deploy/docker: CLI auth support

Upgrade the CLI tools in the docker deployment to the latest versions that have auth support. This fixes end-to-end script which did not work since the deployment had auth enabled. Signed-off-by: Sergei Trofimov <[email protected]>
veraison · Sep 18, 2023 · c6824b6 · c6824b6
1 parent b93231b
commit c6824b6
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 3 deletions.
diff --git a/deployments/docker/src/builder-dispatcher b/deployments/docker/src/builder-dispatcher
@@ -48,6 +48,8 @@ function deploy() {
     set +a
     cat $BUILD_DIR/deployments/docker/src/config.yaml.template | envsubst > $DEPLOY_DIR/config.yaml
     cat $BUILD_DIR/deployments/docker/src/keycloak.conf.template | envsubst > $DEPLOY_DIR/keycloak.conf
+    cat $BUILD_DIR/deployments/docker/src/cocli-config.yaml.template | envsubst > $DEPLOY_DIR/utils/cocli-config.yaml
+    cat $BUILD_DIR/deployments/docker/src/pocli-config.yaml.template | envsubst > $DEPLOY_DIR/utils/pocli-config.yaml
 
     echo "initializing stores"
     for t in en ta po

diff --git a/deployments/docker/src/builder.docker b/deployments/docker/src/builder.docker
@@ -57,7 +57,7 @@ RUN go mod download &&\
     go install google.golang.org/protobuf/cmd/[email protected] &&\
     go install google.golang.org/grpc/cmd/[email protected] &&\
     go install github.com/mitchellh/[email protected] &&\
-    go install github.com/veraison/corim/cocli@latest &&\
+    go install github.com/veraison/corim/cocli@eeb7bd48 &&\
     go install github.com/veraison/evcli/v2@latest &&\
     go install github.com/veraison/pocli@latest &&\
     go install github.com/go-delve/delve/cmd/dlv@latest

diff --git a/deployments/docker/src/cocli-config.yaml.template b/deployments/docker/src/cocli-config.yaml.template
@@ -0,0 +1,8 @@
+api_server: http://provisioning-service:${PROVISIONING_PORT}/endorsement-provisioning/v1/submit
+auth: oauth2
+username: veraison-provisioner
+password: veraison
+client_id: veraison-client
+client_secret: YifmabB4cVSPPtFLAmHfq7wKaEHQn10Z
+token_url: http://keycloak-service:${KEYCLOAK_PORT}/realms/veraison/protocol/openid-connect/token
+# vim: set ft=yaml:
diff --git a/deployments/docker/src/config.yaml.template b/deployments/docker/src/config.yaml.template
@@ -38,5 +38,5 @@ po-agent:
 auth:
   backend: keycloak
   host: keycloak-service
-  port: 11111
+  port: ${KEYCLOAK_PORT}
 # vim: set ft=yaml:
diff --git a/deployments/docker/src/manager.docker b/deployments/docker/src/manager.docker
@@ -33,10 +33,12 @@ USER manager
 WORKDIR /opt/veraison
 
 RUN mkdir -p /home/manager/.config/pocli && \
-    echo "host: management-service" > /home/manager/.config/pocli/config.yaml
+    mkdir -p /home/manager/.config/cocli
 
 ADD --chown=manager:nogroup utils/evcli utils/cocli utils/pocli ./utils/
 ADD --chown=manager:nogroup manager-dispatcher ./
+ADD --chown=manager:nogroup utils/cocli-config.yaml /home/manager/.config/cocli/config.yaml
+ADD --chown=manager:nogroup utils/pocli-config.yaml /home/manager/.config/pocli/config.yaml
 
 ENTRYPOINT ["/opt/veraison/manager-dispatcher"]
 CMD ["help"]

diff --git a/deployments/docker/src/pocli-config.yaml.template b/deployments/docker/src/pocli-config.yaml.template
@@ -0,0 +1,9 @@
+host: management-service
+port: ${MANAGEMENT_PORT}
+auth: oauth2
+username: veraison-provisioner
+password: veraison
+client_id: veraison-client
+client_secret: YifmabB4cVSPPtFLAmHfq7wKaEHQn10Z
+token_url: http://keycloak-service:${KEYCLOAK_PORT}/realms/veraison/protocol/openid-connect/token
+# vim: set ft=yaml: