From 6102b81b41b5b575ed1212eceb1f33294911d49f Mon Sep 17 00:00:00 2001 From: "brandon.j.arnold20" Date: Thu, 7 Dec 2023 15:20:45 -0500 Subject: [PATCH 1/7] Cleaned up code and removed ip addresses --- .circleci/config.yml | 89 ++++ .editorconfig | 19 + .github/FUNDING.yml | 1 + .github/codeql.yml | 3 + .github/workflows/codeql.yml | 48 ++ .gitignore | 16 +- .gitlab-ci.yml | 81 +++ .lgtm.yml | 6 + Dockerfile | 143 +++++- Notes.MD | 463 ++++++++++++++++++ README.md | 154 ++++++ README.rst | 91 ++-- appsettings.json | 9 + build.gradle | 9 + certs.sh | 4 + docker-compose.yml | 57 ++- docker-services-compose.yml | 2 + docs/deployment.rst | 17 + docs/modules/artifacts.rst | 1 + docs/modules/authenticator.rst | 1 + docs/modules/cameo.rst | 1 + docs/modules/core.rst | 1 + docs/modules/crud.rst | 1 + docs/modules/data.rst | 1 + docs/modules/elastic.rst | 1 + docs/modules/groups.rst | 1 + docs/modules/index.rst | 14 + docs/modules/json.rst | 1 + docs/modules/jupyter.rst | 1 + docs/modules/ldap.rst | 1 + docs/modules/localuser.rst | 1 + docs/modules/permissions.rst | 1 + docs/modules/rdb.rst | 1 + docs/modules/search.rst | 1 + docs/modules/storage.rst | 1 + docs/modules/twc.rst | 1 + docs/modules/webhooks.rst | 1 + docs/quickstart.rst | 69 +++ download_certificates.sh | 27 + .../src/main/resources/application.properties | 89 ++++ gradle/wrapper/gradle-wrapper.properties | 3 + openshift-resources/dev/build.yml | 63 +++ openshift-resources/dev/deployment.yml | 71 +++ .../dev/elastic-search-service.yml | 0 openshift-resources/dev/pipeline.yml | 17 + openshift-resources/dev/psql-deployment.yml | 39 ++ openshift-resources/dev/psql-pvc.yml | 11 + openshift-resources/dev/psql-service.yml | 13 + openshift-resources/dev/route.yml | 0 openshift-resources/dev/service.yml | 14 + .../elasticsearch-deployment.yaml | 43 ++ .../kompose-output/elasticsearch-service.yaml | 23 + .../kompose-output/minio-deployment.yaml | 45 ++ .../kompose-output/minio-service.yaml | 20 + .../openmbee-mms-deployment.yaml | 41 ++ .../kompose-output/openmbee-mms-service.yaml | 20 + .../kompose-output/postgres-deployment.yaml | 44 ++ .../kompose-output/postgres-service.yaml | 20 + ...ploymentconfig-openmbee-elasticsearch.yaml | 234 +++++++++ .../deploymentconfig-openmbee-mms.yaml | 237 +++++++++ .../deploymentconfig-openmbee-ve (4).yaml | 195 ++++++++ .../deploymentconfig-postgres.yaml | 228 +++++++++ .../persistentvolumeclaim-postgres.yaml | 73 +++ .../routes/route-mbee-mms.yaml | 58 +++ .../routes/route-mbee-ve.yaml | 58 +++ .../secrets/secret-my-tls-secret.yaml | 26 + .../secret-nexus-repo-docker-registry.yaml | 23 + .../secrets/secret-postgres.yaml | 22 + .../services/service-minio.yaml | 60 +++ .../service-openmbee-elasticsearch.yaml | 57 +++ .../services/service-openmbee-mms.yaml | 53 ++ .../services/service-openmbee-ve-svc.yaml | 53 ++ .../services/service-postgres.yaml | 53 ++ .../mms/mmsri/config/LoggingFilter.java | 51 ++ .../mms/mmsri/config/SecurityConfig.java | 112 ++++- ...s.example => application-local.properties} | 19 +- .../resources/application-prod.properties | 120 +++++ src/main/resources/application.properties | 228 +++++++++ src/main/resources/cert_base64.txt | 1 + src/main/resources/key_base64.txt | 1 + src/main/resources/mms.p12 | Bin 0 -> 2742 bytes 81 files changed, 3800 insertions(+), 78 deletions(-) create mode 100644 .circleci/config.yml create mode 100644 .editorconfig create mode 100644 .github/FUNDING.yml create mode 100644 .github/codeql.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .gitlab-ci.yml create mode 100644 .lgtm.yml create mode 100644 Notes.MD create mode 100644 README.md create mode 100644 appsettings.json create mode 100644 certs.sh create mode 100644 docs/deployment.rst create mode 100644 docs/modules/artifacts.rst create mode 100644 docs/modules/authenticator.rst create mode 100644 docs/modules/cameo.rst create mode 100644 docs/modules/core.rst create mode 100644 docs/modules/crud.rst create mode 100644 docs/modules/data.rst create mode 100644 docs/modules/elastic.rst create mode 100644 docs/modules/groups.rst create mode 100644 docs/modules/index.rst create mode 100644 docs/modules/json.rst create mode 100644 docs/modules/jupyter.rst create mode 100644 docs/modules/ldap.rst create mode 100644 docs/modules/localuser.rst create mode 100644 docs/modules/permissions.rst create mode 100644 docs/modules/rdb.rst create mode 100644 docs/modules/search.rst create mode 100644 docs/modules/storage.rst create mode 100644 docs/modules/twc.rst create mode 100644 docs/modules/webhooks.rst create mode 100644 docs/quickstart.rst create mode 100644 download_certificates.sh create mode 100644 example/src/main/resources/application.properties create mode 100644 openshift-resources/dev/build.yml create mode 100644 openshift-resources/dev/deployment.yml create mode 100644 openshift-resources/dev/elastic-search-service.yml create mode 100644 openshift-resources/dev/pipeline.yml create mode 100644 openshift-resources/dev/psql-deployment.yml create mode 100644 openshift-resources/dev/psql-pvc.yml create mode 100644 openshift-resources/dev/psql-service.yml create mode 100644 openshift-resources/dev/route.yml create mode 100644 openshift-resources/dev/service.yml create mode 100644 openshift-resources/kompose-output/elasticsearch-deployment.yaml create mode 100644 openshift-resources/kompose-output/elasticsearch-service.yaml create mode 100644 openshift-resources/kompose-output/minio-deployment.yaml create mode 100644 openshift-resources/kompose-output/minio-service.yaml create mode 100644 openshift-resources/kompose-output/openmbee-mms-deployment.yaml create mode 100644 openshift-resources/kompose-output/openmbee-mms-service.yaml create mode 100644 openshift-resources/kompose-output/postgres-deployment.yaml create mode 100644 openshift-resources/kompose-output/postgres-service.yaml create mode 100644 openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml create mode 100644 openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml create mode 100644 openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml create mode 100644 openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml create mode 100644 openshift-resources/openshift-output/persistent-volumes/persistentvolumeclaim-postgres.yaml create mode 100644 openshift-resources/openshift-output/routes/route-mbee-mms.yaml create mode 100644 openshift-resources/openshift-output/routes/route-mbee-ve.yaml create mode 100644 openshift-resources/openshift-output/secrets/secret-my-tls-secret.yaml create mode 100644 openshift-resources/openshift-output/secrets/secret-nexus-repo-docker-registry.yaml create mode 100644 openshift-resources/openshift-output/secrets/secret-postgres.yaml create mode 100644 openshift-resources/openshift-output/services/service-minio.yaml create mode 100644 openshift-resources/openshift-output/services/service-openmbee-elasticsearch.yaml create mode 100644 openshift-resources/openshift-output/services/service-openmbee-mms.yaml create mode 100644 openshift-resources/openshift-output/services/service-openmbee-ve-svc.yaml create mode 100644 openshift-resources/openshift-output/services/service-postgres.yaml rename src/main/resources/{application.properties.example => application-local.properties} (85%) create mode 100644 src/main/resources/application-prod.properties create mode 100644 src/main/resources/application.properties create mode 100644 src/main/resources/cert_base64.txt create mode 100644 src/main/resources/key_base64.txt create mode 100644 src/main/resources/mms.p12 diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..9ec19d8 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,89 @@ +version: 2.1 +orbs: + docker: circleci/docker@2.1.1 +executors: + openjdk_executor: + docker: + - image: cimg/openjdk:17.0.3 + environment: + _JAVA_OPTIONS: "-Xmx3g" + GRADLE_OPTS: "-Dorg.gradle.daemon=false" + +jobs: + build_and_test: + executor: + name: docker/docker + working_directory: /home/circleci/mms + steps: + - checkout + + - setup_remote_docker + + - run: + name: "Create and start all services from the docker-compose configuration" + command: | + cp example/src/main/resources/application.properties.example ./example/src/main/resources/application.properties + docker-compose up --build -d + docker run --network container:mms curlimages/curl --retry 8 --retry-delay 10 --retry-max-time 90 --retry-connrefused http://mms:8080/healthcheck + + - run: + name: "Run and test Postman Collection" + command: | + docker create -v /etc/newman --name mms_test_configs alpine:3.4 /bin/true + docker cp example/. mms_test_configs:/etc/newman + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run crud.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run cameo.postman_collection.json -e test-env.json --delay-request 1000 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run jupyter.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run localauth.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run permissions.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run search.postman_collection.json -e test-env.json --delay-request 1000 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run artifacts.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run elastic.postman_collection.json -e test-env.json --delay-request 500 + docker run --volumes-from mms_test_configs --network container:mms -t postman/newman run groups.postman_collection.json -e test-env.json --delay-request 500 + + - persist_to_workspace: + root: /home/circleci/ + paths: + - mms/* + + deploy_snapshot: + executor: openjdk_executor + working_directory: /home/circleci/mms + steps: + - attach_workspace: + at: ~/ + - run: + name: Deploy snapshot to sonatype + command: ./gradlew -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PsigningKey="$SIGNING_KEY" -PsigningPassword=$SIGNING_PASSWORD publish + deploy_release: + executor: openjdk_executor + working_directory: /home/circleci/mms + steps: + - attach_workspace: + at: ~/ + - run: + name: Deploy release to sonatype + command: ./gradlew -PbuildNumber=$CIRCLE_BUILD_NUM -PbuildTag=$CIRCLE_TAG -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PsigningKey="$SIGNING_KEY" -PsigningPassword=$SIGNING_PASSWORD --info --stacktrace publish + +workflows: + version: 2 + build-test-deploy: + jobs: + - build_and_test: + filters: + tags: + only: /[0-9.]+(-(a|b|rc)[0-9]+)?/ + - deploy_snapshot: + requires: + - build_and_test + filters: + branches: + only: /((release|hotfix|support)/[0-9.]+(-(a|b|rc)[0-9]+)?|develop)/ + - deploy_release: + requires: + - build_and_test + filters: + tags: + only: /[0-9.]+(-(a|b|rc)[0-9]+)?/ + branches: + ignore: /.*/ \ No newline at end of file diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..c8396dd --- /dev/null +++ b/.editorconfig @@ -0,0 +1,19 @@ +[*] +charset=utf-8 +end_of_line=lf +insert_final_newline=false +indent_style=space +indent_size=4 + +[{messages.*,spring.schemas,org.codehaus.groovy.runtime.ExtensionModule,spring.handlers,messages,*.properties}] +indent_style=space +indent_size=4 + +[{*.gson,*.gradle,*.groovy,*.gant,*.gdsl,*.gy}] +indent_style=space +indent_size=4 + +[{*.kts,*.kt}] +indent_style=space +indent_size=4 + diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..ef698e8 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +custom: ['https://numfocus.salsalabs.org/supportopenmbee'] diff --git a/.github/codeql.yml b/.github/codeql.yml new file mode 100644 index 0000000..4fe1e47 --- /dev/null +++ b/.github/codeql.yml @@ -0,0 +1,3 @@ +query-filters: + - exclude: + id: java/spring-disabled-csrf-protection diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..f2ad892 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,48 @@ +name: "CodeQL" + +on: + push: + branches: [ "develop", "master" ] + pull_request: + branches: [ "develop" ] + schedule: + - cron: "4 23 * * 1" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ java ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Java + uses: actions/setup-java@v3 + with: + distribution: temurin + java-version: 11 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + config-file: ./.github/codeql.yml + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" diff --git a/.gitignore b/.gitignore index 18c70ae..3696a65 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,11 @@ .gradle **/build/ -application.properties +!gradle/wrapper/gradle-wrapper.jar +#application.properties localhost-env.json .vscode - +*.pem +src/main/resources/*.pem ### STS ### .apt_generated .classpath @@ -27,8 +29,12 @@ localhost-env.json /nbdist/ /.nb-gradle/ +### Sphinx ### +_build + **/bin -**/_build -*.ks -*.jks + +**/.DS_Store +/old_build/ +/generate_toc.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..3aa75e2 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,81 @@ +variables: + DOCKER_DRIVER: overlay2 + DOCKER_TLS_CERTDIR: "/certs" + SELECTOR: "openmbee-mms" + TAG: "latest" + ENVIRONMENT: "dev" + OC_PROJECT: $OC_DEV_NAMESPACE + OC_TOKEN: $OC_DEV_TOKEN + OC_URL: $OC_PIPELINE_URL + + +stages: + - build + - deploy + +build: + image: registry-cli-docker.wseasttest.navair.navy.mil:5001/docker:20.10.1 + services: + - name: docker:20.10.1-dind + command: + - /bin/sh + - -c + - apk update && apk add ca-certificates wget && wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt/ -P /usr/local/share/ca-certificates && update-ca-certificates --fresh > /dev/null && dockerd-entrypoint.sh --insecure-registry=registry-cli-docker.wseasttest.navair.navy.mil:5000 --insecure-registry=registry-cli-docker.wseasttest.navair.navy.mil:5001 --debug || exit + stage: build + tags: + - dind + - rhel + - edmz + before_script: + - echo $CI_COMMIT_REF_NAME + - | + if echo $CI_COMMIT_REF_NAME | grep -E [[:digit:]]+.[[:digit:]]+.[[:digit:]]+; + then + TAG=$CI_COMMIT_REF_NAME + else + TAG="latest" + fi + - apk -U upgrade + - docker info + script: + - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD registry-cli-docker.wseasttest.navair.navy.mil:5000 + - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD registry-cli-docker.wseasttest.navair.navy.mil:5001 + - docker build -f $DOCKERFILE_PATH --build-arg NEXUS_USERNAME=$NEXUS_USERNAME --build-arg NEXUS_PASSWORD=$NEXUS_PASSWORD -t registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG . + - docker push registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG + +deploy: + image: registry-cli-docker.wseasttest.navair.navy.mil:5001/openshift/origin-cli:v3.11 + stage: deploy + tags: + - dind + - rhel + - edmz + before_script: + - | + if [[ "$CI_COMMIT_REF_NAME" =~ [[:digit:]]+.[[:digit:]]+.[[:digit:]]+-RC[[:digit:]]+-SNAPSHOT ]] + then + TAG=$CI_COMMIT_REF_NAME + OC_PROJECT=$OC_STAGE_NAMESPACE + OC_TOKEN=$OC_STAGE_TOKEN + elif [[ "$CI_COMMIT_REF_NAME" =~ [[:digit:]]+.[[:digit:]]+.[[:digit:]]+.[[:digit:]]+-FINAL ]] + then + TAG=$CI_COMMIT_REF_NAME + OC_PROJECT=$OC_PROD_NAMESPACE + OC_URL=$OC_PROD_URL + OC_TOKEN=$OC_PROD_TOKEN + else + TAG="latest" + fi + script: + - echo $OC_URL + - oc login $OC_URL --token=$OC_TOKEN --insecure-skip-tls-verify + - oc project $OC_PROJECT + - | + OC_PATCH_STATUS=$(oc patch deploymentconfig $SELECTOR -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$SELECTOR\",\"image\": \"registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG\"}]}}}}") + - echo $OC_PATCH_STATUS + - | + if [[ "$OC_PATCH_STATUS" == *"not patched" ]]; then + oc rollout latest dc/$SELECTOR + oc rollout status dc/$SELECTOR + fi + - oc logout diff --git a/.lgtm.yml b/.lgtm.yml new file mode 100644 index 0000000..644839d --- /dev/null +++ b/.lgtm.yml @@ -0,0 +1,6 @@ +extraction: + java: + index: + java_version: 11 +queries: + - exclude: java/spring-disabled-csrf-protection \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 9b14737..67fd2e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,151 @@ -FROM openjdk:17.0.2-slim as build +FROM registry-cli-docker.wseasttest.navair.navy.mil:5001/buildpack-deps:bullseye AS config +ARG NEXUS_USERNAME +ARG NEXUS_PASSWORD + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + +RUN echo -e "${BLUE_TEXT}}First Stage Build${RESET_TEXT}" + +# Download certificates using wget +RUN echo -e "${YELLOW_TEXT}Downloading certificates from using wget${RESET_TEXT}" +RUN wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF +RUN wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/dod/latest/ -P /usr/local/share/ca-certificates/WCF + +# Update ca-certificates +RUN echo -e "${YELLOW_TEXT}Updating ca-certificates${RESET_TEXT}" +RUN update-ca-certificates + +# Grabs MAVEN proxy +RUN mkdir -p /root/.m2 +RUN wget --no-check-certificate -O /root/.m2/settings.xml https://wcf-serve.apps.arena-workspace.navair.navy.mil/config/maven/settings.xml +RUN echo -e "${YELLOW_TEXT}Updating Maven settings.xml with NEXUS credentials${RESET_TEXT}" +RUN sed -i.bak "s/nexus_username<\/username>/$NEXUS_USERNAME<\/username>/g" /root/.m2/settings.xml +RUN sed -i.bak "s/nexus_password<\/password>/$NEXUS_PASSWORD<\/password>/g" /root/.m2/settings.xml + +# Grabs alpine proxy +RUN wget --no-check-certificate -O /usr/local/share/repositories https://wcf-serve.apps.arena-workspace.navair.navy.mil/config/alpine/alpine_16-sources.list +RUN sed -i "s//$NEXUS_USERNAME/g" /usr/local/share/repositories +RUN sed -i "s//$NEXUS_PASSWORD/g" /usr/local/share/repositories + +# Use a base image that includes the necessary tools (e.g., curl, unzip) +FROM registry-cli-docker.wseasttest.navair.navy.mil:5001/amazoncorretto:17-alpine-jdk AS build + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + + +RUN echo -e "${BLUE_TEXT}Second Stage Build${RESET_TEXT}" + +COPY --from=config /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=config /usr/local/share/ca-certificates/WCF /usr/local/share/ca-certificates/WCF +COPY --from=config /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf +COPY --from=config /usr/local/share/repositories /usr/local/share/repositories +COPY --from=config /root/.m2/settings.xml /root/.m2/settings.xml + +COPY certs.sh . +RUN chmod +x certs.sh +RUN ./certs.sh + +# Echo statement for ARGs +RUN echo -e "${YELLOW_TEXT}Setting ARGs for environment variables${RESET_TEXT}" + +ENV GITLAB_ACCESS_TOKEN=$GITLAB_ACCESS_TOKEN +ENV GITLAB_URL=$GITLAB_URL + +# COMMENTED OUT SINCE NO LONGER NEED MAVEN. TO INCLUDE UNCOMMENT BLOCK ON LINE 19 AND ADD COPY COMMAND +# RUN apk add maven +# RUN mvn dependency:purge-local-repository +# RUN ./gradlew build --refresh-dependencies +# RUN ./gradlew clean verify + +# # Doing a two stage build like this helps eliminate vulnerablilite that may come along with build tools. WORKDIR application COPY . . + +RUN echo -e "${YELLOW_TEXT}Cleaning Build and Pull Depenencies...${RESET_TEXT}" +# RUN ./gradlew clean +# RUN ./gradlew --refresh-dependencies + +RUN echo -e "${YELLOW_TEXT}Building application using Gradle...${RESET_TEXT}" +# RUN ./gradlew tasks RUN ./gradlew --no-daemon bootJar -RUN find . -type f -name mms*.jar -not -iname '*javadoc*' -not -iname '*sources*' -exec cp '{}' 'app.jar' ';' + +RUN echo -e "${YELLOW_TEXT}Copying and extracting application JAR using jarmode...${RESET_TEXT}" +RUN cp build/libs/mmsri-4.0.18.jar app.jar + +RUN ls -lah + +#RUN apk add --no-cache findutils +#RUN find . -type f -name mms*.jar -not -iname '*javadoc*' -not -iname '*sources*' exec cp '{}' 'app.jar' ';' +#RUN find . -type f -name 'mms*.jar' -not -iname '*javadoc*' -not -iname '*sources*' -exec cp '{}' 'app.jar' ';' RUN java -Djarmode=layertools -jar app.jar extract -FROM openjdk:17.0.2-slim +RUN ls -lah + +#make folder and copy project +#RUN mkdir /project +#COPY . /project +#WORKDIR /project + +# NOT NEEDED UNLESS WE USE MAVEN +# RUN mvn clean package + +FROM registry-cli-docker.wseasttest.navair.navy.mil:5001/amazoncorretto:17-alpine-jdk as app_runner + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + +RUN echo -e "${BLUE_TEXT}Third Stage Build${RESET_TEXT}" + +COPY --from=config /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=config /usr/local/share/ca-certificates/WCF /usr/local/share/ca-certificates/WCF +COPY --from=config /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf +COPY --from=config /usr/local/share/repositories /usr/local/share/repositories + +# Re add certs +COPY certs.sh . +RUN chmod +x certs.sh +RUN ./certs.sh + +# Create self signed url for +#RUN apk --no-cache add openssl +#RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/key.pem -out /etc/ssl/certs/cert.pem -subj "/CN=openmbee-mms.openmbee.svc.cluster.local" + +RUN echo -e "${YELLOW_TEXT}Upgrading apk & installing procps${RESET_TEXT}" +RUN apk upgrade -q && apk add -q procps + +RUN ls -lah + +# RUN tree || true WORKDIR application -RUN apt-get update && apt-get install -y procps +RUN ls -lah + COPY --from=build application/dependencies/ ./ COPY --from=build application/spring-boot-loader/ ./ COPY --from=build application/snapshot-dependencies/ ./ COPY --from=build application/application/ ./ +#COPY --from=build ./ ./app.jar +#COPY --from=build build/libs/mmsri-4.0.18.jar ./build/libs/mmsri-4.0.18.jar +#CMD ["java","-jar","/build/libs/mmsri-4.0.18.jar"] +#EXPOSE 8080 + +#Java Commands from OpenMBEE MMSRI ENV JDK_JAVA_OPTIONS "-XX:MaxRAMPercentage=90.0 -XX:+PrintFlagsFinal -XX:+UseZGC" +#ENV SPRING_PROFILES_ACTIVE=test ENTRYPOINT ["java", "--add-opens", "java.base/java.lang=ALL-UNNAMED", "org.springframework.boot.loader.JarLauncher"] -EXPOSE 8080 +EXPOSE 5000 +# COPY --from=application-builder application/dependencies/ ./ +# COPY --from=application-builder application/spring-boot-loader/ ./ +# COPY --from=application-builder application/snapshot-dependencies/ ./ +# COPY --from=application-builder application/application/ ./ + +# # These commands update and upgrade the underlying os of the container, thus helping to eliminate os level vulnerabilites. +# # RUN apk upgrade +# EXPOSE 8080 +# # CMD ["java","-jar","/project/target/colosseo-api-toolbelt-0.0.1-SNAPSHOT.jar"] +# CMD ["java","-jar","app.jar"] diff --git a/Notes.MD b/Notes.MD new file mode 100644 index 0000000..14e183a --- /dev/null +++ b/Notes.MD @@ -0,0 +1,463 @@ +# Table of Contents + +- [Overview](#overview) + - [Getting Started:](#getting-started) + - [Setting Up:](#setting-up) + - [Local Development](#local-development) + - [Local Instance Setup](#local-instance-setup) + - [Developing With Docker](#developing-with-docker) +- [DevSecOps](#devsecops) + - [Dockerfile](#dockerfile) + - [GitLab CI/CD](#gitlab-cicd) + - [GitLab CI](#gitlab-ci) + - [GitLab CD Pipeline](#gitlab-cd-pipeline) + - [OpenShift](#openshift) +- [Bottom Line Up Front:](#bottom-line-up-front) + - [Solutions](#solutions) + - [Solution 1: Use KONG API Gateway Proxy](#solution-1-use-kong-api-gateway-proxy) + - [Solution 2: Use Ingress to create Reverse Proxy](#solution-2-use-ingress-to-create-reverse-proxy) + - [Solution 3: Use KeyCloak Integration](#solution-3-use-keycloak-integration) + - [Solution 4: Use Combination of the Previous Solutions](#solution-4-use-combination-of-the-previous-solutions) + - [Solution 5: Use LDAP Authentication](#solution-5-use-ldap-authentication) + - [Solution 6: Use TeamWork Cloud](#solution-6-use-teamwork-cloud) +- [Resources](#resources) + +# Overview + +This project is an implementation of NASA JPL's OpenMBEE View Editor(VE) and Model Management System (MMS). Note: When developing this application I used VE v4.0.2 and MMSRI v4.0.18. The MMSRI is a wrapped up version of the MMS, meaning instead of having all the subprojects in the codebase is uses fetches them from the Maven Repository instead. I have implemented VE v5.0 but OpenMBEE is still working on a release candidate, when that has been provided I will provide steps for setting that up. + +**Documentation:** + +- https://mms-reference-implementation.readthedocs.io/en/latest/index.html +- https://docs.openmbee.org/projects/ve/en/support-4.x/ +- https://docs.openmbee.org/projects/ve/en/latest/ + +## Getting Started: + +--- + +You will need the following: + +- **Software:** + - code editor(VS Code) [VS Code](https://code.visualstudio.com/download) + - [IntelliJ IDEA](https://www.jetbrains.com/idea/download/?section=mac) + - [JDK-17 download](https://www.oracle.com/java/technologies/javase-jdk17-downloads.html) + - [Docker Desktop](https://docs.docker.com/get-docker/) + - Possibly Need to Install: Python2, Ruby, and Sass (You will know if it needed after step 4) +- **Accounts & Services** + - OpenShift Namespaces + - Nexus Repository + - Keycloak Proxy + - DNS route for VE + - Nexus Credentials + - TwistLock Credentials + - KONG API Gateway Namespace + +**Architecture**: +Provided in the codebase is a screenshot of the architecture design. The only difference is this diagram is based on Alfresco, a Content Management System + +## Setting Up: + +--- + +Provided below is the high level overview of the steps and processed needed to get the application up and running + +1. **Install required software mentioned above** +2. **Clone Code vs Fork Code** + 1. Clone code from source code repositories if you are planning on committing back to the OpenSource, Fork the repository if you do not expect to commit back to the OpenMBEE project + 2. It may ask for SSH keys, refer to [Add SSH Key GitHub](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) + 3. MMS - `git clone ` + 4. VE - `git clone ` + 5. ElasticSearch - `git clone ` +3. **MMS Setup (Back End)** + + - Basic Steps for this are also outlined here [MMSRI](https://github.com/Open-MBEE/mmsri) + + 1. Docker Containers + - Docker Compose + 1. Using docker run `docker-compose up --build` this will build you an elasticsearch, minio, and postgres image all wrapped up in 1 container + 2. When you want to stop using your project simply open Docker Desktop and click the stop button + 3. More information will be provided in the MMS Setup Notes, [MMSRI](https://github.com/Open-MBEE/mmsri) + - Individual Docker **(Preferred)** + 1. Run Postgres Image (Required) + - `docker run -d -e POSTGRES_PASSWORD=test1234 -e POSTGRES_USER=mmsuser -e POSTGRES_DB=mms -p 5432:5432 postgres:11-alpine` + 2. Run ElasticSearch Image (Required) + - **Due to the vulnerabilities that are present with 7.8.1 the "safe" container is to use 8.10.2. I had to create a separate project that uses this version, setup steps for this will be following** + - Steps: + - Run this command first to get local setup running `docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.8.1 ` + - **ONCE LOCAL SETUP IS RUNNING STOP PREVIOUS CONTAINER AND RUN THE FOLLOWING** + - `docker build -t openmbee-elasticsearch:8.10.2 -f LocalDocker.Dockerfile .