From 0e504517159ab0d6eb325ce38e0cc2320b7394c7 Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Thu, 28 Dec 2023 08:46:47 +1000
Subject: [PATCH] fixing up the integration script (#2392)

---
 .github/workflows/debian_package_kanidm.yml  | 19 +++++----
 .github/workflows/kanidm_individual_book.yml |  2 +-
 scripts/setup_dev_environment.sh             | 45 ++++++++------------
 3 files changed, 28 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/debian_package_kanidm.yml b/.github/workflows/debian_package_kanidm.yml
index 451c59015..5e49ef9f1 100644
--- a/.github/workflows/debian_package_kanidm.yml
+++ b/.github/workflows/debian_package_kanidm.yml
@@ -18,12 +18,14 @@ jobs:
     strategy:
       matrix:
         image:
-          - ubuntu:22.04
-          - debian:12
+          - name: ubuntu
+            version: 22.04
+          - name: debian
+            version: 12
       fail-fast: false
     runs-on: ubuntu-latest
     container:
-      image: ${{ matrix.image }}
+      image: "${{ matrix.image.name }}:${{ matrix.image.version }}"
       env:
         DEBIAN_FRONTEND: noninteractive
     steps:
@@ -45,10 +47,11 @@ jobs:
         run: cargo install wasm-pack
       - name: Build packages (kanidm-unixd)
         run: make -f platform/debian/Makefile debs/kanidm-unixd
+
       - name: Upload debs
         uses: actions/upload-artifact@v4
         with:
-          name: ubuntu-packages
+          name: "${{ matrix.image.name }}${{ matrix.image.version }}"
           path: |
             target/*.deb
   upload-to-releases:
@@ -59,19 +62,17 @@ jobs:
     name: Upload to releases
     needs: build-deb-package
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
     steps:
       - name: Download previously built debs
         uses: actions/download-artifact@v4
-        with:
-          name: ubuntu-packages
       - name: List packages
         run: |
-          ls
+          find $(pwd) -name '*.deb'
       - uses: "marvinpinto/action-automatic-releases@latest"
         with:
           repo_token: "${{ secrets.GITHUB_TOKEN }}"
           automatic_release_tag: "debs"
           prerelease: true
           title: ".deb Packages"
-          files: "*.deb"
\ No newline at end of file
+          files: "*.deb"
+        if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
\ No newline at end of file
diff --git a/.github/workflows/kanidm_individual_book.yml b/.github/workflows/kanidm_individual_book.yml
index 34261aab4..bbfcf2771 100644
--- a/.github/workflows/kanidm_individual_book.yml
+++ b/.github/workflows/kanidm_individual_book.yml
@@ -80,7 +80,7 @@ jobs:
         # https://github.com/actions/upload-artifact
         uses: actions/upload-artifact@v4
         with:
-          name: individual
+          name: "individual${{inputs.tag }}"
           path: ${{inputs.tag }}.tar.gz
         env:
           ACTIONS_RUNNER_DEBUG: true
diff --git a/scripts/setup_dev_environment.sh b/scripts/setup_dev_environment.sh
index 48aa2384b..1ced838c3 100755
--- a/scripts/setup_dev_environment.sh
+++ b/scripts/setup_dev_environment.sh
@@ -83,76 +83,65 @@ if [ "${REMOVE_TEST_DB}" -eq 1 ]; then
     rm /tmp/kanidm/kanidm.db || true
 fi
 
-echo "Resetting the admin user..."
-${KANIDMD} recover-account admin -o json 2>&1
-ADMIN_PASS_STR="$(${KANIDMD} recover-account admin -o json 2>&1)"
-ADMIN_PASS=$(echo "${ADMIN_PASS_STR}" | rg password | jq -r .password)
-if [ -z "${ADMIN_PASS}" ] || [ "${ADMIN_PASS}" == "null " ]; then
-    echo "Failed to reset admin password!"
-    echo "${ADMIN_PASS_STR}"
-    exit 1
-fi
+IDM_ADMIN_USER="idm_admin@localhost"
+
 
-echo "admin pass: '${ADMIN_PASS}'"
 echo "Resetting the idm_admin user..."
 IDM_ADMIN_PASS=$(${KANIDMD} recover-account idm_admin -o json 2>&1 | rg password | jq -r .password)
 if [ -z "${IDM_ADMIN_PASS}" ] || [ "${IDM_ADMIN_PASS}" == "null " ]; then
-    echo "Failed to reset admin password!"
+    echo "Failed to reset idm_admin password!"
     exit 1
 fi
 echo "idm_admin pass: '${IDM_ADMIN_PASS}'"
 
-echo "login with admin"
-${KANIDM} login -D admin --password "${ADMIN_PASS}"
 echo "login with idm_admin"
-${KANIDM} login -D idm_admin --password "${IDM_ADMIN_PASS}"
+${KANIDM} login -D "${IDM_ADMIN_USER}" --password "${IDM_ADMIN_PASS}"
 
 # create group test_users
-${KANIDM} group create "${TEST_GROUP}" -D idm_admin
+${KANIDM} group create "${TEST_GROUP}" -D "${IDM_ADMIN_USER}"
 
 # create testuser (person)
-${KANIDM} person create "${TEST_USER_NAME}" "${TEST_USER_DISPLAY}" -D idm_admin
+${KANIDM} person create "${TEST_USER_NAME}" "${TEST_USER_DISPLAY}" -D "${IDM_ADMIN_USER}"
 
 echo "Adding ${TEST_USER_NAME} to ${TEST_GROUP}"
-${KANIDM} group add-members "${TEST_GROUP}" "${TEST_USER_NAME}" -D idm_admin
+${KANIDM} group add-members "${TEST_GROUP}" "${TEST_USER_NAME}" -D "${IDM_ADMIN_USER}"
 
 echo "Enable experimental UI for admin idm_admin ${TEST_USER_NAME}"
-${KANIDM} group add-members idm_ui_enable_experimental_features admin idm_admin "${TEST_USER_NAME}" -D idm_admin
+${KANIDM} group add-members idm_ui_enable_experimental_features "${IDM_ADMIN_USER}" "${TEST_USER_NAME}" -D "${IDM_ADMIN_USER}"
 
 # create oauth2 rp for kanidm.com
 echo "Creating the kanidm.com OAuth2 RP"
-${KANIDM} system oauth2 create "kanidm_com" "Kanidm.com" "https://kanidm.com" -D admin
+${KANIDM} system oauth2 create "kanidm_com" "Kanidm.com" "https://kanidm.com" -D "${IDM_ADMIN_USER}"
 echo "Creating the kanidm.com OAuth2 RP Scope Map"
-${KANIDM} system oauth2 update-scope-map "kanidm_com" "${TEST_GROUP}" openid -D admin
+${KANIDM} system oauth2 update-scope-map "kanidm_com" "${TEST_GROUP}" openid -D "${IDM_ADMIN_USER}"
 echo "Creating the kanidm.com OAuth2 RP Supplemental Scope Map"
-${KANIDM} system oauth2 update-sup-scope-map "kanidm_com" "${TEST_GROUP}" admin -D admin
+${KANIDM} system oauth2 update-sup-scope-map "kanidm_com" "${TEST_GROUP}" admin -D "${IDM_ADMIN_USER}"
 
 
 # create oauth2 rp for localhost:10443 - for oauth2 proxy testing
 echo "Creating the ${OAUTH2_RP_ID} OAuth2 RP"
-${KANIDM} system oauth2 create "${OAUTH2_RP_ID}" "${OAUTH2_RP_DISPLAY}" "https://localhost:10443" -D admin
+${KANIDM} system oauth2 create "${OAUTH2_RP_ID}" "${OAUTH2_RP_DISPLAY}" "https://localhost:10443" -D "${IDM_ADMIN_USER}"
 echo "Creating the ${OAUTH2_RP_ID} OAuth2 RP Scope Map - Group ${TEST_GROUP}"
-${KANIDM} system oauth2 update-scope-map "${OAUTH2_RP_ID}" "${TEST_GROUP}" openid -D admin
+${KANIDM} system oauth2 update-scope-map "${OAUTH2_RP_ID}" "${TEST_GROUP}" openid -D "${IDM_ADMIN_USER}"
 echo "Creating the ${OAUTH2_RP_ID} OAuth2 RP Supplemental Scope Map"
-${KANIDM} system oauth2 update-sup-scope-map "${OAUTH2_RP_ID}" "${TEST_GROUP}" admin -D admin
+${KANIDM} system oauth2 update-sup-scope-map "${OAUTH2_RP_ID}" "${TEST_GROUP}" admin -D "${IDM_ADMIN_USER}"
 
 echo "Creating the OAuth2 RP Secondary Supplemental Crab-baite Scope Map.... wait, no that's not a thing."
 
 echo "Checking the OAuth2 RP Exists"
-${KANIDM} system oauth2 list -D admin | rg -A10 "${OAUTH2_RP_ID}"
+${KANIDM} system oauth2 list -D "${IDM_ADMIN_USER}" | rg -A10 "${OAUTH2_RP_ID}"
 
 # config auth2
 echo "Pulling secret for the ${OAUTH2_RP_ID} OAuth2 RP"
-OAUTH2_SECRET="$(${KANIDM} system oauth2 show-basic-secret -o json "${OAUTH2_RP_ID}" -D admin)"
+OAUTH2_SECRET="$(${KANIDM} system oauth2 show-basic-secret -o json "${OAUTH2_RP_ID}" -D "${IDM_ADMIN_USER}")"
 echo "${OAUTH2_SECRET}"
 
 echo "Creating cred reset link for ${TEST_USER_NAME}"
-${KANIDM} person credential create-reset-token "${TEST_USER_NAME}" -D idm_admin
+${KANIDM} person credential create-reset-token "${TEST_USER_NAME}" -D "${IDM_ADMIN_USER}"
 
 echo "Done!"
 
 echo "###################################"
-echo "admin password:     ${ADMIN_PASS}"
 echo "idm_admin password: ${IDM_ADMIN_PASS}"
 echo "UI URL:             ${KANIDM_URL}"
 echo "OAuth2 RP ID:       ${OAUTH2_RP_ID}"