changes to support quickstart openshift template (#982)

bcgov · Mar 6, 2024 · ce15ec0 · ce15ec0
1 parent a51afa6
commit ce15ec0
Show file tree

Hide file tree

Showing 32 changed files with 1,397 additions and 234 deletions.
diff --git a/.github/workflows/ci-feat-sonar.yaml b/.github/workflows/ci-feat-sonar.yaml
@@ -2,7 +2,7 @@ name: Sonar Scanner
 
 on:
   push:
-    branches: [dev, feat/*]
+    branches: [dev, feature/*]
 
 env:
   REGISTRY: ghcr.io
@@ -23,10 +23,24 @@ jobs:
 
       - name: Run Tests
         run: |
+          docker compose up kong-db -d
+
+          set -o allexport
+          source ./.env.local
+          LOG_LEVEL=debug
+          KNEX_HOST=kong-db.localtest.me
+          NEXT_PUBLIC_MOCKS=off
+          set +o allexport
+
           cd src
+
           npm i
+          npm run intg-build
           npm test
 
+          cd ..
+          docker compose down
+
       - name: SonarCloud Scan
         uses: sonarsource/sonarcloud-github-action@master
         with:

diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ The repo is setup to create a local deployment of the Portal along with required
 1. Build: Back in `api-services-portal`, run `docker compose --profile testsuite build`.
 1. Run: `docker compose up`. Wait for startup to complete - look for `Swagger UI registered`.
 1. The Portal is now live at http://oauth2proxy.localtest.me:4180
-    1. To login, use username `local` and password `local`, or username `janis@idir` and password `awsummer`.
+    1. To login, use username `janis@idir` and password `awsummer` (or username `local` and password `local`).
 1. If you have made any changes to the app code, update images by running `docker compose build` then `docker compose up`.
 1. Clean up: `docker compose down` removes all the hosted services
 
@@ -67,11 +67,16 @@ Use the following configuration to run the Portal locally (outside of Docker) ag
 
 1. Turn off the docker compose Portal: `docker stop apsportal`
 1. Configure the `oauth2-proxy` that is running in Docker:
-    1. Update `upstreams` in `oauth2-proxy/oauth2-proxy-local.cfg` to include the IP address of your local machine, e.g. `upstreams=["http://172.100.100.01:3000"]`
+    1. Update `upstreams` in `local/oauth2-proxy/oauth2-proxy-local.cfg` to include the IP address of your local machine, e.g. `upstreams=["http://172.100.100.01:3000"]`
     <br>You can obtain the IP address using `hostname -I`.
 
     1. Restart the oauth2-proxy: `docker compose restart oauth2-proxy`
+    1. Update `DESTINATION_URL` in `local/feeds/.env.local` to include the IP address of your local machine
+    1. Restart the feeder: `docker compose restart feeder`
+    1. Update `PORTAL_ACTIVITY_URL` in `local/gwa-api/.env.local` to include the IP address of your local machine
+    1. Restart the feeder: `docker compose restart gwa-api`
 
+
 1. Start the Portal locally:
 
     ```sh

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -83,7 +83,7 @@ services:
       context: ./feeds
       dockerfile: Dockerfile
     env_file:
-      - ./feeds/.env.local
+      - ./local/feeds/.env.local
     restart: on-failure
     ports:
       - 6000:6000
@@ -117,15 +117,15 @@ services:
       - ./local/db/database-init.sql:/docker-entrypoint-initdb.d/1-init.sql
       - ./local/db/keystone-init.sql:/docker-entrypoint-initdb.d/2-init.sql
     networks:
-      aps-net:
-        aliases:
-          - kong-db.localtest.me
+      - aps-net
   kong-migrations:
     image: kong:kong-local
     command: kong migrations bootstrap
     depends_on:
       - kong-db
-    environment: *common-variables
+    environment:
+      <<: *common-variables
+      KONG_DNS_ORDER: 'LAST,A'
     networks:
       - aps-net
     restart: on-failure
@@ -138,7 +138,9 @@ services:
     depends_on:
       - kong-db
       - kong-migrations
-    environment: *common-variables
+    environment:
+      <<: *common-variables
+      KONG_DNS_ORDER: 'LAST,A'
     networks:
       - aps-net
     restart: on-failure
@@ -150,13 +152,17 @@ services:
       - kong-migrations-up
     environment:
       <<: *common-variables
+      KONG_DEBUG_LEVEL: debug
       KONG_ADMIN_ACCESS_LOG: /dev/stdout
       KONG_ADMIN_ERROR_LOG: /dev/stderr
       KONG_CASSANDRA_CONTACT_POINTS: kong-db
       KONG_NGINX_WORKER_PROCESSES: '1'
       KONG_PROXY_ACCESS_LOG: /dev/stdout
       KONG_PROXY_ERROR_LOG: /dev/stderr
       KONG_ADMIN_LISTEN: 0.0.0.0:8001
+      KONG_DNS_ORDER: 'LAST,A'
+      KONG_TRUSTED_IPS: '0.0.0.0/0,::/0'
+      KONG_REAL_IP_HEADER: X-Forwarded-For
     ports:
       - 8000:8000
       - 8001:8001

