cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use separate CH credentials, remove dead bootstrap code
Some checks failed
CI / build (push) Failing after 41s
Details
CI / docker (push) Has been skipped
Details

Browse Source 
- ClickHouse: pass user/password via ProvisioningProperties instead of
  baking into JDBC URLs. All consumers (InfrastructureService,
  TenantDataCleanupService, DockerTenantProvisioner) use the same source.
- Bootstrap: remove dead tenant config (CAMELEER_AUTH_TOKEN, t-default
  org, example tenant vars) — tenants are created dynamically by vendor.
- Bootstrap JSON: remove unused fields (tenantName, tenantSlug,
  bootstrapToken, tenantAdminUser, organizationId).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-12 14:12:42 +02:00
parent da4a263cd7
commit 96aa6579b0
7 changed files with 13 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docker/logto-bootstrap.sh
View File

@@ -27,13 +27,6 @@ API_RESOURCE_NAME="Cameleer SaaS API"
# Users (configurable via env vars)
SAAS_ADMIN_USER="${SAAS_ADMIN_USER:-admin}"
SAAS_ADMIN_PASS="${SAAS_ADMIN_PASS:-admin}"
TENANT_ADMIN_USER="${TENANT_ADMIN_USER:-camel}"
TENANT_ADMIN_PASS="${TENANT_ADMIN_PASS:-camel}"
# Tenant config
TENANT_NAME="Example Tenant"
TENANT_SLUG="default"
BOOTSTRAP_TOKEN="${CAMELEER_AUTH_TOKEN:-default-bootstrap-token}"
# Vendor seed (optional — creates saas-vendor role + vendor user)
VENDOR_SEED_ENABLED="${VENDOR_SEED_ENABLED:-false}"
@@ -474,16 +467,9 @@ if [ -n "$ADMIN_TENANT_USER_ID" ] && [ "$ADMIN_TENANT_USER_ID" != "null" ]; then
log "WARNING: admin tenant roles not found"
fi
# Add to t-default organization with admin role
admin_api_post "/api/organizations/t-default/users" "{\"userIds\": [\"$ADMIN_TENANT_USER_ID\"]}" >/dev/null 2>&1
TENANT_ADMIN_ORG_ROLE_ID=$(admin_api_get "/api/organization-roles" | jq -r '.[] | select(.name == "admin") | .id')
if [ -n "$TENANT_ADMIN_ORG_ROLE_ID" ] && [ "$TENANT_ADMIN_ORG_ROLE_ID" != "null" ]; then
admin_api_post "/api/organizations/t-default/users/$ADMIN_TENANT_USER_ID/roles" "{\"organizationRoleIds\": [\"$TENANT_ADMIN_ORG_ROLE_ID\"]}" >/dev/null 2>&1
log "Added to t-default organization with admin role."
fi
# Switch admin tenant sign-in mode from Register to SignIn (user already created)
# Switch sign-in mode from Register to SignIn (admin user already created)
admin_api_patch "/api/sign-in-exp" '{"signInMode": "SignIn"}' >/dev/null 2>&1
log "Set admin tenant sign-in mode to SignIn."
log "Set sign-in mode to SignIn."
log "SaaS admin granted Logto console access."
else
@@ -577,12 +563,7 @@ cat > "$BOOTSTRAP_FILE" <<EOF
"tradAppId": "$TRAD_ID",
"tradAppSecret": "$TRAD_SECRET",
"apiResourceIndicator": "$API_RESOURCE_INDICATOR",
"organizationId": "$ORG_ID",
"tenantName": "$TENANT_NAME",
"tenantSlug": "$TENANT_SLUG",
"bootstrapToken": "$BOOTSTRAP_TOKEN",
"platformAdminUser": "$SAAS_ADMIN_USER",
"tenantAdminUser": "$TENANT_ADMIN_USER",
"oidcIssuerUri": "${LOGTO_ENDPOINT}/oidc",
"oidcAudience": "$API_RESOURCE_INDICATOR"
}
@@ -680,7 +661,6 @@ if [ "$VENDOR_SEED_ENABLED" = "true" ]; then
[ -n "$ADMIN_USER_ROLE_ID" ] && [ "$ADMIN_USER_ROLE_ID" != "null" ] && V_ROLE_IDS=$(echo "$V_ROLE_IDS" | jq ". + [\"$ADMIN_USER_ROLE_ID\"]")
[ -n "$ADMIN_ROLE_ID" ] && [ "$ADMIN_ROLE_ID" != "null" ] && V_ROLE_IDS=$(echo "$V_ROLE_IDS" | jq ". + [\"$ADMIN_ROLE_ID\"]")
[ "$V_ROLE_IDS" != "[]" ] && admin_api_post "/api/users/$VENDOR_CONSOLE_USER_ID/roles" "{\"roleIds\": $V_ROLE_IDS}" >/dev/null 2>&1
admin_api_post "/api/organizations/t-default/users" "{\"userIds\": [\"$VENDOR_CONSOLE_USER_ID\"]}" >/dev/null 2>&1
log "Vendor granted Logto console access."
fi
else

