update tests

Author: skadefro

test/Audit.test.ts

@@ -29,7 +29,6 @@ import { Auth } from '../OpenFlow/src/Auth';
     async after() {
         await Config.db.shutdown();
         await Logger.otel.shutdown();
-        Auth.shutdown();
         // wtf.dump()
     }
     @test async 'reload'() {

test/Auth.test.ts

@@ -22,7 +22,6 @@ import { NoderedUtil, SigninMessage } from '@openiap/openflow-api';
     async after() {
         await Config.db.shutdown();
         await Logger.otel.shutdown();
-        Auth.shutdown();
     }
     @test async 'ValidateByPassword'() {
         await assert.rejects(async () => {
@@ -37,35 +36,6 @@ import { NoderedUtil, SigninMessage } from '@openiap/openflow-api';
         var user2 = await Auth.ValidateByPassword("testuser", "not-my-password", null);
         assert.strictEqual(user2, null, "Did not fail on wrong password")
     }
-    @test async 'getUser'() {
-        var user = await Auth.ValidateByPassword("testuser", "testuser", null);
-        await Auth.AddUser(user, user._id, "grafana");
-        await Auth.AddUser(user, user._id, "dashboard");
-        await Auth.AddUser(user, user._id, "cleanacl");
-
-        var grafanauser = Auth.getUser(user._id, "grafana");
-        assert.notStrictEqual(grafanauser, null, "Failed getting user from grafana cache")
-        var dashboarduser = Auth.getUser(user._id, "dashboard");
-        assert.notStrictEqual(dashboarduser, null, "Failed getting user from dashboard cache")
-
-        await Auth.RemoveUser(dashboarduser._id, "dashboard");
-        dashboarduser = Auth.getUser(dashboarduser._id, "dashboard");
-        assert.strictEqual(dashboarduser, null, "Failed removing user from dashboard cache")
-
-        var cleanacluser = Auth.getUser(user._id, "cleanacl");
-        assert.notStrictEqual(cleanacluser, null, "Failed getting user from cleanacl cache")
-
-        Config.grafana_credential_cache_seconds = 0;
-        // await new Promise(resolve => { setTimeout(resolve, 1500) })
-        var grafanauser = await Auth.getUser(user._id, "grafana");
-        assert.strictEqual(grafanauser, null, "Failed expiering user from grafana cache")
-
-        Config.api_credential_cache_seconds = 0;
-        Config.grafana_credential_cache_seconds = 0;
-        Config.dashboard_credential_cache_seconds = 0;
-        Config.cleanacl_credential_cache_seconds = 0;
-        Auth.cleanCache();
-    }
     @test async 'test full login'() {
         var q: any = new SigninMessage();
         var msg = new Message();
@@ -78,14 +48,5 @@ import { NoderedUtil, SigninMessage } from '@openiap/openflow-api';
         assert.strictEqual(q.user.username, "testuser", "Sigin did not return testuser user object")
 
     }
-    @test async 'semaphore'() {
-        setTimeout(async () => {
-            await Auth.semaphore.up();
-        }, 500);
-        await Auth.semaphore.down();
-        await Auth.semaphore.down();
-        await Auth.semaphore.up();
-    }
-
 }
 // cls | ./node_modules/.bin/_mocha 'test/**/Auth.test.ts'

test/Config.test.ts

@@ -21,7 +21,6 @@ import { Auth } from '../OpenFlow/src/Auth';
     async after() {
         await Config.db.shutdown();
         await Logger.otel.shutdown();
-        Auth.shutdown();
     }
     @test 'reload'() {
         Config.reload();

test/Crypt.test.ts

@@ -24,7 +24,6 @@ import { DBHelper } from '../OpenFlow/src/DBHelper';
     async after() {
         await Config.db.shutdown();
         await Logger.otel.shutdown();
-        Auth.shutdown();
     }
     @timeout(10000)
     @test async 'ValidatePassword'() {

test/DBHelper.test.ts

@@ -7,7 +7,6 @@ import { DatabaseConnection } from '../OpenFlow/src/DatabaseConnection';
 import assert = require('assert');
 import { Logger } from '../OpenFlow/src/Logger';
 import { NoderedUtil, TokenUser, User, WellknownIds } from '@openiap/openflow-api';
-import { Auth } from '../OpenFlow/src/Auth';
 import { Crypt } from '../OpenFlow/src/Crypt';
 import { DBHelper } from '../OpenFlow/src/DBHelper';
 
@@ -29,7 +28,6 @@ import { DBHelper } from '../OpenFlow/src/DBHelper';
     async after() {
         await Config.db.shutdown();
         await Logger.otel.shutdown();
-        Auth.shutdown();
     }
     @test async 'FindByUsername'() {
         var user = await DBHelper.FindByUsername("testuser", this.rootToken, null);
@@ -83,15 +81,16 @@ import { DBHelper } from '../OpenFlow/src/DBHelper';
         assert.notStrictEqual(role, null, "Failed locating role users")
     }
     @test async 'FindRoleByNameOrId'() {
-        var role = await DBHelper.FindRoleByNameOrId(this.testUser.username, null, null);
+        var role = await DBHelper.FindRoleByName(this.testUser.username, null);
         assert.strictEqual(role, null, "returned something with illegal name")
-        role = await DBHelper.FindRoleByNameOrId(null, this.testUser._id, null);
+        role = await DBHelper.FindRoleById(this.testUser._id, null, null);
         assert.strictEqual(role, null, "returned something with illegal id")
-        role = await DBHelper.FindRoleByNameOrId("users", null, null);
+        role = await DBHelper.FindRoleByName("users", null);
         assert.notStrictEqual(role, null, "Failed locating role users")
-        role = await DBHelper.FindRoleByNameOrId(null, WellknownIds.users, null);
+        role = await DBHelper.FindRoleById(WellknownIds.users, null, null);
         assert.notStrictEqual(role, null, "Failed locating role users")
-        await assert.rejects(DBHelper.FindRoleByNameOrId(null, null, null));
+        await assert.rejects(DBHelper.FindRoleByName(null, null));
+        await assert.rejects(DBHelper.FindRoleById(null, null, null));
     }
     @timeout(5000)
     @test async 'EnsureUser'() {

test/DatabaseConnection.test.ts

@@ -29,21 +29,12 @@ import { Crypt } from '../OpenFlow/src/Crypt';
     async after() {
         await Config.db.shutdown();
         await Logger.otel.shutdown();
-        Auth.shutdown();
     }
     @test async 'dbconstructor'() {
         var db = new DatabaseConnection(Config.mongodb_url, Config.mongodb_db, false);
         await db.connect(null);
         db.shutdown();
     }
-    @test async 'semaphore'() {
-        setTimeout(async () => {
-            await DatabaseConnection.semaphore.up();
-        }, 500);
-        await DatabaseConnection.semaphore.down();
-        await DatabaseConnection.semaphore.down();
-        await DatabaseConnection.semaphore.up();
-    }
     @test async 'ListCollections'() {
         var rootcollections = await Config.db.ListCollections(this.rootToken);
         rootcollections = rootcollections.filter(x => x.name.indexOf("system.") === -1);

test/KubeUtil.test.ts

@@ -6,8 +6,7 @@ import { Config } from "../OpenFlow/src/Config";
 import { DatabaseConnection } from '../OpenFlow/src/DatabaseConnection';
 import assert = require('assert');
 import { Logger } from '../OpenFlow/src/Logger';
-import { KubeUtil } from '../OpenFlow/src/KubeUtil';
-import { Auth } from '../OpenFlow/src/Auth';
+import { KubeUtil } from '../OpenFlow/src/ee/KubeUtil';
 
 @suite class kubeutil_test {
     @timeout(10000)
@@ -21,7 +20,6 @@ import { Auth } from '../OpenFlow/src/Auth';
     async after() {
         await Config.db.shutdown();
         await Logger.otel.shutdown();
-        Auth.shutdown();
     }
     @test async 'GetStatefulSet'() {
         var sfs = await KubeUtil.instance().GetStatefulSet(Config.namespace, "findme");

test/Logger.test.ts

@@ -7,8 +7,8 @@ import { DatabaseConnection } from '../OpenFlow/src/DatabaseConnection';
 import assert = require('assert');
 import { Logger } from '../OpenFlow/src/Logger';
 import { NoderedUtil } from '@openiap/openflow-api';
-import { license_data } from '../OpenFlow/src/otelspec';
 import { Auth } from '../OpenFlow/src/Auth';
+import { i_license_data } from '../OpenFlow/src/commoninterfaces';
 
 @suite class logger_test {
     @timeout(10000)
@@ -23,7 +23,6 @@ import { Auth } from '../OpenFlow/src/Auth';
         await Config.db.shutdown();
         await Logger.otel.shutdown();
         Logger.License.shutdown();
-        Auth.shutdown();
     }
     @test async 'test info'() {
         assert.ok(!NoderedUtil.IsNullUndefinded(Logger.myFormat), "Logger missing winston error formatter");
@@ -32,7 +31,7 @@ import { Auth } from '../OpenFlow/src/Auth';
     }
     @test async 'v1_lic'() {
         const months: number = 1;
-        const data: license_data = {} as any;
+        const data: i_license_data = {} as any;
         let template = Logger.License.template_v1;
         data.licenseVersion = 1;
         data.email = "test@user.com";
@@ -52,7 +51,7 @@ import { Auth } from '../OpenFlow/src/Auth';
     }
     @test async 'v2_lic'() {
         const months: number = 1;
-        const data: license_data = {} as any;
+        const data: i_license_data = {} as any;
         let template = Logger.License.template_v2;
         let ofid = Logger.License.ofid(false);
         assert.ok(!NoderedUtil.IsNullEmpty(ofid));

test/Message.test.ts

@@ -31,7 +31,6 @@ import { DBHelper } from '../OpenFlow/src/DBHelper';
         await Config.db.shutdown();
         await Logger.otel.shutdown();
         Logger.License.shutdown();
-        Auth.shutdown();
     }
     @test async 'Unselect customer as root'() {
         var q = new SelectCustomerMessage();

