Merge branch 'main' into deployment-to-cloud

deployement/README.md

@@ -136,7 +136,7 @@ Already actions secret:
 
 # K8S services (deploy from scratch)
 Already actions secret:
-  - default_clientSecret
+  - clientSecret
 
 - az login
 - az aks get-credentials --resource-group $AKS_RESOURCE_GROUP_NAME --name $KUBERNETES_CLUSTER_NAME
@@ -152,7 +152,7 @@ Already actions secret:
 - kubectl create secret generic internalfusionauthurl --from-literal=internalFusionAuthURL=$internalFusionAuthURL
 - kubectl create secret generic appurl --from-literal=appURL=$appURL
 - kubectl create secret generic vitebackendurl --from-literal=VITE_BACKEND_URL=$VITE_BACKEND_URL
-- kubectl create secret generic defaultclientsecret --from-literal=default_clientSecret=$default_clientSecret
+- kubectl create secret generic clientsecret --from-literal=clientSecret=$clientSecret
 
 - kubectl apply -f analytics.yaml
 - kubectl apply -f auth.yaml

deployement/k8s/auth.yaml

@@ -25,7 +25,7 @@ spec:
           - secretRef:
               name: appurl
           - secretRef:
-              name: defaultclientsecret
+              name: clientsecret
 ---
 apiVersion: v1
 kind: Service

docker-compose.yml

@@ -19,8 +19,7 @@ services:
     depends_on:
       - mongo
     environment:
-      - default_clientSecret=super-secret-secret-that-should-be-regenerated-for-production
-      - adac_clientSecret=77871c4bf3e249b3ad9cdcd880ff37c1
+      - clientSecret=super-secret-secret-that-should-be-regenerated-for-production
       - appURL=http://localhost
       - fusionAuthURL=http://localhost:9011
       - internalFusionAuthURL=http://host.docker.internal:9011
@@ -44,7 +43,7 @@ services:
       - "5174:3000"
     environment:
       - VITE_TENANT=adac
-      - VITE_TENANT_CLIENT_ID=e9fdb985-9173-4e01-9d73-ac2d60d1dc8e
+      - VITE_TENANT_CLIENT_ID=ddde566b-3b30-4b52-9aed-0016d0deb906
       - VITE_TENANT_LOGO=/adac-logo.png
       - VITE_TENANT_BACKGROUNDCOLOR=#FFFF00
       - VITE_BACKEND_URL=http://localhost/api

services/auth-service/index.js

@@ -12,6 +12,10 @@ dotenv.config();
 const app = express();
 const port = 1337; // default port to listen
 
+if (!process.env.clientSecret) {
+  console.error('Missing clientSecret from .env');
+  process.exit();
+}
 if (!process.env.fusionAuthURL) {
   console.error('Missing fusionAuthURL from .env');
   process.exit();
@@ -24,6 +28,7 @@ if (!process.env.appURL) {
   console.error('Missing appURL from .env');
   process.exit();
 }
+const clientSecret = process.env.clientSecret;
 const appURL = process.env.appURL;
 const fusionAuthURL = process.env.fusionAuthURL;
 const internalFusionAuthURL = process.env.internalFusionAuthURL;
@@ -116,13 +121,6 @@ app.get('/oauth-redirect', async (req, res, next) => {
     return;
   }
 
-  const clientSecret = process.env[`${tenant}_clientSecret`];
-  if (!clientSecret) {
-    console.error(`Missing ${tenant}_clientSecret from .env`);
-    res.redirect(302, tenantToPath(tenant));
-    return;
-  }
-
   try {
     console.log(authCode, clientId, clientSecret, userSessionCookie.verifier);
     // Exchange Auth Code and Verifier for Access Token

services/auth-service/version.txt

@@ -1 +1 @@
-v1.0.6
+v1.0.7

tenant/frontend-template.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend-%tenant%-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frontend-%tenant%
+  template:
+    metadata:
+      labels:
+        app: frontend-%tenant%
+    spec:
+      containers:
+      - name: frontend-%tenant%
+        image: rtwcr1.azurecr.io/frontend
+        ports:
+        - containerPort: 3000
+        envFrom:
+          - secretRef:
+            name: all_credentials
+        env:
+          - name: VITE_TENANT
+            value: %tenant%
+          - name: VITE_TENANT_CLIENT_ID
+            value: %applicationId%
+          - name: VITE_TENANT_BACKGROUNDCOLOR
+            value: "%backgroundColor%"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-%tenant%
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: %port%
+    targetPort: 3000
+  selector:
+    app: frontend-%tenant%