4
src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java
View File

@@ -195,7 +195,9 @@ public class DockerTenantProvisioner implements TenantProvisioner {
"SPRING_DATASOURCE_URL=" + props.datasourceUrl(),
"SPRING_DATASOURCE_USERNAME=cameleer",
"SPRING_DATASOURCE_PASSWORD=cameleer_dev",
"CAMELEER_SERVER_CLICKHOUSE_URL=jdbc:clickhouse://clickhouse:8123/cameleer?user=default&password=cameleer_ch",
"CAMELEER_SERVER_CLICKHOUSE_URL=jdbc:clickhouse://clickhouse:8123/cameleer",
"CAMELEER_SERVER_CLICKHOUSE_USERNAME=" + props.clickhouseUser(),
"CAMELEER_SERVER_CLICKHOUSE_PASSWORD=" + props.clickhousePassword(),
"CAMELEER_SERVER_TENANT_ID=" + slug,
"CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN=" + req.licenseToken(),
"CAMELEER_SERVER_SECURITY_JWTSECRET=cameleer-dev-jwt-secret-change-in-production",

2
src/main/java/net/siegeln/cameleer/saas/provisioning/ProvisioningProperties.java
View File

@@ -12,6 +12,8 @@ public record ProvisioningProperties(
String publicProtocol,
String datasourceUrl,
String clickhouseUrl,
String clickhouseUser,
String clickhousePassword,
String oidcIssuerUri,
String oidcJwkSetUri,
String corsOrigins

2
src/main/java/net/siegeln/cameleer/saas/provisioning/TenantDataCleanupService.java
View File

@@ -60,7 +60,7 @@ public class TenantDataCleanupService {
return;
}
try (Connection conn = DriverManager.getConnection(url);
try (Connection conn = DriverManager.getConnection(url, props.clickhouseUser(), props.clickhousePassword());
Statement stmt = conn.createStatement()) {
// Find all tables with a tenant_id column

2
src/main/java/net/siegeln/cameleer/saas/vendor/InfrastructureService.java vendored
View File

@@ -275,6 +275,6 @@ public class InfrastructureService {
}
private Connection chConnection() throws SQLException {
return DriverManager.getConnection(props.clickhouseUrl());
return DriverManager.getConnection(props.clickhouseUrl(), props.clickhouseUser(), props.clickhousePassword());
}
}

2
src/main/resources/application-local.yml
View File

@@ -22,4 +22,4 @@ cameleer:
logtoendpoint: http://localhost:3001
serverendpoint: http://localhost:8081
provisioning:
clickhouseurl: jdbc:clickhouse://localhost:8123/cameleer?user=default&password=cameleer_ch
clickhouseurl: jdbc:clickhouse://localhost:8123/cameleer

4
src/main/resources/application.yml
View File

@@ -50,7 +50,9 @@ cameleer:
publichost: ${CAMELEER_SAAS_PROVISIONING_PUBLICHOST:localhost}
publicprotocol: ${CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL:https}
datasourceurl: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEURL:jdbc:postgresql://postgres:5432/cameleer3}
clickhouseurl: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL:jdbc:clickhouse://clickhouse:8123/cameleer?user=default&password=cameleer_ch}
clickhouseurl: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL:jdbc:clickhouse://clickhouse:8123/cameleer}
clickhouseuser: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEUSER:default}
clickhousepassword: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEPASSWORD:${CLICKHOUSE_PASSWORD:cameleer_ch}}
oidcissueruri: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost}/oidc
oidcjwkseturi: http://logto:3001/oidc/jwks
corsorigins: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost}