClientApp()) clientApplicationRepository.save(managementUIDefaultClientApp()) } diff --git a/src/main/kotlin/com/vauthenticator/server/init/keySetUpJob.kt b/src/main/kotlin/com/vauthenticator/server/management/init/KeySetUpJob.kt similarity index 62% rename from src/main/kotlin/com/vauthenticator/server/init/keySetUpJob.kt rename to src/main/kotlin/com/vauthenticator/server/management/init/KeySetUpJob.kt index fc01e609..ce3474ed 100644 --- a/src/main/kotlin/com/vauthenticator/server/init/keySetUpJob.kt +++ b/src/main/kotlin/com/vauthenticator/server/management/init/KeySetUpJob.kt @@ -1,22 +1,17 @@ -package com.vauthenticator.server.init +package com.vauthenticator.server.management.init import com.vauthenticator.server.keys.domain.* import org.slf4j.LoggerFactory -import org.springframework.beans.factory.annotation.Value -import org.springframework.boot.ApplicationArguments -import org.springframework.boot.ApplicationRunner -import org.springframework.stereotype.Service -@Service -class keySetUpJob( - @Value("\${key.master-key}") private val maserKid: String, +class KeySetUpJob( + private val maserKid: String, private val keyStorage: KeyStorage, private val keyRepository: KeyRepository -) : ApplicationRunner { +) { - val logger = LoggerFactory.getLogger(PermissionSetUpJob::class.java) + val logger = LoggerFactory.getLogger(KeySetUpJob::class.java) - override fun run(args: ApplicationArguments) { + fun execute() { if (keyStorage.signatureKeys().keys.isEmpty()) { val firstKid = keyRepository.createKeyFrom( diff --git a/src/main/kotlin/com/vauthenticator/server/management/init/TenantSetUpEndPoint.kt b/src/main/kotlin/com/vauthenticator/server/management/init/TenantSetUpEndPoint.kt new file mode 100644 index 00000000..5b335831 --- /dev/null +++ b/src/main/kotlin/com/vauthenticator/server/management/init/TenantSetUpEndPoint.kt @@ -0,0 +1,24 @@ +package com.vauthenticator.server.management.init + +import org.springframework.boot.actuate.endpoint.annotation.Endpoint +import org.springframework.boot.actuate.endpoint.annotation.WriteOperation +import org.springframework.http.ResponseEntity + + +@Endpoint(id = "tenant-setup") +class TenantSetUpEndPoint( + private val accountSetUpJob: AccountSetUpJob, + private val clientApplicationSetUpJob: ClientApplicationSetUpJob, + private val keySetUpJob: KeySetUpJob +) { + + @WriteOperation + fun tenantInit(): ResponseEntity { + accountSetUpJob.execute() + clientApplicationSetUpJob.execute() + keySetUpJob.execute() + + return ResponseEntity.noContent().build() + } + +} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJobTest.kt b/src/test/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJobTest.kt similarity index 97% rename from src/test/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJobTest.kt rename to src/test/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJobTest.kt index 7e7c49ed..01e86063 100644 --- a/src/test/kotlin/com/vauthenticator/server/management/DatabaseTtlEntryCleanJobTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/management/cleanup/DatabaseTtlEntryCleanJobTest.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.management +package com.vauthenticator.server.management.cleanup import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper import com.vauthenticator.server.keys.adapter.jdbc.JdbcKeyStorage diff --git a/tenant-installer.Dockerfile b/tenant-installer.Dockerfile index 307603f9..922a996c 100644 --- a/tenant-installer.Dockerfile +++ b/tenant-installer.Dockerfile @@ -25,4 +25,4 @@ WORKDIR local-environment/local-initializer ADD local-environment/local-initializer . ADD src/main/resources/data/schema.sql . -ENTRYPOINT sh ./build.sh \ No newline at end of file +ENTRYPOINT sh ./setup.sh \ No newline at end of file