scim-examples/docker/deploy.sh at master · PurpleComputing/scim-examples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
#!/usr/bin/env bash

# Docker Swarm deployment script
# Ensure you've read PREPARATION.md and docker/README.md

# set the full path of the docker examples directory

# function used to set up through Docker Compose
run_docker_compose() {
    echo " "
    echo "Deploying using Docker Compose..."
    echo "(Ctrl+C to cancel)"
    sleep 3

    # this command populates an .env file which allows the container to have a needed environment variable without needing to store the scimsession file itself
    SESSION=$(cat $scimsession_file | base64 | tr -d "\n")
    sed -i  -e "s/^OP_SESSION=.*$/OP_SESSION=$SESSION/" $docker_file_path/scim.env
    if $workspaceIdP
    then
        WORKSPACE_FILE=$(cat $workspace_settings | base64 | tr -d "\n")
        sed -i  -e "s/^OP_WORKSPACE_SETTINGS=.*$/OP_WORKSPACE_SETTINGS=$WORKSPACE_FILE/" $docker_file_path/scim.env

        GOOGLE_KEY_FILE=$(cat $google_credentials | base64 | tr -d "\n")
        sed -i  -e "s/^OP_WORKSPACE_CREDENTIALS=.*$/OP_WORKSPACE_CREDENTIALS=$GOOGLE_KEY_FILE/" $docker_file_path/scim.env
    fi

    if ! docker-compose -f $docker_file up --build -d
    then
        echo " "
        echo "Failed to run docker-compose; investigate the error before proceeding"
        sleep 1
        exit 1
    fi

    view_logs=N

    if [[ "$view_logs" =~ ^([yY][eE][sS]|[yY])$ ]]
    then
        echo " "
        echo "Press Ctrl+C to quit out of the log view."
        sleep 2
        docker-compose -f $docker_file logs -f 2>/dev/null
    else
        echo "Skipping logs..."
        echo "You can view the logs manually by running: docker-compose logs -f"
    fi
}

# function used to set up through Docker Swarm
run_docker_swarm() {
    echo " "
    echo "Deploying using Docker Swarm..."
    echo "(Ctrl+C to cancel)"
    sleep 3

    # puts the scimsession secret into the Swarm
    if ! cat $scimsession_file | docker secret create scimsession -
    then
        echo " "
        echo "Failed to create Docker Swarm secret; investigate the error before proceeding"
        sleep 1
        exit 1
    fi

    if ! $workspaceIdP
    then
        if ! docker stack deploy -c $docker_file op-scim
        then
            echo " "
            echo "Failed to deploy to Docker Swarm; investigate the error before proceeding"
            sleep 1
            exit 1
        fi
    else
        if ! cat $workspace_settings | docker secret create workspace-settings -
        then
            echo " "
            echo "Failed to create Google Workspace settings secret in Docker; investigate the error before proceeding"
            sleep 1
            exit 1
        fi
        if ! cat $google_credentials | docker secret create workspace-credentials -
        then
            echo " "
            echo "Failed to create Google Service Account key secret in Docker; investigate the error before proceeding"
            sleep 1
            exit 1
        fi
        if ! docker stack deploy -c $docker_file -c $gw_docker_file op-scim
        then
            echo " "
            echo "Failed to deploy to Docker Swarm; investigate the error before proceeding"
            sleep 1
            exit 1
        fi
    fi

    view_logs=n
    if [[ "$view_logs" =~ ^([yY][eE][sS]|[yY])$ ]]
    then
        echo " "
        echo "Press Ctrl+C to quit out of the log view."
        sleep 2
        docker service logs --raw -f op-scim_scim 2>/dev/null
    else
        echo "Skipping logs..."
        echo "You can view the logs manually by running: docker service logs --raw -f op-scim_scim"
    fi
}

# Begin main script

docker_path=$(dirname $(realpath $0))
workspaceIdP=false

echo "Initiating 1Password SCIM Bridge Deployment to Docker Swarm"
echo " "
echo "Please specify the following options."

while ! [[ "$workspace" =~ ^([yY][eE][sS]|[yY]|[nN][oO]|[nN])$ ]]; do
    workspace=n
    if [[ "$workspace" =~ ^([yY][eS][sS]|[yY])$ ]]
    then
        workspaceIdP=true
        break
    fi
done

if $workspaceIdP
then
    while :
    do
        read -p "Path to your Google Workspace settings file: " workspace_settings
        if [[ -f "$workspace_settings" ]]
        then
            break
        fi
        echo "File '$workspace_settings' does not exist at that path, please try again." >&2
    done
    while :
    do
        read -p "Path to your Google Service Account key file: " google_credentials
        if [[ -f "$google_credentials" ]]
        then
            break
        fi
        echo "File '$google_credentials' does not exist at that path, please try again." >&2
    done
fi

while :
do
    docker_type=compose
    if [[ "$docker_type" =~ ^(swarm|compose)$ ]]
    then
        break
    fi
    echo "$docker_type is not a valid input. Please select either 'swarm' or 'compose'."
done

while :
do
    domain_name=$(cat "/opt/PurpleComputing/SCIM"/scimdomain)
    if [[ $domain_name = *.* ]]
    then
        break
    fi
    echo "Please enter a fully-qualified domain name."
done

while :
do
    scimsession_file="/opt/PurpleComputing/SCIM/scimsession"
    if [[ -f "$scimsession_file" ]]
    then
        break
    fi
    echo "File '$scimsession_file' does not exist at that path, please try again." >&2
done

echo " "
echo "Using the following parameters to deploy the SCIM Bridge"
echo "Deployment type:" $docker_type
echo "scimsession file path:" $scimsession_file
echo "Domain name:" $domain_name
echo "Google Workspace as IdP:" $workspace

if $workspaceIdP
then
    echo "Workspace settings file path:" $workspace_settings
    echo "Google Service Account credentials file path:" $google_credentials
fi

while ! [[ "$proceed" =~ ^([yY][eE][sS]|[yY])$ ]]; do
    proceed=y
    if [[ "$proceed" =~ ^([nN][oO][nN])$ ]]
    then
        echo "Exiting..."
        exit 0
    fi
done

# place the domain name into the deployment file, in a backup
docker_file_path=$docker_path/$docker_type
docker_file=$docker_file_path/docker-compose.yml
gw_docker_file=$docker_file_path/gw-docker-compose.yml
docker_backup_file=$docker_file_path/docker-compose.yml.bak
gw_docker_backup_file=$docker_file_path/gw_docker-compose.yml.bak
cp $docker_file $docker_backup_file
sed -i  -e "s/^OP_LETSENCRYPT_DOMAIN=.*$/OP_LETSENCRYPT_DOMAIN=$domain_name/" $docker_file_path/scim.env

# run the function associated with the Docker type selected
if [[ "$docker_type" == "compose" ]]
then
    run_docker_compose
elif [[ "$docker_type" == "swarm" ]]
then
    cp $gw_docker_file $gw_docker_backup_file
    run_docker_swarm
fi

echo " "
echo "Deployment of the 1Password SCIM Bridge is complete!"
echo " "
echo "If you have any issues deploying the SCIM Bridge, please either reach out to 1Password Business Support, or look through our helpful discussion forums: https://discussions.agilebits.com/categories/scim-bridge"
echo " "