diff --git a/local/feeder-init/init.sh b/local/feeder-init/init.sh
@@ -32,6 +32,6 @@ while true; do
 
     else
         echo  "Waiting for Keycloak....."
-        sleep 1m
+        sleep 5
     fi
 done
diff --git a/feeds/.env.local → local/feeds/.env.local b/feeds/.env.local → local/feeds/.env.local
diff --git a/local/gwa-api/entrypoint.sh b/local/gwa-api/entrypoint.sh
@@ -63,6 +63,6 @@ while true; do
         break
     else
         echo  "Waiting for Keycloak....."
-        sleep 1m
+        sleep 5
     fi
 done
diff --git a/local/gwa-cli/gw-config.yml b/local/gwa-cli/gw-config.yml
diff --git a/local/keycloak/master-realm.json b/local/keycloak/master-realm.json
@@ -2317,7 +2317,9 @@
           }
         }
       ],
-      "defaultClientScopes": [],
+      "defaultClientScopes": [
+        "profile"
+      ],
       "optionalClientScopes": []
     },
     {

diff --git a/src/authz/matrix.csv b/src/authz/matrix.csv
@@ -87,6 +87,7 @@ API Owner Role Rules,,,Dataset,read,,,,,api-owner,,,allow,
 API Owner Role Rules,,,Environment,create,,active,,,api-owner,,,allow,
 API Owner Role Rules,,,Environment,,"update,delete,read",active,,,,,"api-owner,provider-user",allow,
 API Owner Role Rules,,forceDeleteEnvironment,,,,,,,api-owner,,,allow,
+API Owner Role Rules,,deleteEnvironments,,,,,,,api-owner,,,allow,filterByPackageNS
 API Owner Role Rules,,,Environment,read,,,,,,,"api-owner,provider-user",allow,
 API Owner Role Rules,,,Environment,create,,,,,api-owner,,,allow,
 API Owner Role Rules,,,Environment,update,,,,,api-owner,,,allow,

diff --git a/src/batch/data-rules.js b/src/batch/data-rules.js
@@ -376,11 +376,12 @@ const metadata = {
   Product: {
     query: 'allProducts',
     refKey: 'appId',
-    sync: ['name', 'namespace'],
+    compositeRefKey: ['name', 'namespace'],
+    sync: ['name', 'description', 'namespace'],
     transformations: {
       dataset: { name: 'connectOne', list: 'allDatasets', refKey: 'name' },
       environments: {
-        name: 'connectExclusiveList',
+        name: 'connectExclusiveListCreate',
         list: 'Environment',
         syncFirst: true,
         refKey: 'appId',
@@ -403,19 +404,25 @@ const metadata = {
   Environment: {
     query: 'allEnvironments',
     refKey: 'appId',
+    compositeRefKey: [
+      'name',
+      { key: 'parent.id', whereClause: 'product: { id: $parent_id }' },
+    ],
     sync: ['name', 'active', 'approval', 'flow', 'additionalDetailsToRequest'],
     ownedBy: 'product',
     transformations: {
       services: {
         name: 'connectMany',
         list: 'allGatewayServices',
         refKey: 'name',
+        filterByNamespace: true,
       },
       legal: { name: 'connectOne', list: 'allLegals', refKey: 'reference' },
       credentialIssuer: {
         name: 'connectOne',
         list: 'allCredentialIssuers',
         refKey: 'name',
+        filterByNamespace: true,
       },
     },
     validations: {