cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use separate CH credentials, remove dead bootstrap code
Some checks failed
CI / build (push) Failing after 41s
Details
CI / docker (push) Has been skipped
Details

Browse Source 
- ClickHouse: pass user/password via ProvisioningProperties instead of
  baking into JDBC URLs. All consumers (InfrastructureService,
  TenantDataCleanupService, DockerTenantProvisioner) use the same source.
- Bootstrap: remove dead tenant config (CAMELEER_AUTH_TOKEN, t-default
  org, example tenant vars) — tenants are created dynamically by vendor.
- Bootstrap JSON: remove unused fields (tenantName, tenantSlug,
  bootstrapToken, tenantAdminUser, organizationId).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-12 14:12:42 +02:00
parent da4a263cd7
commit 96aa6579b0
7 changed files with 13 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docker/logto-bootstrap.sh
View File

@@ -27,13 +27,6 @@ API_RESOURCE_NAME="Cameleer SaaS API"
# Users (configurable via env vars) # Users (configurable via env vars)
SAAS_ADMIN_USER="${SAAS_ADMIN_USER:-admin}" SAAS_ADMIN_USER="${SAAS_ADMIN_USER:-admin}"
SAAS_ADMIN_PASS="${SAAS_ADMIN_PASS:-admin}" SAAS_ADMIN_PASS="${SAAS_ADMIN_PASS:-admin}"
TENANT_ADMIN_USER="${TENANT_ADMIN_USER:-camel}"
TENANT_ADMIN_PASS="${TENANT_ADMIN_PASS:-camel}"
# Tenant config
TENANT_NAME="Example Tenant"
TENANT_SLUG="default"
BOOTSTRAP_TOKEN="${CAMELEER_AUTH_TOKEN:-default-bootstrap-token}"
# Vendor seed (optional — creates saas-vendor role + vendor user) # Vendor seed (optional — creates saas-vendor role + vendor user)
VENDOR_SEED_ENABLED="${VENDOR_SEED_ENABLED:-false}" VENDOR_SEED_ENABLED="${VENDOR_SEED_ENABLED:-false}"
@@ -474,16 +467,9 @@ if [ -n "$ADMIN_TENANT_USER_ID" ] && [ "$ADMIN_TENANT_USER_ID" != "null" ]; then
log "WARNING: admin tenant roles not found" log "WARNING: admin tenant roles not found"
fi fi
# Add to t-default organization with admin role # Switch sign-in mode from Register to SignIn (admin user already created)
admin_api_post "/api/organizations/t-default/users" "{\"userIds\": [\"$ADMIN_TENANT_USER_ID\"]}" >/dev/null 2>&1
TENANT_ADMIN_ORG_ROLE_ID=$(admin_api_get "/api/organization-roles" | jq -r '.[] | select(.name == "admin") | .id')
if [ -n "$TENANT_ADMIN_ORG_ROLE_ID" ] && [ "$TENANT_ADMIN_ORG_ROLE_ID" != "null" ]; then
admin_api_post "/api/organizations/t-default/users/$ADMIN_TENANT_USER_ID/roles" "{\"organizationRoleIds\": [\"$TENANT_ADMIN_ORG_ROLE_ID\"]}" >/dev/null 2>&1
log "Added to t-default organization with admin role."
fi
# Switch admin tenant sign-in mode from Register to SignIn (user already created)
admin_api_patch "/api/sign-in-exp" '{"signInMode": "SignIn"}' >/dev/null 2>&1 admin_api_patch "/api/sign-in-exp" '{"signInMode": "SignIn"}' >/dev/null 2>&1
log "Set admin tenant sign-in mode to SignIn." log "Set sign-in mode to SignIn."
log "SaaS admin granted Logto console access." log "SaaS admin granted Logto console access."
else else
@@ -577,12 +563,7 @@ cat > "$BOOTSTRAP_FILE" <<EOF
"tradAppId": "$TRAD_ID", "tradAppId": "$TRAD_ID",
"tradAppSecret": "$TRAD_SECRET", "tradAppSecret": "$TRAD_SECRET",
"apiResourceIndicator": "$API_RESOURCE_INDICATOR", "apiResourceIndicator": "$API_RESOURCE_INDICATOR",
"organizationId": "$ORG_ID",
"tenantName": "$TENANT_NAME",
"tenantSlug": "$TENANT_SLUG",
"bootstrapToken": "$BOOTSTRAP_TOKEN",
"platformAdminUser": "$SAAS_ADMIN_USER", "platformAdminUser": "$SAAS_ADMIN_USER",
"tenantAdminUser": "$TENANT_ADMIN_USER",
"oidcIssuerUri": "${LOGTO_ENDPOINT}/oidc", "oidcIssuerUri": "${LOGTO_ENDPOINT}/oidc",
"oidcAudience": "$API_RESOURCE_INDICATOR" "oidcAudience": "$API_RESOURCE_INDICATOR"
} }
@@ -680,7 +661,6 @@ if [ "$VENDOR_SEED_ENABLED" = "true" ]; then
[ -n "$ADMIN_USER_ROLE_ID" ] && [ "$ADMIN_USER_ROLE_ID" != "null" ] && V_ROLE_IDS=$(echo "$V_ROLE_IDS" | jq ". + [\"$ADMIN_USER_ROLE_ID\"]") [ -n "$ADMIN_USER_ROLE_ID" ] && [ "$ADMIN_USER_ROLE_ID" != "null" ] && V_ROLE_IDS=$(echo "$V_ROLE_IDS" | jq ". + [\"$ADMIN_USER_ROLE_ID\"]")
[ -n "$ADMIN_ROLE_ID" ] && [ "$ADMIN_ROLE_ID" != "null" ] && V_ROLE_IDS=$(echo "$V_ROLE_IDS" | jq ". + [\"$ADMIN_ROLE_ID\"]") [ -n "$ADMIN_ROLE_ID" ] && [ "$ADMIN_ROLE_ID" != "null" ] && V_ROLE_IDS=$(echo "$V_ROLE_IDS" | jq ". + [\"$ADMIN_ROLE_ID\"]")
[ "$V_ROLE_IDS" != "[]" ] && admin_api_post "/api/users/$VENDOR_CONSOLE_USER_ID/roles" "{\"roleIds\": $V_ROLE_IDS}" >/dev/null 2>&1 [ "$V_ROLE_IDS" != "[]" ] && admin_api_post "/api/users/$VENDOR_CONSOLE_USER_ID/roles" "{\"roleIds\": $V_ROLE_IDS}" >/dev/null 2>&1
admin_api_post "/api/organizations/t-default/users" "{\"userIds\": [\"$VENDOR_CONSOLE_USER_ID\"]}" >/dev/null 2>&1
log "Vendor granted Logto console access." log "Vendor granted Logto console access."
fi fi
else else