` + - builds the docker image + - LocalDocker.Dockerfile is a copy of the Dockerfile we use for the pipeline but without the first stage build + - `docker run -d --name openmbee-elasticsearch openmbee-elasticsearch:8.10.2` + - runs our docker container + - `docker cp example.txt your_container_name:/app/` + - **VERIFY elasticsearch.yml was copied into image** + - open Docker Desktop, navigate to the terminal of the image. + - click the far right link in the table "openmbee-elasticsearch" + - if not in the directory already run cat /usr/share/elasticsearch/config/elasticsearch.yml + - VERIFY the contents match the file from the codebase + - **IF the file doesn't match** run the following: + - `docker cp elasticsearch.yml openmbee-elasticsearch:/usr/share/elasticsearch/config/` + 3. Run Minio Image (Optional) + - `docker run -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" minio/minio server /data` + 2. MMS Application + - Run `./gradlew bootRun` which will run the application using Spring Boot, meaning it will run the project within a JVM(Java Virtual Machine) + - to understand where this comes from view the `build.gradle` file + - If you have IntelliJ IDEA setup you should be able to simply open the MMSRIApplication.java file then next to the debug button make sure the dropdown says "Current File" then click the Debug or Run button + +4. **VE Setup (Front End)** + 1. To get the front end started install the code, then run `npm i` + 2. `npm i -g grunt-cli` + 3. The node sass commands can be run if you receive an error that says "Loading node-sass blah blah", if not skip ahead. + 1. `npm install node-sass@4.14.1` + 2. `npm update && npm install` + 3. `node ./node_modules/node-sass/scripts/install.js` + 4. `npm rebuild node-sass` + 4. Test if gruntfile and necessary software is installed run the following: `grunt build --verbose` + 5. If grunt file fails due to mismatching node versions or incompatibility issues with node and the packages please test out these commands: + 1. Test 1: + 1. `npm install grunt-contrib-concat grunt-contrib-uglify grunt-contrib-sass grunt-contrib-watch grunt-html2js --save-dev` + 2. `rm -rf package-lock.json (also changed the package.json)` + 3. `npm i sass` + 4. `npm i grunt-contrib-sass --save-dev` + 5. `npm i` + 6. `npm update` + 7. `yarn add @angular/cli` if you don't have yarn installed, run `npm i -g yarn` + 8. `nvm use default` (in this case its node version 19.0) + - NVM is node version manager it helps with switching and installing between the different version of NodeJS, to install, refer to [Install NVM](https://www.freecodecamp.org/news/node-version-manager-nvm-install-guide/) + 9. `yarn add @angular/cli ` + 10. `nvm use 8 ` + 11. `grunt --verbose` + 12. `nvm use 15` + 13. `grunt --verbose` + 2. Test 2: + 1. `nvm use default` + 2. `npm i` + 3. `nvm use 8` + 4. `grunt --build` + - Please refer to the following for an understanding of the Grunt Commands + 6. Install serve module which allow you to run a local web server for your application, `npm i -g serve` + 7. To debug an issue you will run `grunt build --env= && cd dist && serve` + - **Local**: `grunt build --env=local && cd dist && serve` + - urls will be pointing to APIs at localhost:8080/ + - **Dev**: `grunt build --env=development && cd dist && serve` + - urls will be using kong proxy api +5. **MDK Setup** + 1. As of the development of this project there was no testing with MDK, to install and setup MDK refer to [MDK](https://github.com/Open-MBEE/mdk). + - This is important due to the VE functionality being rather limited without the DocGen capabilities that comes from the MDK. +6. **Local Development** + 1. One great thing about using MMS is we are allowed to use Swagger-UI on local. This is something that will be blocked in any DoD environment on NMCI network but allowed for local development. + 2. When you spin up the Backend the MMS image will spin up a certain port, this will look something like `:8080`, you will need to change the code in the VE to point to this URL, you should be looking for config.example.js underneath app/config/config.example.json + - You can rename the file to `config..js` you just need to keep that in mind when we get to the Dockerfile and when running Grunt commands. + - For example, you can create a config.local.js that points to your localhost and a config.production.js that points to you OpenShift Services, then when you run your Grunt Command you can run + 3. Now you should be able to spin up the project up, additional steps will need to preformed, so we aren't completely done yet. + +## Local Development + +--- + +### Local Instance Setup + +Once the application is running, you should be able to navigate to the following: + +- http://localhost:8080/v3/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config#/ +- http://localhost:8080/actuator/health + +Once you are on the login page you should be able to log in using the admin username and password that is set with `mms.admin.username` and `mms.admin.password`. Currently, these are set to `test`. + +Another thing to note for generate a JWT secret for you application run the following command + +- `node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"` + +IF you still a red banner that says "Timed Out", please do the following: + +- open Swagger UI +- find `createAuthenticationToken` under the Auth section of the endpoints near the top of the page. +- click 'Try It Out' and enter the request body next to username and password the values you have for mms.admin.username and mms.admin.password +- Click Execute and copy the token value +- Navigate to the top right and click 'Authorize' and past the token next to bearerToken +- Fill in username and password as well and click 'Log In' +- Now once you have this running, change the elasticsearch image to our custom elasticsearch image. + +**Final Steps:** + +- Once you log in you will need to create an Organization and a Project without it, you will log in and see "No Organizations Selected" and "No Projects Selected". So first step is use the Swagger UI to create an Organization, then create a Project for that corresponding Organization. + +**Things to be Aware of:** + +- If elasticsearch isn't running you will see your Organization populate but not your project +- Without the MDK running or setup your capabilities are limited and bugs exist in the VE due to this. +- **NOTE:** by default the application will run over http, to change this to **HTTPS** add the following lines to your application.properties file within the MMS. This can be found in `src/main/resouces/application.properties`: + 1. **Lines 15-25:** Need to double-check this. + - Refer to the following documentation for SSL on MMS: [SSL/HSTS Documentation](https://mms-reference-implementation.readthedocs.io/en/latest/configuration.html#ssl-hsts) + - Here are steps used to implement SSL on the server: [Implementing SSL on Server](https://www.thomasvitale.com/https-spring-boot-ssl-certificate/) + - Add/modify the following lines of code: + ```groovy + #server.port=5000 + #server.forward-headers-strategy=framework + server.ssl.enabled=true + ##server.ssl.key-alias=yourkeystorealias + server.ssl.key-store=classpath:mms.p12 + server.ssl.key-store-password=mms_password + server.ssl.key-store-type=PKCS12 + ``` + 2. Change your `config..js` in VE to use https instead of http + 3. Running Elasticsearch over HTTPS is also necessary. **NOTE:** This is where the custom OpenMBEE image is utilized. For more insight into this, please refer to: + - [Installing ElasticSearch with Docker](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html) + - [Encrypting ElasticSearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html) + - Add/modify the following lines of code: + ```groovy + # Elasticsearch config + elasticsearch.host=localhost + elasticsearch.port=9200 + elasticsearch.http=https + elasticsearch.limit.result=10000 + elasticsearch.limit.term=1000 + elasticsearch.limit.scrollTimeout=1000 + elasticsearch.limit.get=10000 + elasticsearch.limit.index=5000 + elasticsearch.limit.commit=100000 + ``` + 4. Re-run applications + +### Developing With Docker + +These applications are meant to be ran and deployed within Docker images. One thing discovered while working on this application and configuring to compile and deploy through the pipeline is that you will run into compilation errors due to image missing commands, improper permissions, or ssl communication errors. So one way to prepare for this is to test your docker files locally. I have provided the steps below for testing your docker files locally. + +1. (Optional) Create a new dockerfile called `LocalDocker.Dockerfile` + 1. Copy and Paste contents of `Dockerfile.Dockerfile` into `LocalDocker.Dockerfile` +2. Build docker image + - `docker build -t : -f LocalDocker.Dockerfile .` +3. Run docker image + - `docker run -d --name :` +4. If you need to copy files into the image run the following: + - `docker cp :` + +**Additional Information** + +- If you would like to output the build steps to a file for debugging use the following build command: + - `docker build -t : -f LocalDocker.Dockerfile . > build_output.log 2>&1` + +# DevSecOps + +--- + +**Overview:** Outlined in this section is the DevSecOps process and an understanding on how to use it. Documentation covering all aspects of services and How-To's can be found here [NAVAIR CI/CD Documentation](https://documentation.apps.arena-workspace.navair.navy.mil/colosseo/). + +**Responsibility Barrier** + +| Task | Developer | CI/CD Team | Container Team | Notes | +| ------------------------------------- | :-------: | :--------: | :------------: | :-----------------------------------------------------------------------------------------: | +| Create KeyCloak Account | | ✅ | | | +| Create KeyCloak SideCar | | | ✅ | | +| Create KeyCloak SideCar Routes | | | ✅ | | +| Create Nexus Registry | | ✅ | | | +| Create Nexus Credentials | | ✅ | | | +| Setup Nexus Credentials in GitLab | | ✅ | | | +| Create TwistLock Credentials | | ✅ | | | +| Setup TwistLock Credentials in GitLab | | ✅ | | | +| Create .gitlab-ci.yml | ✅ | | | | +| Update GitLab CI/CD Variables | ✅ | ✅ | | Depending on permission and sometimes they will need to create variables at the Group level | +| Create OpenShift NameSpace | | | ✅ | | +| Create DeploymentConfigs | ✅ | | | | +| Create Secrets in OpenShift | ✅ | | | | +| Create ConfigMaps in OpenShift | ✅ | | | | +| Create Services in OpenShift | ✅ | | | | +| Create Routes in OpenShift | | | ✅ | | +| Create Ingress in OpenShift | | | ✅ | | +| Create PersistenceVolume in OpenShift | ✅ | | | | +| Create KONG NameSpace | | | ✅ | | +| Create KONG Consumer | | | ✅ | | +| Create KONG Service | ✅ | | | | +| Create KONG Route | ✅ | | | | +| Create KONG ACL | | | ✅ | | + +## Dockerfile + +When looking at the Dockerfiles you will notice they are multiple stages (each `FROM` line is a new stage). The dockerfiles are structured in such a way that: + +- **Stage 1: configuration** + - **This stage is a requirement for all images in NAVAIR** + - Here we gather any certificates, setup proxies, and other things we will need for configuration the image. + - credentials for SSL communication within the image + - apk repository to be able to allow us to run `apk add` commands + - Use Maven Repository +- **Stage 2: building application** + - copy credentials grabbed in stage 1 and runs cert.sh which uses java's keytool command to update credentials and certificates + - copy codebase files and creates a JAR file as our build artifact that is our project all wrapped into one file. This created under the build folder(`build/libs`) using `./gradlew --no-daemon bootJar` + - Create a copy of the JAR file and +- **Stage 3: running/deploying application** + - copy credentials grabbed in stage 1 and runs cert.sh which uses java's keytool command to update credentials and certificates + - copies files from extract command + - Compiles application and exposes at port 5000 + +## GitLab CI/CD + +### GitLab CI + +This is all setup within the `.gitlab-ci.yml` file. Here we are able to create the Application Pipeline aka Stage 4 of the CD Pipeline. By default, there needs to be a Build Stage and a Deploy Stage. This file will use the DevSecOps Parent Pipeline to build your application, SAST and container Scans. Without this file the pipeline will not be established and built. Within this file is also where the logic exists for generating the image tags for our container and sets up our connection to OpenShift that allows us to deploy to OpenShift. + +**NOTE:** Only lines you should need to change is the first line in the file under variables where `SELECTOR` is declared on line 4. When creating deployment configs the SELECTOR should be the same name as your deployment config. + +### GitLab CD Pipeline + +In the DoD is a requirement to use a CI/CD pipeline for code, this allows for code, dependency, and container scanning. The most basic way to describe this workflow is to say. Whenever a commit is made the repository a pipeline is started. This pipeline is setup in roughly 4 stages. + +1. Stage 1: Build DoD Dependencies + - This will setup your Nexus Scans and decide what Code Scans will be performed in Stage 2 +2. Stage 2: Build and Scan + - Builds Container, then after a successful build a Nexus Container Scan will check for Vulnerabilities, if any are found it will provide a link to Prisma Cloud that will show you the vulnerabilities with the CVE, CVSS and feedback on what needs to be done to fix them (i.e. CVE-2016-1000027 CVSS 9.8 Spring Web 5.7, Fixed in 6.0) + - **NOTE:** + - No Critical Vulnerabilities are allowed, unless you work with IA and ISSM to request a "waiver". With a waiver you will have to provide evidence of a false positive. Then once that is provided, and you are approved you will need to provide a **Mitigation Plan** and a **Milestone** because you are only allowed **~ 30 days** to mitigate the vulnerability + - High Vulnerabilities: These are allowed in Dev but must be resolved before going any farther(i.e Test, Stage, Prod) + - Perform SAST Code Scanning based on what kinds of programming languages were found in the Stage 1 Scan + +- Stage 3: Quality Gate + - perform quality gate scanning and upload artifacts +- Stage 4: Application Pipeline + - These are the steps that are defined in the `.gitlab-ci.yaml` + - Here another container build is ran on success it will deploy application to the Nexus Repository + - **NOTE(S):** + - You will need to have your deployment configs created in OpenShift for the deployment to be successful. + - If your branch has versioning number(VE-VERSION-4.0.2) as the branch name it will create an image tagged with it in Nexus (i.e. openmbee-ve:VE-VERSION-4.0.2) + +## OpenShift + +**Overview:** Arena or Container Platform runs on OpenShift which is built off of Kubernetes, some alternatives that people might be familiar with is AWS' EC2 services. In OpenShift, we deploy our applications and docker container to pods. In OpenShift there are a couple terms to know: + +- **Pods**: These are application containers. One way to look at understanding the translation is for each docker image a OpenShift pod will be created as well. Pods are created through DeploymentConfig's which are created such that whenever a deployment is made a new pod is created. +- **DeploymentConfig** These are yaml files that setup what we want our Pod to be. Here you set the resource limits, url to container image that will be running within the pod, anything else needed for the application, or Secrets that you don't want to be displayed. You can also use ConfigMaps for environment variable based values. The 3rd thing is use PersistenceVolumes to store data through Pod deletion. +- **Services:** Sets up the networking between pods, this is where we can expose the pods to the web. Once these are setup by default all pods within the same cluster can communicate to each other. When created properly you will be provided with a hostname that can be used in other pods to reference these pods. For example this application uses an openmbee-mms, openmbee-ve, postgresql, and elasticsearch services to communicate. +- **Routes:** This is where you would attach URLs to your pods that can be used to access pods externally. Once a DNS ticket is created and if you are not using a KeyCloak SideCare you would create 2 routes for backend and frontend. Most application use KeyCloak embedded into the application +- **Ingress:** OpenShift Ingress is a crucial component that manages external access to the services in an OpenShift cluster, handling route traffic, and possibly SSL/TLS termination, ensuring that user requests are sent to the appropriate services. This is where you can create a reverse proxy that takes your front end which is on HTTPS and redirect the backend HTTP traffic to communicate over HTTPS with the application. + - The current NASA JPL Team uses an ingress with their application that I will provide in the BLUF +- **Secrets:** Most of the values seen in secrets are autogenerated. Secrets can range from database username and password, Nexus Registry credentials or even TLS and SSL certificates +- **ConfigMaps** are where you would store your config file for keycloak, or your configuration for the backend url(for example how we have our config.dev.js and config.local.js). These ConfigMaps allow the code to be deployed to multiple environments without having to change the code base. + +# Bottom Line Up Front: + +--- + +**Overview:** The goal of this project was to stand up and deploy a working version of OpenMBEE's MMS and VE applications in OpenShift and add CAC Authentication to the application. We were told to pursue using KeyCloak SideCar, which acts as a Gateway Proxy for the application. This is the same as OAuth2 Proxy for those who are aware of what that is. This would in layman's terms when accessing the application send you to the proxy, verify CAC, then redirect to application. On the redirect the application would digest your information and create an account for you and leave the application authentication and protected with your CAC. + +**RoadBlocks:** + +- Vulnerabilities +- CI/CD Pipelines +- KeyCloak Proxy +- HTTPS vs HTTP Traffic +- ElasticSearch + +As of the completion of the project, we were able to do the following: + +- resolve all critical and high vulnerabilities +- integrate application with GitLab CI/CD pipeline +- Cohere to DoD Cyber Policy +- Create waiver for CVE-2016 1000027 and provide mitigation plan. +- Create custom docker container for VE, MMS, and ElasticSearch. +- Deploy to OpenShift + +**Remaining Task:** CAC Authentication and ElasticSearch + +**Bottom-Line:** Possible with multiple solutions + +## Solutions + +### Solution 1: Use KONG API Gateway Proxy + +KONG API Gateway allows us to encrypt all traffic on the application with an API Key that cannot be intercepted and only accessed within the application. It also allows us to expose internal pods to the outside world by using the API Gateway. This would fix the original error we were getting with the SideCar. This would also fix the issue with our elasticsearch pod expecting HTTPS traffic but only receiving HTTP traffic. I had a solution for this elasticsearch issue but was unable to deploy. KONG Gateway also has a OAuth2 Authentication plugin that would allow us to use OAuth2 to authenticate all requests. This would lock the application down from exposed data or any unwanted attacks/access to critical mission data. + +### Solution 2: Use Ingress to create Reverse Proxy + +An Ingress would allow us to create a reverse proxy that would allow the internal pods to be able to communicate to the frontend running on HTTPS. This is how the NASA JPL team is able to get around the HTTPS vs HTTP communication. Especially since the issue with KeyCloak SideCar was running into the issue of HTTPS front end trying to communicate to the backend that was running on HTTP. We later created a DNS entry for the backend that allowed us to hit the backend over HTTPS, but we disabled KeyCloak Sidecar. This is where the 3rd issue occurred for the elasticsearch not communicating between HTTPS to HTTP. Again a solution for this was ready for deployment before being decommissioned but was unable to deploy. **But** since the backend would still be hosted over http elasticsearch will no longer complain about communicating over HTTPS vs HTTP. + +The ingress file that the OpenMBEE team is using is the following: + +``` +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + field.cattle.io/publicEndpoints: >- + [{"addresses":[""],"port":80,"protocol":"HTTP","serviceName":"mms4-uat:cae-mms4-uat-l4","ingressName":"mms4-uat:cae-mms-uat","hostname":"cae-mms-uat.jpl.nasa.gov","path":"/","allNodes":false}] + name: cae-mms-uat + namespace: mms4-uat +spec: + ingressClassName: nginx + rules: + - host: cae-mms-uat.jpl.nasa.gov + http: + paths: + - backend: + service: + name: cae-mms4-uat-l4 + port: + number: 443 + path: / + pathType: Prefix +status: + loadBalancer: + ingress: + - hostname: >- + k8s-ingressn-ingressn-blahblahblah.elb.us-gov-west-1.amazonaws.com +``` + +### Solution 3: Use KeyCloak Integration + +When I am referring to KeyCloak Integration I am referring to integrating KeyCloak realms into the front end and the backend. Integrating into the front-end is not difficult but the backend is where it could be either easy or difficult depending on your understanding of JWT(JSON Web Tokens) and Authentication processes. The backend application currently uses its own Authentication subproject that runs off of JWT tokens, you could possibly find a way to integrate OAuth2 into the pre-existing Auth subproject OR rebuild the Authentication project from scratch to use KeyCloak. I have found multiple projects and articles of people setting this up themselves: + +- https://github.com/ivangfr/springboot-react-keycloak/tree/master +- https://github.com/jannie-louwrens/spring-boot-keycloak-angular +- https://hamdi-bouallague.medium.com/secure-your-angular-spring-boot-application-using-keycloak-891efab50db8 +- https://github.com/keycloak/keycloak-quickstarts/tree/latest/spring/rest-authz-resource-server +- https://www.keycloak.org/docs/latest/securing_apps/index.html +- https://www.keycloak.org/docs/latest/securing_apps/index.html#_java-servlet-filter-adapter + +### Solution 4: Use Combination of the Previous Solutions + +I throw this in as a solution because I did not have enough time to test out the ideas that I had, but it could be plausible that you will need a combination of the previously mentioned solutions to integrate CAC Authentication. + +### Solution 5: Use LDAP Authentication + +MMS supports LDAP and when looking inside the `application.properties` file they have values that can be setup to integrate LDAP authentication + +### Solution 6: Use TeamWork Cloud + +I am not sure if this is within the scope of the requirements provided to use but thought it is worth noting while working on the code I noticed in `application.properties` file that there is also values for setting TWC. I am not familiar with TWC but thought that should be noted as well. + +**NOTE**: The version of elasticsearch that OpenMBEE is using is outdated and critically unsafe, so I had to create a custom container as mentioned earlier in this document. + +We were guided toward using KeyCloak sidecar and this caused issues with our backend service not being reachable outside the pod. The way to fix this was to use KONG API to act as a proxy for the backend. This allowed us to secure the endpoints with a ApiKey allowing all requests to be secure and not vulnerable to attacks. Another thing found with the KONG API is there are plugins with OAuth2 credentials. So with father research we could have implemented this and provided a minimal working product that would have at least provided encrypted channels for the application. + +# Resources + +--- + +- https://ndiastorage.blob.core.usgovcloudapi.net/ndia/2018/systems/Wed_21466_Kruse.pdf +- https://www.sciencedirect.com/science/article/pii/S1877050919307392?ref=pdf_download&fr=RR-2&rr=813eaddf2bbb818c +- https://github.com/Open-MBEE +- https://github.com/Open-MBEE/mms +- https://github.com/Open-MBEE/mdk +- https://github.com/Open-MBEE/mmsri +- https://github.com/Open-MBEE/ve +- https://docs.konghq.com/hub/kong-inc/oauth2/ +- https://documentation.apps.arena-workspace.navair.navy.mil/colosseo/ +- https://github.com/ivangfr/springboot-react-keycloak/tree/master +- https://github.com/jannie-louwrens/spring-boot-keycloak-angular +- https://github.com/ivangfr/springboot-react-keycloak/tree/master +- https://github.com/jannie-louwrens/spring-boot-keycloak-angular +- https://hamdi-bouallague.medium.com/secure-your-angular-spring-boot-application-using-keycloak-891efab50db8 +- https://github.com/keycloak/keycloak-quickstarts/tree/latest/spring/rest-authz-resource-server +- https://www.keycloak.org/docs/latest/securing_apps/index.html +- https://www.keycloak.org/docs/latest/securing_apps/index.html#_java-servlet-filter-adapter + +### Last Word + +**Document Creation and Knowledge Share:** +If there is any information missing or clarifications needed for this application feel free reach out to OpenMBEE POC Brandon Cratty, brandon.j.cratty2.civ@us.navy.mil +This document was created in Markdown language and used `pandoc` to convert from markdown to word document. To do so repeat the following: +1. Install pandoc, https://pandoc.org/installing.html +2. Install prettier document formatter, `npm install --global prettier` +3. Run Prettier, `prettier --write .MD` +4. Convert using pandoc, `pandoc .MD -o .docx` \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..8f469d5 --- /dev/null +++ b/README.md @@ -0,0 +1,154 @@ +# MMS Reference Implementation + +[![Language grade: Java](https://img.shields.io/lgtm/grade/java/g/Open-MBEE/mms.