ID-4441: miljøavhengig konfig for eidas-demo-land

docker-compose.yaml

@@ -5,7 +5,7 @@ name: eidas-node-demo
 networks:
   eidas:
     name: eidas
-    
+
 services:
 
   eidas-demo-ca:
@@ -15,6 +15,8 @@ services:
       args:
         GIT_PACKAGE_TOKEN: ${GIT_PACKAGE_TOKEN}
         GIT_PACKAGE_USERNAME: ${GIT_PACKAGE_USERNAME}
+    environment:
+      - ENVIRONMENT=docker-ca
     ports:
       - "8080:8080"
     healthcheck:
@@ -29,6 +31,7 @@ services:
     command:
       - |
         cd /usr/local/tomcat
+        ./bin/addEnvironmentSpesificConfigFiles.sh
         ./bin/catalina.sh run
 
   eidas-demo-cb:
@@ -38,6 +41,8 @@ services:
       args:
         GIT_PACKAGE_TOKEN: ${GIT_PACKAGE_TOKEN}
         GIT_PACKAGE_USERNAME: ${GIT_PACKAGE_USERNAME}
+    environment:
+      - ENVIRONMENT=docker-cb
     ports:
       - "8081:8081"
     healthcheck:
@@ -52,6 +57,7 @@ services:
     command:
       - |
         cd /usr/local/tomcat
+        ./bin/addEnvironmentSpesificConfigFiles.sh
         ./bin/catalina.sh run
 
 

docker/Dockerfile

@@ -20,47 +20,17 @@ RUN unzip eIDAS-node-dl.zip && \
 RUN unzip /data/TOMCAT/config.zip -d /tmp/
 ENV config_path=/tmp/tomcat
 
-# Replace Demo-country CA localhost URLs with eidas-demo-ca.idporten.dev (for systest for now)
-RUN sed -i 's/http:\/\/localhost:8080\/EidasNodeConnector/https:\/\/eidas-demo-ca.eidasnode.dev\/EidasNodeConnector/g' $config_path/connector/eidas.xml
-RUN sed -i 's/http:\/\/localhost:8080\/SpecificConnector/https:\/\/eidas-demo-ca.eidasnode.dev\/SpecificConnector/g' $config_path/connector/eidas.xml
-RUN sed -i 's/http:\/\/localhost:8080/https:\/\/eidas-demo-ca.eidasnode.dev/g' $config_path/proxy/eidas.xml
-RUN sed -i 's/http:\/\/localhost:8080\/SP/https:\/\/eidas-demo-ca.eidasnode.dev\/SP/g' $config_path/sp/sp.properties
-RUN sed -i 's/http:\/\/localhost:8080/https:\/\/eidas-demo-ca.eidasnode.dev/g' $config_path/specificConnector/specificConnector.xml
-RUN sed -i 's/http:\/\/localhost:8080/https:\/\/eidas-demo-ca.eidasnode.dev/g' $config_path/specificProxyService/specificProxyService.xml
-RUN sed -i '/<\/properties/i \
-     <entry key="disallow.self.signed.certificate">false</entry> ' $config_path/connector/eidas.xml
-RUN sed -i '/<\/properties/i \
-     <entry key="disallow.self.signed.certificate">false</entry> ' $config_path/proxy/eidas.xml
-
-RUN sed -i 's/http:\/\/localhost:8080\/EidasNodeConnector\/ServiceProvider/https:\/\/eidas-demo-ca.eidasnode.dev\/EidasNodeConnector\/ServiceProvider/g' $config_path/sp/sp.properties
-RUN sed -i 's/http:\/\/localhost:8080\/EidasNodeProxy\/ServiceMetadata/https:\/\/eidas-demo-ca.eidasnode.dev\/EidasNodeProxy\/ServiceMetadata/g' $config_path/connector/eidas.xml
-
-# Add Norway (NO) as country 6
-RUN sed -i 's/country6.name=CF/country6.name=NO/g' $config_path/sp/sp.properties
-RUN sed -i 's/country6.url=http:\/\/localhost:9080\/EidasNodeConnector/country6.url=https:\/\/connector.eidasnode.dev/g' $config_path/sp/sp.properties
-
-RUN sed -i 's/service6.id">CF/service6.id">NO/g' $config_path/connector/eidas.xml
-RUN sed -i 's/service6.name">LOCAL-EIDAS-CF/service6.name">EIDAS-NO/g' $config_path/connector/eidas.xml
-RUN sed -i 's/service6.metadata.url">http:\/\/localhost:9080\/EidasNodeProxy/service6.metadata.url">https:\/\/proxy.eidasnode.dev/g' $config_path/connector/eidas.xml
-
-
-# Only allow https in proxy and connector
-RUN sed -i 's/metadata.restrict.http">false/metadata.restrict.http">true/g' $config_path/proxy/eidas.xml
-RUN sed -i 's/metadata.restrict.http">false/metadata.restrict.http">true/g' $config_path/connector/eidas.xml
-
-# White-lists for connector and proxy
-COPY docker/demo-config/MetadataFetcher_Connector.properties $config_path/connector/metadata/MetadataFetcher_Connector.properties
-COPY docker/demo-config/MetadataFetcher_Service.properties $config_path/proxy/metadata/MetadataFetcher_Service.properties
-
-# copy keystore with trusted norwegian certificate
-COPY docker/demo-config/connector-eidasKeyStore.p12 $config_path/connector/keystore/eidasKeyStore.p12
+# Delete files to be replaced in proxy and connector
+RUN rm $config_path/connector/eidas.xml && rm $config_path/proxy/eidas.xml && rm $config_path/connector/metadata/MetadataFetcher_Connector.properties && rm $config_path/proxy/metadata/MetadataFetcher_Service.properties && rm $config_path/connector/keystore/eidasKeyStore.p12
+# Delete files to be replaced in spesificConnector, spesificProxy, idp and sp
+RUN rm $config_path/sp/sp.properties && rm $config_path/specificConnector/specificConnector.xml && rm $config_path/specificProxyService/specificProxyService.xml && rm $config_path/idp/idp.properties
 
