Skip to content

Commit

Permalink
Tests: add a token-based deletion test
Browse files Browse the repository at this point in the history
  • Loading branch information
Radu Carpa committed Dec 13, 2023
1 parent 3c97ab3 commit c62ebfd
Show file tree
Hide file tree
Showing 23 changed files with 2,751 additions and 53 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/integration_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,8 @@ jobs:
run: docker exec -t dev_rucio_1 tools/pytest.sh -v --tb=short tests/test_rse_protocol_rclone.py
- name: Test Conveyor
run: docker exec -t dev_rucio_1 tools/pytest.sh -v --tb=short tests/test_conveyor.py
- name: Test Token Deletion
run: docker exec -t dev_rucio_1 tools/pytest.sh -v --tb=short tests/test_reaper.py::test_deletion_with_tokens
- name: Execute transfer and export FTS transfer details
id: tpc
shell: bash
Expand Down
2 changes: 1 addition & 1 deletion etc/certs/generate.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ openssl x509 -req -days $DAYS -CAcreateserial -extfile <(printf "keyUsage = crit
cat "ruciouser.pem" "ruciouser.key.pem" > "ruciouser.certkey.pem"

# The service certificates
for CN in rucio fts xrd1 xrd2 xrd3 xrd4 minio
for CN in rucio fts xrd1 xrd2 xrd3 xrd4 minio indigoiam keycloak
do
SAN="subjectAltName=DNS:$CN,DNS:localhost,DNS:$CN.default.svc.cluster.local"
openssl req -new -newkey rsa:2048 -noenc -keyout "hostcert_$CN.key.pem" -subj "/CN=$CN" > "hostcert_$CN.csr"
Expand Down
28 changes: 28 additions & 0 deletions etc/certs/hostcert_indigoiam.key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCtxEtXK2Xe5+pP
0ixW+PTLOPMZ1/Jzbmg/XhJS6mFK34fFBSBTOufkO875bu1xjAoSUnHbg2bjejs0
+5mM/Nx9px7WJwAQgQjt4kSC9xBJX0vY2sQPeF1JjpR+cafukji3UvD7xyTUDWWN
NnYVuNQf9Vt7SQI6z3+X60kVeQdgyqg9ZmEcMdLdoMs/qAcPLb2ouE1znCuzUiVw
OhDIZTV79tMcmhtnOAKVUXJZo+IRSII8OdP261hCEkrLQPLJtRS8jxb4TSyOFjQH
+xLP8QAB982pVtl2AOHQzHiJHSNWYcPnLPlU3jPWtKvBE/AXT40I/hzWOywdhBnZ
cCPqgIqLAgMBAAECggEAT55T+QZpAGgZ++XsrBMZMu6OsOY58HsDqBlF4xkCaEig
kH0nUQt6CiD/Vlnl0POd/8Qn6DE+mPc+Hqozsp5/ttE2t2AaTvWYrkrRIoLqwvu3
qI6gbAg2EkiSsJcKH61+8DzAL1URgln7EGeGVrCf/V6yQnxy2ZiOuYC0tXKFl2qy
FneRM/Br3O/aUSs0fRt11rEMDd6JVtIxCmuG7GTYRYZIG2gW6dwHbJOREK4XbbU9
7f81Ts/uGBzlHExIJdwzYb7mZmQVIhsCrpnORcDc0erZnjbsUZ/QLOj6HOLtgtRl
4F0uEcZ7X9/if8Qt4ouVw9USijFnbpi8TSicwoGV4QKBgQDlKbClWbi95IWOLPPb
hcReYl5/wCd9shdJv/5J6cOjAbIzbiRh5abiVbGYGBZTMWgDLmZP632V1+NFrbMV
MiLrk8ODZUzt32hVIvQ0u2MS6jrHDy9/u2ZkGUKcJLK+CMT2ej6myLQqnkBUuttI
