Merge branch 'simplify-stepup-bootstrap'

Author: pmeulen

stepup/README.md

@@ -21,7 +21,9 @@ First, you need to create an entry in your hosts file (/etc/hosts on *nix system
 127.0.0.1 selfservice.dev.openconext.local ssp.dev.openconext.local gateway.dev.openconext.local middleware.dev.openconext.local ra.dev.openconext.local demogssp.dev.openconext.local tiqr.dev.openconext.local webauthn.dev.openconext.local azuremfa.dev.openconext.local
 ```
 
-Secondly you need to create the `stepup/gateway/surfnet_yubikey.yaml` filewith your Yubikey API credentials. If you do not have API credentials, you can get them at <https://upgrade.yubico.com/getapikey/>. You require a Yubikey to get an API key.
+Secondly you need to create the `stepup/gateway/surfnet_yubikey.yaml` file with your Yubikey API credentials.
+If you do not have API credentials, you can get them at <https://upgrade.yubico.com/getapikey/>.
+You require a Yubikey to get an API key. There credential are used to verify the Yubikey OTP's.
 
 ```yaml
 surfnet_yubikey_api_client:
@@ -30,36 +32,49 @@ surfnet_yubikey_api_client:
     client_secret: 'YOUR_SECRET'
 ```
 
-You should then get the apps initialised
-You can then bring up the containers using docker compose:
-
-Initialise the middelware database:
+Start the containers using docker compose:
 ```
 docker compose up -d
-docker compose exec middleware /var/www/html/bin/console  doctrine:migrations:migrate --env=prod --em=deploy
-docker compose exec middleware chown -R www-data /var/www/html/var/cache/prod/
+```
+or use the included script:
+```
+./start-dev-env.sh
 ```
 
-Then the webauthn db
+Initialise (bootstrap) the middleware, gateway and webauthn database schema's and push
+the configuration to the middleware. This is done by running the following script:
 ```
-docker compose exec webauthn /var/www/html/bin/console  doctrine:migrations:migrate --env=prod
+./bootstrap.sh
 ```
 
-Then you will need to provision the middleware config:
+Then, bootstrap the SRAA. For this, you will need to have a Yubikey.
+Use the following command to bootstrap the SRAA:
 ```
-cd middleware
-./middleware-push-config.sh
-./middleware-push-whitelist.sh
-./middleware-push-institution.sh
+./bootstrap-admin-sraa.sh
 ```
-Then, bootstrap the SRAA. For this, you will need to have a Yubikey. Replace Yubikey_ID with the number that is printed on your yubikey. It should be 8 characters. If it is less, prepend it with 0's
+
+You can now login to the RA application using the admin account. The URL is:
+https://ra.dev.openconext.local
+The username and password for the admin account are:
 ```
-docker compose exec middleware  /var/www/html/bin/console middleware:bootstrap:identity-with-yubikey urn:collab:person:dev.openconext.local:admin dev.openconext.local "Your Name" Your@email nl_NL Yubikey_ID
+username: admin
+password: admin
 ```
 
 Mailcatcher is included. You can view the email by going to http://localhost:1080
 
-A SimpleSAMLPHP sp is included. It can be accessed at https://ssp.dev.openconext.local/simplesaml/sp.php
+A SimpleSAMLPHP SP is included to test authentication from an SP. It can be accessed at https://ssp.dev.openconext.local/simplesaml/sp.php
+
+The selfservice application is available at https://selfservice.dev.openconext.local
+
+There are many user accounts available for testing. See http://ssp.dev.openconext.local/#test-accounts
+We recommend that you use the admin account only to activate additional RA and RAA accounts and do not
+use the admin account itself for testing.
+
+# Version info
+You can use the included `version-info.sh` script to get the version info of the different stepup
+components from the docker containers. This script will show the `version`, `revision` and `created`
+tags of the running containers.
 
 # Starting a project in development mode
 

stepup/bootstrap-admin-sraa.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+# This script is used to bootstrap the admin (SRAA) user in the stepup docker dev environment
+
+# It must be run the first time after the dev environment database has been bootstrapped, before the first login of
