From c48ad249961a4680984655d808e529285f53b53b Mon Sep 17 00:00:00 2001
From: raccoon-mh <wsx1341@gmail.com>
Date: Thu, 14 May 2026 06:41:04 +0000
Subject: [PATCH 1/3] fix(env,deploy): sync config from mc-admin-cli PR
 #18/#20/#21

- .env.setup: replace hardcoded mciam.onecloudcon.com with mciam.local
  placeholder; add MC_IAM_MANAGER_PUBLIC_DOMAIN/HOST/KEYCLOAK_HOST for
  schema parity with mc-admin-cli; add MC_INFRA_MANAGER_API_USERNAME/
  PASSWORD and MC_INFRA_CONNECTOR_API_USERNAME/PASSWORD; add
  MC_IAM_MANAGER_DOMAIN "do not change" comment
- conf/mc-iam-manager/0_preset_dev.sh: remove sudo chown -R on
  container-volume; use targeted mkdir+writable-check for certs/ and
  nginx/ only to avoid failures on Docker root-owned subdirs
- docker-compose.yaml: convert mc-iam-manager.depends_on to long form,
  add mc-infra-manager:service_healthy and elevate db/kc to
  service_healthy to prevent DNS-resolve failure on cold start
- conf/mc-iam-manager/docker-post-init.sh: add file (was absent from
  main); includes RECOVERY guide block on 1_setup_auto.sh failure
- readme.md / readme_kr.md: add Troubleshooting section for unhealthy
  post-init and directory permission errors
---
 .env.setup                              |  17 +++-
 conf/mc-iam-manager/0_preset_dev.sh     |  26 ++++--
 conf/mc-iam-manager/docker-post-init.sh | 107 ++++++++++++++++++++++++
 docker-compose.yaml                     |   8 +-
 readme.md                               |  40 +++++++++
 readme_kr.md                            |  39 +++++++++
 6 files changed, 226 insertions(+), 11 deletions(-)
 create mode 100755 conf/mc-iam-manager/docker-post-init.sh

diff --git a/.env.setup b/.env.setup
index 1a77c0e9..e2897b02 100644
--- a/.env.setup
+++ b/.env.setup
@@ -22,6 +22,7 @@ CONSOLE_POSTGRES_PASSWORD=mcwebadminpassword!
 
 
 ## MCIAMMANAGER ENV SETUP
+# MC_IAM_MANAGER_DOMAIN: Docker 내부 컨테이너 이름 — 공개 도메인(PUBLIC_DOMAIN)과 다름, 변경 금지
 MC_IAM_MANAGER_DOMAIN=mc-iam-manager
 MC_IAM_MANAGER_PORT=5005
 MC_IAM_MANAGER_HOST=http://${MC_IAM_MANAGER_DOMAIN}:${MC_IAM_MANAGER_PORT}
@@ -78,8 +79,16 @@ MC_IAM_MANAGER_DATABASE_URL=postgres://${MC_IAM_MANAGER_DATABASE_USER}:${MC_IAM_
 MC_IAM_MANAGER_KEYCLOAK_DOMAIN=mc-iam-manager-kc
 MC_IAM_MANAGER_KEYCLOAK_PORT=8080
 MC_IAM_MANAGER_KEYCLOAK_HOST=http://${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}:${MC_IAM_MANAGER_KEYCLOAK_PORT}/auth
-MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN=mciam.onecloudcon.com
+# Mode A (도메인 없음): 로컬 자가서명 인증서. 0_preset_dev.sh 로 생성.
+MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN=mciam.local
+# Mode B (운영): 위 줄 주석 처리 후 아래 주석 해제 + FQDN 설정. 0_preset_prod.sh + Let's Encrypt 필요.
+# MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN=<real domain>
 MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_URL=https://${MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN}/auth
+
+# === 외부 노출 도메인 (브라우저 ↔ nginx HTTPS) ===
+MC_IAM_MANAGER_PUBLIC_DOMAIN=${MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN}
+MC_IAM_MANAGER_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}
+MC_IAM_MANAGER_PUBLIC_KEYCLOAK_HOST=${MC_IAM_MANAGER_PUBLIC_HOST}/auth
 MC_IAM_MANAGER_KEYCLOAK_DATABASE_NAME=mc_iam_keycloak_db
 MC_IAM_MANAGER_KEYCLOAK_REALM=mciam
 MC_IAM_MANAGER_KEYCLOAK_CLIENT_PATH=${MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN}/auth/realms/${MC_IAM_MANAGER_KEYCLOAK_REALM}
@@ -90,6 +99,12 @@ MC_IAM_MANAGER_KEYCLOAK_ADMIN_PASSWORD=admin_password
 MCINFRAMANAGER=http://mc-infra-manager:1323/tumblebug
 MCINFRAMANAGER_APIUSERNAME=default
 MCINFRAMANAGER_APIPASSWORD=default
+MC_INFRA_MANAGER_API_USERNAME=default
+MC_INFRA_MANAGER_API_PASSWORD=default
+
+## mc-infra-connector
+MC_INFRA_CONNECTOR_API_USERNAME=default
+MC_INFRA_CONNECTOR_API_PASSWORD=default
 
 ## Default Workspace
 DEFAULT_WORKSPACE_NAME=ws01
diff --git a/conf/mc-iam-manager/0_preset_dev.sh b/conf/mc-iam-manager/0_preset_dev.sh
index 15f6a5e7..b1139155 100755
--- a/conf/mc-iam-manager/0_preset_dev.sh
+++ b/conf/mc-iam-manager/0_preset_dev.sh
@@ -18,18 +18,28 @@ CERT_PARENT_DIR="${PROJECT_ROOT}/container-volume" # dockercontainer-volume 디
 # --- 3. 필요한 디렉토리 생성 (Let's Encrypt 구조와 동일) ---
 echo "Creating necessary directories..."
 
-# dockercontainer-volume 디렉토리 먼저 생성 (sudo 권한으로)
-echo "Creating container-volume directory with proper permissions..."
-
 # 현재 사용자 정보 가져오기
 CURRENT_USER=$(whoami)
-CURRENT_GROUP=$(id -gn)
 
-echo "Current user: ${CURRENT_USER}:${CURRENT_GROUP}"
+echo "Current user: ${CURRENT_USER}"
 
-sudo mkdir -p "${CERT_PARENT_DIR}" || { echo "Error: Failed to create ${CERT_PARENT_DIR}"; exit 1; }
-sudo chown -R "${CURRENT_USER}:${CURRENT_GROUP}" "${CERT_PARENT_DIR}" || { echo "Error: Failed to change ownership of ${CERT_PARENT_DIR}"; exit 1; }
-echo "✓ Container volume directory created and permissions set"
+# 실제 쓰기가 필요한 서브디렉토리만 targeted 생성 (chown -R 없음 — root 소유 Docker 볼륨과 공존)
+for _dir in "${CERT_PARENT_DIR}/certs" "${CERT_PARENT_DIR}/mc-iam-manager/nginx"; do
+    if ! mkdir -p "$_dir" 2>/dev/null; then
+        echo "❌ Error: Cannot create $_dir"
+        echo "   Root-owned files from a previous Docker run may be blocking access."
+        echo "   Clean up with: sudo rm -rf ${CERT_PARENT_DIR}/mc-iam-manager/{postgres,keycloak}"
+        echo "   Then retry."
+        exit 1
+    fi
+    if [ ! -w "$_dir" ]; then
+        echo "❌ Error: $_dir exists but is not writable by ${CURRENT_USER}."
+        echo "   Clean up with: sudo rm -rf ${CERT_PARENT_DIR}/mc-iam-manager/{postgres,keycloak}"
+        echo "   Then retry."
+        exit 1
+    fi
+done
+echo "✓ Certificate and nginx directories ready"
 
 
 # 템플릿 파일 경로
diff --git a/conf/mc-iam-manager/docker-post-init.sh b/conf/mc-iam-manager/docker-post-init.sh
new file mode 100755
index 00000000..6a8754c2
--- /dev/null
+++ b/conf/mc-iam-manager/docker-post-init.sh
@@ -0,0 +1,107 @@
+#!/bin/bash
+
+echo 'All required containers are healthy. Starting initialization...'
+
+# 필요한 도구 설치
+apt-get update && apt-get install -y curl jq wget postgresql-client
+
+echo ''
+echo ''
+
+echo '------------------------------------------------'
+echo ' Health Check'
+echo '------------------------------------------------'
+
+echo ''
+echo ''
+
+echo '------------------------------------------------'
+echo ' Debug Info'
+echo '------------------------------------------------'
+# 디버깅: 현재 디렉토리와 파일 목록 확인
+echo 'Current working directory:'
+pwd
+echo 'Files in current directory:'
+ls -la
+
+echo 'Files in /app/mc-iam-manager/:'
+ls -la /app/mc-iam-manager/ || echo 'Directory /app/mc-iam-manager/ not found'
+
+echo 'Files in mounted volume:'
+ls -la /app/ || echo 'Directory /app/ not found'
+
+
+echo ''
+echo ''
+
+echo '------------------------------------------------'
+echo ' Sleep 60 seconds'
+echo '------------------------------------------------'
+sleep 60
+
+echo ''
+echo ''
+
+echo '------------------------------------------------'
+echo '1_setup_auto.sh'
+echo '------------------------------------------------'
+
+# 초기화 스크립트 실행
+if [ -f '1_setup_auto.sh' ]; then
+  echo 'Found 1_setup_auto.sh, making it executable...'
+  chmod +x 1_setup_auto.sh
+  echo 'File permissions after chmod:'
+  ls -la 1_setup_auto.sh
+  echo 'Executing 1_setup_auto.sh...'
+
+  # bash로 실행 (Ubuntu에는 bash가 기본적으로 포함됨)
+  if bash 1_setup_auto.sh; then
+    echo 'Script executed successfully with bash 1_setup_auto.sh'
+  else
+    cat <<'RECOVERY'
+====================================================================
+ERROR: 1_setup_auto.sh failed.
+
+mc-iam-manager was likely not yet ready when setup ran.
+To recover manually:
+
+1. Wait ~2 minutes for all containers to stabilize.
+
+2. Check service status:
+       docker compose ps
+
+   Confirm mc-iam-manager and mc-infra-manager are both healthy.
+
+3. Re-run the post-init container (idempotent — safe to repeat):
+       docker rm mc-iam-manager-post-initial 2>/dev/null
+       docker compose up -d mc-iam-manager-post-initial
+       docker logs -f mc-iam-manager-post-initial
+
+   Each of the 8 setup steps should finish with ✓.
+
+4. Verify health:
+       curl -s http://localhost:${MC_IAM_MANAGER_PORT}/readyz | jq .
+   Expected: "status": "healthy"
+====================================================================
+RECOVERY
+    exit 1
+  fi
+else
+  echo 'ERROR: 1_setup_auto.sh not found in current directory'
+  echo 'Available files:'
+  ls -la
+  exit 1
+fi
+
+if [ $? -eq 0 ]; then
+  echo '===================================================================='
+  echo '[Success] MC-IAM-Manager initialization completed successfully!'
+  echo '===================================================================='
+  echo 'Container will exit normally.'
+else
+  echo '===================================================================='
+  echo '[Error] MC-IAM-Manager initialization failed!'
+  echo '===================================================================='
+  echo 'Container will exit error code 1.'
+  exit 1
+fi
diff --git a/docker-compose.yaml b/docker-compose.yaml
index e53b1f3a..ecd6cc66 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -199,8 +199,12 @@ services:
         published: ${MC_IAM_MANAGER_PORT}
         protocol: tcp
     depends_on:
-      - mc-iam-manager-db
-      - mc-iam-manager-kc
+      mc-iam-manager-db:
+        condition: service_healthy
+      mc-iam-manager-kc:
+        condition: service_healthy
+      mc-infra-manager:
+        condition: service_healthy
     environment:
       DATABASE_URL: postgres://${MC_IAM_MANAGER_DATABASE_USER}:${MC_IAM_MANAGER_DATABASE_PASSWORD}@${MC_IAM_MANAGER_DATABASE_HOST}:5432/${MC_IAM_MANAGER_DATABASE_NAME}
       PORT: ${MC_IAM_MANAGER_PORT}
diff --git a/readme.md b/readme.md
index 9641a340..bdb2b294 100644
--- a/readme.md
+++ b/readme.md
@@ -330,6 +330,46 @@ swag init --output ./docs
 - `billadmin`: Cost management permissions
 - `billviewer`: Cost viewing permissions
 
+## Troubleshooting
+
+### `mc-iam-manager` Stays Unhealthy After Install
+
+If `docker compose ps` shows `mc-iam-manager` as **unhealthy** and
+`docker logs mc-iam-manager-post-initial` ends with
+`ERROR: 1_setup_auto.sh failed`, the post-init container ran before
+mc-iam-manager finished its first boot (cold-start timing race).
+
+Recovery:
+
+```bash
+# 1. Confirm all prerequisites are healthy
+docker compose ps
+
+# 2. Remove the exited post-init container, then re-run it
+docker rm mc-iam-manager-post-initial 2>/dev/null
+docker compose up -d mc-iam-manager-post-initial
+docker logs -f mc-iam-manager-post-initial
+# Each of the 8 setup steps should finish with ✓
+
+# 3. Verify
+curl -s http://localhost:${MC_IAM_MANAGER_PORT}/readyz | jq .
+# Expected: "status": "healthy"
+```
+
+> The post-init container is idempotent — it is safe to re-run.
+
+### Directory Permission Error When Running `0_preset_dev.sh`
+
+If `0_preset_dev.sh` fails with `Cannot create ... / is not writable`, root-owned files
+from a previous Docker run are blocking access. Clean them up and retry:
+
+```bash
+sudo rm -rf container-volume/mc-iam-manager/postgres container-volume/mc-iam-manager/keycloak
+./conf/mc-iam-manager/0_preset_dev.sh
+```
+
+---
+
 ## Contributing
 
 - **Report Issues**: [GitHub Issues](https://github.com/m-cmp/mc-iam-manager/issues)
diff --git a/readme_kr.md b/readme_kr.md
index 592c37fb..493edb3e 100644
--- a/readme_kr.md
+++ b/readme_kr.md
@@ -331,6 +331,45 @@ swag init --output ./docs
 - `billadmin`: 비용 관리 권한
 - `billviewer`: 비용 조회 권한
 
+## 트러블슈팅
+
+### 설치 후 `mc-iam-manager`가 unhealthy 상태로 지속될 때
+
+`docker compose ps`에서 `mc-iam-manager`가 **unhealthy** 이고
+`docker logs mc-iam-manager-post-initial` 끝에
+`ERROR: 1_setup_auto.sh failed`가 보이면, post-init 컨테이너가
+mc-iam-manager의 초기 부팅 완료 전에 실행된 것입니다 (cold-start 타이밍 race).
+
+복구 방법:
+
+```bash
+# 1. 모든 사전 조건이 healthy 상태인지 확인
+docker compose ps
+
+# 2. 종료된 post-init 컨테이너를 삭제하고 재실행
+docker rm mc-iam-manager-post-initial 2>/dev/null
+docker compose up -d mc-iam-manager-post-initial
+docker logs -f mc-iam-manager-post-initial
+# 8단계 각각이 ✓ 로 완료되어야 합니다
+
+# 3. 상태 확인
+curl -s http://localhost:${MC_IAM_MANAGER_PORT}/readyz | jq .
+# 예상 결과: "status": "healthy"
+```
+
+> post-init 컨테이너는 멱등(idempotent)하게 설계되어 있어 재실행해도 안전합니다.
+
+### `0_preset_dev.sh` 실행 시 디렉토리 권한 오류
+
+`0_preset_dev.sh`가 `Cannot create ... / is not writable`로 실패하면, 이전 Docker 실행으로 생긴 root 소유 파일이 접근을 막고 있는 것입니다. 아래 명령으로 정리 후 재시도하세요:
+
+```bash
+sudo rm -rf container-volume/mc-iam-manager/postgres container-volume/mc-iam-manager/keycloak
+./conf/mc-iam-manager/0_preset_dev.sh
+```
+
+---
+
 ## 기여하기
 
 - **이슈 보고**: [GitHub Issues](https://github.com/m-cmp/mc-iam-manager/issues)

From fbe94e665aa7d6efb3f374293767ffa23622cbdf Mon Sep 17 00:00:00 2001
From: raccoon-mh <wsx1341@gmail.com>
Date: Fri, 15 May 2026 07:00:20 +0000
Subject: [PATCH 2/3] =?UTF-8?q?fix(nginx):=20mc-cost-optimizer-fe=20?=
 =?UTF-8?q?=EC=97=85=EC=8A=A4=ED=8A=B8=EB=A6=BC=20=ED=8F=AC=ED=8A=B8?=
 =?UTF-8?q?=EB=A5=BC=2080=EC=97=90=EC=84=9C=207780=EC=9C=BC=EB=A1=9C=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