test/docker-compose-traefik.yml

@@ -0,0 +1,160 @@
+version: "3.3"
+services:
+  mongodb:
+    image: "mongo"
+    # if you get MongoDB 5.0+ require a CPU with AVX support, then try using version 4 instead
+    # image: "mongo:4.4.8"
+    restart: always
+    volumes:
+      - mongodb_data:/data/db
+  # mongoexpress:
+  #   labels:
+  #     - "traefik.enable=true"
+  #     - "traefik.http.routers.mongoexpress.rule=Host(`express.localhost.openiap.io`)"
+  #     - "traefik.http.routers.mongoexpress.entrypoints=web"
+  #     - "traefik.http.services.mongoexpress.loadbalancer.server.port=8081"
+  #   image: "mongo-express"
+  #   environment:
+  #     - ME_CONFIG_MONGODB_SERVER=mongodb
+  traefik:
+    image: "traefik"
+    container_name: "traefik"
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+    ports:
+      - "80:80"
+    volumes:
+      - "//var/run/docker.sock:/var/run/docker.sock:ro"
+  rabbitmq:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.rabbitmq.rule=Host(`mq.localhost.openiap.io`)"
+      - "traefik.http.routers.rabbitmq.entrypoints=web"
+      - "traefik.http.services.rabbitmq.loadbalancer.server.port=15672"
+    image: "rabbitmq:3-management"
+    container_name: "rabbitmq"
+    restart: always
+  # rediscommander:
+  #   labels:
+  #     - "traefik.enable=true"
+  #     - "traefik.http.routers.rediscommander.rule=Host(`redis.localhost.openiap.io`)"
+  #     - "traefik.http.routers.rediscommander.entrypoints=web"
+  #     - "traefik.http.services.rediscommander.loadbalancer.server.port=8081"
+  #   image: rediscommander/redis-commander:latest
+  #   restart: always
+  #   depends_on:
+  #     - redis
+  #   environment:
+  #   - REDIS_HOST=redis
+  #   - REDIS_PORT=6379
+  #   - REDIS_PASSWORD=pass!word2
+  # redis:
+  #   image: redis
+  #   command: >
+  #     --requirepass pass!word2
+  api:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.api.rule=Host(`localhost.openiap.io`)"
+      - "traefik.http.routers.api.entrypoints=web"
+      - "traefik.http.services.api.loadbalancer.server.port=3000"
+      - "traefik.frontend.passHostHeader=true"
+    image: "openiap/openflow:edge"
+    deploy:
+      replicas: 1
+    pull_policy: always
+    restart: always
+    volumes:
+      - "//var/run/docker.sock:/var/run/docker.sock"
+    depends_on:
+      - rabbitmq
+      - mongodb
+    environment:
+      - update_acl_based_on_groups=true
+      - multi_tenant=false
+      - auto_create_users=true
+      - auto_create_domains=
+      - allow_personal_nodered=true
+      - auto_create_personal_nodered_group=false
+      - tls_crt=
+      - tls_key=
+      - tls_ca=
+      - tls_passphrase=
+      - api_bypass_perm_check=false
+      - websocket_package_size=25000
+      - websocket_max_package_count=1048576
+      - protocol=http
+      - port=3000
+      - domain=localhost.openiap.io
+
+      - HTTP_PROXY=
+      - HTTPS_PROXY=
+      - NO_PROXY=
+
+      - enable_openflow_amqp=false # enable this to use the openflow amqp, only usefull when you have more than one replicas
+      - amqp_prefetch=25
+      - socket_rate_limit=true
+      - socket_rate_limit_points=1000
+      - socket_rate_limit_points_disconnect=2500
+
+      - nodered_images=[{"name":"Latest Plain Nodered",
