Merge pull request #131 from italia/127-missing-default-for-keys_fold…

…er-environments Fix #125 #127 #129 #130 #132 #133
italia · Mar 27, 2024 · 3cc95fc · 3cc95fc
2 parents c32a6e3 + 1e87296
commit 3cc95fc
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 39 deletions.
diff --git a/Docker-compose/.env b/Docker-compose/.env
@@ -1,4 +1,4 @@
 MONGO_DBUSER=satosa
 MONGO_DBPASSWORD=thatpassword
-HOSTNAME=localhost
-KEYS_FOLDER=./pki
+SATOSA_HOSTNAME=localhost
+SATOSA_KEYS_FOLDER=./pki
diff --git a/Docker-compose/.env.example b/Docker-compose/.env.example
@@ -1,11 +1,11 @@
-HOSTNAME=localhost
+SATOSA_HOSTNAME=localhost
 
 # MongoDB authentication
 MONGO_DBUSER=satosa
 MONGO_DBPASSWORD=thatpassword
 
 # The path containing your secrets
-KEYS_FOLDER=./pki
+SATOSA_KEYS_FOLDER=./pki
 # Keys filename
 SATOSA_PRIVATE_KEY_FILENAME=privkey.pem
 SATOSA_PUBLIC_KEY=cert.pem
@@ -43,7 +43,6 @@ SATOSA_UI_LOGO_WIDTH="80"
 SATOSA_UI_LOGO_URL="https://example_organization.org/logo.png"
 SATOSA_UI_PRIVACY_URL_EN="https://example_organization.org/privacy"
 SATOSA_UI_PRIVACY_URL_IT="https://example_organization.org/it/privacy"
-SATOSA_REQUESTED_ATTRIBUTES=[]
 
 # If set to true, satosa downloads IDEM's keys and IDPs from registry.spid.gov.it
-GET_IDEM_MDQ_KEY=true
+GET_IDEM_MDQ_KEY=true
diff --git a/Docker-compose/docker-compose.yml b/Docker-compose/docker-compose.yml
@@ -62,39 +62,35 @@ services:
     depends_on:
       - satosa-mongo
     environment:
-      - BASE_DIR=/satosa_proxy
       - SATOSA_BY_DOCKER=1
+      - GET_IDEM_MDQ_KEY=${GET_IDEM_MDQ_KEY:-true}
 
-      - SATOSA_BASE=https://${HOSTNAME:-localhost}
-      - SATOSA_BASE_STATIC=https://${HOSTNAME:-localhost}/static
-      - SATOSA_DISCO_SRV=https://${HOSTNAME:-localhost}/static/disco.html
-      - SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=https://${HOSTNAME:-localhost}/static/error_page.html
+      - BASE_DIR=/satosa_proxy
+      - SATOSA_PRIVATE_KEY=${SATOSA_KEYS_FOLDER:-./pki}/${SATOSA_PRIVATE_KEY_FILENAME:-privkey.pem}
+      - SATOSA_PUBLIC_KEY=${SATOSA_KEYS_FOLDER:-./pki}/${SATOSA_CERT_FILENAME:-cert.pem}
+      - SATOSA_BASE=https://${SATOSA_HOSTNAME:-localhost}
+      - SATOSA_BASE_STATIC=https://${SATOSA_HOSTNAME:-localhost}/static
+      - SATOSA_DISCO_SRV=https://${SATOSA_HOSTNAME:-localhost}/static/disco.html
+      - SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=https://${SATOSA_HOSTNAME:-localhost}/static/error_page.html
 
       - MONGODB_USERNAME=${MONGO_DBUSER:-satosa}
       - MONGODB_PASSWORD=${MONGO_DBPASSWORD:-thatpassword}
+      - SATOSA_ENCRYPTION_KEY=${SATOSA_ENCRYPTION_KEY:-CHANGE_ME!}
+      - SATOSA_SALT=${SATOSA_SALT:-CHANGE_ME!}
+      - SATOSA_STATE_ENCRYPTION_KEY=${SATOSA_STATE_ENCRYPTION_KEY:-CHANGE_ME!}
 