 FROM tomcat:9.0-jre11-temurin-jammy
 
 #øke stø
 RUN sed -i '/maxParameterCount="1000"/ s/$/\n maxHttpHeaderSize="65536"\n/' ${CATALINA_HOME}/conf/server.xml
 # Copy setenv.sh to /usr/local/tomcat/bin/
-COPY docker/demo-config/setenv.sh ${CATALINA_HOME}/bin/
+COPY docker/tomcat-config/setenv.sh ${CATALINA_HOME}/bin/
 
 # install bouncycastle
 COPY docker/bouncycastle/java_bc.security /opt/java/openjdk/conf/security/java_bc.security
@@ -69,6 +39,11 @@ COPY docker/bouncycastle/bcprov-jdk18on-1.78.jar /usr/local/lib/bcprov-jdk18on-1
 # copy eidas-config
 RUN mkdir -p /usr/local/tomcat/eidas-config/
 COPY --from=builder /tmp/tomcat/ ${CATALINA_HOME}/eidas-config/
+COPY docker/profiles ${CATALINA_HOME}/profiles
+RUN chmod 776 ${CATALINA_HOME}/eidas-config
+
+COPY docker/addEnvironmentSpesificConfigFiles.sh ${CATALINA_HOME}/bin/addEnvironmentSpesificConfigFiles.sh
+RUN chmod 755 ${CATALINA_HOME}/bin/addEnvironmentSpesificConfigFiles.sh
 
 # Add war files to webapps: /usr/local/tomcat/webapps
 COPY --from=builder /data/TOMCAT/*.war ${CATALINA_HOME}/webapps/
@@ -82,4 +57,5 @@ RUN mkdir -p ${CATALINA_HOME}/eidas/logs && chmod 774 ${CATALINA_HOME}/eidas/log
 
 EXPOSE 8080
 
-CMD ["/bin/bash", "-c", "catalina.sh run"]
+CMD ["/bin/bash", "-c", "./bin/addEnvironmentSpesificConfigFiles.sh;catalina.sh run"]
+

docker/addEnvironmentSpesificConfigFiles.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# NB: ${ENVIRONMENT} must be configured in idporten-cd in container.env
+# Copy environment specific config to default config
+ENV_CONFIG=${CATALINA_HOME}/profiles/${ENVIRONMENT}/
+DEFAULT_CONFIG=${CATALINA_HOME}/eidas-config/
+if [ -d "$ENV_CONFIG" ]; then
+    echo "Copy files for environment ${ENVIRONMENT} from $ENV_CONFIG" && ls -lt "$ENV_CONFIG"
+    cp -r "$ENV_CONFIG"** "$DEFAULT_CONFIG"
+fi

docker/dev.CA.Dockerfile

@@ -18,49 +18,18 @@ RUN unzip eIDAS-node-dl.zip && \
 # unzip and add config
 RUN unzip /data/TOMCAT/config.zip -d /tmp/
 ENV config_path=/tmp/tomcat
-RUN cd $config_path
-
-# This is demo-country CA
-RUN sed -i 's/localhost:8080\/EidasNodeConnector/eidas-demo-ca:8080\/EidasNodeConnector/g' $config_path/connector/eidas.xml
-RUN sed -i 's/localhost:8080\/SpecificConnector/eidas-demo-ca:8080\/SpecificConnector/g' $config_path/connector/eidas.xml
-RUN sed -i 's/localhost:8080/eidas-demo-ca:8080/g' $config_path/proxy/eidas.xml
-RUN sed -i 's/localhost:8080\/SP/eidas-demo-ca:8080\/SP/g' $config_path/sp/sp.properties
-RUN sed -i 's/localhost:8080/eidas-demo-ca:8080/g' $config_path/specificConnector/specificConnector.xml
-RUN sed -i 's/localhost:8080/eidas-demo-ca:8080/g' $config_path/specificProxyService/specificProxyService.xml
-RUN sed -i '/<\/properties/i \
-     <entry key="disallow.self.signed.certificate">false</entry> ' $config_path/connector/eidas.xml
-RUN sed -i '/<\/properties/i \
-     <entry key="disallow.self.signed.certificate">false</entry> ' $config_path/proxy/eidas.xml
-
-RUN sed -i 's/localhost:8080\/EidasNodeConnector\/ServiceProvider/eidas-demo-ca:8080\/EidasNodeConnector\/ServiceProvider/g' $config_path/sp/sp.properties
-RUN sed -i 's/localhost:8080\/EidasNodeProxy\/ServiceMetadata/eidas-demo-ca:8080\/EidasNodeProxy\/ServiceMetadata/g' $config_path/connector/eidas.xml
-
-# Modififed for demo-country CB:
-RUN sed -i 's/localhost:8081\/EidasNodeConnector\/ServiceProvider/eidas-demo-cb:8081\/EidasNodeConnector\/ServiceProvider/g' $config_path/sp/sp.properties
-RUN sed -i 's/localhost:8081\/EidasNodeProxy\/ServiceMetadata/eidas-demo-cb:8081\/EidasNodeProxy\/ServiceMetadata/g' $config_path/connector/eidas.xml
-RUN sed -i 's/localhost:8080\/EidasNodeProxy\/ServiceMetadata/eidas-demo-cb:8081\/EidasNodeProxy\/ServiceMetadata/g' $config_path/proxy/eidas.xml
-
-# Add Norway (NO) as country 6
-RUN sed -i 's/country6.name=CF/country6.name=NO/g' $config_path/sp/sp.properties
-RUN sed -i 's/country6.url=http:\/\/localhost:9080/country6.url=http:\/\/eidas-connector:8083/g' $config_path/sp/sp.properties
-
-RUN sed -i 's/service6.id">CF/service6.id">NO/g' $config_path/connector/eidas.xml
-RUN sed -i 's/service6.name">LOCAL-EIDAS-CF/service6.name">LOCAL-EIDAS-NO/g' $config_path/connector/eidas.xml
-RUN sed -i 's/service6.metadata.url">http:\/\/localhost:9080\/EidasNodeProxy/service6.metadata.url">http:\/\/eidas-proxy:8082/g' $config_path/connector/eidas.xml
-
-#Metadata with-listing
-COPY docker/demo-config/MetadataFetcher_Connector.properties $config_path/connector/metadata/MetadataFetcher_Connector.properties
-COPY docker/demo-config/MetadataFetcher_Service.properties $config_path/proxy/metadata/MetadataFetcher_Service.properties
-
-# copy keystore with trusted norwegian certificate
-COPY docker/demo-config/connector-eidasKeyStore.p12 $config_path/connector/keystore/eidasKeyStore.p12
+
+# Delete files to be replaced in proxy and connector
+RUN rm $config_path/connector/eidas.xml && rm $config_path/proxy/eidas.xml && rm $config_path/connector/metadata/MetadataFetcher_Connector.properties && rm $config_path/proxy/metadata/MetadataFetcher_Service.properties && rm $config_path/connector/keystore/eidasKeyStore.p12
+# Delete files to be replaced in spesificConnector, spesificProxy, idp and sp
+RUN rm $config_path/sp/sp.properties && rm $config_path/specificConnector/specificConnector.xml && rm $config_path/specificProxyService/specificProxyService.xml && rm $config_path/idp/idp.properties
 
 FROM tomcat:9.0-jre11-temurin-jammy
 
 RUN sed -i '/maxParameterCount="1000"/ s/$/\n maxHttpHeaderSize="65536"\n/' ${CATALINA_HOME}/conf/server.xml
 
 # Copy setenv.sh to /usr/local/tomcat/bin/
-COPY docker/demo-config/setenv.sh ${CATALINA_HOME}/bin/
+COPY docker/tomcat-config/setenv.sh ${CATALINA_HOME}/bin/
 
 # install bouncycastle
 COPY docker/bouncycastle/java_bc.security /opt/java/openjdk/conf/security/java_bc.security
@@ -69,7 +38,11 @@ COPY docker/bouncycastle/bcprov-jdk18on-1.78.jar /usr/local/lib/bcprov-jdk18on-1
 # copy eidas-config
 RUN mkdir -p /usr/local/tomcat/eidas-config/
 COPY --from=builder /tmp/tomcat/ ${CATALINA_HOME}/eidas-config/
+COPY docker/profiles ${CATALINA_HOME}/profiles
+RUN chmod 776 ${CATALINA_HOME}/eidas-config
 
+COPY docker/addEnvironmentSpesificConfigFiles.sh ${CATALINA_HOME}/bin/addEnvironmentSpesificConfigFiles.sh
+RUN chmod 755 ${CATALINA_HOME}/bin/addEnvironmentSpesificConfigFiles.sh
 
 # Add war files to webapps: /usr/local/tomcat/webapps
 COPY --from=builder /data/TOMCAT/*.war ${CATALINA_HOME}/webapps/

docker/dev.CB.Dockerfile

@@ -17,59 +17,33 @@ RUN unzip eIDAS-node-dl.zip && \
 RUN unzip /data/TOMCAT/config.zip -d /tmp/
 
