[BUG] Non-POSIX compliant characters in .env

[CalebSpencer]

The .env file uses invalid variable names. Variables cannot have "-" in them.

To Reproduce

1. edit .env file as instructed in step-by-step.
2. run start.cmd, or "docker-compose config"
3. see error "invalid variable name "JWT-AUTHORITY" "

Expected behavior start.cmd starts OpenRMF, downloading necessary components.

Screenshots

Desktop (please complete the following information):

• OS: Windows 10.0.19043.0
• OpenRMF: 1.5.6
• Docker Desktop: 4.0.1

Additional context If the environment variables are changed to something that doesn't cause that error, like "JWT_AUTHORITY" (notice underscore), start.cmd will run, but when opening OpenRMF in the browser, one gets an error, as shown in the attached screenshots.

step-by-step.md says it's instructions were testing with Docker Desktop 2.x and onward. Does that include 4.x?

Related issues https://github.com/docker/metadata-action/issues/114 https://github.com/docker/build-push-action/issues/404

[Cingulara]

@CalebSpencer the JWT-AUTHORITY is an ENV in the code of all 9 of the APIs (shown here https://github.com/Cingulara/openrmf-docs/tree/master/architecture). So if that is not there exactly as entered, it will die and give you what you have in that screenshot. As it cannot find the JWT server (Keycloak for this) to validate the JWT the web UI sent on the API call. In the OpenRMF Professional version, we have a similar setup but I removed the dashes and just did all CAPS. So this will not pop up there.

If the "-" is killing it then it will kill it on a bunch of different services and all will have to be updated, versioned, released, tagged, tested, and deployed out for people.

I have Desktop 4.0.0 as I recently installed on my Mac but I will have to test it with OpenRMF OSS. If what you said is true, then this is a breaking change. And the .env file as well as all 9 or so of the APIs have to have their code updated and new images made. And the K8s helm chart will also have to be updated as well. That is not a quick 5 min fix for code or for testing. You are more than welcome to check out all the pieces and edit the files like this one https://github.com/Cingulara/openrmf-api-controls/blob/master/src/Startup.cs and look for the JWT piece. It can be done maybe over a weekend if you are familiar with the code.

There is also a bug that no one has given me yet that I know about. If you are on a disconnected network, running HTTPS (if you hide all behind NGINX proxy), and using self-signed certificates the JWT validation from the API back to Keycloak to ask "hey, is this JWT valid?" will fail as well as it does not know the SSL cert is valid. So that code is in the same area. We should fix both of them at the same time really.

[CalebSpencer]

Defining both JWT-AUTHORITY and JWT-CLIENT in each of the 9 API Containers in docker-compose.yml allows successful startup all the way to a usable OpenRMF page as a workaround.

[Cingulara]

So it just doesn’t like it in the environment file? That’s interesting OK thank you.

[CalebSpencer]

"Usable OpenRMF page" may have been too bold. I don't seem to have the ability to "add your first System or Upload your first checklist to get started." (notice the missing Upload tab) Is this an expected functionality in OpenRMF OSS?

[Cingulara]

Make sure you are an administrator by having the administrator role. You do that in the Keycloak setup for the openrmf realm. If you go to the :9001/auth/ URL and then login with the "admin" account for managing the users, you see the Users menu on the left. Click that and then the "View all users" button. Find whatever you made for your login and click that GUID link. Then for the Roles tab for that user, make sure Administrator is assigned.

Then log back in and try to find the "Add" button for the OpenRMF UI.

[CalebSpencer]

That makes plenty of sense. I should've thought of that. I now have the Upload tab. Thanks.

[Cingulara]

The .ENV issue is still an issue so I will need to plan for that and test it across all APIs and K8s before we make a breaking change.