feat: unify admin identity — SAAS_ADMIN_USER is the email in SaaS mode
Move deployment mode question before admin credentials so the installer can validate email format in SaaS mode. Remove separate SAAS_ADMIN_EMAIL — the admin user value IS the email address. In standalone mode, any username is still accepted. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
62
install.sh
62
install.sh
@@ -56,7 +56,7 @@ AUTH_HOST=""
|
||||
PUBLIC_PROTOCOL=""
|
||||
ADMIN_USER=""
|
||||
ADMIN_PASS=""
|
||||
ADMIN_EMAIL=""
|
||||
|
||||
TLS_MODE=""
|
||||
CERT_FILE=""
|
||||
KEY_FILE=""
|
||||
@@ -169,7 +169,7 @@ parse_args() {
|
||||
--public-protocol) PUBLIC_PROTOCOL="$2"; shift ;;
|
||||
--admin-user) ADMIN_USER="$2"; shift ;;
|
||||
--admin-password) ADMIN_PASS="$2"; shift ;;
|
||||
--admin-email) ADMIN_EMAIL="$2"; shift ;;
|
||||
|
||||
--tls-mode) TLS_MODE="$2"; shift ;;
|
||||
--cert-file) CERT_FILE="$2"; shift ;;
|
||||
--key-file) KEY_FILE="$2"; shift ;;
|
||||
@@ -264,7 +264,7 @@ load_config_file() {
|
||||
public_protocol) [ -z "$PUBLIC_PROTOCOL" ] && PUBLIC_PROTOCOL="$value" ;;
|
||||
admin_user) [ -z "$ADMIN_USER" ] && ADMIN_USER="$value" ;;
|
||||
admin_password) [ -z "$ADMIN_PASS" ] && ADMIN_PASS="$value" ;;
|
||||
admin_email) [ -z "$ADMIN_EMAIL" ] && ADMIN_EMAIL="$value" ;;
|
||||
|
||||
tls_mode) [ -z "$TLS_MODE" ] && TLS_MODE="$value" ;;
|
||||
cert_file) [ -z "$CERT_FILE" ] && CERT_FILE="$value" ;;
|
||||
key_file) [ -z "$KEY_FILE" ] && KEY_FILE="$value" ;;
|
||||
@@ -295,7 +295,7 @@ load_env_overrides() {
|
||||
[ -z "$PUBLIC_PROTOCOL" ] && PUBLIC_PROTOCOL="$_ENV_PUBLIC_PROTOCOL"
|
||||
[ -z "$ADMIN_USER" ] && ADMIN_USER="${SAAS_ADMIN_USER:-}"
|
||||
[ -z "$ADMIN_PASS" ] && ADMIN_PASS="${SAAS_ADMIN_PASS:-}"
|
||||
[ -z "$ADMIN_EMAIL" ] && ADMIN_EMAIL="${SAAS_ADMIN_EMAIL:-}"
|
||||
|
||||
[ -z "$TLS_MODE" ] && TLS_MODE="$_ENV_TLS_MODE"
|
||||
[ -z "$CERT_FILE" ] && CERT_FILE="$_ENV_CERT_FILE"
|
||||
[ -z "$KEY_FILE" ] && KEY_FILE="$_ENV_KEY_FILE"
|
||||
@@ -429,7 +429,35 @@ run_simple_prompts() {
|
||||
|
||||
prompt INSTALL_DIR "Install directory" "${INSTALL_DIR:-$DEFAULT_INSTALL_DIR}"
|
||||
prompt PUBLIC_HOST "Public hostname" "${PUBLIC_HOST:-localhost}"
|
||||
prompt ADMIN_USER "Admin username" "${ADMIN_USER:-$DEFAULT_ADMIN_USER}"
|
||||
|
||||
echo ""
|
||||
echo " Deployment mode:"
|
||||
echo " [1] Multi-tenant SaaS — manage platform, provision tenants on demand"
|
||||
echo " [2] Single-tenant — one server instance, local auth, no identity provider"
|
||||
echo ""
|
||||
local deploy_choice
|
||||
read -rp " Select mode [1]: " deploy_choice
|
||||
case "${deploy_choice:-1}" in
|
||||
2)
|
||||
DEPLOYMENT_MODE="standalone"
|
||||
;;
|
||||
*)
|
||||
DEPLOYMENT_MODE="saas"
|
||||
;;
|
||||
esac
|
||||
|
||||
echo ""
|
||||
if [ "$DEPLOYMENT_MODE" = "saas" ]; then
|
||||