werCt2yYSba+nZb1H6w9DAVZYQKBgQDCHdP5qmRz2gNV/fy+eZxLOfbwRGwfc4k2
+tziP8YeUoknGVW0lDdh9uMfvSecx+gjVDfJeVabDsNvEu2qA2DKAWKKQgdHKLmn
hJ10PS88WXU9HtgoyP9JYO3qyLTEN3gPqhLNcGwy9y7cQEj/3teRMRWb3PdVg5Le
4Rn147ePawKBgQCdJRqSONV7ulJvbZoHxlIjWxdsSUuLYW2g0DzDWL8kb8xQgk4G
p+HpwVPYdWQRxoaJ7+6PDXCAKZwbMwLkHQ5fN2PSHcxELngwMZj+9CT7Wo3V5S7w
S4TqTXwk8PF1aTQPxUJjQqxxsTVyJPSsjvW6cufQAnSDgDN9giutbSnZ4QKBgQCv
YRmiSUNGtGMtLzNJuD/wa2divr7dT5paNR6Zvzq1LKbDz4zygLLk7JVZmKGQccCX
IsDgY6NOpnEGCpj1cOXivIuWFH/U18OcySEk4x6pLL3SwepUNv0HA+8Qn9NKMD9m
D6e7OuZWyaLp1Z7epiwm/qziTCqedSid+8xjryCqDwKBgQC9TFiNCUP6FSOCFBjK
WMUr9BTjANuLeaVtYtgthI4LfWkLnXBlfNck16s5ZnV/scnxbklPvlsCihzE5+59
f26ZLRaA7F3Kr4oti796tcly2dOow7JlRZB5KsQOsC2bSMgSd4PH3++Rpz3dXgLJ
nsoFcx/izhtlefBMbIbzetn8Ww==
-----END PRIVATE KEY-----
20 changes: 20 additions & 0 deletions etc/certs/hostcert_indigoiam.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5kwDQYJKoZIhvcNAQEL
BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMxMjEyMTEy
MDA1WhcNNDgwODAyMTEyMDA1WjAUMRIwEAYDVQQDDAlpbmRpZ29pYW0wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtxEtXK2Xe5+pP0ixW+PTLOPMZ1/Jz
bmg/XhJS6mFK34fFBSBTOufkO875bu1xjAoSUnHbg2bjejs0+5mM/Nx9px7WJwAQ
gQjt4kSC9xBJX0vY2sQPeF1JjpR+cafukji3UvD7xyTUDWWNNnYVuNQf9Vt7SQI6
z3+X60kVeQdgyqg9ZmEcMdLdoMs/qAcPLb2ouE1znCuzUiVwOhDIZTV79tMcmhtn
OAKVUXJZo+IRSII8OdP261hCEkrLQPLJtRS8jxb4TSyOFjQH+xLP8QAB982pVtl2
AOHQzHiJHSNWYcPnLPlU3jPWtKvBE/AXT40I/hzWOywdhBnZcCPqgIqLAgMBAAGj
gYkwgYYwRAYDVR0RBD0wO4IJaW5kaWdvaWFtgglsb2NhbGhvc3SCI2luZGlnb2lh
bS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMB0GA1UdDgQWBBQsJE2vd9LskHtE
lJig3pW5WDeA7jAfBgNVHSMEGDAWgBSApEBpOOCBJC8+We2zfCWOdPyuqTANBgkq
hkiG9w0BAQsFAAOCAQEAh0Kx3iYQA8GH3T6JhWCp8VDDpv6EBwHRLR+neKIxNm7E
i1Mv/KrXy9UD8zg2qfz/Fei1nSOjbI4Pw8LGcfMU4JHKjLQOoPGGijLCU3xFXVmU
HfiTbffUcWEdvkYwoYfj787hyz/9epewVQpgG/DnfhRmX/wxUpQ291/Tt+GswozL
kkZ31wQaozzJ4TcZM9BFobTuqljNUJIhXvFfM6zDqTnOuQiTXOtnvPFWbUpDmeOg
cNN2Vbd8HTmR64B6y2v7A1VvaZ3bVynR2X9au93toOvlNhVJuyHkbGhELd8fs/4y
Fi7S3siaP4s/R4Qwa9BJX+JnnfXH+9ZYl1V3VAy6MQ==
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions etc/certs/hostcert_keycloak.key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCw4vMV9VirYh9T
up4rFmDIfJcXnJkWTU3ceaWQVCBCK/wLcXp1bw7DYb3uCwumnTbk1I5WTDxsus02
n5vvsOVqvrW82/Jn616tpeaZ0pyh8+O5J9QwBbIVSWpg+atNBR074f4Y0F2YgvQm
UJPO7B6XGyLCeKvR873p2lZdW5wS2kA1uPUCxAIXjiLdqSxVXJDR+F4iqbQoOPLU
i+hUEbwOFwfHZ7RasJ13PBtUd3KJl2dgShP5By+edgLOvLQ0JEvyK8pSHo99iKjz
5pXjntlL0x/k0a43opTItcJ2Stbtkt5BYnpYBRzv/KVA3e6TJeWOSKRooKFiuwdd
