docker/manage

#!/bin/bash
export MSYS_NO_PATHCONV=1
export DOCKERHOST=${APPLICATION_URL-$(docker run --rm --net=host eclipse/che-ip)}
set -e

#
# Global utility functions - START
#
function echoError (){
  _msg=${1}
  _red='\e[31m'
  _nc='\e[0m' # No Color
  echo -e "${_red}${_msg}${_nc}"
}

function echoWarning (){
  _msg=${1}
  _yellow='\e[33m'
  _nc='\e[0m' # No Color
  echo -e "${_yellow}${_msg}${_nc}"
}

function isInstalled () {
  rtnVal=$(type "$1" >/dev/null 2>&1)
  rtnCd=$?
  if [ ${rtnCd} -ne 0 ]; then
    return 1
  else
    return 0
  fi
}

function isS2iInstalled () {
  S2I_EXE=s2i
  if ! isInstalled ${S2I_EXE}; then
    echoError "The ${S2I_EXE} executable is needed and not on your path."
    echoError "It can be downloaded from here: https://github.com/openshift/source-to-image/releases"
    echoError "Make sure you extract the binary and place it in a directory on your path."
    exit 1
  fi
}

function isJQInstalled () {
  JQ_EXE=jq
  if ! isInstalled ${JQ_EXE}; then
    echoError "The ${JQ_EXE} executable is required and was not found on your path."
    echoError "Installation instructions can be found here: https://stedolan.github.io/jq/download"
    echoError "Alternatively, a package manager such as Chocolatey (Windows) or Brew (Mac) can be used to install this dependecy."
    exit 1
  fi
}

function isCurlInstalled () {
  CURL_EXE=curl
  if ! isInstalled ${CURL_EXE}; then
    echoError "The ${CURL_EXE} executable is required and was not found on your path."
    echoError "If your shell of choice doesn't come with curl preinstalled, try installing it using either [Homebrew](https://brew.sh/) (MAC) or [Chocolatey](https://chocolatey.org/) (Windows)."
    exit 1
  fi
}

function isNgrokInstalled () {
  NGROK_EXE=ngrok
  if ! isInstalled ${NGROK_EXE}; then
    echoError "The ${NGROK_EXE} executable is needed and not on your path."
    echoError "It can be downloaded from here: https://ngrok.com/download"
    echoError "Alternatively, a package manager such as Chocolatey (Windows) or Brew (Mac) can be used to install this dependecy."
    exit 1
  fi
}

function checkNgrokTunnelActive () {
  if [ -z "${NGROK_AGENT_ENDPOINT}" ]; then
    echoError "It appears that ngrok tunneling is not enabled."
    echoError "Please open another shell in the scripts folder and execute start-ngrok.sh before trying again."
    exit 1
  fi
}

function customizeKeycloakConfig () {
  # Customize realm settings for development environment
  cp -f ./keycloak/config/realm-export.json ./keycloak/config/realm-export-docker.json
  if [ -z "$GITHUB_CLIENT_ID" ] || [ -z "$GITHUB_CLIENT_SECRET" ]; then
    echoWarning "The client id and/or secret for the integration of GitHub as IDP for Keycloak were not provided."
    echoWarning "Please set the GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET environment variables to use GitHub as your IDP."
    echoWarning "To get your  client id/secret combination, please visit: https://github.com/settings/developers"
    echoWarning "Press Ctrl+C now to stop, or wait to proceed without GitHub integration."
    sleep 8;
  else
    # Preparing Keycloak realm...
    echo "Configuring GitHub IDP integration for Keycloak..."
    sed -i "s/%GITHUB_CLIENT_ID%/$GITHUB_CLIENT_ID/g" ./keycloak/config/realm-export-docker.json
    sed -i "s/%GITHUB_CLIENT_SECRET%/$GITHUB_CLIENT_SECRET/g" ./keycloak/config/realm-export-docker.json
  fi
}

function generateKey(){
  (
    _length=${1:-48}
    # Format can be `-base64` or `-hex`
    _format=${2:--base64}

    echo $(openssl rand ${_format} ${_length})
  )
}

function generateSeed(){
  (
    _prefix=${1}
    _seed=$(echo "${_prefix}$(generateKey 32)" | fold -w 32 | head -n 1 )
    _seed=$(echo -n "${_seed}")
    echo ${_seed}
  )
}
#
# Global utility functions - END
#
SCRIPT_HOME="$(cd "$(dirname "$0")" && pwd)"

# =================================================================================================================
# Usage:
# -----------------------------------------------------------------------------------------------------------------
usage() {
  cat <<-EOF
    
      Usage: $0 [command] [options]
    
      Commands:
    
      logs - Display the logs from the docker compose run (ctrl-c to exit).

      start - Runs the containers in production mode.
      up - Same as start.
      
      start-dev - Runs a live development version of the containers, with hot-reloading
              enabled.

      start-demo - Runs the containers in production mode, using the BCovrin Test ledger and
              exposing the agent to the Internet using ngrok.

      stop - Stops the services.  This is a non-destructive process.  The volumes and containers
             are not deleted so they will be reused the next time you run start.
    
      down - Brings down the services and removes the volumes (storage) and containers.
      rm - Same as down

EOF
  exit 1
}
# -----------------------------------------------------------------------------------------------------------------
# Default Settings:
# -----------------------------------------------------------------------------------------------------------------
DEFAULT_CONTAINERS="db agent wallet keycloak keycloak-db maildev tails-server"
PROD_CONTAINERS="api issuer-admin issuer-web"
DEV_CONTAINERS="api-dev issuer-admin-dev issuer-web-dev"
# -----------------------------------------------------------------------------------------------------------------
# Functions:
# -----------------------------------------------------------------------------------------------------------------
build-api() {
  BASE_IMAGE="centos/nodejs-12-centos7"
  echo "Building issuer-kit-api image using $BASE_IMAGE as base..."
  
  ${S2I_EXE} build \
    --copy \
    '../api' \
    $BASE_IMAGE \
    'issuer-kit-api'
}

build-issuer-admin() {
  echo -e "\nBuilding issuer-admin image..."
  docker build \
    -t 'issuer-admin' \
    -f '../docker/issuer-admin/Dockerfile.dockerprod' '../'
}

build-issuer-web() {
  echo -e "\nBuilding issuer-web image..."
  docker build \
    -t 'issuer-web' \
    -f '../docker/issuer-web/Dockerfile.dockerprod' '../'
}

build-all() {
  build-api
  build-issuer-admin
  build-issuer-web
}

configureEnvironment() {

  if [ -f .env ]; then
    while read line; do
      if [[ ! "$line" =~ ^\# ]] && [[ "$line" =~ .*= ]]; then
        export ${line//[$'\r\n']}
      fi
    done <.env
  fi

  for arg in "$@"; do
    # Remove recognized arguments from the list after processing.
    shift

    # echo "arg: ${arg}"
    # echo "Remaining: ${@}"

    case "$arg" in
      *=*)
        # echo "Exporting ..."
        export "${arg}"
        ;;
      *)
        # echo "Saving for later ..."
        # If not recognized, save it for later procesing ...
        set -- "$@" "$arg"
        ;;
    esac
  done

  # Global
  export COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-issuer-kit}"
  export S2I_SCRIPTS_PATH=${S2I_SCRIPTS_PATH:-/usr/libexec/s2i}
  export DEBUG=${DEBUG}
  export LOG_LEVEL=${LOG_LEVEL:-DEBUG}

  # issuer-admin
  export ISSUER_ADMIN_PORT=4250
  export ADMIN_WEB_HOST_NAME=http://localhost
  export ADMIN_WEB_HOST_PORT=8081
  export ADMIN_WEB_HOST_TLS=off
  export ADMIN_API_HOST=api
  export ADMIN_API_PORT=5000

  # issuer-web
  export ISSUER_WEB_PORT=4251
  export PUBLIC_WEB_HOST_NAME=http://localhost
  export PUBLIC_WEB_HOST_PORT=8082
  export PUBLIC_WEB_HOST_TLS=off
  export PUBLIC_API_HOST=api
  export PUBLIC_API_PORT=5000

  # db
  export MONGODB_ADMIN_PASSWORD=admin
  export MONGODB_USER=mongouser
  export MONGODB_PASSWORD=mongopwd
  export MONGODB_DATABASE=issuer_kit_db
  export MONGODB_PORT=27017

  # keycloak
  export KEYCLOAK_DB_VENDOR="POSTGRES"
  export KEYCLOAK_DB_ADDR="keycloak-db"
  export KEYCLOAK_USER="admin"
  export KEYCLOAK_PASSWORD="admin"
  export KEYCLOAK_IMPORT="/tmp/realm-export-docker.json"
  export KEYCLOAK_LOGLEVEL="WARN"
  export KEYCLOAK_ROOT_LOGLEVEL="WARN"

  # keycloak-db
  export KEYCLOAK_DB_NAME="keycloak"
  export KEYCLOAK_DB_USER="keycloak"
  export KEYCLOAK_DB_PASSWORD="keycloak"

  # wallet
  export WALLET_HOST="wallet"
  export WALLET_PORT="5432"
  export WALLET_USER="DB_USER"
  export WALLET_PASSWORD="DB_PASSWORD"
  export WALLET_DATABASE="issuer_kit"
  export WALLET_ADMIN_PASSWORD="mysecretpassword"

  # tails-server
  export TAILS_SERVER_PORT=6543
  export TAILS_STORAGE_PATH=${STORAGE_PATH:-"/tmp/tails-files"}
  export TAILS_SERVER_URL=${TAILS_SERVER_URL:-http://$DOCKERHOST:6543}

  # agent
  export LEDGER_URL=${LEDGER_URL-http://$DOCKERHOST:9000}
  export AGENT_WALLET_NAME="issuer_kit_agent"
  export AGENT_WALLET_ENCRYPTION_KEY="key"
  export AGENT_STORAGE_WALLET_TYPE="postgres_storage"
  if [ -z "${DEV_MODE}" ]; then
    export AGENT_WALLET_SEED=$(generateSeed issuer-kit-demo)
  else
    export AGENT_WALLET_SEED="issuer_kit_000000000000000000000"
  fi
  export AGENT_ADMIN_PORT=8024
  export AGENT_WEBHOOK_PORT=8020
  export AGENT_WEBHOOK_URL=${AGENT_WEBHOOK_URL:-http://api:5000/webhooks}
  export AGENT_HTTP_INTERFACE_PORT=8021
  export AGENT_NAME="issuer-kit-demo"
  export AGENT_ENDPOINT=${NGROK_AGENT_ENDPOINT:-http://$DOCKERHOST:$AGENT_HTTP_INTERFACE_PORT}
  export AGENT_ADMIN_API_KEY=${AGENT_ADMIN_API_KEY:-"agent-api-key-dev"}
  export AGENT_ADMIN_MODE="admin-insecure-mode"
  if [ ! -z "${AGENT_ADMIN_API_KEY}" ]; then
    AGENT_ADMIN_MODE="admin-api-key ${AGENT_ADMIN_API_KEY}"
  fi

  # api
  export API_PORT=5000
  export AGENT_ADMIN_URL=${AGENT_ADMIN_URL:-http://agent:$AGENT_ADMIN_PORT}
  export DB_SERVICE="db"
  export SMTP_HOST=${SMTP_HOST:-maildev}
  export SMTP_PORT=${SMTP_PORT:-25}
  export ADMIN_EMAIL=${ADMIN_EMAIL:-"noreply@example.com"}
  if [ -z "${DEV_MODE}" ]; then
    export PUBLIC_SITE_URL=http://localhost:8082
  else
    export PUBLIC_SITE_URL=http://localhost:4251
  fi
  export EMAIL_SUBJECT=${EMAIL_SUBJECT:-"Issuer Kit Invite"}
}

getInputParams() {
  ARGS=""

  for arg in $@; do
    case "$arg" in
    *=*)
      # Skip it
      ;;
    *)
      ARGS+=" $arg"
      ;;
    esac
  done

  echo ${ARGS}
}

getStartupParams() {
  CONTAINERS=""
  ARGS=""

  for arg in $@; do
    case "$arg" in
    *=*)
      # Skip it
      ;;
    -*)
      ARGS+=" $arg"
      ;;
    *)
      CONTAINERS+=" $arg"
      ;;
    esac
  done

  if [ -z "$CONTAINERS" ]; then
    CONTAINERS="$DEFAULT_CONTAINERS"
  fi

  echo ${ARGS} ${CONTAINERS}
}

deleteVolumes() {
  _projectName=${COMPOSE_PROJECT_NAME:-docker}

  echo "Stopping and removing any running containers ..."
  docker-compose down -v

  _pattern="^${_projectName}_\|^docker_"
  _volumes=$(docker volume ls -q | grep ${_pattern})

  if [ ! -z "${_volumes}" ]; then
    echo "Removing project volumes ..."
    echo ${_volumes} | xargs docker volume rm
  else
    echo "No project volumes exist."
  fi

  echo "Removing build cache ..."
  rm -Rf ../client/tob-web/.cache
}

toLower() {
  echo $(echo ${@} | tr '[:upper:]' '[:lower:]')
}

echoError (){
  _msg=${1}
  _red='\033[0;31m'
  _nc='\033[0m' # No Color
  echo -e "${_red}${_msg}${_nc}" >&2
}

functionExists() {
  (
    if [ ! -z ${1} ] && type ${1} &>/dev/null; then
      return 0
    else
      return 1
    fi
  )
}
# =================================================================================================================

pushd "${SCRIPT_HOME}" >/dev/null
COMMAND=$(toLower ${1})
shift || COMMAND=usage

_startupParams=$(getStartupParams --force-recreate $@)

case "${COMMAND}" in
  logs)
    configureEnvironment "$@"
    docker-compose logs -f
    ;;
  build)
    isS2iInstalled

    configureEnvironment "$@"

    buildImage=$(toLower ${1})
    shift || buildImage=all
    buildImage=$(echo ${buildImage} | sed s~^issuer-kit-~~)
    case "$buildImage" in
      *=*)
        buildImage=all
        ;;
    esac

    if functionExists "build-${buildImage}"; then
      eval "build-${buildImage}"
    else
      echoError "\nThe build function, build-${buildImage}, does not exist.  Please check your build parameters and try again.\nUse '-h' to get full help details."
      exit 1
    fi
    ;;
  start|start|up)
    unset DEV_MODE
    unset LEDGER_URL
    unset TAILS_SERVER_URL
    unset NGROK_AGENT_ENDPOINT
    unset AGENT_WEBHOOK_URL
    
    configureEnvironment "$@"
    customizeKeycloakConfig
    docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${PROD_CONTAINERS}
    docker-compose logs -f
    ;;
  start-dev)
    unset LEDGER_URL
    unset TAILS_SERVER_URL
    unset NGROK_AGENT_ENDPOINT

    export DEV_MODE=true
    export AGENT_WEBHOOK_URL="http://api-dev:5000/webhooks"

    configureEnvironment "$@"
    customizeKeycloakConfig
    docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${DEV_CONTAINERS}
    docker-compose logs -f
    ;;
  start-demo)
    isJQInstalled
    isCurlInstalled

    unset DEV_MODE
    unset AGENT_WEBHOOK_URL
    export LEDGER_URL="http://test.bcovrin.vonx.io"
    export TAILS_SERVER_URL="https://tails-server-dev.pathfinder.gov.bc.ca"
    if [ -z "$NGROK_AGENT_ENDPOINT" ]; then
      isNgrokInstalled
      export NGROK_AGENT_ENDPOINT=$(${CURL_EXE} http://localhost:4040/api/tunnels | ${JQ_EXE} --raw-output '.tunnels | map(select(.name | contains("issuer-agent"))) | .[0] | .public_url')
    fi
    
    checkNgrokTunnelActive
    echo "Running in demo mode, will use ${LEDGER_URL} as ledger and ${NGROK_AGENT_ENDPOINT} as the agent endpoint."
    configureEnvironment "$@"
    customizeKeycloakConfig
    docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${PROD_CONTAINERS}
    docker-compose logs -f
    ;;
  stop)
    configureEnvironment
    docker-compose stop 
    ;;
  rm|down)
    configureEnvironment
    deleteVolumes
    ;;
  *)
    usage
    ;;
esac

popd >/dev/null