feat(thirdparty): auth svc charts

ml-testing-toolkit/chart-backend/values.yaml

@@ -268,14 +268,9 @@ parameters: {}
 service:
   type: ClusterIP
   ports:
-    specApi:
-      name: "spec-api"
-      externalPort: 5000
-      internalPort: 5000
-    adminApi:
-      name: "admin-api"
-      externalPort: 5050
-      internalPort: 5050
+    name: "spec-api"
+    externalPort: 5000
+    internalPort: 5000
 
 ingress:
   enabled: true

thirdparty/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+description: WIP - thirdparty api services for Mojaloop
+name: thirdparty
+version: 0.1.0
+appVersion: "1.0.0"
+home: http://mojaloop.io
+icon: http://mojaloop.io/images/logo.png
+sources:
+  - https://github.com/mojaloop/mojaloop
+  - https://github.com/mojaloop/helm
+  - https://github.com/mojaloop/pisp
+maintainers:
+  - name: Lewis Daly
+    email: lewisd@crosslaketech.com
+

thirdparty/README.md

@@ -0,0 +1,8 @@
+# thirdparty
+
+Helm charts for Mojaloop Thirdparty API
+
+## Sub-Charts
+- [chart-auth-svc](./chart-auth-svc)
+- [chart-consent-oracle](./chart-consent-oracle)
+- [chart-tp-api-svc](./chart-tp-api-svc)

thirdparty/chart-auth-svc/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+description: auth-svc chart for Mojaloop Thirdparty Overlay Services
+name: auth-svc
+version: 0.1.0
+appVersion: "1.0.0"
+home: http://mojaloop.io
+icon: http://mojaloop.io/images/logo.png
+sources:
+  - https://github.com/mojaloop/mojaloop
+  - https://github.com/mojaloop/helm
+  - https://github.com/mojaloop/auth-service
+maintainers:
+  - name: Lewis Daly
+    email: lewisd@crosslaketech.com
+

thirdparty/chart-auth-svc/README.md

@@ -0,0 +1,23 @@
+# Auth-Svc
+
+The Auth-Svc is a standalone service that validates and storesThirdparty Consent and 
+Credential Objects.
+
+It simplifies the Thirdparty API integration for DFSPs by abstracting away common 
+functions that a DFSP needs to do relating to and validating Consents and their 
+attached credentials using the `POST /consents` HTTP Request.
+
+DFSPs can also use the Auth-Svc to verify a 3rd party transaction with 
+`POST /thirdpartyRequests/verifications`, which checks that the stored publicKey for
+a credential matches the private key that was used on an end user's device to sign a
+transaction.
+
+
+## Dependencies
+
+This chart has the following dependencies:
+- redis
+- mysql
+
+See `example_dependencies.yaml` for a simple example of installing and using the chart
+with base dependencies.

thirdparty/chart-auth-svc/example_dependencies.yaml

@@ -0,0 +1,110 @@
+##
+# mysql-auth-svc
+##
+
+# PersistentVolumeClaim
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-auth-svc-pv-claim
+spec:
+  storageClassName: awsgp2
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+---
+## Expose MySQL for Auth-Svc
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql-auth-svc
+spec:
+  ports:
+  - port: 3306
+  selector:
+    app: mysql-auth-svc
+  clusterIP: None
+---
+## Simple MySQL for Auth-Svc
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mysql-auth-svc
+spec:
+  selector:
+    matchLabels:
+      app: mysql-auth-svc
+  serviceName: mysql-auth-svc-svc
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mysql-auth-svc
+    spec:
+      containers:
+      - image: mysql:5.7
+        name: mysql-auth-svc
+        # command: [ '/bin/sh' ]
+        # args: ['-c', 'tail -f /dev/null']
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          value: password
+        - name: MYSQL_USER
+          value: auth-svc
+        - name: MYSQL_PASSWORD
+          value: password
+        - name: MYSQL_DATABASE
+          value: auth-svc
+        - name: NODE_ENV
+          value: development
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-auth-svc-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-auth-svc-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-auth-svc-pv-claim
+---
+
+##
+# Auth-Svc Redis
+##
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: auth-svc-redis
+  labels:
+    app: auth-svc-redis
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  selector:
+    matchLabels:
+      app: auth-svc-redis
+  template:
+    metadata:
+      labels:
+        app: auth-svc-redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:5.0.4-alpine
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: auth-svc-redis-svc
+spec:
+  ports:
+    - port: 6379
+  selector:
+    app: auth-svc-redis
+  clusterIP: None

