Add generate_password function

This commit is contained in:
juarez 2023-11-23 15:54:44 +01:00
parent 185143c084
commit b0ced71197
3 changed files with 19 additions and 6 deletions

View File

@ -3,10 +3,10 @@
if [ "$ENABLE_DATASHIELD" == true ]; then if [ "$ENABLE_DATASHIELD" == true ]; then
log INFO "DataSHIELD setup detected -- will start DataSHIELD services." log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
EXPORTER_OPAL_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal DB. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")"
TOKEN_MANAGER_OPAL_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Token Manager in Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" TOKEN_MANAGER_OPAL_PASSWORD="$(generate_password \"Token Manager in Opal\")"
OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal DB. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
OPAL_ADMIN_PASSWORD="$(echo \"This is a salt string to generate one consistent admin password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
mkdir -p /tmp/bridgehead/ mkdir -p /tmp/bridgehead/
@ -20,7 +20,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
"external": "opal-'"$SITE_ID"'", "external": "opal-'"$SITE_ID"'",
"internal": "opal:8080", "internal": "opal:8080",
"allowed": [$input.sites[].id | "datashield-connect.\(.).broker.ccp-it.dktk.dkfz.de"] "allowed": [$input.sites[].id | "datashield-connect.\(.).broker.ccp-it.dktk.dkfz.de"]
}]' > /tmp/bridgehead/opal-map/local.json }]' >/tmp/bridgehead/opal-map/local.json
cp -f ./$PROJECT/modules/datashield-mappings.json /tmp/bridgehead/opal-map/central.json cp -f ./$PROJECT/modules/datashield-mappings.json /tmp/bridgehead/opal-map/central.json
chown -R bridgehead:docker /tmp/bridgehead/ chown -R bridgehead:docker /tmp/bridgehead/
generate_private_oidc_client "OIDC_CLIENT_SECRET" "$(generate_redirect_urls '/opal/*')" generate_private_oidc_client "OIDC_CLIENT_SECRET" "$(generate_redirect_urls '/opal/*')"

View File

@ -3,5 +3,5 @@
if [ "$ENABLE_LOGIN" == true ]; then if [ "$ENABLE_LOGIN" == true ]; then
log INFO "Login setup detected -- will start Login services." log INFO "Login setup detected -- will start Login services."
OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml"
KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Keycloak. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" KEYCLOAK_DB_PASSWORD="$(generate_password \"local Keycloak\")"
fi fi

View File

@ -307,3 +307,16 @@ generate_redirect_urls(){
fi fi
echo "$redirect_urls" echo "$redirect_urls"
} }
generate_password(){
local seed_text="$1"
local random_digit=$(openssl rand -hex 1 | head -c 1)
local random_upper=$(openssl rand -base64 3 | tr -dc 'A-Z' | head -c 1)
local random_lower=$(openssl rand -base64 3 | tr -dc 'a-z' | head -c 1)
local random_special=$(echo '@#$%^&+=' | fold -w1 | shuf -n1)
local combined_text="This is a salt string to generate one consistent password for ${seed_text}. It is not required to be secret."
local main_password=$(echo "${combined_text}" | openssl rsautl -sign -inkey "/etc/bridgehead/pki/${SITE_ID}.priv.pem" | base64 | head -c 26)
echo "${main_password}${random_digit}${random_upper}${random_lower}${random_special}"
}