add aias configurations and start

gisaia · Oct 8, 2024 · 631d3d3 · 631d3d3
1 parent bb155ef
commit 631d3d3
Show file tree

Hide file tree

Showing 29 changed files with 371 additions and 249 deletions.
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,4 @@ conf/apisix/apisix.generated.yaml
 conf/apisix/apisix.generated.tmp.yaml
 sample/dashboard.generated.json
 tmp/
+docker-compose.env
diff --git a/conf/aias.env b/conf/aias.env
@@ -6,7 +6,7 @@ AIRS_S3_ACCESS_KEY_ID=airs
 AIRS_S3_ASSET_HTTP_ENDPOINT_URL=http://minio:9000/{}/{}
 AIRS_S3_BUCKET=airs
 AIRS_S3_SECRET_ACCESS_KEY=airssecret
-AIRS_STORAGE_DIRECTORY=
+AIRS_STORAGE_DIRECTORY=arlas-data-minio
 AIRS_S3_ENDPOINT_URL=http://minio:9000
 
 APROC_DOWNLOAD_DIR=/tmp/outbox
@@ -48,6 +48,23 @@ APROC_INDEX_NAME=aproc_downloads
 APROC_RESOURCE_ID_HASH_STARTS_AT=1
 ARLAS_URL_SEARCH="http://arlas-server:9999/arlas/explore/{collection}/_search?f=id:eq:{item}"
 
+
+ARLAS_FAM_LINKS='
+        [
+            {
+                "name":"Hub",
+                "url":"/hub/",
+                "icon":"hub",
+                "check_url": "/arlas_persistence_server/healthcheck"
+            },
+            {
+                "name":"IAM",
+                "url":"/iam/",
+                "icon":"manage_accounts",
+                "check_url": "/arlas_iam_server/healthcheck"
+            }
+        ]'
+
 #AIRS_HOST=
 #AIRS_INDEX_COLLECTION_PREFIX=
 #AIRS_MAPPING_URL=

diff --git a/conf/aias/drivers.yaml b/conf/aias/drivers.yaml
@@ -56,30 +56,18 @@ drivers:
       tmp_directory: $TMP_FOLDER|/tmp
     priority: 8
 
-
   -
-    name: theia
-    class_name: extensions.aproc.proc.ingest.drivers.impl.theia
-    assets_dir: /tmp/aproc/theia
+    name: tiff
+    class_name: extensions.aproc.proc.ingest.drivers.impl.tiff
+    assets_dir: /tmp/aproc/tiff
     configuration:
-      token_url: https://theia.cnes.fr/atdistrib/services/authenticate/
-      login: $THEIA_LOGIN
-      pwd: $THEIA_PWD
-      manage_data: false
-    priority: 7
-
-  # -
-  #   name: tiff
-  #   class_name: extensions.aproc.proc.ingest.drivers.impl.tiff
-  #   assets_dir: /tmp/aproc/tiff
-  #   configuration:
-  #     tmp_directory: $TMP_FOLDER|/tmp
-  #   priority: 9
+      tmp_directory: $TMP_FOLDER|/tmp
+    priority: 9
 
-  # -
-  #   name: jpeg2000
-  #   class_name: extensions.aproc.proc.ingest.drivers.impl.jpeg2000
-  #   assets_dir: /tmp/aproc/jpeg2000
-  #   configuration:
-  #     tmp_directory: $TMP_FOLDER|/tmp
-  #   priority: 10
+  -
+    name: jpeg2000
+    class_name: extensions.aproc.proc.ingest.drivers.impl.jpeg2000
+    assets_dir: /tmp/aproc/jpeg2000
+    configuration:
+      tmp_directory: $TMP_FOLDER|/tmp
+    priority: 10
diff --git a/conf/apisix/apisix.yaml b/conf/apisix/apisix.yaml
@@ -337,6 +337,143 @@ routes:
             Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
             # Fix CWE Id: 693
             X-Content-Type-Options: nosniff
+  -
+    uri: /fam-wui
+    plugins:
+      redirect:
+        uri: /fam-wui/
+      response-rewrite:
+        headers: 
+          set:
+            # Fix CWE Id: 693
+            Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
+            # Fix CWE Id: 200
+            Server: "ARLAS services"
+            # Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
+            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+            # Fix CWE Id: 693
+            X-Content-Type-Options: nosniff
+  -
+    uri: /fam-wui/*
+    upstream:
+      nodes:
+        "arlas-fam-wui:80": 1
+    plugins:
+      response-rewrite:
+        headers: 
+          set:
+            # Fix CWE Id: 693
+            Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
+            # Fix CWE Id: 1021
+            X-Frame-Options: "DENY"
+            # Fix CWE Id: 693 // The () means those resources are not allowed.
+            Permissions-Policy: accelerometer=(), camera=(), microphone=(), geolocation=(), usb=()
+            # Fix CWE Id: 200
+            Server: "ARLAS services"
+            # Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
+            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+            # Fix CWE Id: 693
+            X-Content-Type-Options: nosniff
+      proxy-rewrite:
+        regex_uri: ["/fam-wui/(.*)", "/$1"]
+  -
+    uri: /agate/healthcheck
+    methods: ["GET"]
+    upstream:
+      nodes:
+        "agate:8004": 1
+  -
+    uri: /airs-storage/*
+    methods: ["GET"]
+    upstream:
+      nodes:
+        "minio:9000": 1
+    plugins:
+      forward-auth:
+        uri: http://agate:8004/agate/authorization
+        request_headers: ["Authorization", "arlas-org-filter"]
+  -
+    uri: /fam/*
+    upstream:
+      nodes:
+        "fam-service:8005": 1
+    plugins:
+      forward-auth:
+        uri: http://arlas-iam-server:9998/arlas_iam_server/auth
+        request_headers: ["Authorization", "arlas-org-filter"]
+  -
+    uri: /fam/files
+    upstream:
+      nodes:
+        "fam-service:8005": 1
+    plugins:
+      forward-auth:
+        uri: http://arlas-iam-server:9998/arlas_iam_server/auth
+        request_headers: ["Authorization", "arlas-org-filter"]
+      # proxy-rewrite:
+      #   headers: 
+      #     set:
+      #       # Fix CWE Id: 1021
+      #       Access-Control-Allow-Origin: "https://${ARLAS_HOST}"
+      # response-rewrite:
+      #   headers: 
+      #     set:
+      #       # Fix CWE Id: 693
+      #       Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
+      #       # Fix CWE Id: 200
+      #       Server: "ARLAS services"
+      #       # Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
+      #       Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+      #       # Fix CWE Id: 693
+      #       X-Content-Type-Options: nosniff
+  -
+    uri: /airs/healthcheck
+    methods: ["GET"]
+    upstream:
+      nodes:
+        "airs-server:8000": 1
+  -
+    uri: /airs/collections/*
+    upstream:
+      nodes:
+        "airs-server:8000": 1
+    plugins:
+      forward-auth:
+        uri: http://arlas-iam-server:9998/arlas_iam_server/auth
+        request_headers: ["Authorization", "arlas-org-filter"]
+  -
+    uri: /aproc/healthcheck
+    methods: ["GET"]
+    upstream:
+      nodes:
+        "aproc-service:8001": 1
+  -
+    uri: /aproc/processes/*
+    upstream:
+      nodes:
+        "aproc-service:8001": 1
+    plugins:
+      forward-auth:
+        uri: http://arlas-iam-server:9998/arlas_iam_server/auth
+        request_headers: ["Authorization", "arlas-org-filter"]
+  -
+    uri: /aproc/jobs
+    upstream:
+      nodes:
+        "aproc-service:8001": 1
+    plugins:
+      forward-auth:
+        uri: http://arlas-iam-server:9998/arlas_iam_server/auth
+        request_headers: ["Authorization", "arlas-org-filter"]
+  -
+    uri: /aproc/jobs/*
+    upstream:
+      nodes:
+        "aproc-service:8001": 1
+    plugins:
+      forward-auth:
+        uri: http://arlas-iam-server:9998/arlas_iam_server/auth
+        request_headers: ["Authorization", "arlas-org-filter"]
 ssls:
   -
     snis:

diff --git a/conf/apisix/apisix_part_aias_services.yaml b/conf/apisix/apisix_part_aias_services.yaml
@@ -62,23 +62,31 @@
       forward-auth:
         uri: http://arlas-iam-server:9998/arlas_iam_server/auth
         request_headers: ["Authorization", "arlas-org-filter"]
-      proxy-rewrite:
-        headers: 
-          set:
-            # Fix CWE Id: 1021
-            Access-Control-Allow-Origin: "https://${ARLAS_HOST}"
-      response-rewrite:
-        headers: 
-          set:
-            # Fix CWE Id: 693
-            Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
-            # Fix CWE Id: 200
-            Server: "ARLAS services"
-            # Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
-            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
-            # Fix CWE Id: 693
-            X-Content-Type-Options: nosniff
-
+  -
+    uri: /fam/files
+    upstream:
+      nodes:
+        "fam-service:8005": 1
+    plugins:
+      forward-auth:
+        uri: http://arlas-iam-server:9998/arlas_iam_server/auth
+        request_headers: ["Authorization", "arlas-org-filter"]
+      # proxy-rewrite:
+      #   headers: 
+      #     set:
+      #       # Fix CWE Id: 1021
+      #       Access-Control-Allow-Origin: "https://${ARLAS_HOST}"
+      # response-rewrite:
+      #   headers: 
+      #     set:
+      #       # Fix CWE Id: 693
+      #       Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
+      #       # Fix CWE Id: 200
+      #       Server: "ARLAS services"
+      #       # Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
+      #       Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+      #       # Fix CWE Id: 693
+      #       X-Content-Type-Options: nosniff
   -
     uri: /airs/healthcheck
     methods: ["GET"]