config each instance with API token - taler-deployment - Deployment scripts and configuration files

commit b242d68ccb2abe790dc517e6ff41168277f0ffd4
parent 8445a97d525eebaba3d7008f9bc15624446736b1
Author: MS <ms@taler.net>
Date:   Wed, 28 Apr 2021 11:40:15 +0200

config each instance with API token

Diffstat:
M bin/taler-deployment  | 4 ++--
M bin/taler-deployment-config-generate  | 3 ++-
M bin/taler-deployment-config-instances  | 17 +++++++++--------

3 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/bin/taler-deployment b/bin/taler-deployment
@@ -646,7 +646,7 @@ def sync_repos() -> None:
         subprocess.run(["git", "-C", str(r_dir), "clean", "-fdx"], check=True)
 
 def generate_apitoken():
-    return ''.join(random.choices(ascii_letters + ascii_uppercase, k=10))
+    return "secret-token:" + ''.join(random.choices(ascii_letters + ascii_uppercase, k=10))
 
 @cli.command()
 def bootstrap() -> None:
@@ -678,7 +678,7 @@ def bootstrap() -> None:
                 currency=currmap[envname],
                 curr_path=":".join(path_list),
                 coverage=1 if envname == "coverage" else 0,
-                frontends_apitoken="secret-token:{}".format(generate_apitoken()),
+                frontends_apitoken="{}".format(generate_apitoken()),
                 **get_urls(envname)
             )
         )
diff --git a/bin/taler-deployment-config-generate b/bin/taler-deployment-config-generate
@@ -224,6 +224,7 @@ def config(obj):
 @click.option("--envname", default="demo")
 @click.option("--outdir", required=True)
 @click.option("--exchange-pub", required=True)
+# Expected to contain already the 'secret-token:' scheme.
 @click.option("--frontends-apitoken", required=True)
 def main(currency, envname, outdir, exchange_pub, frontends_apitoken):
 
@@ -234,7 +235,7 @@ def main(currency, envname, outdir, exchange_pub, frontends_apitoken):
     config_files = []
 
     mc = ConfigFile(envname, currency, exchange_pub, "taler.conf")
-    mc.cfg_put("frontends", "backend_apikey", f"secret-token:{frontends_apitoken}")
+    mc.cfg_put("frontends", "backend_apikey", f"{frontends_apitoken}")
     config(mc)
     config_files.append(mc)
 
diff --git a/bin/taler-deployment-config-instances b/bin/taler-deployment-config-instances
@@ -24,6 +24,7 @@ def expect_env(name):
 MERCHANT_BACKEND_BASE_URL = expect_env("TALER_ENV_MERCHANT_BACKEND")
 TALER_ENV_NAME = expect_env("TALER_ENV_NAME")
 TALER_CONFIG_CURRENCY = expect_env("TALER_CONFIG_CURRENCY")
+TALER_ENV_FRONTENDS_APITOKEN = expect_env("TALER_ENV_FRONTENDS_APITOKEN")
 
 def ensure_instance(instance_id, name, payto_uris, auth):
     # FIXME: Use auth once the default instance also uses token auth
@@ -44,7 +45,7 @@ def ensure_instance(instance_id, name, payto_uris, auth):
         default_wire_transfer_delay=dict(d_ms="forever"),
         default_pay_delay=dict(d_ms="forever"),
         # FIXME: Eventually, this should be an actual secret token
-        auth=dict(method="token", token="secret-token:sandbox"),
+        auth=auth,
     )
     create_resp = requests.post(
         urljoin(MERCHANT_BACKEND_BASE_URL, "private/instances"), json=req
@@ -58,47 +59,47 @@ ensure_instance(
     "blog",
     name="Blog",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/blog"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "donations",
     name="Donations",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/donations"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "survey",
     name="Survey",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/survey"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "pos",
     name="PoS",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/pos"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "GNUnet",
     name="GNUnet",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/GNUnet"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "Taler",
     name="Taler",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/Taler"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )
 
 ensure_instance(
     "Tor",
     name="Tor",
     payto_uris=[f"payto://x-taler-bank/bank.{TALER_ENV_NAME}.taler.net/Tor"],
-    auth=dict(method="token", token="secret-token:sandbox"),
+    auth=dict(method="token", token=TALER_ENV_FRONTENDS_APITOKEN),
 )

	taler-deployment Deployment scripts and configuration files
	Log \| Files \| Refs \| README

M	bin/taler-deployment	\|	4	++--
M	bin/taler-deployment-config-generate	\|	3	++-
M	bin/taler-deployment-config-instances	\|	17	+++++++++--------