minor fixes

Signed-off-by: Shahbaz Nazir <shahbaz@bigchaindb.com>

k8s/configuration/config-map.yaml

@@ -92,6 +92,9 @@ data:
   # it will use the default cache size; i.e. max((50% RAM - 1GB), 256MB)
   storage-engine-cache-size: ""
 
+  # POST API authorization mode [threescale | secrete-token]
+  authorization-mode: "threescale"
+
 ---
 apiVersion: v1
 kind: ConfigMap

k8s/nginx-https/container/nginx.conf.template

@@ -57,9 +57,6 @@ http {
   map $remote_addr $bdb_backend {
     default BIGCHAINDB_BACKEND_HOST;
   }
-  map $remote_addr $openresty_backend {
-    default OPENRESTY_BACKEND_HOST;
-  }
 
   # Frontend server for the external clients; acts as HTTPS termination point.
   server {
@@ -116,7 +113,7 @@ http {
         return 403;
       }
 
-      # POST requests get forwarded to OpenResty instance. Enable CORS too.
+      # POST requests get forwarded to BDB.
       if ($request_method = POST ) {}
         proxy_pass http://$bdb_backend:BIGCHAINDB_API_PORT;
       }

k8s/nginx-https/container/nginx_entrypoint.bash

@@ -1,6 +1,10 @@
 #!/bin/bash
 set -euo pipefail
 
+# Authorization Modes
+threescale_auth_mode="threescale"
+secret_token_auth_mode="secret-token"
+
 # Cluster vars
 cluster_fqdn=`printenv CLUSTER_FQDN`
 cluster_frontend_port=`printenv CLUSTER_FRONTEND_PORT`
@@ -49,7 +53,7 @@ if [[ -z "${cluster_frontend_port:?CLUSTER_FRONTEND_PORT not specified. Exiting!
       -z "${tm_pub_key_access_port:?TM_PUB_KEY_ACCESS_PORT not specified. Exiting!}" || \
       -z "${tm_backend_host:?TM_BACKEND_HOST not specified. Exiting!}" || \
       -z "${tm_p2p_port:?TM_P2P_PORT not specified. Exiting!}" || \
-      -z "${authorization_mode:-threescale}" ]]; then
+      -z "${authorization_mode:-threescale_auth_mode}" ]]; then # Set the default authorization mode to threescale
   echo "Missing required environment variables. Exiting!"
   exit 1
 else
@@ -70,13 +74,17 @@ else
   echo TM_P2P_PORT="$tm_p2p_port"
 fi
 
-# Set Default nginx config file
-NGINX_CONF_FILE=/etc/nginx/nginx-threescale.conf
-
-if [[ ${authorization_mode} == "secret-header" ]]; then
+if [[ ${authorization_mode} == ${secret_token_auth_mode} ]]; then
   NGINX_CONF_FILE=/etc/nginx/nginx.conf
   secret_access_token=`printenv SECRET_ACCESS_TOKEN`
   sed -i "s|SECRET_ACCESS_TOKEN|${secret_token_header}|g"
+elif [[ ${authorization_mode} == ${threescale_auth_mode} ]]; then
+  NGINX_CONF_FILE=/etc/nginx/nginx-threescale.conf
+  sed -i "s|OPENRESTY_BACKEND_PORT|${openresty_backend_port}|g" ${NGINX_CONF_FILE}
+  sed -i "s|OPENRESTY_BACKEND_HOST|${openresty_backend_host}|g" ${NGINX_CONF_FILE}
+else
+  echo "Unrecognised authorization mode: ${authorization_mode}. Exiting!"
+  exit 1
 fi
 
 # configure the nginx.conf file with env variables
@@ -85,8 +93,6 @@ sed -i "s|CLUSTER_FRONTEND_PORT|${cluster_frontend_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|MONGODB_FRONTEND_PORT|${mongo_frontend_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|MONGODB_BACKEND_HOST|${mongo_backend_host}|g" ${NGINX_CONF_FILE}
 sed -i "s|MONGODB_BACKEND_PORT|${mongo_backend_port}|g" ${NGINX_CONF_FILE}
-sed -i "s|OPENRESTY_BACKEND_PORT|${openresty_backend_port}|g" ${NGINX_CONF_FILE}
-sed -i "s|OPENRESTY_BACKEND_HOST|${openresty_backend_host}|g" ${NGINX_CONF_FILE}
 sed -i "s|BIGCHAINDB_BACKEND_HOST|${bdb_backend_host}|g" ${NGINX_CONF_FILE}
 sed -i "s|BIGCHAINDB_API_PORT|${bdb_api_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|BIGCHAINDB_WS_PORT|${bdb_ws_port}|g" ${NGINX_CONF_FILE}

k8s/nginx-https/nginx-https-dep.yaml

@@ -85,6 +85,11 @@ spec:
             configMapKeyRef:
               name: tendermint-config
               key: tm-p2p-port
+        - name: AUTHORIZATION_MODE
+          valueFrom:
+            configMapKeyRef:
+              name: vars
+              key: authorization-mode
         ports:
         # return a pretty error message on port 80, since we are expecting
         # HTTPS traffic.