diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-04-28 14:20:23 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-04-28 14:20:23 +0200 |
commit | 7d761d515f2656ea2166b88f311ac86ccc47a070 (patch) | |
tree | 3324b4727e3ccb45a8ccf7e59ccac9d616e341a0 | |
parent | d67acf55e8781097aef94f7c027b6817bf2206b2 (diff) | |
parent | fa211fb56a0f92fb1046e5fd9c61004ec34b87ab (diff) | |
download | deployment-7d761d515f2656ea2166b88f311ac86ccc47a070.tar.gz deployment-7d761d515f2656ea2166b88f311ac86ccc47a070.tar.bz2 deployment-7d761d515f2656ea2166b88f311ac86ccc47a070.zip |
Merge branch 'master' of git+ssh://git.taler.net/deployment
-rwxr-xr-x | bin/taler-deployment | 7 | ||||
-rwxr-xr-x | bin/taler-deployment-config-generate | 7 | ||||
-rwxr-xr-x | bin/taler-deployment-config-instances | 31 | ||||
-rwxr-xr-x | bin/taler-deployment-prepare | 3 |
4 files changed, 37 insertions, 11 deletions
diff --git a/bin/taler-deployment b/bin/taler-deployment index acd9b70..2df86da 100755 --- a/bin/taler-deployment +++ b/bin/taler-deployment @@ -27,6 +27,8 @@ from dataclasses import dataclass from typing import List, Callable from shutil import copy from taler_urls import get_urls +from string import ascii_letters, ascii_uppercase +import random activate_template = """\ #!/bin/bash @@ -51,6 +53,7 @@ export TALER_ENV_URL_BACKOFFICE="{backoffice}" export TALER_ENV_URL_SYNC="{sync}" export TALER_ENV_MERCHANT_BACKEND="{merchant_backend}" export TALER_COVERAGE={coverage} +export TALER_ENV_FRONTENDS_APITOKEN="{frontends_apitoken}" """ @@ -637,6 +640,9 @@ def sync_repos() -> None: r_dir = home / "sources" / r.name subprocess.run(["git", "-C", str(r_dir), "clean", "-fdx"], check=True) +def generate_apitoken(): + return "secret-token:" + ''.join(random.choices(ascii_letters + ascii_uppercase, k=10)) + @cli.command() def bootstrap() -> None: """Bootstrap a GNU Taler deployment.""" @@ -667,6 +673,7 @@ def bootstrap() -> None: currency=currmap[envname], curr_path=":".join(path_list), coverage=1 if envname == "coverage" else 0, + frontends_apitoken="{}".format(generate_apitoken()), **get_urls(envname) ) ) diff --git a/bin/taler-deployment-config-generate b/bin/taler-deployment-config-generate index fdba35f..36e8608 100755 --- a/bin/taler-deployment-config-generate +++ b/bin/taler-deployment-config-generate @@ -135,7 +135,6 @@ def config(obj): "merchantdb-postgres", "config", "postgres:///taler{}".format(obj.envname) ) - obj.cfg_put("frontends", "backend_apikey", "secret-token:sandbox") obj.cfg_put("frontends", "backend", urls["merchant_backend"]) obj.cfg_put( @@ -224,9 +223,10 @@ def config(obj): @click.option("--currency", default="KUDOS") @click.option("--envname", default="demo") @click.option("--outdir", required=True) -# datadir is where all keys / wire-details files / are placed. @click.option("--exchange-pub", required=True) -def main(currency, envname, outdir, exchange_pub): +# Expected to contain already the 'secret-token:' scheme. +@click.option("--frontends-apitoken", required=True) +def main(currency, envname, outdir, exchange_pub, frontends_apitoken): if envname not in ("tanker", "demo", "test", "int", "euro", "chf", "local"): print("envname (%s) not demo/test/int, aborting config generation" % envname) @@ -235,6 +235,7 @@ def main(currency, envname, outdir, exchange_pub): config_files = [] mc = ConfigFile(envname, currency, exchange_pub, "taler.conf") + mc.cfg_put("frontends", "backend_apikey", f"{frontends_apitoken}") config(mc) config_files.append(mc) diff --git a/bin/taler-deployment-config-instances b/bin/taler-deployment-config-instances index 5a9a8d2..65cebc8 100755 --- a/bin/taler-deployment-config-instances +++ b/bin/taler-deployment-config-instances @@ -24,6 +24,7 @@ def expect_env(name): MERCHANT_BACKEND_BASE_URL = expect_env("TALER_ENV_MERCHANT_BACKEND") TALER_ENV_NAME = expect_env("TALER_ENV_NAME") TALER_CONFIG_CURRENCY = expect_env("TALER_CONFIG_CURRENCY") +TALER_ENV_FRONTENDS_APITOKEN = expect_env("TALER_ENV_FRONTENDS_APITOKEN") def ensure_instance(instance_id, name, payto_uris, auth): # FIXME: Use auth once the default instance also uses token auth @@ -44,7 +45,7 @@ def ensure_instance(instance_id, name, payto_uris, auth): default_wire_transfer_delay=dict(d_ms="forever"), default_pay_delay=dict(d_ms="forever"), # FIXME: Eventually, this should be an actual secret token - auth=dict(method="token", token="secret-token:sandbox"), + auth=auth, ) create_resp = requests.post( urljoin(MERCHANT_BACKEND_BASE_URL, "private/instances"), json=req @@ -52,53 +53,69 @@ def ensure_instance(instance_id, name, payto_uris, auth): if create_resp.status_code < 200 or create_resp.status_code >= 300: print(f"failed to create instance {instance_id}") print(create_resp.text) + print("trying with PATCH") + patch_resp = requests.patch( + urljoin(MERCHANT_BACKEND_BASE_URL, f"private/instances/{instance_id}"), json=req + ) + if patch_resp.status_code < 200 or patch_resp.status_code >= 300: + print(f"failed to patch instance {instance_id}") + print(patch_resp.text) exit(1) ensure_instance( "blog", name="Blog", payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/blog"], - auth=dict(method="token", token="secret-token:sandbox"), + auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN), ) ensure_instance( "donations", name="Donations", payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/donations"], - auth=dict(method="token", token="secret-token:sandbox"), + auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN), ) ensure_instance( "survey", name="Survey", payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/survey"], - auth=dict(method="token", token="secret-token:sandbox"), + auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN), ) ensure_instance( "pos", name="PoS", payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/pos"], - auth=dict(method="token", token="secret-token:sandbox"), + auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN), ) ensure_instance( "GNUnet", name="GNUnet", payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/GNUnet"], - auth=dict(method="token", token="secret-token:sandbox"), + auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN), ) ensure_instance( "Taler", name="Taler", payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/Taler"], - auth=dict(method="token", token="secret-token:sandbox"), + auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN), ) ensure_instance( "Tor", name="Tor", payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/Tor"], + auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN), +) + +# Note: this instance has a fixed secret-token, so as to allow anyone to easily +# run their tutorial. +ensure_instance( + "Tutorial", + name="Tutorial", + payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/Tutorial"], auth=dict(method="token", token="secret-token:sandbox"), ) diff --git a/bin/taler-deployment-prepare b/bin/taler-deployment-prepare index 59c0689..d87bc61 100755 --- a/bin/taler-deployment-prepare +++ b/bin/taler-deployment-prepare @@ -30,7 +30,8 @@ function generate_config() { --exchange-pub "$EXCHANGE_PUB" \ --currency "$TALER_CONFIG_CURRENCY" \ --outdir "$HOME/.config" \ - --envname "$TALER_ENV_NAME" + --envname "$TALER_ENV_NAME" \ + --frontends-apitoken "$TALER_ENV_FRONTENDS_APITOKEN" } ## |