4
src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java
View File

@@ -195,7 +195,9 @@ public class DockerTenantProvisioner implements TenantProvisioner {
"SPRING_DATASOURCE_URL=" + props.datasourceUrl(), "SPRING_DATASOURCE_URL=" + props.datasourceUrl(),
"SPRING_DATASOURCE_USERNAME=cameleer", "SPRING_DATASOURCE_USERNAME=cameleer",
"SPRING_DATASOURCE_PASSWORD=cameleer_dev", "SPRING_DATASOURCE_PASSWORD=cameleer_dev",
"CAMELEER_SERVER_CLICKHOUSE_URL=jdbc:clickhouse://clickhouse:8123/cameleer?user=default&password=cameleer_ch", "CAMELEER_SERVER_CLICKHOUSE_URL=jdbc:clickhouse://clickhouse:8123/cameleer",
"CAMELEER_SERVER_CLICKHOUSE_USERNAME=" + props.clickhouseUser(),
"CAMELEER_SERVER_CLICKHOUSE_PASSWORD=" + props.clickhousePassword(),
"CAMELEER_SERVER_TENANT_ID=" + slug, "CAMELEER_SERVER_TENANT_ID=" + slug,
"CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN=" + req.licenseToken(), "CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN=" + req.licenseToken(),
"CAMELEER_SERVER_SECURITY_JWTSECRET=cameleer-dev-jwt-secret-change-in-production", "CAMELEER_SERVER_SECURITY_JWTSECRET=cameleer-dev-jwt-secret-change-in-production",

2
src/main/java/net/siegeln/cameleer/saas/provisioning/ProvisioningProperties.java
View File

@@ -12,6 +12,8 @@ public record ProvisioningProperties(
String publicProtocol, String publicProtocol,
String datasourceUrl, String datasourceUrl,
String clickhouseUrl, String clickhouseUrl,
String clickhouseUser,
String clickhousePassword,
String oidcIssuerUri, String oidcIssuerUri,
String oidcJwkSetUri, String oidcJwkSetUri,
String corsOrigins String corsOrigins

2
src/main/java/net/siegeln/cameleer/saas/provisioning/TenantDataCleanupService.java
View File

@@ -60,7 +60,7 @@ public class TenantDataCleanupService {
return; return;
} }
try (Connection conn = DriverManager.getConnection(url); try (Connection conn = DriverManager.getConnection(url, props.clickhouseUser(), props.clickhousePassword());
Statement stmt = conn.createStatement()) { Statement stmt = conn.createStatement()) {
// Find all tables with a tenant_id column // Find all tables with a tenant_id column

2
src/main/java/net/siegeln/cameleer/saas/vendor/InfrastructureService.java vendored
View File

@@ -275,6 +275,6 @@ public class InfrastructureService {
} }
private Connection chConnection() throws SQLException { private Connection chConnection() throws SQLException {
return DriverManager.getConnection(props.clickhouseUrl()); return DriverManager.getConnection(props.clickhouseUrl(), props.clickhouseUser(), props.clickhousePassword());
} }
} }

2
src/main/resources/application-local.yml
View File

@@ -22,4 +22,4 @@ cameleer:
logtoendpoint: http://localhost:3001 logtoendpoint: http://localhost:3001
serverendpoint: http://localhost:8081 serverendpoint: http://localhost:8081
provisioning: provisioning:
clickhouseurl: jdbc:clickhouse://localhost:8123/cameleer?user=default&password=cameleer_ch clickhouseurl: jdbc:clickhouse://localhost:8123/cameleer

4
src/main/resources/application.yml
View File

@@ -50,7 +50,9 @@ cameleer:
publichost: ${CAMELEER_SAAS_PROVISIONING_PUBLICHOST:localhost} publichost: ${CAMELEER_SAAS_PROVISIONING_PUBLICHOST:localhost}
publicprotocol: ${CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL:https} publicprotocol: ${CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL:https}
datasourceurl: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEURL:jdbc:postgresql://postgres:5432/cameleer3} datasourceurl: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEURL:jdbc:postgresql://postgres:5432/cameleer3}
clickhouseurl: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL:jdbc:clickhouse://clickhouse:8123/cameleer?user=default&password=cameleer_ch} clickhouseurl: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL:jdbc:clickhouse://clickhouse:8123/cameleer}
clickhouseuser: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEUSER:default}
clickhousepassword: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEPASSWORD:${CLICKHOUSE_PASSWORD:cameleer_ch}}
oidcissueruri: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost}/oidc oidcissueruri: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost}/oidc
oidcjwkseturi: http://logto:3001/oidc/jwks oidcjwkseturi: http://logto:3001/oidc/jwks
corsorigins: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost} corsorigins: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost}