[SQSERVICES-1787] fix backoffice swagger-ui

changelog.d/5-internal/pr-2846

@@ -0,0 +1 @@
+Backoffice Swagger 2.x docs is exposed on `/` and the old Swagger has been removed. Backoffice helm chart only runs stern without an extra nginx.

charts/backoffice/templates/configmap.yaml

@@ -7,10 +7,10 @@ data:
     logNetStrings: True # log using netstrings encoding:
                         # http://cr.yp.to/proto/netstrings.txt
     logLevel: {{ .Values.config.logLevel }}
+    logFormat: {{ .Values.config.logFormat }}
     stern:
       host: 0.0.0.0
-      port: 8081
-    # Cannot listen on the same port as the frontend
+      port: 8080
     brig:
       host: brig
       port: 8080
@@ -28,152 +28,3 @@ data:
     ibis:
       host: {{ .Values.config.ibisHost }}
       port: 8080
-  nginx.conf: |
-    worker_processes 1;
-    worker_rlimit_nofile 1024;
-    pid /tmp/nginx.pid;
-
-     events {
-        worker_connections 1024;
-        multi_accept off;
-    }
-
-     http {
-        #
-        # Sockets
-        #
-
-        sendfile on;
-        tcp_nopush on;
-        tcp_nodelay on;
-
-        #
-        # Timeouts
-        #
-
-        client_body_timeout 60s;
-        client_header_timeout 60s;
-        keepalive_timeout 30s;
-        send_timeout 60s;
-
-        #
-        # Mapping for websocket connections
-        #
-
-        map $http_upgrade $connection_upgrade {
-            websocket upgrade;
-            default   '';
-        }
-
-        #
-        # Body
-        #
-
-        client_max_body_size 16M;
-
-        #
-        # Headers
-        #
-
-        ignore_invalid_headers off;
-
-        server_tokens off;
-        server_names_hash_bucket_size 64;
-        server_name_in_redirect off;
-        types_hash_max_size 2048;
-
-        large_client_header_buffers 4 8k;
-
-        #
-        # MIME
-        #
-
-        include /etc/nginx/mime.types;
-        default_type application/octet-stream;
-
-        #
-        # Logging
-        #
-
-        access_log /dev/stdout;
-        error_log  stderr;
-
-        #
-        # Gzip
-        #
-
-        gzip on;
-        gzip_disable msie6;
-        gzip_vary on;
-        gzip_proxied any;
-        gzip_comp_level 6;
-        gzip_buffers 16 8k;
-        gzip_http_version 1.1;
-        gzip_min_length 1024;
-        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-
-        #
-        # SSL
-        #
-
-         add_header Strict-Transport-Security max-age=31536000;
-
-         map $scheme $server_https {
-            default off;
-            https on;
-        }
-
-        ssl_session_cache builtin:1000 shared:SSL:10m;
-        ssl_session_timeout 5m;
-        ssl_prefer_server_ciphers on;
-        ssl_protocols TLSv1.2 TLSv1.3;
-        # NOTE: These are some sane defaults (compliant to TR-02102-2), you may want to overrride them on your own installation
-        # For TR-02102-2 see https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-2.html
-        # As a Wire employee, for Wire-internal discussions and context see
-        # * https://wearezeta.atlassian.net/browse/FS-33
-        # * https://wearezeta.atlassian.net/browse/FS-444
-        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; # for TLS 1.2
-        # FUTUREWORK: upgrade nginx used for the backoffice to support ssl_conf_command (i.e. build a new backoffice-frontend), then uncomment below
-        # ssl_conf_command Ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384; # for TLS 1.3
-        server {
-          listen {{ .Values.service.internalPort }};
-
-           # Backoffice code at /var/www
-          location / {
-              # NOTE: nginx's root is defined at compile time! This means that these roots
-              # depend on the values at the time of compilation for nginx, namely --conf-path
-              # and --prefix. If you don't use _full_ paths as root, they get resolved depending
-              # those prefixes... they really need to fix this! So we just assume that these
-              # paths can be created on any filesystem...
-              root /var/www/swagger-ui;
-              index index.html;
-          }
-
-          # resources.json is needed by the backoffice app
-          location /api-docs {
-              # This asssumes the default location for the backoffice!
-              root /var/www/swagger-ui;
-              index resources.json;
-          }
-
-          # The liveness/healthiness depends on stern
-          location /i/status {
-              proxy_pass         http://localhost:8081;
-              proxy_http_version 1.1;
-          }
-
-          rewrite ^/api-docs/stern /stern/api-docs?base_url={{ .Values.baseUrl }}/api break;
-
-          # This path is used by swagger to fetch the docs from the service
-          location /stern {
-              proxy_pass         http://localhost:8081;
-              proxy_http_version 1.1;
-          }
-
-          # All others requests get proxied to stern, without the api prefix (which was added in the base_url above)
-          location ~ ^/api/(.*)$ {
-              proxy_pass         http://localhost:8081/$1$is_args$query_string;
-              proxy_http_version 1.1;
-          }
-      }
-    }

