From 67c148c0111ff8d472ae547a2b0f8d2965b8c99f Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+agile-test@users.noreply.github.com> Date: Tue, 25 May 2021 09:56:01 -0700 Subject: [PATCH 01/23] Create README.md --- digitalocean-app-platform/README.md | 74 +++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 digitalocean-app-platform/README.md diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md new file mode 100644 index 0000000..3265324 --- /dev/null +++ b/digitalocean-app-platform/README.md @@ -0,0 +1,74 @@ +# Deploying the 1Password SCIM bridge using DigitalOcean App Platform +This document will describe how to deploy the 1Password SCIM bridge using DigitalOcean's App Platform. + +## Deployment Overview +App Platform is DigitalOcean's new fully managed solution for deploying applications via a code repository. The idea is that there is less of +a focus on the containers and their setup in a given environment, and more of a focus on deploying the application for immediate access. After testing +the deployment of the SCIM bridge with App Platform, it is now being added as a deployment option for those using DigitalOcean to host the SCIM bridge. + +Deploying the SCIM bridge with App Platform comes with a few benefits: +* App Platform will provide and host the URL for your SCIM bridge; you will not need to setup an A record or prepare a name for a URL as noted in [PREPARATION.md](https://github.com/1Password/scim-examples/blob/master/PREPARATION.md) +* App Platfom will host the SCIM application for a low cost of $5/mo. An additional $5/mo or $6/mo will be utilized for the Droplet created for the Redis container. +* There's no need to manage the container that the SCIM bridge will be running on. + + +## Preparation and Deployment +To get started with deploying the SCIM bridge using App Platform, you'll need: + +* Access to your organization's DigitalOcean tenant. +* Access to your organization's Github account in order to fork this repository. +* Access to create a Droplet for Redis in your organization's DigitalOcean tenant. + + +### Step One: Setting up your Redis Droplet + +Before you deploy the SCIM bridge application using App Platform, a redis database must be created first, so that you can add the connection details for your database to the application at setup. + +To create a Droplet: + +* Under Manage in the left-hand navigation menu, select Droplet or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Droplet. +* Choose an image for your container. +* Choose a plan for your Droplet. (The Basic (shared CPU) tier is sufficient, but choose what's best for your organization) +* Choose a datacenter region. +* Under Finalize and Create, you will only need 1 Droplet. +* Once you've configured the other settings on this page to your liking, click Create Droplet. + +Once the creation process of your Droplet is complete: + +* Click on the hostname of your new container from your list of Droplets. +* Click on Console. (ensure that the credentials for your image are set and that you can log into the container) +* At this point, you will want to install redis on your Droplet. DigitalOcean provides detailed documentaion on how to install redis on each of its provided images. Documentation can be found [here](https://www.digitalocean.com/community/tutorial_collections/how-to-install-and-secure-redis) +* For the ```Binding to Localhost``` step in the redis documentation, you will want to ensure that you allow all connections initially, so that the SCIM application can make a connection to your Droplet. After the successful deployment of your SCIM application, you can lock down access to your redis Droplet, ensuring that your SCIM application only has access to that Droplet. + +### Step Two: Building and Deploying using App Platform + +Now that a redis Droplet has been created, you can start the deployment process of the SCIM application. + +* Under Manage in the left-hand navigation menu, select Apps or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Apps. +* Select Launch Your App on the splash page. If you've already started using Apps, select Create App in the top right corner of the page. +* Choose Github as your source. (You may be prompted to walk through an authorization process for your Github account and your DigitalOcean tenant) +* Choose the repository that contains the files for the DigitalOcean App Platform deployment. +* Choose the corresponding branch. +* You can choose to allow or deny Autodeploy code changes. +* Click ```Next```. +* To configure your app, you will want to set two environment variables: ```OP_REDIS_URL``` and ```OP_SESSION```. + * ```OP_REDIS_URL``` should contain the following: redis://[ip or hostname of redis Droplet]:6379 + * ```OP_SESSION``` should contain the base64 encoded version of your scimsession file. Run the following command to generate the scimsession: cat /path/to/scimsession| base64 | tr -d "\n" + * You've successfully run the command when the base64 encoded version of your scimsession is returned in the terminal. Copy and paste the contents and paste them as the value of the OP_SESSION variable. (Do not copy the % sign at the end of the contents) +* Set the HTTP port for the app to 3002. +* Click ```Next```. +* Name your application. +* Select a region for the application/container. +* Click ```Next```. +* The Basic tier of the App Platform is suffient enough for the SCIM bridge. +* Under Containers, the ```Basic Size``` is defaulted to the ```1 GB RAM | 1 vCPU``` option, however the ```512 MB RAM | 1 vCPU``` option is sufficient for this deployment. +* ```Number of Containers``` should be set to 1. +* Select ```Launch Basic App```. +* The App will begin the build and deploy process. Once complete, you should receive an alert of Deployed Successfully and the URL for the SCIM bridge will be made available on the Apps Dashboard. (You may need to refresh your page if the URL is not yet visible at this point) +* Click the URL link and enter the bearer token for your SCIM bridge to start Provisioning tasks. +* Ensure that you add the provided URL and the bearer token to your IdP of choice as well. + + +You can also deploy your application using this Deploy to DigitalOcean button below, which is a quick link that will start the process of Step Two: + +[![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg) From 0ef8a1e1229ff6aecaacc3370991c3dd507b182c Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 25 May 2021 10:01:16 -0700 Subject: [PATCH 02/23] Create Dockerfile Dockerfile containing SCIM image --- digitalocean-app-platform/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 digitalocean-app-platform/Dockerfile diff --git a/digitalocean-app-platform/Dockerfile b/digitalocean-app-platform/Dockerfile new file mode 100644 index 0000000..76bc940 --- /dev/null +++ b/digitalocean-app-platform/Dockerfile @@ -0,0 +1,2 @@ +# syntax=docker/dockerfile:experimental +FROM 1password/scim From 7a5032b10e1eca5595c4f95755bf7cfaf9daba08 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 25 May 2021 10:03:10 -0700 Subject: [PATCH 03/23] Create deploy.template.yaml yaml template needed for the Deploy to DigitalOcean to be functional. --- digitalocean-app-platform/.do/deploy.template.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 digitalocean-app-platform/.do/deploy.template.yaml diff --git a/digitalocean-app-platform/.do/deploy.template.yaml b/digitalocean-app-platform/.do/deploy.template.yaml new file mode 100644 index 0000000..e6b3a6c --- /dev/null +++ b/digitalocean-app-platform/.do/deploy.template.yaml @@ -0,0 +1,7 @@ +spec: + name: sample-golang + services: + - name: web + git: + branch: main + repo_clone_url: https://github.com/1Password/scim-examples/digitalocean-app-platform From 8d62de7a0db12ea85a96d27f48b64bab4a721c31 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Wed, 26 May 2021 07:33:15 -0700 Subject: [PATCH 04/23] Update README.md --- digitalocean-app-platform/README.md | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 3265324..7e88db5 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -20,9 +20,9 @@ To get started with deploying the SCIM bridge using App Platform, you'll need: * Access to create a Droplet for Redis in your organization's DigitalOcean tenant. -### Step One: Setting up your Redis Droplet +### Step One: Setting up Redis -Before you deploy the SCIM bridge application using App Platform, a redis database must be created first, so that you can add the connection details for your database to the application at setup. +Before you deploy the SCIM bridge application using App Platform, a redis database must be created first, so that you can add the connection details for your database to the application at setup. There are two options for setting up a redis database: creating a Droplet in DigitalOcean and installing redis onto it or using DigitalOcean's Managed Redis database solution. To create a Droplet: @@ -40,6 +40,22 @@ Once the creation process of your Droplet is complete: * At this point, you will want to install redis on your Droplet. DigitalOcean provides detailed documentaion on how to install redis on each of its provided images. Documentation can be found [here](https://www.digitalocean.com/community/tutorial_collections/how-to-install-and-secure-redis) * For the ```Binding to Localhost``` step in the redis documentation, you will want to ensure that you allow all connections initially, so that the SCIM application can make a connection to your Droplet. After the successful deployment of your SCIM application, you can lock down access to your redis Droplet, ensuring that your SCIM application only has access to that Droplet. +If you prefer to use DigitalOcean's Managed Redis Database solution: + +* Under Manage in the left-hand navigation menu, select ```Databases``` or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Databases. +* Choose Redis as your Database Engine. +* Under Choose your Configuration, leaving the ```Machine Type``` set to the ```Basic Nodes``` option is sufficient. +* Choose a Datacenter. +* Once you've configured the other settings on this page to your liking, click Create a Database Cluster. + +Once the creation process of your managed database is complete: + +* Click on the hostname of your new container from your list of managed databases. +* In the top right corner, click on the ```Actions``` dropdown menu and select ```Connection details```. +* Under the ```Public Network``` settings, you will need to take note of the hostname as well as the provided port number. +* You can secure your database's inbound connections using DigitalOcean's ```Getting Started``` tutorial or by selecting ```Secure this database cluster by restricting access``` under the ```Trusted Sources``` section on the Overview page. You will want to complete this step after you've successfully deployed the application in Step Two, so that you can add the ip address of the application's container to that section. + + ### Step Two: Building and Deploying using App Platform Now that a redis Droplet has been created, you can start the deployment process of the SCIM application. @@ -52,7 +68,8 @@ Now that a redis Droplet has been created, you can start the deployment process * You can choose to allow or deny Autodeploy code changes. * Click ```Next```. * To configure your app, you will want to set two environment variables: ```OP_REDIS_URL``` and ```OP_SESSION```. - * ```OP_REDIS_URL``` should contain the following: redis://[ip or hostname of redis Droplet]:6379 + * If you are using a Droplet, ```OP_REDIS_URL``` should contain the following: redis://[ip or hostname of redis Droplet]:6379 + * If you are using DigitalOcean's managed database solution, ```OP_REDIS_URL``` should contain the following: redis://[ip or hostname of redis Droplet]:[provided port number] * ```OP_SESSION``` should contain the base64 encoded version of your scimsession file. Run the following command to generate the scimsession: cat /path/to/scimsession| base64 | tr -d "\n" * You've successfully run the command when the base64 encoded version of your scimsession is returned in the terminal. Copy and paste the contents and paste them as the value of the OP_SESSION variable. (Do not copy the % sign at the end of the contents) * Set the HTTP port for the app to 3002. From af7f4c9c2d3225629f6d378f16eec1413e3ab8ca Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Thu, 3 Jun 2021 13:20:06 -0700 Subject: [PATCH 05/23] Update README.md --- digitalocean-app-platform/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 7e88db5..d6e4a2a 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -2,8 +2,8 @@ This document will describe how to deploy the 1Password SCIM bridge using DigitalOcean's App Platform. ## Deployment Overview -App Platform is DigitalOcean's new fully managed solution for deploying applications via a code repository. The idea is that there is less of -a focus on the containers and their setup in a given environment, and more of a focus on deploying the application for immediate access. After testing +App Platform is DigitalOcean's new, fully managed solution for deploying applications via a code repository. The idea behind App platform is that there is less of +a focus on the manual management of containers in a given environment, and more of a focus on deploying applications for immediate access. After testing the deployment of the SCIM bridge with App Platform, it is now being added as a deployment option for those using DigitalOcean to host the SCIM bridge. Deploying the SCIM bridge with App Platform comes with a few benefits: @@ -46,7 +46,7 @@ If you prefer to use DigitalOcean's Managed Redis Database solution: * Choose Redis as your Database Engine. * Under Choose your Configuration, leaving the ```Machine Type``` set to the ```Basic Nodes``` option is sufficient. * Choose a Datacenter. -* Once you've configured the other settings on this page to your liking, click Create a Database Cluster. +* Once you've configured the other settings on this page to your liking, click ```Create a Database Cluster```. Once the creation process of your managed database is complete: @@ -81,11 +81,11 @@ Now that a redis Droplet has been created, you can start the deployment process * Under Containers, the ```Basic Size``` is defaulted to the ```1 GB RAM | 1 vCPU``` option, however the ```512 MB RAM | 1 vCPU``` option is sufficient for this deployment. * ```Number of Containers``` should be set to 1. * Select ```Launch Basic App```. -* The App will begin the build and deploy process. Once complete, you should receive an alert of Deployed Successfully and the URL for the SCIM bridge will be made available on the Apps Dashboard. (You may need to refresh your page if the URL is not yet visible at this point) +* The App will begin the build and deploy process. Once complete, you should receive an alert that states ```Deployed Successfully``` and the URL for the SCIM bridge will be made available on the Apps Dashboard. (You may need to refresh your page if the URL is not yet visible at this point) * Click the URL link and enter the bearer token for your SCIM bridge to start Provisioning tasks. -* Ensure that you add the provided URL and the bearer token to your IdP of choice as well. +* Ensure that you add the provided URL and the bearer token to your IdP of choice. -You can also deploy your application using this Deploy to DigitalOcean button below, which is a quick link that will start the process of Step Two: +You can also deploy your application using the Deploy to DigitalOcean button below, which is a quick link that will start the process of Step Two: [![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg) From e3b6f9287a319ef0817e65c21a8386b7be0cc277 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Fri, 4 Jun 2021 11:23:06 -0700 Subject: [PATCH 06/23] Update README.md --- digitalocean-app-platform/README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index d6e4a2a..e44b2d9 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -2,9 +2,6 @@ This document will describe how to deploy the 1Password SCIM bridge using DigitalOcean's App Platform. ## Deployment Overview -App Platform is DigitalOcean's new, fully managed solution for deploying applications via a code repository. The idea behind App platform is that there is less of -a focus on the manual management of containers in a given environment, and more of a focus on deploying applications for immediate access. After testing -the deployment of the SCIM bridge with App Platform, it is now being added as a deployment option for those using DigitalOcean to host the SCIM bridge. Deploying the SCIM bridge with App Platform comes with a few benefits: * App Platform will provide and host the URL for your SCIM bridge; you will not need to setup an A record or prepare a name for a URL as noted in [PREPARATION.md](https://github.com/1Password/scim-examples/blob/master/PREPARATION.md) From 29d5f344f89f83f254ec73c86d2b547b168fbca3 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Mon, 7 Jun 2021 07:55:00 -0700 Subject: [PATCH 07/23] Update deploy.template.yaml --- digitalocean-app-platform/.do/deploy.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/.do/deploy.template.yaml b/digitalocean-app-platform/.do/deploy.template.yaml index e6b3a6c..44f858b 100644 --- a/digitalocean-app-platform/.do/deploy.template.yaml +++ b/digitalocean-app-platform/.do/deploy.template.yaml @@ -1,5 +1,5 @@ spec: - name: sample-golang + name: scim services: - name: web git: From 245ce082e16c9c1670c3b2b60f30004961704b6b Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Mon, 7 Jun 2021 07:59:46 -0700 Subject: [PATCH 08/23] Update deploy.template.yaml --- digitalocean-app-platform/.do/deploy.