diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..9ec19d8 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,89 @@ +version: 2.1 +orbs: + docker: circleci/docker@2.1.1 +executors: + openjdk_executor: + docker: + - image: cimg/openjdk:17.0.3 + environment: + _JAVA_OPTIONS: "-Xmx3g" + GRADLE_OPTS: "-Dorg.gradle.daemon=false" + +jobs: + build_and_test: + executor: + name: docker/docker + working_directory: /home/circleci/mms + steps: + - checkout + + - setup_remote_docker + + - run: + name: "Create and start all services from the docker-compose configuration" + command: | + cp example/src/main/resources/application.properties.example ./example/src/main/resources/application.properties + docker-compose up --build -d + docker run --network container:mms curlimages/curl --retry 8 --retry-delay 10 --retry-max-time 90 --retry-connrefused http://mms:8080/healthcheck + + - run: + name: "Run and test Postman Collection" + command: | + docker create -v /etc/newman --name mms_test_configs alpine:3.4 /bin/true + docker cp example/. mms_test_configs:/etc/newman + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run crud.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run cameo.postman_collection.json -e test-env.json --delay-request 1000 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run jupyter.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run localauth.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run permissions.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run search.postman_collection.json -e test-env.json --delay-request 1000 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run artifacts.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run elastic.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run groups.postman_collection.json -e test-env.json --delay-request 500 + + - persist_to_workspace: + root: /home/circleci/ + paths: + - mms/* + + deploy_snapshot: + executor: openjdk_executor + working_directory: /home/circleci/mms + steps: + - attach_workspace: + at: ~/ + - run: + name: Deploy snapshot to sonatype + command: ./gradlew -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PsigningKey="$SIGNING_KEY" -PsigningPassword=$SIGNING_PASSWORD publish + deploy_release: + executor: openjdk_executor + working_directory: /home/circleci/mms + steps: + - attach_workspace: + at: ~/ + - run: + name: Deploy release to sonatype + command: ./gradlew -PbuildNumber=$CIRCLE_BUILD_NUM -PbuildTag=$CIRCLE_TAG -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PsigningKey="$SIGNING_KEY" -PsigningPassword=$SIGNING_PASSWORD --info --stacktrace publish + +workflows: + version: 2 + build-test-deploy: + jobs: + - build_and_test: + filters: + tags: + only: /[0-9.]+(-(a|b|rc)[0-9]+)?/ + - deploy_snapshot: + requires: + - build_and_test + filters: + branches: + only: /((release|hotfix|support)/[0-9.]+(-(a|b|rc)[0-9]+)?|develop)/ + - deploy_release: + requires: + - build_and_test + filters: + tags: + only: /[0-9.]+(-(a|b|rc)[0-9]+)?/ + branches: + ignore: /.*/ \ No newline at end of file diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..c8396dd --- /dev/null +++ b/.editorconfig @@ -0,0 +1,19 @@ +[*] +charset=utf-8 +end_of_line=lf +insert_final_newline=false +indent_style=space +indent_size=4 + +[{messages.*,spring.schemas,org.codehaus.groovy.runtime.ExtensionModule,spring.handlers,messages,*.properties}] +indent_style=space +indent_size=4 + +[{*.gson,*.gradle,*.groovy,*.gant,*.gdsl,*.gy}] +indent_style=space +indent_size=4 + +[{*.kts,*.kt}] +indent_style=space +indent_size=4 + diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..ef698e8 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +custom: ['https://numfocus.salsalabs.org/supportopenmbee'] diff --git a/.github/codeql.yml b/.github/codeql.yml new file mode 100644 index 0000000..4fe1e47 --- /dev/null +++ b/.github/codeql.yml @@ -0,0 +1,3 @@ +query-filters: + - exclude: + id: java/spring-disabled-csrf-protection diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..f2ad892 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,48 @@ +name: "CodeQL" + +on: + push: + branches: [ "develop", "master" ] + pull_request: + branches: [ "develop" ] + schedule: + - cron: "4 23 * * 1" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ java ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Java + uses: actions/setup-java@v3 + with: + distribution: temurin + java-version: 11 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + config-file: ./.github/codeql.yml + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" diff --git a/.gitignore b/.gitignore index 18c70ae..3696a65 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,11 @@ .gradle **/build/ -application.properties +!gradle/wrapper/gradle-wrapper.jar +#application.properties localhost-env.json .vscode - +*.pem +src/main/resources/*.pem ### STS ### .apt_generated .classpath @@ -27,8 +29,12 @@ localhost-env.json /nbdist/ /.nb-gradle/ +### Sphinx ### +_build + **/bin -**/_build -*.ks -*.jks + +**/.DS_Store +/old_build/ +/generate_toc.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..d712a9b --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,81 @@ +variables: + DOCKER_DRIVER: overlay2 + DOCKER_TLS_CERTDIR: "/certs" + SELECTOR: "openmbee-mms" + TAG: "latest" + ENVIRONMENT: "dev" + OC_PROJECT: $OC_DEV_NAMESPACE + OC_TOKEN: $OC_DEV_TOKEN + OC_URL: $OC_PIPELINE_URL + + +stages: + - build + - deploy + +build: + image: URIHERE/docker:20.10.1 + services: + - name: docker:20.10.1-dind + command: + - /bin/sh + - -c + - apk update && apk add ca-certificates wget && wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/wcf/latest/crt/ -P /usr/local/share/ca-certificates && update-ca-certificates --fresh > /dev/null && dockerd-entrypoint.sh --insecure-registry=URIHERE --insecure-registry=URIHERE --debug || exit + stage: build + tags: + - dind + - rhel + - edmz + before_script: + - echo $CI_COMMIT_REF_NAME + - | + if echo $CI_COMMIT_REF_NAME | grep -E [[:digit:]]+.[[:digit:]]+.[[:digit:]]+; + then + TAG=$CI_COMMIT_REF_NAME + else + TAG="latest" + fi + - apk -U upgrade + - docker info + script: + - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD URIHERE + - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD URIHERE + - docker build -f $DOCKERFILE_PATH --build-arg NEXUS_USERNAME=$NEXUS_USERNAME --build-arg NEXUS_PASSWORD=$NEXUS_PASSWORD -t URIHERE/$NEXUS_NAMESPACE/$SELECTOR:$TAG . + - docker push URIHERE/$NEXUS_NAMESPACE/$SELECTOR:$TAG + +deploy: + image: URIHERE/openshift/origin-cli:v3.11 + stage: deploy + tags: + - dind + - rhel + - edmz + before_script: + - | + if [[ "$CI_COMMIT_REF_NAME" =~ [[:digit:]]+.[[:digit:]]+.[[:digit:]]+-RC[[:digit:]]+-SNAPSHOT ]] + then + TAG=$CI_COMMIT_REF_NAME + OC_PROJECT=$OC_STAGE_NAMESPACE + OC_TOKEN=$OC_STAGE_TOKEN + elif [[ "$CI_COMMIT_REF_NAME" =~ [[:digit:]]+.[[:digit:]]+.[[:digit:]]+.[[:digit:]]+-FINAL ]] + then + TAG=$CI_COMMIT_REF_NAME + OC_PROJECT=$OC_PROD_NAMESPACE + OC_URL=$OC_PROD_URL + OC_TOKEN=$OC_PROD_TOKEN + else + TAG="latest" + fi + script: + - echo $OC_URL + - oc login $OC_URL --token=$OC_TOKEN --insecure-skip-tls-verify + - oc project $OC_PROJECT + - | + OC_PATCH_STATUS=$(oc patch deploymentconfig $SELECTOR -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$SELECTOR\",\"image\": \"URIHERE/$NEXUS_NAMESPACE/$SELECTOR:$TAG\"}]}}}}") + - echo $OC_PATCH_STATUS + - | + if [[ "$OC_PATCH_STATUS" == *"not patched" ]]; then + oc rollout latest dc/$SELECTOR + oc rollout status dc/$SELECTOR + fi + - oc logout diff --git a/.lgtm.yml b/.lgtm.yml new file mode 100644 index 0000000..644839d --- /dev/null +++ b/.lgtm.yml @@ -0,0 +1,6 @@ +extraction: + java: + index: + java_version: 11 +queries: + - exclude: java/spring-disabled-csrf-protection \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..8f469d5 --- /dev/null +++ b/README.md @@ -0,0 +1,154 @@ +# MMS Reference Implementation + +[![Language grade: Java](https://img.shields.io/lgtm/grade/java/g/Open-MBEE/mms.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/Open-MBEE/mms/context:java) + +[![CircleCI](https://circleci.com/gh/Open-MBEE/mms.svg?style=svg)](https://circleci.com/gh/Open-MBEE/mms) + +[![Documentation Status](https://readthedocs.org/projects/mms-reference-implementation/badge/?version=latest)](https://mms-reference-implementation.readthedocs.io/en/latest/?badge=latest) + +This is the reference implementation for MMS. For the source code, +please head to . For more information +about Open-MBEE, visit the [Open-MBEE Website](https://openmbee.org/). +For more detailed documentation, visit [MMSRI +ReadTheDocs](https://mms-reference-implementation.readthedocs.io/en/latest/). + +## Quick Start + +Note this quick start is for getting a test instance up and is not +recommended for production use. Different configs will be required for +different deployment scenarios, environments and workloads (ex. +elasticsearch should be a cluster instead of single node, different +memory allocations, etc) + +### Docker + +Installation instructions are found here: [Docker +documentation](https://docs.docker.com/) + +#### Option 1: Get from dockerhub + +Use tag 4.x from [Dockerhub](https://hub.docker.com/r/openmbee/mms) + +#### Option 2: Build from repo + +1. Copy the `application.properties.example` file in + `src/main/resources/` as `application.properties` +2. In the command line, run `docker-compose up --build` to create and + start all the services from the configuration. +3. Swagger ui at +4. Use the command `docker-compose down` to stop any containers from + running and to remove the containers, networks, and images created + by the `docker-compose up` command. This command should always be + done before any new attempts to restart the services from the + configuration. + +Note the docker compose file is running the application with the `test` +profile, with the config from +`src/main/resources/application-test.properties` + +This implementation brings in Spring Actuator and Logbook for monitoring +and logging features - see [Logbook](https://github.com/zalando/logbook) +and +[Actuator](https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html) +for more info. + +The `application.properties.example` file has the suggested configs and +comments. +[example](https://github.com/Open-MBEE/mmsri/blob/develop/src/main/resources/application.properties.example) + +## Using externalized configs + +There are a variety of options to override the packaged config depending +on the deployment scenario. See [Config +locations](https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-external-config) +for the list of options. Usually using profiles or environment variables +are a good way to specify different configs for different environments. + +## Developer Setup + +### Docker + +We suggest using Docker to set up PostgreSQL and Elasticsearch. +Installation instructions are found here: [Docker +documentation](https://docs.docker.com/) + +### Java SE Development Kit 17 + +Installation instructions: [JDK-17 +download](https://www.oracle.com/java/technologies/javase-jdk17-downloads.html) + +### Postgresql + +Install postgres (PostgreSQL) 11, instructions for Docker: [PostgreSQL +with Docker](https://hub.docker.com/_/postgres) + +``` +docker run -d -e POSTGRES_PASSWORD=test1234 -e POSTGRES_USER=mmsuser -e POSTGRES_DB=mms -p 5432:5432 postgres:11-alpine +``` + +### or Mysql + +5.7 [Mysql Docker](https://hub.docker.com/_/mysql/) + +``` +docker run -d -e MYSQL_ROOT_PASSWORD=test1234 -e MYSQL_DATABASE=mms -p 3306:3306 mysql:5.7 +``` + +### Elasticsearch + +Install Elasticsearch 7.8. If you use Docker instructions are available +here: [Setting up Elasticsearch with +Docker](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html) + +``` +docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.8.1 +``` + +### Artifact Storage + +Use MinIO for an open sourced local s3 api compatible storage + +``` +docker run -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" minio/minio server /data +``` + +### The Application: + +1. Copy the `application.properties.example` file in + `src/main/resources/` as `application.properties` +2. Change values for all the appropriate properties. The example file + holds sane values for most properties. +3. Setup Run and Debug configurations. The command line run command is + `./gradlew bootRun` +4. Swagger ui at + +## Swagger codegen + +[Gradle +Plugin](https://github.com/int128/gradle-swagger-generator-plugin) + +``` +./gradlew generateSwaggerCode +``` + +Results in build/swagger-code-\* + +## Built With + +- [Spring](https://spring.io) + +## Contributing + +To learn how you can get involved in a variety of ways, please see +[Contributing to OpenMBEE](https://www.openmbee.org/contribute). + +## Versioning + +We use [SemVer](http://semver.org/) for versioning. For the versions +available, see the [tags on this +repository](https://github.com/Open-MBEE/mms-sdvc.git). + +## License + +This project is licensed under the Apache License 2.0 - see the +[LICENSE](LICENSE) file for details diff --git a/README.rst b/README.rst index b3b8de5..446e42f 100644 --- a/README.rst +++ b/README.rst @@ -1,6 +1,6 @@ -MMS Reference Implementation -============================ +MMS Structured Data Version Control +=================================== .. image:: https://img.shields.io/lgtm/grade/java/g/Open-MBEE/mms.svg?logo=lgtm&logoWidth=18 @@ -11,46 +11,14 @@ MMS Reference Implementation :target: https://circleci.com/gh/Open-MBEE/mms :alt: CircleCI -.. image:: https://readthedocs.org/projects/mms-reference-implementation/badge/?version=latest - :target: https://mms-reference-implementation.readthedocs.io/en/latest/?badge=latest +.. image:: https://readthedocs.org/projects/model-management-system/badge/?version=latest + :target: https://model-management-system.readthedocs.io/en/latest/?badge=latest :alt: Documentation Status -This is the reference implementation for MMS. For the source code, please head to `https://github.com/Open-MBEE/mms `_. For more information about Open-MBEE, visit the `Open-MBEE Website `_. For more detailed documentation, visit `MMSRI ReadTheDocs `_. +The MMS SDVC is a collection of modules built on top of the Spring Framework and is a part of Open-MBEE. For more information about Open-MBEE, visit the `Open-MBEE Website `_ -Quick Start ------------ - -Note this quick start is for getting a test instance up and is not recommended for production use. Different configs will be required for different deployment scenarios, environments and workloads (ex. elasticsearch should be a cluster instead of single node, different memory allocations, etc) - -Docker -^^^^^^ - -Installation instructions are found here: `Docker documentation `_ - -Option 1: Get from dockerhub -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Use tag 4.x from `Dockerhub `_ - -Option 2: Build from repo -~~~~~~~~~~~~~~~~~~~~~~~~~ - - -#. Copy the ``application.properties.example`` file in ``src/main/resources/`` as ``application.properties`` -#. In the command line, run ``docker-compose up --build`` to create and start all the services from the configuration. -#. Swagger ui at `http://localhost:8080/v3/swagger-ui.html `_ -#. Use the command ``docker-compose down`` to stop any containers from running and to remove the containers, networks, and images created by the ``docker-compose up`` command. This command should always be done before any new attempts to restart the services from the configuration. - -Note the docker compose file is running the application with the ``test`` profile, with the config from ``src/main/resources/application-test.properties`` - -This implementation brings in Spring Actuator and Logbook for monitoring and logging features - see `Logbook `_ and `Actuator `_ for more info. - -The ``application.properties.example`` file has the suggested configs and comments. `example `_ - -Using externalized configs --------------------------- - -There are a variety of options to override the packaged config depending on the deployment scenario. See `Config locations `_ for the list of options. Usually using profiles or environment variables are a good way to specify different configs for different environments. +If you are interested in deploying MMS, please see the `MMSRI `_ quickstart. +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Developer Setup --------------- @@ -96,36 +64,40 @@ Install Elasticsearch 7.8. If you use Docker instructions are available here: ` docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.8.1 -Artifact Storage -^^^^^^^^^^^^^^^^ - -Use MinIO for an open sourced local s3 api compatible storage +Artifacts Storage +^^^^^^^^^^^^^^^^^ .. code-block:: - docker run -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" minio/minio server /data + docker run -d -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" minio/minio server /data -The Application: -^^^^^^^^^^^^^^^^ +IntelliJ IDEA +^^^^^^^^^^^^^ -#. Copy the ``application.properties.example`` file in ``src/main/resources/`` as ``application.properties`` -#. Change values for all the appropriate properties. The example file holds sane values for most properties. -#. Setup Run and Debug configurations. The command line run command is ``./gradlew bootRun`` -#. Swagger ui at `http://localhost:8080/v3/swagger-ui.html `_ +#. Import Gradle Project to IntelliJ IDEA +#. Ensure that you select JDK 10 or above and search recursively for projects. +#. The ``example`` subproject will show you how to include the different modules to run as a Spring Boot application. -Swagger codegen ---------------- +Gradle +^^^^^^ -`Gradle Plugin `_ +A gradle wrapper is included in the root of this repository and can be called from the command line with ``./gradlew [command]``. -.. code-block:: +The Example Sub Project: +^^^^^^^^^^^^^^^^^^^^^^^^ - ./gradlew generateSwaggerCode +#. Copy the example properties file in ``example/src/main/resources/`` as ``application.properties`` +#. Change values for all the appropriate properties. The example file holds sane values for most properties. +#. Setup Run and Debug configurations. The command line run command is ``./gradlew bootRun`` +#. Swagger ui at `http://localhost:8080/v3/swagger-ui.html `_ -Results in build/swagger-code-* +Running tests +------------- + +See README in /example Built With ---------- @@ -141,9 +113,14 @@ To learn how you can get involved in a variety of ways, please see `Contributing Versioning ---------- -We use `SemVer `_ for versioning. For the versions available, see the `tags on this repository `_. +We use `SemVer `_ for versioning. For the versions available, see the `tags on this repository `_. License ------- This project is licensed under the Apache License 2.0 - see the `LICENSE `_ file for details + +Structure of Modules +-------------------- + +TBA diff --git a/build.gradle b/build.gradle index 33a7516..5063b85 100644 --- a/build.gradle +++ b/build.gradle @@ -60,6 +60,15 @@ dependencies { "org.springframework.security:spring-security-core:5.6.12", "org.springframework.security:spring-security-config:5.6.12", + //https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 +// "org.springframework:spring-web:6.0.0",//this forces to use jakarta and upgraded version of spring web +// // "javax.servlet:javax.servlet-api:4.0.1", +// "jakarta.servlet:jakarta.servlet-api:5.0.0", +// // 'jakarta.platform:jakarta.jakartaee-api:9.1.0', +// // 'org.eclipse.persistence:javax.persistence:2.2.1', +// 'jakarta.persistence:jakarta.persistence-api:3.0.0' +// // "jakarta.servlet:jakarta.servlet-api:5.0.0", + // RESOLVE HIGH VULNERABILITIES "org.apache.tomcat.embed:tomcat-embed-core:9.0.75", "org.springframework.boot:spring-boot-autoconfigure:2.7.12", diff --git a/docker-compose.yml b/docker-compose.yml index d732ffe..bbf8487 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,18 +19,21 @@ services: - 9300:9300 minio: - image: minio/minio:latest + # image: minio/minio:latest + image: minio/minio:RELEASE.2022-05-26T05-48-41Z.hotfix.15f13935a environment: + # - "MINIO_ROOT_USER=admintest" + # - "MINIO_ROOT_PASSWORD=admintest" - "MINIO_ACCESS_KEY=admintest" - "MINIO_SECRET_KEY=admintest" command: server /tmp/data ports: - 9000:9000 - mms: + openmbee-mms: build: . - container_name: mms - hostname: mms + container_name: openmbee-mms + hostname: openmbee-mms environment: - "SPRING_PROFILES_ACTIVE=test" depends_on: @@ -38,4 +41,48 @@ services: - elasticsearch - minio ports: - - 8080:8080 \ No newline at end of file + - 8080:8080 + + +# DOCKER_COMPOSE FROM DEVELOP BRANCH +# version: '3.8' + +# services: +# postgres: +# image: postgres:11-alpine +# environment: +# - POSTGRES_PASSWORD=test1234 +# - POSTGRES_USER=mmsuser +# - POSTGRES_DB=mms +# ports: +# - 5432:5432 + +# elasticsearch: +# image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1 +# environment: +# - "discovery.type=single-node" +# ports: +# - 9200:9200 +# - 9300:9300 + +# minio: +# image: minio/minio:RELEASE.2022-05-26T05-48-41Z.hotfix.15f13935a +# environment: +# - "MINIO_ACCESS_KEY=admintest" +# - "MINIO_SECRET_KEY=admintest" +# command: server /tmp/data +# ports: +# - 9000:9000 + +# mms: +# build: . +# container_name: mms +# hostname: mms +# environment: +# - "SPRING_PROFILES_ACTIVE=test" +# depends_on: +# - postgres +# - elasticsearch +# - minio +# ports: +# - 8080:8080 \ No newline at end of file diff --git a/docker-services-compose.yml b/docker-services-compose.yml index 3d060b5..65e1dd8 100644 --- a/docker-services-compose.yml +++ b/docker-services-compose.yml @@ -24,6 +24,8 @@ services: image: minio/minio:latest network_mode: host environment: + # - "MINIO_ROOT_USER=admintest" + # - "MINIO_ROOT_PASSWORD=admintest" - "MINIO_ACCESS_KEY=admintest" - "MINIO_SECRET_KEY=admintest" command: server /tmp/data diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index aa991fc..d7668b3 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,8 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip + +# distributionUrl=https://services.gradle.org/distributions/gradle-7.4.2-bin.zip +# distributionUrl=gradle-7.4.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/openshift-resources/Dockerfile b/openshift-resources/Dockerfile new file mode 100644 index 0000000..8eaffa3 --- /dev/null +++ b/openshift-resources/Dockerfile @@ -0,0 +1,151 @@ +FROM URIHERE/buildpack-deps:bullseye AS config + +ARG NEXUS_USERNAME +ARG NEXUS_PASSWORD + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + +RUN echo -e "${BLUE_TEXT}}First Stage Build${RESET_TEXT}" + +# Download certificates using wget +RUN echo -e "${YELLOW_TEXT}Downloading certificates from using wget${RESET_TEXT}" +RUN wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF +RUN wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/dod/latest/ -P /usr/local/share/ca-certificates/WCF + +# Update ca-certificates +RUN echo -e "${YELLOW_TEXT}Updating ca-certificates${RESET_TEXT}" +RUN update-ca-certificates + +# Grabs MAVEN proxy +RUN mkdir -p /root/.m2 +RUN wget --no-check-certificate -O /root/.m2/settings.xml URIHERE/config/maven/settings.xml +RUN echo -e "${YELLOW_TEXT}Updating Maven settings.xml with NEXUS credentials${RESET_TEXT}" +RUN sed -i.bak "s/nexus_username<\/username>/$NEXUS_USERNAME<\/username>/g" /root/.m2/settings.xml +RUN sed -i.bak "s/nexus_password<\/password>/$NEXUS_PASSWORD<\/password>/g" /root/.m2/settings.xml + +# Grabs alpine proxy +RUN wget --no-check-certificate -O /usr/local/share/repositories URIHERE//config/alpine/alpine_16-sources.list +RUN sed -i "s//$NEXUS_USERNAME/g" /usr/local/share/repositories +RUN sed -i "s//$NEXUS_PASSWORD/g" /usr/local/share/repositories + +# Use a base image that includes the necessary tools (e.g., curl, unzip) +FROM URIHERE/amazoncorretto:17-alpine-jdk AS build + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + + +RUN echo -e "${BLUE_TEXT}Second Stage Build${RESET_TEXT}" + +COPY --from=config /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=config /usr/local/share/ca-certificates/WCF /usr/local/share/ca-certificates/WCF +COPY --from=config /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf +COPY --from=config /usr/local/share/repositories /usr/local/share/repositories +COPY --from=config /root/.m2/settings.xml /root/.m2/settings.xml + +COPY certs.sh . +RUN chmod +x certs.sh +RUN ./certs.sh + +# Echo statement for ARGs +RUN echo -e "${YELLOW_TEXT}Setting ARGs for environment variables${RESET_TEXT}" + +ENV GITLAB_ACCESS_TOKEN=$GITLAB_ACCESS_TOKEN +ENV GITLAB_URL=$GITLAB_URL + +# COMMENTED OUT SINCE NO LONGER NEED MAVEN. TO INCLUDE UNCOMMENT BLOCK ON LINE 19 AND ADD COPY COMMAND +# RUN apk add maven +# RUN mvn dependency:purge-local-repository +# RUN ./gradlew build --refresh-dependencies +# RUN ./gradlew clean verify + +# # Doing a two stage build like this helps eliminate vulnerablilite that may come along with build tools. +WORKDIR application +COPY . . + +RUN echo -e "${YELLOW_TEXT}Cleaning Build and Pull Depenencies...${RESET_TEXT}" +# RUN ./gradlew clean +# RUN ./gradlew --refresh-dependencies + +RUN echo -e "${YELLOW_TEXT}Building application using Gradle...${RESET_TEXT}" +# RUN ./gradlew tasks +RUN ./gradlew --no-daemon bootJar + +RUN echo -e "${YELLOW_TEXT}Copying and extracting application JAR using jarmode...${RESET_TEXT}" +RUN cp build/libs/mmsri-4.0.18.jar app.jar + +RUN ls -lah + +#RUN apk add --no-cache findutils +#RUN find . -type f -name mms*.jar -not -iname '*javadoc*' -not -iname '*sources*' exec cp '{}' 'app.jar' ';' +#RUN find . -type f -name 'mms*.jar' -not -iname '*javadoc*' -not -iname '*sources*' -exec cp '{}' 'app.jar' ';' +RUN java -Djarmode=layertools -jar app.jar extract + +RUN ls -lah + +#make folder and copy project +#RUN mkdir /project +#COPY . /project +#WORKDIR /project + +# NOT NEEDED UNLESS WE USE MAVEN +# RUN mvn clean package + +FROM URIHERE/amazoncorretto:17-alpine-jdk as app_runner + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + +RUN echo -e "${BLUE_TEXT}Third Stage Build${RESET_TEXT}" + +COPY --from=config /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=config /usr/local/share/ca-certificates/WCF /usr/local/share/ca-certificates/WCF +COPY --from=config /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf +COPY --from=config /usr/local/share/repositories /usr/local/share/repositories + +# Re add certs +COPY certs.sh . +RUN chmod +x certs.sh +RUN ./certs.sh + +# Create self signed url for +#RUN apk --no-cache add openssl +#RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/key.pem -out /etc/ssl/certs/cert.pem -subj "/CN=openmbee-mms.openmbee.svc.cluster.local" + +RUN echo -e "${YELLOW_TEXT}Upgrading apk & installing procps${RESET_TEXT}" +RUN apk upgrade -q && apk add -q procps + +RUN ls -lah + +# RUN tree || true +WORKDIR application +RUN ls -lah + +COPY --from=build application/dependencies/ ./ +COPY --from=build application/spring-boot-loader/ ./ +COPY --from=build application/snapshot-dependencies/ ./ +COPY --from=build application/application/ ./ +#COPY --from=build ./ ./app.jar +#COPY --from=build build/libs/mmsri-4.0.18.jar ./build/libs/mmsri-4.0.18.jar +#CMD ["java","-jar","/build/libs/mmsri-4.0.18.jar"] +#EXPOSE 8080 + +#Java Commands from OpenMBEE MMSRI +ENV JDK_JAVA_OPTIONS "-XX:MaxRAMPercentage=90.0 -XX:+PrintFlagsFinal -XX:+UseZGC" +#ENV SPRING_PROFILES_ACTIVE=test +ENTRYPOINT ["java", "--add-opens", "java.base/java.lang=ALL-UNNAMED", "org.springframework.boot.loader.JarLauncher"] +EXPOSE 5000 +# COPY --from=application-builder application/dependencies/ ./ +# COPY --from=application-builder application/spring-boot-loader/ ./ +# COPY --from=application-builder application/snapshot-dependencies/ ./ +# COPY --from=application-builder application/application/ ./ + +# # These commands update and upgrade the underlying os of the container, thus helping to eliminate os level vulnerabilites. +# # RUN apk upgrade +# EXPOSE 8080 +# # CMD ["java","-jar","/project/target/colosseo-api-toolbelt-0.0.1-SNAPSHOT.jar"] +# CMD ["java","-jar","app.jar"] diff --git a/openshift-resources/Notes.MD b/openshift-resources/Notes.MD new file mode 100644 index 0000000..14e183a --- /dev/null +++ b/openshift-resources/Notes.MD @@ -0,0 +1,463 @@ +# Table of Contents + +- [Overview](#overview) + - [Getting Started:](#getting-started) + - [Setting Up:](#setting-up) + - [Local Development](#local-development) + - [Local Instance Setup](#local-instance-setup) + - [Developing With Docker](#developing-with-docker) +- [DevSecOps](#devsecops) + - [Dockerfile](#dockerfile) + - [GitLab CI/CD](#gitlab-cicd) + - [GitLab CI](#gitlab-ci) + - [GitLab CD Pipeline](#gitlab-cd-pipeline) + - [OpenShift](#openshift) +- [Bottom Line Up Front:](#bottom-line-up-front) + - [Solutions](#solutions) + - [Solution 1: Use KONG API Gateway Proxy](#solution-1-use-kong-api-gateway-proxy) + - [Solution 2: Use Ingress to create Reverse Proxy](#solution-2-use-ingress-to-create-reverse-proxy) + - [Solution 3: Use KeyCloak Integration](#solution-3-use-keycloak-integration) + - [Solution 4: Use Combination of the Previous Solutions](#solution-4-use-combination-of-the-previous-solutions) + - [Solution 5: Use LDAP Authentication](#solution-5-use-ldap-authentication) + - [Solution 6: Use TeamWork Cloud](#solution-6-use-teamwork-cloud) +- [Resources](#resources) + +# Overview + +This project is an implementation of NASA JPL's OpenMBEE View Editor(VE) and Model Management System (MMS). Note: When developing this application I used VE v4.0.2 and MMSRI v4.0.18. The MMSRI is a wrapped up version of the MMS, meaning instead of having all the subprojects in the codebase is uses fetches them from the Maven Repository instead. I have implemented VE v5.0 but OpenMBEE is still working on a release candidate, when that has been provided I will provide steps for setting that up. + +**Documentation:** + +- https://mms-reference-implementation.readthedocs.io/en/latest/index.html +- https://docs.openmbee.org/projects/ve/en/support-4.x/ +- https://docs.openmbee.org/projects/ve/en/latest/ + +## Getting Started: + +--- + +You will need the following: + +- **Software:** + - code editor(VS Code) [VS Code](https://code.visualstudio.com/download) + - [IntelliJ IDEA](https://www.jetbrains.com/idea/download/?section=mac) + - [JDK-17 download](https://www.oracle.com/java/technologies/javase-jdk17-downloads.html) + - [Docker Desktop](https://docs.docker.com/get-docker/) + - Possibly Need to Install: Python2, Ruby, and Sass (You will know if it needed after step 4) +- **Accounts & Services** + - OpenShift Namespaces + - Nexus Repository + - Keycloak Proxy + - DNS route for VE + - Nexus Credentials + - TwistLock Credentials + - KONG API Gateway Namespace + +**Architecture**: +Provided in the codebase is a screenshot of the architecture design. The only difference is this diagram is based on Alfresco, a Content Management System + +## Setting Up: + +--- + +Provided below is the high level overview of the steps and processed needed to get the application up and running + +1. **Install required software mentioned above** +2. **Clone Code vs Fork Code** + 1. Clone code from source code repositories if you are planning on committing back to the OpenSource, Fork the repository if you do not expect to commit back to the OpenMBEE project + 2. It may ask for SSH keys, refer to [Add SSH Key GitHub](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) + 3. MMS - `git clone ` + 4. VE - `git clone ` + 5. ElasticSearch - `git clone ` +3. **MMS Setup (Back End)** + + - Basic Steps for this are also outlined here [MMSRI](https://github.com/Open-MBEE/mmsri) + + 1. Docker Containers + - Docker Compose + 1. Using docker run `docker-compose up --build` this will build you an elasticsearch, minio, and postgres image all wrapped up in 1 container + 2. When you want to stop using your project simply open Docker Desktop and click the stop button + 3. More information will be provided in the MMS Setup Notes, [MMSRI](https://github.com/Open-MBEE/mmsri) + - Individual Docker **(Preferred)** + 1. Run Postgres Image (Required) + - `docker run -d -e POSTGRES_PASSWORD=test1234 -e POSTGRES_USER=mmsuser -e POSTGRES_DB=mms -p 5432:5432 postgres:11-alpine` + 2. Run ElasticSearch Image (Required) + - **Due to the vulnerabilities that are present with 7.8.1 the "safe" container is to use 8.10.2. I had to create a separate project that uses this version, setup steps for this will be following** + - Steps: + - Run this command first to get local setup running `docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.8.1 ` + - **ONCE LOCAL SETUP IS RUNNING STOP PREVIOUS CONTAINER AND RUN THE FOLLOWING** + - `docker build -t openmbee-elasticsearch:8.10.2 -f LocalDocker.Dockerfile .` + - builds the docker image + - LocalDocker.Dockerfile is a copy of the Dockerfile we use for the pipeline but without the first stage build + - `docker run -d --name openmbee-elasticsearch openmbee-elasticsearch:8.10.2` + - runs our docker container + - `docker cp example.txt your_container_name:/app/` + - **VERIFY elasticsearch.yml was copied into image** + - open Docker Desktop, navigate to the terminal of the image. + - click the far right link in the table "openmbee-elasticsearch" + - if not in the directory already run cat /usr/share/elasticsearch/config/elasticsearch.yml + - VERIFY the contents match the file from the codebase + - **IF the file doesn't match** run the following: + - `docker cp elasticsearch.yml openmbee-elasticsearch:/usr/share/elasticsearch/config/` + 3. Run Minio Image (Optional) + - `docker run -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" minio/minio server /data` + 2. MMS Application + - Run `./gradlew bootRun` which will run the application using Spring Boot, meaning it will run the project within a JVM(Java Virtual Machine) + - to understand where this comes from view the `build.gradle` file + - If you have IntelliJ IDEA setup you should be able to simply open the MMSRIApplication.java file then next to the debug button make sure the dropdown says "Current File" then click the Debug or Run button + +4. **VE Setup (Front End)** + 1. To get the front end started install the code, then run `npm i` + 2. `npm i -g grunt-cli` + 3. The node sass commands can be run if you receive an error that says "Loading node-sass blah blah", if not skip ahead. + 1. `npm install node-sass@4.14.1` + 2. `npm update && npm install` + 3. `node ./node_modules/node-sass/scripts/install.js` + 4. `npm rebuild node-sass` + 4. Test if gruntfile and necessary software is installed run the following: `grunt build --verbose` + 5. If grunt file fails due to mismatching node versions or incompatibility issues with node and the packages please test out these commands: + 1. Test 1: + 1. `npm install grunt-contrib-concat grunt-contrib-uglify grunt-contrib-sass grunt-contrib-watch grunt-html2js --save-dev` + 2. `rm -rf package-lock.json (also changed the package.json)` + 3. `npm i sass` + 4. `npm i grunt-contrib-sass --save-dev` + 5. `npm i` + 6. `npm update` + 7. `yarn add @angular/cli` if you don't have yarn installed, run `npm i -g yarn` + 8. `nvm use default` (in this case its node version 19.0) + - NVM is node version manager it helps with switching and installing between the different version of NodeJS, to install, refer to [Install NVM](https://www.freecodecamp.org/news/node-version-manager-nvm-install-guide/) + 9. `yarn add @angular/cli ` + 10. `nvm use 8 ` + 11. `grunt --verbose` + 12. `nvm use 15` + 13. `grunt --verbose` + 2. Test 2: + 1. `nvm use default` + 2. `npm i` + 3. `nvm use 8` + 4. `grunt --build` + - Please refer to the following for an understanding of the Grunt Commands + 6. Install serve module which allow you to run a local web server for your application, `npm i -g serve` + 7. To debug an issue you will run `grunt build --env= && cd dist && serve` + - **Local**: `grunt build --env=local && cd dist && serve` + - urls will be pointing to APIs at localhost:8080/ + - **Dev**: `grunt build --env=development && cd dist && serve` + - urls will be using kong proxy api +5. **MDK Setup** + 1. As of the development of this project there was no testing with MDK, to install and setup MDK refer to [MDK](https://github.com/Open-MBEE/mdk). + - This is important due to the VE functionality being rather limited without the DocGen capabilities that comes from the MDK. +6. **Local Development** + 1. One great thing about using MMS is we are allowed to use Swagger-UI on local. This is something that will be blocked in any DoD environment on NMCI network but allowed for local development. + 2. When you spin up the Backend the MMS image will spin up a certain port, this will look something like `:8080`, you will need to change the code in the VE to point to this URL, you should be looking for config.example.js underneath app/config/config.example.json + - You can rename the file to `config..js` you just need to keep that in mind when we get to the Dockerfile and when running Grunt commands. + - For example, you can create a config.local.js that points to your localhost and a config.production.js that points to you OpenShift Services, then when you run your Grunt Command you can run + 3. Now you should be able to spin up the project up, additional steps will need to preformed, so we aren't completely done yet. + +## Local Development + +--- + +### Local Instance Setup + +Once the application is running, you should be able to navigate to the following: + +- http://localhost:8080/v3/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config#/ +- http://localhost:8080/actuator/health + +Once you are on the login page you should be able to log in using the admin username and password that is set with `mms.admin.username` and `mms.admin.password`. Currently, these are set to `test`. + +Another thing to note for generate a JWT secret for you application run the following command + +- `node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"` + +IF you still a red banner that says "Timed Out", please do the following: + +- open Swagger UI +- find `createAuthenticationToken` under the Auth section of the endpoints near the top of the page. +- click 'Try It Out' and enter the request body next to username and password the values you have for mms.admin.username and mms.admin.password +- Click Execute and copy the token value +- Navigate to the top right and click 'Authorize' and past the token next to bearerToken +- Fill in username and password as well and click 'Log In' +- Now once you have this running, change the elasticsearch image to our custom elasticsearch image. + +**Final Steps:** + +- Once you log in you will need to create an Organization and a Project without it, you will log in and see "No Organizations Selected" and "No Projects Selected". So first step is use the Swagger UI to create an Organization, then create a Project for that corresponding Organization. + +**Things to be Aware of:** + +- If elasticsearch isn't running you will see your Organization populate but not your project +- Without the MDK running or setup your capabilities are limited and bugs exist in the VE due to this. +- **NOTE:** by default the application will run over http, to change this to **HTTPS** add the following lines to your application.properties file within the MMS. This can be found in `src/main/resouces/application.properties`: + 1. **Lines 15-25:** Need to double-check this. + - Refer to the following documentation for SSL on MMS: [SSL/HSTS Documentation](https://mms-reference-implementation.readthedocs.io/en/latest/configuration.html#ssl-hsts) + - Here are steps used to implement SSL on the server: [Implementing SSL on Server](https://www.thomasvitale.com/https-spring-boot-ssl-certificate/) + - Add/modify the following lines of code: + ```groovy + #server.port=5000 + #server.forward-headers-strategy=framework + server.ssl.enabled=true + ##server.ssl.key-alias=yourkeystorealias + server.ssl.key-store=classpath:mms.p12 + server.ssl.key-store-password=mms_password + server.ssl.key-store-type=PKCS12 + ``` + 2. Change your `config..js` in VE to use https instead of http + 3. Running Elasticsearch over HTTPS is also necessary. **NOTE:** This is where the custom OpenMBEE image is utilized. For more insight into this, please refer to: + - [Installing ElasticSearch with Docker](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html) + - [Encrypting ElasticSearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html) + - Add/modify the following lines of code: + ```groovy + # Elasticsearch config + elasticsearch.host=localhost + elasticsearch.port=9200 + elasticsearch.http=https + elasticsearch.limit.result=10000 + elasticsearch.limit.term=1000 + elasticsearch.limit.scrollTimeout=1000 + elasticsearch.limit.get=10000 + elasticsearch.limit.index=5000 + elasticsearch.limit.commit=100000 + ``` + 4. Re-run applications + +### Developing With Docker + +These applications are meant to be ran and deployed within Docker images. One thing discovered while working on this application and configuring to compile and deploy through the pipeline is that you will run into compilation errors due to image missing commands, improper permissions, or ssl communication errors. So one way to prepare for this is to test your docker files locally. I have provided the steps below for testing your docker files locally. + +1. (Optional) Create a new dockerfile called `LocalDocker.Dockerfile` + 1. Copy and Paste contents of `Dockerfile.Dockerfile` into `LocalDocker.Dockerfile` +2. Build docker image + - `docker build -t : -f LocalDocker.Dockerfile .` +3. Run docker image + - `docker run -d --name :` +4. If you need to copy files into the image run the following: + - `docker cp :` + +**Additional Information** + +- If you would like to output the build steps to a file for debugging use the following build command: + - `docker build -t : -f LocalDocker.Dockerfile . > build_output.log 2>&1` + +# DevSecOps + +--- + +**Overview:** Outlined in this section is the DevSecOps process and an understanding on how to use it. Documentation covering all aspects of services and How-To's can be found here [NAVAIR CI/CD Documentation](https://documentation.apps.arena-workspace.navair.navy.mil/colosseo/). + +**Responsibility Barrier** + +| Task | Developer | CI/CD Team | Container Team | Notes | +| ------------------------------------- | :-------: | :--------: | :------------: | :-----------------------------------------------------------------------------------------: | +| Create KeyCloak Account | | ✅ | | | +| Create KeyCloak SideCar | | | ✅ | | +| Create KeyCloak SideCar Routes | | | ✅ | | +| Create Nexus Registry | | ✅ | | | +| Create Nexus Credentials | | ✅ | | | +| Setup Nexus Credentials in GitLab | | ✅ | | | +| Create TwistLock Credentials | | ✅ | | | +| Setup TwistLock Credentials in GitLab | | ✅ | | | +| Create .gitlab-ci.yml | ✅ | | | | +| Update GitLab CI/CD Variables | ✅ | ✅ | | Depending on permission and sometimes they will need to create variables at the Group level | +| Create OpenShift NameSpace | | | ✅ | | +| Create DeploymentConfigs | ✅ | | | | +| Create Secrets in OpenShift | ✅ | | | | +| Create ConfigMaps in OpenShift | ✅ | | | | +| Create Services in OpenShift | ✅ | | | | +| Create Routes in OpenShift | | | ✅ | | +| Create Ingress in OpenShift | | | ✅ | | +| Create PersistenceVolume in OpenShift | ✅ | | | | +| Create KONG NameSpace | | | ✅ | | +| Create KONG Consumer | | | ✅ | | +| Create KONG Service | ✅ | | | | +| Create KONG Route | ✅ | | | | +| Create KONG ACL | | | ✅ | | + +## Dockerfile + +When looking at the Dockerfiles you will notice they are multiple stages (each `FROM` line is a new stage). The dockerfiles are structured in such a way that: + +- **Stage 1: configuration** + - **This stage is a requirement for all images in NAVAIR** + - Here we gather any certificates, setup proxies, and other things we will need for configuration the image. + - credentials for SSL communication within the image + - apk repository to be able to allow us to run `apk add` commands + - Use Maven Repository +- **Stage 2: building application** + - copy credentials grabbed in stage 1 and runs cert.sh which uses java's keytool command to update credentials and certificates + - copy codebase files and creates a JAR file as our build artifact that is our project all wrapped into one file. This created under the build folder(`build/libs`) using `./gradlew --no-daemon bootJar` + - Create a copy of the JAR file and +- **Stage 3: running/deploying application** + - copy credentials grabbed in stage 1 and runs cert.sh which uses java's keytool command to update credentials and certificates + - copies files from extract command + - Compiles application and exposes at port 5000 + +## GitLab CI/CD + +### GitLab CI + +This is all setup within the `.gitlab-ci.yml` file. Here we are able to create the Application Pipeline aka Stage 4 of the CD Pipeline. By default, there needs to be a Build Stage and a Deploy Stage. This file will use the DevSecOps Parent Pipeline to build your application, SAST and container Scans. Without this file the pipeline will not be established and built. Within this file is also where the logic exists for generating the image tags for our container and sets up our connection to OpenShift that allows us to deploy to OpenShift. + +**NOTE:** Only lines you should need to change is the first line in the file under variables where `SELECTOR` is declared on line 4. When creating deployment configs the SELECTOR should be the same name as your deployment config. + +### GitLab CD Pipeline + +In the DoD is a requirement to use a CI/CD pipeline for code, this allows for code, dependency, and container scanning. The most basic way to describe this workflow is to say. Whenever a commit is made the repository a pipeline is started. This pipeline is setup in roughly 4 stages. + +1. Stage 1: Build DoD Dependencies + - This will setup your Nexus Scans and decide what Code Scans will be performed in Stage 2 +2. Stage 2: Build and Scan + - Builds Container, then after a successful build a Nexus Container Scan will check for Vulnerabilities, if any are found it will provide a link to Prisma Cloud that will show you the vulnerabilities with the CVE, CVSS and feedback on what needs to be done to fix them (i.e. CVE-2016-1000027 CVSS 9.8 Spring Web 5.7, Fixed in 6.0) + - **NOTE:** + - No Critical Vulnerabilities are allowed, unless you work with IA and ISSM to request a "waiver". With a waiver you will have to provide evidence of a false positive. Then once that is provided, and you are approved you will need to provide a **Mitigation Plan** and a **Milestone** because you are only allowed **~ 30 days** to mitigate the vulnerability + - High Vulnerabilities: These are allowed in Dev but must be resolved before going any farther(i.e Test, Stage, Prod) + - Perform SAST Code Scanning based on what kinds of programming languages were found in the Stage 1 Scan + +- Stage 3: Quality Gate + - perform quality gate scanning and upload artifacts +- Stage 4: Application Pipeline + - These are the steps that are defined in the `.gitlab-ci.yaml` + - Here another container build is ran on success it will deploy application to the Nexus Repository + - **NOTE(S):** + - You will need to have your deployment configs created in OpenShift for the deployment to be successful. + - If your branch has versioning number(VE-VERSION-4.0.2) as the branch name it will create an image tagged with it in Nexus (i.e. openmbee-ve:VE-VERSION-4.0.2) + +## OpenShift + +**Overview:** Arena or Container Platform runs on OpenShift which is built off of Kubernetes, some alternatives that people might be familiar with is AWS' EC2 services. In OpenShift, we deploy our applications and docker container to pods. In OpenShift there are a couple terms to know: + +- **Pods**: These are application containers. One way to look at understanding the translation is for each docker image a OpenShift pod will be created as well. Pods are created through DeploymentConfig's which are created such that whenever a deployment is made a new pod is created. +- **DeploymentConfig** These are yaml files that setup what we want our Pod to be. Here you set the resource limits, url to container image that will be running within the pod, anything else needed for the application, or Secrets that you don't want to be displayed. You can also use ConfigMaps for environment variable based values. The 3rd thing is use PersistenceVolumes to store data through Pod deletion. +- **Services:** Sets up the networking between pods, this is where we can expose the pods to the web. Once these are setup by default all pods within the same cluster can communicate to each other. When created properly you will be provided with a hostname that can be used in other pods to reference these pods. For example this application uses an openmbee-mms, openmbee-ve, postgresql, and elasticsearch services to communicate. +- **Routes:** This is where you would attach URLs to your pods that can be used to access pods externally. Once a DNS ticket is created and if you are not using a KeyCloak SideCare you would create 2 routes for backend and frontend. Most application use KeyCloak embedded into the application +- **Ingress:** OpenShift Ingress is a crucial component that manages external access to the services in an OpenShift cluster, handling route traffic, and possibly SSL/TLS termination, ensuring that user requests are sent to the appropriate services. This is where you can create a reverse proxy that takes your front end which is on HTTPS and redirect the backend HTTP traffic to communicate over HTTPS with the application. + - The current NASA JPL Team uses an ingress with their application that I will provide in the BLUF +- **Secrets:** Most of the values seen in secrets are autogenerated. Secrets can range from database username and password, Nexus Registry credentials or even TLS and SSL certificates +- **ConfigMaps** are where you would store your config file for keycloak, or your configuration for the backend url(for example how we have our config.dev.js and config.local.js). These ConfigMaps allow the code to be deployed to multiple environments without having to change the code base. + +# Bottom Line Up Front: + +--- + +**Overview:** The goal of this project was to stand up and deploy a working version of OpenMBEE's MMS and VE applications in OpenShift and add CAC Authentication to the application. We were told to pursue using KeyCloak SideCar, which acts as a Gateway Proxy for the application. This is the same as OAuth2 Proxy for those who are aware of what that is. This would in layman's terms when accessing the application send you to the proxy, verify CAC, then redirect to application. On the redirect the application would digest your information and create an account for you and leave the application authentication and protected with your CAC. + +**RoadBlocks:** + +- Vulnerabilities +- CI/CD Pipelines +- KeyCloak Proxy +- HTTPS vs HTTP Traffic +- ElasticSearch + +As of the completion of the project, we were able to do the following: + +- resolve all critical and high vulnerabilities +- integrate application with GitLab CI/CD pipeline +- Cohere to DoD Cyber Policy +- Create waiver for CVE-2016 1000027 and provide mitigation plan. +- Create custom docker container for VE, MMS, and ElasticSearch. +- Deploy to OpenShift + +**Remaining Task:** CAC Authentication and ElasticSearch + +**Bottom-Line:** Possible with multiple solutions + +## Solutions + +### Solution 1: Use KONG API Gateway Proxy + +KONG API Gateway allows us to encrypt all traffic on the application with an API Key that cannot be intercepted and only accessed within the application. It also allows us to expose internal pods to the outside world by using the API Gateway. This would fix the original error we were getting with the SideCar. This would also fix the issue with our elasticsearch pod expecting HTTPS traffic but only receiving HTTP traffic. I had a solution for this elasticsearch issue but was unable to deploy. KONG Gateway also has a OAuth2 Authentication plugin that would allow us to use OAuth2 to authenticate all requests. This would lock the application down from exposed data or any unwanted attacks/access to critical mission data. + +### Solution 2: Use Ingress to create Reverse Proxy + +An Ingress would allow us to create a reverse proxy that would allow the internal pods to be able to communicate to the frontend running on HTTPS. This is how the NASA JPL team is able to get around the HTTPS vs HTTP communication. Especially since the issue with KeyCloak SideCar was running into the issue of HTTPS front end trying to communicate to the backend that was running on HTTP. We later created a DNS entry for the backend that allowed us to hit the backend over HTTPS, but we disabled KeyCloak Sidecar. This is where the 3rd issue occurred for the elasticsearch not communicating between HTTPS to HTTP. Again a solution for this was ready for deployment before being decommissioned but was unable to deploy. **But** since the backend would still be hosted over http elasticsearch will no longer complain about communicating over HTTPS vs HTTP. + +The ingress file that the OpenMBEE team is using is the following: + +``` +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + field.cattle.io/publicEndpoints: >- + [{"addresses":[""],"port":80,"protocol":"HTTP","serviceName":"mms4-uat:cae-mms4-uat-l4","ingressName":"mms4-uat:cae-mms-uat","hostname":"cae-mms-uat.jpl.nasa.gov","path":"/","allNodes":false}] + name: cae-mms-uat + namespace: mms4-uat +spec: + ingressClassName: nginx + rules: + - host: cae-mms-uat.jpl.nasa.gov + http: + paths: + - backend: + service: + name: cae-mms4-uat-l4 + port: + number: 443 + path: / + pathType: Prefix +status: + loadBalancer: + ingress: + - hostname: >- + k8s-ingressn-ingressn-blahblahblah.elb.us-gov-west-1.amazonaws.com +``` + +### Solution 3: Use KeyCloak Integration + +When I am referring to KeyCloak Integration I am referring to integrating KeyCloak realms into the front end and the backend. Integrating into the front-end is not difficult but the backend is where it could be either easy or difficult depending on your understanding of JWT(JSON Web Tokens) and Authentication processes. The backend application currently uses its own Authentication subproject that runs off of JWT tokens, you could possibly find a way to integrate OAuth2 into the pre-existing Auth subproject OR rebuild the Authentication project from scratch to use KeyCloak. I have found multiple projects and articles of people setting this up themselves: + +- https://github.com/ivangfr/springboot-react-keycloak/tree/master +- https://github.com/jannie-louwrens/spring-boot-keycloak-angular +- https://hamdi-bouallague.medium.com/secure-your-angular-spring-boot-application-using-keycloak-891efab50db8 +- https://github.com/keycloak/keycloak-quickstarts/tree/latest/spring/rest-authz-resource-server +- https://www.keycloak.org/docs/latest/securing_apps/index.html +- https://www.keycloak.org/docs/latest/securing_apps/index.html#_java-servlet-filter-adapter + +### Solution 4: Use Combination of the Previous Solutions + +I throw this in as a solution because I did not have enough time to test out the ideas that I had, but it could be plausible that you will need a combination of the previously mentioned solutions to integrate CAC Authentication. + +### Solution 5: Use LDAP Authentication + +MMS supports LDAP and when looking inside the `application.properties` file they have values that can be setup to integrate LDAP authentication + +### Solution 6: Use TeamWork Cloud + +I am not sure if this is within the scope of the requirements provided to use but thought it is worth noting while working on the code I noticed in `application.properties` file that there is also values for setting TWC. I am not familiar with TWC but thought that should be noted as well. + +**NOTE**: The version of elasticsearch that OpenMBEE is using is outdated and critically unsafe, so I had to create a custom container as mentioned earlier in this document. + +We were guided toward using KeyCloak sidecar and this caused issues with our backend service not being reachable outside the pod. The way to fix this was to use KONG API to act as a proxy for the backend. This allowed us to secure the endpoints with a ApiKey allowing all requests to be secure and not vulnerable to attacks. Another thing found with the KONG API is there are plugins with OAuth2 credentials. So with father research we could have implemented this and provided a minimal working product that would have at least provided encrypted channels for the application. + +# Resources + +--- + +- https://ndiastorage.blob.core.usgovcloudapi.net/ndia/2018/systems/Wed_21466_Kruse.pdf +- https://www.sciencedirect.com/science/article/pii/S1877050919307392?ref=pdf_download&fr=RR-2&rr=813eaddf2bbb818c +- https://github.com/Open-MBEE +- https://github.com/Open-MBEE/mms +- https://github.com/Open-MBEE/mdk +- https://github.com/Open-MBEE/mmsri +- https://github.com/Open-MBEE/ve +- https://docs.konghq.com/hub/kong-inc/oauth2/ +- https://documentation.apps.arena-workspace.navair.navy.mil/colosseo/ +- https://github.com/ivangfr/springboot-react-keycloak/tree/master +- https://github.com/jannie-louwrens/spring-boot-keycloak-angular +- https://github.com/ivangfr/springboot-react-keycloak/tree/master +- https://github.com/jannie-louwrens/spring-boot-keycloak-angular +- https://hamdi-bouallague.medium.com/secure-your-angular-spring-boot-application-using-keycloak-891efab50db8 +- https://github.com/keycloak/keycloak-quickstarts/tree/latest/spring/rest-authz-resource-server +- https://www.keycloak.org/docs/latest/securing_apps/index.html +- https://www.keycloak.org/docs/latest/securing_apps/index.html#_java-servlet-filter-adapter + +### Last Word + +**Document Creation and Knowledge Share:** +If there is any information missing or clarifications needed for this application feel free reach out to OpenMBEE POC Brandon Cratty, brandon.j.cratty2.civ@us.navy.mil +This document was created in Markdown language and used `pandoc` to convert from markdown to word document. To do so repeat the following: +1. Install pandoc, https://pandoc.org/installing.html +2. Install prettier document formatter, `npm install --global prettier` +3. Run Prettier, `prettier --write .MD` +4. Convert using pandoc, `pandoc .MD -o .docx` \ No newline at end of file diff --git a/openshift-resources/appsettings.json b/openshift-resources/appsettings.json new file mode 100644 index 0000000..135416d --- /dev/null +++ b/openshift-resources/appsettings.json @@ -0,0 +1,9 @@ +{ + "Jwt": { + "Authority": "", + "Audience": "openmbee" + }, + "ConnectionStrings": { + "OpenMbeeDb": "server=localhost;database=openmbee;user=sa;password=###" + } +} \ No newline at end of file diff --git a/openshift-resources/certs.sh b/openshift-resources/certs.sh new file mode 100644 index 0000000..b713352 --- /dev/null +++ b/openshift-resources/certs.sh @@ -0,0 +1,4 @@ +#!/bin/sh +for FILE in /usr/local/share/ca-certificates/WCF/*; +do keytool -import -trustcacerts -cacerts -storepass changeit -noprompt -alias $FILE -file $FILE +done \ No newline at end of file diff --git a/openshift-resources/dev/build.yml b/openshift-resources/dev/build.yml new file mode 100644 index 0000000..e123049 --- /dev/null +++ b/openshift-resources/dev/build.yml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 +kind: "BuildConfig" +metadata: + name: "openmbee-mms" + annotations: + description: "Defines how to build the openmbee mms with a multi-stage Dockerfile." +spec: + completionDeadlineSeconds: 1800 + env: + - name: "GIT_SSL_NO_VERIFY" + value: "true" + source: + type: "Git" + git: + ref: "master" + uri: "" + contextDir: "openmbee" + sourceSecret: + name: "tfs-pull-secret" + strategy: + type: "Docker" + dockerStrategy: + env: + - name: GIT_SSL_NO_VERIFY + value: 'true' + - name: twistlock_scan_username + valueFrom: + secretKeyRef: + key: username + name: twistlock-scan + - name: twistlock_scan_password + valueFrom: + secretKeyRef: + key: password + name: twistlock-scan + - name: nexus_username + valueFrom: + secretKeyRef: + key: username + name: nexus-credentials + - name: nexus_password + valueFrom: + secretKeyRef: + key: password + name: nexus-credentials + pullSecret: + name: nexus-repo-docker-registry-proxy + output: + to: + kind: "DockerImage" + name: "" + pushSecret: + name: "nexus-repo-docker-registry" + postCommit: + script: >- + curl -k -ssl -u "$twistlock_scan_username:$twistlock_scan_password" + https://twistlock-console.twistlock.svc:8083/api/v1/util/twistcli -o + ~/twistcli && chmod +x ~/twistcli && ~/twistcli images scan --user + $twistlock_scan_username --password $twistlock_scan_password --address + https://twistlock-console.twistlock.svc:8083 --containerized + --vulnerability-threshold critical + --only-fixed --details --publish $OPENSHIFT_BUILD_NAME diff --git a/openshift-resources/dev/deployment.yml b/openshift-resources/dev/deployment.yml new file mode 100644 index 0000000..f5baa58 --- /dev/null +++ b/openshift-resources/dev/deployment.yml @@ -0,0 +1,71 @@ +--- +apiVersion: v1 +kind: "DeploymentConfig" +metadata: + name: "openmbee-mms" + annotations: + description: "Handles deployment of the openmbee mms web api" +spec: + strategy: + resources: + limits: + cpu: 350m + memory: 500Mi + requests: + cpu: 350m + memory: 100Mi + type: "Recreate" + replicas: 1 + template: + metadata: + labels: + name: "openmbee" + spec: + containers: + - env: + - name: ASPNETCORE_URLS + value: http://*:5000 + name: "openmbee-mms" + image: "" + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /api/v1/Health/healthz + port: 5000 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 38 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /api/v1/Health/healthz + port: 5000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + volumeMounts: + - name: appsettings-config + mountPath: /app/appsettings.json + subPath: appsettings.json + ports: + - containerPort: 5000 + protocol: TCP + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 350m + memory: 500M + volumes: + - name: appsettings-config + secret: + secretName: appsettings-config + items: + - key: appsettings.json + path: appsettings.json + triggers: [] diff --git a/openshift-resources/dev/deploymentConfig.yml b/openshift-resources/dev/deploymentConfig.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/dev/elastic-search-service.yml b/openshift-resources/dev/elastic-search-service.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/dev/pipeline.yml b/openshift-resources/dev/pipeline.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/dev/psql-deployment.yml b/openshift-resources/dev/psql-deployment.yml new file mode 100644 index 0000000..f4d8a2a --- /dev/null +++ b/openshift-resources/dev/psql-deployment.yml @@ -0,0 +1,39 @@ +--- +apiVersion: v1 +kind: DeploymentConfig +metadata: + annotations: + template.alpha.openshift.io/wait-for-ready: 'true' + name: postgres +spec: + replicas: 1 + selector: + name: postgres + strategy: + type: Recreate + template: + metadata: + labels: + name: postgres + spec: + containers: + - env: + - name: ACCEPT_EULA + value: "Y" + - name: SA_PASSWORD + valueFrom: + secretKeyRef: + key: database-password + name: "postgres" + image: "" + imagePullPolicy: Always + name: postgres + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: "/var/opt/postgres" + name: "postgres-data" + volumes: + - name: "postgres-data" + persistentVolumeClaim: + claimName: "postgres" diff --git a/openshift-resources/dev/psql-pvc.yml b/openshift-resources/dev/psql-pvc.yml new file mode 100644 index 0000000..5ef20d3 --- /dev/null +++ b/openshift-resources/dev/psql-pvc.yml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mssql +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi diff --git a/openshift-resources/dev/psql-service.yml b/openshift-resources/dev/psql-service.yml new file mode 100644 index 0000000..4759df5 --- /dev/null +++ b/openshift-resources/dev/psql-service.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + template.openshift.io/expose-uri: psql://{.spec.clusterIP}:{.spec.ports[?(.name=="psql")].port} + name: "psql" +spec: + ports: + - name: psql + port: 5432 + selector: + name: "psql" diff --git a/openshift-resources/dev/route.yml b/openshift-resources/dev/route.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/dev/service.yml b/openshift-resources/dev/service.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/download_certificates.sh b/openshift-resources/download_certificates.sh new file mode 100644 index 0000000..a205aaa --- /dev/null +++ b/openshift-resources/download_certificates.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +function try { + $@ + return $? +} + +function catch { + echo "Error occurred: $1" + # Handle error here or exit + exit 1 +} + +# Run your commands within the try-catch block + +# Wget commands +# try wget --no-check-certificate -r -np -nd -R "index.html*" /wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF || catch "wget command failed" +# try wget --no-check-certificate -r -np -nd -R "index.html*" /dod/latest/ -P /usr/local/share/ca-certificates/WCF || catch "wget command failed" + +# Curl and unzip commands +try curl -L -o /usr/local/share/ca-certificates/WCF/crt.zip /wcf/latest/crt.zip || catch "curl command failed" +try unzip -o /usr/local/share/ca-certificates/WCF/crt.zip -d /usr/local/share/ca-certificates/WCF || catch "unzip command failed" +try curl -L -o /usr/local/share/ca-certificates/WCF/dod.zip /dod/latest/dod.zip || catch "curl command failed" +try unzip -o /usr/local/share/ca-certificates/WCF/dod.zip -d /usr/local/share/ca-certificates/WCF || catch "unzip failed" + +echo "Commands executed successfully" + diff --git a/openshift-resources/kompose-output/elasticsearch-deployment.yaml b/openshift-resources/kompose-output/elasticsearch-deployment.yaml new file mode 100644 index 0000000..18f1433 --- /dev/null +++ b/openshift-resources/kompose-output/elasticsearch-deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: elasticsearch + name: elasticsearch + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: elasticsearch + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.network/mms-default: "true" + io.kompose.service: elasticsearch + spec: + containers: + - env: + - name: discovery.type + value: single-node + image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1 + name: elasticsearch + ports: + - containerPort: 9200 + hostPort: 9200 + protocol: TCP + - containerPort: 9300 + hostPort: 9300 + protocol: TCP + resources: {} + restartPolicy: Always +status: {} diff --git a/openshift-resources/kompose-output/elasticsearch-service.yaml b/openshift-resources/kompose-output/elasticsearch-service.yaml new file mode 100644 index 0000000..a969295 --- /dev/null +++ b/openshift-resources/kompose-output/elasticsearch-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: elasticsearch + name: elasticsearch + namespace: default +spec: + ports: + - name: "9200" + port: 9200 + targetPort: 9200 + - name: "9300" + port: 9300 + targetPort: 9300 + selector: + io.kompose.service: elasticsearch +status: + loadBalancer: {} diff --git a/openshift-resources/kompose-output/minio-deployment.yaml b/openshift-resources/kompose-output/minio-deployment.yaml new file mode 100644 index 0000000..cdd3e38 --- /dev/null +++ b/openshift-resources/kompose-output/minio-deployment.