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/Open-MBEE/mms/context:java) + +[![CircleCI](https://circleci.com/gh/Open-MBEE/mms.svg?style=svg)](https://circleci.com/gh/Open-MBEE/mms) + +[![Documentation Status](https://readthedocs.org/projects/mms-reference-implementation/badge/?version=latest)](https://mms-reference-implementation.readthedocs.io/en/latest/?badge=latest) + +This is the reference implementation for MMS. For the source code, +please head to . For more information +about Open-MBEE, visit the [Open-MBEE Website](https://openmbee.org/). +For more detailed documentation, visit [MMSRI +ReadTheDocs](https://mms-reference-implementation.readthedocs.io/en/latest/). + +## Quick Start + +Note this quick start is for getting a test instance up and is not +recommended for production use. Different configs will be required for +different deployment scenarios, environments and workloads (ex. +elasticsearch should be a cluster instead of single node, different +memory allocations, etc) + +### Docker + +Installation instructions are found here: [Docker +documentation](https://docs.docker.com/) + +#### Option 1: Get from dockerhub + +Use tag 4.x from [Dockerhub](https://hub.docker.com/r/openmbee/mms) + +#### Option 2: Build from repo + +1. Copy the `application.properties.example` file in + `src/main/resources/` as `application.properties` +2. In the command line, run `docker-compose up --build` to create and + start all the services from the configuration. +3. Swagger ui at +4. Use the command `docker-compose down` to stop any containers from + running and to remove the containers, networks, and images created + by the `docker-compose up` command. This command should always be + done before any new attempts to restart the services from the + configuration. + +Note the docker compose file is running the application with the `test` +profile, with the config from +`src/main/resources/application-test.properties` + +This implementation brings in Spring Actuator and Logbook for monitoring +and logging features - see [Logbook](https://github.com/zalando/logbook) +and +[Actuator](https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html) +for more info. + +The `application.properties.example` file has the suggested configs and +comments. +[example](https://github.com/Open-MBEE/mmsri/blob/develop/src/main/resources/application.properties.example) + +## Using externalized configs + +There are a variety of options to override the packaged config depending +on the deployment scenario. See [Config +locations](https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-external-config) +for the list of options. Usually using profiles or environment variables +are a good way to specify different configs for different environments. + +## Developer Setup + +### Docker + +We suggest using Docker to set up PostgreSQL and Elasticsearch. +Installation instructions are found here: [Docker +documentation](https://docs.docker.com/) + +### Java SE Development Kit 17 + +Installation instructions: [JDK-17 +download](https://www.oracle.com/java/technologies/javase-jdk17-downloads.html) + +### Postgresql + +Install postgres (PostgreSQL) 11, instructions for Docker: [PostgreSQL +with Docker](https://hub.docker.com/_/postgres) + +``` +docker run -d -e POSTGRES_PASSWORD=test1234 -e POSTGRES_USER=mmsuser -e POSTGRES_DB=mms -p 5432:5432 postgres:11-alpine +``` + +### or Mysql + +5.7 [Mysql Docker](https://hub.docker.com/_/mysql/) + +``` +docker run -d -e MYSQL_ROOT_PASSWORD=test1234 -e MYSQL_DATABASE=mms -p 3306:3306 mysql:5.7 +``` + +### Elasticsearch + +Install Elasticsearch 7.8. If you use Docker instructions are available +here: [Setting up Elasticsearch with +Docker](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html) + +``` +docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.8.1 +``` + +### Artifact Storage + +Use MinIO for an open sourced local s3 api compatible storage + +``` +docker run -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" minio/minio server /data +``` + +### The Application: + +1. Copy the `application.properties.example` file in + `src/main/resources/` as `application.properties` +2. Change values for all the appropriate properties. The example file + holds sane values for most properties. +3. Setup Run and Debug configurations. The command line run command is + `./gradlew bootRun` +4. Swagger ui at + +## Swagger codegen + +[Gradle +Plugin](https://github.com/int128/gradle-swagger-generator-plugin) + +``` +./gradlew generateSwaggerCode +``` + +Results in build/swagger-code-\* + +## Built With + +- [Spring](https://spring.io) + +## Contributing + +To learn how you can get involved in a variety of ways, please see +[Contributing to OpenMBEE](https://www.openmbee.org/contribute). + +## Versioning + +We use [SemVer](http://semver.org/) for versioning. For the versions +available, see the [tags on this +repository](https://github.com/Open-MBEE/mms-sdvc.git). + +## License + +This project is licensed under the Apache License 2.0 - see the +[LICENSE](LICENSE) file for details diff --git a/README.rst b/README.rst index b3b8de5..446e42f 100644 --- a/README.rst +++ b/README.rst @@ -1,6 +1,6 @@ -MMS Reference Implementation -============================ +MMS Structured Data Version Control +=================================== .. image:: https://img.shields.io/lgtm/grade/java/g/Open-MBEE/mms.svg?logo=lgtm&logoWidth=18 @@ -11,46 +11,14 @@ MMS Reference Implementation :target: https://circleci.com/gh/Open-MBEE/mms :alt: CircleCI -.. image:: https://readthedocs.org/projects/mms-reference-implementation/badge/?version=latest - :target: https://mms-reference-implementation.readthedocs.io/en/latest/?badge=latest +.. image:: https://readthedocs.org/projects/model-management-system/badge/?version=latest + :target: https://model-management-system.readthedocs.io/en/latest/?badge=latest :alt: Documentation Status -This is the reference implementation for MMS. For the source code, please head to `https://github.com/Open-MBEE/mms `_. For more information about Open-MBEE, visit the `Open-MBEE Website `_. For more detailed documentation, visit `MMSRI ReadTheDocs `_. +The MMS SDVC is a collection of modules built on top of the Spring Framework and is a part of Open-MBEE. For more information about Open-MBEE, visit the `Open-MBEE Website `_ -Quick Start ------------ - -Note this quick start is for getting a test instance up and is not recommended for production use. Different configs will be required for different deployment scenarios, environments and workloads (ex. elasticsearch should be a cluster instead of single node, different memory allocations, etc) - -Docker -^^^^^^ - -Installation instructions are found here: `Docker documentation `_ - -Option 1: Get from dockerhub -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Use tag 4.x from `Dockerhub `_ - -Option 2: Build from repo -~~~~~~~~~~~~~~~~~~~~~~~~~ - - -#. Copy the ``application.properties.example`` file in ``src/main/resources/`` as ``application.properties`` -#. In the command line, run ``docker-compose up --build`` to create and start all the services from the configuration. -#. Swagger ui at `http://localhost:8080/v3/swagger-ui.html `_ -#. Use the command ``docker-compose down`` to stop any containers from running and to remove the containers, networks, and images created by the ``docker-compose up`` command. This command should always be done before any new attempts to restart the services from the configuration. - -Note the docker compose file is running the application with the ``test`` profile, with the config from ``src/main/resources/application-test.properties`` - -This implementation brings in Spring Actuator and Logbook for monitoring and logging features - see `Logbook `_ and `Actuator `_ for more info. - -The ``application.properties.example`` file has the suggested configs and comments. `example `_ - -Using externalized configs --------------------------- - -There are a variety of options to override the packaged config depending on the deployment scenario. See `Config locations `_ for the list of options. Usually using profiles or environment variables are a good way to specify different configs for different environments. +If you are interested in deploying MMS, please see the `MMSRI `_ quickstart. +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Developer Setup --------------- @@ -96,36 +64,40 @@ Install Elasticsearch 7.8. If you use Docker instructions are available here: ` docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.8.1 -Artifact Storage -^^^^^^^^^^^^^^^^ - -Use MinIO for an open sourced local s3 api compatible storage +Artifacts Storage +^^^^^^^^^^^^^^^^^ .. code-block:: - docker run -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" minio/minio server /data + docker run -d -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" minio/minio server /data -The Application: -^^^^^^^^^^^^^^^^ +IntelliJ IDEA +^^^^^^^^^^^^^ -#. Copy the ``application.properties.example`` file in ``src/main/resources/`` as ``application.properties`` -#. Change values for all the appropriate properties. The example file holds sane values for most properties. -#. Setup Run and Debug configurations. The command line run command is ``./gradlew bootRun`` -#. Swagger ui at `http://localhost:8080/v3/swagger-ui.html `_ +#. Import Gradle Project to IntelliJ IDEA +#. Ensure that you select JDK 10 or above and search recursively for projects. +#. The ``example`` subproject will show you how to include the different modules to run as a Spring Boot application. -Swagger codegen ---------------- +Gradle +^^^^^^ -`Gradle Plugin `_ +A gradle wrapper is included in the root of this repository and can be called from the command line with ``./gradlew [command]``. -.. code-block:: +The Example Sub Project: +^^^^^^^^^^^^^^^^^^^^^^^^ - ./gradlew generateSwaggerCode +#. Copy the example properties file in ``example/src/main/resources/`` as ``application.properties`` +#. Change values for all the appropriate properties. The example file holds sane values for most properties. +#. Setup Run and Debug configurations. The command line run command is ``./gradlew bootRun`` +#. Swagger ui at `http://localhost:8080/v3/swagger-ui.html `_ -Results in build/swagger-code-* +Running tests +------------- + +See README in /example Built With ---------- @@ -141,9 +113,14 @@ To learn how you can get involved in a variety of ways, please see `Contributing Versioning ---------- -We use `SemVer `_ for versioning. For the versions available, see the `tags on this repository `_. +We use `SemVer `_ for versioning. For the versions available, see the `tags on this repository `_. License ------- This project is licensed under the Apache License 2.0 - see the `LICENSE `_ file for details + +Structure of Modules +-------------------- + +TBA diff --git a/appsettings.json b/appsettings.json new file mode 100644 index 0000000..6f14912 --- /dev/null +++ b/appsettings.json @@ -0,0 +1,9 @@ +{ + "Jwt": { + "Authority": "https://auth.apps.arena-workspace.navair.navy.mil/auth/realms/navair", + "Audience": "openmbee" + }, + "ConnectionStrings": { + "OpenMbeeDb": "server=localhost;database=openmbee;user=sa;password=Your_password123" + } +} \ No newline at end of file diff --git a/build.gradle b/build.gradle index 33a7516..5063b85 100644 --- a/build.gradle +++ b/build.gradle @@ -60,6 +60,15 @@ dependencies { "org.springframework.security:spring-security-core:5.6.12", "org.springframework.security:spring-security-config:5.6.12", + //https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 +// "org.springframework:spring-web:6.0.0",//this forces to use jakarta and upgraded version of spring web +// // "javax.servlet:javax.servlet-api:4.0.1", +// "jakarta.servlet:jakarta.servlet-api:5.0.0", +// // 'jakarta.platform:jakarta.jakartaee-api:9.1.0', +// // 'org.eclipse.persistence:javax.persistence:2.2.1', +// 'jakarta.persistence:jakarta.persistence-api:3.0.0' +// // "jakarta.servlet:jakarta.servlet-api:5.0.0", + // RESOLVE HIGH VULNERABILITIES "org.apache.tomcat.embed:tomcat-embed-core:9.0.75", "org.springframework.boot:spring-boot-autoconfigure:2.7.12", diff --git a/certs.sh b/certs.sh new file mode 100644 index 0000000..b713352 --- /dev/null +++ b/certs.sh @@ -0,0 +1,4 @@ +#!/bin/sh +for FILE in /usr/local/share/ca-certificates/WCF/*; +do keytool -import -trustcacerts -cacerts -storepass changeit -noprompt -alias $FILE -file $FILE +done \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index d732ffe..bbf8487 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,18 +19,21 @@ services: - 9300:9300 minio: - image: minio/minio:latest + # image: minio/minio:latest + image: minio/minio:RELEASE.2022-05-26T05-48-41Z.hotfix.15f13935a environment: + # - "MINIO_ROOT_USER=admintest" + # - "MINIO_ROOT_PASSWORD=admintest" - "MINIO_ACCESS_KEY=admintest" - "MINIO_SECRET_KEY=admintest" command: server /tmp/data ports: - 9000:9000 - mms: + openmbee-mms: build: . - container_name: mms - hostname: mms + container_name: openmbee-mms + hostname: openmbee-mms environment: - "SPRING_PROFILES_ACTIVE=test" depends_on: @@ -38,4 +41,48 @@ services: - elasticsearch - minio ports: - - 8080:8080 \ No newline at end of file + - 8080:8080 + + +# DOCKER_COMPOSE FROM DEVELOP BRANCH +# version: '3.8' + +# services: +# postgres: +# image: postgres:11-alpine +# environment: +# - POSTGRES_PASSWORD=test1234 +# - POSTGRES_USER=mmsuser +# - POSTGRES_DB=mms +# ports: +# - 5432:5432 + +# elasticsearch: +# image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1 +# environment: +# - "discovery.type=single-node" +# ports: +# - 9200:9200 +# - 9300:9300 + +# minio: +# image: minio/minio:RELEASE.2022-05-26T05-48-41Z.hotfix.15f13935a +# environment: +# - "MINIO_ACCESS_KEY=admintest" +# - "MINIO_SECRET_KEY=admintest" +# command: server /tmp/data +# ports: +# - 9000:9000 + +# mms: +# build: . +# container_name: mms +# hostname: mms +# environment: +# - "SPRING_PROFILES_ACTIVE=test" +# depends_on: +# - postgres +# - elasticsearch +# - minio +# ports: +# - 8080:8080 \ No newline at end of file diff --git a/docker-services-compose.yml b/docker-services-compose.yml index 3d060b5..65e1dd8 100644 --- a/docker-services-compose.yml +++ b/docker-services-compose.yml @@ -24,6 +24,8 @@ services: image: minio/minio:latest network_mode: host environment: + # - "MINIO_ROOT_USER=admintest" + # - "MINIO_ROOT_PASSWORD=admintest" - "MINIO_ACCESS_KEY=admintest" - "MINIO_SECRET_KEY=admintest" command: server /tmp/data diff --git a/docs/deployment.rst b/docs/deployment.rst new file mode 100644 index 0000000..6b76d31 --- /dev/null +++ b/docs/deployment.rst @@ -0,0 +1,17 @@ +.. _deployment: + +========== +Deployment +========== + +Bare Metal +---------- +:: + + java -jar mms-4.0.0.jar + +Docker +------ +:: + + docker run mms diff --git a/docs/modules/artifacts.rst b/docs/modules/artifacts.rst new file mode 100644 index 0000000..958c746 --- /dev/null +++ b/docs/modules/artifacts.rst @@ -0,0 +1 @@ +.. include:: ../../artifacts/README.rst \ No newline at end of file diff --git a/docs/modules/authenticator.rst b/docs/modules/authenticator.rst new file mode 100644 index 0000000..b84a0b0 --- /dev/null +++ b/docs/modules/authenticator.rst @@ -0,0 +1 @@ +.. include:: ../../authenticator/README.rst \ No newline at end of file diff --git a/docs/modules/cameo.rst b/docs/modules/cameo.rst new file mode 100644 index 0000000..2a170d3 --- /dev/null +++ b/docs/modules/cameo.rst @@ -0,0 +1 @@ +.. include:: ../../cameo/README.rst \ No newline at end of file diff --git a/docs/modules/core.rst b/docs/modules/core.rst new file mode 100644 index 0000000..96de145 --- /dev/null +++ b/docs/modules/core.rst @@ -0,0 +1 @@ +.. include:: ../../core/README.rst \ No newline at end of file diff --git a/docs/modules/crud.rst b/docs/modules/crud.rst new file mode 100644 index 0000000..32e7b5c --- /dev/null +++ b/docs/modules/crud.rst @@ -0,0 +1 @@ +.. include:: ../../crud/README.rst \ No newline at end of file diff --git a/docs/modules/data.rst b/docs/modules/data.rst new file mode 100644 index 0000000..14d6011 --- /dev/null +++ b/docs/modules/data.rst @@ -0,0 +1 @@ +.. include:: ../../data/README.rst \ No newline at end of file diff --git a/docs/modules/elastic.rst b/docs/modules/elastic.rst new file mode 100644 index 0000000..7b36dc9 --- /dev/null +++ b/docs/modules/elastic.rst @@ -0,0 +1 @@ +.. include:: ../../elastic/README.rst \ No newline at end of file diff --git a/docs/modules/groups.rst b/docs/modules/groups.rst new file mode 100644 index 0000000..d015585 --- /dev/null +++ b/docs/modules/groups.rst @@ -0,0 +1 @@ +.. include:: ../../groups/README.rst \ No newline at end of file diff --git a/docs/modules/index.rst b/docs/modules/index.rst new file mode 100644 index 0000000..cdf87d3 --- /dev/null +++ b/docs/modules/index.rst @@ -0,0 +1,14 @@ +.. _modules: + +======= +Modules +======= + +This section is for the individual modules currently available for MMS. + +.. toctree:: + :maxdepth: 2 + :caption: Modules + :glob: + + * \ No newline at end of file diff --git a/docs/modules/json.rst b/docs/modules/json.rst new file mode 100644 index 0000000..feba406 --- /dev/null +++ b/docs/modules/json.rst @@ -0,0 +1 @@ +.. include:: ../../json/README.rst \ No newline at end of file diff --git a/docs/modules/jupyter.rst b/docs/modules/jupyter.rst new file mode 100644 index 0000000..c44e6eb --- /dev/null +++ b/docs/modules/jupyter.rst @@ -0,0 +1 @@ +.. include:: ../../jupyter/README.rst \ No newline at end of file diff --git a/docs/modules/ldap.rst b/docs/modules/ldap.rst new file mode 100644 index 0000000..27acf0b --- /dev/null +++ b/docs/modules/ldap.rst @@ -0,0 +1 @@ +.. include:: ../../ldap/README.rst \ No newline at end of file diff --git a/docs/modules/localuser.rst b/docs/modules/localuser.rst new file mode 100644 index 0000000..352f2ce --- /dev/null +++ b/docs/modules/localuser.rst @@ -0,0 +1 @@ +.. include:: ../../localuser/README.rst \ No newline at end of file diff --git a/docs/modules/permissions.rst b/docs/modules/permissions.rst new file mode 100644 index 0000000..6130ddc --- /dev/null +++ b/docs/modules/permissions.rst @@ -0,0 +1 @@ +.. include:: ../../permissions/README.rst \ No newline at end of file diff --git a/docs/modules/rdb.rst b/docs/modules/rdb.rst new file mode 100644 index 0000000..2662570 --- /dev/null +++ b/docs/modules/rdb.rst @@ -0,0 +1 @@ +.. include:: ../../rdb/README.rst \ No newline at end of file diff --git a/docs/modules/search.rst b/docs/modules/search.rst new file mode 100644 index 0000000..3e1155f --- /dev/null +++ b/docs/modules/search.rst @@ -0,0 +1 @@ +.. include:: ../../search/README.rst \ No newline at end of file diff --git a/docs/modules/storage.rst b/docs/modules/storage.rst new file mode 100644 index 0000000..786b828 --- /dev/null +++ b/docs/modules/storage.rst @@ -0,0 +1 @@ +.. include:: ../../storage/README.rst \ No newline at end of file diff --git a/docs/modules/twc.rst b/docs/modules/twc.rst new file mode 100644 index 0000000..7de72e0 --- /dev/null +++ b/docs/modules/twc.rst @@ -0,0 +1 @@ +.. include:: ../../twc/README.rst \ No newline at end of file diff --git a/docs/modules/webhooks.rst b/docs/modules/webhooks.rst new file mode 100644 index 0000000..a85ed70 --- /dev/null +++ b/docs/modules/webhooks.rst @@ -0,0 +1 @@ +.. include:: ../../webhooks/README.rst \ No newline at end of file diff --git a/docs/quickstart.rst b/docs/quickstart.rst new file mode 100644 index 0000000..ebe9cb0 --- /dev/null +++ b/docs/quickstart.rst @@ -0,0 +1,69 @@ +.. _quickstart: + +=========== +Quick Start +=========== + +This quick start will focus on running all dependencies and the MMS application as docker containers. This is most suitable for testing environments. For production deployments, we recommend the `MMS Reference Implementation `_ as a starting point. + +Dependencies +------------ + + Docker + We suggest using Docker to set up PostgreSQL and Elasticsearch. Installation instructions are found here: `Docker documentation `_ + + Java SE Development Kit 11+ + Installation instructions: `JDK-11 download `_ + + Postgresql or Mysql 5.7 + Install postgres (PostgreSQL) 11, instructions for Docker: `PostgreSQL with Docker `_ + :: + + docker run -d -e POSTGRES_PASSWORD=test1234 -e POSTGRES_USER=mmsuser -e POSTGRES_DB=mms -p 5432:5432 --name=postgres postgres:11-alpine + + Or mysql: `Mysql with Docker `_ + :: + + docker run -d -e MYSQL_ROOT_PASSWORD=test1234 -e MYSQL_DATABASE=mms -p 3306:3306 --name=mysql mysql:5.7 + + Elasticsearch + Install Elasticsearch 7.8. If you use Docker instructions are available here: `Setting up Elasticsearch with Docker `_ + :: + + docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" --name=elasticsearch docker.elastic.co/elasticsearch/elasticsearch:7.8.1 + + MinIO + Install MinIO for artifact storage. `Instructions for MinIO `_ + :: + + docker run -d -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" --name=minio minio/minio server /data + +Running MMS +----------- + + Configure the application + Each module of MMS can define configuration properties required to function. These properties can be defined in a single location, by default, called application.properties. Place application.properties in the classpath for MMS to use the defined values. For an example, see `example application.properties `_ + Alternatively, the properties file can be given by defining the environment variable `SPRING_CONFIG_LOCATION`. + + Run the application + First, create a container from an MMS image. In the example below, the container is using the host network for simplicity. + :: + + docker create --name=mms --network="host" -e "SPRING_CONFIG_LOCATION=/mms.properties" openmbee/mms:4.0.0-b5 + + Copy properties + If using the above command, copy the properties file to the defined spring config location. + :: + + docker cp mms.properties mms:/mms.properties + + Start the container + Finally, start the container with the injected properties file. + :: + + docker start mms + +More Information +---------------- + + For more information and hints, check the `docker-compose.yml `_ in the project root to see how we stand up an instance for testing purposes. \ No newline at end of file diff --git a/download_certificates.sh b/download_certificates.sh new file mode 100644 index 0000000..19b0853 --- /dev/null +++ b/download_certificates.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +function try { + $@ + return $? +} + +function catch { + echo "Error occurred: $1" + # Handle error here or exit + exit 1 +} + +# Run your commands within the try-catch block + +# Wget commands +# try wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF || catch "wget command failed" +# try wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/dod/latest/ -P /usr/local/share/ca-certificates/WCF || catch "wget command failed" + +# Curl and unzip commands +try curl -L -o /usr/local/share/ca-certificates/WCF/crt.zip https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt.zip || catch "curl command failed" +try unzip -o /usr/local/share/ca-certificates/WCF/crt.zip -d /usr/local/share/ca-certificates/WCF || catch "unzip command failed" +try curl -L -o /usr/local/share/ca-certificates/WCF/dod.zip https://wcf-serve.apps.arena-workspace.navair.navy.mil/dod/latest/dod.zip || catch "curl command failed" +try unzip -o /usr/local/share/ca-certificates/WCF/dod.zip -d /usr/local/share/ca-certificates/WCF || catch "unzip failed" + +echo "Commands executed successfully" + diff --git a/example/src/main/resources/application.properties b/example/src/main/resources/application.properties new file mode 100644 index 0000000..120b1a1 --- /dev/null +++ b/example/src/main/resources/application.properties @@ -0,0 +1,89 @@ +# See authenticator module for example configuration +mms.admin.username=test +mms.admin.password=test + +mms.stream.batch.size=100000 + +#Comma Separated list of allowed cross site origins +cors.allowed.origins=* + +jwt.secret=d8448f7ad828fe0ed27fffd01059fec974464594fc832c5b50a0c9cdd073b8c8 +jwt.expiration=86400 +jwt.header=Authorization + +# See ldap module for example configuration +ldap.provider.base=dc=directory,dc=openmbee,dc=org +ldap.provider.url=ldaps://ldap.openmbee.org +ldap.provider.userdn= +ldap.provider.password= +ldap.user.dn.pattern=uid={0},ou=personnel +ldap.user.attributes.username= +ldap.user.attributes.email= +ldap.user.attributes.firstname= +ldap.user.attributes.lastname= +ldap.user.attributes.update=24 +ldap.group.role.attribute=cn +ldap.group.search.base=ou=groups +ldap.group.search.filter=uniqueMember={0} + +# See core module for example configuration +spring.datasource.url=jdbc:postgresql://localhost:5432 +#spring.datasource.url=jdbc:mysql://localhost:3306 +spring.datasource.database=mms +spring.datasource.username=mmsuser +spring.datasource.password=test1234 +spring.datasource.driver-class-name=org.postgresql.Driver +#spring.datasource.driver-class-name=com.mysql.jdbc.Driver +spring.datasource.initialization-mode=always + +# The SQL dialect makes Hibernate generate better SQL for the chosen database +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect +#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialect +#spring.jpa.properties.hibernate.dialect.storage_engine=innodb + +# Hibernate ddl auto (create, create-drop, validate, update) +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.jpa.open-in-view=false + +spring.main.allow-bean-definition-overriding=true +spring.main.allow-circular-references=true +spring.mvc.pathmatch.matching-strategy=ant_path_matcher + +#Configuration for Elasticsearch +elasticsearch.host=localhost +elasticsearch.port=9200 +elasticsearch.http=http +elasticsearch.index.element=mms +elasticsearch.limit.insert=80 +elasticsearch.limit.result=10000 +elasticsearch.limit.term=1000 +elasticsearch.limit.scrollTimeout=1000 +elasticsearch.limit.get=100000 +elasticsearch.limit.index=5000 +elasticsearch.limit.commit=100000 + +#Configuration for TWC +#port is for REST interface +#aliases are for clustered usages +twc.instances[0].url=dev-twc-03.domain.com +twc.instances[0].protocol=https +twc.instances[0].port=8111 +twc.instances[0].aliases[0]=dev-twc-02.domain.com +twc.instances[0].aliases[1]=dev-twc-01.domain.com + +springdoc.swagger-ui.path=/v3/swagger-ui.html +#For sorting endpoints alphabetically +springdoc.swagger-ui.operationsSorter=alpha +#For sorting tags alphabetically +springdoc.swagger-ui.tagsSorter=alpha +springdoc.default-produces-media-type=application/json +springdoc.swagger-ui.displayOperationId=true + +s3.endpoint=http://localhost:9000 +s3.access_key=admintest +s3.secret_key=admintest +s3.region=optional +s3.bucket=optional + +spring.main.allow-bean-definition-overriding=true \ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index aa991fc..d7668b3 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,8 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip + +# distributionUrl=https://services.gradle.org/distributions/gradle-7.4.2-bin.zip +# distributionUrl=gradle-7.4.