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/.do/deploy.template.yaml b/digitalocean-app-platform/.do/deploy.template.yaml index 44f858b..b7ddaf1 100644 --- a/digitalocean-app-platform/.do/deploy.template.yaml +++ b/digitalocean-app-platform/.do/deploy.template.yaml @@ -4,4 +4,4 @@ spec: - name: web git: branch: main - repo_clone_url: https://github.com/1Password/scim-examples/digitalocean-app-platform + repo_clone_url: https://github.com/1Password/scim-examples.git From 925ac2ee6fdc69d5ed379244a4648dd4d46c14ea Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Mon, 7 Jun 2021 08:03:18 -0700 Subject: [PATCH 09/23] Update README.md --- digitalocean-app-platform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index e44b2d9..f143cf7 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -85,4 +85,4 @@ Now that a redis Droplet has been created, you can start the deployment process You can also deploy your application using the Deploy to DigitalOcean button below, which is a quick link that will start the process of Step Two: -[![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg) +[![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg)](https://cloud.digitalocean.com/apps/new?repo=https://github.com/1Password/scim-examples/tree/digitalocean-app-platform) From 3e7e1b117a30862d0da4a6f9afd2a88fed492021 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Mon, 7 Jun 2021 08:58:38 -0700 Subject: [PATCH 10/23] Update deploy.template.yaml --- digitalocean-app-platform/.do/deploy.template.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/digitalocean-app-platform/.do/deploy.template.yaml b/digitalocean-app-platform/.do/deploy.template.yaml index b7ddaf1..1db4d24 100644 --- a/digitalocean-app-platform/.do/deploy.template.yaml +++ b/digitalocean-app-platform/.do/deploy.template.yaml @@ -4,4 +4,5 @@ spec: - name: web git: branch: main - repo_clone_url: https://github.com/1Password/scim-examples.git + repo_clone_url: https://github.com/1Password/scim-examples/digitalocean-app-platform.git + dockerfile_path: Dockerfile From e582072a7c73801743de8362d8e3b0389d57930e Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Mon, 7 Jun 2021 10:11:34 -0700 Subject: [PATCH 11/23] Update README.md --- digitalocean-app-platform/README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index f143cf7..1bf0d96 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -82,7 +82,3 @@ Now that a redis Droplet has been created, you can start the deployment process * Click the URL link and enter the bearer token for your SCIM bridge to start Provisioning tasks. * Ensure that you add the provided URL and the bearer token to your IdP of choice. - -You can also deploy your application using the Deploy to DigitalOcean button below, which is a quick link that will start the process of Step Two: - -[![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg)](https://cloud.digitalocean.com/apps/new?repo=https://github.com/1Password/scim-examples/tree/digitalocean-app-platform) From f66946444827c18741e117772ce8322abbe50b2b Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 07:50:53 -0700 Subject: [PATCH 12/23] Update deploy.template.yaml --- digitalocean-app-platform/.do/deploy.template.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/digitalocean-app-platform/.do/deploy.template.yaml b/digitalocean-app-platform/.do/deploy.template.yaml index 1db4d24..576be8a 100644 --- a/digitalocean-app-platform/.do/deploy.template.yaml +++ b/digitalocean-app-platform/.do/deploy.template.yaml @@ -1,8 +1,12 @@ spec: name: scim services: - - name: web - git: - branch: main - repo_clone_url: https://github.com/1Password/scim-examples/digitalocean-app-platform.git - dockerfile_path: Dockerfile + - dockerfile_path: /digitalocean-app-platform/Dockerfile + github: + branch: digitalocean-app-platform + deploy_on_push: true + repo: 1Password/scim-examples + name: scim + routes: + - path: / + source_dir: /digitalocean-app-platform From 09072b0dd367d66fb8cc827632864394ce8fd398 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 09:01:43 -0700 Subject: [PATCH 13/23] Update README.md --- digitalocean-app-platform/README.md | 42 +++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 1bf0d96..6682618 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -5,7 +5,7 @@ This document will describe how to deploy the 1Password SCIM bridge using Digita Deploying the SCIM bridge with App Platform comes with a few benefits: * App Platform will provide and host the URL for your SCIM bridge; you will not need to setup an A record or prepare a name for a URL as noted in [PREPARATION.md](https://github.com/1Password/scim-examples/blob/master/PREPARATION.md) -* App Platfom will host the SCIM application for a low cost of $5/mo. An additional $5/mo or $6/mo will be utilized for the Droplet created for the Redis container. +* App Platfom will host the SCIM application for a low cost of $5/mo. An additional $5/mo or $6/mo will be utilized for the Droplet created for the Redis container. *If you will be using a managed redis database, an additional $15/mo will be charged.* * There's no need to manage the container that the SCIM bridge will be running on. @@ -21,7 +21,7 @@ To get started with deploying the SCIM bridge using App Platform, you'll need: Before you deploy the SCIM bridge application using App Platform, a redis database must be created first, so that you can add the connection details for your database to the application at setup. There are two options for setting up a redis database: creating a Droplet in DigitalOcean and installing redis onto it or using DigitalOcean's Managed Redis database solution. -To create a Droplet: +#### To create a Droplet: * Under Manage in the left-hand navigation menu, select Droplet or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Droplet. * Choose an image for your container. @@ -37,7 +37,7 @@ Once the creation process of your Droplet is complete: * At this point, you will want to install redis on your Droplet. DigitalOcean provides detailed documentaion on how to install redis on each of its provided images. Documentation can be found [here](https://www.digitalocean.com/community/tutorial_collections/how-to-install-and-secure-redis) * For the ```Binding to Localhost``` step in the redis documentation, you will want to ensure that you allow all connections initially, so that the SCIM application can make a connection to your Droplet. After the successful deployment of your SCIM application, you can lock down access to your redis Droplet, ensuring that your SCIM application only has access to that Droplet. -If you prefer to use DigitalOcean's Managed Redis Database solution: +#### If you prefer to use DigitalOcean's Managed Redis Database solution: * Under Manage in the left-hand navigation menu, select ```Databases``` or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Databases. * Choose Redis as your Database Engine. @@ -55,7 +55,11 @@ Once the creation process of your managed database is complete: ### Step Two: Building and Deploying using App Platform -Now that a redis Droplet has been created, you can start the deployment process of the SCIM application. +Now that a redis Droplet has been created, you can start the deployment process of the SCIM application. Be sure that you have forked this repo before continuing: + + +#### Setting up the forked repo: + * Under Manage in the left-hand navigation menu, select Apps or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Apps. * Select Launch Your App on the splash page. If you've already started using Apps, select Create App in the top right corner of the page. @@ -64,21 +68,37 @@ Now that a redis Droplet has been created, you can start the deployment process * Choose the corresponding branch. * You can choose to allow or deny Autodeploy code changes. * Click ```Next```. -* To configure your app, you will want to set two environment variables: ```OP_REDIS_URL``` and ```OP_SESSION```. + +***NOTE**: DigitalOcean will notify you that it cannot find an app in the repo. This is due to the fact that App Platform expects the Dockerfile to be located at the root of the repo. In this case, the Dockerfile is located in the ```digitalocean-app-platform``` directory and we need to specify that source directory in App Platform.* + +* Add ```digitalocean-app-platform``` after the ```/``` in the Source Directory field and select ```Find Directory``` + + + +#### App Configuration: + + +* To configure your app, you will need to set two environment variables: ```OP_REDIS_URL``` and ```OP_SESSION```. * If you are using a Droplet, ```OP_REDIS_URL``` should contain the following: redis://[ip or hostname of redis Droplet]:6379 * If you are using DigitalOcean's managed database solution, ```OP_REDIS_URL``` should contain the following: redis://[ip or hostname of redis Droplet]:[provided port number] - * ```OP_SESSION``` should contain the base64 encoded version of your scimsession file. Run the following command to generate the scimsession: cat /path/to/scimsession| base64 | tr -d "\n" - * You've successfully run the command when the base64 encoded version of your scimsession is returned in the terminal. Copy and paste the contents and paste them as the value of the OP_SESSION variable. (Do not copy the % sign at the end of the contents) -* Set the HTTP port for the app to 3002. + * ```OP_SESSION``` should contain the base64 encoded version of your scimsession file. Run the following command in a terminal to generate the scimsession in a base64 encoded format: ```cat /path/to/scimsession| base64 | tr -d "\n"``` + * The base64 encoded version of your scimsession should be returned in the terminal. Copy and paste the contents and paste them as the value of the OP_SESSION variable. (Do not copy the ```%``` sign at the end of the contents.) +* Set the HTTP port for the app to ```3002```. * Click ```Next```. * Name your application. * Select a region for the application/container. * Click ```Next```. -* The Basic tier of the App Platform is suffient enough for the SCIM bridge. + + + +#### Selecting Your Tier & Deployment: + + +* The Basic tier of App Platform is suffient enough for the SCIM bridge. * Under Containers, the ```Basic Size``` is defaulted to the ```1 GB RAM | 1 vCPU``` option, however the ```512 MB RAM | 1 vCPU``` option is sufficient for this deployment. * ```Number of Containers``` should be set to 1. * Select ```Launch Basic App```. -* The App will begin the build and deploy process. Once complete, you should receive an alert that states ```Deployed Successfully``` and the URL for the SCIM bridge will be made available on the Apps Dashboard. (You may need to refresh your page if the URL is not yet visible at this point) +* The App will begin the build and deploy process. Once complete, you should receive an alert that states ```Deployed Successfully``` and the URL for the SCIM bridge will be made available on the ```Apps Dashboard```. (You may need to refresh your page if the URL is not yet visible at this point) * Click the URL link and enter the bearer token for your SCIM bridge to start Provisioning tasks. -* Ensure that you add the provided URL and the bearer token to your IdP of choice. +* Ensure that you add the provided URL and the bearer token to your IdP. From 95fb5109d88b326a0f97e0639567dd2df710565b Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 09:37:55 -0700 Subject: [PATCH 14/23] Update README.md --- digitalocean-app-platform/README.md | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 6682618..982c22e 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -91,14 +91,33 @@ Now that a redis Droplet has been created, you can start the deployment process -#### Selecting Your Tier & Deployment: +#### Selecting Your Tier: * The Basic tier of App Platform is suffient enough for the SCIM bridge. * Under Containers, the ```Basic Size``` is defaulted to the ```1 GB RAM | 1 vCPU``` option, however the ```512 MB RAM | 1 vCPU``` option is sufficient for this deployment. * ```Number of Containers``` should be set to 1. * Select ```Launch Basic App```. -* The App will begin the build and deploy process. Once complete, you should receive an alert that states ```Deployed Successfully``` and the URL for the SCIM bridge will be made available on the ```Apps Dashboard```. (You may need to refresh your page if the URL is not yet visible at this point) -* Click the URL link and enter the bearer token for your SCIM bridge to start Provisioning tasks. -* Ensure that you add the provided URL and the bearer token to your IdP. + + + +#### Deployment: + + +* The App will begin the build and deploy process but the build will fail. This is related to the Dockerfile not being located at the root of the repo as mentioned earlier. Although the ```dockerfile_path``` is correctly specified in the ```deploy.template.yaml``` file, this is only provided to DigitalOcean's app detection system and not the build system. + +In order to provide the build system with the correct path: + +* Click on Settings from the Apps Dashboard. +* Scroll down to App Spec. +* Download the App Spec. +* Edit the file by updating the ```dockerfile_path``` value to ```/digitalocean-app-platform/Dockerfile``` +* Upload your file by clicking the ```Upload``` button in the App Spec section. + +**The build process will automatically restart from here.** + +* Once complete, you should receive an alert that states ```Deployed Successfully``` and the URL for the SCIM bridge will be made available on the ```Apps Dashboard```. (You may need to refresh your page if the URL is not yet visible at this point) +* Ensure that you add the provided URL and the bearer token to your IdP and test the connection. +* Click the URL link and enter the bearer token for your SCIM bridge to start Provisioning tasks. + From 698209319a66f464f8cdc04bd2ccb72fa7cc3fe3 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 09:44:26 -0700 Subject: [PATCH 15/23] Update README.md --- digitalocean-app-platform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 982c22e..cd0d874 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -116,7 +116,7 @@ In order to provide the build system with the correct path: **The build process will automatically restart from here.** -* Once complete, you should receive an alert that states ```Deployed Successfully``` and the URL for the SCIM bridge will be made available on the ```Apps Dashboard```. (You may need to refresh your page if the URL is not yet visible at this point) +* Once complete, you should be notified that the app ```Deployed Successfully``` and the URL for the SCIM bridge will be made available on the ```Apps Dashboard```. (You may need to refresh your page if the URL is not yet visible at this point) * Ensure that you add the provided URL and the bearer token to your IdP and test the connection. * Click the URL link and enter the bearer token for your SCIM bridge to start Provisioning tasks. From b652d1bb93b8b96a6e7bfb2ee6051020c20de34a Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 09:48:12 -0700 Subject: [PATCH 16/23] Update README.md --- digitalocean-app-platform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index cd0d874..4a7e88e 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -5,7 +5,7 @@ This document will describe how to deploy the 1Password SCIM bridge using Digita Deploying the SCIM bridge with App Platform comes with a few benefits: * App Platform will provide and host the URL for your SCIM bridge; you will not need to setup an A record or prepare a name for a URL as noted in [PREPARATION.md](https://github.com/1Password/scim-examples/blob/master/PREPARATION.md) -* App Platfom will host the SCIM application for a low cost of $5/mo. An additional $5/mo or $6/mo will be utilized for the Droplet created for the Redis container. *If you will be using a managed redis database, an additional $15/mo will be charged.* +* App Platfom will host the SCIM application for a low cost of $5/mo. An additional cost will be applied for setting up redis. * There's no need to manage the container that the SCIM bridge will be running on. From f837ba0b5ddd93110589c057c29091673bfd11f2 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 09:50:37 -0700 Subject: [PATCH 17/23] Update README.md --- digitalocean-app-platform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 4a7e88e..74c9301 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -91,7 +91,7 @@ Now that a redis Droplet has been created, you can start the deployment process -#### Selecting Your Tier: +#### Selecting a Tier: * The Basic tier of App Platform is suffient enough for the SCIM bridge. From 5942f43dc77506db94e03e1a255b8593d67b9f59 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 09:51:13 -0700 Subject: [PATCH 18/23] Update README.md --- digitalocean-app-platform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 74c9301..ee4c7ac 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -94,7 +94,7 @@ Now that a redis Droplet has been created, you can start the deployment process #### Selecting a Tier: -* The Basic tier of App Platform is suffient enough for the SCIM bridge. +* The Basic tier of App Platform is suffient for the SCIM bridge. * Under Containers, the ```Basic Size``` is defaulted to the ```1 GB RAM | 1 vCPU``` option, however the ```512 MB RAM | 1 vCPU``` option is sufficient for this deployment. * ```Number of Containers``` should be set to 1. * Select ```Launch Basic App```. From d16fc4b44329f0030f5052385342af73adb76794 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 10:02:25 -0700 Subject: [PATCH 19/23] Update README.md --- digitalocean-app-platform/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index ee4c7ac..1c62d18 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -111,8 +111,9 @@ In order to provide the build system with the correct path: * Click on Settings from the Apps Dashboard. * Scroll down to App Spec. * Download the App Spec. -* Edit the file by updating the ```dockerfile_path``` value to ```/digitalocean-app-platform/Dockerfile``` +* Edit the file by updating the ```dockerfile_path``` value to ```/digitalocean-app-platform/Dockerfile``` and save it. * Upload your file by clicking the ```Upload``` button in the App Spec section. +* Select Replace **The build process will automatically restart from here.