From 6d24dbce7f9710dc4050ec62fc6016273bd38cd4 Mon Sep 17 00:00:00 2001
From: Torben Brenner <t.brenner@dkfz-heidelberg.de>
Date: Wed, 7 Dec 2022 15:46:19 +0100
Subject: [PATCH] Added Configuration for Local ID-Management

---
 ccp/modules/id-management-compose.yml | 75 +++++++++++++++++++++++++++
 ccp/modules/id-management-setup.sh    | 17 ++++++
 ccp/vars                              |  3 ++
 lib/functions.sh                      |  2 +-
 4 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 ccp/modules/id-management-compose.yml
 create mode 100644 ccp/modules/id-management-setup.sh

diff --git a/ccp/modules/id-management-compose.yml b/ccp/modules/id-management-compose.yml
new file mode 100644
index 0000000..0968048
--- /dev/null
+++ b/ccp/modules/id-management-compose.yml
@@ -0,0 +1,75 @@
+version: "3.7"
+services:
+  id-manager:
+    image: docker.verbis.dkfz.de/bridgehead/magicpl
+    environment:
+      TOMCAT_REVERSEPROXY_FQDN: ${HOST}
+      MAGICPL_SITE: ${SITE_ID}
+      MAGICPL_ALLOWED_ORIGINS: https://${HOST}
+      MAGICPL_LOCAL_PATIENTLIST_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
+      MAGICPL_CENTRAXX_APIKEY: ${IDMANAGER_CENTRAXX_APIKEY}
+      MAGICPL_CONNECTOR_APIKEY: ${IDMANAGER_CONNECTOR_APIKEY}
+      MAGICPL_CENTRAL_PATIENTLIST_APIKEY: ${IDMANAGER_CENTRAL_PATIENTLIST_APIKEY}
+      MAGICPL_CONTROLNUMBERGENERATOR_APIKEY: ${IDMANAGER_CONTROLNUMBERGENERATOR_APIKEY}
+      MAGICPL_OIDC_CLIENT_ID: ${IDMANAGER_AUTH_CLIENT_ID}
+      MAGICPL_OIDC_CLIENT_SECRET: ${IDMANAGER_AUTH_CLIENT_SECRET}
+    depends_on:
+      - patientlist
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.id-manager.rule=PathPrefix(`/id-manager`)"
+      - "traefik.http.services.id-manager.loadbalancer.server.port=8080"
+      - "traefik.http.routers.id-manager.tls=true"
+
+  patientlist:
+    image: docker.verbis.dkfz.de/bridgehead/mainzelliste
+    environment:
+      - TOMCAT_REVERSEPROXY_FQDN=${HOST}
+      - ML_SITE=${SITE_ID}
+      - ML_DB_PASS=${PATIENTLIST_POSTGRES_PASSWORD}
+      - ML_API_KEY=${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
+      # Add Variables from /etc/patientlist-id-generators.env
+      - ML_BK_IDGENERATOR_RANDOM_1
+      - ML_BK_IDGENERATOR_RANDOM_2
+      - ML_BK_IDGENERATOR_RANDOM_3
+      - ML_MDS_IDGENERATOR_RANDOM_1
+      - ML_MDS_IDGENERATOR_RANDOM_2
+      - ML_MDS_IDGENERATOR_RANDOM_3
+      - ML_DKTK000001985_IDGENERATOR_RANDOM_1
+      - ML_DKTK000001985_IDGENERATOR_RANDOM_2
+      - ML_DKTK000001985_IDGENERATOR_RANDOM_3
+      - ML_DKTK000001986_IDGENERATOR_RANDOM_1
+      - ML_DKTK000001986_IDGENERATOR_RANDOM_2
+      - ML_DKTK000001986_IDGENERATOR_RANDOM_3
+      - ML_DKTK000001950_IDGENERATOR_RANDOM_1
+      - ML_DKTK000001950_IDGENERATOR_RANDOM_2
+      - ML_DKTK000001950_IDGENERATOR_RANDOM_3
+      - ML_DKTK000001951_IDGENERATOR_RANDOM_1
+      - ML_DKTK000001951_IDGENERATOR_RANDOM_2
+      - ML_DKTK000001951_IDGENERATOR_RANDOM_3
+      - ML_DKTK999999999_IDGENERATOR_RANDOM_1
+      - ML_DKTK999999999_IDGENERATOR_RANDOM_2
+      - ML_DKTK999999999_IDGENERATOR_RANDOM_3
+      - ML_DKTK000002089_IDGENERATOR_RANDOM_1
+      - ML_DKTK000002089_IDGENERATOR_RANDOM_2
+      - ML_DKTK000002089_IDGENERATOR_RANDOM_3
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.patientlist.rule=PathPrefix(`/patientlist`)"
+      - "traefik.http.services.patientlist.loadbalancer.server.port=8080"
+      - "traefik.http.routers.patientlist.tls=true"
+    depends_on:
+      - patientlist-db
+
+  patientlist-db:
+    image: postgres:14-alpine
+    environment:
+      POSTGRES_USER: "mainzelliste"
+      POSTGRES_DB: "mainzelliste"
+      POSTGRES_PASSWORD: ${PATIENTLIST_POSTGRES_PASSWORD}
+    volumes:
+      - "patientlist-db-data:/var/lib/postgresql/data"
+
+volumes:
+  patientlist-db-data:
+
diff --git a/ccp/modules/id-management-setup.sh b/ccp/modules/id-management-setup.sh
new file mode 100644
index 0000000..ca939fb
--- /dev/null
+++ b/ccp/modules/id-management-setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+function idManagementSetup() {
+	if [ -n "$ENABLE_ID_MANAGEMENT" ]; then
+		log INFO "id-management setup detected -- will start id-management (mainzelliste & magicpl)."
+		OVERRIDE+=" -f ./$PROJECT/modules/id-management-compose.yml"
+
+		# Auto Generate local Passwords
+		PATIENTLIST_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+		IDMANAGER_LOCAL_PATIENTLIST_APIKEY="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+
+		# Source the ID Generators Configuration
+		source /etc/bridgehead/patientlist-id-generators.env
+		log INFO "ID-Management Generator 1: ${ML_BK_IDGENERATOR_RANDOM_1}"
+	fi
+
+}
diff --git a/ccp/vars b/ccp/vars
index 63def80..89deae0 100644
--- a/ccp/vars
+++ b/ccp/vars
@@ -8,6 +8,9 @@ REPORTHUB_BEAM_SECRET_LONG="ApiKey report-hub.${PROXY_ID} ${REPORTHUB_BEAM_SECRE
 SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 
+# This will load id-management setup. Effective only if id-management configuration is defined.
+source $PROJECT/modules/id-management-setup.sh
+idManagementSetup
 # This will load nngm setup. Effective only if nngm configuration is defined.
 source $PROJECT/nngm-setup.sh
 nngmSetup
diff --git a/lib/functions.sh b/lib/functions.sh
index 4f40fd0..355ebaa 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -131,7 +131,7 @@ fail_and_report() {
 
 setHostname() {
 	if [ -z "$HOST" ]; then
-		export HOST=$(hostname -f)
+		export HOST=$(hostname -f | tr "[:upper:]" "[:lower:]")
 		log DEBUG "Using auto-detected hostname $HOST."
 	fi
 }