thirdparty/chart-auth-svc/templates/_helpers.tpl

@@ -0,0 +1,48 @@
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "auth-svc.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "auth-svc.name" -}}
+{{- default .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "auth-svc.labels" -}}
+helm.sh/chart: {{ include "auth-svc.chart" . }}
+app.kubernetes.io/name: {{ include "auth-svc.name" . }}
+{{ include "auth-svc.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "auth-svc.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "auth-svc.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
+{{- define "apiVersion.Deployment" -}}
+  {{- if .Capabilities.APIVersions.Has "apps/v1/Deployment" -}}
+    {{- print "apps/v1" -}}
+  {{- else -}}
+    {{- print "apps/v1beta2" -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "apiVersion.Ingress" -}}
+  {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
+    {{- print "networking.k8s.io/v1beta1" -}}
+  {{- else -}}
+    {{- print "extensions/v1beta1" -}}
+  {{- end -}}
+{{- end -}}

thirdparty/chart-auth-svc/templates/configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "auth-svc-config"
+  labels:
+    {{- include "auth-svc.labels" . | nindent 4 }}
+data:
+  {{- range $k, $v := index .Values.config }}
+    {{ $k }}: {{ ($v | toPrettyJson | squote ) }}
+  {{- end }}

thirdparty/chart-auth-svc/templates/deployment.yaml

@@ -0,0 +1,72 @@
+{{- if .Values.enabled -}}
+apiVersion: {{ template "apiVersion.Deployment" . }}
+kind: Deployment
+metadata:
+  name: {{ include "auth-svc.name" . }}
+  labels:
+    {{- include "auth-svc.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  selector:
+    matchLabels:
+      {{- include "auth-svc.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "auth-svc.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          command: {{ .Values.image.command }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.readinessProbe.httpGet.path }}
+              port: {{ .Values.service.ports.internalPort }}
+            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+          {{- end }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.livenessProbe.httpGet.path }}
+              port: {{ .Values.service.ports.internalPort }}
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+          {{- end }}
+          volumeMounts:
+            - name: auth-svc-config-volume
+              mountPath: /opt/auth-service/config/production.json
+              subPath: production.json
+          env:
+          {{- range $envItem := .Values.env }}
+            - name: {{ $envItem.name }}
+              value: {{ $envItem.value }}
+          {{- end }}
+      volumes:
+        - name: auth-svc-config-volume
+          configMap:
+            name: auth-svc-config
+            items:
+              {{- range $k, $v := index .Values.config }}
+              - key: {{ $k }}
+                path: {{ $k }}
+              {{- end }}
+{{- end -}}

thirdparty/chart-auth-svc/templates/ingress.yaml

@@ -0,0 +1,30 @@
+{{- if index .Values "ingress" "enabled" -}}
+apiVersion: {{ template "apiVersion.Ingress" . }}
+kind: Ingress
+metadata:
+  name: {{ include "auth-svc.name" . }}-ingress
+  labels:
+    {{- include "auth-svc.labels" . | nindent 4 }}
+{{- with index .Values "ingress" "annotations" }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  rules:
+    {{- range $hostType, $service := .Values.ingress.hosts }}
+      - host: {{ index $service "host" }}
+        http:
+          paths:
+            {{- range $path := (index $service "paths") }}
+            - path: {{ $path }}
+              backend:
+                serviceName: {{ index $service "name" }}
+                servicePort: {{ index $service "port" }}
+            {{- end -}}
+      {{- end -}}
+    {{- if .Values.ingress.tls }}
+    tls:
+      {{ toYaml .Values.ingress.tls | indent 4 }}
+    {{- end -}}
+
+{{- end }}

thirdparty/chart-auth-svc/templates/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ include "auth-svc.name" . }}
+  labels:
+    app: auth-svc
+    {{- include "auth-svc.labels" . | nindent 4 }}
+spec:
+  ports:
+    {{- with .Values.service.ports }}
+    - port: {{ .externalPort }}
+      targetPort: {{ .internalPort }}
+      name: {{ .name }}
+    {{- end }}
+  selector:
+    {{- include "auth-svc.selectorLabels" . | nindent 6 }}
+  clusterIP: None