docker: adds SKA IAM token config by env SKAIAM_*

2290ac63 · Robert Butora · b6d9efa1 · 2290ac63 · 2290ac63 · 2290ac63
Commit 2290ac63 authored 9 months ago by Robert Butora
--- a/docker/Dockerfile.soda
+++ b/docker/Dockerfile.soda
@@ -29,8 +29,9 @@ COPY vlkb-${VLKB_VERSION}.deb ./
 COPY vlkb-soda-${VLKB_VERSION}.war ${WEBAPP_DIR}/
 RUN dpkg -i vlkb-${VLKB_VERSION}.deb \
 && cd ${WEBAPP_DIR} && unzip vlkb-soda-${VLKB_VERSION}.war \
- && apt-get autoremove && apt-get clean
-
+ && apt-get autoremove && apt-get clean \
+ && rm -f $WEBAPP_DIR/WEB-INF/lib/jjwt-*0.11*.jar
+# remove jjwt used by IA2 (IA2 and IAM token filters used different ver of jjwt)


 # configure build instance
@@ -58,6 +59,11 @@ WORKDIR ${CATALINA_HOME}
 RUN chmod -R +rX .; chmod 1777 /var/log/tomcat9 /var/cache/tomcat9
 WORKDIR ${CATALINA_BASE}
 RUN chmod -R a+rwX conf
+
+# enable SKA IAM token filter update
+RUN chmod a+rw ${WEBAPP_DIR}/WEB-INF/web.xml \
+ && chmod a+rw ${WEBAPP_DIR}/WEB-INF/classes/iamtoken.properties
+
 RUN chmod +rx /root && chmod +rx /root/start-soda.sh
 USER 1000:1000
 CMD ["sh", "-c", "/root/start-soda.sh"]

--- a/docker/Dockerfile.soda.temurin-jammy
+++ b/docker/Dockerfile.soda.temurin-jammy
@@ -25,9 +25,9 @@ ARG VLKB_VERSION
 COPY vlkb-${VLKB_VERSION}.deb ./
 COPY vlkb-soda-${VLKB_VERSION}.war ${WEBAPP_DIR}/
 RUN dpkg -i vlkb-${VLKB_VERSION}.deb \
- && cd ${WEBAPP_DIR} && unzip vlkb-soda-${VLKB_VERSION}.war
-
-
+ && cd ${WEBAPP_DIR} && unzip vlkb-soda-${VLKB_VERSION}.war \
+ && rm -f $WEBAPP_DIR/WEB-INF/lib/jjwt-*0.11*.jar
+# remove jjwt used by IA2 (IA2 and IAM token filters used different ver of jjwt)

 # configure instance

@@ -45,6 +45,10 @@ COPY deps/setenv.sh ${CATALINA_BASE}/bin/
 WORKDIR ${CATALINA_BASE}
 RUN chmod -R a+rwX conf

+# enable SKA IAM token filter update
+RUN chmod a+rw ${WEBAPP_DIR}/WEB-INF/web.xml \
+ && chmod a+rw ${WEBAPP_DIR}/WEB-INF/classes/iamtoken.properties
+
 env ACCESS_CONTEXT_ROOT=datasets
 # configure during start-up
 COPY start-soda.sh.soda /root/start-soda.sh

--- a/docker/start-soda.sh.soda
+++ b/docker/start-soda.sh.soda
@@ -13,6 +13,22 @@ env
 mkdir -p $CATALINA_BASE/conf/Catalina/localhost
 cp $WEBAPP_DIR/META-INF/context.xml $CATALINA_BASE/conf/Catalina/localhost/$ACCESS_CONTEXT_ROOT.xml

+
+# env SECURITY (deprecated)
+
+case $SECURITY in
+   iamtoken)
+      echo "SECURITY is set: "$SECURITY
+      cd $WEBAPP_DIR/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
+      cp /etc/pki/tls/server-connector.xml $CATALINA_BASE/conf
+      cp /etc/pki/tls/iamtoken.properties $WEBAPP_DIR/WEB-INF/classes/
+      ;;
+   *)
+      echo "SECURITY not configured."
+      ;;
+esac
+
+
 # configure TLS

 if [ -f /etc/pki/tls/keystore.jks ] && [ -f /etc/pki/tls/keystore.pwd ];
@@ -22,24 +38,30 @@ fi

 case $KEYSTORE_ALIAS in
   *)
-      echo $KEYSTORE_ALIAS
+      echo "KEYSTORE_ALIAS: "$KEYSTORE_ALIAS
      sed -i "s/tomcat/$KEYSTORE_ALIAS/" $CATALINA_BASE/conf/server-connector.xml
      ;;
 esac

-# env SECURITY (deprecated)

-case $SECURITY in
-   iamtoken)
-      cd $WEBAPP_DIR/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
-      cp /etc/pki/tls/server-connector.xml $CATALINA_BASE/conf
-      cp /etc/pki/tls/iamtoken.properties $WEBAPP_DIR/WEB-INF/classes/
-      rm -f $WEBAPP_DIR/WEB-INF/lib/jjwt-*0.11*.jar
-      ;;
-   *)
-      echo "SECURITY not configured."
-      ;;
-esac
+# configure SKA IAM
+
+if [ -z "$SKAIAM_INTROSPECT" ] || [ -z "$SKAIAM_CLIENT" ] || [ -z "$SKAIAM_PASSWORD" ];
+then
+   echo "Some of SKAIAM_ is not set."
+   echo "url: "$SKAIAM_INTROSPECT
+   echo "cli: "$SKAIAM_CLIENT
+   echo "pwd: "$SKAIAM_PASSWORD
+else
+   echo "Config SKA IAM ..."
+   {
+      echo "introspect=$SKAIAM_INTROSPECT"
+      echo "client_name=$SKAIAM_CLIENT"
+      echo "client_password=$SKAIAM_PASSWORD"
+   } > $WEBAPP_DIR/WEB-INF/classes/iamtoken.properties
+   cp $WEBAPP_DIR/WEB-INF/web-cutout-iamtoken.xml $WEBAPP_DIR/WEB-INF/web.xml
+fi
+

 date
 } 1> /tmp/start-soda.log 2>&1