284 task create bootstrap scripts for thunder

scripts/thunder/02-sample-resources.sh

@@ -0,0 +1 @@
+echo "Overwriting the default sample resources creation script with empty content..."

scripts/utils/thunder-auth.sh

@@ -10,7 +10,7 @@
 # Usage:
 #   source "$(dirname "$0")/../utils/thunder-auth.sh"
 #   thunder_authenticate "$THUNDER_HOST" "$THUNDER_PORT"
-#   # Now you can use: $SAMPLE_APP_ID, $BEARER_TOKEN
+#   # Now you can use: $DEVELOP_APP_ID, $BEARER_TOKEN
 #
 #   thunder_get_org_unit "$THUNDER_HOST" "$THUNDER_PORT" "$BEARER_TOKEN" "silver"
 #   # Now you can use: $ORG_UNIT_ID
@@ -24,19 +24,20 @@ RED="\033[0;31m"
 NC="\033[0m" # No Color
 
 # ============================================
-# Function: Extract Sample App ID from Thunder setup logs
+# Function: Extract DEVELOP App ID from Thunder setup logs
 # ============================================
-thunder_get_sample_app_id() {
-    local sample_app_id
-    sample_app_id=$(docker logs thunder-setup 2>&1 | grep 'Sample App ID:' | head -n1 | grep -o '[a-f0-9-]\{36\}')
+thunder_get_develop_app_id() {
+    local develop_app_id
+    # Look for DEVELOP_APP_ID in logs (handles both "DEVELOP_APP_ID:" and "[INFO] DEVELOP_APP_ID:" formats)
+    develop_app_id=$(docker logs thunder-setup 2>&1 | grep -i 'DEVELOP_APP_ID' | head -n1 | grep -o '[a-f0-9-]\{36\}')
 
-    if [ -z "$sample_app_id" ]; then
-        echo -e "${RED}✗ Failed to extract Sample App ID from Thunder setup logs${NC}" >&2
+    if [ -z "$develop_app_id" ]; then
+        echo -e "${RED}✗ Failed to extract DEVELOP_APP_ID from Thunder setup logs${NC}" >&2
         echo "Please ensure Thunder setup container has completed successfully." >&2
         return 1
     fi
 
-    echo "$sample_app_id"
+    echo "$develop_app_id"
     return 0
 }
 
@@ -49,7 +50,7 @@ thunder_get_sample_app_id() {
 # Returns:
 #   0 on success, 1 on failure
 # Exports:
-#   SAMPLE_APP_ID - The application ID extracted from logs
+#   DEVELOP_APP_ID - The application ID extracted from logs
 #   BEARER_TOKEN - The authentication token
 # ============================================
 thunder_authenticate() {
@@ -63,24 +64,24 @@ thunder_authenticate() {
 
     echo -e "${YELLOW}Authenticating with Thunder...${NC}"
 
-    # Step 1: Extract Sample App ID
-    echo "  - Extracting Sample App ID from Thunder setup logs..."
-    SAMPLE_APP_ID=$(thunder_get_sample_app_id)
+    # Step 1: Extract DEVELOP App ID
+    echo "  - Extracting DEVELOP_APP_ID from Thunder setup logs..."
+    DEVELOP_APP_ID=$(thunder_get_develop_app_id)
 
-    if [ $? -ne 0 ] || [ -z "$SAMPLE_APP_ID" ]; then
-        echo -e "${RED}✗ Failed to extract Sample App ID${NC}" >&2
+    if [ $? -ne 0 ] || [ -z "$DEVELOP_APP_ID" ]; then
+        echo -e "${RED}✗ Failed to extract DEVELOP_APP_ID${NC}" >&2
         return 1
     fi
 
-    echo -e "${GREEN}  ✓ Sample App ID extracted: $SAMPLE_APP_ID${NC}"
+    echo -e "${GREEN}  ✓ DEVELOP_APP_ID extracted: $DEVELOP_APP_ID${NC}"
 
     # Step 2: Start authentication flow (get flowId)
     echo "  - Starting authentication flow..."
     local start_response
     start_response=$(curl -s -w "\n%{http_code}" -X POST \
         "https://${thunder_host}:${thunder_port}/flow/execute" \
         -H "Content-Type: application/json" \
-        -d "{\"applicationId\":\"${SAMPLE_APP_ID}\",\"flowType\":\"AUTHENTICATION\"}")
+        -d "{\"applicationId\":\"${DEVELOP_APP_ID}\",\"flowType\":\"AUTHENTICATION\"}")
 
     local start_body
     local start_status
@@ -132,7 +133,7 @@ thunder_authenticate() {
     echo -e "${GREEN}  ✓ Authentication successful${NC}"
 
     # Export variables for use in calling script
-    export SAMPLE_APP_ID
+    export DEVELOP_APP_ID
     export FLOW_ID
     export BEARER_TOKEN
 

services/.env.example

@@ -1,6 +1,10 @@
 # Rspamd web UI password
 RSPAMD_PASSWORD=your_secure_password
 
+# Thunder admin credentials (used during initial setup)
+THUNDER_ADMIN_USERNAME=admin
+THUNDER_ADMIN_PASSWORD=admin
+
 # Public IP of this mail server
 MAIL_SERVER_IP=
 

services/docker-compose.yaml

@@ -66,11 +66,16 @@ services:
     environment:
       - SOCKETMAP_HOST=0.0.0.0
       - SOCKETMAP_PORT=9100
-      # THUNDER_SAMPLE_APP_ID not required - auto-extracted from thunder-setup logs
+      # THUNDER_DEVELOP_APP_ID not required - auto-extracted from thunder-setup logs
       - THUNDER_HOST=thunder-server
       - THUNDER_PORT=8090
       - CACHE_TTL_SECONDS=300
       - TOKEN_REFRESH_SECONDS=3300
+    depends_on:
+      thunder-setup:
+        condition: service_completed_successfully
+      thunder:
+        condition: service_started
     healthcheck:
       test: ["CMD", "nc", "-z", "localhost", "9100"]
       interval: 10s
@@ -175,7 +180,7 @@ services:
 
   # Initialize database from the image
   thunder-db-init:
-    image: ghcr.io/asgardeo/thunder:0.22.0
+    image: ghcr.io/asgardeo/thunder:0.24.0
     container_name: thunder-db-init
     command: sh -c "cp -r /opt/thunder/repository/database/* /data/"
     volumes:
@@ -184,20 +189,25 @@ services:
 
   # Run setup once with the shared database
   thunder-setup:
-    image: ghcr.io/asgardeo/thunder:0.22.0
+    image: ghcr.io/asgardeo/thunder:0.24.0
     container_name: thunder-setup
     command: ./setup.sh
     volumes:
       - thunder-db:/opt/thunder/repository/database
       - ./silver-config/thunder/deployment.yaml:/opt/thunder/repository/conf/deployment.yaml:ro
+      - ./../scripts/thunder/01-default-resources.sh:/opt/thunder/bootstrap/01-default-resources.sh
+      - ./../scripts/thunder/02-sample-resources.sh:/opt/thunder/bootstrap/02-sample-resources.sh
+    environment:
+      - THUNDER_ADMIN_USERNAME=${THUNDER_ADMIN_USERNAME:-admin}
+      - THUNDER_ADMIN_PASSWORD=${THUNDER_ADMIN_PASSWORD:-admin}
     depends_on:
       thunder-db-init:
         condition: service_completed_successfully
     restart: "no"
 
   # Run Thunder server with the shared database
   thunder:
-    image: ghcr.io/asgardeo/thunder:0.22.0
+    image: ghcr.io/asgardeo/thunder:0.24.0
     container_name: thunder-server
     depends_on:
       thunder-setup:

services/socketmap/internal/thunder/auth.go

@@ -18,11 +18,11 @@ var (
 	thunderAuthMutex sync.RWMutex
 )
 
-// getSampleAppIDFromThunderSetup extracts Sample App ID from thunder-setup container
-func getSampleAppIDFromThunderSetup() (string, error) {
-	log.Printf("  │ Extracting Sample App ID from thunder-setup container...")
+// getDevelopAppIDFromThunderSetup extracts DEVELOP App ID from thunder-setup container
+func getDevelopAppIDFromThunderSetup() (string, error) {
+	log.Printf("  │ Extracting DEVELOP_APP_ID from thunder-setup container...")
 
-	// Execute: docker logs thunder-setup 2>&1 | grep 'Sample App ID:' | head -n1
+	// Execute: docker logs thunder-setup 2>&1 | grep 'DEVELOP_APP_ID:' | head -n1
 	cmd := exec.Command("docker", "logs", "thunder-setup")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -38,52 +38,54 @@ func getSampleAppIDFromThunderSetup() (string, error) {
 		log.Printf("  │   - Running inside a container without Docker socket")
 	}
 
-	// Search for "Sample App ID:" in logs (case-insensitive)
+	// Search for "DEVELOP_APP_ID:" in logs
+	// Log format: [INFO] DEVELOP_APP_ID: 019cdc47-3537-74ee-951e-3f50e48786ab
 	lines := strings.Split(string(output), "\n")
 	for _, line := range lines {
-		if strings.Contains(line, "Sample App ID:") {
+		// Look for line containing DEVELOP_APP_ID (case-insensitive)
+		if strings.Contains(line, "DEVELOP_APP_ID") || strings.Contains(line, "develop_app_id") {
 			// Extract UUID pattern: [a-f0-9-]{36}
 			re := regexp.MustCompile(`[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}`)
 			match := re.FindString(line)
 			if match != "" {
-				log.Printf("  │ ✓ Sample App ID extracted: %s", match)
+				log.Printf("  │ ✓ DEVELOP_APP_ID extracted: %s", match)
 				return match, nil
 			}
 		}
 	}
 
-	return "", fmt.Errorf("Sample App ID not found in thunder-setup logs")
+	return "", fmt.Errorf("DEVELOP_APP_ID not found in thunder-setup logs")
 }
 
 // Authenticate performs the full authentication flow with Thunder IDP
 func Authenticate(host, port string, tokenRefreshSeconds int) (*Auth, error) {
 	log.Printf("  ┌─ Thunder Authentication ─────────")
 
-	// Step 1: Get Sample App ID
-	sampleAppID := os.Getenv("THUNDER_SAMPLE_APP_ID")
+	// Step 1: Get DEVELOP App ID
+	developAppID := os.Getenv("THUNDER_DEVELOP_APP_ID")
 
-	if sampleAppID != "" {
-		log.Printf("  │ Using Sample App ID from environment variable")
-		log.Printf("  │ Sample App ID: %s", sampleAppID)
+	if developAppID != "" {
+		log.Printf("  │ Using DEVELOP App ID from environment variable")
+		log.Printf("  │ DEVELOP_APP_ID: %s", developAppID)
 	} else {
-		log.Printf("  │ THUNDER_SAMPLE_APP_ID not set")
+		log.Printf("  │ THUNDER_DEVELOP_APP_ID not set")
 		log.Printf("  │ Attempting to extract from thunder-setup container logs...")
 
 		var err error
-		sampleAppID, err = getSampleAppIDFromThunderSetup()
+		developAppID, err = getDevelopAppIDFromThunderSetup()
 		if err != nil {
-			log.Printf("  │ ✗ Failed to extract Sample App ID: %v", err)
+			log.Printf("  │ ✗ Failed to extract DEVELOP_APP_ID: %v", err)
 			log.Printf("  │")
 			log.Printf("  │ Please ensure Thunder setup container has completed successfully")
 			log.Printf("  │")
 			log.Printf("  │ To fix this issue:")
 			log.Printf("  │ 1. Check thunder-setup logs: docker logs thunder-setup")
 			log.Printf("  │ 2. Extract App ID manually and set environment:")
-			log.Printf("  │    export THUNDER_SAMPLE_APP_ID=$(docker logs thunder-setup 2>&1 | grep 'Sample App ID:' | grep -o '[a-f0-9-]\\{36\\}')")
+			log.Printf("  │    export THUNDER_DEVELOP_APP_ID=$(docker logs thunder-setup 2>&1 | grep 'DEVELOP_APP_ID:' | grep -o '[a-f0-9-]\\{36\\}')")
 			log.Printf("  │ 3. Or if running in Docker, mount the Docker socket:")
 			log.Printf("  │    volumes: ['/var/run/docker.sock:/var/run/docker.sock']")
 			log.Printf("  └───────────────────────────────────")
-			return nil, fmt.Errorf("failed to get Sample App ID: %w", err)
+			return nil, fmt.Errorf("failed to get DEVELOP App ID: %w", err)
 		}
 	}
 
@@ -93,7 +95,7 @@ func Authenticate(host, port string, tokenRefreshSeconds int) (*Auth, error) {
 	// Step 2: Start authentication flow
 	log.Printf("  │ Starting authentication flow...")
 	flowPayload := map[string]interface{}{
-		"applicationId": sampleAppID,
+		"applicationId": developAppID,
 		"flowType":      "AUTHENTICATION",
 	}
 	flowData, err := json.Marshal(flowPayload)
@@ -164,7 +166,7 @@ func Authenticate(host, port string, tokenRefreshSeconds int) (*Auth, error) {
 	log.Printf("  └───────────────────────────────────")
 
 	auth := &Auth{
-		SampleAppID:  sampleAppID,
+		DevelopAppID:  developAppID,
 		FlowID:       flowResp.FlowID,
 		BearerToken:  authResp.Assertion,
 		ExpiresAt:    time.Now().Add(time.Duration(tokenRefreshSeconds) * time.Second),

services/socketmap/internal/thunder/types.go

@@ -6,7 +6,7 @@ import (
 
 // Auth holds Thunder authentication state
 type Auth struct {
-	SampleAppID  string
+	DevelopAppID  string
 	FlowID       string
 	BearerToken  string
 	ExpiresAt    time.Time

services/socketmap/main.go

@@ -20,16 +20,37 @@ func main() {
 	// Load configuration
 	cfg := config.Load()
 
-	// Authenticate with Thunder at startup
+	// Authenticate with Thunder at startup with retry logic
 	log.Println("┌─ Thunder Authentication ─────────")
-	auth, err := thunder.Authenticate(cfg.ThunderHost, cfg.ThunderPort, cfg.TokenRefreshSeconds)
+
+	var auth *thunder.Auth
+	var err error
+	maxRetries := 5
+	retryDelay := 2 * time.Second
+
+	for attempt := 1; attempt <= maxRetries; attempt++ {
+		if attempt > 1 {
+			log.Printf("│ Retry attempt %d/%d (waiting %v)...", attempt, maxRetries, retryDelay)
+			time.Sleep(retryDelay)
+			retryDelay *= 2 // Exponential backoff
+		}
+
+		auth, err = thunder.Authenticate(cfg.ThunderHost, cfg.ThunderPort, cfg.TokenRefreshSeconds)
+		if err == nil {
+			thunder.SetAuth(auth)
+			log.Println("└───────────────────────────────────")
+			break
+		}
+
+		if attempt < maxRetries {
+			log.Printf("│ ⚠ Authentication attempt %d failed: %v", attempt, err)
+		}
+	}
+
 	if err != nil {
-		log.Printf("│ ⚠ Initial authentication failed: %v", err)
+		log.Printf("│ ⚠ Initial authentication failed after %d attempts: %v", maxRetries, err)
 		log.Printf("│ Service will attempt to authenticate on first request")
 		log.Println("└───────────────────────────────────")
-	} else {
-		thunder.SetAuth(auth)
-		log.Println("└───────────────────────────────────")
 	}
 	log.Println("")