mirror of https://github.com/samply/bridgehead.git
Add generate_password function
This commit is contained in:
parent
00969a24f9
commit
eff7e85ff3
|
@ -3,10 +3,10 @@
|
||||||
if [ "$ENABLE_DATASHIELD" == true ]; then
|
if [ "$ENABLE_DATASHIELD" == true ]; then
|
||||||
log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
|
log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
|
||||||
OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
|
OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
|
||||||
EXPORTER_OPAL_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal DB. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")"
|
||||||
TOKEN_MANAGER_OPAL_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Token Manager in Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
TOKEN_MANAGER_OPAL_PASSWORD="$(generate_password \"Token Manager in Opal\")"
|
||||||
OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal DB. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||||
OPAL_ADMIN_PASSWORD="$(echo \"This is a salt string to generate one consistent admin password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
|
||||||
DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||||
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
|
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
|
||||||
mkdir -p /tmp/bridgehead/
|
mkdir -p /tmp/bridgehead/
|
||||||
|
@ -20,7 +20,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
|
||||||
"external": "opal-'"$SITE_ID"'",
|
"external": "opal-'"$SITE_ID"'",
|
||||||
"internal": "opal:8080",
|
"internal": "opal:8080",
|
||||||
"allowed": [$input.sites[].id | "datashield-connect.\(.).broker.ccp-it.dktk.dkfz.de"]
|
"allowed": [$input.sites[].id | "datashield-connect.\(.).broker.ccp-it.dktk.dkfz.de"]
|
||||||
}]' > /tmp/bridgehead/opal-map/local.json
|
}]' >/tmp/bridgehead/opal-map/local.json
|
||||||
cp -f ./$PROJECT/modules/datashield-mappings.json /tmp/bridgehead/opal-map/central.json
|
cp -f ./$PROJECT/modules/datashield-mappings.json /tmp/bridgehead/opal-map/central.json
|
||||||
chown -R bridgehead:docker /tmp/bridgehead/
|
chown -R bridgehead:docker /tmp/bridgehead/
|
||||||
generate_private_oidc_client "OIDC_CLIENT_SECRET" "$(generate_redirect_urls '/opal/*')"
|
generate_private_oidc_client "OIDC_CLIENT_SECRET" "$(generate_redirect_urls '/opal/*')"
|
||||||
|
|
|
@ -3,5 +3,5 @@
|
||||||
if [ "$ENABLE_LOGIN" == true ]; then
|
if [ "$ENABLE_LOGIN" == true ]; then
|
||||||
log INFO "Login setup detected -- will start Login services."
|
log INFO "Login setup detected -- will start Login services."
|
||||||
OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml"
|
OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml"
|
||||||
KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Keycloak. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
KEYCLOAK_DB_PASSWORD="$(generate_password \"local Keycloak\")"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -307,3 +307,16 @@ generate_redirect_urls(){
|
||||||
fi
|
fi
|
||||||
echo "$redirect_urls"
|
echo "$redirect_urls"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
generate_password(){
|
||||||
|
local seed_text="$1"
|
||||||
|
local random_digit=$(openssl rand -hex 1 | head -c 1)
|
||||||
|
local random_upper=$(openssl rand -base64 3 | tr -dc 'A-Z' | head -c 1)
|
||||||
|
local random_lower=$(openssl rand -base64 3 | tr -dc 'a-z' | head -c 1)
|
||||||
|
local random_special=$(echo '@#$%^&+=' | fold -w1 | shuf -n1)
|
||||||
|
|
||||||
|
local combined_text="This is a salt string to generate one consistent password for ${seed_text}. It is not required to be secret."
|
||||||
|
local main_password=$(echo "${combined_text}" | openssl rsautl -sign -inkey "/etc/bridgehead/pki/${SITE_ID}.priv.pem" | base64 | head -c 26)
|
||||||
|
|
||||||
|
echo "${main_password}${random_digit}${random_upper}${random_lower}${random_special}"
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue