Fix setup script (#2395)

* Refactor kc-key-update.sh to dynamically locate TNO root directory using key files and directories * Update key mapping in kc-key-update.sh for service account secret * Enhance kc-key-update.sh to support command-line arguments for updating Keycloak secrets and client ID * Update DEVELOPMENT.md
bcgov · Jan 25, 2025 · 478cec7 · 478cec7
1 parent 05d5b62
commit 478cec7
Show file tree

Hide file tree

Showing 2 changed files with 93 additions and 57 deletions.
diff --git a/docs/DEVELOPMENT.md b/docs/DEVELOPMENT.md
@@ -115,18 +115,10 @@ make up n=keycloak
 # After keycloak starts go to http://localhost:40001 and login to confirm it has successfully initialized.
 # There should be a tno realm.  You can review the predefined user accounts.
 
-# Copy the mmi-service-account credentials secret and paste it into the following configuration files.
-# Keycloak__Secret={GET KEYCLOAK SERVICE ACCOUNT}
-cd ./tools/css-api/.env
-# Auth__Keycloak__Secret={GET KEYCLOAK SERVICE ACCOUNT}
-cd ./services/net/indexing/.env
-# Keycloak__ServiceAccount__Secret={GET KEYCLOAK mmi-service-account CLIENT SECRET}
-cd ./api/net/.env
-
-# Copy the mmi-app GUID (get it from the URL path in Keycloak) and paste it into the following configuration file.
-# Keycloak__ClientId={GET KEYCLOAK mmi-app CLIENT ID}
-cd ./api/net/.env
-
+# Copy the mmi-service-account credentials secret.
+# Copy the mmi-app GUID (get it from the URL path in Keycloak).
+# Run command line tool
+./tools/scripts/kc-key-update.sh -s {your-mmi-service-account-secret} -id {your-mmi-app-GUID}
 # Setup the database
 make db-update
 

diff --git a/tools/scripts/kc-key-update.sh b/tools/scripts/kc-key-update.sh
@@ -1,66 +1,110 @@
 #!/bin/bash
 
-# Check if a command-line argument was provided
-if [ $# -eq 0 ]; then
-    echo "Please provide the secret as an argument. You can find it in keycloak admin => mmi realm => clients => mmi-service-account. "
+# Function to display usage
+show_usage() {
+    echo "Usage: $0 [-s secret] [-id clientId]"
+    echo "Options:"
+    echo "  -s     Set the secret value for Keycloak__ServiceAccount__Secret and Auth__Keycloak__Secret"
+    echo "  -id    Set the Keycloak__ClientId value"
+    echo "You can find the secret in keycloak admin => mmi realm => clients => mmi-service-account."
     exit 1
+}
+
+# Parse command line arguments
+secret=""
+client_id=""
+
+while [ "$#" -gt 0 ]; do
+    case "$1" in
+        -s)
+            secret="$2"
+            shift 2
+            ;;
+        -id)
+            client_id="$2"
+            shift 2
+            ;;
+        *)
+            echo "Unknown parameter: $1"
+            show_usage
+            ;;
+    esac
+done
+
+# Debug output
+echo "Debug: secret=$secret, client_id=$client_id"
+
+# Check if at least one argument was provided
+if [ -z "$secret" ] && [ -z "$client_id" ]; then
+    echo "Error: At least one option (-s or -id) must be provided."
+    show_usage
 fi
 
-# Use the first command-line argument as the account secret
-account_secret="$1"
+# Function to check if directory is TNO root by verifying key files/directories
+is_tno_root() {
+    local dir="$1"
+    # Check for TNO.sln and key directories that are unique to TNO
+    if [ -f "$dir/TNO.sln" ] && [ -d "$dir/api" ] && [ -d "$dir/services" ]; then
+        return 0 # true
+    fi
+    return 1 # false
+}
 
-# Dynamically obtain the absolute path of the script
-script_path="$(realpath "$0")"
+# Get the script's directory
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)"
 
-# Find the tno directory in the path
-regex="(.*/TNO)/"
-if [[ $script_path =~ $regex ]]; then
-    tno_root="${BASH_REMATCH[1]}"
-else
-    echo "Unable to locate the tno directory in the script path."
+# Find TNO root by traversing up from script location
+tno_root="$script_dir"
+while [ "$tno_root" != "/" ]; do
+    if is_tno_root "$tno_root"; then
+        break
+    fi
+    tno_root="$(dirname "$tno_root")"
+done
+
+if [ "$tno_root" = "/" ]; then
+    echo "Unable to locate the TNO root directory."
     exit 1
 fi
 
-# Files and their respective keys to check
-declare -A files_keys=(
-    ["$tno_root/tools/css-api/.env"]="Keycloak__Secret="
-    ["$tno_root/api/net/.env"]="CSS__Secret="
-)
+# Function to update value in file
+update_value() {
+    local file="$1"
+    local key="$2"
+    local new_value="$3"
 
-# Check and modify specified files
-for file in "${!files_keys[@]}"; do
-    key=${files_keys[$file]}
     if [ -f "$file" ]; then
-        # Check and ignore commented lines
+        # Get the old value, handling both regular values and placeholder values
         if grep -q "^[^#]*$key" "$file"; then
-            old_value=$(grep "^[^#]*$key" "$file" | sed -n "s/.*$key\(.*\)/\1/p")
-            # Use a different delimiter, e.g., `#`, to avoid potential conflicts
-            sed -i "/^[^#]*$key/c$key$account_secret" "$file"
+            local line=$(grep "^[^#]*$key" "$file")
+            local old_value="${line#*$key}"
+            # Use a different delimiter for sed to avoid conflicts
+            sed -i "s|^[^#]*$key.*|$key$new_value|" "$file"
             echo "Modified: $file"
-            echo "$key$old_value => $key$account_secret"
+            echo "$key$old_value => $key$new_value"
             echo
         fi
     else
         echo "File not found: $file"
         echo
     fi
-done
+}
 
-# Loop through all directories under tno/services/net/ and check .env files
-for dir in $tno_root/services/net/*/ ; do
-    env_file="${dir}.env"
-    if [ -f "$env_file" ]; then
-        key="Auth__Keycloak__Secret="
-        if grep -q "^[^#]*$key" "$env_file"; then
-            old_value=$(grep "^[^#]*$key" "$env_file" | sed -n "s/.*$key\(.*\)/\1/p")
-            # Use a different delimiter, e.g., `#`, to avoid potential conflicts
-            sed -i "/^[^#]*$key/c$key$account_secret" "$env_file"
-            echo "Modified: $env_file"
-            echo "$key$old_value => $key$account_secret"
-            echo
-        fi
-    else
-        echo "Directory not found or .env file does not exist in: $dir"
-        echo
-    fi
-done
+# Update secrets if provided
+if [ -n "$secret" ]; then
+    echo "Updating secrets..."
+    # Update Keycloak__ServiceAccount__Secret in api/net/.env
+    update_value "$tno_root/api/net/.env" "Keycloak__ServiceAccount__Secret=" "$secret"
+
+    # Update Auth__Keycloak__Secret in all service .env files
+    for dir in $tno_root/services/net/*/ ; do
+        env_file="${dir}.env"
+        update_value "$env_file" "Auth__Keycloak__Secret=" "$secret"
+    done
+fi
+
+# Update client ID if provided
+if [ -n "$client_id" ]; then
+    echo "Updating client ID..."
+    update_value "$tno_root/api/net/.env" "Keycloak__ClientId=" "$client_id"
+fi