Make sensenet - snauth compatible with docker containerization (#2205)

* Raise internal versions.

* modified sn auth authority url to be compatible with docker containers

* consolidate docker network to projects

* settings try out

* docker install script with snauth

* fix param

* fix

* latest image

* snauth output

* use temporary docker image tags

* use temporary docker image tag

* open db port for testing

* no apikey needed for sn webapp

* no apikey needed for sn webapp (script)

* fix devcert creation script

* update image tag to preview

---------

Co-authored-by: vn0804 <[email protected]>
Co-authored-by: SN\plastic <[email protected]>

Author: 3 people

deployment/install-sensenet.ps1

@@ -24,7 +24,9 @@ Param (
 	[Parameter(Mandatory=$False)]
 	[switch]$LocalSn,
 	[Parameter(Mandatory=$False)]
-	[switch]$UseVolume,	
+	[switch]$UseVolume,
+	[Parameter(Mandatory=$False)]
+	[switch]$UseAuth,
 
 	# Hosting environment
 	[Parameter(Mandatory=$False, DontShow=$True)]
@@ -263,19 +265,35 @@ if ($SnType -eq "InSql") {
 		-ErrorAction stop
 }
 
-& $PSScriptRoot/scripts/install-identity-server.ps1 `
-	-ProjectName $ProjectName `
-	-VolumeBasePath $VolumeBasePath `
-	-Routing cnt `
-	-AppEnvironment $AppEnvironment `
-	-OpenPort $True `
-	-SensenetPublicHost https://localhost:$SnHostPort `
-	-IdentityPublicHost https://localhost:$IsHostPort `
-	-IsHostPort $IsHostPort `
-	-CertPass $CertPsw `
-	-UseVolume $UseVolume `
-	-DryRun $DryRun `
-	-ErrorAction stop
+if ($UseAuth) {
+		& $PSScriptRoot/scripts/install-snauth.ps1 `
+		-ProjectName $ProjectName `
+		-VolumeBasePath $VolumeBasePath `
+		-Routing cnt `
+		-AppEnvironment $AppEnvironment `
+		-OpenPort $True `
+		-SensenetPublicHost https://localhost:$SnHostPort `
+		-IdentityPublicHost https://localhost:$IsHostPort `
+		-IsHostPort $IsHostPort `
+		-CertPass $CertPsw `
+		-UseVolume $UseVolume `
+		-DryRun $DryRun `
+		-ErrorAction stop
+} else {
+	& $PSScriptRoot/scripts/install-identity-server.ps1 `
+		-ProjectName $ProjectName `
+		-VolumeBasePath $VolumeBasePath `
+		-Routing cnt `
+		-AppEnvironment $AppEnvironment `
+		-OpenPort $True `
+		-SensenetPublicHost https://localhost:$SnHostPort `
+		-IdentityPublicHost https://localhost:$IsHostPort `
+		-IsHostPort $IsHostPort `
+		-CertPass $CertPsw `
+		-UseVolume $UseVolume `
+		-DryRun $DryRun `
+		-ErrorAction stop
+}
 
 if ($SearchService) {
 	& $PSScriptRoot/scripts/install-search-service.ps1 `
@@ -315,6 +333,7 @@ if ($SearchService) {
 	-SearchService $SearchService `
 	-RabbitServiceHost $RabbitServiceHost `
 	-CertPass $CertPsw `
+	-UseAuth $UseAuth `
 	-UseVolume $UseVolume `
 	-DryRun $DryRun `
 	-ErrorAction stop
@@ -343,6 +362,8 @@ if ($SearchService) {
 	Wait-SnApp -SnHostPort $SnHostPort -MaxTryNumber 2 -DryRun $DryRun -ErrorAction stop
 }
 
