From 6f1bcb1bceeb16f7e6df42e4840098b720ad2ae0 Mon Sep 17 00:00:00 2001
From: Robert Butora <robert.butora@inaf.it>
Date: Thu, 31 Oct 2024 19:36:20 +0100
Subject: [PATCH] docker: adds IA2 security params (AUTH_GMS/RAP/CLIENT/SECRET)

---
 docker/Dockerfile.soda    |  2 ++
 docker/start-soda.sh.soda | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/docker/Dockerfile.soda b/docker/Dockerfile.soda
index 344b8f7..5a2bf4f 100644
--- a/docker/Dockerfile.soda
+++ b/docker/Dockerfile.soda
@@ -57,6 +57,8 @@ RUN chmod -R a+rwX conf
 
 # enable SKA IAM token filter update
 RUN chmod a+rw ${WEBAPP_DIR}/WEB-INF/web.xml \
+ && touch  ${WEBAPP_DIR}/WEB-INF/classes/ia2token.properties \
+ && touch  ${WEBAPP_DIR}/WEB-INF/classes/iamtoken.properties \
  && chmod a+rw ${WEBAPP_DIR}/WEB-INF/classes/*.properties
 
 env ACCESS_CONTEXT_ROOT=datasets
diff --git a/docker/start-soda.sh.soda b/docker/start-soda.sh.soda
index 12b0bd1..064d75f 100755
--- a/docker/start-soda.sh.soda
+++ b/docker/start-soda.sh.soda
@@ -9,11 +9,18 @@ env
 # set optional
 ACCESS_CONTEXT_ROOT=${ACCESS_CONTEXT_ROOT:-datasets}
 SECURITY=${SECURITY:-}
+
 KEYSTORE_ALIAS=${KEYSTORE_ALIAS:-}
 SKAIAM_INTROSPECT=${SKAIAM_INTROSPECT:-}
 SKAIAM_CLIENT=${SKAIAM_CLIENT:-}
 SKAIAM_PASSWORD=${SKAIAM_PASSWORD:-}
 
+AUTH_RAP_URL=${AUTH_RAP_URL:-}
+AUTH_GMS_URL=${AUTH_GMS_URL:-}
+AUTH_CLIENT=${AUTH_CLIENT:-}
+AUTH_SECRET=${AUTH_SECRET:-}
+
+
 # configure CONTEXT_ROOT
 
 mkdir -p $CATALINA_BASE/conf/Catalina/localhost
@@ -66,6 +73,31 @@ else
    cp $WEBAPP_DIR/WEB-INF/web-cutout-iamtoken.xml $WEBAPP_DIR/WEB-INF/web.xml
 fi
 
+# configure IA2 security
+
+if [ -z "$AUTH_RAP_URL" ] || [ -z "$AUTH_GMS_URL" ] || [ -z "$AUTH_CLIENT" ] || [ -z "$AUTH_SECRET" ];
+then
+   echo "Some of AUTH_ is not set."
+   echo "rap: "$AUTH_RAP_URL
+   echo "gms: "$AUTH_GMS_URL
+   echo "cli: "$AUTH_CLIENT
+   echo "pwd: "$AUTH_SECRET
+else
+   echo "Config SKA IAM ..."
+   {
+      echo "rap_uri=$AUTH_RAP_URL"
+      echo "gms_uri=$AUTH_GMS_URL"
+      echo "client_id=$AUTH_CLIENT"
+      echo "client_secret=$AUTH_SECRET"
+      echo "groups_autoload=true"
+      echo "store_state_on_login_endpoint=true"
+      echo "scope=openid email profile read:rap"
+      echo "allow_anonymous_access=true"
+   } > $WEBAPP_DIR/WEB-INF/classes/ia2token.properties
+   cp $WEBAPP_DIR/WEB-INF/web-cutout-ia2token.xml $WEBAPP_DIR/WEB-INF/web.xml
+fi
+
+
 # config debug
 DBG_LEVEL=${DEBUG_LEVEL:-CONFIG}
 sed -i "s/.*ServletCutout\.level.*=.*/ServletCutout.level = $DBG_LEVEL/g" $CATALINA_BASE/conf/soda.logging.properties
-- 
GitLab