nocci/gnutaler-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gnutaler-docker/scripts/provision-bank-user.sh
nocci baf1505cd8 Make helper scripts executable
2025-12-11 16:13:24 +00:00

77 lines
2.5 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# Provision LibEuFin bank users, debit limits and tokens via docker compose.
# Reads .env if present, then uses docker compose exec inside the bank container.
set -euo pipefail
if [[ -f ".env" ]]; then
set -a
# shellcheck disable=SC1091
source ".env"
set +a
fi
COMPOSE_CMD="${COMPOSE_CMD:-docker compose}"
BANK_SERVICE="${BANK_SERVICE:-bank}"
BANK_CONFIG="${BANK_CONFIG:-/etc/libeufin/bank.conf}"
USER="${LIBEUFIN_USER:-demogeld}"
USER_PASSWORD="${LIBEUFIN_USER_PASSWORD:-}"
DEBIT_THRESHOLD="${LIBEUFIN_DEBIT_THRESHOLD:-DEMOGELD:1000000}"
TOKEN_USER="${LIBEUFIN_MERCHANT_USER:-demogeldbank}"
TOKEN_PASSWORD="${LIBEUFIN_MERCHANT_PASSWORD:-}"
TOKEN_SCOPE="${LIBEUFIN_MERCHANT_SCOPE:-readwrite}"
TOKEN_DURATION="${LIBEUFIN_MERCHANT_TOKEN_DURATION:-forever}"
TOKEN_OUTPUT="${TOKEN_OUTPUT:-bank/token-info.txt}"
ensure_user() {
echo "Ensuring bank user '${USER}' exists (password will be set if provided)..."
if ! ${COMPOSE_CMD} exec -T "${BANK_SERVICE}" libeufin-bank users add "${USER}" --password "${USER_PASSWORD}" -c "${BANK_CONFIG}" >/tmp/libeufin-users-add.log 2>&1; then
if grep -qi "already exists" /tmp/libeufin-users-add.log; then
echo "User ${USER} already exists; proceeding."
else
echo "Failed to add user ${USER}:"
cat /tmp/libeufin-users-add.log
exit 1
fi
fi
echo "Setting debit threshold ${DEBIT_THRESHOLD} for ${USER}..."
${COMPOSE_CMD} exec -T "${BANK_SERVICE}" libeufin-bank edit-account "${USER}" \
--debit_threshold "${DEBIT_THRESHOLD}" -c "${BANK_CONFIG}"
}
provision_token() {
echo "Creating token for user '${TOKEN_USER}' (scope=${TOKEN_SCOPE}, duration=${TOKEN_DURATION})..."
local token_output
token_output="$(${COMPOSE_CMD} exec -T "${BANK_SERVICE}" libeufin-bank create-token \
-c "${BANK_CONFIG}" \
--user="${TOKEN_USER}" \
--scope="${TOKEN_SCOPE}" \
--duration="${TOKEN_DURATION}")"
echo "Token response:"
echo "${token_output}"
mkdir -p "$(dirname "${TOKEN_OUTPUT}")"
{
echo "# Generated $(date -Is)"
echo "USER=${TOKEN_USER}"
echo "SCOPE=${TOKEN_SCOPE}"
echo "DURATION=${TOKEN_DURATION}"
echo "${token_output}"
} > "${TOKEN_OUTPUT}"
echo "Token saved to ${TOKEN_OUTPUT}"
}
main() {
if [[ -z "${USER_PASSWORD}" || -z "${TOKEN_PASSWORD}" ]]; then
echo "Warning: LIBEUFIN_USER_PASSWORD or LIBEUFIN_MERCHANT_PASSWORD not set; user/token may be created without password enforcement." >&2
fi
ensure_user
provision_token
echo "Done."
}
main "$@"
Reference in a new issue View git blame Copy permalink