7pkcG8bnAgMBAAECggEABNb+LLciU8ojA6D4YUMYUdQANFVaEPSmMTv42OVHCVh3
vykTNIcIjIsDmIb1LNFiEPUfPI2THQHSyfBTDXC1zkEP6u4fs1KK1s3SbJoJJBtE
EKsI0L7ke6r0aK6GzobZy8DSuYNrVC1ybbadsgyJh7vmgb4DLC2doCTpC7Pie4Ix
NfJ8Nbi9zlTu6btMN3FDJDkTLxRJ2V9Qmv2MvKGZiftVD+6dqOyWIbct8+pl7Nj+
M+aTBxmPe1rdr9bwV1R2TOPsts3s1ieoYe2kljybwvf3H6Dw8CrfthHX4dP6MXxs
pig/1WPkYnIMkLCeaQtrIty5Flp1IDd9KQ40c5GtxQKBgQDqC8EHwA2/x7tdZJ0U
PwRHpa8sYx/mlvvgQbEk6Aq1FDt0on3oge5dMhO3aKRWMzCdoCF9eQUI3lOn9Iky
DcsAlNk2pRFiQVTWU9cUMDh3/3cQ1YgTSwrCWQ1/LHRaY6fJH8atXTi5IzTwBa7g
t3wt2nUXgfcDYb58TMHgESzNmwKBgQDBepot/5iPZN7lKq/sZBU+/cLwGix4H7Ge
cGDt5Gy/CPYlfMJbP2UW5ZSOyNI0mJuy5lULnPoY6hrUe10xi3pNSgRsHxOOovIl
WEU1JhVENgIm3Tcz7ZhvJtb6N160Sxvpk5i1c4VZZryqfWBXT4pg+w/gHySou99L
SvEqVabmpQKBgQCPoVT9x5vodM+EOgm38hBTU9eT2uUp4sCCWG444vonNFpkco/o
T0yT/vZgmSQ5DkMoiKvkz48KaT5XlVdY02QgYDiJM3XeoY9J1LvqVMliwvEz8IcI
qAXbTUFeKU7iZcQDRq/rlokH/RYwspwmphPcI/O10Hlhput6ZrSYKJIhPwKBgQCD
/kZM90B3IxPFN9gI50ZvUOO6tcB8uvKL6pLV+K4PredvL6vQYHFwq3Mr7ekqJKqj
4+tFHvSoJp3jM74iXMs1Czf1I0ZOWu/jdlLQrYh4nnfdV7GfZYpG2jJzRW8AhPUn
5p+ZupPQp/wyO5KMPiFjhCQSfGygCHuPfDMG9KQGWQKBgQCT9FPPfKbgRpKxv4kn
R1yLMSuPf1vFkWooRdei5NMIxrrEXQR7+M5i0UxvgUtHFYKehCdyJgQXSdanAp2+
nksrjJ8Ji82qR+7RFFKjtiR7VBGvwLUxxf2cOFwW5UYVIDD+UtDoAaGqNw3r4t76
SVy2+M3HFC+U2KwNf/3sRm88Hw==
-----END PRIVATE KEY-----
20 changes: 20 additions & 0 deletions etc/certs/hostcert_keycloak.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSDCCAjCgAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5owDQYJKoZIhvcNAQEL
BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMxMjEyMTEy
MDQ4WhcNNDgwODAyMTEyMDQ4WjATMREwDwYDVQQDDAhrZXljbG9hazCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALDi8xX1WKtiH1O6nisWYMh8lxecmRZN
Tdx5pZBUIEIr/AtxenVvDsNhve4LC6adNuTUjlZMPGy6zTafm++w5Wq+tbzb8mfr
Xq2l5pnSnKHz47kn1DAFshVJamD5q00FHTvh/hjQXZiC9CZQk87sHpcbIsJ4q9Hz
venaVl1bnBLaQDW49QLEAheOIt2pLFVckNH4XiKptCg48tSL6FQRvA4XB8dntFqw
nXc8G1R3comXZ2BKE/kHL552As68tDQkS/IrylIej32IqPPmleOe2UvTH+TRrjei
lMi1wnZK1u2S3kFielgFHO/8pUDd7pMl5Y5IpGigoWK7B13umRwbxucCAwEAAaOB
hzCBhDBCBgNVHREEOzA5gghrZXljbG9ha4IJbG9jYWxob3N0giJrZXljbG9hay5k
ZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMB0GA1UdDgQWBBSWJb2GH++dve3l/qg1
o4RL4uM8hjAfBgNVHSMEGDAWgBSApEBpOOCBJC8+We2zfCWOdPyuqTANBgkqhkiG
9w0BAQsFAAOCAQEApnxNUKaXMJ78n/EeYpeztKJu42m2LkJu1Jz4n/t9Rj9QvnOk
QdrE0V4SNWckJhuY1fj75Rczjv3pk5bKgy8bkZckSENTtVEGPLPa5fYOtR58YKq4
VhG4YcvCYNrBUZaTIZ5pqjeWDFyEwM3wFk69iLRZhv+jaOqZ7Dnq5AC3ZLeK6bUR
U4Dg9URmZP7dIEoBzbW6luXCOuxKx9bto6mp3Ddc2WiMaUnvYAxM+iCFki6mQFfX
