Merge branch 'develop' into MOSIP-31576-automation-issue

README.md

@@ -25,8 +25,27 @@ The project requires JDK 1.21.
 ## Configuration
 Refer to the [configuration guide](docs/configuration.md).
 
-## Deploy
-To deploy PMS on Kubernetes cluster using Dockers refer to [Sandbox Deployment](https://docs.mosip.io/1.2.0/deployment/sandbox-deployment).
+## Deployment in K8 cluster with other MOSIP services:
+### Pre-requisites
+* Set KUBECONFIG variable to point to existing K8 cluster kubeconfig file:
+    ```
+    export KUBECONFIG=~/.kube/<k8s-cluster.config>
+    ```
+### Install
+  ```
+    $ cd deploy
+    $ ./install.sh
+   ```
+### Delete
+  ```
+    $ cd deploy
+    $ ./delete.sh
+   ```
+### Restart
+  ```
+    $ cd deploy
+    $ ./restart.sh
+   ```
 
 ## Test
 Automated functional tests available in [Functional Tests repo](https://github.com/mosip/mosip-functional-tests).

deploy/copy_cm_func.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# Copy configmap and secret from one namespace to another.
+# ./copy_cm_func.sh <resource> <configmap_name> <source_namespace> <destination_namespace> [name]
+# Parameters:
+#   resource: configmap|secret
+#   name: Optional new name of the configmap or secret in destination namespace.  This may be needed if there is
+#         clash of names
+
+if [ $1 = "configmap" ]
+then
+  RESOURCE=configmap
+elif [ $1 = "secret" ]
+then
+  RESOURCE=secret
+else
+  echo "Incorrect resource $1. Exiting.."
+  exit 1
+fi
+
+
+if [ $# -ge 5 ]
+then
+   kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5
+   kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f -
+else
+   kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2
+   kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" |  kubectl -n $4 create -f -
+fi

deploy/ida-apitestrig/README.md

@@ -0,0 +1,44 @@
+# APITESTRIG
+
+## Introduction
+ApiTestRig will test the working of APIs of the MOSIP modules.
+
+## Install
+* Review `values.yaml` and, Make sure to enable required modules for apitestrig operation.
+* Install
+```sh
+./install.sh
+```
+* During the execution of the `install.sh` script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
+* If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process.
+* The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file.
+* This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.
+
+## Uninstall
+* To uninstall ApiTestRig, run `delete.sh` script.
+```sh
+./delete.sh 
+```
+
+## Run apitestrig manually
+
+#### Rancher UI
+* Run apitestrig manually via Rancher UI.
+  ![apitestrig-2.png](../../docs/apitestrig-2.png)
+* There are two modes of apitestrig `smoke` & `smokeAndRegression`.
+* By default, apitestrig will execute with `smokeAndRegression`. <br>
+  If you want to run apitestrig with only `smoke`. <br>
+  You have to update the `apitestrig` configmap and rerun the specific apitestrig job.
+
+#### CLI
+* Download Kubernetes cluster `kubeconfig` file from `rancher dashboard` to your local.
+  ![apitestrig-1.png](../../docs/apitestrig-1.png)
+* Install `kubectl` package to your local machine.
+* Run apitestrig manually via CLI by creating a new job from an existing k8s cronjob.
+  ```
+  kubectl --kubeconfig=<k8s-config-file> -n apitestrig create job --from=cronjob/<cronjob-name> <job-name>
+  ```
+  example:
+  ```
+  kubectl --kubeconfig=/home/xxx/Downloads/qa4.config -n apitestrig create job --from=cronjob/cronjob-apitestrig-masterdata cronjob-apitestrig-masterdata
+  ```

deploy/ida-apitestrig/delete.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Uninstalls apitestrig
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function deleting_apitestrig() {
+  NS=ida
+  while true; do
+      read -p "Are you sure you want to delete apitestrig helm charts?(Y/n) " yn
+      if [ $yn = "Y" ]
+        then
+          helm -n $NS delete ida-apitestrig
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+deleting_apitestrig   # calling function

deploy/ida-apitestrig/install.sh

@@ -0,0 +1,130 @@
+#!/bin/bash
+# Installs apitestrig
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=ida
+CHART_VERSION=0.0.1-develop
+COPY_UTIL=../copy_cm_func.sh
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+function installing_apitestrig() {
+  echo Istio label
+  kubectl label ns $NS istio-injection=disabled --overwrite
+  helm repo update
+
+  echo Copy Configmaps
+  $COPY_UTIL configmap global default $NS
+  $COPY_UTIL configmap keycloak-host keycloak $NS
+  $COPY_UTIL configmap artifactory-share artifactory $NS
+  $COPY_UTIL configmap config-server-share config-server $NS
+
+  echo echo Copy Secrtes
+  $COPY_UTIL secret keycloak-client-secrets keycloak $NS
+  $COPY_UTIL secret s3 s3 $NS
+  $COPY_UTIL secret postgres-postgresql postgres $NS
+
+  echo "Delete s3, db, & apitestrig configmap if exists"
+  kubectl -n $NS delete --ignore-not-found=true configmap s3
+  kubectl -n $NS delete --ignore-not-found=true configmap db
+  kubectl -n $NS delete --ignore-not-found=true configmap apitestrig
+
+  DB_HOST=$( kubectl -n default get cm global -o json  |jq -r '.data."mosip-api-internal-host"' )
+  API_INTERNAL_HOST=$( kubectl -n default get cm global -o json  |jq -r '.data."mosip-api-internal-host"' )
+  ENV_USER=$( kubectl -n default get cm global -o json |jq -r '.data."mosip-api-internal-host"' | awk -F '.' '/api-internal/{print $1"."$2}')
+
+  read -p "Please enter the time(hr) to run the cronjob every day (time: 0-23) : " time
+  if [ -z "$time" ]; then
+     echo "ERROT: Time cannot be empty; EXITING;";
+     exit 1;
+  fi
+  if ! [ $time -eq $time ] 2>/dev/null; then
+     echo "ERROR: Time $time is not a number; EXITING;";
+     exit 1;
+  fi
+  if [ $time -gt 23 ] || [ $time -lt 0 ] ; then
+     echo "ERROR: Time should be in range ( 0-23 ); EXITING;";
+     exit 1;
+  fi
+
+  echo "Do you have public domain & valid SSL? (Y/n) "
+  echo "Y: if you have public domain & valid ssl certificate"
+  echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments."
+  read -p "" flag
+
+  if [ -z "$flag" ]; then
+    echo "'flag' was provided; EXITING;"
+    exit 1;
+  fi
+  ENABLE_INSECURE=''
+  if [ "$flag" = "n" ]; then
+    ENABLE_INSECURE='--set enable_insecure=true';
+  fi
+
+  read -p "Please provide the retention days to remove old reports ( Default: 3 )" reportExpirationInDays
+
+  if [[ -z $reportExpirationInDays ]]; then
+    reportExpirationInDays=3
+  fi
+  if ! [[ $reportExpirationInDays =~ ^[0-9]+$ ]]; then
+    echo "The variable \"reportExpirationInDays\" should contain only number; EXITING";
+    exit 1;
+  fi
+
+  read -p "Please provide slack webhook URL to notify server end issues on your slack channel : " slackWebhookUrl
+
+  if [ -z $slackWebhookUrl ]; then
+    echo "slack webhook URL not provided; EXITING;"
+    exit 1;
+  fi
+
+ valid_inputs=("yes" "no")
+ eSignetDeployed=""
+
+ while [[ ! " ${valid_inputs[@]} " =~ " ${eSignetDeployed} " ]]; do
+     read -p "Is the eSignet service deployed? (yes/no): " eSignetDeployed
+     eSignetDeployed=${eSignetDeployed,,}  # Convert input to lowercase
+ done
+
+ if [[ $eSignetDeployed == "yes" ]]; then
+     echo "eSignet service is deployed. Proceeding with installation..."
+ else
+     echo "eSignet service is not deployed. hence will be skipping esignet related test-cases..."
+ fi
+
+  echo Installing ida apitestrig
+  helm -n $NS install ida-apitestrig mosip/apitestrig \
+  --set crontime="0 $time * * *" \
+  -f values.yaml  \
+  --version $CHART_VERSION \
+  --set apitestrig.configmaps.s3.s3-host='http://minio.minio:9000' \
+  --set apitestrig.configmaps.s3.s3-user-key='admin' \
+  --set apitestrig.configmaps.s3.s3-region='' \
+  --set apitestrig.configmaps.db.db-server="$DB_HOST" \
+  --set apitestrig.configmaps.db.db-su-user="postgres" \
+  --set apitestrig.configmaps.db.db-port="5432" \
+  --set apitestrig.configmaps.apitestrig.ENV_USER="$ENV_USER" \
+  --set apitestrig.configmaps.apitestrig.ENV_ENDPOINT="https://$API_INTERNAL_HOST" \
+  --set apitestrig.configmaps.apitestrig.ENV_TESTLEVEL="smokeAndRegression" \
+  --set apitestrig.configmaps.apitestrig.reportExpirationInDays="$reportExpirationInDays" \
+  --set apitestrig.configmaps.apitestrig.slack-webhook-url="$slackWebhookUrl" \
+  --set apitestrig.configmaps.apitestrig.eSignetDeployed="$eSignetDeployed" \
+  --set apitestrig.configmaps.apitestrig.NS="$NS" \
+  $ENABLE_INSECURE
+
+  echo Installed ida apitestrig.
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+installing_apitestrig   # calling function