 ENV config_path=/tmp/tomcat
-RUN cd /tmp/tomcat
-
-# This is demo-country CB
-RUN sed -i 's/localhost:8080\/EidasNodeConnector/eidas-demo-cb:8081\/EidasNodeConnector/g' $config_path/connector/eidas.xml
-RUN sed -i 's/localhost:8080\/SpecificConnector/eidas-demo-cb:8081\/SpecificConnector/g' $config_path/connector/eidas.xml
-RUN sed -i 's/metadata.node.country">CA/metadata.node.country">CB/g' $config_path/connector/eidas.xml
-RUN sed -i 's/metadata.node.country">CA/metadata.node.country">CB/g' $config_path/proxy/eidas.xml
-RUN sed -i 's/service.countrycode">CA/service.countrycode">CB/g' $config_path/proxy/eidas.xml
-RUN sed -i 's/localhost:8080/eidas-demo-cb:8081/g' $config_path/proxy/eidas.xml
-RUN sed -i 's/localhost:8080\/SP/eidas-demo-cb:8081\/SP/g' $config_path/sp/sp.properties
-RUN sed -i 's/localhost:8080/eidas-demo-cb:8081/g' $config_path/specificConnector/specificConnector.xml
-RUN sed -i 's/localhost:8080/eidas-demo-cb:8081/g' $config_path/specificProxyService/specificProxyService.xml
-RUN sed -i 's/DEMO-IDP/DEMO-IDP-CB/g' $config_path/idp/idp.properties
-
-RUN sed -i 's/localhost:8081\/EidasNodeConnector\/ServiceProvider/eidas-demo-cb:8081\/EidasNodeConnector\/ServiceProvider/g' $config_path/sp/sp.properties
-RUN sed -i 's/localhost:8081\/EidasNodeProxy\/ServiceMetadata/eidas-demo-cb:8081\/EidasNodeProxy\/ServiceMetadata/g' $config_path/connector/eidas.xml
-RUN sed -i 's/localhost:8081\/EidasNodeProxy\/ServiceMetadata/eidas-demo-cb:8081\/EidasNodeProxy\/ServiceMetadata/g' $config_path/proxy/eidas.xml
-
-# Modififed for demo-country CA:
-RUN sed -i 's/localhost:8080\/EidasNodeConnector\/ServiceProvider/eidas-demo-ca:8080\/EidasNodeConnector\/ServiceProvider/g' $config_path/sp/sp.properties
-RUN sed -i 's/localhost:8080\/EidasNodeProxy\/ServiceMetadata/eidas-demo-ca:8080\/EidasNodeProxy\/ServiceMetadata/g' $config_path/connector/eidas.xml
-
-# Add Norway (NO) as country 6
-RUN sed -i 's/country6.name=CF/country6.name=NO/g' $config_path/sp/sp.properties
-RUN sed -i 's/country6.url=http:\/\/localhost:9080/country6.url=http:\/\/eidas-connector:8083/g' $config_path/sp/sp.properties
-
-RUN sed -i 's/service6.id">CF/service6.id">NO/g' $config_path/connector/eidas.xml
-RUN sed -i 's/service6.name">LOCAL-EIDAS-CF/service6.name">LOCAL-EIDAS-NO/g' $config_path/connector/eidas.xml
-RUN sed -i 's/service6.metadata.url">http:\/\/localhost:9080\/EidasNodeProxy/service6.metadata.url">http:\/\/eidas-proxy:8082/g' $config_path/connector/eidas.xml
-
-#Metadata with-listing
-COPY docker/demo-config/MetadataFetcher_Connector.properties $config_path/connector/metadata/MetadataFetcher_Connector.properties
-COPY docker/demo-config/MetadataFetcher_Service.properties $config_path/proxy/metadata/MetadataFetcher_Service.properties
-
-# copy keystore with trusted norwegian certificate
-COPY docker/demo-config/connector-eidasKeyStore.p12 $config_path/connector/keystore/eidasKeyStore.p12
+
+# Delete files to be replaced in proxy and connector
+RUN rm $config_path/connector/eidas.xml && rm $config_path/proxy/eidas.xml && rm $config_path/connector/metadata/MetadataFetcher_Connector.properties && rm $config_path/proxy/metadata/MetadataFetcher_Service.properties && rm $config_path/connector/keystore/eidasKeyStore.p12
+# Delete files to be replaced in spesificConnector, spesificProxy, idp and sp
+RUN rm $config_path/sp/sp.properties && rm $config_path/specificConnector/specificConnector.xml && rm $config_path/specificProxyService/specificProxyService.xml && rm $config_path/idp/idp.properties
+
 
 FROM tomcat:9.0-jre11-temurin-jammy
 
 # change tomcat port
 RUN sed -i 's/port="8080"/port="8081"/' ${CATALINA_HOME}/conf/server.xml
 
 # Copy setenv.sh to /usr/local/tomcat/bin/
-COPY docker/demo-config/setenv.sh ${CATALINA_HOME}/bin/
+COPY docker/tomcat-config/setenv.sh ${CATALINA_HOME}/bin/
 
 # install bouncycastle
 COPY docker/bouncycastle/java_bc.security /opt/java/openjdk/conf/security/java_bc.security
 COPY docker/bouncycastle/bcprov-jdk18on-1.78.jar /usr/local/lib/bcprov-jdk18on-1.78.jar
 
 # copy eidas-config
-RUN mkdir -p ${CATALINA_HOME}/eidas-config/
+RUN mkdir -p /usr/local/tomcat/eidas-config/
 COPY --from=builder /tmp/tomcat/ ${CATALINA_HOME}/eidas-config/
+COPY docker/profiles ${CATALINA_HOME}/profiles
+RUN chmod 776 ${CATALINA_HOME}/eidas-config
 
+COPY docker/addEnvironmentSpesificConfigFiles.sh ${CATALINA_HOME}/bin/addEnvironmentSpesificConfigFiles.sh
+RUN chmod 755 ${CATALINA_HOME}/bin/addEnvironmentSpesificConfigFiles.sh
 # Add war files to webapps: /usr/local/tomcat/webapps
 COPY --from=builder /data/TOMCAT/*.war ${CATALINA_HOME}/webapps/