하드코딩된 포트 80을 환경변수 MC_COST_OPTIMIZER_FE_PORT로 대체하고
.env.setup 기본값을 7780으로 설정. 0_preset_dev/prod.sh에 변수 읽기 및
sed 치환 로직 추가.
---
 .env.setup                              | 1 +
 conf/mc-iam-manager/0_preset_dev.sh     | 1 +
 conf/mc-iam-manager/0_preset_prod.sh    | 9 +++++++++
 conf/mc-iam-manager/nginx.template.conf | 2 +-
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.env.setup b/.env.setup
index d52f2dec..dd7bf25d 100644
--- a/.env.setup
+++ b/.env.setup
@@ -21,6 +21,7 @@ MC_IAM_MANAGER_NGINX_HTTPS_PORT=443
 MC_WEB_CONSOLE_DB_HOST_PORT=15433
 MC_OBSERVABILITY_GRAFANA_PROXY_PORT=3010
 MC_COST_OPTIMIZER_FE_PROXY_PORT=3011
+MC_COST_OPTIMIZER_FE_PORT=7780
 
 # MC-WEB-CONSOLE
 MC_WEB_CONSOLE_POSTGRES_DB=mcwebconsoledbdev
diff --git a/conf/mc-iam-manager/0_preset_dev.sh b/conf/mc-iam-manager/0_preset_dev.sh
index b791e631..ebc6b625 100755
--- a/conf/mc-iam-manager/0_preset_dev.sh
+++ b/conf/mc-iam-manager/0_preset_dev.sh
@@ -188,6 +188,7 @@ if [ -n "$MC_IAM_MANAGER_PUBLIC_DOMAIN" ] && [ -n "$MC_IAM_MANAGER_KEYCLOAK_PORT
         -e "s/\${MC_IAM_MANAGER_KEYCLOAK_PORT}/$MC_IAM_MANAGER_KEYCLOAK_PORT/g" \
         -e "s/\${MC_OBSERVABILITY_GRAFANA_PROXY_PORT}/$MC_OBSERVABILITY_GRAFANA_PROXY_PORT/g" \
         -e "s/\${MC_COST_OPTIMIZER_FE_PROXY_PORT}/$MC_COST_OPTIMIZER_FE_PROXY_PORT/g" \
+        -e "s/\${MC_COST_OPTIMIZER_FE_PORT}/$MC_COST_OPTIMIZER_FE_PORT/g" \
         -e "s/mciam-manager/mc-iam-manager/g" \
         -e "s/mciam-keycloak/mc-iam-manager-kc/g" \
         "$TEMPLATE_FILE" > "$OUTPUT_FILE"
diff --git a/conf/mc-iam-manager/0_preset_prod.sh b/conf/mc-iam-manager/0_preset_prod.sh
index b87335a9..511974a7 100755
--- a/conf/mc-iam-manager/0_preset_prod.sh
+++ b/conf/mc-iam-manager/0_preset_prod.sh
@@ -46,6 +46,7 @@ MC_IAM_MANAGER_KEYCLOAK_DOMAIN=$(grep -m1 "^MC_IAM_MANAGER_KEYCLOAK_DOMAIN=" "$E
 MC_IAM_MANAGER_KEYCLOAK_PORT=$(grep -m1 "^MC_IAM_MANAGER_KEYCLOAK_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
 MC_OBSERVABILITY_GRAFANA_PROXY_PORT=$(grep -m1 "^MC_OBSERVABILITY_GRAFANA_PROXY_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
 MC_COST_OPTIMIZER_FE_PROXY_PORT=$(grep -m1 "^MC_COST_OPTIMIZER_FE_PROXY_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
+MC_COST_OPTIMIZER_FE_PORT=$(grep -m1 "^MC_COST_OPTIMIZER_FE_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
 
