mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-27 00:09:34 +01:00
51502af218
support IDP management configuration using configure.sh script Add initial Zitadel configuration script
123 lines
3.6 KiB
Bash
123 lines
3.6 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
request_jwt_token() {
|
|
INSTANCE_URL=$1
|
|
BODY="grant_type=client_credentials&scope=urn:zitadel:iam:org:project:id:zitadel:aud&client_id=$ZITADEL_CLIENT_ID&client_secret=$ZITADEL_CLIENT_SECRET"
|
|
|
|
RESPONSE=$(
|
|
curl -X POST "$INSTANCE_URL/oauth/v2/token" \
|
|
-H "Content-Type: application/x-www-form-urlencoded" \
|
|
-d "$BODY"
|
|
)
|
|
echo "$RESPONSE" | jq -r '.access_token'
|
|
}
|
|
|
|
create_new_project() {
|
|
INSTANCE_URL=$1
|
|
ACCESS_TOKEN=$2
|
|
PROJECT_NAME="NETBIRD"
|
|
|
|
RESPONSE=$(
|
|
curl -X POST "$INSTANCE_URL/management/v1/projects" \
|
|
-H "Authorization: Bearer $ACCESS_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"name": "'"$PROJECT_NAME"'"}'
|
|
)
|
|
echo "$RESPONSE" | jq -r '.id'
|
|
}
|
|
|
|
create_new_application() {
|
|
INSTANCE_URL=$1
|
|
ACCESS_TOKEN=$2
|
|
APPLICATION_NAME="netbird"
|
|
|
|
RESPONSE=$(
|
|
curl -X POST "$INSTANCE_URL/management/v1/projects/$PROJECT_ID/apps/oidc" \
|
|
-H "Authorization: Bearer $ACCESS_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"name": "'"$APPLICATION_NAME"'",
|
|
"redirectUris": [
|
|
"'"$BASE_REDIRECT_URL"'/auth"
|
|
],
|
|
"RESPONSETypes": [
|
|
"OIDC_RESPONSE_TYPE_CODE"
|
|
],
|
|
"grantTypes": [
|
|
"OIDC_GRANT_TYPE_AUTHORIZATION_CODE",
|
|
"OIDC_GRANT_TYPE_REFRESH_TOKEN"
|
|
],
|
|
"appType": "OIDC_APP_TYPE_USER_AGENT",
|
|
"authMethodType": "OIDC_AUTH_METHOD_TYPE_NONE",
|
|
"postLogoutRedirectUris": [
|
|
"'"$BASE_REDIRECT_URL"'/silent-auth"
|
|
],
|
|
"version": "OIDC_VERSION_1_0",
|
|
"devMode": '"$ZITADEL_DEV_MODE"',
|
|
"accessTokenType": "OIDC_TOKEN_TYPE_JWT",
|
|
"accessTokenRoleAssertion": true,
|
|
"skipNativeAppSuccessPage": true
|
|
}'
|
|
)
|
|
echo "$RESPONSE" | jq -r '.clientId'
|
|
}
|
|
|
|
configure_zitadel_instance() {
|
|
# extract zitadel instance url
|
|
INSTANCE_URL=$(echo "$NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT" | sed 's/\/\.well-known\/openid-configuration//')
|
|
DOC_URL="https://netbird.io/docs/integrations/identity-providers/self-hosted/using-netbird-with-zitadel#step-4-create-a-service-user"
|
|
|
|
echo ""
|
|
printf "configuring zitadel instance: $INSTANCE_URL \n \
|
|
before proceeding, please create a new service account for authorization by following the instructions (step 4 and 5
|
|
) in the documentation at %s\n" "$DOC_URL"
|
|
echo "Please ensure that the new service account has 'Org Owner' permission in order for this to work."
|
|
echo ""
|
|
|
|
read -n 1 -s -r -p "press any key to continue..."
|
|
echo ""
|
|
|
|
# prompt the user to enter service account clientID
|
|
echo ""
|
|
read -r -p "enter service account ClientId: " ZITADEL_CLIENT_ID
|
|
echo ""
|
|
|
|
# Prompt the user to enter service account clientSecret
|
|
read -r -p "enter service account ClientSecret: " ZITADEL_CLIENT_SECRET
|
|
echo ""
|
|
|
|
# get an access token from zitadel
|
|
echo "retrieving access token from zitadel"
|
|
ACCESS_TOKEN=$(request_jwt_token "$INSTANCE_URL")
|
|
if [ "$ACCESS_TOKEN" = "null" ]; then
|
|
echo "failed requesting access token"
|
|
exit 1
|
|
fi
|
|
|
|
# create the zitadel project
|
|
echo "creating new zitadel project"
|
|
PROJECT_ID=$(create_new_project "$INSTANCE_URL" "$ACCESS_TOKEN")
|
|
if [ "$PROJECT_ID" = "null" ]; then
|
|
echo "failed creating new zitadel project"
|
|
exit 1
|
|
fi
|
|
|
|
ZITADEL_DEV_MODE=false
|
|
if [[ $NETBIRD_DOMAIN == *"localhost"* ]]; then
|
|
BASE_REDIRECT_URL="http://$NETBIRD_DOMAIN"
|
|
ZITADEL_DEV_MODE=true
|
|
else
|
|
BASE_REDIRECT_URL="https://$NETBIRD_DOMAIN"
|
|
fi
|
|
|
|
# create zitadel spa application
|
|
echo "creating new zitadel spa application"
|
|
APPLICATION_CLIENT_ID=$(create_new_application "$INSTANCE_URL" "$ACCESS_TOKEN")
|
|
if [ "$APPLICATION_CLIENT_ID" = "null" ]; then
|
|
echo "failed creating new zitadel spa application"
|
|
exit 1
|
|
fi
|
|
}
|