Service configuration for auth and logging

jmpsec · Aug 24, 2019 · 29a80c8 · 29a80c8
1 parent bfcd620
commit 29a80c8
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 8 deletions.
diff --git a/deploy/lib.sh b/deploy/lib.sh
@@ -212,18 +212,23 @@ function certbot_certificates_nginx() {
 #   string  service_host_port (host|port)
 #   string  service_name
 #   string  listener
+#   string  auth_option
+#   string  logging_option
+#   string  sudo_command
 function configuration_service() {
   local __conf=$1
   local __dest=$2
   local __tlshost=`echo $3 | cut -d"|" -f1`
   local __tlsport=`echo $3 | cut -d"|" -f2`
   local __service=$4
   local __listener=$5
-  local __sudo=$6
+  local __auth=$6
+  local __logging=$7
+  local __sudo=$8
 
   log "Generating $__dest configuration"
 
-  cat "$__conf" | sed "s|_SERVICE_PORT|$__tlsport|g" | sed "s|_SERVICE_HOST|$__tlshost|g" | sed "s|_LISTENER|$__listener|g" | sed "s|_SERVICE_NAME|$__service|g" | $__sudo tee "$__dest"
+  cat "$__conf" | sed "s|_SERVICE_PORT|$__tlsport|g" | sed "s|_SERVICE_HOST|$__tlshost|g" | sed "s|_LISTENER|$__listener|g" | sed "s|_SERVICE_NAME|$__service|g" | sed "s|_SERVICE_AUTH|$__auth|g" | sed "s|_SERVICE_LOGGING|$__logging|g" | $__sudo tee "$__dest"
 }
 
 # DB configuration file generation

diff --git a/deploy/provision.sh b/deploy/provision.sh
@@ -162,11 +162,15 @@ _DB_PORT="5432"
 _T_INT_PORT="9000"
 _T_PUB_PORT="443"
 _T_HOST="127.0.0.1"
+_T_AUTH="none"
+_T_LOGGING="db"
 
 # Admin Service
 _A_INT_PORT="9001"
 _A_PUB_PORT="8443"
 _A_HOST="127.0.0.1"
+_A_AUTH="db"
+_A_LOGGING="db"
 
 # Default admin credentials with random password
 _ADMIN_USER="admin"
@@ -492,7 +496,7 @@ if [[ "$PART" == "all" ]] || [[ "$PART" == "$TLS_COMPONENT" ]]; then
   make tls
 
   # Configuration file generation for TLS service
-  configuration_service "$SOURCE_PATH/deploy/$SERVICE_TEMPLATE" "$DEST_PATH/config/$TLS_CONF" "$_T_HOST|$_T_INT_PORT" "$TLS_COMPONENT" "127.0.0.1" "sudo"
+  configuration_service "$SOURCE_PATH/deploy/$SERVICE_TEMPLATE" "$DEST_PATH/config/$TLS_CONF" "$_T_HOST|$_T_INT_PORT" "$TLS_COMPONENT" "127.0.0.1" "$_T_AUTH" "$_T_LOGGING" "sudo"
 
   # Prepare static files for TLS service
   _static_files "$MODE" "$SOURCE_PATH" "$DEST_PATH" "tls/scripts" "scripts"
@@ -510,7 +514,7 @@ if [[ "$PART" == "all" ]] || [[ "$PART" == "$ADMIN_COMPONENT" ]]; then
   make admin
 
   # Configuration file generation for Admin service
-  configuration_service "$SOURCE_PATH/deploy/$SERVICE_TEMPLATE" "$DEST_PATH/config/$ADMIN_CONF" "$_A_HOST|$_A_INT_PORT" "$ADMIN_COMPONENT" "127.0.0.1" "sudo"
+  configuration_service "$SOURCE_PATH/deploy/$SERVICE_TEMPLATE" "$DEST_PATH/config/$ADMIN_CONF" "$_A_HOST|$_A_INT_PORT" "$ADMIN_COMPONENT" "127.0.0.1" "$_A_AUTH" "$_A_LOGGING" "sudo"
 
   # Prepare data folder
   sudo mkdir -p "$DEST_PATH/data"

diff --git a/deploy/service.json b/deploy/service.json
@@ -3,7 +3,7 @@
     "listener": "_LISTENER",
     "port": "_SERVICE_PORT",
     "host": "_SERVICE_HOST",
-    "auth": "db",
-    "logging": "db"
+    "auth": "_SERVICE_AUTH",
+    "logging": "_SERVICE_LOGGING"
   }
 }
diff --git a/docker/dockerize.sh b/docker/dockerize.sh
@@ -194,14 +194,14 @@ TLS_JSON="$CONFIGDIR/tls.json"
 if [[ -f "$TLS_JSON" && "$_FORCE" == false ]]; then
   log "Using existing $TLS_JSON"
 else
-  configuration_service "$DEPLOYDIR/service.json" "$TLS_JSON" "localhost|9000" "tls" "0.0.0.0"
+  configuration_service "$DEPLOYDIR/service.json" "$TLS_JSON" "localhost|9000" "tls" "0.0.0.0" "none" "db"
 fi
 
 ADMIN_JSON="$CONFIGDIR/admin.json"
 if [[ -f "$ADMIN_JSON" && "$_FORCE" == false ]]; then
   log "Using existing $ADMIN_JSON"
 else
-  configuration_service "$DEPLOYDIR/service.json" "$ADMIN_JSON" "localhost|9001" "admin" "0.0.0.0"
+  configuration_service "$DEPLOYDIR/service.json" "$ADMIN_JSON" "localhost|9001" "admin" "0.0.0.0" "db" "db"
 fi
 
 DB_JSON="$CONFIGDIR/db.json"