Despair all ye who enter here: this code delicately threads a needle between the fickle threads of The Beast from before time, the nameless darkness that lives deep below the consciousness of all living beings, the shiver down your spine in the moment between darkness and light: the WSO2 Identity Server 5.7.0. Herein lies a sanity-destroying labyrinth of delicate workarounds, confusing implementation details and incomplete or incorrect documentation around every corner. And worse: SOAP. Go back, now, you of untainted soul! If, accursed, you must venture forth, may your sacrifice not be in vain.
A standalone script that can be used to initialise an WSO2 Identity Server with
- an OAuth2 authentication server
- preconfigured users
- preconfigured user roles
Information about WSO2IS REST API can be found here:
- https://docs.wso2.com/display/IS570/apidocs/SCIM2-endpoints/
- https://docs.wso2.com/display/IS570/Using+the+SCIM+2.0+REST+APIs
Information about the SOAP API used can be found here:
cd src
npm ci
-
Set values in your environment as described below:
Environment var name Description Default WSO2_HOST The URL and port number for the WSO2 Identity Server instance https://localhost:9443
AUTHENTICATION_CREDENTIALS_USERNAME The username of the WSO2 admin user admin
AUTHENTICATION_CREDENTIALS_USERNAME The password of the WSO2 admin user admin
APPLICATION_NAME The desired name of the WSO2 "application" (also known as a "service provider") that will be created portaloauth
AUTH_SERVER_CLIENTKEY The key that will be used to identify the aforementioned application A random string that matches /^[A-Za-z0-0_]{30}$/
AUTH_SERVER_CLIENTSECRET The secret string that will be used to identify the aforementioned application A random string that matches /^[A-Za-z0-0_]{30}$/
Note that using a user that does not have full admin permissions has not been tested and is not advised. It may fail in unexpected ways.
-
Populate the
imports/users.json
file with the desired entries. Defaults exist in the existing file.
Start a properly configured (by the volume-mounted config file) WSO2 instance:
docker run \
-p 9443:9443 \
--name=wso2 \
--network=portal-net \
--rm \
--volume=$PWD/integration_test/manifests/wso2is/identity.xml:/home/wso2carbon/wso2is-km-5.7.0/repository/conf/identity/identity.xml \
wso2/wso2is-km:5.7.0
Install dependencies and run the application:
npm run start
npm run test
-
Get yourself a Kubernetes cluster. This is left as an exercise for the reader. However, some recommended solutions:
- k3d on your local machine
- DigitalOcean, easy to set up an account + billing, then for a single-node cluster in region
London 1:
See regions with
doctl kubernetes cluster create pah \ --region lon1 \ --count 1 \ --size 's-2vcpu-4gb' \ --wait
doctl compute region list
. - Minikube. The author cannot speak to this solution.
- Don't bother, instead push your changes to a branch and check out the result of the
-
If your cluster is well-supported by Skaffold (such as
k3d
, perhaps Minikube?), your image will be built and pushed direct to the cluster nodes when you run:skaffold run
If it is not, you will need to
- Get access to a docker registry you can push to and pull from
- Add your credentials to
./integration_test/local/.dockerconfigjson
according to these instructions: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/. Be very careful not to share these. There is a.gitignore
file to reduce the likelihood you will do this. - Run Skaffold with
For GHCR, for example:
skaffold run -d your-registry-uri.tld
skaffold run -d ghcr.io/your-github-username
This will force changes to jobs, statefulsets, etc.
skaffold run -d your-registry.io --force
- Clone the finance portal repo
git clone https://github.com/mojaloop/finance-portal-backend-service
- Modify the
build
section ofskaffold.yaml
to add this section. Changebuild.artifacts[0].context
(current value of/your/local/path/to/local/clone/of/finance-portal-backend-service
) to be the path to your local clone of the portal backend:build: artifacts: - image: mojaloop/finance-portal-backend-service context: /your/local/path/to/local/clone/of/finance-portal-backend-service docker: dockerfile: Dockerfile - image: ghcr.io/mojaloop/wso2is-populate docker: dockerfile: Dockerfile
- Make local changes to your local clone of the portal backend, then
skaffold run
(orskaffold run -d your-registry-uri.tld
) to see your changes in your cluster.