go 버전업 && ory 설정파일들 자동 생성 스크립트 추가

scripts/render_ory_config.sh

@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+OUTPUT_DIR="${ORY_CONFIG_OUTPUT_DIR:-$ROOT_DIR/config/.generated/ory}"
+TEMPLATE_ROOT="${ORY_CONFIG_TEMPLATE_ROOT:-$ROOT_DIR/docker/ory}"
+
+load_env_file() {
+  local env_file="$1"
+  if [[ -f "$env_file" ]]; then
+    set -a
+    # shellcheck disable=SC1090
+    source "$env_file"
+    set +a
+  fi
+}
+
+fail() {
+  echo "[ory-config] ERROR: $1" >&2
+  exit 1
+}
+
+render_template() {
+  local src="$1"
+  local dst="$2"
+  mkdir -p "$(dirname "$dst")"
+  perl -pe '
+    s/\$\{([A-Za-z_][A-Za-z0-9_]*)(:-([^}]*))?\}/
+      exists $ENV{$1} ? $ENV{$1} : defined $3 ? $3 : die "missing env var: $1\n"
+    /gex
+  ' "$src" > "$dst"
+}
+
+copy_if_exists() {
+  local src="$1"
+  local dst="$2"
+  if [[ -e "$src" ]]; then
+    mkdir -p "$(dirname "$dst")"
+    cp -a "$src" "$dst"
+  fi
+}
+
+if [[ -n "${ORY_CONFIG_ENV_FILES:-}" ]]; then
+  IFS=':' read -r -a env_files <<<"$ORY_CONFIG_ENV_FILES"
+  for env_file in "${env_files[@]}"; do
+    load_env_file "$env_file"
+  done
+else
+  load_env_file "$ROOT_DIR/.env"
+  load_env_file "$ROOT_DIR/config/.generated/auth-config.env"
+fi
+
+ORY_POSTGRES_USER="${ORY_POSTGRES_USER:-ory}"
+ORY_POSTGRES_PASSWORD="${ORY_POSTGRES_PASSWORD:-secret}"
+KRATOS_DB="${KRATOS_DB:-ory_kratos}"
+HYDRA_DB="${HYDRA_DB:-ory_hydra}"
+KETO_DB="${KETO_DB:-ory_keto}"
+KRATOS_DSN="${KRATOS_DSN:-postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KRATOS_DB}?sslmode=disable&max_conns=20}"
+HYDRA_DSN="${HYDRA_DSN:-postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB}?sslmode=disable&max_conns=20}"
+KETO_DSN="${KETO_DSN:-postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB}?sslmode=disable&max_conns=20}"
+HYDRA_SYSTEM_SECRET="${HYDRA_SYSTEM_SECRET:-${SECRETS_SYSTEM:-${ORY_POSTGRES_PASSWORD}}}"
+OATHKEEPER_INTROSPECT_CLIENT_ID="${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}"
+OATHKEEPER_INTROSPECT_CLIENT_SECRET="${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}"
+
+export KRATOS_DSN HYDRA_DSN KETO_DSN HYDRA_SYSTEM_SECRET
+export OATHKEEPER_INTROSPECT_CLIENT_ID OATHKEEPER_INTROSPECT_CLIENT_SECRET
+
+rm -rf "$OUTPUT_DIR"
+mkdir -p "$OUTPUT_DIR"
+
+render_template "$TEMPLATE_ROOT/kratos/kratos.yml.template" "$OUTPUT_DIR/kratos/kratos.yml"
+copy_if_exists "$TEMPLATE_ROOT/kratos/identity.schema.json" "$OUTPUT_DIR/kratos/identity.schema.json"
+copy_if_exists "$TEMPLATE_ROOT/kratos/courier-http.jsonnet" "$OUTPUT_DIR/kratos/courier-http.jsonnet"
+if [[ -d "$TEMPLATE_ROOT/kratos/courier-templates" ]]; then
+  mkdir -p "$OUTPUT_DIR/kratos"
+  cp -a "$TEMPLATE_ROOT/kratos/courier-templates" "$OUTPUT_DIR/kratos/courier-templates"
+fi
+
+render_template "$TEMPLATE_ROOT/hydra/hydra.yml.template" "$OUTPUT_DIR/hydra/hydra.yml"
+
+render_template "$TEMPLATE_ROOT/keto/keto.yml.template" "$OUTPUT_DIR/keto/keto.yml"
+copy_if_exists "$TEMPLATE_ROOT/keto/namespaces.ts" "$OUTPUT_DIR/keto/namespaces.ts"
+copy_if_exists "$TEMPLATE_ROOT/keto/namespaces.yml" "$OUTPUT_DIR/keto/namespaces.yml"
+
+render_template "$TEMPLATE_ROOT/oathkeeper/oathkeeper.yml.template" "$OUTPUT_DIR/oathkeeper/oathkeeper.yml"
+copy_if_exists "$TEMPLATE_ROOT/oathkeeper/entrypoint.sh" "$OUTPUT_DIR/oathkeeper/entrypoint.sh"
+chmod +x "$OUTPUT_DIR/oathkeeper/entrypoint.sh"
+for rules_file in "$TEMPLATE_ROOT"/oathkeeper/rules*.json; do
+  [[ -e "$rules_file" ]] || continue
+  copy_if_exists "$rules_file" "$OUTPUT_DIR/oathkeeper/$(basename "$rules_file")"
+done
+
+if find "$OUTPUT_DIR" -type f \( -name '*.yml' -o -name '*.yaml' -o -name '*.json' -o -name '*.toml' \) -print0 | xargs -0 grep -n '\${' >/tmp/ory-render-unresolved.$$ 2>/dev/null; then
+  cat /tmp/ory-render-unresolved.$$ >&2
+  rm -f /tmp/ory-render-unresolved.$$
+  fail "rendered Ory config contains unresolved placeholders"
+fi
+rm -f /tmp/ory-render-unresolved.$$
+
+echo "[ory-config] wrote: $OUTPUT_DIR"