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: minio + name: minio + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: minio + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.network/mms-default: "true" + io.kompose.service: minio + spec: + containers: + - args: + - server + - /tmp/data + env: + - name: MINIO_ACCESS_KEY + value: admintest + - name: MINIO_SECRET_KEY + value: admintest + image: minio/minio:RELEASE.2022-05-26T05-48-41Z.hotfix.15f13935a + name: minio + ports: + - containerPort: 9000 + hostPort: 9000 + protocol: TCP + resources: {} + restartPolicy: Always +status: {} diff --git a/openshift-resources/kompose-output/minio-service.yaml b/openshift-resources/kompose-output/minio-service.yaml new file mode 100644 index 0000000..a0808da --- /dev/null +++ b/openshift-resources/kompose-output/minio-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: minio + name: minio + namespace: default +spec: + ports: + - name: "9000" + port: 9000 + targetPort: 9000 + selector: + io.kompose.service: minio +status: + loadBalancer: {} diff --git a/openshift-resources/kompose-output/openmbee-mms-deployment.yaml b/openshift-resources/kompose-output/openmbee-mms-deployment.yaml new file mode 100644 index 0000000..077b378 --- /dev/null +++ b/openshift-resources/kompose-output/openmbee-mms-deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: openmbee-mms + name: openmbee-mms + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: openmbee-mms + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.network/openmbee-mms-default: "true" + io.kompose.service: openmbee-mms + spec: + containers: + - env: + - name: SPRING_PROFILES_ACTIVE + value: test + image: openmbee-mms + name: openmbee-mms + ports: + - containerPort: 8080 + hostPort: 8080 + protocol: TCP + resources: {} + hostname: openmbee-mms + restartPolicy: Always +status: {} diff --git a/openshift-resources/kompose-output/openmbee-mms-service.yaml b/openshift-resources/kompose-output/openmbee-mms-service.yaml new file mode 100644 index 0000000..13668b9 --- /dev/null +++ b/openshift-resources/kompose-output/openmbee-mms-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: openmbee-mms + name: openmbee-mms + namespace: default +spec: + ports: + - name: "8080" + port: 8080 + targetPort: 8080 + selector: + io.kompose.service: openmbee-mms +status: + loadBalancer: {} diff --git a/openshift-resources/kompose-output/postgres-deployment.yaml b/openshift-resources/kompose-output/postgres-deployment.yaml new file mode 100644 index 0000000..e2ec65b --- /dev/null +++ b/openshift-resources/kompose-output/postgres-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: postgres + name: postgres + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: postgres + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.network/mms-default: "true" + io.kompose.service: postgres + spec: + containers: + - env: + - name: POSTGRES_DB + value: mms + - name: POSTGRES_PASSWORD + value: test1234 + - name: POSTGRES_USER + value: mmsuser + image: postgres:11-alpine + name: postgres + ports: + - containerPort: 5432 + hostPort: 5432 + protocol: TCP + resources: {} + restartPolicy: Always +status: {} diff --git a/openshift-resources/kompose-output/postgres-service.yaml b/openshift-resources/kompose-output/postgres-service.yaml new file mode 100644 index 0000000..5cc08a3 --- /dev/null +++ b/openshift-resources/kompose-output/postgres-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: postgres + name: postgres + namespace: default +spec: + ports: + - name: "5432" + port: 5432 + targetPort: 5432 + selector: + io.kompose.service: postgres +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml new file mode 100644 index 0000000..940770a --- /dev/null +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml @@ -0,0 +1,234 @@ +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + resourceVersion: '948297847' + name: openmbee-elasticsearch + uid: 18c65158-45df-4ff2-952d-4f73fcd082c3 + creationTimestamp: '2023-09-18T16:37:56Z' + generation: 24 + managedFields: + - manager: oc + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-18T16:38:17Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:template': + 'f:spec': + 'f:containers': + 'k:{"name":"openmbee-elasticsearch"}': + .: {} + 'f:image': {} + 'f:imagePullPolicy': {} + 'f:name': {} + 'f:resources': {} + 'f:terminationMessagePath': {} + 'f:terminationMessagePolicy': {} + - manager: Mozilla + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-18T17:44:30Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:kompose.cmd': {} + 'f:kompose.version': {} + 'f:labels': + .: {} + 'f:io.kompose.service': {} + 'f:spec': + 'f:replicas': {} + 'f:revisionHistoryLimit': {} + 'f:selector': + .: {} + 'f:io.kompose.service': {} + 'f:strategy': + 'f:activeDeadlineSeconds': {} + 'f:rollingParams': + .: {} + 'f:intervalSeconds': {} + 'f:maxSurge': {} + 'f:maxUnavailable': {} + 'f:timeoutSeconds': {} + 'f:updatePeriodSeconds': {} + 'f:type': {} + 'f:template': + .: {} + 'f:metadata': + .: {} + 'f:annotations': + .: {} + 'f:kompose.cmd': {} + 'f:kompose.version': {} + 'f:creationTimestamp': {} + 'f:labels': + .: {} + 'f:io.kompose.network/mms-default': {} + 'f:io.kompose.service': {} + 'f:spec': + .: {} + 'f:containers': + .: {} + 'k:{"name":"openmbee-elasticsearch"}': + 'f:env': + .: {} + 'k:{"name":"discovery.type"}': + .: {} + 'f:name': {} + 'f:value': {} + 'f:ports': + .: {} + 'k:{"containerPort":9200,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'k:{"containerPort":9300,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'f:resources': + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:dnsPolicy': {} + 'f:imagePullSecrets': + .: {} + 'k:{"name":"nexus-repo-docker-registry"}': {} + 'f:restartPolicy': {} + 'f:schedulerName': {} + 'f:securityContext': {} + 'f:terminationGracePeriodSeconds': {} + 'f:triggers': {} + - manager: openshift-controller-manager + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-27T22:21:15Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:updatedReplicas': {} + 'f:readyReplicas': {} + 'f:conditions': + .: {} + 'k:{"type":"Available"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:status': {} + 'f:type': {} + 'k:{"type":"Progressing"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:reason': {} + 'f:status': {} + 'f:type': {} + 'f:details': + .: {} + 'f:causes': {} + 'f:message': {} + 'f:replicas': {} + 'f:availableReplicas': {} + 'f:observedGeneration': {} + 'f:unavailableReplicas': {} + 'f:latestVersion': {} + subresource: status + namespace: openmbee + labels: + io.kompose.service: elasticsearch +spec: + strategy: + type: Rolling + rollingParams: + updatePeriodSeconds: 1 + intervalSeconds: 1 + timeoutSeconds: 600 + maxUnavailable: 25% + maxSurge: 25% + resources: {} + activeDeadlineSeconds: 21600 + triggers: + - type: ConfigChange + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + io.kompose.service: elasticsearch + template: + metadata: + creationTimestamp: null + labels: + io.kompose.network/mms-default: 'true' + io.kompose.service: elasticsearch + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + spec: + containers: + - name: openmbee-elasticsearch + image: >- + + ports: + - containerPort: 9200 + protocol: TCP + - containerPort: 9300 + protocol: TCP + env: + - name: discovery.type + value: single-node + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + imagePullSecrets: + - name: nexus-repo-docker-registry + schedulerName: default-scheduler +status: + observedGeneration: 24 + details: + message: manual change + causes: + - type: Manual + availableReplicas: 1 + unavailableReplicas: 0 + latestVersion: 22 + updatedReplicas: 1 + conditions: + - type: Available + status: 'True' + lastUpdateTime: '2023-09-27T22:20:56Z' + lastTransitionTime: '2023-09-27T22:20:56Z' + message: Deployment config has minimum availability. + - type: Progressing + status: 'True' + lastUpdateTime: '2023-09-27T22:21:26Z' + lastTransitionTime: '2023-09-27T22:21:21Z' + reason: NewReplicationControllerAvailable + message: >- + replication controller "openmbee-elasticsearch-22" successfully rolled + out + replicas: 1 + readyReplicas: 1 diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml new file mode 100644 index 0000000..54f29c9 --- /dev/null +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml @@ -0,0 +1,237 @@ +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: openmbee-mms + namespace: openmbee + uid: 56b1f21a-7213-4510-b5f1-2c75acdec56d + resourceVersion: '949351001' + generation: 79 + creationTimestamp: '2023-08-31T19:10:00Z' + annotations: + description: Handles deployment of the openmbee mms web api and backend + managedFields: + - manager: Mozilla + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-26T05:22:20Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:description': {} + 'f:spec': + 'f:replicas': {} + 'f:selector': + .: {} + 'f:name': {} + 'f:strategy': + 'f:activeDeadlineSeconds': {} + 'f:recreateParams': + .: {} + 'f:timeoutSeconds': {} + 'f:resources': + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:rollingParams': + .: {} + 'f:intervalSeconds': {} + 'f:maxSurge': {} + 'f:maxUnavailable': {} + 'f:timeoutSeconds': {} + 'f:updatePeriodSeconds': {} + 'f:type': {} + 'f:template': + .: {} + 'f:metadata': + .: {} + 'f:creationTimestamp': {} + 'f:labels': + .: {} + 'f:name': {} + 'f:spec': + 'f:volumes': + .: {} + 'k:{"name":"tls-secret"}': + .: {} + 'f:name': {} + 'f:secret': + .: {} + 'f:defaultMode': {} + 'f:secretName': {} + 'f:containers': + .: {} + 'k:{"name":"openmbee-mms"}': + 'f:envFrom': {} + 'f:image': {} + 'f:volumeMounts': + .: {} + 'k:{"mountPath":"/etc/secrets/mms"}': + .: {} + 'f:mountPath': {} + 'f:name': {} + 'f:readOnly': {} + 'f:terminationMessagePolicy': {} + .: {} + 'f:resources': + .: {} + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:terminationMessagePath': {} + 'f:imagePullPolicy': {} + 'f:ports': + .: {} + 'k:{"containerPort":5000,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'f:name': {} + 'f:dnsPolicy': {} + 'f:restartPolicy': {} + .: {} + 'f:schedulerName': {} + 'f:terminationGracePeriodSeconds': {} + 'f:imagePullSecrets': + .: {} + 'k:{"name":"nexus-repo-docker-registry"}': {} + 'f:securityContext': {} + 'f:triggers': {} + - manager: openshift-controller-manager + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-28T18:52:49Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:updatedReplicas': {} + 'f:readyReplicas': {} + 'f:conditions': + .: {} + 'k:{"type":"Available"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:status': {} + 'f:type': {} + 'k:{"type":"Progressing"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:reason': {} + 'f:status': {} + 'f:type': {} + 'f:details': + 'f:causes': {} + 'f:message': {} + 'f:replicas': {} + 'f:availableReplicas': {} + 'f:observedGeneration': {} + 'f:unavailableReplicas': {} + 'f:latestVersion': {} + subresource: status +spec: + strategy: + type: Rolling + recreateParams: + timeoutSeconds: 600 + rollingParams: + updatePeriodSeconds: 1 + intervalSeconds: 1 + timeoutSeconds: 600 + maxUnavailable: 25% + maxSurge: 25% + resources: + limits: + cpu: 350m + memory: 500Mi + requests: + cpu: 350m + memory: 100Mi + activeDeadlineSeconds: 21600 + triggers: + - type: ConfigChange + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + name: openmbee-mms + template: + metadata: + creationTimestamp: null + labels: + name: openmbee-mms + spec: + volumes: + - name: tls-secret + secret: + secretName: my-tls-secret + defaultMode: 420 + containers: + - resources: + limits: + cpu: 750m + memory: 1G + requests: + cpu: 350m + memory: 500M + terminationMessagePath: /dev/termination-log + name: openmbee-mms + ports: + - containerPort: 5000 + protocol: TCP + imagePullPolicy: Always + volumeMounts: + - name: tls-secret + readOnly: true + mountPath: /etc/secrets/mms + terminationMessagePolicy: File + envFrom: + - secretRef: + name: nexus-repo-docker-registry + image: >- + + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + imagePullSecrets: + - name: nexus-repo-docker-registry + schedulerName: default-scheduler +status: + observedGeneration: 79 + details: + message: manual change + causes: + - type: Manual + availableReplicas: 1 + unavailableReplicas: 0 + latestVersion: 61 + updatedReplicas: 1 + conditions: + - type: Progressing + status: 'True' + lastUpdateTime: '2023-09-28T18:30:30Z' + lastTransitionTime: '2023-09-28T18:30:25Z' + reason: NewReplicationControllerAvailable + message: replication controller "openmbee-mms-61" successfully rolled out + - type: Available + status: 'True' + lastUpdateTime: '2023-09-28T18:52:49Z' + lastTransitionTime: '2023-09-28T18:52:49Z' + message: Deployment config has minimum availability. + replicas: 1 + readyReplicas: 1 diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml new file mode 100644 index 0000000..e2f3103 --- /dev/null +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml @@ -0,0 +1,195 @@ +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: openmbee-ve + namespace: openmbee + uid: 54344196-94cb-49df-8ed4-d4857b0db33c + resourceVersion: '946560312' + generation: 109 + creationTimestamp: '2023-09-06T19:45:36Z' + annotations: + description: Handles deployment of the openmbee ve. + managedFields: + - manager: Mozilla + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-26T12:37:22Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:description': {} + 'f:spec': + 'f:replicas': {} + 'f:revisionHistoryLimit': {} + 'f:selector': + .: {} + 'f:app': {} + 'f:strategy': + 'f:activeDeadlineSeconds': {} + 'f:recreateParams': + .: {} + 'f:timeoutSeconds': {} + 'f:rollingParams': + .: {} + 'f:intervalSeconds': {} + 'f:maxSurge': {} + 'f:maxUnavailable': {} + 'f:timeoutSeconds': {} + 'f:updatePeriodSeconds': {} + 'f:type': {} + 'f:template': + .: {} + 'f:metadata': + .: {} + 'f:creationTimestamp': {} + 'f:labels': + .: {} + 'f:app': {} + 'f:spec': + .: {} + 'f:containers': + .: {} + 'k:{"name":"openmbee-ve"}': + .: {} + 'f:image': {} + 'f:imagePullPolicy': {} + 'f:name': {} + 'f:ports': + .: {} + 'k:{"containerPort":8080,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'f:resources': + .: {} + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:terminationMessagePath': {} + 'f:terminationMessagePolicy': {} + 'f:dnsPolicy': {} + 'f:imagePullSecrets': + .: {} + 'k:{"name":"nexus-repo-docker-registry"}': {} + 'f:restartPolicy': {} + 'f:schedulerName': {} + 'f:securityContext': {} + 'f:terminationGracePeriodSeconds': {} + 'f:triggers': {} + - manager: openshift-controller-manager + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-26T12:37:35Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:updatedReplicas': {} + 'f:readyReplicas': {} + 'f:conditions': + .: {} + 'k:{"type":"Available"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:status': {} + 'f:type': {} + 'k:{"type":"Progressing"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:reason': {} + 'f:status': {} + 'f:type': {} + 'f:details': + .: {} + 'f:causes': {} + 'f:message': {} + 'f:replicas': {} + 'f:availableReplicas': {} + 'f:observedGeneration': {} + 'f:unavailableReplicas': {} + 'f:latestVersion': {} + subresource: status +spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 600 + rollingParams: + updatePeriodSeconds: 1 + intervalSeconds: 1 + timeoutSeconds: 600 + maxUnavailable: 25% + maxSurge: 25% + resources: {} + activeDeadlineSeconds: 1800 + triggers: + - type: ConfigChange + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + app: openmbee-ve + template: + metadata: + creationTimestamp: null + labels: + app: openmbee-ve + spec: + containers: + - name: openmbee-ve + image: >- + + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 350m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + imagePullSecrets: + - name: nexus-repo-docker-registry + schedulerName: default-scheduler +status: + observedGeneration: 109 + details: + message: config change + causes: + - type: ConfigChange + availableReplicas: 1 + unavailableReplicas: 0 + latestVersion: 106 + updatedReplicas: 1 + conditions: + - type: Available + status: 'True' + lastUpdateTime: '2023-09-26T12:37:35Z' + lastTransitionTime: '2023-09-26T12:37:35Z' + message: Deployment config has minimum availability. + - type: Progressing + status: 'True' + lastUpdateTime: '2023-09-26T12:37:38Z' + lastTransitionTime: '2023-09-26T12:37:27Z' + reason: NewReplicationControllerAvailable + message: replication controller "openmbee-ve-106" successfully rolled out + replicas: 1 + readyReplicas: 1 diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml new file mode 100644 index 0000000..c932a51 --- /dev/null +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml @@ -0,0 +1,228 @@ +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: postgres + namespace: openmbee + uid: c0c241bb-2fc2-4170-b768-68836e3e0aab + resourceVersion: '945421288' + generation: 35 + creationTimestamp: '2023-08-31T19:10:49Z' + annotations: + template.alpha.openshift.io/wait-for-ready: 'true' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-14T18:17:18Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:template.alpha.openshift.io/wait-for-ready': {} + 'f:spec': + 'f:replicas': {} + 'f:selector': + .: {} + 'f:name': {} + 'f:strategy': + 'f:activeDeadlineSeconds': {} + 'f:recreateParams': + .: {} + 'f:timeoutSeconds': {} + 'f:type': {} + 'f:template': + .: {} + 'f:metadata': + .: {} + 'f:creationTimestamp': {} + 'f:labels': + .: {} + 'f:name': {} + 'f:spec': + 'f:volumes': + .: {} + 'k:{"name":"postgres-data"}': + .: {} + 'f:name': {} + 'f:persistentVolumeClaim': + .: {} + 'f:claimName': {} + 'f:containers': + .: {} + 'k:{"name":"postgres"}': + 'f:image': {} + 'f:volumeMounts': + .: {} + 'k:{"mountPath":"/var/opt/postgres"}': + .: {} + 'f:mountPath': {} + 'f:name': {} + 'f:terminationMessagePolicy': {} + .: {} + 'f:resources': + .: {} + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:env': + .: {} + 'k:{"name":"POSTGRESQL_DATABASE"}': + .: {} + 'f:name': {} + 'f:value': {} + 'k:{"name":"POSTGRESQL_PASSWORD"}': + .: {} + 'f:name': {} + 'f:valueFrom': + .: {} + 'f:secretKeyRef': {} + 'k:{"name":"POSTGRESQL_USER"}': + .: {} + 'f:name': {} + 'f:value': {} + 'f:terminationMessagePath': {} + 'f:imagePullPolicy': {} + 'f:ports': + .: {} + 'k:{"containerPort":5432,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'f:name': {} + 'f:dnsPolicy': {} + 'f:restartPolicy': {} + .: {} + 'f:schedulerName': {} + 'f:terminationGracePeriodSeconds': {} + 'f:imagePullSecrets': + .: {} + 'k:{"name":"nexus-repo-docker-registry"}': {} + 'f:securityContext': {} + 'f:triggers': {} + - manager: openshift-controller-manager + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-25T14:51:03Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:updatedReplicas': {} + 'f:readyReplicas': {} + 'f:conditions': + .: {} + 'k:{"type":"Available"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:status': {} + 'f:type': {} + 'k:{"type":"Progressing"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:reason': {} + 'f:status': {} + 'f:type': {} + 'f:details': + .: {} + 'f:causes': {} + 'f:message': {} + 'f:replicas': {} + 'f:availableReplicas': {} + 'f:observedGeneration': {} + 'f:unavailableReplicas': {} + 'f:latestVersion': {} + subresource: status +spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 600 + resources: {} + activeDeadlineSeconds: 21600 + triggers: + - type: ConfigChange + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + name: postgres + template: + metadata: + creationTimestamp: null + labels: + name: postgres + spec: + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: postgres + containers: + - resources: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 500m + memory: 2Gi + terminationMessagePath: /dev/termination-log + name: postgres + env: + - name: POSTGRESQL_DATABASE + value: mms + - name: POSTGRESQL_USER + value: mmsuser + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: postgres + key: database-password + ports: + - containerPort: 5432 + protocol: TCP + imagePullPolicy: Always + volumeMounts: + - name: postgres-data + mountPath: /var/opt/postgres + terminationMessagePolicy: File + image: >- + + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + imagePullSecrets: + - name: nexus-repo-docker-registry + schedulerName: default-scheduler +status: + observedGeneration: 35 + details: + message: manual change + causes: + - type: Manual + availableReplicas: 1 + unavailableReplicas: 0 + latestVersion: 32 + updatedReplicas: 1 + conditions: + - type: Progressing + status: 'True' + lastUpdateTime: '2023-09-19T04:56:05Z' + lastTransitionTime: '2023-09-19T04:55:52Z' + reason: NewReplicationControllerAvailable + message: replication controller "postgres-32" successfully rolled out + - type: Available + status: 'True' + lastUpdateTime: '2023-09-25T14:51:03Z' + lastTransitionTime: '2023-09-25T14:51:03Z' + message: Deployment config has minimum availability. + replicas: 1 + readyReplicas: 1 diff --git a/openshift-resources/openshift-output/persistent-volumes/persistentvolumeclaim-postgres.yaml b/openshift-resources/openshift-output/persistent-volumes/persistentvolumeclaim-postgres.yaml new file mode 100644 index 0000000..81d4040 --- /dev/null +++ b/openshift-resources/openshift-output/persistent-volumes/persistentvolumeclaim-postgres.yaml @@ -0,0 +1,73 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: postgres + namespace: openmbee + uid: a6b9ffdd-a288-4e5c-b1ac-1ed650b100a0 + resourceVersion: '930113112' + creationTimestamp: '2023-09-14T18:08:28Z' + annotations: + pv.kubernetes.io/bind-completed: 'yes' + pv.kubernetes.io/bound-by-controller: 'yes' + volume.beta.kubernetes.io/storage-provisioner: openshift-storage.cephfs.csi.ceph.com + volume.kubernetes.io/storage-provisioner: openshift-storage.cephfs.csi.ceph.com + finalizers: + - kubernetes.io/pvc-protection + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-14T18:08:28Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:accessModes': {} + 'f:resources': + 'f:requests': + .: {} + 'f:storage': {} + 'f:storageClassName': {} + 'f:volumeMode': {} + - manager: kube-controller-manager + operation: Update + apiVersion: v1 + time: '2023-09-14T18:08:29Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:pv.kubernetes.io/bind-completed': {} + 'f:pv.kubernetes.io/bound-by-controller': {} + 'f:volume.beta.kubernetes.io/storage-provisioner': {} + 'f:volume.kubernetes.io/storage-provisioner': {} + 'f:spec': + 'f:volumeName': {} + - manager: kube-controller-manager + operation: Update + apiVersion: v1 + time: '2023-09-14T18:08:29Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:accessModes': {} + 'f:capacity': + .: {} + 'f:storage': {} + 'f:phase': {} + subresource: status +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeName: pvc-a6b9ffdd-a288-4e5c-b1ac-1ed650b100a0 + storageClassName: ocs-storagecluster-cephfs + volumeMode: Filesystem +status: + phase: Bound + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi diff --git a/openshift-resources/openshift-output/routes/route-mbee-mms.yaml b/openshift-resources/openshift-output/routes/route-mbee-mms.yaml new file mode 100644 index 0000000..860f5df --- /dev/null +++ b/openshift-resources/openshift-output/routes/route-mbee-mms.yaml @@ -0,0 +1,58 @@ +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: mbee-mms + namespace: openmbee + uid: 9259ea63-f943-41a4-afbd-e4404aec2908 + resourceVersion: '945743751' + creationTimestamp: '2023-09-25T20:49:37Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: route.openshift.io/v1 + time: '2023-09-25T20:49:37Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:host': {} + 'f:port': + .: {} + 'f:targetPort': {} + 'f:tls': + .: {} + 'f:termination': {} + 'f:to': + 'f:kind': {} + 'f:name': {} + 'f:weight': {} + 'f:wildcardPolicy': {} + - manager: openshift-router + operation: Update + apiVersion: route.openshift.io/v1 + time: '2023-09-25T20:49:37Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:ingress': {} + subresource: status +spec: + host: + to: + kind: Service + name: openmbee-mms + weight: 100 + port: + targetPort: openmbee-mms + tls: + termination: edge + wildcardPolicy: None +status: + ingress: + - host: + routerName: default + conditions: + - type: Admitted + status: 'True' + lastTransitionTime: '2023-09-25T20:50:46Z' + wildcardPolicy: None + routerCanonicalHostname: diff --git a/openshift-resources/openshift-output/routes/route-mbee-ve.yaml b/openshift-resources/openshift-output/routes/route-mbee-ve.yaml new file mode 100644 index 0000000..ffcf903 --- /dev/null +++ b/openshift-resources/openshift-output/routes/route-mbee-ve.yaml @@ -0,0 +1,58 @@ +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: mbee-ve + namespace: openmbee + uid: 22fa24dd-6fec-41ab-91b2-d0579105d0c5 + resourceVersion: '945743259' + creationTimestamp: '2023-09-25T20:47:52Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: route.openshift.io/v1 + time: '2023-09-25T20:47:52Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:host': {} + 'f:port': + .: {} + 'f:targetPort': {} + 'f:tls': + .: {} + 'f:termination': {} + 'f:to': + 'f:kind': {} + 'f:name': {} + 'f:weight': {} + 'f:wildcardPolicy': {} + - manager: openshift-router + operation: Update + apiVersion: route.openshift.io/v1 + time: '2023-09-25T20:47:52Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:ingress': {} + subresource: status +spec: + host: + to: + kind: Service + name: openmbee-ve-svc + weight: 100 + port: + targetPort: openmbee-ve + tls: + termination: edge + wildcardPolicy: None +status: + ingress: + - host: + routerName: default + conditions: + - type: Admitted + status: 'True' + lastTransitionTime: '2023-09-25T20:50:14Z' + wildcardPolicy: None + routerCanonicalHostname: diff --git a/openshift-resources/openshift-output/secrets/secret-my-tls-secret.yaml b/openshift-resources/openshift-output/secrets/secret-my-tls-secret.yaml new file mode 100644 index 0000000..d281480 --- /dev/null +++ b/openshift-resources/openshift-output/secrets/secret-my-tls-secret.yaml @@ -0,0 +1,26 @@ +kind: Secret +apiVersion: v1 +metadata: + name: my-tls-secret + namespace: openmbee + uid: 9707a05a-413c-4468-9d34-5a23b05f0098 + resourceVersion: '950096710' + creationTimestamp: '2023-09-25T16:57:22Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-25T16:57:22Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:data': + .: {} + 'f:tls.crt': {} + 'f:tls.key': {} + 'f:type': {} +data: + tls.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUYxVENDQTcyZ0F3SUJBZ0lVWEtESnIwVnA2UWtWSCtmekR0ejVLTHNjeHUwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2VqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeEZqQVVCZ05WQkFvTQpEVlV1VXlCSGIzWmxjbTFsYm5ReEREQUtCZ05WQkFzTUEwUnZSREV3TUM0R0ExVUVBd3duYjNCbGJtMWlaV1V0CmJXMXpMbTl3Wlc1dFltVmxMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQjRYRFRJek1Ea3lOVEUyTURRMU9Wb1gKRFRJME1Ea3lOREUyTURRMU9Wb3dlakVMTUFrR0ExVUVCaE1DUVZVeEV6QVJCZ05WQkFnTUNsTnZiV1V0VTNSaApkR1V4RmpBVUJnTlZCQW9NRFZVdVV5QkhiM1psY20xbGJuUXhEREFLQmdOVkJBc01BMFJ2UkRFd01DNEdBMVVFCkF3d25iM0JsYm0xaVpXVXRiVzF6TG05d1pXNXRZbVZsTG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUlJQ0lqQU4KQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdDJZQ2JPUUpPWUhTa3BmZjVxbGZ0R1NqRUtDOApZbDYzQzdSU1owZzVVYkUvbzZOZ25ObjF1Zm83L3JVVFB1eHlzeDFDK0JIbHhId0dnWFZUQlplOXFBZVVDekx1ClJHOFU4MExrRE1tRnZpci83YThSNEhBeklTQmIzWjREckZ5U1gwOGN3WDNzVDlSYjZBdHZTRGx2NXZ1MnJwWjQKd2h3VUZYSWlvVVorQkFock5BTC9GU2RKV2V5dWNOeUJISGtMdGtwd0V0cVBWczFNVmNXdFpWOWI0bk1VTzZuYgpTRk53QjJHWDdUSlA3OE5SazQ2M1N1VjVTcGFYSG44c0pGbThabW1IYkNPdGpwNmRCNXo5ZjJyOXZYMmt4cXlRCkZmMTlhQk5WcVM1YmRadE82bnlGeUN6WHlHTzJLaFFBd3hYdG13SFBxRFVvcE5aMW5ab2R3NHU1R0ZnSjdkR2sKRFlYdnhVelF3L3RmS3RHL0dzSFU0UlJwTldpaCtzbitKYit1S3dSWEo2VmpaN2hyeEkzZDYzZGNVMXlDOGxlQgpTdmFWakdnU3lBeWp1SFpLMzNtczg1MkVwblRtZ0dhbkVUMkppaHZSVnlkUzJtaXZabDRwYVMvenFNRmlGYjhrCkJJRjZFdkhTZ0RTQUdnekh3QkZNMTl1Rm9VWkZ2ZEN5ZjhXdGtLdTRNd0RRZTRFLzVIdUVQTWlZbmxDakprOXkKNkdkT0FtM2lubUZqYm0ycHlpYTNuQllGRDVOL1BKWU5FcUF1b1BjZjlVNndtRUJiVWtZeWdGRFU3TVFSSjlqTQo1cVJNRFNvR0NqQ1dETXg0ZXNrd05NR0d5SFg0U0RPS3J4SXAvWjZ5ejEyUVh1RzdoU0Jsbk52QTdxVFNHNWtPCkU0Tm42dkloWnNteUp1MENBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUVGRjB4TncraVF5cFVvNURzNDZHSmliNVoKUFdiMk1COEdBMVVkSXdRWU1CYUFGRjB4TncraVF5cFVvNURzNDZHSmliNVpQV2IyTUE4R0ExVWRFd0VCL3dRRgpNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFIczVEaUVXVzgydXhEQnB6Y3FkRENWOVhUNWU3WVJzCkJoQkR6aGw4YUROV3BBWkZ3bFZ1ellCVS9RY0ZOdEZ0bEM4dUdncXlzSGhQOGwrV2FsZnM2SXVwS05aUitaQ1MKYWlnaDY1M3RQT005dDE0NTRWaC9rQnpNeEg2U1o1NjlsUFpwcHp4TzYycVdnMHVlSUJ1NlIwTzZDK3JaMTQzMApzQnNwYkp0SE5FMGVRL2djM0RiSzBDYUxIeHc5b3FFRVFtTDE4WDNnUDZrMlVpWHVhMDRncDQ2aW9haUtsQldTCk5BdlRXZVBEWXBIdTFzSEtadFlsMlEzNFdGQWdtTEdyS25oOWl4UlBpSGFPdHIxdDIvK0VnV3hUY2JUbVQ1NG8KVW1QcVhrVmZRbkN4bGJUdXN1U29aVExHeXpFbzhUK05TSXhCSGs0NXpuTXdWb0JMcFdlWmxVUXNQVmJVSTdKSwo5eGpXMFRsNWJrbUJmWXNNNk5HODZJK2FlSXVYaEtlYnVsWEs0VVVveFZHaCs3UjcxVjB5UWo2ZVl3TXRsRUxJCmhpOWpYenhrTUZ2QVJxZ3FyOUxtVytIOVZZeUE5NXJ0WlU1MUJtTWJXeTdPVDArNXJDUmlYRXVCM1RjWElyS1MKNUUySGRUTDk2MGwvci8zVGRTdmpHL2ExSG5XRFFHVDdDYzNPbCtKUDVhdEdScllIaVQ4UDJ1ZVFkUmszenFMVgo3Sm5XaW04bm15UkgzVTdabFlZY1NsS3VONFhkc3hpNUVWVTJEREdhUjUzYWNGaXF5TnA1Vno2NnJKTFE3c1ZmCmdXUjZidXRVTGxLbGIxK0RjWEJIeXVCK1pTN1ZWY1o1MjR4TUV3cDllOEFaYlJjVEQ5MU5pSmJZVW5iclpzNGYKdW5uanB0RDRrMmNECi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: >- + LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUlKbkRCT0Jna3Foa2lHOXcwQkJRMHdRVEFwQmdrcWhraUc5dzBCQlF3d0hBUUk3U090SkdBRlZVd0NBZ2dBCk1Bd0dDQ3FHU0liM0RRSUpCUUF3RkFZSUtvWklodmNOQXdjRUNBNng0VnFPUkZHMUJJSUpTQWtJWlVYL3dLS08KaTBkbUlyalFGMk9ZS01TdUhFcXdHVTA3RklWS0xMVzdjNit4R3VHU29sdVpVL3Fkbm8zL2pLQlFhekl6eGxVdgo3ZWttYlU0ZTJDcWtaQXp1U3FXaG9wVWFRQ3NJS1p6ZjZhWDM0SkNEYjIraWxNMGV5aHJJaWZYOUxmT2t6Wm1RClhNZTI5RUZCYjlURXFoa0FoM2ZFY2JwTEh4MUpWbWJyODFEei9yc0pPa0lndndQeDVvY3R2U08yRmN4bVo2M20KN2FaT2tMVzRVMTRMM3V5VFVlNlBMYmtObnk4V1ZtOGFmb2U4Wm1NdE5YMmw4MURmVVZnZUQyai9HcTAzWUNMcApESnF3Z3RQYnJoWUxBdmF4RlVRNE1yc0VCVTRRcUlQR3VNU1pFeWl4cWhpa0VYZW1Oa2xXSFdlTVVJV1ZoUUFSCjhiVDVteXpaQW1KOVJOYjBhSEREMzZIa0hsYmNSQjgzWEJ2c2Fid0owTWpVZjU2RnNtSUtyTUkvSHJjcGFwL24KMUdTS0NKU2hWVXozSjVWdGZqNS8vcVY0UDBJYzkrOGU5d1cwbVFCSUgva3hraHJ6QWdKdGxMdHlwVVJ1UDlUYgpMUDBXMWpKNlc4Mkt3UFh1clpnaUl4b2pnMWtYdHJkT3Z6NWxVQmxGS1UrdnpEQmluK242RkdVTmlxTjVoV21OCnVXaDE4QlAwN2VuZVo2T0lhb0NBczNKcE5qODRkaGN6ZFM5YzdnVnRNNUpRZ01Mc08xUDk0aUtyV0RYblpyUFEKMmw5RkNiRGJHMjU0dWhFYXdvcURzektoaEVPZStxejA4WXY0RUp5VUtEeUFyUFFJbzRNUVE2ZGxnbXZURUdGeQpUUWl3cTlYWTFNWnNjcm5oK29WR3hQbDFkZ1FTOXZoYWpoLzlZaURXOHhmeExWQk1VMEJkTThUdWE3Vm5Qd1M2CmVVdDl5L3FPTTFqMHlLWE1DN21xbmRJRVRNSnQxMUkrUlJHQ2tHekNURzBEU205eGtiMHFEUEs5cTFqbFhTNFQKVU5hdkRqOGdHcE82aHB6OGFFSzQ0aUtBVnFLcEdWY3RmcjZpYjh2NDB4NHYrb0tkZmlVL2l6aEUrUVFjQnFyTgo0S1h0eURyd1BkMDRMUk84OUpEMVhrRTZDdzdOWVpVS0F5aGxCMmVXUzZFNEZiSERMMktraHRqaVkwbEFndmw3CjdtNXpPSGtBM2FzRHoyRWZqektYV0JmMXRLMkpYd1hOY0IrUDkrVHlubGN1aDBiTnkvL3d2MUU5b1UzVGs3M2EKbFczaFEvYlcxaTlnbE1mUGRjWE1vTmNvOG1tcCs2ait5NWZHbTJlUUpWaFBVQW1aLzBCaERxZmtNbnV2M3M5bgpvR20wSkUwZ2VNeGhqMGZ2NVpxREUxeXA2OEptU21wbkdtZEJGbVhtYlZ5ZmJNcm1BcDZUN1Ixdm9xZUp5cVZXCmhLUEJ3SEt3bTdXOTViK29PbWZpSTdlb2M2ZnBIaHpscG5TRlFKRktsYXhyajV4VllId3Vvd2JyRXlNYTkxMHoKZkNmWS9zRFFWTjNwQTFiclU4TzFZMlF5Tnl1MnQzeDNNV0gzM293SWpLbHlHOVY4Q3YrQlRhYmZTWjVBcXFVTwpvTG45cEZKYkZEaTN6NmJ4dys2WVNxbXB4STcwQ3VKdW02R1NJNjZKcGxITzFTaWRsK1RmYWlvVlRPalVtc2pjClUwUlQ4VnVPeEVybGRLdTEyZkNXak1KL2hOaThrdFI4Z2hRZHpTUHpMVWQ4dmkwdkdHd2xBMmxVRG5CN3QzL0QKaTJZalJmck1IeGZaK3pPRTJHdE81aWN1bElGMkZVc3RDb0xyYVJZdi96OWI0d3J3Z3VPWVpyeWFuYUdRQ25sMAo2djdsSC9UdTRCR09TZUpQQTdVOXk5UTMyUmZqUXgvM0EwVU0zdzNPRXYwbVlwYzROSHc5MnRYZnM3c2R2WGc1Ckx4ZW1kK2V3aWNpejhybnczbWpoRnF0UFZ6K0dnTExvUnFkRVZpTEZVSVd0bHNOaytYa1dscU1aZ3h2VU9FWTkKaVRLRW95dks2MDBxRGtzQWV3UnVsYi9reE5kSy9VcVU0bFI3TmpJbDJGYjdoRDR1WnkvbVdCWkNZcmhjdUhZTAp2K2U4Q0FhcHR0cVNiZFdUeEtWYkFNdi9Hc0dTYjk3VUxuenZBcDNXMGt2Y3dIbnRCbzFrZTRld216MkJTZ2M0CmRBQUUwNmhaRzNzWkRHanl0R01BekRUbTllakgzdUxlSm5nZk9WeGIvMjNCVE1iR251RmpNNXVXUkQweS9wUFMKSHQyVThsWXhQSUp4V0lWZndwSXpHckQxVVkxZld2SFRDMmRkK01vZC9wTXYrT01ROFQwbi82K2ExbHhTMDh2YwpmZWI3M1FLUis2V0RRYW9mYjF1ZXcrQWVwdjJlK2xvUUNzSS9JMHF6RVdOKzFQNktiaHY3Z0tMTmxEOGZJTUJICnBxU2U0QmJyakVxY3NEejlreVJHSEQwZDk4N2NOQ3A5QjRJblBOdzd4SlZTR0l0UlNaMHZKYjVtUXFJQmc1b1oKMVdEdWVRWjFsekJMbzRTczhkS2FGTTlBL0hnQ1NZTzljbUN4bkVHSWwrdzFiUWR2Y0V1VjR2bnNtYTVUVlFlYQpWN0xLaW81eHZKZk9UY0lBYnBVdkg4M2hvRjV1U043UWRFODZRMnFHMmdGUG1QWGJOSm5PSFNzYU1JdFlIQjRjCmlxKzBJdFJnRjdSKzNvSHVQazZPWmFsWE1rTC9KTGVzT3BlU1IvNnpQMVdkS2VWYmc0cDNEd3hDMGZ1WGZRYUgKWDJWTldGYTlmZmxJbWhwTGovUGt6Tnk0QUVZSVFpcjJscDRucjZMbll2cUd4ald5cEY2ODBFWnU0N0pQY1gwWQo3dldzRTd3ZUp4OCt6OW54K1lZbjQ0dEpVRTVETWNudFEwV1N2RkplekE5NllSUHplOGkzdGhCV2JrV0prY0o4CndpaEtyemZ3SW81WkZ1Rkk0SE9yQlM4d25IZnBJakZnZXdWcjcvT3V0dGFIdFBaVXVpQTlLTUVpRWRYcWxQNFgKWTk4eGoxaDU5b0w3UFQ1aWh3b3hmdTZBOXplSmNaN05nTFBQRzcwdU5aREhyRHAzNFpyM0E2R2hVK0NuUnd0ZQpOVE4xMW1hNTB6aU9PZjd2UXFsMmQ4QmNWMGMvcG1sUXl5RGo3MWVGWlA4ZEtHcU5OYlhOWDdOZkRDbXJzZ09uCnhjcG5sV20vTTNaTENDK1NQNExUamk0TWdFTWI2dlVIUUZuenYydjFYOWdoL25ibVdhb2VGZzg0WW8rMllNNWsKbDExTmx4RDJRUVQ1bWJhdjd5bXhMOEZMT3ljT2o1dVJhNk9hanVReFhRaFB1TVJIUnVMZHl0QStOUjVSckpFcApYRVpzWnd2eUZzRXpZZk9jZ1VlREx4NDIxa05YQ0FrV2FhdHp2RmZMTm1DUnF0MjRQZHdyWC9JUkRvUXNzQ0FUClY2VHRUNExFeTNQWUt2VVQrdXpqZS9Fc09tdndPQXdIMSs4K0hGd3NVbUgrbjR1YkwrL1J1N3A5bWxLRFdEYUoKakFxYUROQkNPbFJCdDIvYVUvYUp0blA5TmtUSzg3M29iWHNKUkM4NFZ3eXZ3SXU3NTNzZzZhNVZjRko1NThWUQpXQi9TdWZTTENsSVl5TG5UYUlrbldDNWw4OFZhN1Q2VDlGOXVFL3pSbnR0Qm03b01CTTh4QVhSV1hrNFNTNHFnClJIbFcyaEtRZjJ2Z0dkUmNPdHdnemE0dVZoYXhnRmtYN0kzN2NJTTlhVXFsdmFXdkZVOGUrcld4N3RNcG9KWDAKQiszZFphUERwSkF0V3RLU1V0U1NvR0dJemdScWZ5cDJXMVgzQUlnTkdLd3lGdVd1ZHBhU0hYY2gvRjVqU0tsYwp2TkZyN241WExUdlJkSHdCL2pUeStXNDVkdVRvL0QzSGcrT0tKc0NaZDdSOXU3RE1DQW8xSmRxQ1dxTE8wMXF4CkhuNnZjQ3RxZjA0ZXNnSmNCbWRkZFQ4SlFXWGcyUWdTaWFwS1d0di85Q1JOTVlrM2xpaXNRaW1mczVGV2hlMXEKcGxHeklLTitWTHJqcFJ4ZnNOL0dWY2h6ZGhqanRGdEpUUkxnZ1U3UWFONmlJa3BEbG1wRytpZWVob1FJd1dFMwo3bkNsaTdodEFBQmhKbVFaM3BJN21RPT0KLS0tLS1FTkQgRU5DUllQVEVEIFBSSVZBVEUgS0VZLS0tLS0K +type: kubernetes.io/tls diff --git a/openshift-resources/openshift-output/secrets/secret-nexus-repo-docker-registry.yaml b/openshift-resources/openshift-output/secrets/secret-nexus-repo-docker-registry.yaml new file mode 100644 index 0000000..a124149 --- /dev/null +++ b/openshift-resources/openshift-output/secrets/secret-nexus-repo-docker-registry.yaml @@ -0,0 +1,23 @@ +kind: Secret +apiVersion: v1 +metadata: + name: nexus-repo-docker-registry + namespace: openmbee + uid: 86eba8fb-4bf5-4dd0-8aeb-d6aa17e6e132 + resourceVersion: '950096711' + creationTimestamp: '2023-07-18T16:52:37Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-07-18T16:52:37Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:data': + .: {} + 'f:.dockerconfigjson': {} + 'f:type': {} +data: + .dockerconfigjson: >- + eyJhdXRocyI6eyJyZWdpc3RyeS1jbGktZG9ja2VyLndzZWFzdHRlc3QubmF2YWlyLm5hdnkubWlsOjUwMDAiOnsidXNlcm5hbWUiOiJTUzB0QUpvRyIsInBhc3N3b3JkIjoibS0zLVBYcXVTTkJIZjFBMkFvUS1KZTFwcUxRV25CM0RsZk9TNi1BUHBtNGciLCJlbWFpbCI6InVudXNlZCIsImF1dGgiOiJVMU13ZEVGS2IwYzZiUzB6TFZCWWNYVlRUa0pJWmpGQk1rRnZVUzFLWlRGd2NVeFJWMjVDTTBSc1prOVROaTFCVUhCdE5HYz0ifX19 +type: kubernetes.io/dockerconfigjson diff --git a/openshift-resources/openshift-output/secrets/secret-postgres.yaml b/openshift-resources/openshift-output/secrets/secret-postgres.yaml new file mode 100644 index 0000000..7a79840 --- /dev/null +++ b/openshift-resources/openshift-output/secrets/secret-postgres.yaml @@ -0,0 +1,22 @@ +kind: Secret +apiVersion: v1 +metadata: + name: postgres + namespace: openmbee + uid: 2f4f8b2f-1374-4bc3-80c4-3664ce070dd7 + resourceVersion: '950096712' + creationTimestamp: '2023-09-14T17:27:08Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-14T17:27:08Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:data': + .: {} + 'f:database-password': {} + 'f:type': {} +data: + database-password: dGVzdDEyMzQ= +type: Opaque diff --git a/openshift-resources/openshift-output/services/service-minio.yaml b/openshift-resources/openshift-output/services/service-minio.yaml new file mode 100644 index 0000000..454ceb6 --- /dev/null +++ b/openshift-resources/openshift-output/services/service-minio.yaml @@ -0,0 +1,60 @@ +kind: Service +apiVersion: v1 +metadata: + name: minio + namespace: openmbee + uid: e4d03e2f-2851-43ce-9830-d749e740d3c6 + resourceVersion: '911719467' + creationTimestamp: '2023-08-31T19:29:46Z' + labels: + io.kompose.service: minio + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-08-31T19:29:46Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:kompose.cmd': {} + 'f:kompose.version': {} + 'f:labels': + .: {} + 'f:io.kompose.service': {} + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":9000,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: '9000' + protocol: TCP + port: 9000 + targetPort: 9000 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + io.kompose.service: minio +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/services/service-openmbee-elasticsearch.yaml b/openshift-resources/openshift-output/services/service-openmbee-elasticsearch.yaml new file mode 100644 index 0000000..3e06f1e --- /dev/null +++ b/openshift-resources/openshift-output/services/service-openmbee-elasticsearch.yaml @@ -0,0 +1,57 @@ +kind: Service +apiVersion: v1 +metadata: + name: openmbee-elasticsearch + namespace: openmbee + uid: b4580c99-e15d-41ce-9b48-7733e0cbf247 + resourceVersion: '946676276' + creationTimestamp: '2023-09-18T17:02:46Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-18T17:02:46Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":9200,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'k:{"port":9300,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: '9200' + protocol: TCP + port: 9200 + targetPort: 9200 + - name: '9300' + protocol: TCP + port: 9300 + targetPort: 9300 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + io.kompose.service: elasticsearch +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/services/service-openmbee-mms.yaml b/openshift-resources/openshift-output/services/service-openmbee-mms.yaml new file mode 100644 index 0000000..8f023bc --- /dev/null +++ b/openshift-resources/openshift-output/services/service-openmbee-mms.yaml @@ -0,0 +1,53 @@ +kind: Service +apiVersion: v1 +metadata: + name: openmbee-mms + namespace: openmbee + uid: c18056c7-480d-4392-bfd5-a3abd080a149 + resourceVersion: '941588245' + creationTimestamp: '2023-08-31T19:29:04Z' + annotations: + service.beta.openshift.io/inject-cabundle: 'true' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-22T21:27:35Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:service.beta.openshift.io/inject-cabundle': {} + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":5000,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: openmbee-mms + protocol: TCP + port: 5000 + targetPort: 5000 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + name: openmbee-mms +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/services/service-openmbee-ve-svc.yaml b/openshift-resources/openshift-output/services/service-openmbee-ve-svc.yaml new file mode 100644 index 0000000..5229040 --- /dev/null +++ b/openshift-resources/openshift-output/services/service-openmbee-ve-svc.yaml @@ -0,0 +1,53 @@ +kind: Service +apiVersion: v1 +metadata: + name: openmbee-ve-svc + namespace: openmbee + uid: 52741a91-5a2d-459a-8ea7-96fa13ac328f + resourceVersion: '936991153' + creationTimestamp: '2023-08-31T18:02:11Z' + annotations: + description: Exposes and load balances the application pods + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-08-31T18:02:11Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:description': {} + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":8080,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: openmbee-ve + protocol: TCP + port: 8080 + targetPort: 8080 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + app: openmbee-ve +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/services/service-postgres.yaml b/openshift-resources/openshift-output/services/service-postgres.yaml new file mode 100644 index 0000000..e34c019 --- /dev/null +++ b/openshift-resources/openshift-output/services/service-postgres.yaml @@ -0,0 +1,53 @@ +kind: Service +apiVersion: v1 +metadata: + name: postgres + namespace: openmbee + uid: 28877079-55a8-4557-bf29-d769c005136f + resourceVersion: '930093890' + creationTimestamp: '2023-08-31T19:32:40Z' + annotations: + template.openshift.io/expose-uri: 'postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgres")].port}' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-14T17:39:05Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:template.openshift.io/expose-uri': {} + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":5432,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: postgres + protocol: TCP + port: 5432 + targetPort: 5432 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + name: postgres +status: + loadBalancer: {} diff --git a/openshift-resources/stage/deploymentConfig.yml b/openshift-resources/stage/deploymentConfig.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/stage/pipeline.yml b/openshift-resources/stage/pipeline.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/stage/service.yml b/openshift-resources/stage/service.yml new file mode 100644 index 0000000..e69de29 diff --git a/src/main/java/org/openmbee/mms/mmsri/config/LoggingFilter.java b/src/main/java/org/openmbee/mms/mmsri/config/LoggingFilter.java index 46dd724..ab9e541 100644 --- a/src/main/java/org/openmbee/mms/mmsri/config/LoggingFilter.java +++ b/src/main/java/org/openmbee/mms/mmsri/config/LoggingFilter.java @@ -1,3 +1,54 @@ +//package org.openmbee.mms.mmsri.config; +// +//import java.io.IOException; +//import java.util.UUID; +//import jakarta.servlet.Filter; +//import jakarta.servlet.FilterChain; +//import jakarta.servlet.ServletException; +//import jakarta.servlet.ServletRequest; +//import jakarta.servlet.ServletResponse; +//import jakarta.servlet.http.HttpServletRequest; +//import jakarta.servlet.http.HttpServletResponse; +//import org.slf4j.Logger; +//import org.slf4j.LoggerFactory; +//import org.springframework.security.core.Authentication; +//import org.springframework.security.core.context.SecurityContextHolder; +// +//public class LoggingFilter implements Filter { +// private final Logger LOGGER = LoggerFactory.getLogger(LoggingFilter.class); +// +// @Override +// public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) +// throws IOException, ServletException { +// String corr = UUID.randomUUID().toString(); +// long time = System.currentTimeMillis(); +// Authentication auth = SecurityContextHolder.getContext().getAuthentication(); +// String user = "anonymousUser"; +// if (auth != null) { +// user = auth.getName(); +// } +// HttpServletRequest r = (HttpServletRequest) req; +// String query = r.getQueryString(); +// query = query == null ? "" : ("?" + query); +// if (!r.getRequestURI().startsWith("/actuator") && !r.getRequestURI().startsWith("/v3")) { +// LOGGER.info("req - {} - {} - {} - {}", user, r.getMethod(), r.getRequestURI() + query, +// corr); +// } +// chain.doFilter(req, resp); +// +// time = System.currentTimeMillis() - time; +// HttpServletResponse res = (HttpServletResponse) resp; +// auth = SecurityContextHolder.getContext().getAuthentication(); +// if (auth != null) { +// user = auth.getName(); +// } +// if (!r.getRequestURI().startsWith("/actuator") && !r.getRequestURI().startsWith("/v3")) { +// LOGGER.info("res - {} - {} - {} - {} - {} - {}ms ", user, r.getMethod(), +// r.getRequestURI() + query, corr, res.getStatus(), time); +// } +// } +//} + package org.openmbee.mms.mmsri.config; import java.io.IOException; diff --git a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java index c73fd40..cf24471 100644 --- a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java +++ b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java @@ -38,7 +38,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements @Autowired AuthSecurityConfig authSecurityConfig; - +// Below Code is used for Spring 2.x @Override public void configure(HttpSecurity http) throws Exception { //permit all for anonymous access for public projects @@ -58,7 +58,6 @@ public void configure(HttpSecurity http) throws Exception { //filter only needed if not permitAll //http.addFilterAfter(corsFilter(), ExceptionTranslationFilter.class); authSecurityConfig.setAuthConfig(http); - } @Bean @@ -81,6 +80,11 @@ public void addCorsMappings(CorsRegistry registry) { .allowCredentials(true) .maxAge(3600L) .allowedOriginPatterns(allowedOrigins.split(",")); +// registry.addMapping("/**") +// .allowedOrigins("###") // Point this to your frontend's domain +// .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") +// .allowedHeaders("Authorization", "Content-Type", "Cache-Control") +// .allowCredentials(true); } private CorsFilter corsFilter() { @@ -105,3 +109,107 @@ public void configureContentNegotiation(ContentNegotiationConfigurer configurer) .defaultContentType(MediaType.APPLICATION_JSON); } } +//package org.openmbee.mms.example.config; +// +//import org.openmbee.mms.authenticator.config.AuthSecurityConfig; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.beans.factory.annotation.Value; +//import org.springframework.context.annotation.Bean; +//import org.springframework.context.annotation.Configuration; +//import org.springframework.http.MediaType; +//import org.springframework.scheduling.annotation.EnableAsync; +//import org.springframework.security.authentication.AuthenticationManager; +//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +//import org.springframework.security.config.annotation.web.builders.HttpSecurity; +//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +//import org.springframework.security.web.access.ExceptionTranslationFilter; +//import org.springframework.transaction.annotation.EnableTransactionManagement; +//import org.springframework.web.cors.CorsConfiguration; +//import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +//import org.springframework.web.filter.CorsFilter; +//import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer; +//import org.springframework.web.servlet.config.annotation.CorsRegistry; +//import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +//import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; +// +//import static org.springframework.http.HttpHeaders.*; +//import static org.springframework.http.HttpMethod.*; +// +//@Configuration +//@EnableWebSecurity +//@EnableGlobalMethodSecurity(prePostEnabled = true) +//@EnableTransactionManagement +//@EnableAsync +//public class SecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer { +// +// @Value("${cors.allowed.origins:*}") +// private String allowedOrigins; +// +// @Autowired +// AuthSecurityConfig authSecurityConfig; +// +// @Override +// public void configure(HttpSecurity http) throws Exception { +// http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().httpBasic(); +// http.headers().cacheControl(); +// http.addFilterAfter(corsFilter(), ExceptionTranslationFilter.class); +// authSecurityConfig.setAuthConfig(http); +// } +// +// @Bean +// public RequestMappingHandlerMapping useTrailingSlash() { +// RequestMappingHandlerMapping requestMappingHandlerMapping = new RequestMappingHandlerMapping(); +// requestMappingHandlerMapping.setUseTrailingSlashMatch(true); +// return requestMappingHandlerMapping; +// } +// +// @Bean +// @Override +// public AuthenticationManager authenticationManagerBean() throws Exception { +// return super.authenticationManagerBean(); +// } +// +// @Override +// public void addCorsMappings(CorsRegistry registry) { +// registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS"); +// } +// +// private CorsFilter corsFilter() { +// /* +// CORS requests are managed only if headers Origin and Access-Control-Request-Method are available on OPTIONS requests +// (this filter is simply ignored in other cases). +// This filter can be used as a replacement for the @Cors annotation. +// */ +// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); +// +// CorsConfiguration config = new CorsConfiguration(); +// config.setAllowCredentials(true); +//// for(String origin: allowedOrigins.split(",")) { +//// config.addAllowedOrigin(origin); +//// } +// config.addAllowedOrigin("###"); +// config.addAllowedOrigin("###"); +// config.addAllowedHeader(ORIGIN); +// config.addAllowedHeader(CONTENT_TYPE); +// config.addAllowedHeader(ACCEPT); +// config.addAllowedHeader(AUTHORIZATION); +// config.addAllowedMethod(GET); +// config.addAllowedMethod(PUT); +// config.addAllowedMethod(POST); +// config.addAllowedMethod(OPTIONS); +// config.addAllowedMethod(DELETE); +// config.addAllowedMethod(PATCH); +// config.setMaxAge(3600L); +// +// source.registerCorsConfiguration("/**", config); +// return new CorsFilter(source); +// } +// +// @Override +// public void configureContentNegotiation(ContentNegotiationConfigurer configurer) { +// configurer.favorParameter(false) +// .ignoreAcceptHeader(false) +// .defaultContentType(MediaType.APPLICATION_JSON); +// } +//} \ No newline at end of file diff --git a/src/main/resources/application.properties.example b/src/main/resources/application-local.properties similarity index 85% rename from src/main/resources/application.properties.example rename to src/main/resources/application-local.properties index 35dcc73..64486b3 100644 --- a/src/main/resources/application.properties.example +++ b/src/main/resources/application-local.properties @@ -4,10 +4,18 @@ mms.admin.username=test mms.admin.password=test mms.stream.batch.size=100000 +#change the server url +#spring.main.web-application-type=none +server.port=5000 + cors.allowed.origins=* # jwt issued by mms for logins via /authentication -jwt.secret=make_me_something_really_long +# jwt.secret=make_me_something_really_long +#grabbed from running the following command +# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" +#jwt.secret=d8448f7ad828fe0ed27fffd01059fec974464594fc832c5b50a0c9cdd073b8c8 +jwt.secret=f49cc83d269c46d93b39aa9eb40bdca4b44a5417efa5c7827e992724dc234c59 jwt.expiration=86400 jwt.header=Authorization @@ -29,7 +37,7 @@ ldap.group.search.filter=(&(objectClass=group)(uniqueMember={0})) # RDB config # if using mysql instead of postgres, comment and uncomment the corresponding properties -spring.datasource.url=jdbc:postgresql://localhost:5432 + spring.datasource.url=jdbc:postgresql://localhost:5432 #spring.datasource.url=jdbc:mysql://localhost:3306 spring.datasource.database=mms spring.datasource.username=mmsuser @@ -58,7 +66,7 @@ spring.mvc.pathmatch.matching-strategy=ant_path_matcher # Elasticsearch config elasticsearch.host=localhost elasticsearch.port=9200 -elasticsearch.http=http +elasticsearch.http=https elasticsearch.limit.result=10000 elasticsearch.limit.term=1000 elasticsearch.limit.scrollTimeout=1000 @@ -96,5 +104,8 @@ logbook.format.style=splunk # currently all /actuator/* endpoints require 'mmsadmin' authority, except for /actuator/health management.endpoints.web.exposure.include=* #management.endpoints.web.exposure.exclude=configprops,env -management.endpoint.health.show-details=when_authorized +# old value +# management.endpoint.health.show-details=when_authorized +management.endpoint.health.show-details=always management.endpoint.health.roles=mmsadmin + diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties new file mode 100644 index 0000000..c1b2ab4 --- /dev/null +++ b/src/main/resources/application-prod.properties @@ -0,0 +1,120 @@ +# Auth config +# local admin user will get created if doesn't exist +mms.admin.username=test +mms.admin.password=test +mms.stream.batch.size=100000 + +#change the server url +#spring.main.web-application-type=none +#server.address= +server.port=5000 +server.forward-headers-strategy=framework +#server.ssl.enabled=true +##server.ssl.key-alias=yourkeystorealias +#server.ssl.key-store=classpath:mms.p12 +#server.ssl.key-store-password=mms_password +#server.ssl.key-store-type=PKCS12 +#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration + +cors.allowed.origins=* + +# jwt issued by mms for logins via /authentication +# jwt.secret=make_me_something_really_long +#grabbed from running the following command +# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" +#jwt.secret=d8448f7ad828fe0ed27fffd01059fec974464594fc832c5b50a0c9cdd073b8c8 +jwt.secret=f49cc83d269c46d93b39aa9eb40bdca4b44a5417efa5c7827e992724dc234c59 +jwt.expiration=86400 +jwt.header=Authorization + +# LDAP config +ldap.provider.base=ou=personnel,dc=dir,dc=domain,dc=com +ldap.provider.url=ldaps://your-ldap.domain.com/${ldap.provider.base} +# user and pass to connect to ldap, can be empty if ldap server allows anonymous searches +ldap.provider.userdn= +ldap.provider.password= +# ldap user dn pattern, {0} will be replaced with username +ldap.user.dn.pattern=uid={0} +ldap.user.attributes.username=uid +ldap.user.attributes.email=mail +# attribute name of the group name +ldap.group.role.attribute=cn +# to find groups a user belongs to - search base and ldap search filter +ldap.group.search.base=ou=personnel,dc=dir,dc=domain,dc=com +ldap.group.search.filter=(&(objectClass=group)(uniqueMember={0})) + +# RDB config +# if using mysql instead of postgres, comment and uncomment the corresponding properties +spring.datasource.url=jdbc:postgresql://localhost:5432 +#spring.datasource.url=jdbc:mysql://localhost:3306 +spring.datasource.database=mms +spring.datasource.username=mmsuser +spring.datasource.password=test1234 +spring.datasource.driver-class-name=org.postgresql.Driver +#spring.datasource.driver-class-name=com.mysql.jdbc.Driver +spring.datasource.initialization-mode=never + +# specifies a prefix for the mms created project db +rdb.project.prefix=mms + +# The SQL dialect makes Hibernate generate better SQL for the chosen database +# comment and uncomment postgres/mysql as needed +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect +#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialect +#spring.jpa.properties.hibernate.dialect.storage_engine=innodb +# Hibernate ddl auto (create, create-drop, validate, update) +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.jpa.open-in-view=false + +spring.main.allow-bean-definition-overriding=true +spring.main.allow-circular-references=true +spring.mvc.pathmatch.matching-strategy=ant_path_matcher + +# Elasticsearch config +#elasticsearch.host=localhost +elasticsearch.host= +elasticsearch.port=9200 +elasticsearch.http=https +elasticsearch.limit.result=10000 +elasticsearch.limit.term=1000 +elasticsearch.limit.scrollTimeout=1000 +elasticsearch.limit.get=10000 +elasticsearch.limit.index=5000 +elasticsearch.limit.commit=100000 + +# s3 storage config for artifacts +s3.endpoint=http://localhost:9000 +s3.access_key=admintest +s3.secret_key=admintest +s3.region=somewhere +# optional if using minio +s3.bucket=mms + +# Swagger UI config https://springdoc.org/ +springdoc.swagger-ui.path=/v3/swagger-ui.html +springdoc.swagger-ui.operationsSorter=alpha +springdoc.swagger-ui.tagsSorter=alpha +springdoc.default-produces-media-type=application/json +springdoc.swagger-ui.displayOperationId=true + +# Logbook config https://github.com/zalando/logbook +logging.level.org.zalando.logbook=TRACE +logbook.filter.form-request-mode=off +# exclude swagger ui and actuator +logbook.exclude=/v3/**,/actuator/** +#logbook.write.max-body-size=-1 +logbook.strategy=without-body +# style can be splunk|http|json|curl +logbook.format.style=splunk + +# https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html +# https://www.baeldung.com/spring-boot-health-indicators +# currently all /actuator/* endpoints require 'mmsadmin' authority, except for /actuator/health +management.endpoints.web.exposure.include=* +#management.endpoints.web.exposure.exclude=configprops,env +# old value +# management.endpoint.health.show-details=when_authorized +management.endpoint.health.show-details=always +management.endpoint.health.roles=mmsadmin + diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties new file mode 100644 index 0000000..c5acb85 --- /dev/null +++ b/src/main/resources/application.properties @@ -0,0 +1,228 @@ +## Auth config +## local admin user will get created if doesn't exist +#mms.admin.username=test +#mms.admin.password=test +#mms.stream.batch.size=100000 +# +##hostnames for services +elasticsearch.host=localhost +#elasticsearch.host=openmbee-elasticsearch.openmbee.svc.cluster.local + spring.datasource.url=jdbc:postgresql://localhost:5432 +#spring.datasource.url=jdbc:postgresql://postgres.openmbee.svc.cluster.local:5432 +# +#change the server url +#spring.main.web-application-type=none +#server.port=5000 +#server.forward-headers-strategy=framework +#server.ssl.enabled=true +###server.ssl.key-alias=yourkeystorealias +#server.ssl.key-store=classpath:mms.p12 +#server.ssl.key-store-password=mms_password +#server.ssl.key-store-type=PKCS12 +#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration +cors.allowed.origins=* +#server.port=5000 +#server.forward-headers-strategy=framework +server.ssl.enabled=true +##server.ssl.key-alias=yourkeystorealias +server.ssl.key-store=classpath:mms.p12 +server.ssl.key-store-password=mms_password +server.ssl.key-store-type=PKCS12 + +# +## jwt issued by mms for logins via /authentication +## jwt.secret=make_me_something_really_long +##grabbed from running the following command +## node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" +##jwt.secret=d8448f7ad828fe0ed27fffd01059fec974464594fc832c5b50a0c9cdd073b8c8 +#jwt.secret=f49cc83d269c46d93b39aa9eb40bdca4b44a5417efa5c7827e992724dc234c59 +#jwt.expiration=86400 +#jwt.header=Authorization +# +## LDAP config +#ldap.provider.base=ou=personnel,dc=dir,dc=domain,dc=com +#ldap.provider.url=ldaps://your-ldap.domain.com/${ldap.provider.base} +## user and pass to connect to ldap, can be empty if ldap server allows anonymous searches +#ldap.provider.userdn= +#ldap.provider.password= +## ldap user dn pattern, {0} will be replaced with username +#ldap.user.dn.pattern=uid={0} +#ldap.user.attributes.username=uid +#ldap.user.attributes.email=mail +## attribute name of the group name +#ldap.group.role.attribute=cn +## to find groups a user belongs to - search base and ldap search filter +#ldap.group.search.base=ou=personnel,dc=dir,dc=domain,dc=com +#ldap.group.search.filter=(&(objectClass=group)(uniqueMember={0})) +# +## RDB config +## if using mysql instead of postgres, comment and uncomment the corresponding properties +### spring.datasource.url=jdbc:postgresql://localhost:5432\ +##spring.datasource.url=jdbc:mysql://localhost:3306 +#spring.datasource.database=mms +#spring.datasource.username=mmsuser +#spring.datasource.password=test1234 +#spring.datasource.driver-class-name=org.postgresql.Driver +##spring.datasource.driver-class-name=com.mysql.jdbc.Driver +#spring.datasource.initialization-mode=never +# +## specifies a prefix for the mms created project db +#rdb.project.prefix=mms +# +## The SQL dialect makes Hibernate generate better SQL for the chosen database +## comment and uncomment postgres/mysql as needed +#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect +##spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialect +##spring.jpa.properties.hibernate.dialect.storage_engine=innodb +## Hibernate ddl auto (create, create-drop, validate, update) +#spring.jpa.hibernate.ddl-auto=update +#spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +#spring.jpa.open-in-view=false +# +#spring.main.allow-bean-definition-overriding=true +#spring.main.allow-circular-references=true +#spring.mvc.pathmatch.matching-strategy=ant_path_matcher +# +### Elasticsearch config +###elasticsearch.host=localhost +##elasticsearch.host= +#elasticsearch.port=9200 +#elasticsearch.http=https +#elasticsearch.limit.result=10000 +#elasticsearch.limit.term=1000 +#elasticsearch.limit.scrollTimeout=1000 +#elasticsearch.limit.get=10000 +#elasticsearch.limit.index=5000 +#elasticsearch.limit.commit=100000 +# +## s3 storage config for artifacts +#s3.endpoint=http://localhost:9000 +#s3.access_key=admintest +#s3.secret_key=admintest +#s3.region=somewhere +## optional if using minio +#s3.bucket=mms +# +## Swagger UI config https://springdoc.org/ +#springdoc.swagger-ui.path=/v3/swagger-ui.html +#springdoc.swagger-ui.operationsSorter=alpha +#springdoc.swagger-ui.tagsSorter=alpha +#springdoc.default-produces-media-type=application/json +#springdoc.swagger-ui.displayOperationId=true +# +## Logbook config https://github.com/zalando/logbook +#logging.level.org.zalando.logbook=TRACE +#logbook.filter.form-request-mode=off +## exclude swagger ui and actuator +#logbook.exclude=/v3/**,/actuator/** +##logbook.write.max-body-size=-1 +#logbook.strategy=without-body +## style can be splunk|http|json|curl +#logbook.format.style=splunk +# +## https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html +## https://www.baeldung.com/spring-boot-health-indicators +## currently all /actuator/* endpoints require 'mmsadmin' authority, except for /actuator/health +#management.endpoints.web.exposure.include=* +##management.endpoints.web.exposure.exclude=configprops,env +## old value +## management.endpoint.health.show-details=when_authorized +#management.endpoint.health.show-details=always +#management.endpoint.health.roles=mmsadmin +# +# See authenticator module for example configuration +mms.admin.username=test +mms.admin.password=test +mms.stream.batch.size=10000 + +jwt.secret=12345678901234567890123456789012 +jwt.expiration=86400 +jwt.header=Authorization + +rdb.project.prefix=mms + +# See ldap module for example configuration +ldap.provider.base=ou=something,dc=openmbee,dc=org +ldap.provider.url=ldaps://ldap.openmbee.org/${ldap.provider.base} +ldap.provider.userdn= +ldap.provider.password= +ldap.user.dn.pattern=uid={0} +ldap.user.attributes.username= +ldap.user.attributes.email= +ldap.group.role.attribute=cn +ldap.group.search.base= +ldap.group.search.filter=uniqueMember={0} + +# See core module for example configuration +#spring.datasource.url=jdbc:postgresql://postgres:5432 +#spring.datasource.url=jdbc:mysql://localhost:3306 +spring.datasource.database=mms +spring.datasource.username=mmsuser +spring.datasource.password=test1234 +spring.datasource.driver-class-name=org.postgresql.Driver +#spring.datasource.driver-class-name=com.mysql.jdbc.Driver +spring.datasource.initialization-mode=never + +# The SQL dialect makes Hibernate generate better SQL for the chosen database +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect +#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialect +#spring.jpa.properties.hibernate.dialect.storage_engine=innodb + +# Hibernate ddl auto (create, create-drop, validate, update) +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.jpa.open-in-view=false + +spring.main.allow-bean-definition-overriding=true +spring.main.allow-circular-references=true +spring.mvc.pathmatch.matching-strategy=ant_path_matcher + +#Configuration for Elasticsearch +#elasticsearch.host=elasticsearch +elasticsearch.port=9200 +elasticsearch.http=https +elasticsearch.index.element=mms +elasticsearch.limit.insert=80 +elasticsearch.limit.result=10000 +elasticsearch.limit.term=1000 +elasticsearch.limit.scrollTimeout=1000 +elasticsearch.limit.get=10000 +elasticsearch.limit.index=5000 + +#Configuration for TWC +#port is for REST interface +#aliases are for clustered usages +twc.instances[0].url=dev-twc-03.domain.com +twc.instances[0].protocol=https +twc.instances[0].port=8111 +twc.instances[0].aliases[0]=dev-twc-02.domain.com +twc.instances[0].aliases[1]=dev-twc-01.domain.com + +s3.endpoint=http://minio:9000 +s3.access_key=admintest +s3.secret_key=admintest +s3.region=somewhere + +springdoc.swagger-ui.path=/v3/swagger-ui.html +#For sorting endpoints alphabetically +springdoc.swagger-ui.operationsSorter=alpha +#For sorting tags alphabetically +springdoc.swagger-ui.tagsSorter=alpha +springdoc.default-produces-media-type=application/json +springdoc.swagger-ui.displayOperationId=true + +logging.level.org.zalando.logbook=TRACE +logbook.filter.form-request-mode=off +#exclude swagger ui and actuator +logbook.strategy=without-body +logbook.exclude=/v3/**,/actuator/** +#logbook.write.max-body-size=-1 +#splunk|http|json|curl +logbook.format.style=splunk + +# https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html +# https://www.baeldung.com/spring-boot-health-indicators +management.endpoints.web.exposure.include=* +#management.endpoints.web.exposure.exclude=configprops,env +management.endpoint.health.show-details=when_authorized +management.endpoint.health.roles=mmsadmin diff --git a/src/main/resources/cert_base64.txt b/src/main/resources/cert_base64.txt new file mode 100644 index 0000000..e928f36 --- /dev/null +++ b/src/main/resources/cert_base64.txt @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUY0ekNDQTh1Z0F3SUJBZ0lVUTZtcFlvcUJ3cE9HOTJCMndNb0txMlVOeUZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZQXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1SWXdGQVlEVlFRSwpEQTFWTGxNZ1IyOTJaWEp0Wlc1ME1Rd3dDZ1lEVlFRTERBTkViMFF4TmpBMEJnTlZCQU1NTFc5d1pXNXRZbVZsCkxtRndjSE11WVhKbGJtRXRkMjl5YTNOd1lXTmxMbTVoZG1GcGNpNXVZWFo1TG0xcGJEQWVGdzB5TXpBNU1qWXcKTkRReE16RmFGdzB5TkRBNU1qVXdORFF4TXpGYU1JR0FNUXN3Q1FZRFZRUUdFd0pCVlRFVE1CRUdBMVVFQ0F3SwpVMjl0WlMxVGRHRjBaVEVXTUJRR0ExVUVDZ3dOVlM1VElFZHZkbVZ5YldWdWRERU1NQW9HQTFVRUN3d0RSRzlFCk1UWXdOQVlEVlFRRERDMXZjR1Z1YldKbFpTNWhjSEJ6TG1GeVpXNWhMWGR2Y210emNHRmpaUzV1WVhaaGFYSXUKYm1GMmVTNXRhV3d3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQ29CcWsxdXlxUwpnVStVd1phaUVqY3BxUFhaWUEwZUpMbWZHUVM4SWJ1WlJzUSswUkpuY3FLQWVEbklzVzRyazZ0cjVhSENxNC8vCmJoOXJGVmZ4TlV3NWlDRVc3MTJuUUFoWWZ4Z0dEeUxXY2s2OC9Hd0l2OEdsWG0ya3ZzL1BFMlRUeENBY1dEdEgKcXZjcDBlcFdQS0M3by81MHQ2dm5jWlpHWWVzeUx3K1A2TEdGbFNsTUtZMEY0aVMxQ0o1VVh1TnpVQVVKMFE0RgpXMFFRTEU5dXFHNlFPcFdoNWhmc1VxUW14TUhxN2lib0xMWkJuVUd2cnpIOTFsd2RSdGxJMjI4L2QyYW9VUGtHCkR3clgreTQ3Zi9JSElCL1plbUd0UmRYSzlraTF3cGN3Y2pWR085YmxFVVgrTDh6dm84ZFJ3Q3hDZkcxUml4cW0KWTZxY2M2REgzRXIwVElIbC92UHBxUGR0bEtsZTRxKzU0YTFiY0hjN0hoS3hldjhJU0xZQ0JjM1FGcGE2R2dQcgo4cFV4WVhRTy85cWZnaGFmcWJHQTB0NVdHYjlGNGdta2pDVGNId3cyakx3NWowZW11UXRXQ2lVcUVRbGk0R3JZCmM0UGpNSElBUC9NVnNjd3ltYWhOd0l5SWJ1Mkt1K0JtNUh3UFNmaXloOXlMM3krZ2hFbUk3UVFHZ2tUdDBuNWQKc1Y3S2g4N2owdSt4WGZuSVIzWGV6NW5kTnRUS0IwaDYzWGVyelQ4MHFNSVNoYWV6VTEwS1ZNeWIrMUpBU3ZCRApqTFZLM1l5a2RnM3Rqcm1kUFkvcTR2TnFMMjdMSit1V05tWGFTb2x4OVlqN3JzNFpvVktpV1VHQ3kxYzFsQ2ZICjUrTXV0VWplSmY5bWhxUk1rSGk3NUVoL21oL0dJcW95Z1FJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVVM4S0QKSVo5M09HY2xRbjZaTlpkTGU5bW5HTW93SHdZRFZSMGpCQmd3Rm9BVVM4S0RJWjkzT0djbFFuNlpOWmRMZTltbgpHTW93RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBZXlGUHlDVGtHY1pNCnEwbHlLWnRrZkZvWDl5NW1pZ1FKRC82YkR4NjRwS3lXZmpCcTIxUzBiYlh2Y3JTVTh2Z1NtbzRnOTdWK05YQW4KZVhuRzMxcGxmaGZjVHNPS3ZzS0lQeHl0VUdSMTVPNERCUXdHbnlCcnc4Tkw5d1RxNkkxR09MNUVZazVIQVZpKwpKaDVpZXg3U2J2K0txVE8rbFA3ekdqelVoMEowSURSSlpFYW5xU2EvU29lUEdjUXZoeFBBanU5SXoyeTdBcGZGCmNsWE5ra1RHdC83ZE9KUXl5SGMrRTZTd1N2TGhXMXBlaWxmb3VVbUZpTjRZd1F1U3V2RmdSdTVGdWFoTGxkUTkKbnArNmVaRVJsR0JpWmlpV2xtUWJHS0hHTllKV1VWRGU2S1NGSUo3Y2Vub3NFcDdzNllwSUlEcHVIbnhNUEJYQQpPangzMnEvSHdzUU00UzhxTUprS05mZ3A5eUlqV3ppOHpjZVUwWFNla01mUG5VNjNxYVlJTHYwSXJ2QUM2a2NtCjdQYXBPOElTaVE5UGhqL3d4VENnMTAvTkttVVRMNXJleFJHM0NyWFJOSUN5UG55dGowNWZwK0tLcHdWWUhWcmYKNjNsZnl3MzFiWjhZVFQvR29BTEZKUW1qZW82ZWNpK1doQkFYaDdFS3FMTVlJL1ZWUG1HRWc4a2tpM2V2bklZUApsYVVkN0FzOVc5Y2kwTTk2QUlzZEdNdmlCeTRJYTBKQ1I2MHZTaGhxV1ZLOXRRTEVVQnNZT2xzV01iWDFLR3R1CkF6YVZTYXFRZktsVmRoZFdQSm5sMlMwUmRvOXpUQitMY1JqUWhLYnVabXUwTmIvdTNhNms5TnpsVkJibmhRdU8Kbmxhc0lSVFBDK1l2Y2o1RjdYQ0FQNW9aV1FEZmFjcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/src/main/resources/key_base64.txt b/src/main/resources/key_base64.txt new file mode 100644 index 0000000..5b2c47c --- /dev/null +++ b/src/main/resources/key_base64.txt @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUlKbkRCT0Jna3Foa2lHOXcwQkJRMHdRVEFwQmdrcWhraUc5dzBCQlF3d0hBUUl4UDV1WllhSzFsRUNBZ2dBCk1Bd0dDQ3FHU0liM0RRSUpCUUF3RkFZSUtvWklodmNOQXdjRUNHN2VJcHJNT1VVU0JJSUpTQzR0dFYxT0kyMnMKSmdmc2xxbzVOZjN5ZjJnK1VRcEdaMTVCZmU2b2xRbGdGRG01MENBYXM1cGxSR0tlRHZqdWh4ZG5xTVE2Vk5qbgo4K3JNUkhKLzJidFROUzJXeVlUYmIvdFNaRHF4MnZCUHMrNlBRR3pCaFRkNDRZN3BrRG1nUEZNUHdJOEZBSlhNCkxJNnlYZkh3QTcwdE9nM1MyRmVqLzBGcmFlUFdJSWxhb21RdVFNZjRXYzF4TTNHalJTa0MvTXNrdURzRlZCT0wKUWxXNSt4dlZINTQzdXZCT2UrbjBDSTRzUi9laDJ5TUtiQnFJMkU5WVpITUtUd2g5SU1NTHg1UnpFcXkrZll2TgpkMGtFUE8vWjhSU0djTGRrUUJUdUkrNFNzcG9iMEdrQUtPWXVNOURCbS9WTmxTcm5ndkdjeC82R1JJNW5QNU4zCm5kNE80c2NMQTJoZk51NmlPVllSeGpEOVhGS0pndGVPN3cvU2JVUU1OU0REN3MrLzArTDNUb3lVVlE3aDY4NUkKbjlManZkZTZtOHVnQ2tzeDhjS2R1SkNZUUJqYUh0MW1iY2V0dlNXUk1SZHJGeUFha0tzYU02azVOK00veTRBNQphWExtWEszRHg4RENtUmtrMWJ3a2c2ZnNxWVdnTU5TZ0tiM0M4Ym1Fajh1c3BHQjRKdGVTVUVHUFJEMHN4YlZXClhzeVlJMmo4MWpBV0loSXVqZzJCWURnakNQVDl4N3lSWFdOR2t1a01BSElTM2I0VEhTU1RHR2NRenUybHdLRXcKWGJwdEtucjI4UENoUkJ3Mm1qM1UvQmlJTnVvYk1UQzkwaWp4S3BEdHg3SS8rNG93MEdvTGZ3V2lyTzVtUVkxMQoxcXFzdjJOandYdlIyOUpRVTBPeGVYSnN2VklWdkxNYXoyZTAwODY2UERreGdBek9VaEM1bC9uYU01dUczRlBZClB3cGJyR2FzVWR6aDFDdmJkK2w5Z0ZsY0k3SElXcVZndU1udDJkWVkvRHhRMW1JdmYvejVxOEtiSm9JVTFhQmkKdGE4WUFYMDNXdzZVRGErd0VwR1pQbUc0aHFsM0xFTTZoYnpsU29KVjlTV0pSb1hvTWFub3V6bHJBdVBDUWlKbQpGeFZqRmRXNXM5MzJqWC8rU3hrWUlvaTlkZHh1L0gwblIxMUFDMksxRlFlQzZkMk1JbDRYdGVBMTV0VlJGblFmCnR1NkZXVU1lVnZWMWQ0cnBpMjFDM0JubDVwYmZoSHIrcDFwMVVjc2k0bzIyVUl0c21IUG12L0dUK2xvZFh6Sy8KY2htKzhaam1VT1JnMjJoVmxRZDg3NUo4dFRKbklDelRYWmxiWXNUdTczeFFhSFJLTm15YVZyNkxncXZwRXErdwozeHZaNFJuNFFhNTJwUlF2bURVWXVrOURneTdSUXh1U3JCRWRTNGc5SVN0VkUzeTEwOXk2L05oS21raUpTNWhUCjBVeGc1S3JZekowUXJZNks4RU1DUG9VSFBaZ3RYRmNkUDFpbkQvajNSNlFqdGFQL25yYXhBeThOcnVIYlFoREMKOTJtcDluZU5hN3c0Q1VIN0lFOWhTTU9VWkpQZnRZWUpxY0V4ekY2MmdvSlZBTGh3WkdySC9NWk1MRnhYbW91eApwZk94KzQ3ZUpCOGtKUDJZVGRLL2g0cVpjcUNMeGxTNUt2RmdHT0ttUVpCNThZMEt5MHNqc0crZ3lYRXNicFhJCjY3ZFRvemExR0pnWVJONzAxcUlyUWxQMk1uS3lKUmc0UEdhV2RrTTNUMGl2eHZ5akNtZXdWRHNsUXZ5SDN1OGoKeGhFSHFSTjYvaFl0aFA1cnV3YXBvcVhMeEpnRzJuTGhwT2pCZjB4Y3dMV3U5T0ZMY08zMmlQS1hvdXg3M2VMOQpucC9qTzlmVisyZnl4Y2tVd21zUlVHSE4rUHh1QklGVUpoUGZFT3FnV3hMb3orUmZhQ0dWZnJOUHJONkYvSXpYCkI1YSs4dFBuY05wUW5QK1dsVFFYMDAwSnNVM29vckJVVThVV2RpTll4Vm1hZGloMWtib1owODBEUEZPWUtlaGcKcURsQ2sxV3o4WDVuMk1wQy8wVmxSTFVyMWRHMEhNNVZCMEVlZFF0UVF6RDd6NlUvYjQ5TUw5SmZtOHg2YWUrTQpBbFc0OEQ5TmtqeWtmemdBUGhVa2lxNVdSWEt1RXBNcStDSUtsb09RblVKS0pYTEJndWZpS3pBV2R5VHh1QmI3CkNzMzlDVGR0bmllREI2eEl0Y2txaWdpc21oV1dhYWhpb2Vtbk9hNm9NOENlVnZ0a01zb3RXSDBTdGZwK3NOY3QKQUFOVjV6dEY2SlYwTWh3T1REZlhmK2wxdFZkUlA5c0tUb1QwYnIweFJIcDQvdXRhajlKTTBFa1NKOGFBYlVicQpDZXhXc2JwZEFWL0E2cXltaTJ4c1RmNlhKcitienRqaXpNVURuc1NrdXJWNk9jaXkybmxyZC9tb3VrcVFLb2NBCjFDV0xORWo1d2pxVDBOdnpsRXNYVEk1czU3VFZNYVc1SG5ReC84LzNjb01aQVlkSEZjVEJoaDlGVWVNbnlFVUkKWnRaL1VYY0lPY1A0cVlNT3R6Q2RGNE56b0xzMUgxekxDd0ozV3NpMFBSOTR2dUhaUkI0a0xSL0syNGZ6UHBOVApnZEJENCtiT0Jwdjl0TTU4NE5QVHc4R3VJZ3JIOTZqMzgydUx6U3dZeGtnNlBtNWp0WnZXb0xuMm9VeEt6OVh4CmdFRENWTUZIbUdNRHZSekhwOENXV2MwQUlobmo1Z3FteVRwbFc0dGh4MmN1N0pTSStLOUxxOXR6VkRwdzR3djgKc2hxKzZqUHBKNlNlbmIwaFhHYkYrd25SM3ZFbTRvWHFwK3NPUGh2RDdLQkMyWHBQdXkzeTdDUUl5S0V1aXFYUwpWNDRWQVFWWVc2cjNpQWtaYXNLL1hRZnZ4WXJVK2VOWTBORDY2SERXVXAyR05kOVhSRGpTR0lYd05OL0R2N0NvCitJSlpmRlloYmhXazN0OVZaQnUvWDk0MzdKZmRhdFV0b3F2NVY1c2pwZGp5RzUzc04wd21BZXo2R1dsWmwxK2oKR3NZeUxCUjNDbko0K09aNDRBZTBtZVhoaXYwVEUvZUNKQi91UGttb0hVRFhHbEJJVU1wVjVyWWkxWEJBYWxqUwpUcEFuY0RuaTJiZGF3cWJkc254WHl4anBoKzJHendOZDRCbmRoNEx5elZCL0o0U1E2ckRGY2tEWjE4Q25vOXEzCnc4WkZJVUIrOG13emdJSXJBb0t5NWwwWHI1LzhwOUpNeHpYaGNPdnM1dVRtTFppNjVsVUdnc2xsMzNhc1JxWDAKa085S3R1UUppL3JqYm5lbTMxRVZ4NkZtOWlYdXVIRXV5Qm11N1R1OXhsRDNzQTRraUw5Z3NYTWpIUHZ5ZzdnYQovOUlTbUJoOVlyRnlnVlpCb2hhemVDL1JTNmtvRWw5TkkxNzVkTThNRklraG91Y2UrUDE3U3VNakc5azBqODBUCkdrTnhiWHdHZ0NEUU5HbjBWYXZyNmlaKzJjR2pXdEUrUWpJS0JNS09EYXRVcGh5b2h3aTdoZWVpTlJGUGdDQ3QKVC9ZZjJpcTQ5bWtFSTF3MXZ3S05CcjdYN09kVWYzR0pLNDZodU1TblFVcjljcm1DUW9PdXJQd21FUXQ3Q1RTTwpaSWVxc21NMlNOcDQ0S1dyaWx6V2wvNnJWTWlReGlGSHZTMGV6T0dPQlZIUG4rV0d6bUhTYWI0ZytNa1BkZk5rCllpVHI3cUwvTE1zdHlHSW5IYnVSd2JJbE5CelRZdWRzbWZPaTFPUnhSdzlyc2RRQ0hSK2s3ckd0UUJIK3BUTWkKY0lwUG1OQk5pWVZaS3JqaU0yYnZEL3ozUW1YeFZPWVBvZ1FjbGNEOUlPdmxyOE9UMm1PcTlvbVJtdmhVQWNkVApyNkk5Mzd0bTRyQkZra2ZHc0Y1cVNBbU84aDUrd3Y0MnJoMmgzMWJSeDlCWmtiZFgxU3dqcXZFQkNPR1ZNWkVLCmc1UVp0bC9jN1hYSzh0T01pQzB3V3lxb1EweDJmZk5VdjJXMlBmWkRBUGRnaGdqYmMwNDB2WTJnNXk3dkQyWkMKMjBISTA2TFJyY3UzL3BZbXBhcjBFQmVwNTIwdE5wQzZPSTN5RGZZRjl4cjlpM0tVeGFRU29WTEFwamI4SzAxNApKdnpiSEFua1F0TzFybitrdkdDUmpBPT0KLS0tLS1FTkQgRU5DUllQVEVEIFBSSVZBVEUgS0VZLS0tLS0K diff --git a/src/main/resources/mms.p12 b/src/main/resources/mms.p12 new file mode 100644 index 0000000..56ad7d4 Binary files /dev/null and b/src/main/resources/mms.p12 differ