From bb1d91b8e87c7019574b01bbf44dbff83d8bae52 Mon Sep 17 00:00:00 2001
From: Ernst Widerberg <ernst@sunet.se>
Date: Fri, 14 Jan 2022 13:04:14 +0100
Subject: Move userdb.yaml to mounted volume

---
 auth-server-poc/src/app.py      |  3 ++-
 auth-server-poc/src/userdb.yaml | 23 -----------------------
 auth-server-poc/userdb.yaml     | 23 +++++++++++++++++++++++
 quickstart.sh                   |  4 ++++
 4 files changed, 29 insertions(+), 24 deletions(-)
 delete mode 100644 auth-server-poc/src/userdb.yaml
 create mode 100644 auth-server-poc/userdb.yaml

diff --git a/auth-server-poc/src/app.py b/auth-server-poc/src/app.py
index c7ba0d1..37a7030 100644
--- a/auth-server-poc/src/app.py
+++ b/auth-server-poc/src/app.py
@@ -16,6 +16,7 @@ jwt = JWTManager(app)
 
 PEM_PRIVATE = "/opt/auth-server-poc/cert/private.pem"
 PEM_PUBLIC = "/opt/auth-server-poc/cert/public.pem"
+USERDB_YAML = "/opt/auth-server-poc/userdb/userdb.yaml"
 
 app.config["JWT_PRIVATE_KEY"] = open(PEM_PRIVATE).read()
 app.config["JWT_PUBLIC_KEY"] = open(PEM_PUBLIC).read()
@@ -28,7 +29,7 @@ class AuthApi(Resource):
     def post(self):
 
         identity = request.environ.get("REMOTE_USER")
-        db = authn.UserDB("userdb.yaml")
+        db = authn.UserDB(USERDB_YAML)
         additional_claims = {
             "type": "access",
             "read": db.read_perms(identity),
diff --git a/auth-server-poc/src/userdb.yaml b/auth-server-poc/src/userdb.yaml
deleted file mode 100644
index c55773b..0000000
--- a/auth-server-poc/src/userdb.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-user1:
-  authz:
-    sunet.se: r
-    su.se: r
-    kth.se: r
-
-user2:
-  authz:
-    sunet.se: w
-    su.se: w
-    kth.se: w
-
-user3:
-  authz:
-    sunet.se: rw
-    su.se: rw
-    kth.se: rw
-
-user4:
-  authz:
-    sunet.se: rw
-    su.se: r
-    kth.se: w
diff --git a/auth-server-poc/userdb.yaml b/auth-server-poc/userdb.yaml
new file mode 100644
index 0000000..c55773b
--- /dev/null
+++ b/auth-server-poc/userdb.yaml
@@ -0,0 +1,23 @@
+user1:
+  authz:
+    sunet.se: r
+    su.se: r
+    kth.se: r
+
+user2:
+  authz:
+    sunet.se: w
+    su.se: w
+    kth.se: w
+
+user3:
+  authz:
+    sunet.se: rw
+    su.se: rw
+    kth.se: rw
+
+user4:
+  authz:
+    sunet.se: rw
+    su.se: r
+    kth.se: w
diff --git a/quickstart.sh b/quickstart.sh
index edf8c43..0f5a1ac 100755
--- a/quickstart.sh
+++ b/quickstart.sh
@@ -28,6 +28,10 @@ if [ ! -f ${DOCKER_JWT_HTPASSWD_PATH}/.htpasswd ]; then
     htpasswd -b ${DOCKER_JWT_HTPASSWD_PATH}/.htpasswd user4 pwd
 fi
 
+if [ ! -f ${DOCKER_JWT_HTPASSWD_PATH}/userdb.yaml ]; then
+    cp auth-server-poc/userdb.yaml ${DOCKER_JWT_HTPASSWD_PATH}/userdb.yaml
+fi
+
 # Launch the containers.
 docker-compose -f docker/docker-compose-dev.yaml up -d
 docker-compose -f auth-server-poc/docker-compose.yml up -d
-- 
cgit v1.1