+# the "admin" user
+
+# Get the directory of this script
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+# Ask the user for an OTP from their Yubikey
+echo "Please insert the Yubikey you want to use with the admin account and press press the button to generate an OTP"
+read -r -p "Yubikey OTP: " otp
+
+# The Yubikey OTP is a 44 character string, so we need to check that the length is correct
+if [ ${#otp} -ne 44 ]; then
+    echo "Error: The Yubikey OTP is not the correct length (44 characters)"
+    exit 1
+fi
+
+# Get the Yubikey ID from the OTP. The ID is the first 12 characters of the OTP.
+# The ID is ModHex encoded, so we need to decode it to get the decimal value
+
+# Get first 12 characters of the OTP
+yubikey_id_modhex=${otp:0:12}
+echo "Yubikey ID (ModHex): ${yubikey_id_modhex}"
+# Decode the ModHex ID to decimal
+yubikey_id_hex=$(echo "${yubikey_id_modhex}" | tr 'cbdefghijklnrtuv' '0123456789abcdef')
+echo "Yubikey ID (Hex): ${yubikey_id_hex}"
+# Convert the hex ID to decimal
+yubikey_id_dec=$((0x"${yubikey_id_hex}"))
+# Prefix the ID with "0" to make it at least 8 characters long
+yubikey_id=$(printf "%08d" "${yubikey_id_dec}")
+echo "Yubikey ID: ${yubikey_id}"
+echo ""
+
+# Ask the user to confirm
+read -r -p "Do you want to bootstrap the admin user as SRAA with Yubikey ID '${yubikey_id}'? (y/n): " confirm
+if [[ ! $confirm =~ ^[Yy]$ ]]; then
+    echo "Aborting"
+    exit 1
+fi
+
+# Change to script directory
+cd "${DIR}" || exit 1
+
+# Run middleware bootstrap console command:
+echo ""
+echo 'docker compose exec middleware /var/www/html/bin/console middleware:bootstrap:identity-with-yubikey urn:collab:person:dev.openconext.local:admin dev.openconext.local "Admin (SRAA)" admin@dev.openconext.local en_EN ${yubikey_id}'
+docker compose exec middleware /var/www/html/bin/console middleware:bootstrap:identity-with-yubikey urn:collab:person:dev.openconext.local:admin dev.openconext.local "Admin (SRAA)" admin@dev.openconext.local en_GB ${yubikey_id}
+if [ $? -ne 0 ]; then
+    echo "Error: Failed to bootstrap the admin user"
+    exit 1
+fi
+
+echo "Successfully bootstrapped the admin user with Yubikey ID '${yubikey_id}'"
+echo "You can now login to the RA interface at https://ra.dev.openconext.local with the following credentials:"
+echo "User: admin"
+echo "Password: admin"
+echo ""
+

stepup/bootstrap-database.sh

@@ -63,3 +63,10 @@ if ! "${DIR}/middleware/middleware-push-institution.sh"; then
     exit 1
 fi
 echo ""
+
+echo "Successfully initialized/upgraded the stepup database schemas and pushed the configuration"
+echo ""
+echo "Next step: bootstrap the admin (SRAA) user in the stepup docker dev environment"
+echo "           Do this *before* the first login of the \"admin\" user"
+echo "           You can use the script `stepup/bootstrap-admin-sraa.sh` to do this"
+echo ""

stepup/start-dev-env.sh

@@ -9,7 +9,7 @@ if [ -f .env ]; then
   echo "Sourcing .env file"
   source .env
 else
-  echo "no .env file not found."
+  echo ".env file is not present"
 fi
 
 if [ "${STEPUP_VERSION}" == "test" ]; then
@@ -74,8 +74,14 @@ while true; do
   esac
 done
 
+# Start docker compose with the smoketest profile when APP_ENV=smoketest
+if [ "${APP_ENV}" == "smoketest" ]; then
+  extra_compose_args="--profile smoketest"
+  echo -e "${GREEN}Starting in smoketest mode because APP_ENV=smoketest${ENDCOLOR}"
+fi
+
 # Use docker compose to start the environment but with the modified override file(s)
 echo -e "Starting the ${MODE} environment with the following command:\n"
 
-echo -e "docker compose --profile smoketest -f docker-compose.yml ${docker_compose_args[@]} ${extra_compose_args} up ${d_option} ${@:$number_of_dev_envs}\n"
-docker compose --profile smoketest -f docker-compose.yml ${docker_compose_args[@]} ${extra_compose_args} up ${d_option} ${@:$number_of_dev_envs}
+echo -e "docker compose -f docker-compose.yml ${docker_compose_args[@]} ${extra_compose_args} up ${d_option} ${@:$number_of_dev_envs}\n"
+docker compose -f docker-compose.yml ${docker_compose_args[@]} ${extra_compose_args} up ${d_option} ${@:$number_of_dev_envs}