+# & $PSScriptRoot/scripts/insert-apikey.ps1 
+
 if (-not $DryRun -and $OpenInBrowser) {
 	Start-Process "https://admin.sensenet.com/?repoUrl=https%3A%2F%2Flocalhost%3A$SnHostPort"
 }

deployment/scripts/insert-apikey.ps1

@@ -0,0 +1,118 @@
+Param(
+    [Parameter(Mandatory=$False)]
+	[string]$RepoUrl="localhost:51016",
+    [Parameter(Mandatory=$False)]
+	[string]$AuthUrl="localhost:51017",
+    [Parameter(Mandatory=$False)]
+	[string]$DataSource="sensenet-insql-cdb-sndb",
+    [Parameter(Mandatory=$False)]
+	[string]$DataContainer="sensenet-insql-cdb-snsql",
+	[Parameter(Mandatory=$False)]
+	[switch]$StepByStep    
+)
+
+if (-not (Get-Command "Invoke-Cli" -DryRun $DryRun -ErrorAction SilentlyContinue)) {
+	Write-Output "load helper functions"
+	. "$($PSScriptRoot)/helper-functions.ps1"
+}
+
+Test-Docker
+
+$user="sa"
+$password="SuP3rS3CuR3P4sSw0Rd"
+
+$clientId = "pr3Gen3R4Ted"
+$clientSecret = "pr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Ted"
+$apiKey = "pr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Ted"
+
+# check if client exists
+$query = "SELECT * FROM [AccessTokens] WHERE [Value] = '$apiKey' AND [UserId] = 1 FOR JSON AUTO, WITHOUT_ARRAY_WRAPPER"
+$params = "exec", $DataContainer, "/opt/mssql-tools/bin/sqlcmd", "-d", $DataSource, "-U", $user, "-P", $password, "-Q", $query
+$result = Invoke-Cli -execFile "docker" -params $params -ErrorAction SilentlyContinue
+if ($result -ne "" -and $result -ne $null -and $result.Count -gt 1 -and $result[2] -ne $null) {
+    $obj = $result[2] | ConvertFrom-Json
+    if ($obj -ne $null) {
+        # Write-Host "ApiKey $($obj.Value) already exists."
+        $apiKeyExists = $true
+    }
+}
+
+
+# check if client exists
+$query = "SELECT * FROM [ClientApps] WHERE [ClientId] = '$($clientId)' AND [Authority] = '$authUrl' FOR JSON AUTO, WITHOUT_ARRAY_WRAPPER"
+$params = "exec", $DataContainer, "/opt/mssql-tools/bin/sqlcmd", "-d", $DataSource, "-U", $user, "-P", $password, "-Q", $query
+$result = Invoke-Cli -execFile "docker" -params $params -ErrorAction SilentlyContinue
+if ($result -ne "" -and $result -ne $null -and $result.Count -gt 1 -and $result[2] -ne $null) {
+    $obj = $result[2] | ConvertFrom-Json
+    if ($obj -ne $null) {
+        # Write-Host "Client with ClientId $($obj.ClientId) already exists."
+        $clientExists = $true
+    }
+}
+
+if ($apiKeyExists -and $clientExists) {
+    Write-Host "Both Client with ClientId and ApiKey already exists."
+    return
+}
+
+# default values
+
+$charSet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+$rndmId = -join (1..16 | ForEach-Object { Get-Random -InputObject $charSet.ToCharArray() })
+$creationDate = Get-Date -Format "yyyy-MM-dd HH:mm:ss.fffffff"
+
+# Check if apikey exists and insert or update accordingly
+$clientappScript = @"
+IF NOT EXISTS (SELECT 1 FROM [AccessTokens] WHERE [Value] = '$apiKey' AND [UserId] = 1)
+BEGIN
+    INSERT INTO [AccessTokens]
+         ([UserId], [Value], [Feature], [CreationDate], [ExpirationDate])
+    VALUES
+        ('1', '$apiKey', 'apikey', '$creationDate', '9999-12-31 23:59:59.9999999')
+END
+"@
+
+$params = "exec", $DataContainer, "/opt/mssql-tools/bin/sqlcmd", "-d", $DataSource, "-U", $user, "-P", $password, "-Q", $clientappScript
+Invoke-Cli -execFile "docker" -params $params -ErrorAction Stop
+
+# Check if clientapp exists and insert or update accordingly
+$clientappScript = @"
+IF EXISTS (SELECT 1 FROM [ClientApps] WHERE [ClientId] = '$clientId')
+BEGIN
+    UPDATE [ClientApps]
+    SET [Name] = '$clientId', [Repository] = '$repoUrl', [UserName] = 'builtin\admin', [Authority] = '$authUrl', [Type] = 4
+    WHERE [ClientId] = '$clientId'
+END
+ELSE
+BEGIN
+    INSERT INTO [ClientApps]
+        ([ClientId], [Name], [Repository], [UserName], [Authority], [Type])
+    VALUES
+        ('$clientId', '$clientId', '$repoUrl', 'builtin\admin', '$authUrl', 4)
+END
+"@
+
+$params = "exec", $DataContainer, "/opt/mssql-tools/bin/sqlcmd", "-d", $DataSource, "-U", $user, "-P", $password, "-Q", $clientappScript
+Invoke-Cli -execFile "docker" -params $params -ErrorAction Stop
+
+# Check if client secret exists and insert or update accordingly
+$clientsecretScript = @"
+IF EXISTS (SELECT 1 FROM [ClientSecrets] WHERE [ClientId] = '$clientId')
+BEGIN
+    UPDATE [ClientSecrets]
+    SET [Value] = '$clientSecret', [CreationDate] = '$creationDate', [ValidTill] = '9999-12-31 23:59:59.9999999'
+    WHERE [ClientId] = '$clientId'
+END
+ELSE
+BEGIN
+    INSERT INTO [ClientSecrets]
+        ([Id], [ClientId], [Value], [CreationDate], [ValidTill])
+    VALUES
+        ('$rndmId', '$clientId', '$clientSecret', '$creationDate', '9999-12-31 23:59:59.9999999')
+END
+"@
+
+$params = "exec", $DataContainer, "/opt/mssql-tools/bin/sqlcmd", "-d", $DataSource, "-U", $user, "-P", $password, "-Q", $clientsecretScript
+Invoke-Cli -execFile "docker" -params $params -ErrorAction Stop
+
+