** From a754a196e91177c10af1b8225d864b43775c3b07 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 11:41:12 -0700 Subject: [PATCH 20/23] Update deploy.template.yaml --- digitalocean-app-platform/.do/deploy.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/.do/deploy.template.yaml b/digitalocean-app-platform/.do/deploy.template.yaml index 576be8a..e748310 100644 --- a/digitalocean-app-platform/.do/deploy.template.yaml +++ b/digitalocean-app-platform/.do/deploy.template.yaml @@ -3,7 +3,7 @@ spec: services: - dockerfile_path: /digitalocean-app-platform/Dockerfile github: - branch: digitalocean-app-platform + branch: main deploy_on_push: true repo: 1Password/scim-examples name: scim From 3d3fad9395a89489989cafe10768c2f1335197e3 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Tue, 8 Jun 2021 11:41:51 -0700 Subject: [PATCH 21/23] Update README.md --- digitalocean-app-platform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 1c62d18..2364b9e 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -65,7 +65,7 @@ Now that a redis Droplet has been created, you can start the deployment process * Select Launch Your App on the splash page. If you've already started using Apps, select Create App in the top right corner of the page. * Choose Github as your source. (You may be prompted to walk through an authorization process for your Github account and your DigitalOcean tenant) * Choose the repository that contains the files for the DigitalOcean App Platform deployment. -* Choose the corresponding branch. +* Choose the ```main``` branch. * You can choose to allow or deny Autodeploy code changes. * Click ```Next```. From 9137fd293d4f3fa72338e35b237f417357e5312a Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Mon, 14 Jun 2021 07:14:00 -0700 Subject: [PATCH 22/23] Update README.md --- digitalocean-app-platform/README.md | 38 ++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 2364b9e..4a4ea38 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -5,7 +5,7 @@ This document will describe how to deploy the 1Password SCIM bridge using Digita Deploying the SCIM bridge with App Platform comes with a few benefits: * App Platform will provide and host the URL for your SCIM bridge; you will not need to setup an A record or prepare a name for a URL as noted in [PREPARATION.md](https://github.com/1Password/scim-examples/blob/master/PREPARATION.md) -* App Platfom will host the SCIM application for a low cost of $5/mo. An additional cost will be applied for setting up redis. +* App Platfom will host the SCIM bridge for a low cost of $5/mo. An additional cost will be applied for setting up redis. * There's no need to manage the container that the SCIM bridge will be running on. @@ -14,34 +14,34 @@ To get started with deploying the SCIM bridge using App Platform, you'll need: * Access to your organization's DigitalOcean tenant. * Access to your organization's Github account in order to fork this repository. -* Access to create a Droplet for Redis in your organization's DigitalOcean tenant. +* Access to create a Droplet for redis in your organization's DigitalOcean tenant. -### Step One: Setting up Redis +### Step One: Setting up redis -Before you deploy the SCIM bridge application using App Platform, a redis database must be created first, so that you can add the connection details for your database to the application at setup. There are two options for setting up a redis database: creating a Droplet in DigitalOcean and installing redis onto it or using DigitalOcean's Managed Redis database solution. +Before you deploy the SCIM bridge using App Platform, a redis database must be created first. There are two options for setting up a redis database: creating a Droplet in DigitalOcean and installing redis onto it or using DigitalOcean's Managed redis database solution. #### To create a Droplet: -* Under Manage in the left-hand navigation menu, select Droplet or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Droplet. +* Under ```Manage``` in the left-hand navigation menu, select ```Droplet``` or select the ```Create``` dropdown menu in the top right corner of your DigitalOcean tenant and select ```Droplet```. * Choose an image for your container. -* Choose a plan for your Droplet. (The Basic (shared CPU) tier is sufficient, but choose what's best for your organization) +* Choose a plan for your Droplet. (The Basic (shared CPU) tier is sufficient, but choose what's best for your organization.) * Choose a datacenter region. -* Under Finalize and Create, you will only need 1 Droplet. -* Once you've configured the other settings on this page to your liking, click Create Droplet. +* Under ```Finalize and Create```, you will only need 1 Droplet. +* Once you've configured the other settings on this page to your liking, click ```Create Droplet```. Once the creation process of your Droplet is complete: * Click on the hostname of your new container from your list of Droplets. -* Click on Console. (ensure that the credentials for your image are set and that you can log into the container) -* At this point, you will want to install redis on your Droplet. DigitalOcean provides detailed documentaion on how to install redis on each of its provided images. Documentation can be found [here](https://www.digitalocean.com/community/tutorial_collections/how-to-install-and-secure-redis) -* For the ```Binding to Localhost``` step in the redis documentation, you will want to ensure that you allow all connections initially, so that the SCIM application can make a connection to your Droplet. After the successful deployment of your SCIM application, you can lock down access to your redis Droplet, ensuring that your SCIM application only has access to that Droplet. +* Click on ```Console```. (Ensure that the credentials for your image are set