prompt ADMIN_USER "Admin email" "${ADMIN_USER:-admin@${PUBLIC_HOST:-localhost}}"
|
||||
# Validate email: must contain @
|
||||
if ! echo "$ADMIN_USER" | grep -q '@'; then
|
||||
local original="$ADMIN_USER"
|
||||
ADMIN_USER="${ADMIN_USER}@${PUBLIC_HOST:-localhost}"
|
||||
log_info "Appended domain: '${original}' -> '${ADMIN_USER}'"
|
||||
fi
|
||||
else
|
||||
prompt ADMIN_USER "Admin username" "${ADMIN_USER:-$DEFAULT_ADMIN_USER}"
|
||||
fi
|
||||
|
||||
if prompt_yesno "Auto-generate admin password?" "y"; then
|
||||
ADMIN_PASS=""
|
||||
@@ -459,22 +487,6 @@ run_simple_prompts() {
|
||||
prompt_password REGISTRY_TOKEN "Registry token/password" "${REGISTRY_TOKEN:-}"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo " Deployment mode:"
|
||||
echo " [1] Multi-tenant SaaS — manage platform, provision tenants on demand"
|
||||
echo " [2] Single-tenant — one server instance, local auth, no identity provider"
|
||||
echo ""
|
||||
local deploy_choice
|
||||
read -rp " Select mode [1]: " deploy_choice
|
||||
case "${deploy_choice:-1}" in
|
||||
2)
|
||||
DEPLOYMENT_MODE="standalone"
|
||||
;;
|
||||
*)
|
||||
DEPLOYMENT_MODE="saas"
|
||||
;;
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
run_expert_prompts() {
|
||||
@@ -601,9 +613,7 @@ generate_passwords() {
|
||||
ADMIN_PASS=$(generate_password)
|
||||
log_info "Generated admin password."
|
||||
fi
|
||||
if [ -z "$ADMIN_EMAIL" ]; then
|
||||
ADMIN_EMAIL="${ADMIN_USER}@${PUBLIC_HOST:-localhost}"
|
||||
fi
|
||||
|
||||
if [ -z "$POSTGRES_PASSWORD" ]; then
|
||||
POSTGRES_PASSWORD=$(generate_password)
|
||||
log_info "Generated PostgreSQL password."
|
||||
@@ -712,7 +722,6 @@ POSTGRES_DB=cameleer_saas
|
||||
|
||||
# Admin user
|
||||
SAAS_ADMIN_USER=${ADMIN_USER}
|
||||
SAAS_ADMIN_EMAIL=${ADMIN_EMAIL}
|
||||
|
||||
# TLS
|
||||
NODE_TLS_REJECT=${NODE_TLS_REJECT}
|
||||
@@ -926,7 +935,6 @@ public_host=${PUBLIC_HOST}
|
||||
auth_host=${AUTH_HOST}
|
||||
public_protocol=${PUBLIC_PROTOCOL}
|
||||
admin_user=${ADMIN_USER}
|
||||
admin_email=${ADMIN_EMAIL}
|
||||
tls_mode=${TLS_MODE}
|
||||
http_port=${HTTP_PORT}
|
||||
https_port=${HTTPS_PORT}
|
||||
@@ -983,7 +991,6 @@ EOF
|
||||
Admin Console: ${PUBLIC_PROTOCOL}://${PUBLIC_HOST}/platform/
|
||||
Admin User: ${ADMIN_USER}
|
||||
Admin Password: ${ADMIN_PASS}
|
||||
Admin Email: ${ADMIN_EMAIL}
|
||||
|
||||
PostgreSQL: cameleer / ${POSTGRES_PASSWORD}
|
||||
ClickHouse: default / ${CLICKHOUSE_PASSWORD}
|
||||
@@ -1301,7 +1308,6 @@ print_credentials() {
|
||||
fi
|
||||
echo -e " Admin User: ${BOLD}${ADMIN_USER}${NC}"
|
||||
echo -e " Admin Password: ${BOLD}${ADMIN_PASS}${NC}"
|
||||
echo -e " Admin Email: ${BOLD}${ADMIN_EMAIL}${NC}"
|
||||
echo ""
|
||||
echo -e " PostgreSQL: cameleer / ${POSTGRES_PASSWORD}"
|
||||
echo -e " ClickHouse: default / ${CLICKHOUSE_PASSWORD}"
|
||||
|
||||
Reference in New Issue
Block a user