Fix: make_credentials.sh uses passwords set in the .env file

.env.example

@@ -63,8 +63,8 @@ verify_DB_USER=verify
 verify_SCHEMA_TYPE=federated
 
 # s3inbox
-s3inbox_BROKER_PASSWORD=inbox
-s3inbox_BROKER_ROUTINGKEY=inbox
-s3inbox_BROKER_USER=inbox
-s3inbox_DB_PASSWORD=inbox
-s3inbox_DB_USER=inbox
+inbox_BROKER_PASSWORD=inbox
+inbox_BROKER_ROUTINGKEY=inbox
+inbox_BROKER_USER=inbox
+inbox_DB_PASSWORD=inbox
+inbox_DB_USER=inbox

.github/workflows/test_demo.yaml

@@ -16,6 +16,7 @@ jobs:
           cp config/config.yaml.example config/config.yaml
           cp config/iss.json.example config/iss.json
           cp .env.example .env
+          sed -E -i  's/(_DB_PASSWORD=)([^ ]+)/\1\2New/;s/(_BROKER_PASSWORD=)([^ ]+)/\1\2New/ ' .env
           docker compose -f docker-compose-demo.yml up -d
           until [ "$(docker inspect data_loader  --format='{{.State.Status}}')" = "exited" ]; do
             echo "waithg for data_loader to finish"

docker-compose.yml

@@ -14,6 +14,8 @@ services:
         condition: service_healthy
     environment:
       - PGPASSWORD=${credentials_PGPASSWORD}
+    env_file:
+      - .env
     image: python:3.10-slim
     networks:
       - secure
@@ -270,11 +272,11 @@ services:
       s3:
         condition: service_healthy
     environment:
-      - BROKER_PASSWORD=${s3inbox_BROKER_PASSWORD}
-      - BROKER_ROUTINGKEY=${s3inbox_BROKER_ROUTINGKEY}
-      - BROKER_USER=${s3inbox_BROKER_USER}
-      - DB_PASSWORD=${s3inbox_DB_PASSWORD}
-      - DB_USER=${s3inbox_DB_USER}
+      - BROKER_PASSWORD=${inbox_BROKER_PASSWORD}
+      - BROKER_ROUTINGKEY=${inbox_BROKER_ROUTINGKEY}
+      - BROKER_USER=${inbox_BROKER_USER}
+      - DB_PASSWORD=${inbox_DB_PASSWORD}
+      - DB_USER=${inbox_DB_USER}
       - SERVER_JWTPUBKEYURL=http://${DOCKERHOST:-dockerhost}:8080/oidc/jwk
     extra_hosts:
       - ${DOCKERHOST:-dockerhost}:host-gateway

scripts/make_credentials.sh

@@ -12,13 +12,19 @@ pip install aiohttp Authlib joserfc requests > /dev/null
 
 for n in download finalize inbox ingest mapper sync verify; do
     echo "creating credentials for: $n"
-    ## password and permissions for MQ
-    body_data=$(jq -n -c --arg password "$n" --arg tags none '$ARGS.named')
+    db_password=$(eval echo \$$n"_DB_PASSWORD")
+    mq_password=$(eval echo \$$n"_BROKER_PASSWORD")
+    db_password=${db_password:-$n}
+    mq_password=${mq_password:-$n}
+
+    echo "role: $n, db password: $db_password, mq password: $mq_password"
+    ## setting passwords and permissions for MQ
+    body_data=$(jq -n -c --arg password "$mq_password" --arg tags none '$ARGS.named')
     curl -s -u test:test -X PUT "http://rabbitmq:15672/api/users/$n" -H "content-type:application/json" -d "${body_data}"
     curl -s -u test:test -X PUT "http://rabbitmq:15672/api/permissions/sda/$n" -H "content-type:application/json" -d '{"configure":"","write":"sda","read":".*"}'
 
-
-    psql -U postgres -h postgres -d sda -c "ALTER ROLE $n LOGIN PASSWORD '$n';"
+    ## setting passwords and permissions for DB
+    psql -U postgres -h postgres -d sda -c "ALTER ROLE $n LOGIN PASSWORD '$db_password';"
 done
 
 # create EC256 key for signing the JWT tokens