+        "image":"openiap/nodered:edge"},{"name":"Latest Puppeteer Nodered",
+        "image":"openiap/nodered-puppeteer"},{"name":"Latest TagUI Nodered",
+        "image":"openiap/nodered-tagui"}]
+      - nodered_ws_url=ws://api:3000
+      - saml_federation_metadata=http://api:3000/issue/FederationMetadata/2007-06/FederationMetadata.xml
+      - nodered_saml_entrypoint=http://localhost.openiap.io/issue
+      - amqp_url=amqp://guest:guest@rabbitmq
+      - mongodb_url=mongodb://mongodb:27017
+      - mongodb_db=openrpa
+
+      - skip_history_collections=audit,openrpa_instances,workflow_instances
+      - allow_skiphistory=false
+
+      - saml_issuer=uri:localhost.openiap.io
+      - aes_secret=7TXsxf7cn9EkUqm5h4MEWGjzkxkNCk2K
+      - signing_crt=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZRENDQWtpZ0F3SUJBZ0lKQUsrSll6OGQ1bURxTUEwR0NTcUdTSWIzRFFFQkN3VUFNRVV4Q3pBSkJnTlYKQkFZVEFrRlZNUk13RVFZRFZRUUlEQXBUYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdRd0hoY05NVGt3TnpFd01UZ3dPVEl4V2hjTk1Ua3dPREE1TVRnd09USXhXakJGCk1Rc3dDUVlEVlFRR0V3SkJWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTAKWlhKdVpYUWdWMmxrWjJsMGN5QlFkSGtnVEhSa01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQgpDZ0tDQVFFQTZrcEo4eHFUUU9pRzVmTUt4T1U5VzZDbVVSSWJnb2ZoSHZwVVZWVDBoMnRsakFsc2Z2cWRzSk5MClZBd3dySW55V2ZNYlVHZGE3M21MTG9XdEM0L3RYUlNEQktnK2J6MXhRSHNzcjVaMmVueDhYdGtRSDVHZ1crOVQKajdhbVNZL0l0SUFiME5qL1NRaVozK0JPN0tpeTJpMWFVdlJBeVp5UVpVcyt1aWlIRkNJekhBbXltV0ovNXdrdwptb2ZUYjUxWWlqZ2xiaGdZVllUcXdVdmpscEIvbWFnWjV3VENuOWpmbG16bGY1aSs5aTAxSHU1U1RXNW9JSnovCm9oQ25Mam4wM2c4NXA5dllFaTJLUkM2dW84Nnp5Y1pxL1lKQzVNTlVPTzZRanlZYXQ4RjBYWVVQNzhzS1l2OCsKYTF3WmlDNFZhSWt2OEFaOUJua0hFbllBRnhpZ2RRSURBUUFCbzFNd1VUQWRCZ05WSFE0RUZnUVVsenEzdDBOWQowckpwSmpIMXRoQitlV0M2SGJZd0h3WURWUjBqQkJnd0ZvQVVsenEzdDBOWTBySnBKakgxdGhCK2VXQzZIYll3CkR3WURWUjBUQVFIL0JBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQW8rOHJDVllXOFc5UzZxUDQKdzVoSEMyTk5WMGJIVmgyQ3FZbmp3RXVTTjM4NWgvUWd3TmlIZE5NQzJXUHd4VytwSmZ4Q0Y1ZGZOMzUrZ085YworOTg1UHYzYVoyZ3BmcWVaRTFKZ2JqUTFiTkVWT3BqRDV0dVlNRE55YWpraS9oWVdDaVBSams5ZG1nQVV4cHdpCkZuTUdlemk4K080dXQyRW1DaHhUYlZUQ1psRnJwRWpqSTF1WUVmQ2l5NmZaUXV2bnpCeU5QZ3FUQS9RWXhMZkIKRWE4cFpOMk5LNm5IdEF0clhyRkYveFh6OHJRYWlyVFYrVm9yQXQxdzYzZ1VTWGc1VU55R2JZaDErdFRzWTdoYQpNamkwSFNYQkxtL0dHb05XaHBDVVpDVDU0NWJ6SmdJNjJwd2hKcVlyWm5jYlBDRzRaWXhHZzIxTVZLdkJaL29pCkFYcStpQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+      - singing_key=LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRHFTa256R3BOQTZJYmwKOHdyRTVUMWJvS1pSRWh1Q2grRWUrbFJWVlBTSGEyV01DV3grK3Ayd2swdFVERENzaWZKWjh4dFFaMXJ2ZVlzdQpoYTBMaisxZEZJTUVxRDV2UFhGQWV5eXZsblo2Zkh4ZTJSQWZrYUJiNzFPUHRxWkpqOGkwZ0J2UTJQOUpDSm5mCjRFN3NxTExhTFZwUzlFREpuSkJsU3o2NktJY1VJak1jQ2JLWlluL25DVENhaDlOdm5WaUtPQ1Z1R0JoVmhPckIKUytPV2tIK1pxQm5uQk1LZjJOK1diT1YvbUw3MkxUVWU3bEpOYm1nZ25QK2lFS2N1T2ZUZUR6bW4yOWdTTFlwRQpMcTZqenJQSnhtcjlna0xrdzFRNDdwQ1BKaHEzd1hSZGhRL3Z5d3BpL3o1clhCbUlMaFZvaVMvd0JuMEdlUWNTCmRnQVhHS0IxQWdNQkFBRUNnZ0VBTXVEZkhrUHZKbkZZbWljbGQ0eXd2bTBzc1A1VnF3c0hBRXNzZFR0MXZ0SzcKd3FWcFFrbjZaSllZRGJCNEFZQVRlU1VxRVZQZ2s1QzVnT2pXbzJRbUQ4aWNpeTVlSUpvZk5mbUp3cmZTRXRkbAp5dE1vaFRLQ3VIUkltVFQ0OTVDWjdWakVzWjN1RWxZajFGSkowV3J4TENBZE5WYUZtMEs4dU1LV1pLYllicTUwCk40SkdBVVA4cXpzVGsxMFcwL1JsVkhjN3MxcVJMYmhUaHVmeWZqdkFsWlRDUStzNld2Z1FzNTljZis5ZkRpenEKeDlFYTRmclN4SkFzdmhEZ3lmd0FCSHVYcEl5ZGFJNEQ1UkZYRXBGQW1SYkZGRkFhNW9Zam5XT1BiQmVKUHJUUApMckxmcU03NkVaZ1pXclU5UmgwN2VXeVMwdlAyVEhmNGo4eTNYWEpFQVFLQmdRRDVyVTFnQlNLdXhxZVZkWFZRCkp1RXVIVnVFTEkzS0hITVRGb1R1cEFKU2R1b3VSMXNmYjZHc1RPQWFmamp6QlpHdFFFa3R4c3pEemFTTVh5OHYKYU5mT1QvcTlZYXFwdSt3cno5dXp4dnBhY1pQZHg3TGJUWGwwYmRKR2FPRHdNYWY3bHRDcmo1WVZ6Vk9GSGsvZgpCYndGV1ZQTUJORldCMEZMZzU1dGN6cjFGUUtCZ1FEd09UdEp2TXNtZVZFVU1aUnFnNjB0U2FyN0pjeHJKRklrCno5ZFdIUW1xS1dpNzFob3krbHBqM0FwRnhBQ3lPY2dmZE03VFQyb25rcXB1c0NUNlliZThXT3BrWWxIMGlpUmQKWkVISC9zakhySzNEaktJWEIvSEVyVEdrOVJNaTdiNUd4NGYweVVkM2hqd0E2Y2dGRDlyd0l6VyszMjM0Z2xlNwphdzlIRFpxVjRRS0JnQVBiOXVjMkRSd3dlK1NtaFNLeEJ5Z0VVaWJQM1gwelJXQVZLQWJjU0NEb0w2UjVlK0lYCmdxTThLUGFmM3RkNnpZNmxBTHlSWnhiYnRlQnBsRHdpWGJ1VnB1V0lmZS9UdE1uVWs2dkt0cEh4VVh6TEdtdWoKWGU0N3lGVklSN25PdXE3NzNNdmFFMUxROHFxTEZtYjNHcm5tY0pJbHZPcWNnQmpmdHZJd0pzZ2xBb0dBU1RtWQoyZlJEbEptOFhrUnlzamtySzdmZDk2cGc4blBpMmpmRXN3b3M3UUtzV3oxN1JQak5YczB2RUc4YnF6Z3p5V3JvCnRMN3JZOTZ3TndkWWJqNGxMTE9KMTBtbEk3Nk1NUytqWVp4SGhaNGNaWlJUd0dONmpmSWhST0F6a2gwWU9Da1EKUjB5bmpVYU11ZGFKVXdtdk9pM3hieHBhUWpzeEZQOGdiQTg0aE9FQ2dZRUExbXZjSStZeDZITW00WkVjMU9yaworNXJoUHJrdGNMT0JHR3pZZGZIZGRZMytVdFZydUpCRmt5R2pCU2t2YmVtcUZxRlluMHFZckpXZVlUS2hMbUlwClkyRk1Gd29abWxpSkpONTA1eStTemdPbUVxN2wzT1Z4R0NwTTd1ODNyWFBXRGRERnc5WVNYVU1ueFRDUGsyRW0KekEyUzVkWjlWRld2NlR6VHg3cTIyc2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+
+      # - cache_store_type=redis
+      # - cache_store_redis_host=redis
+      # - cache_store_redis_password=pass!word2
+volumes:
+  mongodb_data:
+    driver: local
+
+  # if you don't want to start nodered though powershell or the webinterface, you can hardcode one or more instance here
+  # You need to pre-create the user .. in this example the user has to have username nodered1
+  # create a user with no password so the user cannot login, or give it a very long and complex one
+  # nodered1:
+  #   labels:
+  #     - "traefik.enable=true"
+  #     - "traefik.http.routers.nodered.rule=Host(`nodered1.localhost.openiap.io`)"
+  #     - "traefik.http.routers.nodered.entrypoints=web"
+  #     - "traefik.http.services.nodered.loadbalancer.server.port=1880"
+  #     - "traefik.frontend.passHostHeader=true"
+  #   image: "openiap/nodered"
+  #   container_name: "nodered1"
+  #   depends_on:
+  #     - api
+  #   environment:
+  #     - nodered_sa=nodered1
+  #     - saml_federation_metadata=http://api:3000/issue/FederationMetadata/2007-06/FederationMetadata.xml
+  #     - saml_issuer=uri:localhost.openiap.io
+  #     - saml_entrypoint=http://localhost.openiap.io/issue
+  #     - saml_baseurl=http://nodered1.localhost.openiap.io/
+  #     - port=1880
+  #     - api_ws_url=ws://api:3000
+  #     - api_credential_cache_seconds=300
+  #     - api_allow_anonymous=false
+  #     # this is the "trick" to make the nodered beable to login.
+  #     # this way the nodered can create it's own token. this is VERY INSECURE DO NOT USE THIS ON A PUBLIC installation
+  #     # if you want a more secure way to login, create a jwt token using the nodered cli and set it using - jwt in this file.
+  #     - aes_secret=7TXsxf7cn9EkUqm5h4MEWGjzkxkNCk2K
+  #     - jwt=
+# volumes:
+#   mongodb_data:
+#     driver: local