deployment/scripts/install-identity-server.ps1

@@ -2,7 +2,7 @@ Param (
     [Parameter(Mandatory=$False)]
 	[string]$ProjectName="docker",
 	[Parameter(Mandatory=$False)]
-	[string]$NetworkName="snnetwork",
+	[string]$NetworkName="sensenet",
 
 	# Hosting environment
 	[Parameter(Mandatory=$False)]
@@ -32,7 +32,7 @@ Param (
 
 	# Identity server
 	[Parameter(Mandatory=$False)]
-	[string]$IdentityDockerImage="sensenetcsp/sn-identityserver:latest",
+	[string]$IdentityDockerImage="sensenetcsp/sn-identityserver:preview",
 	[Parameter(Mandatory=$False)]
 	[string]$IdentityContainerName="$($ProjectName)-snis",
 	[Parameter(Mandatory=$False)]

deployment/scripts/install-rabbit.ps1

@@ -1,6 +1,6 @@
 Param (
 	[Parameter(Mandatory=$False)]
-	[string]$NetworkName="snnetwork",
+	[string]$NetworkName="sensenet",
 
 	# RabbitMq
     [Parameter(Mandatory=$False)]

deployment/scripts/install-search-service.ps1

@@ -2,7 +2,7 @@ Param (
     [Parameter(Mandatory=$False)]
 	[string]$ProjectName="docker",
 	[Parameter(Mandatory=$False)]
-	[string]$NetworkName="snnetwork",
+	[string]$NetworkName="sensenet",
 
 	# Hosting environment
 	[Parameter(Mandatory=$False)]
@@ -38,7 +38,7 @@ Param (
 
 	# Search service parameters
     [Parameter(Mandatory=$False)]
-	[string]$SearchDockerImage="sensenetcsp/sn-searchservice:latest",
+	[string]$SearchDockerImage="sensenetcsp/sn-searchservice:preview",
 	[Parameter(Mandatory=$False)]
 	[string]$SearchContainerName="$($ProjectName)-snsearch",
     [Parameter(Mandatory=$False)]

deployment/scripts/install-sensenet-app.ps1

@@ -2,7 +2,7 @@ Param (
     [Parameter(Mandatory=$False)]
 	[string]$ProjectName="docker",
 	[Parameter(Mandatory=$False)]
-	[string]$NetworkName="snnetwork",
+	[string]$NetworkName="sensenet",
 