charts/backoffice/templates/deployment.yaml

@@ -32,20 +32,12 @@ spec:
             name: "backoffice"
       containers:
         - name: stern
-          image: "{{ .Values.images.stern.repository }}:{{ .Values.images.stern.tag }}"
-          imagePullPolicy: {{ default "" .Values.images.stern.pullPolicy | quote }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ default "" .Values.image.pullPolicy | quote }}
           volumeMounts:
           - name: "backoffice-config"
             mountPath: /etc/wire/stern/conf/stern.yaml
             subPath: stern.yaml
-        - name: backoffice-frontend
-          image: "{{ .Values.images.frontend.repository }}:{{ .Values.images.frontend.tag }}"
-          imagePullPolicy: {{ default "" .Values.images.frontend.pullPolicy | quote }}
-          volumeMounts:
-          - name: "backoffice-config"
-            # We don't want to override existing files under /etc/nginx except for nginx.conf
-            mountPath: "/etc/nginx/nginx.conf"
-            subPath: nginx.conf
           ports:
             - containerPort: {{ .Values.service.internalPort }}
           livenessProbe:

charts/backoffice/values.yaml

@@ -1,13 +1,8 @@
 replicaCount: 1
-images:
-  frontend:
-    repository: quay.io/wire/backoffice-frontend
-    tag: 2.87.0
-    pullPolicy: IfNotPresent
-  stern:
-    repository: quay.io/wire/stern
-    tag: do-not-use
-    pullPolicy: IfNotPresent
+image:
+  repository: quay.io/wire/stern
+  tag: do-not-use
+  pullPolicy: IfNotPresent
 service:
   internalPort: 8080
   externalPort: 8080
@@ -19,6 +14,7 @@ resources:
     memory: 50Mi
 config:
   logLevel: Info
+  logFormat: StructuredJSON
   galebHost: galeb.integrations
   ibisHost: ibis.integrations
 baseUrl: http://localhost:8080

hack/bin/set-chart-image-version.sh

@@ -12,9 +12,6 @@ do
 if [[ "$chart" == "nginz" ]]; then
     # nginz has a different docker tag indentation
     sed -i "s/^    tag: .*/    tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
-elif [[ "$chart" == "backoffice" ]]; then
-    # There are two images at the same level and we want update only stern.
-    sed -i "s/tag: do-not-use/tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
 else
     sed -i "s/^  tag: .*/  tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
 fi

hack/bin/set-wire-server-image-version.sh

@@ -6,15 +6,11 @@ target_version=${1?$USAGE}
 TOP_LEVEL="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
 CHARTS_DIR="$TOP_LEVEL/.local/charts"
 
-charts=(brig cannon galley gundeck spar cargohold proxy cassandra-migrations elasticsearch-index federator)
+charts=(brig cannon galley gundeck spar cargohold proxy cassandra-migrations elasticsearch-index federator backoffice)
 
 for chart in "${charts[@]}"; do
     sed -i "s/^  tag: .*/  tag: $target_version/g" "$CHARTS_DIR/$chart/values.yaml"
 done
 
 # special case nginz
 sed -i "s/^    tag: .*/    tag: $target_version/g" "$CHARTS_DIR/nginz/values.yaml"
-
-# special case backoffice as there are two images at the same level and we want
-# update only one.
-sed -i "s/tag: do-not-use/tag: $target_version/g" "$CHARTS_DIR/backoffice/values.yaml"

services/nginz/integration-test/conf/nginz/nginx.conf

@@ -497,25 +497,7 @@ http {
       include common_response_with_zauth.conf;
       proxy_pass http://spar;
     }
-
-    # Stern Endpoints
-
-    # We add a `/stern` suffix to the URL to resolve clashes with non-Stern endpoints.
-    rewrite ^/backoffice/api-docs/stern  /stern/api-docs?base_url=http://127.0.0.1:8080/stern/ break;
-
-    location /stern/api-docs {
-      include common_response_no_zauth.conf;
-      # We don't use an `upstream` for stern, since running stern is optional.
-      proxy_pass http://127.0.0.1:8091;
-    }
-
-    location /stern {
-      include common_response_no_zauth.conf;
-      # We don't use an `upstream` for stern, since running stern is optional.
-      # The trailing slash matters, as it makes sure the `/stern` prefix is removed.
-      proxy_pass http://127.0.0.1:8091/;
-    }
-
+
     #
     # Swagger Resource Listing
     #