h4Q2EEIUiWgvZD1GMbK5Wrexh/K8Es9LBqZtAgFi5isJ5L1ojdd+XCr5Q+gYIv80
dECdhlcBKok+orDvhUnJvzx0W9yGP5nTGnCvGw==
-----END CERTIFICATE-----
2 changes: 1 addition & 1 deletion etc/certs/rucio_ca.srl
Original file line number Diff line number Diff line change
@@ -1 +1 @@
557A59C5FB5A50CC2BC2093AC184757069749797
557A59C5FB5A50CC2BC2093AC18475706974979A
6 changes: 3 additions & 3 deletions etc/docker/dev/docker-compose.ports.yml
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,12 @@ services:
grafana:
ports:
- "127.0.0.1:3000:3000"
db-iam:
indigoiam-db:
ports:
- "127.0.0.1:3307:3306"
nginx-iam:
indigoiam:
ports:
- "127.0.0.1:9443:443"
iam:
indigoiam-login-service:
ports:
- "127.0.0.1:8090:8090"
82 changes: 52 additions & 30 deletions etc/docker/dev/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ version: "3"
services:
rucioclient:
image: docker.io/rucio/rucio-dev:latest-alma9
entrypoint: ["/rucio_source/etc/docker/dev/rucio_entrypoint.sh"]
entrypoint: ["/rucio_source/etc/docker/dev/rucio/entrypoint.sh"]
command: ["sleep", "infinity"]
profiles:
- client
Expand All @@ -11,44 +11,42 @@ services:
- ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z
- ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z
- ../../certs/rucio_ca.pem:/opt/rucio/etc/rucio_ca.pem:z
- ../../certs/ruciouser.pem:/opt/rucio/etc/usercert.pem:z
- ../../certs/ruciouser.key.pem:/opt/rucio/etc/userkey.pem:z
- ../../certs/ruciouser.pem:/tmp/usercert.pem:z
- ../../certs/ruciouser.key.pem:/tmp/userkey.pem:z
- ../../certs/ruciouser.certkey.pem:/opt/rucio/etc/usercertkey.pem:z
- ../../certs/ssh/ruciouser_sshkey.pub:/root/.ssh/ruciouser_sshkey.pub:z
- ../../certs/ssh/ruciouser_sshkey:/root/.ssh/ruciouser_sshkey:z
- ./rucio/idpsecrets.json:/opt/rucio/etc/idpsecrets.json:ro
- ../../../tools:/opt/rucio/tools:Z
- ../../../bin:/opt/rucio/bin:Z
- ../../../lib:/opt/rucio/lib:Z
- ../../../tests:/opt/rucio/tests:Z
- ../../../:/rucio_source:ro
environment:
- RUCIO_SOURCE_DIR=/rucio_source
- X509_USER_CERT=/opt/rucio/etc/usercert.pem
- X509_USER_KEY=/opt/rucio/etc/userkey.pem
- RDBMS
rucio:
image: docker.io/rucio/rucio-dev:latest-alma9
entrypoint: ["/rucio_source/etc/docker/dev/rucio_entrypoint.sh"]
entrypoint: ["/rucio_source/etc/docker/dev/rucio/entrypoint.sh"]
command: ["httpd","-D","FOREGROUND"]
volumes:
- ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z
- ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z
- ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z