and that you can log into the container.) +* At this point, you will want to install redis on your Droplet. DigitalOcean provides detailed documentaion on how to install redis onto each of its provided images. Documentation can be found [here](https://www.digitalocean.com/community/tutorial_collections/how-to-install-and-secure-redis). +* For the ```Binding to Localhost``` step in the redis documentation, you will want to ensure that you allow all connections initially, so that the SCIM bridge can make a connection to your Droplet. After the successful deployment of your SCIM bridge, you can lock down access to your redis Droplet, ensuring that your SCIM bridge only has access to that Droplet. -#### If you prefer to use DigitalOcean's Managed Redis Database solution: +#### If you prefer to use DigitalOcean's Managed redis Database solution: -* Under Manage in the left-hand navigation menu, select ```Databases``` or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Databases. -* Choose Redis as your Database Engine. -* Under Choose your Configuration, leaving the ```Machine Type``` set to the ```Basic Nodes``` option is sufficient. +* Under ```Manage``` in the left-hand navigation menu, select ```Databases``` or select the ```Create``` dropdown menu in the top right corner of your DigitalOcean tenant and select ```Databases```. +* Choose redis as your Database Engine. +* Under ```Choose your Configuration```, leaving the ```Machine Type``` set to the ```Basic Nodes``` option is sufficient. * Choose a Datacenter. * Once you've configured the other settings on this page to your liking, click ```Create a Database Cluster```. @@ -50,19 +50,19 @@ Once the creation process of your managed database is complete: * Click on the hostname of your new container from your list of managed databases. * In the top right corner, click on the ```Actions``` dropdown menu and select ```Connection details```. * Under the ```Public Network``` settings, you will need to take note of the hostname as well as the provided port number. -* You can secure your database's inbound connections using DigitalOcean's ```Getting Started``` tutorial or by selecting ```Secure this database cluster by restricting access``` under the ```Trusted Sources``` section on the Overview page. You will want to complete this step after you've successfully deployed the application in Step Two, so that you can add the ip address of the application's container to that section. +* You can secure your database's inbound connections using DigitalOcean's ```Getting Started``` tutorial or by selecting ```Secure this database cluster by restricting access``` under the ```Trusted Sources``` section on the Overview page. You will want to complete this step after you've successfully deployed the SCIM bridge in Step Two, so that you can add the ip address of the SCIM bridge's container to that section. ### Step Two: Building and Deploying using App Platform -Now that a redis Droplet has been created, you can start the deployment process of the SCIM application. Be sure that you have forked this repo before continuing: +Now that a redis Droplet has been created, you can start the deployment process of the SCIM bridge. Be sure that you have forked this repo before continuing: #### Setting up the forked repo: -* Under Manage in the left-hand navigation menu, select Apps or select the Create dropdown menu in the top right corner of your DigitalOcean tenant and select Apps. -* Select Launch Your App on the splash page. If you've already started using Apps, select Create App in the top right corner of the page. +* Under ```Manage``` in the left-hand navigation menu, select ```Apps``` or select the ```Create``` dropdown menu in the top right corner of your DigitalOcean tenant and select Apps. +* Select ```Launch Your App``` on the splash page. If you've already started using Apps, select ```Create App``` in the top right corner of the page. * Choose Github as your source. (You may be prompted to walk through an authorization process for your Github account and your DigitalOcean tenant) * Choose the repository that contains the files for the DigitalOcean App Platform deployment. * Choose the ```main``` branch. From 835775c42c2961f327d7b7a3961041f872865522 Mon Sep 17 00:00:00 2001 From: dmjacks <82519452+dmjacks33@users.noreply.github.com> Date: Mon, 14 Jun 2021 07:14:59 -0700 Subject: [PATCH 23/23] Update README.md --- digitalocean-app-platform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digitalocean-app-platform/README.md b/digitalocean-app-platform/README.md index 4a4ea38..703bc5b 100644 --- a/digitalocean-app-platform/README.md +++ b/digitalocean-app-platform/README.md @@ -50,7 +50,7 @@ Once the creation process of your managed database is complete: * Click on the hostname of your new container from your list of managed databases. * In the top right corner, click on the ```Actions``` dropdown menu and select ```Connection details```. * Under the ```Public Network``` settings, you will need to take note of the hostname as well as the provided port number. -* You can secure your database's inbound connections using DigitalOcean's ```Getting Started``` tutorial or by selecting ```Secure this database cluster by restricting access``` under the ```Trusted Sources``` section on the Overview page. You will want to complete this step after you've successfully deployed the SCIM bridge in Step Two, so that you can add the ip address of the SCIM bridge's container to that section. +* You can secure your database's inbound connections using DigitalOcean's ```Getting Started``` tutorial or by selecting ```Secure this database cluster by restricting access``` under the ```Trusted Sources``` section on the Overview page. You will want to complete this step after you've successfully deployed the SCIM bridge in Step Two (below), so that you can add the ip address of the SCIM bridge's container to that section. ### Step Two: Building and Deploying using App Platform