deploy/ida-apitestrig/values.yaml

@@ -0,0 +1,7 @@
+modules:
+  auth:
+    enabled: true
+    image:
+      repository: mosipqa/apitest-auth
+      tag: develop
+      pullPolicy: Always

deploy/install.sh → deploy/ida/install.sh

@@ -8,6 +8,7 @@ fi
 
 NS=ida
 CHART_VERSION=0.0.1-develop
+COPY_UTIL=../copy_cm_func.sh
 
 echo Create $NS namespace
 kubectl create ns $NS
@@ -18,8 +19,10 @@ function installing_ida() {
   helm repo update
 
   echo Copy configmaps
-  sed -i 's/\r$//' copy_cm.sh
-  ./copy_cm.sh
+  $COPY_UTIL configmap global default $NS
+  $COPY_UTIL configmap artifactory-share artifactory $NS
+  $COPY_UTIL configmap config-server-share config-server $NS
+  $COPY_UTIL configmap softhsm-ida-share softhsm $NS
 
   echo "Do you have public domain & valid SSL? (Y/n) "
   echo "Y: if you have public domain & valid ssl certificate"

helm/ida-auth/templates/deployment.yaml

@@ -117,8 +117,10 @@ spec:
             {{- end }}
             {{- end }}
             {{- if .Values.extraEnvVarsSecret }}
+            {{- range .Values.extraEnvVarsSecret }}
             - secretRef:
-                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+                name: {{ . }}
+            {{- end }}
             {{- end }}
           ports:
             - name: spring-service

helm/ida-auth/values.yaml

@@ -252,7 +252,7 @@ extraEnvVarsCM:
 
 ## Secret with extra environment variables
 ##
-extraEnvVarsSecret:
+extraEnvVarsSecret: []
 
 ## Extra volumes to add to the deployment
 ##

helm/ida-internal/templates/deployment.yaml

@@ -117,8 +117,10 @@ spec:
             {{- end }}
             {{- end }}
             {{- if .Values.extraEnvVarsSecret }}
+            {{- range .Values.extraEnvVarsSecret }}
             - secretRef:
-                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+                name: {{ . }}
+            {{- end }}
             {{- end }}
           ports:
             - name: spring-service

helm/ida-internal/values.yaml

@@ -252,7 +252,7 @@ extraEnvVarsCM:
 
 ## Secret with extra environment variables
 ##
-extraEnvVarsSecret:
+extraEnvVarsSecret: []
 
 ## Extra volumes to add to the deployment
 ##

helm/ida-otp/templates/deployment.yaml

@@ -117,8 +117,10 @@ spec:
             {{- end }}
             {{- end }}
             {{- if .Values.extraEnvVarsSecret }}
+            {{- range .Values.extraEnvVarsSecret }}
             - secretRef:
-                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+                name: {{ . }}
+            {{- end }}
             {{- end }}
           ports:
             - name: spring-service

helm/ida-otp/values.yaml

@@ -252,7 +252,7 @@ extraEnvVarsCM:
 
 ## Secret with extra environment variables
 ##
-extraEnvVarsSecret:
+extraEnvVarsSecret: []
 
 ## Extra volumes to add to the deployment
 ##