       - SATOSA_CONTACT_PERSON_EMAIL_ADDRESS=${SATOSA_CONTACT_PERSON_EMAIL_ADDRESS:-support.example@organization.org}
       - SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER=${SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER:-+3906123456789}
       - SATOSA_CONTACT_PERSON_FISCALCODE=${SATOSA_CONTACT_PERSON_FISCALCODE:-XXXXXX00X00X000Y}
       - SATOSA_CONTACT_PERSON_GIVEN_NAME=${SATOSA_CONTACT_PERSON_GIVEN_NAME:-Contact Me}
       - SATOSA_CONTACT_PERSON_IPA_CODE=${SATOSA_CONTACT_PERSON_IPA_CODE:-ipa00c}
       - SATOSA_CONTACT_PERSON_MUNICIPALITY=${SATOSA_CONTACT_PERSON_MUNICIPALITY:-H501}
-
-      - SATOSA_ENCRYPTION_KEY=${SATOSA_ENCRYPTION_KEY:-CHANGE_ME!}
-
       - SATOSA_ORGANIZATION_DISPLAY_NAME_EN=${SATOSA_ORGANIZATION_DISPLAY_NAME_EN:-Example Organization}
       - SATOSA_ORGANIZATION_DISPLAY_NAME_IT=${SATOSA_ORGANIZATION_DISPLAY_NAME_IT:-Example Organization}
       - SATOSA_ORGANIZATION_NAME_EN=${SATOSA_ORGANIZATION_NAME_EN:-example_organization}
       - SATOSA_ORGANIZATION_NAME_IT=${SATOSA_ORGANIZATION_NAME_IT:-example_organization}
       - SATOSA_ORGANIZATION_URL_EN=${SATOSA_ORGANIZATION_URL_EN:-https://example_organization.org}
       - SATOSA_ORGANIZATION_URL_IT=${SATOSA_ORGANIZATION_URL_IT:-https://example_organization.org/it}
-
-      - SATOSA_PRIVATE_KEY=${KEYS_FOLDER}/${SATOSA_PRIVATE_KEY_FILENAME:-privkey.pem}
-      - SATOSA_PUBLIC_KEY=${KEYS_FOLDER}/${SATOSA_CERT_FILENAME:-cert.pem}
-      - SATOSA_SALT=${SATOSA_SALT:-CHANGE_ME!}
-
-      - SATOSA_STATE_ENCRYPTION_KEY=${SATOSA_STATE_ENCRYPTION_KEY:-CHANGE_ME!}
-
       - SATOSA_UI_DESCRIPTION_EN=${SATOSA_UI_DESCRIPTION_EN:-Resource description}
       - SATOSA_UI_DESCRIPTION_IT=${SATOSA_UI_DESCRIPTION_IT:-Resource description}
       - SATOSA_UI_DISPLAY_NAME_EN=${SATOSA_UI_DISPLAY_NAME_EN:-Resource Display Name}
@@ -107,9 +103,6 @@ services:
       - SATOSA_UI_PRIVACY_URL_EN=${SATOSA_UI_PRIVACY_URL_EN:-https://example_organization.org/privacy}
       - SATOSA_UI_PRIVACY_URL_IT=${SATOSA_UI_PRIVACY_URL_IT:-https://example_organization.org/it/privacy}
       - SATOSA_USER_ID_HASH_SALT=${SATOSA_USER_ID_HASH_SALT:-CHANGE_ME!}
-      - SATOSA_REQUESTED_ATTRIBUTES=${SATOSA_REQUESTED_ATTRIBUTES:-[]}
-
-      - GET_IDEM_MDQ_KEY=${GET_IDEM_MDQ_KEY:-true}
     expose:
       - 10000
     ports:
@@ -146,7 +139,7 @@ services:
     networks:
       - satosa-saml2spid
     environment:
-      - NGINX_HOST=${HOSTNAME:-localhost}
+      - NGINX_HOST=${SATOSA_HOSTNAME:-localhost}
 
   spid-samlcheck:
     image: italia/spid-saml-check

diff --git a/example/entrypoint.sh b/example/entrypoint.sh
@@ -3,7 +3,7 @@
 
 # get IDEM MDQ key
 if [[ $GET_IDEM_MDQ_KEY == true ]]; then
-  wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O $KEYS_FOLDER/idem-mdx-service-crt.pem
+  wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O $SATOSA_KEYS_FOLDER/idem-mdx-service-crt.pem
   wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml
   echo "Downloaded IDEM MDQ key"
 fi

diff --git a/example/plugins/backends/ciesaml2_backend.yaml b/example/plugins/backends/ciesaml2_backend.yaml
@@ -124,19 +124,11 @@ config:
                               'dateOfBirth',
                               'fiscalNumber',
                               ]
-        requested_attributes: !ENV SATOSA_REQUESTED_ATTRIBUTES
-        #optional_attributes: ['gender',
-        #                      'companyName',
-        #                      'registeredOffice',
-        #                      'ivaCode',
-        #                      'idCard',
-        #                      'digitalAddress',
-        #                      'placeOfBirth',
-        #                      'countyOfBirth',
+        requested_attributes: []
+        #optional_attributes: ['name',
+        #                      'familyName',
         #                      'dateOfBirth',
-        #                      'address',
-        #                      'mobilePhone',
-        #                      'expirationDate']
+        #                      'fiscalNumber']
 
         endpoints:
           assertion_consumer_service:

diff --git a/example/plugins/backends/spidsaml2_backend.yaml b/example/plugins/backends/spidsaml2_backend.yaml
@@ -124,7 +124,7 @@ config:
 
         # this instantiate the attribute_consuming_service
         required_attributes: ['spidCode', 'name', 'familyName', 'fiscalNumber', 'email']
-        requested_attributes: !ENV SATOSA_REQUESTED_ATTRIBUTES
+        requested_attributes: []
         #optional_attributes: ['gender',
         #                      'companyName',
         #                      'registeredOffice',