services/nginz/integration-test/conf/nginz/zwagger-ui/index.html

@@ -43,7 +43,6 @@
     <div class="tab">
         <button class="tablinks" onclick="openTab(event, 'Swagger-1.2')" id="defaultOpen">Swagger-1.2</button>
         <button class="tablinks" onclick="openTab(event, 'Swagger-2.0')">Swagger-2.0</button>
-        <button class="tablinks" onclick="openTab(event, 'BackOffice')">Back Office (if running)</button>
     </div>
     </div>
 
@@ -54,9 +53,6 @@
     <iframe id="Swagger-2.0" class="tabcontent" src="./tab.html?url_suffix=api/swagger.json" height="100%" width="100%">
     </iframe>
 
-    <iframe id="BackOffice" class="tabcontent" src="./tab.html?url_suffix=backoffice/api-docs" height="100%" width="100%">
-    </iframe>
-
     <script>
         function openTab(evt, cityName) {
             // Declare all variables

services/nginz/zwagger-ui/index.html

@@ -43,7 +43,6 @@
     <div class="tab">
         <button class="tablinks" onclick="openTab(event, 'Swagger-1.2')" id="defaultOpen">Swagger-1.2</button>
         <button class="tablinks" onclick="openTab(event, 'Swagger-2.0')">Swagger-2.0</button>
-        <button class="tablinks" onclick="openTab(event, 'BackOffice')">Back Office (if running)</button>
     </div>
     </div>
 
@@ -54,9 +53,6 @@
     <iframe id="Swagger-2.0" class="tabcontent" src="./tab.html?url_suffix=api/swagger.json" height="100%" width="100%">
     </iframe>
 
-    <iframe id="BackOffice" class="tabcontent" src="./tab.html?url_suffix=backoffice/api-docs" height="100%" width="100%">
-    </iframe>
-
     <script>
         function openTab(evt, cityName) {
             // Declare all variables

tools/stern/README.md

@@ -3,7 +3,7 @@ Stern - Backoffice Facade
 
 This is a simple web app based on [swagger-ui](https://swagger.io/tools/swagger-ui/) for performing operations on users and teams such as browsing their user profiles, suspending, or deleting accounts. It is used internally at Wire by our customer support team.
 
-Stern is based on a swagger interface that accesses multiple other services (mostly using internal endpoints) and is designed to be a simple way to create a basic backoffice functionality. Point your browser at `http://<ip-or-host>:<port>/backoffice/api/swagger-ui/`; `<port>` is usually 8091.
+Stern is based on a swagger interface that accesses multiple other services (mostly using internal endpoints) and is designed to be a simple way to create a basic backoffice functionality. Point your browser at <http://localhost:8091>.
 
 ## IMPORTANT NOTES
 
@@ -13,10 +13,6 @@ It is intended to be deployed in a private network and accessible only through a
 
 Some endpoints (marked as such on the Swagger interface) depend on internal services (named galeb and ibis) that are not relevant for a generic wire server installation as they gather info from other internal systems at Wire (related to billing or other services) and as such will not work properly on installations without them.
 
-### Legacy mode
-
-stern used to be run together with a separate docker image that carried the swagger-ui frontend, while stern only served the swagger data and the actual rest api.  This is not recommended any more, but until all the infrastructure everywhere has caught up with the new mode of operation, stern still delivers the old swagger1.2 data as before under the same path.  For details see `./src/Stern/API/RoutesLegacy.hs`.
-
 ## How to run stern together with the rest of wire-server
 
 TODO: This section is under construction
@@ -25,21 +21,9 @@ TODO: This section is under construction
 
 Start local services via `services/start-services-only.sh`
 
-Open `http://localhost:8091/backoffice/api/swagger-ui/` in a browser.
-(Legacy mode: when you now open `localhost:8080/swagger-ui` in a
-browser, you can switch to the "Back Office" tab.)
+Open <http://localhost:8091> in a browser.
 
 ## Screenshots
 
 ![screen shot 1](screenshots/a.png)
 ![screen shot 2](screenshots/b.png)
-
-# Legacy mode:
-
-![screen shot 1](screenshots/legacy/1.png)
-![screen shot 2](screenshots/legacy/2.png)
-
-(one could argue that the old swagger-ui was a little more
-end-user-friendly, to which one could respond that neither version is
-intended for end-users, but for web-devs, and we should just spend a
-week writing an elm app that does this right.  :))