feat(seeds): use env vars from docker-compose

Signed-off-by: Francesco Noacco <francesco.noacco@secomind.com>

.env

@@ -31,3 +31,8 @@ S3_PORT=9000
 S3_BUCKET=edgehog
 S3_ASSET_HOST=
 S3_GCP_CREDENTIALS=
+
+SEEDS_REALM=test
+SEEDS_REALM_PRIVATE_KEY_FILE=./backend/priv/keys/realm_private.pem
+SEEDS_TENANT_PRIVATE_KEY_FILE=./backend/priv/keys/tenant_private.pem
+SEEDS_ASTARTE_BASE_API_URL=http://api.astarte.localhost

.reuse/dep5

@@ -10,3 +10,7 @@ License: Apache-2.0
 Files: CHANGELOG.md
 Copyright: 2021-2023 SECO Mind Srl
 License: CC0-1.0
+
+Files: backend/priv/keys/*.pem
+Copyright: 2023 Seco Mind Srl
+License: CC0-1.0

backend/priv/keys/realm_private.pem

@@ -0,0 +1 @@
+notaprivatekey

backend/priv/keys/tenant_private.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEICx5W2odFd5CyMTv5VlLW96fgvWtcJ3bIJVVc3GWhMHBoAoGCCqGSM49
+AwEHoUQDQgAEhV0KI4hByk0uDkCg4yZImMTiAtz2azmpbh0sLAKOESdlRYOFw90U
+p4F9fRRV5Li6Pn5XZiMCZhVkS/PoUbIKpA==
+-----END EC PRIVATE KEY-----

backend/priv/repo/seeds.exs

@@ -25,19 +25,40 @@ alias Edgehog.{
   Tenants
 }
 
+require Logger
+
+read_file_from_env_var = fn env_var ->
+  System.get_env(env_var, "")
+  |> File.read()
+  |> case do
+    {:ok, content} -> content
+    {:error, _} -> raise "#{env_var} needs to be a readable file."
+  end
+end
+
 {:ok, cluster} =
   Astarte.create_cluster(%{
     name: "Test Cluster",
-    base_api_url: "https://api.astarte.example.com"
+    base_api_url: System.get_env("SEEDS_ASTARTE_BASE_API_URL")
   })
 
-private_key = """
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEICx5W2odFd5CyMTv5VlLW96fgvWtcJ3bIJVVc3GWhMHBoAoGCCqGSM49
-AwEHoUQDQgAEhV0KI4hByk0uDkCg4yZImMTiAtz2azmpbh0sLAKOESdlRYOFw90U
-p4F9fRRV5Li6Pn5XZiMCZhVkS/PoUbIKpA==
------END EC PRIVATE KEY-----
-"""
+default_key =
+  :code.priv_dir(:edgehog)
+  |> to_string()
+  |> Path.join("keys/tenant_private.pem")
+  |> File.read!()
+
+private_key = read_file_from_env_var.("SEEDS_TENANT_PRIVATE_KEY_FILE")
+
+if private_key == default_key do
+  Logger.warning(
+    """
+    Using default tenant private key. \
+    Please be sure to avoid using this for production.
+    """
+    |> String.trim_trailing("\n")
+  )
+end
 
 public_key =
   X509.PrivateKey.from_pem!(private_key)
@@ -49,7 +70,32 @@ public_key =
 
 _ = Edgehog.Repo.put_tenant_id(tenant.tenant_id)
 
-{:ok, realm} = Astarte.create_realm(cluster, %{name: "test", private_key: "notaprivatekey"})
+realm_pk =
+  read_file_from_env_var.("SEEDS_REALM_PRIVATE_KEY_FILE")
+  |> then(fn pk ->
+    case X509.PrivateKey.from_pem(pk) do
+      {:ok, pk_binary} ->
+        # Like returning pk but removes all text outside BEGIN KEY and END KEY sections.
+        X509.PrivateKey.to_pem(pk_binary)
+
+      {:error, _} ->
+        Logger.warning(
+          """
+          The realm's private key is not a valid RSA/RC private key. \
+          This instante will not be able to connect to Astarte.
+          """
+          |> String.trim_trailing("\n")
+        )
+
+        pk
+    end
+  end)
+
+{:ok, realm} =
+  Astarte.create_realm(cluster, %{
+    name: System.get_env("SEEDS_REALM"),
+    private_key: realm_pk
+  })
 
 {:ok, hardware_type} =
   Devices.create_hardware_type(%{

docker-compose.yml

@@ -50,9 +50,20 @@ services:
       S3_BUCKET: "${S3_BUCKET}"
       S3_ASSET_HOST: "${S3_ASSET_HOST}"
       S3_GCP_CREDENTIALS: "${S3_GCP_CREDENTIALS}"
+      SEEDS_REALM: "${SEEDS_REALM}"
+      SEEDS_REALM_PRIVATE_KEY_FILE: /keys/realm_private.pem
+      SEEDS_TENANT_PRIVATE_KEY_FILE: /keys/tenant_private.pem
+      SEEDS_ASTARTE_BASE_API_URL: "${SEEDS_ASTARTE_BASE_API_URL}"
     ports:
       - 4000:4000
     restart: on-failure
+    volumes:
+      - type: bind
+        source: "${SEEDS_TENANT_PRIVATE_KEY_FILE}"
+        target: /keys/tenant_private.pem
+      - type: bind
+        source: "${SEEDS_REALM_PRIVATE_KEY_FILE}"
+        target: /keys/realm_private.pem
     depends_on:
       - postgresql
       - minio