tenant/ingres-template.yaml

@@ -0,0 +1,7 @@
+      - path: /()(%tenant%/.*)
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: frontend-%tenant%
+            port:
+              number: %port%

fusionauth/package.json → tenant/package.json

@@ -1,15 +1,16 @@
 {
-  "name": "fusionauth",
+  "name": "tenant",
   "version": "1.0.0",
   "description": "",
-  "main": "fa-tenant-creation.js",
+  "main": "tenant-creation.js",
   "scripts": {
-    "start": "node fa-tenant-creation.js"
+    "start": "node tenant-creation.js"
   },
   "author": "",
   "license": "ISC",
   "dependencies": {
     "@fusionauth/node-client": "^1.48.0",
+    "prompt-sync": "^4.2.0",
     "uuid": "^9.0.1"
   }
 }

fusionauth/fa-tenant-creation.js → tenant/tenant-creation.js

@@ -1,8 +1,11 @@
 const uuid = require('uuid');
 const { FusionAuthClient } = require('@fusionauth/node-client');
+const prompt = require('prompt-sync')();
+const fs = require('fs');
 
 const appUrl = 'http://localhost';
 const client = new FusionAuthClient('33052c8a-c283-4e96-9d2a-eb1215c69f8f-not-for-prod', 'http://localhost:9011');
+const clientSecret = "super-secret-secret-that-should-be-regenerated-for-production";
 
 async function deleteTenant(tenantName) {
     try {
@@ -33,7 +36,6 @@ async function create(tenantName) {
         client.tenantId = tenantId;
 
         let applicationId = uuid.v4();
-        let clientSecret = uuid.v4().replace(/-/g, '');
         await client.createApplication(applicationId, {
             "application": {
                 "name": `${tenantName}-app`,
@@ -62,19 +64,43 @@ async function create(tenantName) {
                 },
             }
         });
-        return {tenantId, applicationId, clientSecret};
+        return { tenantId, applicationId };
     } catch (e) {
         console.log(e);
     }
 }
 
+function createK8sFrontendYaml(tenant, applicationId, port, backgroundColor) {
+    let frontendYaml = fs.readFileSync('./frontend-template.yaml', 'utf8');
+    const replacements = { "%tenant%": tenant, "%applicationId%": applicationId, "%port%": port, "%backgroundColor%": backgroundColor };
+    let frontendTenantYaml = frontendYaml.replace(/%\w+%/g, function(all) {
+        return replacements[all] || all;
+    });
+    // TODO: deployement typo
+    fs.writeFileSync(`../deployement/k8s/frontend-${tenant}.yaml`, frontendTenantYaml);
+}
+
+function appendTenantToIngress(tenant, port) {
+    let ingressYaml = fs.readFileSync('../deployement/k8s/ingress.yaml', 'utf8');
+    let ingresTemplateYaml = fs.readFileSync('./ingres-template.yaml', 'utf8');
+    const replacements = { "%tenant%": tenant, "%port%": port };
+    let ingresAppendTenantYaml = ingresTemplateYaml.replace(/%\w+%/g, function(all) {
+        return replacements[all] || all;
+    });
+    fs.writeFileSync('../deployement/k8s/ingress.yaml', ingressYaml + "\n" + ingresAppendTenantYaml);
+}
+
 async function main() {
-    const tenantName = "adac";
-    const {tenantId, applicationId, clientSecret} = await create(tenantName);
-    console.log(`Created tenant ${tenantName}`);
+    const tenant = prompt("Tenant name (key): ");
+    const port = prompt("Port: ");
+    const backgroundColor = "#" + prompt("Background-Color: #");
+    const { tenantId, applicationId } = await create(tenant);
+    console.log(`Created tenant ${tenant}`);
     console.log(`- Tenant ID: ${tenantId}`);
     console.log(`- Application ID: ${applicationId}`);
-    console.log(`- Client Secret: ${clientSecret}`);
+    console.log();
+    createK8sFrontendYaml(tenant, applicationId, port, backgroundColor);
+    appendTenantToIngress(tenant, port);
 }
 
 main();