 	# Hosting environment
 	[Parameter(Mandatory=$False)]
@@ -26,14 +26,16 @@ Param (
 	[Parameter(Mandatory=$False)]
 	[string]$SnType="InSql",
 	[Parameter(Mandatory=$False)]
-	[string]$SensenetDockerImage="sensenetcsp/sn-api-sql:latest",
+	[string]$SensenetDockerImage="sensenetcsp/sn-api-sql:preview",
 	[Parameter(Mandatory=$False)]
 	[string]$SensenetContainerName="$($ProjectName)-snapp",
 	[Parameter(Mandatory=$False)]
 	[string]$SensenetAppdataVolume="$($VolumeBasePath)/$($SensenetContainerName)/appdata",
 	[Parameter(Mandatory=$False)]
 	[string]$SensenetPublicHost="https://$($ProjectName)-sn.$($Domain)",
 	[Parameter(Mandatory=$False)]
+	[string]$HealthCheckUser="s3Cur3P4Ss",
+	[Parameter(Mandatory=$False)]
 	[int]$SnHostPort=8081,
 	[Parameter(Mandatory=$False)]
 	[int]$SnAppPort=443,
@@ -49,6 +51,10 @@ Param (
 	[string]$IdentityPublicHost="https://$($ProjectName)-is.$($Domain)",	
 	[Parameter(Mandatory=$False)]
 	[string]$IdentityContainerHost="http://$($IdentityContainerName)",
+	[Parameter(Mandatory=$False)]
+	[bool]$UseAuth,
+	[Parameter(Mandatory=$False)]
+	[string]$ApiKey = "pr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Tedpr3Gen3R4Ted",
 
 	# Sensenet Repository Database
 	[Parameter(Mandatory=$False)]
@@ -126,14 +132,14 @@ $date = Get-Date -Format "yyyy-MM-dd HH:mm K"
 
 switch ($SnType) {
 	"InMem" { 
-		$SensenetDockerImage="sensenetcsp/sn-api-inmem:latest"
+		$SensenetDockerImage="sensenetcsp/sn-api-inmem:preview"
 	}
 	"InSql" { 
 		if ($SearchService) { 			
-			$SensenetDockerImage="sensenetcsp/sn-api-nlb:latest"
+			$SensenetDockerImage="sensenetcsp/sn-api-nlb:preview"
 		}
 		else {
-			$SensenetDockerImage="sensenetcsp/sn-api-sql:latest"
+			$SensenetDockerImage="sensenetcsp/sn-api-sql:preview"
 		}		
 	}
 	Default {
@@ -173,13 +179,23 @@ $params = "run", "-it", "-d", "eol",
 "-e", "ASPNETCORE_URLS=$aspnetUrls", "eol",
 "-e", "ASPNETCORE_ENVIRONMENT=$AppEnvironment", "eol",
 "-e", "sensenet__Container__Name=$($SensenetContainerName)", "eol",
+"-e", "sensenet__apikeys__healthcheckeruser=$($HealthCheckUser)", "eol",
 "-e", "sensenet__identityManagement__UserProfilesEnabled=false", "eol",
 "-e", "sensenet__authentication__authServerType=$($AuthServerType)", "eol",
 "-e", "sensenet__authentication__authority=$($IdentityPublicHost)", "eol",
 "-e", "sensenet__authentication__repositoryUrl=$($SensenetPublicHost)", "eol",
 "-e", "sensenet__authentication__AddJwtCookie=$($JwtCookie)", "eol",
 "-e", "sensenet__apikeys__healthcheckeruser=$($HealthCheckUser)", "eol"
 
+if ($UseAuth) {
+	$params += "-e", "sensenet__authentication__authServerType=SNAuth", "eol",
+	"-e", "sensenet__authentication__AddJwtCookie=false", "eol"
+} else {
+	$params += "-e", "sensenet__authentication__authServerType=IdentityServer", "eol",
+	"-e", "sensenet__authentication__AddJwtCookie=true", "eol",
+	"-e", "sensenet__identityManagement__UserProfilesEnabled=false", "eol"
+}
+
 if ($SnType -eq "InSql") {
 	$params += "-e", "ConnectionStrings__SnCrMsSql=Persist Security Info=False;Initial Catalog=$($SqlDbName);Data Source=$($DataSource);User ID=$($SqlUser);Password=$($SqlPsw);TrustServerCertificate=true", "eol"
 }

deployment/scripts/install-sensenet-init.ps1

@@ -1,6 +1,6 @@
 Param (
     [Parameter(Mandatory=$False)]
-	[string]$NetworkName="snnetwork",
+	[string]$NetworkName="sensenet",
 
 	# Docker
 	[Parameter(Mandatory=$False)]