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/openshift-resources/dev/build.yml b/openshift-resources/dev/build.yml new file mode 100644 index 0000000..ad5dbab --- /dev/null +++ b/openshift-resources/dev/build.yml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 +kind: "BuildConfig" +metadata: + name: "openmbee-mms" + annotations: + description: "Defines how to build the openmbee mms with a multi-stage Dockerfile." +spec: + completionDeadlineSeconds: 1800 + env: + - name: "GIT_SSL_NO_VERIFY" + value: "true" + source: + type: "Git" + git: + ref: "master" + uri: "ssh://alm-internal.navair.navy.mil/tfs/72_ALM/Sys_Dev/_git/openmbee-mms" + contextDir: "openmbee" + sourceSecret: + name: "tfs-pull-secret" + strategy: + type: "Docker" + dockerStrategy: + env: + - name: GIT_SSL_NO_VERIFY + value: 'true' + - name: twistlock_scan_username + valueFrom: + secretKeyRef: + key: username + name: twistlock-scan + - name: twistlock_scan_password + valueFrom: + secretKeyRef: + key: password + name: twistlock-scan + - name: nexus_username + valueFrom: + secretKeyRef: + key: username + name: nexus-credentials + - name: nexus_password + valueFrom: + secretKeyRef: + key: password + name: nexus-credentials + pullSecret: + name: nexus-repo-docker-registry-proxy + output: + to: + kind: "DockerImage" + name: "registry-cli-docker.wseasttest.navair.navy.mil:5000/722sysdev/openmbee-mms:latest" + pushSecret: + name: "nexus-repo-docker-registry" + postCommit: + script: >- + curl -k -ssl -u "$twistlock_scan_username:$twistlock_scan_password" + https://twistlock-console.twistlock.svc:8083/api/v1/util/twistcli -o + ~/twistcli && chmod +x ~/twistcli && ~/twistcli images scan --user + $twistlock_scan_username --password $twistlock_scan_password --address + https://twistlock-console.twistlock.svc:8083 --containerized + --vulnerability-threshold critical + --only-fixed --details --publish $OPENSHIFT_BUILD_NAME diff --git a/openshift-resources/dev/deployment.yml b/openshift-resources/dev/deployment.yml new file mode 100644 index 0000000..b79a7a7 --- /dev/null +++ b/openshift-resources/dev/deployment.yml @@ -0,0 +1,71 @@ +--- +apiVersion: v1 +kind: "DeploymentConfig" +metadata: + name: "openmbee-mms" + annotations: + description: "Handles deployment of the openmbee mms web api" +spec: + strategy: + resources: + limits: + cpu: 350m + memory: 500Mi + requests: + cpu: 350m + memory: 100Mi + type: "Recreate" + replicas: 1 + template: + metadata: + labels: + name: "openmbee" + spec: + containers: + - env: + - name: ASPNETCORE_URLS + value: http://*:5000 + name: "openmbee-mms" + image: "registry-cli-docker.wseasttest.navair.navy.mil:5000/722sysdev/openmbee-mms:latest" + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /api/v1/Health/healthz + port: 5000 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 38 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /api/v1/Health/healthz + port: 5000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + volumeMounts: + - name: appsettings-config + mountPath: /app/appsettings.json + subPath: appsettings.json + ports: + - containerPort: 5000 + protocol: TCP + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 350m + memory: 500M + volumes: + - name: appsettings-config + secret: + secretName: appsettings-config + items: + - key: appsettings.json + path: appsettings.json + triggers: [] diff --git a/openshift-resources/dev/elastic-search-service.yml b/openshift-resources/dev/elastic-search-service.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/dev/pipeline.yml b/openshift-resources/dev/pipeline.yml new file mode 100644 index 0000000..21e435a --- /dev/null +++ b/openshift-resources/dev/pipeline.yml @@ -0,0 +1,17 @@ +--- +apimmsrsion: v1 +kind: "BuildConfig" +metadata: + name: "openmbee-mms-pipeline" +spec: + completionDeadlineSeconds: 1800 + source: + git: + ref: "master" + uri: "ssh://alm-internal.navair.navy.mil/tfs/72_ALM/Sys_Dev/_git/openmbee-mms" + contextDir: "openmbee" + sourceSecret: + name: "tfs-pull-secret" + strategy: + jenkinsPipelineStrategy: + jenkinsfilePath: Jenkinsfile diff --git a/openshift-resources/dev/psql-deployment.yml b/openshift-resources/dev/psql-deployment.yml new file mode 100644 index 0000000..82965eb --- /dev/null +++ b/openshift-resources/dev/psql-deployment.yml @@ -0,0 +1,39 @@ +--- +apiVersion: v1 +kind: DeploymentConfig +metadata: + annotations: + template.alpha.openshift.io/wait-for-ready: 'true' + name: postgres +spec: + replicas: 1 + selector: + name: postgres + strategy: + type: Recreate + template: + metadata: + labels: + name: postgres + spec: + containers: + - env: + - name: ACCEPT_EULA + value: "Y" + - name: SA_PASSWORD + valueFrom: + secretKeyRef: + key: database-password + name: "postgres" + image: "registry-cli-docker.wseasttest.navair.navy.mil:5000/emergingtech/postgres:11-alpine" + imagePullPolicy: Always + name: postgres + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: "/var/opt/postgres" + name: "postgres-data" + volumes: + - name: "postgres-data" + persistentVolumeClaim: + claimName: "postgres" diff --git a/openshift-resources/dev/psql-pvc.yml b/openshift-resources/dev/psql-pvc.yml new file mode 100644 index 0000000..5ef20d3 --- /dev/null +++ b/openshift-resources/dev/psql-pvc.yml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mssql +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi diff --git a/openshift-resources/dev/psql-service.yml b/openshift-resources/dev/psql-service.yml new file mode 100644 index 0000000..4759df5 --- /dev/null +++ b/openshift-resources/dev/psql-service.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + template.openshift.io/expose-uri: psql://{.spec.clusterIP}:{.spec.ports[?(.name=="psql")].port} + name: "psql" +spec: + ports: + - name: psql + port: 5432 + selector: + name: "psql" diff --git a/openshift-resources/dev/route.yml b/openshift-resources/dev/route.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/dev/service.yml b/openshift-resources/dev/service.yml new file mode 100644 index 0000000..ad31088 --- /dev/null +++ b/openshift-resources/dev/service.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: "Service" +metadata: + name: "openmbee-mms" + annotations: + description: "Exposes and load balances the application pods" +spec: + ports: + - name: "openmbee-mms-port" + port: 5000 + targetPort: 5000 + selector: + name: "openmbee" diff --git a/openshift-resources/kompose-output/elasticsearch-deployment.yaml b/openshift-resources/kompose-output/elasticsearch-deployment.yaml new file mode 100644 index 0000000..18f1433 --- /dev/null +++ b/openshift-resources/kompose-output/elasticsearch-deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: elasticsearch + name: elasticsearch + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: elasticsearch + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.network/mms-default: "true" + io.kompose.service: elasticsearch + spec: + containers: + - env: + - name: discovery.type + value: single-node + image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1 + name: elasticsearch + ports: + - containerPort: 9200 + hostPort: 9200 + protocol: TCP + - containerPort: 9300 + hostPort: 9300 + protocol: TCP + resources: {} + restartPolicy: Always +status: {} diff --git a/openshift-resources/kompose-output/elasticsearch-service.yaml b/openshift-resources/kompose-output/elasticsearch-service.yaml new file mode 100644 index 0000000..a969295 --- /dev/null +++ b/openshift-resources/kompose-output/elasticsearch-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: elasticsearch + name: elasticsearch + namespace: default +spec: + ports: + - name: "9200" + port: 9200 + targetPort: 9200 + - name: "9300" + port: 9300 + targetPort: 9300 + selector: + io.kompose.service: elasticsearch +status: + loadBalancer: {} diff --git a/openshift-resources/kompose-output/minio-deployment.yaml b/openshift-resources/kompose-output/minio-deployment.yaml new file mode 100644 index 0000000..cdd3e38 --- /dev/null +++ b/openshift-resources/kompose-output/minio-deployment.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: minio + name: minio + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: minio + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.network/mms-default: "true" + io.kompose.service: minio + spec: + containers: + - args: + - server + - /tmp/data + env: + - name: MINIO_ACCESS_KEY + value: admintest + - name: MINIO_SECRET_KEY + value: admintest + image: minio/minio:RELEASE.2022-05-26T05-48-41Z.hotfix.15f13935a + name: minio + ports: + - containerPort: 9000 + hostPort: 9000 + protocol: TCP + resources: {} + restartPolicy: Always +status: {} diff --git a/openshift-resources/kompose-output/minio-service.yaml b/openshift-resources/kompose-output/minio-service.yaml new file mode 100644 index 0000000..a0808da --- /dev/null +++ b/openshift-resources/kompose-output/minio-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: minio + name: minio + namespace: default +spec: + ports: + - name: "9000" + port: 9000 + targetPort: 9000 + selector: + io.kompose.service: minio +status: + loadBalancer: {} diff --git a/openshift-resources/kompose-output/openmbee-mms-deployment.yaml b/openshift-resources/kompose-output/openmbee-mms-deployment.yaml new file mode 100644 index 0000000..077b378 --- /dev/null +++ b/openshift-resources/kompose-output/openmbee-mms-deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: openmbee-mms + name: openmbee-mms + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: openmbee-mms + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.network/openmbee-mms-default: "true" + io.kompose.service: openmbee-mms + spec: + containers: + - env: + - name: SPRING_PROFILES_ACTIVE + value: test + image: openmbee-mms + name: openmbee-mms + ports: + - containerPort: 8080 + hostPort: 8080 + protocol: TCP + resources: {} + hostname: openmbee-mms + restartPolicy: Always +status: {} diff --git a/openshift-resources/kompose-output/openmbee-mms-service.yaml b/openshift-resources/kompose-output/openmbee-mms-service.yaml new file mode 100644 index 0000000..13668b9 --- /dev/null +++ b/openshift-resources/kompose-output/openmbee-mms-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: openmbee-mms + name: openmbee-mms + namespace: default +spec: + ports: + - name: "8080" + port: 8080 + targetPort: 8080 + selector: + io.kompose.service: openmbee-mms +status: + loadBalancer: {} diff --git a/openshift-resources/kompose-output/postgres-deployment.yaml b/openshift-resources/kompose-output/postgres-deployment.yaml new file mode 100644 index 0000000..e2ec65b --- /dev/null +++ b/openshift-resources/kompose-output/postgres-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: postgres + name: postgres + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: postgres + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.network/mms-default: "true" + io.kompose.service: postgres + spec: + containers: + - env: + - name: POSTGRES_DB + value: mms + - name: POSTGRES_PASSWORD + value: test1234 + - name: POSTGRES_USER + value: mmsuser + image: postgres:11-alpine + name: postgres + ports: + - containerPort: 5432 + hostPort: 5432 + protocol: TCP + resources: {} + restartPolicy: Always +status: {} diff --git a/openshift-resources/kompose-output/postgres-service.yaml b/openshift-resources/kompose-output/postgres-service.yaml new file mode 100644 index 0000000..5cc08a3 --- /dev/null +++ b/openshift-resources/kompose-output/postgres-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + creationTimestamp: null + labels: + io.kompose.service: postgres + name: postgres + namespace: default +spec: + ports: + - name: "5432" + port: 5432 + targetPort: 5432 + selector: + io.kompose.service: postgres +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml new file mode 100644 index 0000000..03097e9 --- /dev/null +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml @@ -0,0 +1,234 @@ +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + resourceVersion: '948297847' + name: openmbee-elasticsearch + uid: 18c65158-45df-4ff2-952d-4f73fcd082c3 + creationTimestamp: '2023-09-18T16:37:56Z' + generation: 24 + managedFields: + - manager: oc + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-18T16:38:17Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:template': + 'f:spec': + 'f:containers': + 'k:{"name":"openmbee-elasticsearch"}': + .: {} + 'f:image': {} + 'f:imagePullPolicy': {} + 'f:name': {} + 'f:resources': {} + 'f:terminationMessagePath': {} + 'f:terminationMessagePolicy': {} + - manager: Mozilla + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-18T17:44:30Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:kompose.cmd': {} + 'f:kompose.version': {} + 'f:labels': + .: {} + 'f:io.kompose.service': {} + 'f:spec': + 'f:replicas': {} + 'f:revisionHistoryLimit': {} + 'f:selector': + .: {} + 'f:io.kompose.service': {} + 'f:strategy': + 'f:activeDeadlineSeconds': {} + 'f:rollingParams': + .: {} + 'f:intervalSeconds': {} + 'f:maxSurge': {} + 'f:maxUnavailable': {} + 'f:timeoutSeconds': {} + 'f:updatePeriodSeconds': {} + 'f:type': {} + 'f:template': + .: {} + 'f:metadata': + .: {} + 'f:annotations': + .: {} + 'f:kompose.cmd': {} + 'f:kompose.version': {} + 'f:creationTimestamp': {} + 'f:labels': + .: {} + 'f:io.kompose.network/mms-default': {} + 'f:io.kompose.service': {} + 'f:spec': + .: {} + 'f:containers': + .: {} + 'k:{"name":"openmbee-elasticsearch"}': + 'f:env': + .: {} + 'k:{"name":"discovery.type"}': + .: {} + 'f:name': {} + 'f:value': {} + 'f:ports': + .: {} + 'k:{"containerPort":9200,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'k:{"containerPort":9300,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'f:resources': + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:dnsPolicy': {} + 'f:imagePullSecrets': + .: {} + 'k:{"name":"nexus-repo-docker-registry"}': {} + 'f:restartPolicy': {} + 'f:schedulerName': {} + 'f:securityContext': {} + 'f:terminationGracePeriodSeconds': {} + 'f:triggers': {} + - manager: openshift-controller-manager + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-27T22:21:15Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:updatedReplicas': {} + 'f:readyReplicas': {} + 'f:conditions': + .: {} + 'k:{"type":"Available"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:status': {} + 'f:type': {} + 'k:{"type":"Progressing"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:reason': {} + 'f:status': {} + 'f:type': {} + 'f:details': + .: {} + 'f:causes': {} + 'f:message': {} + 'f:replicas': {} + 'f:availableReplicas': {} + 'f:observedGeneration': {} + 'f:unavailableReplicas': {} + 'f:latestVersion': {} + subresource: status + namespace: openmbee + labels: + io.kompose.service: elasticsearch +spec: + strategy: + type: Rolling + rollingParams: + updatePeriodSeconds: 1 + intervalSeconds: 1 + timeoutSeconds: 600 + maxUnavailable: 25% + maxSurge: 25% + resources: {} + activeDeadlineSeconds: 21600 + triggers: + - type: ConfigChange + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + io.kompose.service: elasticsearch + template: + metadata: + creationTimestamp: null + labels: + io.kompose.network/mms-default: 'true' + io.kompose.service: elasticsearch + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + spec: + containers: + - name: openmbee-elasticsearch + image: >- + registry-cli-docker.wseasttest.navair.navy.mil:5000/openmbee/openmbee-elasticsearch:latest + ports: + - containerPort: 9200 + protocol: TCP + - containerPort: 9300 + protocol: TCP + env: + - name: discovery.type + value: single-node + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + imagePullSecrets: + - name: nexus-repo-docker-registry + schedulerName: default-scheduler +status: + observedGeneration: 24 + details: + message: manual change + causes: + - type: Manual + availableReplicas: 1 + unavailableReplicas: 0 + latestVersion: 22 + updatedReplicas: 1 + conditions: + - type: Available + status: 'True' + lastUpdateTime: '2023-09-27T22:20:56Z' + lastTransitionTime: '2023-09-27T22:20:56Z' + message: Deployment config has minimum availability. + - type: Progressing + status: 'True' + lastUpdateTime: '2023-09-27T22:21:26Z' + lastTransitionTime: '2023-09-27T22:21:21Z' + reason: NewReplicationControllerAvailable + message: >- + replication controller "openmbee-elasticsearch-22" successfully rolled + out + replicas: 1 + readyReplicas: 1 diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml new file mode 100644 index 0000000..f67078c --- /dev/null +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml @@ -0,0 +1,237 @@ +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: openmbee-mms + namespace: openmbee + uid: 56b1f21a-7213-4510-b5f1-2c75acdec56d + resourceVersion: '949351001' + generation: 79 + creationTimestamp: '2023-08-31T19:10:00Z' + annotations: + description: Handles deployment of the openmbee mms web api and backend + managedFields: + - manager: Mozilla + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-26T05:22:20Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:description': {} + 'f:spec': + 'f:replicas': {} + 'f:selector': + .: {} + 'f:name': {} + 'f:strategy': + 'f:activeDeadlineSeconds': {} + 'f:recreateParams': + .: {} + 'f:timeoutSeconds': {} + 'f:resources': + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:rollingParams': + .: {} + 'f:intervalSeconds': {} + 'f:maxSurge': {} + 'f:maxUnavailable': {} + 'f:timeoutSeconds': {} + 'f:updatePeriodSeconds': {} + 'f:type': {} + 'f:template': + .: {} + 'f:metadata': + .: {} + 'f:creationTimestamp': {} + 'f:labels': + .: {} + 'f:name': {} + 'f:spec': + 'f:volumes': + .: {} + 'k:{"name":"tls-secret"}': + .: {} + 'f:name': {} + 'f:secret': + .: {} + 'f:defaultMode': {} + 'f:secretName': {} + 'f:containers': + .: {} + 'k:{"name":"openmbee-mms"}': + 'f:envFrom': {} + 'f:image': {} + 'f:volumeMounts': + .: {} + 'k:{"mountPath":"/etc/secrets/mms"}': + .: {} + 'f:mountPath': {} + 'f:name': {} + 'f:readOnly': {} + 'f:terminationMessagePolicy': {} + .: {} + 'f:resources': + .: {} + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:terminationMessagePath': {} + 'f:imagePullPolicy': {} + 'f:ports': + .: {} + 'k:{"containerPort":5000,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'f:name': {} + 'f:dnsPolicy': {} + 'f:restartPolicy': {} + .: {} + 'f:schedulerName': {} + 'f:terminationGracePeriodSeconds': {} + 'f:imagePullSecrets': + .: {} + 'k:{"name":"nexus-repo-docker-registry"}': {} + 'f:securityContext': {} + 'f:triggers': {} + - manager: openshift-controller-manager + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-28T18:52:49Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:updatedReplicas': {} + 'f:readyReplicas': {} + 'f:conditions': + .: {} + 'k:{"type":"Available"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:status': {} + 'f:type': {} + 'k:{"type":"Progressing"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:reason': {} + 'f:status': {} + 'f:type': {} + 'f:details': + 'f:causes': {} + 'f:message': {} + 'f:replicas': {} + 'f:availableReplicas': {} + 'f:observedGeneration': {} + 'f:unavailableReplicas': {} + 'f:latestVersion': {} + subresource: status +spec: + strategy: + type: Rolling + recreateParams: + timeoutSeconds: 600 + rollingParams: + updatePeriodSeconds: 1 + intervalSeconds: 1 + timeoutSeconds: 600 + maxUnavailable: 25% + maxSurge: 25% + resources: + limits: + cpu: 350m + memory: 500Mi + requests: + cpu: 350m + memory: 100Mi + activeDeadlineSeconds: 21600 + triggers: + - type: ConfigChange + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + name: openmbee-mms + template: + metadata: + creationTimestamp: null + labels: + name: openmbee-mms + spec: + volumes: + - name: tls-secret + secret: + secretName: my-tls-secret + defaultMode: 420 + containers: + - resources: + limits: + cpu: 750m + memory: 1G + requests: + cpu: 350m + memory: 500M + terminationMessagePath: /dev/termination-log + name: openmbee-mms + ports: + - containerPort: 5000 + protocol: TCP + imagePullPolicy: Always + volumeMounts: + - name: tls-secret + readOnly: true + mountPath: /etc/secrets/mms + terminationMessagePolicy: File + envFrom: + - secretRef: + name: nexus-repo-docker-registry + image: >- + registry-cli-docker.wseasttest.navair.navy.mil:5000/openmbee/openmbee-mms:latest + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + imagePullSecrets: + - name: nexus-repo-docker-registry + schedulerName: default-scheduler +status: + observedGeneration: 79 + details: + message: manual change + causes: + - type: Manual + availableReplicas: 1 + unavailableReplicas: 0 + latestVersion: 61 + updatedReplicas: 1 + conditions: + - type: Progressing + status: 'True' + lastUpdateTime: '2023-09-28T18:30:30Z' + lastTransitionTime: '2023-09-28T18:30:25Z' + reason: NewReplicationControllerAvailable + message: replication controller "openmbee-mms-61" successfully rolled out + - type: Available + status: 'True' + lastUpdateTime: '2023-09-28T18:52:49Z' + lastTransitionTime: '2023-09-28T18:52:49Z' + message: Deployment config has minimum availability. + replicas: 1 + readyReplicas: 1 diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml new file mode 100644 index 0000000..ce0b983 --- /dev/null +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml @@ -0,0 +1,195 @@ +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: openmbee-ve + namespace: openmbee + uid: 54344196-94cb-49df-8ed4-d4857b0db33c + resourceVersion: '946560312' + generation: 109 + creationTimestamp: '2023-09-06T19:45:36Z' + annotations: + description: Handles deployment of the openmbee ve. + managedFields: + - manager: Mozilla + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-26T12:37:22Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:description': {} + 'f:spec': + 'f:replicas': {} + 'f:revisionHistoryLimit': {} + 'f:selector': + .: {} + 'f:app': {} + 'f:strategy': + 'f:activeDeadlineSeconds': {} + 'f:recreateParams': + .: {} + 'f:timeoutSeconds': {} + 'f:rollingParams': + .: {} + 'f:intervalSeconds': {} + 'f:maxSurge': {} + 'f:maxUnavailable': {} + 'f:timeoutSeconds': {} + 'f:updatePeriodSeconds': {} + 'f:type': {} + 'f:template': + .: {} + 'f:metadata': + .: {} + 'f:creationTimestamp': {} + 'f:labels': + .: {} + 'f:app': {} + 'f:spec': + .: {} + 'f:containers': + .: {} + 'k:{"name":"openmbee-ve"}': + .: {} + 'f:image': {} + 'f:imagePullPolicy': {} + 'f:name': {} + 'f:ports': + .: {} + 'k:{"containerPort":8080,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'f:resources': + .: {} + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:terminationMessagePath': {} + 'f:terminationMessagePolicy': {} + 'f:dnsPolicy': {} + 'f:imagePullSecrets': + .: {} + 'k:{"name":"nexus-repo-docker-registry"}': {} + 'f:restartPolicy': {} + 'f:schedulerName': {} + 'f:securityContext': {} + 'f:terminationGracePeriodSeconds': {} + 'f:triggers': {} + - manager: openshift-controller-manager + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-26T12:37:35Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:updatedReplicas': {} + 'f:readyReplicas': {} + 'f:conditions': + .: {} + 'k:{"type":"Available"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:status': {} + 'f:type': {} + 'k:{"type":"Progressing"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:reason': {} + 'f:status': {} + 'f:type': {} + 'f:details': + .: {} + 'f:causes': {} + 'f:message': {} + 'f:replicas': {} + 'f:availableReplicas': {} + 'f:observedGeneration': {} + 'f:unavailableReplicas': {} + 'f:latestVersion': {} + subresource: status +spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 600 + rollingParams: + updatePeriodSeconds: 1 + intervalSeconds: 1 + timeoutSeconds: 600 + maxUnavailable: 25% + maxSurge: 25% + resources: {} + activeDeadlineSeconds: 1800 + triggers: + - type: ConfigChange + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + app: openmbee-ve + template: + metadata: + creationTimestamp: null + labels: + app: openmbee-ve + spec: + containers: + - name: openmbee-ve + image: >- + registry-cli-docker.wseasttest.navair.navy.mil:5000/openmbee/openmbee-ve:VE-VERSION-4.0.2 + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + cpu: 500m + memory: 1G + requests: + cpu: 350m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + imagePullSecrets: + - name: nexus-repo-docker-registry + schedulerName: default-scheduler +status: + observedGeneration: 109 + details: + message: config change + causes: + - type: ConfigChange + availableReplicas: 1 + unavailableReplicas: 0 + latestVersion: 106 + updatedReplicas: 1 + conditions: + - type: Available + status: 'True' + lastUpdateTime: '2023-09-26T12:37:35Z' + lastTransitionTime: '2023-09-26T12:37:35Z' + message: Deployment config has minimum availability. + - type: Progressing + status: 'True' + lastUpdateTime: '2023-09-26T12:37:38Z' + lastTransitionTime: '2023-09-26T12:37:27Z' + reason: NewReplicationControllerAvailable + message: replication controller "openmbee-ve-106" successfully rolled out + replicas: 1 + readyReplicas: 1 diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml new file mode 100644 index 0000000..31e2299 --- /dev/null +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml @@ -0,0 +1,228 @@ +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: postgres + namespace: openmbee + uid: c0c241bb-2fc2-4170-b768-68836e3e0aab + resourceVersion: '945421288' + generation: 35 + creationTimestamp: '2023-08-31T19:10:49Z' + annotations: + template.alpha.openshift.io/wait-for-ready: 'true' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-14T18:17:18Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:template.alpha.openshift.io/wait-for-ready': {} + 'f:spec': + 'f:replicas': {} + 'f:selector': + .: {} + 'f:name': {} + 'f:strategy': + 'f:activeDeadlineSeconds': {} + 'f:recreateParams': + .: {} + 'f:timeoutSeconds': {} + 'f:type': {} + 'f:template': + .: {} + 'f:metadata': + .: {} + 'f:creationTimestamp': {} + 'f:labels': + .: {} + 'f:name': {} + 'f:spec': + 'f:volumes': + .: {} + 'k:{"name":"postgres-data"}': + .: {} + 'f:name': {} + 'f:persistentVolumeClaim': + .: {} + 'f:claimName': {} + 'f:containers': + .: {} + 'k:{"name":"postgres"}': + 'f:image': {} + 'f:volumeMounts': + .: {} + 'k:{"mountPath":"/var/opt/postgres"}': + .: {} + 'f:mountPath': {} + 'f:name': {} + 'f:terminationMessagePolicy': {} + .: {} + 'f:resources': + .: {} + 'f:limits': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:requests': + .: {} + 'f:cpu': {} + 'f:memory': {} + 'f:env': + .: {} + 'k:{"name":"POSTGRESQL_DATABASE"}': + .: {} + 'f:name': {} + 'f:value': {} + 'k:{"name":"POSTGRESQL_PASSWORD"}': + .: {} + 'f:name': {} + 'f:valueFrom': + .: {} + 'f:secretKeyRef': {} + 'k:{"name":"POSTGRESQL_USER"}': + .: {} + 'f:name': {} + 'f:value': {} + 'f:terminationMessagePath': {} + 'f:imagePullPolicy': {} + 'f:ports': + .: {} + 'k:{"containerPort":5432,"protocol":"TCP"}': + .: {} + 'f:containerPort': {} + 'f:protocol': {} + 'f:name': {} + 'f:dnsPolicy': {} + 'f:restartPolicy': {} + .: {} + 'f:schedulerName': {} + 'f:terminationGracePeriodSeconds': {} + 'f:imagePullSecrets': + .: {} + 'k:{"name":"nexus-repo-docker-registry"}': {} + 'f:securityContext': {} + 'f:triggers': {} + - manager: openshift-controller-manager + operation: Update + apiVersion: apps.openshift.io/v1 + time: '2023-09-25T14:51:03Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:updatedReplicas': {} + 'f:readyReplicas': {} + 'f:conditions': + .: {} + 'k:{"type":"Available"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:status': {} + 'f:type': {} + 'k:{"type":"Progressing"}': + .: {} + 'f:lastTransitionTime': {} + 'f:lastUpdateTime': {} + 'f:message': {} + 'f:reason': {} + 'f:status': {} + 'f:type': {} + 'f:details': + .: {} + 'f:causes': {} + 'f:message': {} + 'f:replicas': {} + 'f:availableReplicas': {} + 'f:observedGeneration': {} + 'f:unavailableReplicas': {} + 'f:latestVersion': {} + subresource: status +spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 600 + resources: {} + activeDeadlineSeconds: 21600 + triggers: + - type: ConfigChange + replicas: 1 + revisionHistoryLimit: 10 + test: false + selector: + name: postgres + template: + metadata: + creationTimestamp: null + labels: + name: postgres + spec: + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: postgres + containers: + - resources: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 500m + memory: 2Gi + terminationMessagePath: /dev/termination-log + name: postgres + env: + - name: POSTGRESQL_DATABASE + value: mms + - name: POSTGRESQL_USER + value: mmsuser + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: postgres + key: database-password + ports: + - containerPort: 5432 + protocol: TCP + imagePullPolicy: Always + volumeMounts: + - name: postgres-data + mountPath: /var/opt/postgres + terminationMessagePolicy: File + image: >- + registry-cli-docker.wseasttest.navair.navy.mil:5000/emergingtech/postgresql-10-rhel7:1 + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + imagePullSecrets: + - name: nexus-repo-docker-registry + schedulerName: default-scheduler +status: + observedGeneration: 35 + details: + message: manual change + causes: + - type: Manual + availableReplicas: 1 + unavailableReplicas: 0 + latestVersion: 32 + updatedReplicas: 1 + conditions: + - type: Progressing + status: 'True' + lastUpdateTime: '2023-09-19T04:56:05Z' + lastTransitionTime: '2023-09-19T04:55:52Z' + reason: NewReplicationControllerAvailable + message: replication controller "postgres-32" successfully rolled out + - type: Available + status: 'True' + lastUpdateTime: '2023-09-25T14:51:03Z' + lastTransitionTime: '2023-09-25T14:51:03Z' + message: Deployment config has minimum availability. + replicas: 1 + readyReplicas: 1 diff --git a/openshift-resources/openshift-output/persistent-volumes/persistentvolumeclaim-postgres.yaml b/openshift-resources/openshift-output/persistent-volumes/persistentvolumeclaim-postgres.yaml new file mode 100644 index 0000000..81d4040 --- /dev/null +++ b/openshift-resources/openshift-output/persistent-volumes/persistentvolumeclaim-postgres.yaml @@ -0,0 +1,73 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: postgres + namespace: openmbee + uid: a6b9ffdd-a288-4e5c-b1ac-1ed650b100a0 + resourceVersion: '930113112' + creationTimestamp: '2023-09-14T18:08:28Z' + annotations: + pv.kubernetes.io/bind-completed: 'yes' + pv.kubernetes.io/bound-by-controller: 'yes' + volume.beta.kubernetes.io/storage-provisioner: openshift-storage.cephfs.csi.ceph.com + volume.kubernetes.io/storage-provisioner: openshift-storage.cephfs.csi.ceph.com + finalizers: + - kubernetes.io/pvc-protection + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-14T18:08:28Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:accessModes': {} + 'f:resources': + 'f:requests': + .: {} + 'f:storage': {} + 'f:storageClassName': {} + 'f:volumeMode': {} + - manager: kube-controller-manager + operation: Update + apiVersion: v1 + time: '2023-09-14T18:08:29Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:pv.kubernetes.io/bind-completed': {} + 'f:pv.kubernetes.io/bound-by-controller': {} + 'f:volume.beta.kubernetes.io/storage-provisioner': {} + 'f:volume.kubernetes.io/storage-provisioner': {} + 'f:spec': + 'f:volumeName': {} + - manager: kube-controller-manager + operation: Update + apiVersion: v1 + time: '2023-09-14T18:08:29Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:accessModes': {} + 'f:capacity': + .: {} + 'f:storage': {} + 'f:phase': {} + subresource: status +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeName: pvc-a6b9ffdd-a288-4e5c-b1ac-1ed650b100a0 + storageClassName: ocs-storagecluster-cephfs + volumeMode: Filesystem +status: + phase: Bound + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi diff --git a/openshift-resources/openshift-output/routes/route-mbee-mms.yaml b/openshift-resources/openshift-output/routes/route-mbee-mms.yaml new file mode 100644 index 0000000..9ee3526 --- /dev/null +++ b/openshift-resources/openshift-output/routes/route-mbee-mms.yaml @@ -0,0 +1,58 @@ +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: mbee-mms + namespace: openmbee + uid: 9259ea63-f943-41a4-afbd-e4404aec2908 + resourceVersion: '945743751' + creationTimestamp: '2023-09-25T20:49:37Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: route.openshift.io/v1 + time: '2023-09-25T20:49:37Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:host': {} + 'f:port': + .: {} + 'f:targetPort': {} + 'f:tls': + .: {} + 'f:termination': {} + 'f:to': + 'f:kind': {} + 'f:name': {} + 'f:weight': {} + 'f:wildcardPolicy': {} + - manager: openshift-router + operation: Update + apiVersion: route.openshift.io/v1 + time: '2023-09-25T20:49:37Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:ingress': {} + subresource: status +spec: + host: mbee-mms.navair.navy.mil + to: + kind: Service + name: openmbee-mms + weight: 100 + port: + targetPort: openmbee-mms + tls: + termination: edge + wildcardPolicy: None +status: + ingress: + - host: mbee-mms.navair.navy.mil + routerName: default + conditions: + - type: Admitted + status: 'True' + lastTransitionTime: '2023-09-25T20:50:46Z' + wildcardPolicy: None + routerCanonicalHostname: router-default.apps.arena-workspace.navair.navy.mil diff --git a/openshift-resources/openshift-output/routes/route-mbee-ve.yaml b/openshift-resources/openshift-output/routes/route-mbee-ve.yaml new file mode 100644 index 0000000..cc6f801 --- /dev/null +++ b/openshift-resources/openshift-output/routes/route-mbee-ve.yaml @@ -0,0 +1,58 @@ +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: mbee-ve + namespace: openmbee + uid: 22fa24dd-6fec-41ab-91b2-d0579105d0c5 + resourceVersion: '945743259' + creationTimestamp: '2023-09-25T20:47:52Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: route.openshift.io/v1 + time: '2023-09-25T20:47:52Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:host': {} + 'f:port': + .: {} + 'f:targetPort': {} + 'f:tls': + .: {} + 'f:termination': {} + 'f:to': + 'f:kind': {} + 'f:name': {} + 'f:weight': {} + 'f:wildcardPolicy': {} + - manager: openshift-router + operation: Update + apiVersion: route.openshift.io/v1 + time: '2023-09-25T20:47:52Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:status': + 'f:ingress': {} + subresource: status +spec: + host: mbee.navair.navy.mil + to: + kind: Service + name: openmbee-ve-svc + weight: 100 + port: + targetPort: openmbee-ve + tls: + termination: edge + wildcardPolicy: None +status: + ingress: + - host: mbee.navair.navy.mil + routerName: default + conditions: + - type: Admitted + status: 'True' + lastTransitionTime: '2023-09-25T20:50:14Z' + wildcardPolicy: None + routerCanonicalHostname: router-default.apps.arena-workspace.navair.navy.mil diff --git a/openshift-resources/openshift-output/secrets/secret-my-tls-secret.yaml b/openshift-resources/openshift-output/secrets/secret-my-tls-secret.yaml new file mode 100644 index 0000000..d281480 --- /dev/null +++ b/openshift-resources/openshift-output/secrets/secret-my-tls-secret.yaml @@ -0,0 +1,26 @@ +kind: Secret +apiVersion: v1 +metadata: + name: my-tls-secret + namespace: openmbee + uid: 9707a05a-413c-4468-9d34-5a23b05f0098 + resourceVersion: '950096710' + creationTimestamp: '2023-09-25T16:57:22Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-25T16:57:22Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:data': + .: {} + 'f:tls.crt': {} + 'f:tls.key': {} + 'f:type': {} +data: + tls.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUYxVENDQTcyZ0F3SUJBZ0lVWEtESnIwVnA2UWtWSCtmekR0ejVLTHNjeHUwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2VqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeEZqQVVCZ05WQkFvTQpEVlV1VXlCSGIzWmxjbTFsYm5ReEREQUtCZ05WQkFzTUEwUnZSREV3TUM0R0ExVUVBd3duYjNCbGJtMWlaV1V0CmJXMXpMbTl3Wlc1dFltVmxMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQjRYRFRJek1Ea3lOVEUyTURRMU9Wb1gKRFRJME1Ea3lOREUyTURRMU9Wb3dlakVMTUFrR0ExVUVCaE1DUVZVeEV6QVJCZ05WQkFnTUNsTnZiV1V0VTNSaApkR1V4RmpBVUJnTlZCQW9NRFZVdVV5QkhiM1psY20xbGJuUXhEREFLQmdOVkJBc01BMFJ2UkRFd01DNEdBMVVFCkF3d25iM0JsYm0xaVpXVXRiVzF6TG05d1pXNXRZbVZsTG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTUlJQ0lqQU4KQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdDJZQ2JPUUpPWUhTa3BmZjVxbGZ0R1NqRUtDOApZbDYzQzdSU1owZzVVYkUvbzZOZ25ObjF1Zm83L3JVVFB1eHlzeDFDK0JIbHhId0dnWFZUQlplOXFBZVVDekx1ClJHOFU4MExrRE1tRnZpci83YThSNEhBeklTQmIzWjREckZ5U1gwOGN3WDNzVDlSYjZBdHZTRGx2NXZ1MnJwWjQKd2h3VUZYSWlvVVorQkFock5BTC9GU2RKV2V5dWNOeUJISGtMdGtwd0V0cVBWczFNVmNXdFpWOWI0bk1VTzZuYgpTRk53QjJHWDdUSlA3OE5SazQ2M1N1VjVTcGFYSG44c0pGbThabW1IYkNPdGpwNmRCNXo5ZjJyOXZYMmt4cXlRCkZmMTlhQk5WcVM1YmRadE82bnlGeUN6WHlHTzJLaFFBd3hYdG13SFBxRFVvcE5aMW5ab2R3NHU1R0ZnSjdkR2sKRFlYdnhVelF3L3RmS3RHL0dzSFU0UlJwTldpaCtzbitKYit1S3dSWEo2VmpaN2hyeEkzZDYzZGNVMXlDOGxlQgpTdmFWakdnU3lBeWp1SFpLMzNtczg1MkVwblRtZ0dhbkVUMkppaHZSVnlkUzJtaXZabDRwYVMvenFNRmlGYjhrCkJJRjZFdkhTZ0RTQUdnekh3QkZNMTl1Rm9VWkZ2ZEN5ZjhXdGtLdTRNd0RRZTRFLzVIdUVQTWlZbmxDakprOXkKNkdkT0FtM2lubUZqYm0ycHlpYTNuQllGRDVOL1BKWU5FcUF1b1BjZjlVNndtRUJiVWtZeWdGRFU3TVFSSjlqTQo1cVJNRFNvR0NqQ1dETXg0ZXNrd05NR0d5SFg0U0RPS3J4SXAvWjZ5ejEyUVh1RzdoU0Jsbk52QTdxVFNHNWtPCkU0Tm42dkloWnNteUp1MENBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUVGRjB4TncraVF5cFVvNURzNDZHSmliNVoKUFdiMk1COEdBMVVkSXdRWU1CYUFGRjB4TncraVF5cFVvNURzNDZHSmliNVpQV2IyTUE4R0ExVWRFd0VCL3dRRgpNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFIczVEaUVXVzgydXhEQnB6Y3FkRENWOVhUNWU3WVJzCkJoQkR6aGw4YUROV3BBWkZ3bFZ1ellCVS9RY0ZOdEZ0bEM4dUdncXlzSGhQOGwrV2FsZnM2SXVwS05aUitaQ1MKYWlnaDY1M3RQT005dDE0NTRWaC9rQnpNeEg2U1o1NjlsUFpwcHp4TzYycVdnMHVlSUJ1NlIwTzZDK3JaMTQzMApzQnNwYkp0SE5FMGVRL2djM0RiSzBDYUxIeHc5b3FFRVFtTDE4WDNnUDZrMlVpWHVhMDRncDQ2aW9haUtsQldTCk5BdlRXZVBEWXBIdTFzSEtadFlsMlEzNFdGQWdtTEdyS25oOWl4UlBpSGFPdHIxdDIvK0VnV3hUY2JUbVQ1NG8KVW1QcVhrVmZRbkN4bGJUdXN1U29aVExHeXpFbzhUK05TSXhCSGs0NXpuTXdWb0JMcFdlWmxVUXNQVmJVSTdKSwo5eGpXMFRsNWJrbUJmWXNNNk5HODZJK2FlSXVYaEtlYnVsWEs0VVVveFZHaCs3UjcxVjB5UWo2ZVl3TXRsRUxJCmhpOWpYenhrTUZ2QVJxZ3FyOUxtVytIOVZZeUE5NXJ0WlU1MUJtTWJXeTdPVDArNXJDUmlYRXVCM1RjWElyS1MKNUUySGRUTDk2MGwvci8zVGRTdmpHL2ExSG5XRFFHVDdDYzNPbCtKUDVhdEdScllIaVQ4UDJ1ZVFkUmszenFMVgo3Sm5XaW04bm15UkgzVTdabFlZY1NsS3VONFhkc3hpNUVWVTJEREdhUjUzYWNGaXF5TnA1Vno2NnJKTFE3c1ZmCmdXUjZidXRVTGxLbGIxK0RjWEJIeXVCK1pTN1ZWY1o1MjR4TUV3cDllOEFaYlJjVEQ5MU5pSmJZVW5iclpzNGYKdW5uanB0RDRrMmNECi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: >- + LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUlKbkRCT0Jna3Foa2lHOXcwQkJRMHdRVEFwQmdrcWhraUc5dzBCQlF3d0hBUUk3U090SkdBRlZVd0NBZ2dBCk1Bd0dDQ3FHU0liM0RRSUpCUUF3RkFZSUtvWklodmNOQXdjRUNBNng0VnFPUkZHMUJJSUpTQWtJWlVYL3dLS08KaTBkbUlyalFGMk9ZS01TdUhFcXdHVTA3RklWS0xMVzdjNit4R3VHU29sdVpVL3Fkbm8zL2pLQlFhekl6eGxVdgo3ZWttYlU0ZTJDcWtaQXp1U3FXaG9wVWFRQ3NJS1p6ZjZhWDM0SkNEYjIraWxNMGV5aHJJaWZYOUxmT2t6Wm1RClhNZTI5RUZCYjlURXFoa0FoM2ZFY2JwTEh4MUpWbWJyODFEei9yc0pPa0lndndQeDVvY3R2U08yRmN4bVo2M20KN2FaT2tMVzRVMTRMM3V5VFVlNlBMYmtObnk4V1ZtOGFmb2U4Wm1NdE5YMmw4MURmVVZnZUQyai9HcTAzWUNMcApESnF3Z3RQYnJoWUxBdmF4RlVRNE1yc0VCVTRRcUlQR3VNU1pFeWl4cWhpa0VYZW1Oa2xXSFdlTVVJV1ZoUUFSCjhiVDVteXpaQW1KOVJOYjBhSEREMzZIa0hsYmNSQjgzWEJ2c2Fid0owTWpVZjU2RnNtSUtyTUkvSHJjcGFwL24KMUdTS0NKU2hWVXozSjVWdGZqNS8vcVY0UDBJYzkrOGU5d1cwbVFCSUgva3hraHJ6QWdKdGxMdHlwVVJ1UDlUYgpMUDBXMWpKNlc4Mkt3UFh1clpnaUl4b2pnMWtYdHJkT3Z6NWxVQmxGS1UrdnpEQmluK242RkdVTmlxTjVoV21OCnVXaDE4QlAwN2VuZVo2T0lhb0NBczNKcE5qODRkaGN6ZFM5YzdnVnRNNUpRZ01Mc08xUDk0aUtyV0RYblpyUFEKMmw5RkNiRGJHMjU0dWhFYXdvcURzektoaEVPZStxejA4WXY0RUp5VUtEeUFyUFFJbzRNUVE2ZGxnbXZURUdGeQpUUWl3cTlYWTFNWnNjcm5oK29WR3hQbDFkZ1FTOXZoYWpoLzlZaURXOHhmeExWQk1VMEJkTThUdWE3Vm5Qd1M2CmVVdDl5L3FPTTFqMHlLWE1DN21xbmRJRVRNSnQxMUkrUlJHQ2tHekNURzBEU205eGtiMHFEUEs5cTFqbFhTNFQKVU5hdkRqOGdHcE82aHB6OGFFSzQ0aUtBVnFLcEdWY3RmcjZpYjh2NDB4NHYrb0tkZmlVL2l6aEUrUVFjQnFyTgo0S1h0eURyd1BkMDRMUk84OUpEMVhrRTZDdzdOWVpVS0F5aGxCMmVXUzZFNEZiSERMMktraHRqaVkwbEFndmw3CjdtNXpPSGtBM2FzRHoyRWZqektYV0JmMXRLMkpYd1hOY0IrUDkrVHlubGN1aDBiTnkvL3d2MUU5b1UzVGs3M2EKbFczaFEvYlcxaTlnbE1mUGRjWE1vTmNvOG1tcCs2ait5NWZHbTJlUUpWaFBVQW1aLzBCaERxZmtNbnV2M3M5bgpvR20wSkUwZ2VNeGhqMGZ2NVpxREUxeXA2OEptU21wbkdtZEJGbVhtYlZ5ZmJNcm1BcDZUN1Ixdm9xZUp5cVZXCmhLUEJ3SEt3bTdXOTViK29PbWZpSTdlb2M2ZnBIaHpscG5TRlFKRktsYXhyajV4VllId3Vvd2JyRXlNYTkxMHoKZkNmWS9zRFFWTjNwQTFiclU4TzFZMlF5Tnl1MnQzeDNNV0gzM293SWpLbHlHOVY4Q3YrQlRhYmZTWjVBcXFVTwpvTG45cEZKYkZEaTN6NmJ4dys2WVNxbXB4STcwQ3VKdW02R1NJNjZKcGxITzFTaWRsK1RmYWlvVlRPalVtc2pjClUwUlQ4VnVPeEVybGRLdTEyZkNXak1KL2hOaThrdFI4Z2hRZHpTUHpMVWQ4dmkwdkdHd2xBMmxVRG5CN3QzL0QKaTJZalJmck1IeGZaK3pPRTJHdE81aWN1bElGMkZVc3RDb0xyYVJZdi96OWI0d3J3Z3VPWVpyeWFuYUdRQ25sMAo2djdsSC9UdTRCR09TZUpQQTdVOXk5UTMyUmZqUXgvM0EwVU0zdzNPRXYwbVlwYzROSHc5MnRYZnM3c2R2WGc1Ckx4ZW1kK2V3aWNpejhybnczbWpoRnF0UFZ6K0dnTExvUnFkRVZpTEZVSVd0bHNOaytYa1dscU1aZ3h2VU9FWTkKaVRLRW95dks2MDBxRGtzQWV3UnVsYi9reE5kSy9VcVU0bFI3TmpJbDJGYjdoRDR1WnkvbVdCWkNZcmhjdUhZTAp2K2U4Q0FhcHR0cVNiZFdUeEtWYkFNdi9Hc0dTYjk3VUxuenZBcDNXMGt2Y3dIbnRCbzFrZTRld216MkJTZ2M0CmRBQUUwNmhaRzNzWkRHanl0R01BekRUbTllakgzdUxlSm5nZk9WeGIvMjNCVE1iR251RmpNNXVXUkQweS9wUFMKSHQyVThsWXhQSUp4V0lWZndwSXpHckQxVVkxZld2SFRDMmRkK01vZC9wTXYrT01ROFQwbi82K2ExbHhTMDh2YwpmZWI3M1FLUis2V0RRYW9mYjF1ZXcrQWVwdjJlK2xvUUNzSS9JMHF6RVdOKzFQNktiaHY3Z0tMTmxEOGZJTUJICnBxU2U0QmJyakVxY3NEejlreVJHSEQwZDk4N2NOQ3A5QjRJblBOdzd4SlZTR0l0UlNaMHZKYjVtUXFJQmc1b1oKMVdEdWVRWjFsekJMbzRTczhkS2FGTTlBL0hnQ1NZTzljbUN4bkVHSWwrdzFiUWR2Y0V1VjR2bnNtYTVUVlFlYQpWN0xLaW81eHZKZk9UY0lBYnBVdkg4M2hvRjV1U043UWRFODZRMnFHMmdGUG1QWGJOSm5PSFNzYU1JdFlIQjRjCmlxKzBJdFJnRjdSKzNvSHVQazZPWmFsWE1rTC9KTGVzT3BlU1IvNnpQMVdkS2VWYmc0cDNEd3hDMGZ1WGZRYUgKWDJWTldGYTlmZmxJbWhwTGovUGt6Tnk0QUVZSVFpcjJscDRucjZMbll2cUd4ald5cEY2ODBFWnU0N0pQY1gwWQo3dldzRTd3ZUp4OCt6OW54K1lZbjQ0dEpVRTVETWNudFEwV1N2RkplekE5NllSUHplOGkzdGhCV2JrV0prY0o4CndpaEtyemZ3SW81WkZ1Rkk0SE9yQlM4d25IZnBJakZnZXdWcjcvT3V0dGFIdFBaVXVpQTlLTUVpRWRYcWxQNFgKWTk4eGoxaDU5b0w3UFQ1aWh3b3hmdTZBOXplSmNaN05nTFBQRzcwdU5aREhyRHAzNFpyM0E2R2hVK0NuUnd0ZQpOVE4xMW1hNTB6aU9PZjd2UXFsMmQ4QmNWMGMvcG1sUXl5RGo3MWVGWlA4ZEtHcU5OYlhOWDdOZkRDbXJzZ09uCnhjcG5sV20vTTNaTENDK1NQNExUamk0TWdFTWI2dlVIUUZuenYydjFYOWdoL25ibVdhb2VGZzg0WW8rMllNNWsKbDExTmx4RDJRUVQ1bWJhdjd5bXhMOEZMT3ljT2o1dVJhNk9hanVReFhRaFB1TVJIUnVMZHl0QStOUjVSckpFcApYRVpzWnd2eUZzRXpZZk9jZ1VlREx4NDIxa05YQ0FrV2FhdHp2RmZMTm1DUnF0MjRQZHdyWC9JUkRvUXNzQ0FUClY2VHRUNExFeTNQWUt2VVQrdXpqZS9Fc09tdndPQXdIMSs4K0hGd3NVbUgrbjR1YkwrL1J1N3A5bWxLRFdEYUoKakFxYUROQkNPbFJCdDIvYVUvYUp0blA5TmtUSzg3M29iWHNKUkM4NFZ3eXZ3SXU3NTNzZzZhNVZjRko1NThWUQpXQi9TdWZTTENsSVl5TG5UYUlrbldDNWw4OFZhN1Q2VDlGOXVFL3pSbnR0Qm03b01CTTh4QVhSV1hrNFNTNHFnClJIbFcyaEtRZjJ2Z0dkUmNPdHdnemE0dVZoYXhnRmtYN0kzN2NJTTlhVXFsdmFXdkZVOGUrcld4N3RNcG9KWDAKQiszZFphUERwSkF0V3RLU1V0U1NvR0dJemdScWZ5cDJXMVgzQUlnTkdLd3lGdVd1ZHBhU0hYY2gvRjVqU0tsYwp2TkZyN241WExUdlJkSHdCL2pUeStXNDVkdVRvL0QzSGcrT0tKc0NaZDdSOXU3RE1DQW8xSmRxQ1dxTE8wMXF4CkhuNnZjQ3RxZjA0ZXNnSmNCbWRkZFQ4SlFXWGcyUWdTaWFwS1d0di85Q1JOTVlrM2xpaXNRaW1mczVGV2hlMXEKcGxHeklLTitWTHJqcFJ4ZnNOL0dWY2h6ZGhqanRGdEpUUkxnZ1U3UWFONmlJa3BEbG1wRytpZWVob1FJd1dFMwo3bkNsaTdodEFBQmhKbVFaM3BJN21RPT0KLS0tLS1FTkQgRU5DUllQVEVEIFBSSVZBVEUgS0VZLS0tLS0K +type: kubernetes.io/tls diff --git a/openshift-resources/openshift-output/secrets/secret-nexus-repo-docker-registry.yaml b/openshift-resources/openshift-output/secrets/secret-nexus-repo-docker-registry.yaml new file mode 100644 index 0000000..a124149 --- /dev/null +++ b/openshift-resources/openshift-output/secrets/secret-nexus-repo-docker-registry.yaml @@ -0,0 +1,23 @@ +kind: Secret +apiVersion: v1 +metadata: + name: nexus-repo-docker-registry + namespace: openmbee + uid: 86eba8fb-4bf5-4dd0-8aeb-d6aa17e6e132 + resourceVersion: '950096711' + creationTimestamp: '2023-07-18T16:52:37Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-07-18T16:52:37Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:data': + .: {} + 'f:.dockerconfigjson': {} + 'f:type': {} +data: + .dockerconfigjson: >- + eyJhdXRocyI6eyJyZWdpc3RyeS1jbGktZG9ja2VyLndzZWFzdHRlc3QubmF2YWlyLm5hdnkubWlsOjUwMDAiOnsidXNlcm5hbWUiOiJTUzB0QUpvRyIsInBhc3N3b3JkIjoibS0zLVBYcXVTTkJIZjFBMkFvUS1KZTFwcUxRV25CM0RsZk9TNi1BUHBtNGciLCJlbWFpbCI6InVudXNlZCIsImF1dGgiOiJVMU13ZEVGS2IwYzZiUzB6TFZCWWNYVlRUa0pJWmpGQk1rRnZVUzFLWlRGd2NVeFJWMjVDTTBSc1prOVROaTFCVUhCdE5HYz0ifX19 +type: kubernetes.io/dockerconfigjson diff --git a/openshift-resources/openshift-output/secrets/secret-postgres.yaml b/openshift-resources/openshift-output/secrets/secret-postgres.yaml new file mode 100644 index 0000000..7a79840 --- /dev/null +++ b/openshift-resources/openshift-output/secrets/secret-postgres.yaml @@ -0,0 +1,22 @@ +kind: Secret +apiVersion: v1 +metadata: + name: postgres + namespace: openmbee + uid: 2f4f8b2f-1374-4bc3-80c4-3664ce070dd7 + resourceVersion: '950096712' + creationTimestamp: '2023-09-14T17:27:08Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-14T17:27:08Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:data': + .: {} + 'f:database-password': {} + 'f:type': {} +data: + database-password: dGVzdDEyMzQ= +type: Opaque diff --git a/openshift-resources/openshift-output/services/service-minio.yaml b/openshift-resources/openshift-output/services/service-minio.yaml new file mode 100644 index 0000000..454ceb6 --- /dev/null +++ b/openshift-resources/openshift-output/services/service-minio.yaml @@ -0,0 +1,60 @@ +kind: Service +apiVersion: v1 +metadata: + name: minio + namespace: openmbee + uid: e4d03e2f-2851-43ce-9830-d749e740d3c6 + resourceVersion: '911719467' + creationTimestamp: '2023-08-31T19:29:46Z' + labels: + io.kompose.service: minio + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.30.0 (HEAD) + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-08-31T19:29:46Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:kompose.cmd': {} + 'f:kompose.version': {} + 'f:labels': + .: {} + 'f:io.kompose.service': {} + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":9000,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: '9000' + protocol: TCP + port: 9000 + targetPort: 9000 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + io.kompose.service: minio +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/services/service-openmbee-elasticsearch.yaml b/openshift-resources/openshift-output/services/service-openmbee-elasticsearch.yaml new file mode 100644 index 0000000..3e06f1e --- /dev/null +++ b/openshift-resources/openshift-output/services/service-openmbee-elasticsearch.yaml @@ -0,0 +1,57 @@ +kind: Service +apiVersion: v1 +metadata: + name: openmbee-elasticsearch + namespace: openmbee + uid: b4580c99-e15d-41ce-9b48-7733e0cbf247 + resourceVersion: '946676276' + creationTimestamp: '2023-09-18T17:02:46Z' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-18T17:02:46Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":9200,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'k:{"port":9300,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: '9200' + protocol: TCP + port: 9200 + targetPort: 9200 + - name: '9300' + protocol: TCP + port: 9300 + targetPort: 9300 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + io.kompose.service: elasticsearch +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/services/service-openmbee-mms.yaml b/openshift-resources/openshift-output/services/service-openmbee-mms.yaml new file mode 100644 index 0000000..8f023bc --- /dev/null +++ b/openshift-resources/openshift-output/services/service-openmbee-mms.yaml @@ -0,0 +1,53 @@ +kind: Service +apiVersion: v1 +metadata: + name: openmbee-mms + namespace: openmbee + uid: c18056c7-480d-4392-bfd5-a3abd080a149 + resourceVersion: '941588245' + creationTimestamp: '2023-08-31T19:29:04Z' + annotations: + service.beta.openshift.io/inject-cabundle: 'true' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-22T21:27:35Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:service.beta.openshift.io/inject-cabundle': {} + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":5000,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: openmbee-mms + protocol: TCP + port: 5000 + targetPort: 5000 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + name: openmbee-mms +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/services/service-openmbee-ve-svc.yaml b/openshift-resources/openshift-output/services/service-openmbee-ve-svc.yaml new file mode 100644 index 0000000..5229040 --- /dev/null +++ b/openshift-resources/openshift-output/services/service-openmbee-ve-svc.yaml @@ -0,0 +1,53 @@ +kind: Service +apiVersion: v1 +metadata: + name: openmbee-ve-svc + namespace: openmbee + uid: 52741a91-5a2d-459a-8ea7-96fa13ac328f + resourceVersion: '936991153' + creationTimestamp: '2023-08-31T18:02:11Z' + annotations: + description: Exposes and load balances the application pods + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-08-31T18:02:11Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:description': {} + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":8080,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: openmbee-ve + protocol: TCP + port: 8080 + targetPort: 8080 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + app: openmbee-ve +status: + loadBalancer: {} diff --git a/openshift-resources/openshift-output/services/service-postgres.yaml b/openshift-resources/openshift-output/services/service-postgres.yaml new file mode 100644 index 0000000..e34c019 --- /dev/null +++ b/openshift-resources/openshift-output/services/service-postgres.yaml @@ -0,0 +1,53 @@ +kind: Service +apiVersion: v1 +metadata: + name: postgres + namespace: openmbee + uid: 28877079-55a8-4557-bf29-d769c005136f + resourceVersion: '930093890' + creationTimestamp: '2023-08-31T19:32:40Z' + annotations: + template.openshift.io/expose-uri: 'postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgres")].port}' + managedFields: + - manager: Mozilla + operation: Update + apiVersion: v1 + time: '2023-09-14T17:39:05Z' + fieldsType: FieldsV1 + fieldsV1: + 'f:metadata': + 'f:annotations': + .: {} + 'f:template.openshift.io/expose-uri': {} + 'f:spec': + 'f:internalTrafficPolicy': {} + 'f:ports': + .: {} + 'k:{"port":5432,"protocol":"TCP"}': + .: {} + 'f:name': {} + 'f:port': {} + 'f:protocol': {} + 'f:targetPort': {} + 'f:selector': {} + 'f:sessionAffinity': {} + 'f:type': {} +spec: + clusterIP: 'CLUSTER IP ADDRESS' + ipFamilies: + - IPv4 + ports: + - name: postgres + protocol: TCP + port: 5432 + targetPort: 5432 + internalTrafficPolicy: Cluster + clusterIPs: + - 'CLUSTER IP ADDRESS' + type: ClusterIP + ipFamilyPolicy: SingleStack + sessionAffinity: None + selector: + name: postgres +status: + loadBalancer: {} diff --git a/src/main/java/org/openmbee/mms/mmsri/config/LoggingFilter.java b/src/main/java/org/openmbee/mms/mmsri/config/LoggingFilter.java index 46dd724..ab9e541 100644 --- a/src/main/java/org/openmbee/mms/mmsri/config/LoggingFilter.java +++ b/src/main/java/org/openmbee/mms/mmsri/config/LoggingFilter.java @@ -1,3 +1,54 @@ +//package org.openmbee.mms.mmsri.config; +// +//import java.io.IOException; +//import java.util.UUID; +//import jakarta.servlet.Filter; +//import jakarta.servlet.FilterChain; +//import jakarta.servlet.ServletException; +//import jakarta.servlet.ServletRequest; +//import jakarta.servlet.ServletResponse; +//import jakarta.servlet.http.HttpServletRequest; +//import jakarta.servlet.http.HttpServletResponse; +//import org.slf4j.Logger; +//import org.slf4j.LoggerFactory; +//import org.springframework.security.core.Authentication; +//import org.springframework.security.core.context.SecurityContextHolder; +// +//public class LoggingFilter implements Filter { +// private final Logger LOGGER = LoggerFactory.getLogger(LoggingFilter.class); +// +// @Override +// public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) +// throws IOException, ServletException { +// String corr = UUID.randomUUID().toString(); +// long time = System.currentTimeMillis(); +// Authentication auth = SecurityContextHolder.getContext().getAuthentication(); +// String user = "anonymousUser"; +// if (auth != null) { +// user = auth.getName(); +// } +// HttpServletRequest r = (HttpServletRequest) req; +// String query = r.getQueryString(); +// query = query == null ? "" : ("?" + query); +// if (!r.getRequestURI().startsWith("/actuator") && !r.getRequestURI().startsWith("/v3")) { +// LOGGER.info("req - {} - {} - {} - {}", user, r.getMethod(), r.getRequestURI() + query, +// corr); +// } +// chain.doFilter(req, resp); +// +// time = System.currentTimeMillis() - time; +// HttpServletResponse res = (HttpServletResponse) resp; +// auth = SecurityContextHolder.getContext().getAuthentication(); +// if (auth != null) { +// user = auth.getName(); +// } +// if (!r.getRequestURI().startsWith("/actuator") && !r.getRequestURI().startsWith("/v3")) { +// LOGGER.info("res - {} - {} - {} - {} - {} - {}ms ", user, r.getMethod(), +// r.getRequestURI() + query, corr, res.getStatus(), time); +// } +// } +//} + package org.openmbee.mms.mmsri.config; import java.io.IOException; diff --git a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java index c73fd40..4b0477e 100644 --- a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java +++ b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java @@ -38,7 +38,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements @Autowired AuthSecurityConfig authSecurityConfig; - +// Below Code is used for Spring 2.x @Override public void configure(HttpSecurity http) throws Exception { //permit all for anonymous access for public projects @@ -58,7 +58,6 @@ public void configure(HttpSecurity http) throws Exception { //filter only needed if not permitAll //http.addFilterAfter(corsFilter(), ExceptionTranslationFilter.class); authSecurityConfig.setAuthConfig(http); - } @Bean @@ -81,6 +80,11 @@ public void addCorsMappings(CorsRegistry registry) { .allowCredentials(true) .maxAge(3600L) .allowedOriginPatterns(allowedOrigins.split(",")); +// registry.addMapping("/**") +// .allowedOrigins("https://openmbee-mms.apps.arena-workspace.navair.navy.mil") // Point this to your frontend's domain +// .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") +// .allowedHeaders("Authorization", "Content-Type", "Cache-Control") +// .allowCredentials(true); } private CorsFilter corsFilter() { @@ -105,3 +109,107 @@ public void configureContentNegotiation(ContentNegotiationConfigurer configurer) .defaultContentType(MediaType.APPLICATION_JSON); } } +//package org.openmbee.mms.example.config; +// +//import org.openmbee.mms.authenticator.config.AuthSecurityConfig; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.beans.factory.annotation.Value; +//import org.springframework.context.annotation.Bean; +//import org.springframework.context.annotation.Configuration; +//import org.springframework.http.MediaType; +//import org.springframework.scheduling.annotation.EnableAsync; +//import org.springframework.security.authentication.AuthenticationManager; +//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +//import org.springframework.security.config.annotation.web.builders.HttpSecurity; +//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +//import org.springframework.security.web.access.ExceptionTranslationFilter; +//import org.springframework.transaction.annotation.EnableTransactionManagement; +//import org.springframework.web.cors.CorsConfiguration; +//import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +//import org.springframework.web.filter.CorsFilter; +//import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer; +//import org.springframework.web.servlet.config.annotation.CorsRegistry; +//import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +//import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; +// +//import static org.springframework.http.HttpHeaders.*; +//import static org.springframework.http.HttpMethod.*; +// +//@Configuration +//@EnableWebSecurity +//@EnableGlobalMethodSecurity(prePostEnabled = true) +//@EnableTransactionManagement +//@EnableAsync +//public class SecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer { +// +// @Value("${cors.allowed.origins:*}") +// private String allowedOrigins; +// +// @Autowired +// AuthSecurityConfig authSecurityConfig; +// +// @Override +// public void configure(HttpSecurity http) throws Exception { +// http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().httpBasic(); +// http.headers().cacheControl(); +// http.addFilterAfter(corsFilter(), ExceptionTranslationFilter.class); +// authSecurityConfig.setAuthConfig(http); +// } +// +// @Bean +// public RequestMappingHandlerMapping useTrailingSlash() { +// RequestMappingHandlerMapping requestMappingHandlerMapping = new RequestMappingHandlerMapping(); +// requestMappingHandlerMapping.setUseTrailingSlashMatch(true); +// return requestMappingHandlerMapping; +// } +// +// @Bean +// @Override +// public AuthenticationManager authenticationManagerBean() throws Exception { +// return super.authenticationManagerBean(); +// } +// +// @Override +// public void addCorsMappings(CorsRegistry registry) { +// registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS"); +// } +// +// private CorsFilter corsFilter() { +// /* +// CORS requests are managed only if headers Origin and Access-Control-Request-Method are available on OPTIONS requests +// (this filter is simply ignored in other cases). +// This filter can be used as a replacement for the @Cors annotation. +// */ +// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); +// +// CorsConfiguration config = new CorsConfiguration(); +// config.setAllowCredentials(true); +//// for(String origin: allowedOrigins.split(",")) { +//// config.addAllowedOrigin(origin); +//// } +// config.addAllowedOrigin("openmbee.apps.arena-workspace.navair.navy.mil"); +// config.addAllowedOrigin("openmbee-mms.apps.arena-workspace.navair.navy.mil"); +// config.addAllowedHeader(ORIGIN); +// config.addAllowedHeader(CONTENT_TYPE); +// config.addAllowedHeader(ACCEPT); +// config.addAllowedHeader(AUTHORIZATION); +// config.addAllowedMethod(GET); +// config.addAllowedMethod(PUT); +// config.addAllowedMethod(POST); +// config.addAllowedMethod(OPTIONS); +// config.addAllowedMethod(DELETE); +// config.addAllowedMethod(PATCH); +// config.setMaxAge(3600L); +// +// source.registerCorsConfiguration("/**", config); +// return new CorsFilter(source); +// } +// +// @Override +// public void configureContentNegotiation(ContentNegotiationConfigurer configurer) { +// configurer.favorParameter(false) +// .ignoreAcceptHeader(false) +// .defaultContentType(MediaType.APPLICATION_JSON); +// } +//} \ No newline at end of file diff --git a/src/main/resources/application.properties.example b/src/main/resources/application-local.properties similarity index 85% rename from src/main/resources/application.properties.example rename to src/main/resources/application-local.properties index 35dcc73..64486b3 100644 --- a/src/main/resources/application.properties.example +++ b/src/main/resources/application-local.properties @@ -4,10 +4,18 @@ mms.admin.username=test mms.admin.password=test mms.stream.batch.size=100000 +#change the server url +#spring.main.web-application-type=none +server.port=5000 + cors.allowed.origins=* # jwt issued by mms for logins via /authentication -jwt.secret=make_me_something_really_long +# jwt.secret=make_me_something_really_long +#grabbed from running the following command +# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" +#jwt.secret=d8448f7ad828fe0ed27fffd01059fec974464594fc832c5b50a0c9cdd073b8c8 +jwt.secret=f49cc83d269c46d93b39aa9eb40bdca4b44a5417efa5c7827e992724dc234c59 jwt.expiration=86400 jwt.header=Authorization @@ -29,7 +37,7 @@ ldap.group.search.filter=(&(objectClass=group)(uniqueMember={0})) # RDB config # if using mysql instead of postgres, comment and uncomment the corresponding properties -spring.datasource.url=jdbc:postgresql://localhost:5432 + spring.datasource.url=jdbc:postgresql://localhost:5432 #spring.datasource.url=jdbc:mysql://localhost:3306 spring.datasource.database=mms spring.datasource.username=mmsuser @@ -58,7 +66,7 @@ spring.mvc.pathmatch.matching-strategy=ant_path_matcher # Elasticsearch config elasticsearch.host=localhost elasticsearch.port=9200 -elasticsearch.http=http +elasticsearch.http=https elasticsearch.limit.result=10000 elasticsearch.limit.term=1000 elasticsearch.limit.scrollTimeout=1000 @@ -96,5 +104,8 @@ logbook.format.style=splunk # currently all /actuator/* endpoints require 'mmsadmin' authority, except for /actuator/health management.endpoints.web.exposure.include=* #management.endpoints.web.exposure.exclude=configprops,env -management.endpoint.health.show-details=when_authorized +# old value +# management.endpoint.health.show-details=when_authorized +management.endpoint.health.show-details=always management.endpoint.health.roles=mmsadmin + diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties new file mode 100644 index 0000000..c1b2ab4 --- /dev/null +++ b/src/main/resources/application-prod.properties @@ -0,0 +1,120 @@ +# Auth config +# local admin user will get created if doesn't exist +mms.admin.username=test +mms.admin.password=test +mms.stream.batch.size=100000 + +#change the server url +#spring.main.web-application-type=none +#server.address= +server.port=5000 +server.forward-headers-strategy=framework +#server.ssl.enabled=true +##server.ssl.key-alias=yourkeystorealias +#server.ssl.key-store=classpath:mms.p12 +#server.ssl.key-store-password=mms_password +#server.ssl.key-store-type=PKCS12 +#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration + +cors.allowed.origins=* + +# jwt issued by mms for logins via /authentication +# jwt.secret=make_me_something_really_long +#grabbed from running the following command +# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" +#jwt.secret=d8448f7ad828fe0ed27fffd01059fec974464594fc832c5b50a0c9cdd073b8c8 +jwt.secret=f49cc83d269c46d93b39aa9eb40bdca4b44a5417efa5c7827e992724dc234c59 +jwt.expiration=86400 +jwt.header=Authorization + +# LDAP config +ldap.provider.base=ou=personnel,dc=dir,dc=domain,dc=com +ldap.provider.url=ldaps://your-ldap.domain.com/${ldap.provider.base} +# user and pass to connect to ldap, can be empty if ldap server allows anonymous searches +ldap.provider.userdn= +ldap.provider.password= +# ldap user dn pattern, {0} will be replaced with username +ldap.user.dn.pattern=uid={0} +ldap.user.attributes.username=uid +ldap.user.attributes.email=mail +# attribute name of the group name +ldap.group.role.attribute=cn +# to find groups a user belongs to - search base and ldap search filter +ldap.group.search.base=ou=personnel,dc=dir,dc=domain,dc=com +ldap.group.search.filter=(&(objectClass=group)(uniqueMember={0})) + +# RDB config +# if using mysql instead of postgres, comment and uncomment the corresponding properties +spring.datasource.url=jdbc:postgresql://localhost:5432 +#spring.datasource.url=jdbc:mysql://localhost:3306 +spring.datasource.database=mms +spring.datasource.username=mmsuser +spring.datasource.password=test1234 +spring.datasource.driver-class-name=org.postgresql.Driver +#spring.datasource.driver-class-name=com.mysql.jdbc.Driver +spring.datasource.initialization-mode=never + +# specifies a prefix for the mms created project db +rdb.project.prefix=mms + +# The SQL dialect makes Hibernate generate better SQL for the chosen database +# comment and uncomment postgres/mysql as needed +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect +#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialect +#spring.jpa.properties.hibernate.dialect.storage_engine=innodb +# Hibernate ddl auto (create, create-drop, validate, update) +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.jpa.open-in-view=false + +spring.main.allow-bean-definition-overriding=true +spring.main.allow-circular-references=true +spring.mvc.pathmatch.matching-strategy=ant_path_matcher + +# Elasticsearch config +#elasticsearch.host=localhost +elasticsearch.host= +elasticsearch.port=9200 +elasticsearch.http=https +elasticsearch.limit.result=10000 +elasticsearch.limit.term=1000 +elasticsearch.limit.scrollTimeout=1000 +elasticsearch.limit.get=10000 +elasticsearch.limit.index=5000 +elasticsearch.limit.commit=100000 + +# s3 storage config for artifacts +s3.endpoint=http://localhost:9000 +s3.access_key=admintest +s3.secret_key=admintest +s3.region=somewhere +# optional if using minio +s3.bucket=mms + +# Swagger UI config https://springdoc.org/ +springdoc.swagger-ui.path=/v3/swagger-ui.html +springdoc.swagger-ui.operationsSorter=alpha +springdoc.swagger-ui.tagsSorter=alpha +springdoc.default-produces-media-type=application/json +springdoc.swagger-ui.displayOperationId=true + +# Logbook config https://github.com/zalando/logbook +logging.level.org.zalando.logbook=TRACE +logbook.filter.form-request-mode=off +# exclude swagger ui and actuator +logbook.exclude=/v3/**,/actuator/** +#logbook.write.max-body-size=-1 +logbook.strategy=without-body +# style can be splunk|http|json|curl +logbook.format.style=splunk + +# https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html +# https://www.baeldung.com/spring-boot-health-indicators +# currently all /actuator/* endpoints require 'mmsadmin' authority, except for /actuator/health +management.endpoints.web.exposure.include=* +#management.endpoints.web.exposure.exclude=configprops,env +# old value +# management.endpoint.health.show-details=when_authorized +management.endpoint.health.show-details=always +management.endpoint.health.roles=mmsadmin + diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties new file mode 100644 index 0000000..c5acb85 --- /dev/null +++ b/src/main/resources/application.properties @@ -0,0 +1,228 @@ +## Auth config +## local admin user will get created if doesn't exist +#mms.admin.username=test +#mms.admin.password=test +#mms.stream.batch.size=100000 +# +##hostnames for services +elasticsearch.host=localhost +#elasticsearch.host=openmbee-elasticsearch.openmbee.svc.cluster.local + spring.datasource.url=jdbc:postgresql://localhost:5432 +#spring.datasource.url=jdbc:postgresql://postgres.openmbee.svc.cluster.local:5432 +# +#change the server url +#spring.main.web-application-type=none +#server.port=5000 +#server.forward-headers-strategy=framework +#server.ssl.enabled=true +###server.ssl.key-alias=yourkeystorealias +#server.ssl.key-store=classpath:mms.p12 +#server.ssl.key-store-password=mms_password +#server.ssl.key-store-type=PKCS12 +#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration +cors.allowed.origins=* +#server.port=5000 +#server.forward-headers-strategy=framework +server.ssl.enabled=true +##server.ssl.key-alias=yourkeystorealias +server.ssl.key-store=classpath:mms.p12 +server.ssl.key-store-password=mms_password +server.ssl.key-store-type=PKCS12 + +# +## jwt issued by mms for logins via /authentication +## jwt.secret=make_me_something_really_long +##grabbed from running the following command +## node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" +##jwt.secret=d8448f7ad828fe0ed27fffd01059fec974464594fc832c5b50a0c9cdd073b8c8 +#jwt.secret=f49cc83d269c46d93b39aa9eb40bdca4b44a5417efa5c7827e992724dc234c59 +#jwt.expiration=86400 +#jwt.header=Authorization +# +## LDAP config +#ldap.provider.base=ou=personnel,dc=dir,dc=domain,dc=com +#ldap.provider.url=ldaps://your-ldap.domain.com/${ldap.provider.base} +## user and pass to connect to ldap, can be empty if ldap server allows anonymous searches +#ldap.provider.userdn= +#ldap.provider.password= +## ldap user dn pattern, {0} will be replaced with username +#ldap.user.dn.pattern=uid={0} +#ldap.user.attributes.username=uid +#ldap.user.attributes.email=mail +## attribute name of the group name +#ldap.group.role.attribute=cn +## to find groups a user belongs to - search base and ldap search filter +#ldap.group.search.base=ou=personnel,dc=dir,dc=domain,dc=com +#ldap.group.search.filter=(&(objectClass=group)(uniqueMember={0})) +# +## RDB config +## if using mysql instead of postgres, comment and uncomment the corresponding properties +### spring.datasource.url=jdbc:postgresql://localhost:5432\ +##spring.datasource.url=jdbc:mysql://localhost:3306 +#spring.datasource.database=mms +#spring.datasource.username=mmsuser +#spring.datasource.password=test1234 +#spring.datasource.driver-class-name=org.postgresql.Driver +##spring.datasource.driver-class-name=com.mysql.jdbc.Driver +#spring.datasource.initialization-mode=never +# +## specifies a prefix for the mms created project db +#rdb.project.prefix=mms +# +## The SQL dialect makes Hibernate generate better SQL for the chosen database +## comment and uncomment postgres/mysql as needed +#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect +##spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialect +##spring.jpa.properties.hibernate.dialect.storage_engine=innodb +## Hibernate ddl auto (create, create-drop, validate, update) +#spring.jpa.hibernate.ddl-auto=update +#spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +#spring.jpa.open-in-view=false +# +#spring.main.allow-bean-definition-overriding=true +#spring.main.allow-circular-references=true +#spring.mvc.pathmatch.matching-strategy=ant_path_matcher +# +### Elasticsearch config +###elasticsearch.host=localhost +##elasticsearch.host= +#elasticsearch.port=9200 +#elasticsearch.http=https +#elasticsearch.limit.result=10000 +#elasticsearch.limit.term=1000 +#elasticsearch.limit.scrollTimeout=1000 +#elasticsearch.limit.get=10000 +#elasticsearch.limit.index=5000 +#elasticsearch.limit.commit=100000 +# +## s3 storage config for artifacts +#s3.endpoint=http://localhost:9000 +#s3.access_key=admintest +#s3.secret_key=admintest +#s3.region=somewhere +## optional if using minio +#s3.bucket=mms +# +## Swagger UI config https://springdoc.org/ +#springdoc.swagger-ui.path=/v3/swagger-ui.html +#springdoc.swagger-ui.operationsSorter=alpha +#springdoc.swagger-ui.tagsSorter=alpha +#springdoc.default-produces-media-type=application/json +#springdoc.swagger-ui.displayOperationId=true +# +## Logbook config https://github.com/zalando/logbook +#logging.level.org.zalando.logbook=TRACE +#logbook.filter.form-request-mode=off +## exclude swagger ui and actuator +#logbook.exclude=/v3/**,/actuator/** +##logbook.write.max-body-size=-1 +#logbook.strategy=without-body +## style can be splunk|http|json|curl +#logbook.format.style=splunk +# +## https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html +## https://www.baeldung.com/spring-boot-health-indicators +## currently all /actuator/* endpoints require 'mmsadmin' authority, except for /actuator/health +#management.endpoints.web.exposure.include=* +##management.endpoints.web.exposure.exclude=configprops,env +## old value +## management.endpoint.health.show-details=when_authorized +#management.endpoint.health.show-details=always +#management.endpoint.health.roles=mmsadmin +# +# See authenticator module for example configuration +mms.admin.username=test +mms.admin.password=test +mms.stream.batch.size=10000 + +jwt.secret=12345678901234567890123456789012 +jwt.expiration=86400 +jwt.header=Authorization + +rdb.project.prefix=mms + +# See ldap module for example configuration +ldap.provider.base=ou=something,dc=openmbee,dc=org +ldap.provider.url=ldaps://ldap.openmbee.org/${ldap.provider.base} +ldap.provider.userdn= +ldap.provider.password= +ldap.user.dn.pattern=uid={0} +ldap.user.attributes.username= +ldap.user.attributes.email= +ldap.group.role.attribute=cn +ldap.group.search.base= +ldap.group.search.filter=uniqueMember={0} + +# See core module for example configuration +#spring.datasource.url=jdbc:postgresql://postgres:5432 +#spring.datasource.url=jdbc:mysql://localhost:3306 +spring.datasource.database=mms +spring.datasource.username=mmsuser +spring.datasource.password=test1234 +spring.datasource.driver-class-name=org.postgresql.Driver +#spring.datasource.driver-class-name=com.mysql.jdbc.Driver +spring.datasource.initialization-mode=never + +# The SQL dialect makes Hibernate generate better SQL for the chosen database +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect +#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialect +#spring.jpa.properties.hibernate.dialect.storage_engine=innodb + +# Hibernate ddl auto (create, create-drop, validate, update) +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.jpa.open-in-view=false + +spring.main.allow-bean-definition-overriding=true +spring.main.allow-circular-references=true +spring.mvc.pathmatch.matching-strategy=ant_path_matcher + +#Configuration for Elasticsearch +#elasticsearch.host=elasticsearch +elasticsearch.port=9200 +elasticsearch.http=https +elasticsearch.index.element=mms +elasticsearch.limit.insert=80 +elasticsearch.limit.result=10000 +elasticsearch.limit.term=1000 +elasticsearch.limit.scrollTimeout=1000 +elasticsearch.limit.get=10000 +elasticsearch.limit.index=5000 + +#Configuration for TWC +#port is for REST interface +#aliases are for clustered usages +twc.instances[0].url=dev-twc-03.domain.com +twc.instances[0].protocol=https +twc.instances[0].port=8111 +twc.instances[0].aliases[0]=dev-twc-02.domain.com +twc.instances[0].aliases[1]=dev-twc-01.domain.com + +s3.endpoint=http://minio:9000 +s3.access_key=admintest +s3.secret_key=admintest +s3.region=somewhere + +springdoc.swagger-ui.path=/v3/swagger-ui.html +#For sorting endpoints alphabetically +springdoc.swagger-ui.operationsSorter=alpha +#For sorting tags alphabetically +springdoc.swagger-ui.tagsSorter=alpha +springdoc.default-produces-media-type=application/json +springdoc.swagger-ui.displayOperationId=true + +logging.level.org.zalando.logbook=TRACE +logbook.filter.form-request-mode=off +#exclude swagger ui and actuator +logbook.strategy=without-body +logbook.exclude=/v3/**,/actuator/** +#logbook.write.max-body-size=-1 +#splunk|http|json|curl +logbook.format.style=splunk + +# https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html +# https://www.baeldung.com/spring-boot-health-indicators +management.endpoints.web.exposure.include=* +#management.endpoints.web.exposure.exclude=configprops,env +management.endpoint.health.show-details=when_authorized +management.endpoint.health.roles=mmsadmin diff --git a/src/main/resources/cert_base64.txt b/src/main/resources/cert_base64.txt new file mode 100644 index 0000000..e928f36 --- /dev/null +++ b/src/main/resources/cert_base64.txt @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUY0ekNDQTh1Z0F3SUJBZ0lVUTZtcFlvcUJ3cE9HOTJCMndNb0txMlVOeUZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZQXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1SWXdGQVlEVlFRSwpEQTFWTGxNZ1IyOTJaWEp0Wlc1ME1Rd3dDZ1lEVlFRTERBTkViMFF4TmpBMEJnTlZCQU1NTFc5d1pXNXRZbVZsCkxtRndjSE11WVhKbGJtRXRkMjl5YTNOd1lXTmxMbTVoZG1GcGNpNXVZWFo1TG0xcGJEQWVGdzB5TXpBNU1qWXcKTkRReE16RmFGdzB5TkRBNU1qVXdORFF4TXpGYU1JR0FNUXN3Q1FZRFZRUUdFd0pCVlRFVE1CRUdBMVVFQ0F3SwpVMjl0WlMxVGRHRjBaVEVXTUJRR0ExVUVDZ3dOVlM1VElFZHZkbVZ5YldWdWRERU1NQW9HQTFVRUN3d0RSRzlFCk1UWXdOQVlEVlFRRERDMXZjR1Z1YldKbFpTNWhjSEJ6TG1GeVpXNWhMWGR2Y210emNHRmpaUzV1WVhaaGFYSXUKYm1GMmVTNXRhV3d3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQ29CcWsxdXlxUwpnVStVd1phaUVqY3BxUFhaWUEwZUpMbWZHUVM4SWJ1WlJzUSswUkpuY3FLQWVEbklzVzRyazZ0cjVhSENxNC8vCmJoOXJGVmZ4TlV3NWlDRVc3MTJuUUFoWWZ4Z0dEeUxXY2s2OC9Hd0l2OEdsWG0ya3ZzL1BFMlRUeENBY1dEdEgKcXZjcDBlcFdQS0M3by81MHQ2dm5jWlpHWWVzeUx3K1A2TEdGbFNsTUtZMEY0aVMxQ0o1VVh1TnpVQVVKMFE0RgpXMFFRTEU5dXFHNlFPcFdoNWhmc1VxUW14TUhxN2lib0xMWkJuVUd2cnpIOTFsd2RSdGxJMjI4L2QyYW9VUGtHCkR3clgreTQ3Zi9JSElCL1plbUd0UmRYSzlraTF3cGN3Y2pWR085YmxFVVgrTDh6dm84ZFJ3Q3hDZkcxUml4cW0KWTZxY2M2REgzRXIwVElIbC92UHBxUGR0bEtsZTRxKzU0YTFiY0hjN0hoS3hldjhJU0xZQ0JjM1FGcGE2R2dQcgo4cFV4WVhRTy85cWZnaGFmcWJHQTB0NVdHYjlGNGdta2pDVGNId3cyakx3NWowZW11UXRXQ2lVcUVRbGk0R3JZCmM0UGpNSElBUC9NVnNjd3ltYWhOd0l5SWJ1Mkt1K0JtNUh3UFNmaXloOXlMM3krZ2hFbUk3UVFHZ2tUdDBuNWQKc1Y3S2g4N2owdSt4WGZuSVIzWGV6NW5kTnRUS0IwaDYzWGVyelQ4MHFNSVNoYWV6VTEwS1ZNeWIrMUpBU3ZCRApqTFZLM1l5a2RnM3Rqcm1kUFkvcTR2TnFMMjdMSit1V05tWGFTb2x4OVlqN3JzNFpvVktpV1VHQ3kxYzFsQ2ZICjUrTXV0VWplSmY5bWhxUk1rSGk3NUVoL21oL0dJcW95Z1FJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVVM4S0QKSVo5M09HY2xRbjZaTlpkTGU5bW5HTW93SHdZRFZSMGpCQmd3Rm9BVVM4S0RJWjkzT0djbFFuNlpOWmRMZTltbgpHTW93RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBZXlGUHlDVGtHY1pNCnEwbHlLWnRrZkZvWDl5NW1pZ1FKRC82YkR4NjRwS3lXZmpCcTIxUzBiYlh2Y3JTVTh2Z1NtbzRnOTdWK05YQW4KZVhuRzMxcGxmaGZjVHNPS3ZzS0lQeHl0VUdSMTVPNERCUXdHbnlCcnc4Tkw5d1RxNkkxR09MNUVZazVIQVZpKwpKaDVpZXg3U2J2K0txVE8rbFA3ekdqelVoMEowSURSSlpFYW5xU2EvU29lUEdjUXZoeFBBanU5SXoyeTdBcGZGCmNsWE5ra1RHdC83ZE9KUXl5SGMrRTZTd1N2TGhXMXBlaWxmb3VVbUZpTjRZd1F1U3V2RmdSdTVGdWFoTGxkUTkKbnArNmVaRVJsR0JpWmlpV2xtUWJHS0hHTllKV1VWRGU2S1NGSUo3Y2Vub3NFcDdzNllwSUlEcHVIbnhNUEJYQQpPangzMnEvSHdzUU00UzhxTUprS05mZ3A5eUlqV3ppOHpjZVUwWFNla01mUG5VNjNxYVlJTHYwSXJ2QUM2a2NtCjdQYXBPOElTaVE5UGhqL3d4VENnMTAvTkttVVRMNXJleFJHM0NyWFJOSUN5UG55dGowNWZwK0tLcHdWWUhWcmYKNjNsZnl3MzFiWjhZVFQvR29BTEZKUW1qZW82ZWNpK1doQkFYaDdFS3FMTVlJL1ZWUG1HRWc4a2tpM2V2bklZUApsYVVkN0FzOVc5Y2kwTTk2QUlzZEdNdmlCeTRJYTBKQ1I2MHZTaGhxV1ZLOXRRTEVVQnNZT2xzV01iWDFLR3R1CkF6YVZTYXFRZktsVmRoZFdQSm5sMlMwUmRvOXpUQitMY1JqUWhLYnVabXUwTmIvdTNhNms5TnpsVkJibmhRdU8Kbmxhc0lSVFBDK1l2Y2o1RjdYQ0FQNW9aV1FEZmFjcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/src/main/resources/key_base64.txt b/src/main/resources/key_base64.txt new file mode 100644 index 0000000..5b2c47c --- /dev/null +++ b/src/main/resources/key_base64.txt @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUlKbkRCT0Jna3Foa2lHOXcwQkJRMHdRVEFwQmdrcWhraUc5dzBCQlF3d0hBUUl4UDV1WllhSzFsRUNBZ2dBCk1Bd0dDQ3FHU0liM0RRSUpCUUF3RkFZSUtvWklodmNOQXdjRUNHN2VJcHJNT1VVU0JJSUpTQzR0dFYxT0kyMnMKSmdmc2xxbzVOZjN5ZjJnK1VRcEdaMTVCZmU2b2xRbGdGRG01MENBYXM1cGxSR0tlRHZqdWh4ZG5xTVE2Vk5qbgo4K3JNUkhKLzJidFROUzJXeVlUYmIvdFNaRHF4MnZCUHMrNlBRR3pCaFRkNDRZN3BrRG1nUEZNUHdJOEZBSlhNCkxJNnlYZkh3QTcwdE9nM1MyRmVqLzBGcmFlUFdJSWxhb21RdVFNZjRXYzF4TTNHalJTa0MvTXNrdURzRlZCT0wKUWxXNSt4dlZINTQzdXZCT2UrbjBDSTRzUi9laDJ5TUtiQnFJMkU5WVpITUtUd2g5SU1NTHg1UnpFcXkrZll2TgpkMGtFUE8vWjhSU0djTGRrUUJUdUkrNFNzcG9iMEdrQUtPWXVNOURCbS9WTmxTcm5ndkdjeC82R1JJNW5QNU4zCm5kNE80c2NMQTJoZk51NmlPVllSeGpEOVhGS0pndGVPN3cvU2JVUU1OU0REN3MrLzArTDNUb3lVVlE3aDY4NUkKbjlManZkZTZtOHVnQ2tzeDhjS2R1SkNZUUJqYUh0MW1iY2V0dlNXUk1SZHJGeUFha0tzYU02azVOK00veTRBNQphWExtWEszRHg4RENtUmtrMWJ3a2c2ZnNxWVdnTU5TZ0tiM0M4Ym1Fajh1c3BHQjRKdGVTVUVHUFJEMHN4YlZXClhzeVlJMmo4MWpBV0loSXVqZzJCWURnakNQVDl4N3lSWFdOR2t1a01BSElTM2I0VEhTU1RHR2NRenUybHdLRXcKWGJwdEtucjI4UENoUkJ3Mm1qM1UvQmlJTnVvYk1UQzkwaWp4S3BEdHg3SS8rNG93MEdvTGZ3V2lyTzVtUVkxMQoxcXFzdjJOandYdlIyOUpRVTBPeGVYSnN2VklWdkxNYXoyZTAwODY2UERreGdBek9VaEM1bC9uYU01dUczRlBZClB3cGJyR2FzVWR6aDFDdmJkK2w5Z0ZsY0k3SElXcVZndU1udDJkWVkvRHhRMW1JdmYvejVxOEtiSm9JVTFhQmkKdGE4WUFYMDNXdzZVRGErd0VwR1pQbUc0aHFsM0xFTTZoYnpsU29KVjlTV0pSb1hvTWFub3V6bHJBdVBDUWlKbQpGeFZqRmRXNXM5MzJqWC8rU3hrWUlvaTlkZHh1L0gwblIxMUFDMksxRlFlQzZkMk1JbDRYdGVBMTV0VlJGblFmCnR1NkZXVU1lVnZWMWQ0cnBpMjFDM0JubDVwYmZoSHIrcDFwMVVjc2k0bzIyVUl0c21IUG12L0dUK2xvZFh6Sy8KY2htKzhaam1VT1JnMjJoVmxRZDg3NUo4dFRKbklDelRYWmxiWXNUdTczeFFhSFJLTm15YVZyNkxncXZwRXErdwozeHZaNFJuNFFhNTJwUlF2bURVWXVrOURneTdSUXh1U3JCRWRTNGc5SVN0VkUzeTEwOXk2L05oS21raUpTNWhUCjBVeGc1S3JZekowUXJZNks4RU1DUG9VSFBaZ3RYRmNkUDFpbkQvajNSNlFqdGFQL25yYXhBeThOcnVIYlFoREMKOTJtcDluZU5hN3c0Q1VIN0lFOWhTTU9VWkpQZnRZWUpxY0V4ekY2MmdvSlZBTGh3WkdySC9NWk1MRnhYbW91eApwZk94KzQ3ZUpCOGtKUDJZVGRLL2g0cVpjcUNMeGxTNUt2RmdHT0ttUVpCNThZMEt5MHNqc0crZ3lYRXNicFhJCjY3ZFRvemExR0pnWVJONzAxcUlyUWxQMk1uS3lKUmc0UEdhV2RrTTNUMGl2eHZ5akNtZXdWRHNsUXZ5SDN1OGoKeGhFSHFSTjYvaFl0aFA1cnV3YXBvcVhMeEpnRzJuTGhwT2pCZjB4Y3dMV3U5T0ZMY08zMmlQS1hvdXg3M2VMOQpucC9qTzlmVisyZnl4Y2tVd21zUlVHSE4rUHh1QklGVUpoUGZFT3FnV3hMb3orUmZhQ0dWZnJOUHJONkYvSXpYCkI1YSs4dFBuY05wUW5QK1dsVFFYMDAwSnNVM29vckJVVThVV2RpTll4Vm1hZGloMWtib1owODBEUEZPWUtlaGcKcURsQ2sxV3o4WDVuMk1wQy8wVmxSTFVyMWRHMEhNNVZCMEVlZFF0UVF6RDd6NlUvYjQ5TUw5SmZtOHg2YWUrTQpBbFc0OEQ5TmtqeWtmemdBUGhVa2lxNVdSWEt1RXBNcStDSUtsb09RblVKS0pYTEJndWZpS3pBV2R5VHh1QmI3CkNzMzlDVGR0bmllREI2eEl0Y2txaWdpc21oV1dhYWhpb2Vtbk9hNm9NOENlVnZ0a01zb3RXSDBTdGZwK3NOY3QKQUFOVjV6dEY2SlYwTWh3T1REZlhmK2wxdFZkUlA5c0tUb1QwYnIweFJIcDQvdXRhajlKTTBFa1NKOGFBYlVicQpDZXhXc2JwZEFWL0E2cXltaTJ4c1RmNlhKcitienRqaXpNVURuc1NrdXJWNk9jaXkybmxyZC9tb3VrcVFLb2NBCjFDV0xORWo1d2pxVDBOdnpsRXNYVEk1czU3VFZNYVc1SG5ReC84LzNjb01aQVlkSEZjVEJoaDlGVWVNbnlFVUkKWnRaL1VYY0lPY1A0cVlNT3R6Q2RGNE56b0xzMUgxekxDd0ozV3NpMFBSOTR2dUhaUkI0a0xSL0syNGZ6UHBOVApnZEJENCtiT0Jwdjl0TTU4NE5QVHc4R3VJZ3JIOTZqMzgydUx6U3dZeGtnNlBtNWp0WnZXb0xuMm9VeEt6OVh4CmdFRENWTUZIbUdNRHZSekhwOENXV2MwQUlobmo1Z3FteVRwbFc0dGh4MmN1N0pTSStLOUxxOXR6VkRwdzR3djgKc2hxKzZqUHBKNlNlbmIwaFhHYkYrd25SM3ZFbTRvWHFwK3NPUGh2RDdLQkMyWHBQdXkzeTdDUUl5S0V1aXFYUwpWNDRWQVFWWVc2cjNpQWtaYXNLL1hRZnZ4WXJVK2VOWTBORDY2SERXVXAyR05kOVhSRGpTR0lYd05OL0R2N0NvCitJSlpmRlloYmhXazN0OVZaQnUvWDk0MzdKZmRhdFV0b3F2NVY1c2pwZGp5RzUzc04wd21BZXo2R1dsWmwxK2oKR3NZeUxCUjNDbko0K09aNDRBZTBtZVhoaXYwVEUvZUNKQi91UGttb0hVRFhHbEJJVU1wVjVyWWkxWEJBYWxqUwpUcEFuY0RuaTJiZGF3cWJkc254WHl4anBoKzJHendOZDRCbmRoNEx5elZCL0o0U1E2ckRGY2tEWjE4Q25vOXEzCnc4WkZJVUIrOG13emdJSXJBb0t5NWwwWHI1LzhwOUpNeHpYaGNPdnM1dVRtTFppNjVsVUdnc2xsMzNhc1JxWDAKa085S3R1UUppL3JqYm5lbTMxRVZ4NkZtOWlYdXVIRXV5Qm11N1R1OXhsRDNzQTRraUw5Z3NYTWpIUHZ5ZzdnYQovOUlTbUJoOVlyRnlnVlpCb2hhemVDL1JTNmtvRWw5TkkxNzVkTThNRklraG91Y2UrUDE3U3VNakc5azBqODBUCkdrTnhiWHdHZ0NEUU5HbjBWYXZyNmlaKzJjR2pXdEUrUWpJS0JNS09EYXRVcGh5b2h3aTdoZWVpTlJGUGdDQ3QKVC9ZZjJpcTQ5bWtFSTF3MXZ3S05CcjdYN09kVWYzR0pLNDZodU1TblFVcjljcm1DUW9PdXJQd21FUXQ3Q1RTTwpaSWVxc21NMlNOcDQ0S1dyaWx6V2wvNnJWTWlReGlGSHZTMGV6T0dPQlZIUG4rV0d6bUhTYWI0ZytNa1BkZk5rCllpVHI3cUwvTE1zdHlHSW5IYnVSd2JJbE5CelRZdWRzbWZPaTFPUnhSdzlyc2RRQ0hSK2s3ckd0UUJIK3BUTWkKY0lwUG1OQk5pWVZaS3JqaU0yYnZEL3ozUW1YeFZPWVBvZ1FjbGNEOUlPdmxyOE9UMm1PcTlvbVJtdmhVQWNkVApyNkk5Mzd0bTRyQkZra2ZHc0Y1cVNBbU84aDUrd3Y0MnJoMmgzMWJSeDlCWmtiZFgxU3dqcXZFQkNPR1ZNWkVLCmc1UVp0bC9jN1hYSzh0T01pQzB3V3lxb1EweDJmZk5VdjJXMlBmWkRBUGRnaGdqYmMwNDB2WTJnNXk3dkQyWkMKMjBISTA2TFJyY3UzL3BZbXBhcjBFQmVwNTIwdE5wQzZPSTN5RGZZRjl4cjlpM0tVeGFRU29WTEFwamI4SzAxNApKdnpiSEFua1F0TzFybitrdkdDUmpBPT0KLS0tLS1FTkQgRU5DUllQVEVEIFBSSVZBVEUgS0VZLS0tLS0K diff --git a/src/main/resources/mms.p12 b/src/main/resources/mms.p12 new file mode 100644 index 0000000000000000000000000000000000000000..56ad7d4ad8a700befd018058fe29fcdb242234e0 GIT binary patch literal 2742 zcma);X*d*&7RP7CjAd+-p|M0LyEJy9$i8GumNATKWE*73&}5A%LnCX1q7)5@Q1+d& zy|zdhlr6FoV~HBx?sM~aIy zfVpI-6_^Y)|Ba22WJvLUNst^c8ItuIr~i%=R?h!SaY2EgTrx!eH`GOX{F#7oBOQ@i z|CC%v1u*|sc9&p7Nf$FUYpAi_E%9}bnvNF;Bm)Bh#gSaB?El^f;(!2ww7bfQun3bZRsRl z_jA3@?HFj)Jx*pBX^lOXU5GXNNFj(e4!cA4yw{o?BBz1O7b_tR!EgMoN9G z$+(ovUhW`4*u$Xe-30JXpA5}5`Mbo;OAWNxjc_U5a@O2-%~8HBc3hrsX4S*dteU8t z4|Y7)d=JJ5LMIS?(Fcl2wu~rt#DvB8=}!#u4CZ@7c?SQ2+Z&VCpD=LGu4>L2sfl;u zmDfMH&bQTv74x5F#G(e@371<1vNBtv^y#&z)u58^EZh_dxKE(7c?LJvh&wihonEPI zJ~F_fw^wGlJ^j^r&{xKJL5BBo)6NA_oO74UIyC4>PK7w;{vaFak-hj5x_v#p$=A7g zy~3eh%s)0n+W@Ycv#uC?r<{)U7RIrwea#Di*aoxAPVIV)ptcQb+1!5A4~(8!r&LGr zU2nOwkDeQlDlM_*O*&~DVrO!xjm*}I2`?>9FzFnrE3M%zQP(N_rafY7EAlErz$N7y zd)4J3lh97Pb&~zVbg%Qc;cPm*pq#r<1H5L(B`^=ZR^8-d+z#f zjEaiW*iBudqYiUo$Hx8|UIKOhHPsz$X@v!=x;%#;Ibx|UtJ2hQR!n4-Scr{N_xaXz ziKOD?Ju2pRs#WLJu?|;3C!14=Z{9q+dY6DJy?p7F&@KP!fZYdV=kR`vbVuLdvGFU! z4545^w&{IGTMQ)yBhKTp8CO8NK3zC7TfUgvWd;+7xaM_YxFi3)=0Sbs$HVlsIeh!E zu86ePxy@G$qF-`LNrXC-`ekl?UH^34Z|-MTX&_a~=j$}_zV%6f=DCxZS+D02LPjJH zLSV|uLTXTMX{?O-3UF4pzcSYTP}TBJa65#iap^4!fgn!sc2=9*iQv3 z&S_iYt%iJiUTX-^VdtxZ=r{lp@!aPir6$OElC^RReS`0$(%B8rTtPweGOp2APd{_> z?64gFFUV4E_o#dUKb%Tqo(x%`1z=yi-td8Kgn&kB;XK*t;W7XRL|tNk9;0lE-IW|& zmhPVvlaA4!_6_D{V)Rs#F-^f3!7IgDv6JrAh(=zWYw;8jgKaA8GEnaKiL7-UsoA@0 z)T%sl8jzLovrb$I+fxG=M7 zSdUcq)f!3h`7iRL_|y^U{wp^}RJfFH2?{ZAMaS4pQn=l<5@?p8&+??jV`{;V|i({ z1K}~M?~wf$+_Fq08?K=`q&T?Wnw5=bGx#2aaW}WQz2DDL5ERam7kC?u_I~zFF48Nw zIL0){L~Hh`uQP?Kmq^~CF-js7*SCI1!Y+}vtk}jDV`eEk_V}!RtvW+p$cZWuuh*5@ zV9;#2!-)90gr47vCz*PF@0{e*JR4%ehFeRN8vVi{9dP)zs}7I%#X%W+xuv~ZxA#BCQdZzE8 z#caxZ$x6gqCspJbX>Y?2)-ak1!L_P#inHv9dBeg%SejTo8fT+_;3Yq~kYxm)rsG=t zZ)zGIl+pQF8_czqC&mve!xc(_ry**wE~g9v0g3f{J;O<97B%G_&DC;liyzC2X2v@= zw+Z;bYbmob(@&je$`5BAAdDHI(2EP2jN5Tqg}qAKQ^iC_ZmY7*{FfU(dV3ai-?j2o zHc4^(BSA^yVmF+399h!gAFF>Yra?RFY(EZ?wC&sG2a78| z7CIk=n?lSN=C3;tx7oI_rbCx00=Yj%{XM9yj7PAb_WWDZ_yARR!jH$xo=8~IGT3Rm z_F%QoOidOxAi{($#m2ecq&?cUSe%a`tk%oG_d;$c$_gfA_P*M6Bzku&pxz6(g~FC3`9*x zhQ@i@o}g7sbprnq0&>|Js@Ha$59S(ab~3tpGYi`vcv3%oNO@ b<~A Date: Thu, 7 Dec 2023 15:25:05 -0500 Subject: [PATCH 2/7] Added OpenShift Resource Files to openshift-resources directory --- openshift-resources/dev/deploymentConfig.yml | 0 openshift-resources/dev/pipeline.yml | 17 ----------------- openshift-resources/dev/service.yml | 14 -------------- openshift-resources/stage/deploymentConfig.yml | 0 openshift-resources/stage/pipeline.yml | 0 openshift-resources/stage/service.yml | 0 6 files changed, 31 deletions(-) create mode 100644 openshift-resources/dev/deploymentConfig.yml create mode 100644 openshift-resources/stage/deploymentConfig.yml create mode 100644 openshift-resources/stage/pipeline.yml create mode 100644 openshift-resources/stage/service.yml diff --git a/openshift-resources/dev/deploymentConfig.yml b/openshift-resources/dev/deploymentConfig.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/dev/pipeline.yml b/openshift-resources/dev/pipeline.yml index 21e435a..e69de29 100644 --- a/openshift-resources/dev/pipeline.yml +++ b/openshift-resources/dev/pipeline.yml @@ -1,17 +0,0 @@ ---- -apimmsrsion: v1 -kind: "BuildConfig" -metadata: - name: "openmbee-mms-pipeline" -spec: - completionDeadlineSeconds: 1800 - source: - git: - ref: "master" - uri: "ssh://alm-internal.navair.navy.mil/tfs/72_ALM/Sys_Dev/_git/openmbee-mms" - contextDir: "openmbee" - sourceSecret: - name: "tfs-pull-secret" - strategy: - jenkinsPipelineStrategy: - jenkinsfilePath: Jenkinsfile diff --git a/openshift-resources/dev/service.yml b/openshift-resources/dev/service.yml index ad31088..e69de29 100644 --- a/openshift-resources/dev/service.yml +++ b/openshift-resources/dev/service.yml @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: "Service" -metadata: - name: "openmbee-mms" - annotations: - description: "Exposes and load balances the application pods" -spec: - ports: - - name: "openmbee-mms-port" - port: 5000 - targetPort: 5000 - selector: - name: "openmbee" diff --git a/openshift-resources/stage/deploymentConfig.yml b/openshift-resources/stage/deploymentConfig.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/stage/pipeline.yml b/openshift-resources/stage/pipeline.yml new file mode 100644 index 0000000..e69de29 diff --git a/openshift-resources/stage/service.yml b/openshift-resources/stage/service.yml new file mode 100644 index 0000000..e69de29 From 2b96dc0b068d7ac383efd31acca331fa4a765945 Mon Sep 17 00:00:00 2001 From: mrbrandonarnold Date: Mon, 12 Feb 2024 15:27:48 -0500 Subject: [PATCH 3/7] Cleaned openshift resources --- .gitlab-ci.yml | 16 ++++++++-------- Dockerfile | 14 +++++++------- appsettings.json | 4 ++-- download_certificates.sh | 8 ++++---- openshift-resources/dev/build.yml | 4 ++-- openshift-resources/dev/deployment.yml | 2 +- openshift-resources/dev/psql-deployment.yml | 2 +- .../deploymentconfig-openmbee-elasticsearch.yaml | 2 +- .../deploymentconfig-openmbee-mms.yaml | 2 +- .../deploymentconfig-openmbee-ve (4).yaml | 2 +- .../deploymentconfig-postgres.yaml | 2 +- .../openshift-output/routes/route-mbee-mms.yaml | 6 +++--- .../openshift-output/routes/route-mbee-ve.yaml | 6 +++--- .../mms/mmsri/config/SecurityConfig.java | 6 +++--- 14 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3aa75e2..d712a9b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,13 +14,13 @@ stages: - deploy build: - image: registry-cli-docker.wseasttest.navair.navy.mil:5001/docker:20.10.1 + image: URIHERE/docker:20.10.1 services: - name: docker:20.10.1-dind command: - /bin/sh - -c - - apk update && apk add ca-certificates wget && wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt/ -P /usr/local/share/ca-certificates && update-ca-certificates --fresh > /dev/null && dockerd-entrypoint.sh --insecure-registry=registry-cli-docker.wseasttest.navair.navy.mil:5000 --insecure-registry=registry-cli-docker.wseasttest.navair.navy.mil:5001 --debug || exit + - apk update && apk add ca-certificates wget && wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/wcf/latest/crt/ -P /usr/local/share/ca-certificates && update-ca-certificates --fresh > /dev/null && dockerd-entrypoint.sh --insecure-registry=URIHERE --insecure-registry=URIHERE --debug || exit stage: build tags: - dind @@ -38,13 +38,13 @@ build: - apk -U upgrade - docker info script: - - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD registry-cli-docker.wseasttest.navair.navy.mil:5000 - - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD registry-cli-docker.wseasttest.navair.navy.mil:5001 - - docker build -f $DOCKERFILE_PATH --build-arg NEXUS_USERNAME=$NEXUS_USERNAME --build-arg NEXUS_PASSWORD=$NEXUS_PASSWORD -t registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG . - - docker push registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG + - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD URIHERE + - docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD URIHERE + - docker build -f $DOCKERFILE_PATH --build-arg NEXUS_USERNAME=$NEXUS_USERNAME --build-arg NEXUS_PASSWORD=$NEXUS_PASSWORD -t URIHERE/$NEXUS_NAMESPACE/$SELECTOR:$TAG . + - docker push URIHERE/$NEXUS_NAMESPACE/$SELECTOR:$TAG deploy: - image: registry-cli-docker.wseasttest.navair.navy.mil:5001/openshift/origin-cli:v3.11 + image: URIHERE/openshift/origin-cli:v3.11 stage: deploy tags: - dind @@ -71,7 +71,7 @@ deploy: - oc login $OC_URL --token=$OC_TOKEN --insecure-skip-tls-verify - oc project $OC_PROJECT - | - OC_PATCH_STATUS=$(oc patch deploymentconfig $SELECTOR -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$SELECTOR\",\"image\": \"registry-cli-docker.wseasttest.navair.navy.mil:5000/$NEXUS_NAMESPACE/$SELECTOR:$TAG\"}]}}}}") + OC_PATCH_STATUS=$(oc patch deploymentconfig $SELECTOR -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$SELECTOR\",\"image\": \"URIHERE/$NEXUS_NAMESPACE/$SELECTOR:$TAG\"}]}}}}") - echo $OC_PATCH_STATUS - | if [[ "$OC_PATCH_STATUS" == *"not patched" ]]; then diff --git a/Dockerfile b/Dockerfile index 67fd2e2..8eaffa3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM registry-cli-docker.wseasttest.navair.navy.mil:5001/buildpack-deps:bullseye AS config +FROM URIHERE/buildpack-deps:bullseye AS config ARG NEXUS_USERNAME ARG NEXUS_PASSWORD @@ -11,8 +11,8 @@ RUN echo -e "${BLUE_TEXT}}First Stage Build${RESET_TEXT}" # Download certificates using wget RUN echo -e "${YELLOW_TEXT}Downloading certificates from using wget${RESET_TEXT}" -RUN wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF -RUN wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/dod/latest/ -P /usr/local/share/ca-certificates/WCF +RUN wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF +RUN wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/dod/latest/ -P /usr/local/share/ca-certificates/WCF # Update ca-certificates RUN echo -e "${YELLOW_TEXT}Updating ca-certificates${RESET_TEXT}" @@ -20,18 +20,18 @@ RUN update-ca-certificates # Grabs MAVEN proxy RUN mkdir -p /root/.m2 -RUN wget --no-check-certificate -O /root/.m2/settings.xml https://wcf-serve.apps.arena-workspace.navair.navy.mil/config/maven/settings.xml +RUN wget --no-check-certificate -O /root/.m2/settings.xml URIHERE/config/maven/settings.xml RUN echo -e "${YELLOW_TEXT}Updating Maven settings.xml with NEXUS credentials${RESET_TEXT}" RUN sed -i.bak "s/nexus_username<\/username>/$NEXUS_USERNAME<\/username>/g" /root/.m2/settings.xml RUN sed -i.bak "s/nexus_password<\/password>/$NEXUS_PASSWORD<\/password>/g" /root/.m2/settings.xml # Grabs alpine proxy -RUN wget --no-check-certificate -O /usr/local/share/repositories https://wcf-serve.apps.arena-workspace.navair.navy.mil/config/alpine/alpine_16-sources.list +RUN wget --no-check-certificate -O /usr/local/share/repositories URIHERE//config/alpine/alpine_16-sources.list RUN sed -i "s//$NEXUS_USERNAME/g" /usr/local/share/repositories RUN sed -i "s//$NEXUS_PASSWORD/g" /usr/local/share/repositories # Use a base image that includes the necessary tools (e.g., curl, unzip) -FROM registry-cli-docker.wseasttest.navair.navy.mil:5001/amazoncorretto:17-alpine-jdk AS build +FROM URIHERE/amazoncorretto:17-alpine-jdk AS build ENV YELLOW_TEXT='\033[33m' ENV BLUE_TEXT='\033[34m' @@ -94,7 +94,7 @@ RUN ls -lah # NOT NEEDED UNLESS WE USE MAVEN # RUN mvn clean package -FROM registry-cli-docker.wseasttest.navair.navy.mil:5001/amazoncorretto:17-alpine-jdk as app_runner +FROM URIHERE/amazoncorretto:17-alpine-jdk as app_runner ENV YELLOW_TEXT='\033[33m' ENV BLUE_TEXT='\033[34m' diff --git a/appsettings.json b/appsettings.json index 6f14912..135416d 100644 --- a/appsettings.json +++ b/appsettings.json @@ -1,9 +1,9 @@ { "Jwt": { - "Authority": "https://auth.apps.arena-workspace.navair.navy.mil/auth/realms/navair", + "Authority": "", "Audience": "openmbee" }, "ConnectionStrings": { - "OpenMbeeDb": "server=localhost;database=openmbee;user=sa;password=Your_password123" + "OpenMbeeDb": "server=localhost;database=openmbee;user=sa;password=###" } } \ No newline at end of file diff --git a/download_certificates.sh b/download_certificates.sh index 19b0853..a205aaa 100644 --- a/download_certificates.sh +++ b/download_certificates.sh @@ -14,13 +14,13 @@ function catch { # Run your commands within the try-catch block # Wget commands -# try wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF || catch "wget command failed" -# try wget --no-check-certificate -r -np -nd -R "index.html*" https://wcf-serve.apps.arena-workspace.navair.navy.mil/dod/latest/ -P /usr/local/share/ca-certificates/WCF || catch "wget command failed" +# try wget --no-check-certificate -r -np -nd -R "index.html*" /wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF || catch "wget command failed" +# try wget --no-check-certificate -r -np -nd -R "index.html*" /dod/latest/ -P /usr/local/share/ca-certificates/WCF || catch "wget command failed" # Curl and unzip commands -try curl -L -o /usr/local/share/ca-certificates/WCF/crt.zip https://wcf-serve.apps.arena-workspace.navair.navy.mil/wcf/latest/crt.zip || catch "curl command failed" +try curl -L -o /usr/local/share/ca-certificates/WCF/crt.zip /wcf/latest/crt.zip || catch "curl command failed" try unzip -o /usr/local/share/ca-certificates/WCF/crt.zip -d /usr/local/share/ca-certificates/WCF || catch "unzip command failed" -try curl -L -o /usr/local/share/ca-certificates/WCF/dod.zip https://wcf-serve.apps.arena-workspace.navair.navy.mil/dod/latest/dod.zip || catch "curl command failed" +try curl -L -o /usr/local/share/ca-certificates/WCF/dod.zip /dod/latest/dod.zip || catch "curl command failed" try unzip -o /usr/local/share/ca-certificates/WCF/dod.zip -d /usr/local/share/ca-certificates/WCF || catch "unzip failed" echo "Commands executed successfully" diff --git a/openshift-resources/dev/build.yml b/openshift-resources/dev/build.yml index ad5dbab..e123049 100644 --- a/openshift-resources/dev/build.yml +++ b/openshift-resources/dev/build.yml @@ -14,7 +14,7 @@ spec: type: "Git" git: ref: "master" - uri: "ssh://alm-internal.navair.navy.mil/tfs/72_ALM/Sys_Dev/_git/openmbee-mms" + uri: "" contextDir: "openmbee" sourceSecret: name: "tfs-pull-secret" @@ -49,7 +49,7 @@ spec: output: to: kind: "DockerImage" - name: "registry-cli-docker.wseasttest.navair.navy.mil:5000/722sysdev/openmbee-mms:latest" + name: "" pushSecret: name: "nexus-repo-docker-registry" postCommit: diff --git a/openshift-resources/dev/deployment.yml b/openshift-resources/dev/deployment.yml index b79a7a7..f5baa58 100644 --- a/openshift-resources/dev/deployment.yml +++ b/openshift-resources/dev/deployment.yml @@ -26,7 +26,7 @@ spec: - name: ASPNETCORE_URLS value: http://*:5000 name: "openmbee-mms" - image: "registry-cli-docker.wseasttest.navair.navy.mil:5000/722sysdev/openmbee-mms:latest" + image: "" imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/openshift-resources/dev/psql-deployment.yml b/openshift-resources/dev/psql-deployment.yml index 82965eb..f4d8a2a 100644 --- a/openshift-resources/dev/psql-deployment.yml +++ b/openshift-resources/dev/psql-deployment.yml @@ -25,7 +25,7 @@ spec: secretKeyRef: key: database-password name: "postgres" - image: "registry-cli-docker.wseasttest.navair.navy.mil:5000/emergingtech/postgres:11-alpine" + image: "" imagePullPolicy: Always name: postgres ports: diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml index 03097e9..940770a 100644 --- a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-elasticsearch.yaml @@ -180,7 +180,7 @@ spec: containers: - name: openmbee-elasticsearch image: >- - registry-cli-docker.wseasttest.navair.navy.mil:5000/openmbee/openmbee-elasticsearch:latest + ports: - containerPort: 9200 protocol: TCP diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml index f67078c..54f29c9 100644 --- a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-mms.yaml @@ -203,7 +203,7 @@ spec: - secretRef: name: nexus-repo-docker-registry image: >- - registry-cli-docker.wseasttest.navair.navy.mil:5000/openmbee/openmbee-mms:latest + restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml index ce0b983..e2f3103 100644 --- a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-openmbee-ve (4).yaml @@ -148,7 +148,7 @@ spec: containers: - name: openmbee-ve image: >- - registry-cli-docker.wseasttest.navair.navy.mil:5000/openmbee/openmbee-ve:VE-VERSION-4.0.2 + ports: - containerPort: 8080 protocol: TCP diff --git a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml index 31e2299..c932a51 100644 --- a/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml +++ b/openshift-resources/openshift-output/deployment-configs/deploymentconfig-postgres.yaml @@ -194,7 +194,7 @@ spec: mountPath: /var/opt/postgres terminationMessagePolicy: File image: >- - registry-cli-docker.wseasttest.navair.navy.mil:5000/emergingtech/postgresql-10-rhel7:1 + restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst diff --git a/openshift-resources/openshift-output/routes/route-mbee-mms.yaml b/openshift-resources/openshift-output/routes/route-mbee-mms.yaml index 9ee3526..860f5df 100644 --- a/openshift-resources/openshift-output/routes/route-mbee-mms.yaml +++ b/openshift-resources/openshift-output/routes/route-mbee-mms.yaml @@ -36,7 +36,7 @@ metadata: 'f:ingress': {} subresource: status spec: - host: mbee-mms.navair.navy.mil + host: to: kind: Service name: openmbee-mms @@ -48,11 +48,11 @@ spec: wildcardPolicy: None status: ingress: - - host: mbee-mms.navair.navy.mil + - host: routerName: default conditions: - type: Admitted status: 'True' lastTransitionTime: '2023-09-25T20:50:46Z' wildcardPolicy: None - routerCanonicalHostname: router-default.apps.arena-workspace.navair.navy.mil + routerCanonicalHostname: diff --git a/openshift-resources/openshift-output/routes/route-mbee-ve.yaml b/openshift-resources/openshift-output/routes/route-mbee-ve.yaml index cc6f801..ffcf903 100644 --- a/openshift-resources/openshift-output/routes/route-mbee-ve.yaml +++ b/openshift-resources/openshift-output/routes/route-mbee-ve.yaml @@ -36,7 +36,7 @@ metadata: 'f:ingress': {} subresource: status spec: - host: mbee.navair.navy.mil + host: to: kind: Service name: openmbee-ve-svc @@ -48,11 +48,11 @@ spec: wildcardPolicy: None status: ingress: - - host: mbee.navair.navy.mil + - host: routerName: default conditions: - type: Admitted status: 'True' lastTransitionTime: '2023-09-25T20:50:14Z' wildcardPolicy: None - routerCanonicalHostname: router-default.apps.arena-workspace.navair.navy.mil + routerCanonicalHostname: diff --git a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java index 4b0477e..cf24471 100644 --- a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java +++ b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java @@ -81,7 +81,7 @@ public void addCorsMappings(CorsRegistry registry) { .maxAge(3600L) .allowedOriginPatterns(allowedOrigins.split(",")); // registry.addMapping("/**") -// .allowedOrigins("https://openmbee-mms.apps.arena-workspace.navair.navy.mil") // Point this to your frontend's domain +// .allowedOrigins("###") // Point this to your frontend's domain // .