env: consistent root and organisation secret

openkfw · Apr 27, 2021 · 059c01f · 059c01f
1 parent 322c7c9
commit 059c01f
Show file tree

Hide file tree

Showing 21 changed files with 146 additions and 143 deletions.
diff --git a/README.md b/README.md
@@ -123,7 +123,7 @@ Well, let's create a new organization (`CoolNewOrga`) which wants to connect to
 ```
 ...
 ORGANIZATION=CoolNewOrga
-ORGANIZATION_VAULT_SECRET=moresecretthananythingelse
+ORGANIZATION_VAULT_SECRET=secret
 ...
 P2P_TEST_HOST=51.51.51.51
 P2P_TEST_PORT=7448

diff --git a/api/postman/TruBudget.postman_collection.json b/api/postman/TruBudget.postman_collection.json
@@ -23,7 +23,7 @@
             ],
             "body": {
               "mode": "raw",
-              "raw": "{\n\t\"apiVersion\": \"1.0\",\n\t\"data\": {\n\t\t\"user\": {\n\t\t\t\"id\": \"root\",\n\t\t\t\"password\": \"asdf\"\n\t\t}\n\t}\n}"
+              "raw": "{\n\t\"apiVersion\": \"1.0\",\n\t\"data\": {\n\t\t\"user\": {\n\t\t\t\"id\": \"root\",\n\t\t\t\"password\": \"root-secret\"\n\t\t}\n\t}\n}"
             },
             "url": {
               "raw": "{{host}}:{{port}}{{base}}/user.authenticate",

diff --git a/api/postman/TruBudget.postman_environment.json b/api/postman/TruBudget.postman_environment.json
@@ -44,7 +44,7 @@
     },
     {
       "key": "password",
-      "value": "asdf",
+      "value": "root-secret",
       "enabled": true
     },
     {

diff --git a/dangerfile.js b/dangerfile.js
@@ -12,6 +12,37 @@ const provisioningSources = danger.git.fileMatch("provisioning/src/**/*");
 const e2eTestSources = danger.git.fileMatch("e2e-test/cypress/**/*");
 const excelExportSources = danger.git.fileMatch("excel-export/src/**/*");
 
+const envExampleFiles = danger.git.modified_files.filter((path) =>
+  path.endsWith(".env_example")
+);
+envExampleFiles.forEach((file) =>
+  getChanges(file).then((changes) => {
+    const rootSecrets = changes.reduce((res, { content, type }) => {
+      if (content.includes("ROOT_SECRET") && type === "add")
+        if (content.includes("'") || content.includes('"'))
+          res.push(content.split("=")[1].slice(1, -1));
+        else res.push(content.split("=")[1]);
+
+      return res;
+    }, []);
+    const orgaVaultSecrets = changes.reduce((res, { content, type }) => {
+      if (content.includes("ORGANIZATION_VAULT_SECRET") && type === "add")
+        if (content.includes("'") || content.includes('"'))
+          res.push(content.split("=")[1].slice(1, -1));
+        else res.push(content.split("=")[1]);
+      return res;
+    }, []);
+    if (!rootSecrets.every((val, i, arr) => val === "root-secret")) {
+      warn("Make sure the Root-Secret is the same in all .env_example files");
+    }
+    if (!orgaVaultSecrets.every((val, i, arr) => val === "secret")) {
+      warn(
+        "Make sure the Organization-Vault-Secret is the same in all .env_example files"
+      );
+    }
+  })
+);
+
 const title = danger.github.pr.title.toLowerCase();
 const trivialPR = title.includes("refactor");
 const changelogChanges = includes(danger.git.modified_files, "CHANGELOG.md");

diff --git a/doc/installation/Developer-Setup.md b/doc/installation/Developer-Setup.md
@@ -230,28 +230,16 @@ cd ../api
 
 1. Set environment variables
 
-- Terminal Mac/Git Bash
-
-```bash
-export ORGANIZATION=ACMECorp
-export RPC_HOST=127.0.0.1
-export RPC_PORT=8000
-export PORT=8080
-export ROOT_SECRET='asdf'
-export ORGANIZATION_VAULT_SECRET="asdf"
-export RPC_PASSWORD=s750SiJnj50yIrmwxPnEdSzpfGlTAHzhaUwgqKeb0G1j
-```
-
-- Windows Command Prompt / PowerShell
+- Rename the .env_example file to .env and set following environment variables accordingly.
 
 ```bash
-SET ORGANIZATION=ACMECorp
-SET RPC_HOST=127.0.0.1
-SET RPC_PORT=8000
-SET PORT=8080
-SET ROOT_SECRET='asdf'
-SET ORGANIZATION_VAULT_SECRET="asdf"
-SET RPC_PASSWORD=s750SiJnj50yIrmwxPnEdSzpfGlTAHzhaUwgqKeb0G1j
+ORGANIZATION=ACMECorp
+RPC_HOST=127.0.0.1
+RPC_PORT=8000
+PORT=8080
+ROOT_SECRET='root-secret'
+ORGANIZATION_VAULT_SECRET="secret"
+RPC_PASSWORD=s750SiJnj50yIrmwxPnEdSzpfGlTAHzhaUwgqKeb0G1j
 ```
 
 2. Install node-modules
@@ -312,16 +300,10 @@ cd ../frontend
 
 1. Set environment variables
 
-- Terminal Mac/Git Bash
-
-```bash
-export PORT=3000
-```
-
-- Windows Command Prompt / PowerShell
+- Rename the .env_example file to .env and set following environment variables accordingly.
 
 ```bash
-SET PORT=3000
+PORT=3000
 ```
 
 **Additionally** you can connect the frontend to the optional excel export service, by adding the environment variables mentioned in the excel-export section of the [README.md](https://github.com/openkfw/TruBudget/blob/master/frontend/README.md#Excel-Export-Service)
@@ -358,19 +340,12 @@ cd ../provisioning
 
 1. Set environment variables
 
-- Terminal Mac/Git Bash
-
-```bash
-export API_PORT=8080
-export ORGANIZATION=ACMECorp
-```
-
-- Windows Command Prompt / PowerShell
+- Rename the .env_example file to .env and set following environment variables accordingly.
 
 ```bash
-SET API_PORT=8080
-SET ORGANIZATION=ACMECorp
-SET ROOT_SECRET='asdf'
+API_PORT=8080
+ORGANIZATION=ACMECorp
+ROOT_SECRET='root-secret'
 ```
 
 2. Install node-modules
@@ -398,24 +373,14 @@ cd ../excel-export
 
 1. Set environment variables
 
-- Terminal Mac/Git Bash
-
-```bash
-export PROD_API_PORT=8080
-export TEST_API_PORT=8080
-export PROD_API_HOST="localhost"
-export TEST_API_HOST="localhost"
-export PORT=8888
-```
-
-- Windows Command Prompt / PowerShell
+- Rename the .env_example file to .env and set following environment variables accordingly.
 
 ```bash
-SET PROD_API_PORT=8080
-SET TEST_API_PORT=8080
-SET PROD_API_HOST="localhost"
-SET TEST_API_HOST="localhost"
-SET PORT=8888
+PROD_API_PORT=8080
+TEST_API_PORT=8080
+PROD_API_HOST="localhost"
+TEST_API_HOST="localhost"
+PORT=8888
 ```
 
 2. Install node-modules

diff --git a/doc/tutorials/connect-to-network/bare-metal.md b/doc/tutorials/connect-to-network/bare-metal.md
@@ -3,12 +3,13 @@
 This guide describes how to connect to an existing network without the use of Docker, Docker-Compose or Kubernetes. Before starting the network make sure to [install the necessary software on your machine.](../bare-metal-installation.md)
 
 ## Table of Contents
+
 - [Connect to an Existing Network Directly from Machine](#connect-to-an-existing-network-directly-from-machine)
   - [Table of Contents](#table-of-contents)
   - [Get the repository](#get-the-repository)
   - [Blockchain](#blockchain)
   - [API](#api)
-      - [Log-Rotation](#log-rotation)
+    - [Log-Rotation](#log-rotation)
   - [Excel Export](#excel-export)
     - [Set Environment Variables](#set-environment-variables)
     - [Install Node Modules](#install-node-modules)
@@ -127,8 +128,8 @@ If you provisioned a Blockchain of the type "Connect to an existing network" set
 export ORGANIZATION="YourOrga" (same as for the Blockchain configuration)
 export RPC_HOST=localhost
 export RPC_PORT=8000
-export ORGANIZATION_VAULT_SECRET=test
-export ROOT_SECRET=test
+export ORGANIZATION_VAULT_SECRET=secret
+export ROOT_SECRET=root-secret
 export RPC_PASSWORD="password"
 ```
 
@@ -215,7 +216,7 @@ cd ../excel-export
 
 ### Set Environment Variables
 
-The following environment variables need to be set: 
+The following environment variables need to be set:
 
 - Terminal Mac/Git Bash
 
@@ -229,6 +230,7 @@ export ACCESS_CONTROL_ALLOW_ORIGIN="*"
 ```
 
 - Terminal Windows/Command Shell
+
 ```bash
 SET PROD_API_HOST=127.0.0.1
 SET TEST_API_HOST=127.0.0.1
@@ -240,7 +242,7 @@ SET ACCESS_CONTROL_ALLOW_ORIGIN="*"
 
 ### Install Node Modules
 
-Install the node modules via 
+Install the node modules via
 
 ```bash
 npm install

diff --git a/doc/tutorials/connect-to-network/connect-docker-compose.md b/doc/tutorials/connect-to-network/connect-docker-compose.md
@@ -97,7 +97,7 @@ The `.env` file to connect to an existing Blockchain network should consist of t
 API_PORT=8080
 RPC_PORT=8000
 ORGANIZATION=TheNewOrganization
-ORGANIZATION_VAULT_SECRET=othersecret
+ORGANIZATION_VAULT_SECRET=secret
 TAG=master
 ROOT_SECRET=root-secret
 P2P_TEST_HOST=52.52.52.52

diff --git a/doc/tutorials/create-new-network/bare-metal.md b/doc/tutorials/create-new-network/bare-metal.md
@@ -89,15 +89,15 @@ stdout: Node ready.
 Set the environment parameters listed below on the machine:
 
 ```bash
-export ORGANIZATION="MyOrga"
+export ORGANIZATION=MyOrga
 export P2P_PORT=7447
 export RPC_PORT=8000
 export PORT=8080
 export RPC_HOST=127.0.0.1
-export RPC_USER="multichainrpc"
-export RPC_PASSWORD="password"
-export ORGANIZATION_VAULT_SECRET="asdf"
-export ROOT_SECRET="asdf"
+export RPC_USER=multichainrpc
+export RPC_PASSWORD=password
+export ORGANIZATION_VAULT_SECRET=secret
+export ROOT_SECRET=root-secret
 ```
 
 Once Node.js is installed navigate into the `api` directory and run the following commands to start the API:
@@ -192,7 +192,7 @@ cd ../excel-export
 
 ### Set Environment Variables
 
-The following environment variables need to be set: 
+The following environment variables need to be set:
 
 - Terminal Mac/Git Bash
 
@@ -206,6 +206,7 @@ export ACCESS_CONTROL_ALLOW_ORIGIN="*"
 ```
 
 - Terminal Windows/Command Shell
+
 ```bash
 SET PROD_API_HOST=127.0.0.1
 SET TEST_API_HOST=127.0.0.1
@@ -217,7 +218,7 @@ SET ACCESS_CONTROL_ALLOW_ORIGIN="*"
 
 ### Install Node Modules
 
-Install the node modules via 
+Install the node modules via
 
 ```bash
 npm install
@@ -247,15 +248,15 @@ cd ../provisioning
 ```bash
 export API_PORT=8080
 export ORGANIZATION="MyOrga"
-export ROOT_SECRET=test
+export ROOT_SECRET=root-secret
 ```
 
 - Terminal Windows/Command Shell
 
 ```bash
 SET API_PORT = 8080
 SET ORGANIZATION = "MyOrga"
-SET ROOT_SECRET = test
+SET ROOT_SECRET = root-secret
 ```
 
 ### Install node-modules

diff --git a/docker-compose/multi/multi-nodes-774.yml b/docker-compose/multi/multi-nodes-774.yml
@@ -4,13 +4,13 @@ services:
     build:
       context: ../../api
     environment:
-      RPC_HOST: master-chain      
+      RPC_HOST: master-chain
       RPC_PORT: ${RPC_PORT}
       RPC_PASSWORD: ${RPC_PASSWORD}
       PORT: ${API_PORT}
       ORGANIZATION: ${ORGANIZATION}
       ORGANIZATION_VAULT_SECRET: ${ORGANIZATION_VAULT_SECRET}
-      ROOT_SECRET: asdf
+      ROOT_SECRET: ${ROOT_SECRET}
       LOG_LEVEL: ${LOG_LEVEL}
       PRETTY_PRINT: ${PRETTY_PRINT}
     links:
@@ -39,7 +39,7 @@ services:
     ports:
       - "7447:7447"
 
-  # frontend cannot be hot-loaded, container contains only built application, no source files 
+  # frontend cannot be hot-loaded, container contains only built application, no source files
   master-frontend:
     # image: trubudget/frontend:latest
     build:
@@ -57,7 +57,6 @@ services:
       - "80:80"
       - "3000:3000"
 
-
   slave-chain:
     # image: trubudget/blockchain:latest
     build:
@@ -72,13 +71,12 @@ services:
       API_HOST: master-api
       API_PORT: ${API_PORT}
     depends_on:
-     - master-chain
+      - master-chain
     links:
-     - master-api
+      - master-api
     ports:
       - "7448:7447" # SLAVE_P2P_PORT
 
-
   slave-chain-2:
     # image: trubudget/blockchain:latest
     build:
@@ -93,8 +91,8 @@ services:
       API_HOST: master-api
       API_PORT: ${API_PORT}
     depends_on:
-     - master-chain
+      - master-chain
     links:
-     - master-api
+      - master-api
     ports:
-      - "7449:7447" # SLAVE_P2P_PORT
+      - "7449:7447" # SLAVE_P2P_PORT