- ../../certs/rucio_ca.pem:/opt/rucio/etc/rucio_ca.pem:z
- ../../certs/ruciouser.pem:/opt/rucio/etc/usercert.pem:z
- ../../certs/ruciouser.key.pem:/opt/rucio/etc/userkey.pem:z
- ../../certs/ruciouser.pem:/tmp/usercert.pem:z
- ../../certs/ruciouser.key.pem:/tmp/userkey.pem:z
- ../../certs/ruciouser.certkey.pem:/opt/rucio/etc/usercertkey.pem:z
- ../../certs/ssh/ruciouser_sshkey.pub:/root/.ssh/ruciouser_sshkey.pub:z
- ../../certs/ssh/ruciouser_sshkey:/root/.ssh/ruciouser_sshkey:z
- ./rucio/idpsecrets.json:/opt/rucio/etc/idpsecrets.json:ro
- ../../../tools:/opt/rucio/tools:Z
- ../../../bin:/opt/rucio/bin:Z
- ../../../lib:/opt/rucio/lib:Z
- ../../../tests:/opt/rucio/tests:Z
- ../../../:/rucio_source:ro
environment:
- RUCIO_SOURCE_DIR=/rucio_source
- X509_USER_CERT=/opt/rucio/etc/usercert.pem
- X509_USER_KEY=/opt/rucio/etc/userkey.pem
- RDBMS
ruciodb:
image: docker.io/postgres:14
Expand All @@ -72,6 +70,8 @@ services:
image: docker.io/elasticsearch:7.4.0
environment:
- discovery.type=single-node
profiles:
- elastic
activemq:
image: docker.io/webcenter/activemq:latest
environment:
Expand Down Expand Up @@ -187,9 +187,11 @@ services:
image: docker.io/rucio/xrootd
profiles:
- storage
environment:
- XRDPORT=1097
volumes:
- ./xrd4/xrootd.cfg:/etc/xrootd/xrdrucio.cfg:ro
- ./xrd4/entrypoint.sh:/docker-entrypoint.sh:ro
- ./xrd4/scitokens.cfg:/etc/xrootd/scitokens.cfg:ro
- ./xrd4/Authfile:/etc/xrootd/Authfile:ro
- ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z
- ../../certs/hostcert_xrd4.pem:/tmp/xrdcert.pem:Z
- ../../certs/hostcert_xrd4.key.pem:/tmp/xrdkey.pem:Z
Expand Down Expand Up @@ -242,44 +244,53 @@ services:
image: docker.io/grafana/grafana:latest
profiles:
- monitoring
db-iam:
indigoiam-db:
image: mariadb:10.11
profiles:
- iam
healthcheck:
test: mysql -u indigoiam -psecret indigoiam -e "select * from client_details where client_name='rucio'" | grep 'rucio' > /dev/null
interval: 5s
retries: 10
environment:
- TZ=Europe/Paris
- MYSQL_ROOT_PASSWORD=supersecret
- MYSQL_USER=iam
- MYSQL_USER=indigoiam
- MYSQL_PASSWORD=secret
- MYSQL_DATABASE=iam_db
nginx-iam:
- MYSQL_DATABASE=indigoiam
volumes:
- ./indigoiam/indigoiam_test_db.sql:/docker-entrypoint-initdb.d/init.sql:ro
indigoiam:
image: nginx
profiles:
- iam
dns_search: cern.ch
environment:
TZ: Europe/Paris
NGINX_HOST: iam
NGINX_HOST: indigoiam
NGINX_PORT: 443
volumes:
- ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z
# - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z
# - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z
- /etc/grid-security/:/etc/grid-security/
- ../../certs/hostcert_indigoiam.pem:/etc/grid-security/hostcert.pem:z
- ../../certs/hostcert_indigoiam.key.pem:/etc/grid-security/hostkey.pem:z
- /dev/urandom:/dev/random
- ../../iam-assets/iam.conf:/etc/nginx/conf.d/default.conf:ro
iam:
- ./indigoiam/indigoiam_nginx.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- indigoiam-login-service
ports:
- "127.0.0.1:443:443"
indigoiam-login-service:
profiles:
- iam
image: indigoiam/iam-login-service:v1.8.2
volumes:
- ../../iam-assets/keystore.jwks:/keystore.jwks:ro
- ./indigoiam/indigoiam_keystore.jwks:/keystore.jwks:ro
environment:
- IAM_JAVA_OPTS=-Djava.security.egd=file:/dev/urandom -Dspring.profiles.active=prod,oidc,cern,registration,wlcg-scopes -agentlib:jdwp=transport=dt_socket,server=y,address=1044,suspend=n -Dlogging.file.name=/var/log/iam/iam.log
- IAM_HOST=<IAM_HOSTNAME>
- IAM_HOST=indigoiam
- IAM_PORT=8090
- IAM_BASE_URL=https://<IAM_HOSTNAME>
- IAM_ISSUER=https://<IAM_HOSTNAME>
- IAM_BASE_URL=https://indigoiam/
- IAM_ISSUER=https://indigoiam/
- IAM_FORWARD_HEADERS_STRATEGY=native
- IAM_KEY_STORE_LOCATION=file:/keystore.jwks
- IAM_JWK_CACHE_LIFETIME=21600
Expand All @@ -293,8 +304,19 @@ services:
- IAM_LOCAL_RESOURCES_LOCATION=file:/indigo-iam/local-resources
- IAM_ORGANISATION_NAME=rucio-dc
- IAM_TOPBAR_TITLE="INDIGO IAM for rucio-dc"
- IAM_DB_HOST=<IAM_DB_HOSTNAME>
- IAM_DB_PORT=3307
- IAM_DB_NAME=iam_db
- IAM_DB_USERNAME=iam
- IAM_DB_HOST=indigoiam-db
- IAM_DB_PORT=3306
- IAM_DB_NAME=indigoiam
- IAM_DB_USERNAME=indigoiam
- IAM_DB_PASSWORD=secret
depends_on:
indigoiam-db:
condition: service_healthy
keycloak:
command: ['start-dev', '--features=token-exchange']
profiles:
- iam
image: quay.io/keycloak/keycloak:23.0.1
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=secret
File renamed without changes.
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
server {
listen 443 ssl;
server_name <hostname>;
listen 443 ssl default_server;
server_name indigoiam;
access_log /var/log/nginx/iam.access.log combined;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/grid-security/hostcert.pem;
ssl_certificate_key /etc/grid-security/hostkey.pem;

location / {
proxy_pass http://<hostname>:8090;
proxy_pass http://indigoiam-login-service:8090;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
Expand Down
Loading

0 comments on commit c62ebfd

Please sign in to comment.