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") // .allowedHeaders("Authorization", "Content-Type", "Cache-Control") // .allowCredentials(true); @@ -188,8 +188,8 @@ public void configureContentNegotiation(ContentNegotiationConfigurer configurer) //// for(String origin: allowedOrigins.split(",")) { //// config.addAllowedOrigin(origin); //// } -// config.addAllowedOrigin("openmbee.apps.arena-workspace.navair.navy.mil"); -// config.addAllowedOrigin("openmbee-mms.apps.arena-workspace.navair.navy.mil"); +// config.addAllowedOrigin("###"); +// config.addAllowedOrigin("###"); // config.addAllowedHeader(ORIGIN); // config.addAllowedHeader(CONTENT_TYPE); // config.addAllowedHeader(ACCEPT); From 49c8e53ca1229d66a2db99da086a81534f6a4b04 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 27 Feb 2024 10:45:09 -0800 Subject: [PATCH 4/7] Moving some resources into openshift-resources directory --- Notes.MD => openshift-resources/Notes.MD | 0 appsettings.json => openshift-resources/appsettings.json | 0 certs.sh => openshift-resources/certs.sh | 0 .../download_certificates.sh | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename Notes.MD => openshift-resources/Notes.MD (100%) rename appsettings.json => openshift-resources/appsettings.json (100%) rename certs.sh => openshift-resources/certs.sh (100%) rename download_certificates.sh => openshift-resources/download_certificates.sh (100%) diff --git a/Notes.MD b/openshift-resources/Notes.MD similarity index 100% rename from Notes.MD rename to openshift-resources/Notes.MD diff --git a/appsettings.json b/openshift-resources/appsettings.json similarity index 100% rename from appsettings.json rename to openshift-resources/appsettings.json diff --git a/certs.sh b/openshift-resources/certs.sh similarity index 100% rename from certs.sh rename to openshift-resources/certs.sh diff --git a/download_certificates.sh b/openshift-resources/download_certificates.sh similarity index 100% rename from download_certificates.sh rename to openshift-resources/download_certificates.sh From aa8083770947a6e5532f9d07e757cc8f3990dc29 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 27 Feb 2024 10:51:34 -0800 Subject: [PATCH 5/7] Remove unused example properties --- .../src/main/resources/application.properties | 89 ------------------- 1 file changed, 89 deletions(-) delete mode 100644 example/src/main/resources/application.properties diff --git a/example/src/main/resources/application.properties b/example/src/main/resources/application.properties deleted file mode 100644 index 120b1a1..0000000 --- a/example/src/main/resources/application.properties +++ /dev/null @@ -1,89 +0,0 @@ -# See authenticator module for example configuration -mms.admin.username=test -mms.admin.password=test - -mms.stream.batch.size=100000 - -#Comma Separated list of allowed cross site origins -cors.allowed.origins=* - -jwt.secret=d8448f7ad828fe0ed27fffd01059fec974464594fc832c5b50a0c9cdd073b8c8 -jwt.expiration=86400 -jwt.header=Authorization - -# See ldap module for example configuration -ldap.provider.base=dc=directory,dc=openmbee,dc=org -ldap.provider.url=ldaps://ldap.openmbee.org -ldap.provider.userdn= -ldap.provider.password= -ldap.user.dn.pattern=uid={0},ou=personnel -ldap.user.attributes.username= -ldap.user.attributes.email= -ldap.user.attributes.firstname= -ldap.user.attributes.lastname= -ldap.user.attributes.update=24 -ldap.group.role.attribute=cn -ldap.group.search.base=ou=groups -ldap.group.search.filter=uniqueMember={0} - -# See core module for example configuration -spring.datasource.url=jdbc:postgresql://localhost:5432 -#spring.datasource.url=jdbc:mysql://localhost:3306 -spring.datasource.database=mms -spring.datasource.username=mmsuser -spring.datasource.password=test1234 -spring.datasource.driver-class-name=org.postgresql.Driver -#spring.datasource.driver-class-name=com.mysql.jdbc.Driver -spring.datasource.initialization-mode=always - -# The SQL dialect makes Hibernate generate better SQL for the chosen database -spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL10Dialect -#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialect -#spring.jpa.properties.hibernate.dialect.storage_engine=innodb - -# Hibernate ddl auto (create, create-drop, validate, update) -spring.jpa.hibernate.ddl-auto=update -spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true -spring.jpa.open-in-view=false - -spring.main.allow-bean-definition-overriding=true -spring.main.allow-circular-references=true -spring.mvc.pathmatch.matching-strategy=ant_path_matcher - -#Configuration for Elasticsearch -elasticsearch.host=localhost -elasticsearch.port=9200 -elasticsearch.http=http -elasticsearch.index.element=mms -elasticsearch.limit.insert=80 -elasticsearch.limit.result=10000 -elasticsearch.limit.term=1000 -elasticsearch.limit.scrollTimeout=1000 -elasticsearch.limit.get=100000 -elasticsearch.limit.index=5000 -elasticsearch.limit.commit=100000 - -#Configuration for TWC -#port is for REST interface -#aliases are for clustered usages -twc.instances[0].url=dev-twc-03.domain.com -twc.instances[0].protocol=https -twc.instances[0].port=8111 -twc.instances[0].aliases[0]=dev-twc-02.domain.com -twc.instances[0].aliases[1]=dev-twc-01.domain.com - -springdoc.swagger-ui.path=/v3/swagger-ui.html -#For sorting endpoints alphabetically -springdoc.swagger-ui.operationsSorter=alpha -#For sorting tags alphabetically -springdoc.swagger-ui.tagsSorter=alpha -springdoc.default-produces-media-type=application/json -springdoc.swagger-ui.displayOperationId=true - -s3.endpoint=http://localhost:9000 -s3.access_key=admintest -s3.secret_key=admintest -s3.region=optional -s3.bucket=optional - -spring.main.allow-bean-definition-overriding=true \ No newline at end of file From 454488d0fd1a813e50a3850a91ce5a882e4b1e46 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 27 Feb 2024 10:56:24 -0800 Subject: [PATCH 6/7] Restore original Dockerfile and move openshift specific dockerfile to openshift directory --- Dockerfile | 143 ++----------------------------- openshift-resources/Dockerfile | 151 +++++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 138 deletions(-) create mode 100644 openshift-resources/Dockerfile diff --git a/Dockerfile b/Dockerfile index 8eaffa3..9b14737 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,151 +1,18 @@ -FROM URIHERE/buildpack-deps:bullseye AS config +FROM openjdk:17.0.2-slim as build -ARG NEXUS_USERNAME -ARG NEXUS_PASSWORD - -ENV YELLOW_TEXT='\033[33m' -ENV BLUE_TEXT='\033[34m' -ENV RESET_TEXT='\033[0m' - -RUN echo -e "${BLUE_TEXT}}First Stage Build${RESET_TEXT}" - -# Download certificates using wget -RUN echo -e "${YELLOW_TEXT}Downloading certificates from using wget${RESET_TEXT}" -RUN wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF -RUN wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/dod/latest/ -P /usr/local/share/ca-certificates/WCF - -# Update ca-certificates -RUN echo -e "${YELLOW_TEXT}Updating ca-certificates${RESET_TEXT}" -RUN update-ca-certificates - -# Grabs MAVEN proxy -RUN mkdir -p /root/.m2 -RUN wget --no-check-certificate -O /root/.m2/settings.xml URIHERE/config/maven/settings.xml -RUN echo -e "${YELLOW_TEXT}Updating Maven settings.xml with NEXUS credentials${RESET_TEXT}" -RUN sed -i.bak "s/nexus_username<\/username>/$NEXUS_USERNAME<\/username>/g" /root/.m2/settings.xml -RUN sed -i.bak "s/nexus_password<\/password>/$NEXUS_PASSWORD<\/password>/g" /root/.m2/settings.xml - -# Grabs alpine proxy -RUN wget --no-check-certificate -O /usr/local/share/repositories URIHERE//config/alpine/alpine_16-sources.list -RUN sed -i "s//$NEXUS_USERNAME/g" /usr/local/share/repositories -RUN sed -i "s//$NEXUS_PASSWORD/g" /usr/local/share/repositories - -# Use a base image that includes the necessary tools (e.g., curl, unzip) -FROM URIHERE/amazoncorretto:17-alpine-jdk AS build - -ENV YELLOW_TEXT='\033[33m' -ENV BLUE_TEXT='\033[34m' -ENV RESET_TEXT='\033[0m' - - -RUN echo -e "${BLUE_TEXT}Second Stage Build${RESET_TEXT}" - -COPY --from=config /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=config /usr/local/share/ca-certificates/WCF /usr/local/share/ca-certificates/WCF -COPY --from=config /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf -COPY --from=config /usr/local/share/repositories /usr/local/share/repositories -COPY --from=config /root/.m2/settings.xml /root/.m2/settings.xml - -COPY certs.sh . -RUN chmod +x certs.sh -RUN ./certs.sh - -# Echo statement for ARGs -RUN echo -e "${YELLOW_TEXT}Setting ARGs for environment variables${RESET_TEXT}" - -ENV GITLAB_ACCESS_TOKEN=$GITLAB_ACCESS_TOKEN -ENV GITLAB_URL=$GITLAB_URL - -# COMMENTED OUT SINCE NO LONGER NEED MAVEN. TO INCLUDE UNCOMMENT BLOCK ON LINE 19 AND ADD COPY COMMAND -# RUN apk add maven -# RUN mvn dependency:purge-local-repository -# RUN ./gradlew build --refresh-dependencies -# RUN ./gradlew clean verify - -# # Doing a two stage build like this helps eliminate vulnerablilite that may come along with build tools. WORKDIR application COPY . . - -RUN echo -e "${YELLOW_TEXT}Cleaning Build and Pull Depenencies...${RESET_TEXT}" -# RUN ./gradlew clean -# RUN ./gradlew --refresh-dependencies - -RUN echo -e "${YELLOW_TEXT}Building application using Gradle...${RESET_TEXT}" -# RUN ./gradlew tasks RUN ./gradlew --no-daemon bootJar - -RUN echo -e "${YELLOW_TEXT}Copying and extracting application JAR using jarmode...${RESET_TEXT}" -RUN cp build/libs/mmsri-4.0.18.jar app.jar - -RUN ls -lah - -#RUN apk add --no-cache findutils -#RUN find . -type f -name mms*.jar -not -iname '*javadoc*' -not -iname '*sources*' exec cp '{}' 'app.jar' ';' -#RUN find . -type f -name 'mms*.jar' -not -iname '*javadoc*' -not -iname '*sources*' -exec cp '{}' 'app.jar' ';' +RUN find . -type f -name mms*.jar -not -iname '*javadoc*' -not -iname '*sources*' -exec cp '{}' 'app.jar' ';' RUN java -Djarmode=layertools -jar app.jar extract -RUN ls -lah - -#make folder and copy project -#RUN mkdir /project -#COPY . /project -#WORKDIR /project - -# NOT NEEDED UNLESS WE USE MAVEN -# RUN mvn clean package - -FROM URIHERE/amazoncorretto:17-alpine-jdk as app_runner - -ENV YELLOW_TEXT='\033[33m' -ENV BLUE_TEXT='\033[34m' -ENV RESET_TEXT='\033[0m' - -RUN echo -e "${BLUE_TEXT}Third Stage Build${RESET_TEXT}" - -COPY --from=config /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=config /usr/local/share/ca-certificates/WCF /usr/local/share/ca-certificates/WCF -COPY --from=config /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf -COPY --from=config /usr/local/share/repositories /usr/local/share/repositories - -# Re add certs -COPY certs.sh . -RUN chmod +x certs.sh -RUN ./certs.sh - -# Create self signed url for -#RUN apk --no-cache add openssl -#RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/key.pem -out /etc/ssl/certs/cert.pem -subj "/CN=openmbee-mms.openmbee.svc.cluster.local" - -RUN echo -e "${YELLOW_TEXT}Upgrading apk & installing procps${RESET_TEXT}" -RUN apk upgrade -q && apk add -q procps - -RUN ls -lah - -# RUN tree || true +FROM openjdk:17.0.2-slim WORKDIR application -RUN ls -lah - +RUN apt-get update && apt-get install -y procps COPY --from=build application/dependencies/ ./ COPY --from=build application/spring-boot-loader/ ./ COPY --from=build application/snapshot-dependencies/ ./ COPY --from=build application/application/ ./ -#COPY --from=build ./ ./app.jar -#COPY --from=build build/libs/mmsri-4.0.18.jar ./build/libs/mmsri-4.0.18.jar -#CMD ["java","-jar","/build/libs/mmsri-4.0.18.jar"] -#EXPOSE 8080 - -#Java Commands from OpenMBEE MMSRI ENV JDK_JAVA_OPTIONS "-XX:MaxRAMPercentage=90.0 -XX:+PrintFlagsFinal -XX:+UseZGC" -#ENV SPRING_PROFILES_ACTIVE=test ENTRYPOINT ["java", "--add-opens", "java.base/java.lang=ALL-UNNAMED", "org.springframework.boot.loader.JarLauncher"] -EXPOSE 5000 -# COPY --from=application-builder application/dependencies/ ./ -# COPY --from=application-builder application/spring-boot-loader/ ./ -# COPY --from=application-builder application/snapshot-dependencies/ ./ -# COPY --from=application-builder application/application/ ./ - -# # These commands update and upgrade the underlying os of the container, thus helping to eliminate os level vulnerabilites. -# # RUN apk upgrade -# EXPOSE 8080 -# # CMD ["java","-jar","/project/target/colosseo-api-toolbelt-0.0.1-SNAPSHOT.jar"] -# CMD ["java","-jar","app.jar"] +EXPOSE 8080 diff --git a/openshift-resources/Dockerfile b/openshift-resources/Dockerfile new file mode 100644 index 0000000..8eaffa3 --- /dev/null +++ b/openshift-resources/Dockerfile @@ -0,0 +1,151 @@ +FROM URIHERE/buildpack-deps:bullseye AS config + +ARG NEXUS_USERNAME +ARG NEXUS_PASSWORD + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + +RUN echo -e "${BLUE_TEXT}}First Stage Build${RESET_TEXT}" + +# Download certificates using wget +RUN echo -e "${YELLOW_TEXT}Downloading certificates from using wget${RESET_TEXT}" +RUN wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/wcf/latest/crt/ -P /usr/local/share/ca-certificates/WCF +RUN wget --no-check-certificate -r -np -nd -R "index.html*" URIHERE/dod/latest/ -P /usr/local/share/ca-certificates/WCF + +# Update ca-certificates +RUN echo -e "${YELLOW_TEXT}Updating ca-certificates${RESET_TEXT}" +RUN update-ca-certificates + +# Grabs MAVEN proxy +RUN mkdir -p /root/.m2 +RUN wget --no-check-certificate -O /root/.m2/settings.xml URIHERE/config/maven/settings.xml +RUN echo -e "${YELLOW_TEXT}Updating Maven settings.xml with NEXUS credentials${RESET_TEXT}" +RUN sed -i.bak "s/nexus_username<\/username>/$NEXUS_USERNAME<\/username>/g" /root/.m2/settings.xml +RUN sed -i.bak "s/nexus_password<\/password>/$NEXUS_PASSWORD<\/password>/g" /root/.m2/settings.xml + +# Grabs alpine proxy +RUN wget --no-check-certificate -O /usr/local/share/repositories URIHERE//config/alpine/alpine_16-sources.list +RUN sed -i "s//$NEXUS_USERNAME/g" /usr/local/share/repositories +RUN sed -i "s//$NEXUS_PASSWORD/g" /usr/local/share/repositories + +# Use a base image that includes the necessary tools (e.g., curl, unzip) +FROM URIHERE/amazoncorretto:17-alpine-jdk AS build + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + + +RUN echo -e "${BLUE_TEXT}Second Stage Build${RESET_TEXT}" + +COPY --from=config /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=config /usr/local/share/ca-certificates/WCF /usr/local/share/ca-certificates/WCF +COPY --from=config /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf +COPY --from=config /usr/local/share/repositories /usr/local/share/repositories +COPY --from=config /root/.m2/settings.xml /root/.m2/settings.xml + +COPY certs.sh . +RUN chmod +x certs.sh +RUN ./certs.sh + +# Echo statement for ARGs +RUN echo -e "${YELLOW_TEXT}Setting ARGs for environment variables${RESET_TEXT}" + +ENV GITLAB_ACCESS_TOKEN=$GITLAB_ACCESS_TOKEN +ENV GITLAB_URL=$GITLAB_URL + +# COMMENTED OUT SINCE NO LONGER NEED MAVEN. TO INCLUDE UNCOMMENT BLOCK ON LINE 19 AND ADD COPY COMMAND +# RUN apk add maven +# RUN mvn dependency:purge-local-repository +# RUN ./gradlew build --refresh-dependencies +# RUN ./gradlew clean verify + +# # Doing a two stage build like this helps eliminate vulnerablilite that may come along with build tools. +WORKDIR application +COPY . . + +RUN echo -e "${YELLOW_TEXT}Cleaning Build and Pull Depenencies...${RESET_TEXT}" +# RUN ./gradlew clean +# RUN ./gradlew --refresh-dependencies + +RUN echo -e "${YELLOW_TEXT}Building application using Gradle...${RESET_TEXT}" +# RUN ./gradlew tasks +RUN ./gradlew --no-daemon bootJar + +RUN echo -e "${YELLOW_TEXT}Copying and extracting application JAR using jarmode...${RESET_TEXT}" +RUN cp build/libs/mmsri-4.0.18.jar app.jar + +RUN ls -lah + +#RUN apk add --no-cache findutils +#RUN find . -type f -name mms*.jar -not -iname '*javadoc*' -not -iname '*sources*' exec cp '{}' 'app.jar' ';' +#RUN find . -type f -name 'mms*.jar' -not -iname '*javadoc*' -not -iname '*sources*' -exec cp '{}' 'app.jar' ';' +RUN java -Djarmode=layertools -jar app.jar extract + +RUN ls -lah + +#make folder and copy project +#RUN mkdir /project +#COPY . /project +#WORKDIR /project + +# NOT NEEDED UNLESS WE USE MAVEN +# RUN mvn clean package + +FROM URIHERE/amazoncorretto:17-alpine-jdk as app_runner + +ENV YELLOW_TEXT='\033[33m' +ENV BLUE_TEXT='\033[34m' +ENV RESET_TEXT='\033[0m' + +RUN echo -e "${BLUE_TEXT}Third Stage Build${RESET_TEXT}" + +COPY --from=config /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=config /usr/local/share/ca-certificates/WCF /usr/local/share/ca-certificates/WCF +COPY --from=config /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf +COPY --from=config /usr/local/share/repositories /usr/local/share/repositories + +# Re add certs +COPY certs.sh . +RUN chmod +x certs.sh +RUN ./certs.sh + +# Create self signed url for +#RUN apk --no-cache add openssl +#RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/key.pem -out /etc/ssl/certs/cert.pem -subj "/CN=openmbee-mms.openmbee.svc.cluster.local" + +RUN echo -e "${YELLOW_TEXT}Upgrading apk & installing procps${RESET_TEXT}" +RUN apk upgrade -q && apk add -q procps + +RUN ls -lah + +# RUN tree || true +WORKDIR application +RUN ls -lah + +COPY --from=build application/dependencies/ ./ +COPY --from=build application/spring-boot-loader/ ./ +COPY --from=build application/snapshot-dependencies/ ./ +COPY --from=build application/application/ ./ +#COPY --from=build ./ ./app.jar +#COPY --from=build build/libs/mmsri-4.0.18.jar ./build/libs/mmsri-4.0.18.jar +#CMD ["java","-jar","/build/libs/mmsri-4.0.18.jar"] +#EXPOSE 8080 + +#Java Commands from OpenMBEE MMSRI +ENV JDK_JAVA_OPTIONS "-XX:MaxRAMPercentage=90.0 -XX:+PrintFlagsFinal -XX:+UseZGC" +#ENV SPRING_PROFILES_ACTIVE=test +ENTRYPOINT ["java", "--add-opens", "java.base/java.lang=ALL-UNNAMED", "org.springframework.boot.loader.JarLauncher"] +EXPOSE 5000 +# COPY --from=application-builder application/dependencies/ ./ +# COPY --from=application-builder application/spring-boot-loader/ ./ +# COPY --from=application-builder application/snapshot-dependencies/ ./ +# COPY --from=application-builder application/application/ ./ + +# # These commands update and upgrade the underlying os of the container, thus helping to eliminate os level vulnerabilites. +# # RUN apk upgrade +# EXPOSE 8080 +# # CMD ["java","-jar","/project/target/colosseo-api-toolbelt-0.0.1-SNAPSHOT.jar"] +# CMD ["java","-jar","app.jar"] From 0708c9d0aec087a34082eeb3b44c3c39bcc2d8fd Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 27 Feb 2024 10:59:11 -0800 Subject: [PATCH 7/7] Remove mms library docs and restore mmsri docs --- docs/deployment.rst | 17 --------- docs/modules/artifacts.rst | 1 - docs/modules/authenticator.rst | 1 - docs/modules/cameo.rst | 1 - docs/modules/core.rst | 1 - docs/modules/crud.rst | 1 - docs/modules/data.rst | 1 - docs/modules/elastic.rst | 1 - docs/modules/groups.rst | 1 - docs/modules/index.rst | 14 ------- docs/modules/json.rst | 1 - docs/modules/jupyter.rst | 1 - docs/modules/ldap.rst | 1 - docs/modules/localuser.rst | 1 - docs/modules/permissions.rst | 1 - docs/modules/rdb.rst | 1 - docs/modules/search.rst | 1 - docs/modules/storage.rst | 1 - docs/modules/twc.rst | 1 - docs/modules/webhooks.rst | 1 - docs/quickstart.rst | 69 ---------------------------------- 21 files changed, 118 deletions(-) delete mode 100644 docs/deployment.rst delete mode 100644 docs/modules/artifacts.rst delete mode 100644 docs/modules/authenticator.rst delete mode 100644 docs/modules/cameo.rst delete mode 100644 docs/modules/core.rst delete mode 100644 docs/modules/crud.rst delete mode 100644 docs/modules/data.rst delete mode 100644 docs/modules/elastic.rst delete mode 100644 docs/modules/groups.rst delete mode 100644 docs/modules/index.rst delete mode 100644 docs/modules/json.rst delete mode 100644 docs/modules/jupyter.rst delete mode 100644 docs/modules/ldap.rst delete mode 100644 docs/modules/localuser.rst delete mode 100644 docs/modules/permissions.rst delete mode 100644 docs/modules/rdb.rst delete mode 100644 docs/modules/search.rst delete mode 100644 docs/modules/storage.rst delete mode 100644 docs/modules/twc.rst delete mode 100644 docs/modules/webhooks.rst delete mode 100644 docs/quickstart.rst diff --git a/docs/deployment.rst b/docs/deployment.rst deleted file mode 100644 index 6b76d31..0000000 --- a/docs/deployment.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. _deployment: - -========== -Deployment -========== - -Bare Metal ----------- -:: - - java -jar mms-4.0.0.jar - -Docker ------- -:: - - docker run mms diff --git a/docs/modules/artifacts.rst b/docs/modules/artifacts.rst deleted file mode 100644 index 958c746..0000000 --- a/docs/modules/artifacts.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../artifacts/README.rst \ No newline at end of file diff --git a/docs/modules/authenticator.rst b/docs/modules/authenticator.rst deleted file mode 100644 index b84a0b0..0000000 --- a/docs/modules/authenticator.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../authenticator/README.rst \ No newline at end of file diff --git a/docs/modules/cameo.rst b/docs/modules/cameo.rst deleted file mode 100644 index 2a170d3..0000000 --- a/docs/modules/cameo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../cameo/README.rst \ No newline at end of file diff --git a/docs/modules/core.rst b/docs/modules/core.rst deleted file mode 100644 index 96de145..0000000 --- a/docs/modules/core.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../core/README.rst \ No newline at end of file diff --git a/docs/modules/crud.rst b/docs/modules/crud.rst deleted file mode 100644 index 32e7b5c..0000000 --- a/docs/modules/crud.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../crud/README.rst \ No newline at end of file diff --git a/docs/modules/data.rst b/docs/modules/data.rst deleted file mode 100644 index 14d6011..0000000 --- a/docs/modules/data.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../data/README.rst \ No newline at end of file diff --git a/docs/modules/elastic.rst b/docs/modules/elastic.rst deleted file mode 100644 index 7b36dc9..0000000 --- a/docs/modules/elastic.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../elastic/README.rst \ No newline at end of file diff --git a/docs/modules/groups.rst b/docs/modules/groups.rst deleted file mode 100644 index d015585..0000000 --- a/docs/modules/groups.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../groups/README.rst \ No newline at end of file diff --git a/docs/modules/index.rst b/docs/modules/index.rst deleted file mode 100644 index cdf87d3..0000000 --- a/docs/modules/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. _modules: - -======= -Modules -======= - -This section is for the individual modules currently available for MMS. - -.. toctree:: - :maxdepth: 2 - :caption: Modules - :glob: - - * \ No newline at end of file diff --git a/docs/modules/json.rst b/docs/modules/json.rst deleted file mode 100644 index feba406..0000000 --- a/docs/modules/json.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../json/README.rst \ No newline at end of file diff --git a/docs/modules/jupyter.rst b/docs/modules/jupyter.rst deleted file mode 100644 index c44e6eb..0000000 --- a/docs/modules/jupyter.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../jupyter/README.rst \ No newline at end of file diff --git a/docs/modules/ldap.rst b/docs/modules/ldap.rst deleted file mode 100644 index 27acf0b..0000000 --- a/docs/modules/ldap.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../ldap/README.rst \ No newline at end of file diff --git a/docs/modules/localuser.rst b/docs/modules/localuser.rst deleted file mode 100644 index 352f2ce..0000000 --- a/docs/modules/localuser.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../localuser/README.rst \ No newline at end of file diff --git a/docs/modules/permissions.rst b/docs/modules/permissions.rst deleted file mode 100644 index 6130ddc..0000000 --- a/docs/modules/permissions.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../permissions/README.rst \ No newline at end of file diff --git a/docs/modules/rdb.rst b/docs/modules/rdb.rst deleted file mode 100644 index 2662570..0000000 --- a/docs/modules/rdb.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../rdb/README.rst \ No newline at end of file diff --git a/docs/modules/search.rst b/docs/modules/search.rst deleted file mode 100644 index 3e1155f..0000000 --- a/docs/modules/search.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../search/README.rst \ No newline at end of file diff --git a/docs/modules/storage.rst b/docs/modules/storage.rst deleted file mode 100644 index 786b828..0000000 --- a/docs/modules/storage.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../storage/README.rst \ No newline at end of file diff --git a/docs/modules/twc.rst b/docs/modules/twc.rst deleted file mode 100644 index 7de72e0..0000000 --- a/docs/modules/twc.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../twc/README.rst \ No newline at end of file diff --git a/docs/modules/webhooks.rst b/docs/modules/webhooks.rst deleted file mode 100644 index a85ed70..0000000 --- a/docs/modules/webhooks.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../webhooks/README.rst \ No newline at end of file diff --git a/docs/quickstart.rst b/docs/quickstart.rst deleted file mode 100644 index ebe9cb0..0000000 --- a/docs/quickstart.rst +++ /dev/null @@ -1,69 +0,0 @@ -.. _quickstart: - -=========== -Quick Start -=========== - -This quick start will focus on running all dependencies and the MMS application as docker containers. This is most suitable for testing environments. For production deployments, we recommend the `MMS Reference Implementation `_ as a starting point. - -Dependencies ------------- - - Docker - We suggest using Docker to set up PostgreSQL and Elasticsearch. Installation instructions are found here: `Docker documentation `_ - - Java SE Development Kit 11+ - Installation instructions: `JDK-11 download `_ - - Postgresql or Mysql 5.7 - Install postgres (PostgreSQL) 11, instructions for Docker: `PostgreSQL with Docker `_ - :: - - docker run -d -e POSTGRES_PASSWORD=test1234 -e POSTGRES_USER=mmsuser -e POSTGRES_DB=mms -p 5432:5432 --name=postgres postgres:11-alpine - - Or mysql: `Mysql with Docker `_ - :: - - docker run -d -e MYSQL_ROOT_PASSWORD=test1234 -e MYSQL_DATABASE=mms -p 3306:3306 --name=mysql mysql:5.7 - - Elasticsearch - Install Elasticsearch 7.8. If you use Docker instructions are available here: `Setting up Elasticsearch with Docker `_ - :: - - docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" --name=elasticsearch docker.elastic.co/elasticsearch/elasticsearch:7.8.1 - - MinIO - Install MinIO for artifact storage. `Instructions for MinIO `_ - :: - - docker run -d -p 9000:9000 -e "MINIO_ACCESS_KEY=admintest" -e "MINIO_SECRET_KEY=admintest" --name=minio minio/minio server /data - -Running MMS ------------ - - Configure the application - Each module of MMS can define configuration properties required to function. These properties can be defined in a single location, by default, called application.properties. Place application.properties in the classpath for MMS to use the defined values. For an example, see `example application.properties `_ - Alternatively, the properties file can be given by defining the environment variable `SPRING_CONFIG_LOCATION`. - - Run the application - First, create a container from an MMS image. In the example below, the container is using the host network for simplicity. - :: - - docker create --name=mms --network="host" -e "SPRING_CONFIG_LOCATION=/mms.properties" openmbee/mms:4.0.0-b5 - - Copy properties - If using the above command, copy the properties file to the defined spring config location. - :: - - docker cp mms.properties mms:/mms.properties - - Start the container - Finally, start the container with the injected properties file. - :: - - docker start mms - -More Information ----------------- - - For more information and hints, check the `docker-compose.yml `_ in the project root to see how we stand up an instance for testing purposes. \ No newline at end of file