fix: make a persistent send secret per bridgehead

dhki/docker-compose.yml

@@ -45,6 +45,7 @@ services:
       BROKER_URL: ${BROKER_URL}
       PROXY_ID: ${PROXY_ID}
       APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      APP_beamfilesend_KEY: ${BEAM_FILE_SEND_SECRET}
       PRIVKEY_FILE: /run/secrets/proxy.pem
       ALL_PROXY: http://forward_proxy:3128
       TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs

dhki/vars

@@ -5,6 +5,7 @@ FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | h
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+BEAM_FILE_SEND_SECRET="$(echo \"beam-file-send-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 

modules/beam-file-compose.yml

@@ -4,8 +4,8 @@ services:
     image: samply/beam-file:${BEAM_FILE_TAG}
     container_name: bridgehead-beam-file-sender
     environment:
-      - BEAM_ID=beamfile.${PROXY_ID}
+      - BEAM_ID=beamfilesend.${PROXY_ID}
-      - BEAM_SECRET=${BEAM_FILE_SECRET}
+      - BEAM_SECRET=${BEAM_FILE_SEND_SECRET}
       - BEAM_URL=http://beam-proxy:8081
       - BIND_ADDR=0.0.0.0:8085
       - API_KEY=${BEAM_FILE_API_KEY}
@@ -32,3 +32,4 @@ services:
   beam-proxy:
     environment:
       APP_beamfile_KEY: ${BEAM_FILE_SECRET}
+    profiles: ["beam-file-receiver"]