From f3b9f3f2d4addf0fa0f23f1f1b29c57b28a8c074 Mon Sep 17 00:00:00 2001
From: MS <ms@taler.net>
Date: Wed, 28 Apr 2021 11:14:55 +0200
Subject: propagating the API token into the configuration

---
 bin/taler-deployment-config-generate | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'bin/taler-deployment-config-generate')

diff --git a/bin/taler-deployment-config-generate b/bin/taler-deployment-config-generate
index fdba35f..3f97fe7 100755
--- a/bin/taler-deployment-config-generate
+++ b/bin/taler-deployment-config-generate
@@ -135,7 +135,6 @@ def config(obj):
         "merchantdb-postgres", "config", "postgres:///taler{}".format(obj.envname)
     )
 
-    obj.cfg_put("frontends", "backend_apikey", "secret-token:sandbox")
     obj.cfg_put("frontends", "backend", urls["merchant_backend"])
 
     obj.cfg_put(
@@ -224,9 +223,9 @@ def config(obj):
 @click.option("--currency", default="KUDOS")
 @click.option("--envname", default="demo")
 @click.option("--outdir", required=True)
-# datadir is where all keys / wire-details files / are placed.
 @click.option("--exchange-pub", required=True)
-def main(currency, envname, outdir, exchange_pub):
+@click.option("--frontends-apitoken", required=True)
+def main(currency, envname, outdir, exchange_pub, frontends_apitoken):
 
     if envname not in ("tanker", "demo", "test", "int", "euro", "chf", "local"):
         print("envname (%s) not demo/test/int, aborting config generation" % envname)
@@ -235,6 +234,7 @@ def main(currency, envname, outdir, exchange_pub):
     config_files = []
 
     mc = ConfigFile(envname, currency, exchange_pub, "taler.conf")
+    mc.cfg_put("frontends", "backend_apikey", f"secret-token:{frontends_apitoken}")
     config(mc)
     config_files.append(mc)
 
-- 
cgit v1.2.3


From b242d68ccb2abe790dc517e6ff41168277f0ffd4 Mon Sep 17 00:00:00 2001
From: MS <ms@taler.net>
Date: Wed, 28 Apr 2021 11:40:15 +0200
Subject: config each instance with API token

---
 bin/taler-deployment                  |  4 ++--
 bin/taler-deployment-config-generate  |  3 ++-
 bin/taler-deployment-config-instances | 17 +++++++++--------
 3 files changed, 13 insertions(+), 11 deletions(-)

(limited to 'bin/taler-deployment-config-generate')

diff --git a/bin/taler-deployment b/bin/taler-deployment
index 12e7087..695faed 100755
--- a/bin/taler-deployment
+++ b/bin/taler-deployment
@@ -646,7 +646,7 @@ def sync_repos() -> None:
         subprocess.run(["git", "-C", str(r_dir), "clean", "-fdx"], check=True)
 
 def generate_apitoken():
-    return ''.join(random.choices(ascii_letters + ascii_uppercase, k=10))
+    return "secret-token:" + ''.join(random.choices(ascii_letters + ascii_uppercase, k=10))
 
 @cli.command()
 def bootstrap() -> None:
@@ -678,7 +678,7 @@ def bootstrap() -> None:
                 currency=currmap[envname],
                 curr_path=":".join(path_list),
                 coverage=1 if envname == "coverage" else 0,
-                frontends_apitoken="secret-token:{}".format(generate_apitoken()),
+                frontends_apitoken="{}".format(generate_apitoken()),
                 **get_urls(envname)
             )
         )
diff --git a/bin/taler-deployment-config-generate b/bin/taler-deployment-config-generate
index 3f97fe7..36e8608 100755
--- a/bin/taler-deployment-config-generate
+++ b/bin/taler-deployment-config-generate
@@ -224,6 +224,7 @@ def config(obj):
 @click.option("--envname", default="demo")
 @click.option("--outdir", required=True)
 @click.option("--exchange-pub", required=True)
+# Expected to contain already the 'secret-token:' scheme.
 @click.option("--frontends-apitoken", required=True)
 def main(currency, envname, outdir, exchange_pub, frontends_apitoken):
 
@@ -234,7 +235,7 @@ def main(currency, envname, outdir, exchange_pub, frontends_apitoken):
     config_files = []
 
     mc = ConfigFile(envname, currency, exchange_pub, "taler.conf")
-    mc.cfg_put("frontends", "backend_apikey", f"secret-token:{frontends_apitoken}")
+    mc.cfg_put("frontends", "backend_apikey", f"{frontends_apitoken}")
     config(mc)
     config_files.append(mc)
 
diff --git a/bin/taler-deployment-config-instances b/bin/taler-deployment-config-instances
index 5a9a8d2..3d6acda 100755
--- a/bin/taler-deployment-config-instances
+++ b/bin/taler-deployment-config-instances
@@ -24,6 +24,7 @@ def expect_env(name):
 MERCHANT_BACKEND_BASE_URL = expect_env("TALER_ENV_MERCHANT_BACKEND")
 TALER_ENV_NAME = expect_env("TALER_ENV_NAME")
 TALER_CONFIG_CURRENCY = expect_env("TALER_CONFIG_CURRENCY")
+TALER_ENV_FRONTENDS_APITOKEN = expect_env("TALER_ENV_FRONTENDS_APITOKEN")
 
 def ensure_instance(instance_id, name, payto_uris, auth):
     # FIXME: Use auth once the default instance also uses token auth
@@ -44,7 +45,7 @@ def ensure_instance(instance_id, name, payto_uris, auth):
         default_wire_transfer_delay=dict(d_ms="forever"),
         default_pay_delay=dict(d_ms="forever"),
         # FIXME: Eventually, this should be an actual secret token
-        auth=dict(method="token", token="secret-token:sandbox"),
+        auth=auth,
     )
     create_resp = requests.post(
         urljoin(MERCHANT_BACKEND_BASE_URL, "private/instances"), json=req
@@ -58,47 +59,47 @@ ensure_instance(
     "blog",
     name="Blog",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/blog"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "donations",
     name="Donations",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/donations"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "survey",
     name="Survey",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/survey"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "pos",
     name="PoS",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/pos"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "GNUnet",
     name="GNUnet",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/GNUnet"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "Taler",
     name="Taler",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/Taler"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "Tor",
     name="Tor",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/Tor"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
-- 
cgit v1.2.3