 echo "읽어온 환경변수:"
 echo "  MC_IAM_MANAGER_DOMAIN: $MC_IAM_MANAGER_DOMAIN"
@@ -55,6 +56,7 @@ echo "  MC_IAM_MANAGER_KEYCLOAK_DOMAIN: $MC_IAM_MANAGER_KEYCLOAK_DOMAIN"
 echo "  MC_IAM_MANAGER_KEYCLOAK_PORT: $MC_IAM_MANAGER_KEYCLOAK_PORT"
 echo "  MC_OBSERVABILITY_GRAFANA_PROXY_PORT: $MC_OBSERVABILITY_GRAFANA_PROXY_PORT"
 echo "  MC_COST_OPTIMIZER_FE_PROXY_PORT: $MC_COST_OPTIMIZER_FE_PROXY_PORT"
+echo "  MC_COST_OPTIMIZER_FE_PORT: $MC_COST_OPTIMIZER_FE_PORT"
 
 # 템플릿 파일을 복사하고 환경변수 대치
 cp "$TEMPLATE_FILE" "$OUTPUT_FILE"
@@ -101,6 +103,13 @@ else
     echo "경고: MC_COST_OPTIMIZER_FE_PROXY_PORT 환경변수가 설정되지 않았습니다."
 fi
 
+if [ -n "$MC_COST_OPTIMIZER_FE_PORT" ]; then
+    sed -i "s/\${MC_COST_OPTIMIZER_FE_PORT}/$MC_COST_OPTIMIZER_FE_PORT/g" "$OUTPUT_FILE"
+    echo "✓ MC_COST_OPTIMIZER_FE_PORT 대치 완료: $MC_COST_OPTIMIZER_FE_PORT"
+else
+    echo "경고: MC_COST_OPTIMIZER_FE_PORT 환경변수가 설정되지 않았습니다."
+fi
+
 # 컨테이너 이름 치환 (템플릿 내 레거시 이름 정정)
 sed -i "s/mciam-manager/mc-iam-manager/g" "$OUTPUT_FILE"
 sed -i "s/mciam-keycloak/mc-iam-manager-kc/g" "$OUTPUT_FILE"
diff --git a/conf/mc-iam-manager/nginx.template.conf b/conf/mc-iam-manager/nginx.template.conf
index 292d935d..dfb67c02 100644
--- a/conf/mc-iam-manager/nginx.template.conf
+++ b/conf/mc-iam-manager/nginx.template.conf
@@ -209,7 +209,7 @@ http {
         location / {
             resolver 127.0.0.11 valid=10s;
             set $upstream_cost_fe mc-cost-optimizer-fe;
-            proxy_pass http://$upstream_cost_fe:80;
+            proxy_pass http://$upstream_cost_fe:${MC_COST_OPTIMIZER_FE_PORT};
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";

From 980ddb171afaf44fdb9baca2263df45ce9c41da6 Mon Sep 17 00:00:00 2001
From: raccoon-mh <wsx1341@gmail.com>
Date: Wed, 20 May 2026 05:56:30 +0000
Subject: [PATCH 3/3] feat(conf): add FE services to api/mcmp_api configs and
 activate framework entries

- Add mc-application-manager-fe, mc-workflow-manager-fe, mc-data-manager-fe,
  mc-cost-optimizer-fe to conf/mc-iam-manager/api.yaml and asset/mcmpapi/mcmp_api.yaml
- Activate previously commented-out frameworks in frameworks.yaml
  (mc-observability, mc-infra-manager, mc-infra-connector, mc-data-manager,
   mc-across-service-manager, mc-web-console); swagger lines remain commented
   where spec path is unverified or unavailable
- Regenerate src/docs swagger (docs.go, swagger.json, swagger.yaml) from src/
---
 asset/mcmpapi/mcmp_api.yaml         |  22 ++++-
 conf/mc-iam-manager/api.yaml        |  16 ++++
 conf/mc-iam-manager/frameworks.yaml |  77 +++++++++------
 src/docs/docs.go                    | 140 ++++++++++++++++++++++++++++
 src/docs/swagger.json               | 140 ++++++++++++++++++++++++++++
 src/docs/swagger.yaml               |  95 +++++++++++++++++++
 6 files changed, 460 insertions(+), 30 deletions(-)

diff --git a/asset/mcmpapi/mcmp_api.yaml b/asset/mcmpapi/mcmp_api.yaml
index af5fd8a8..91d78add 100644
--- a/asset/mcmpapi/mcmp_api.yaml
+++ b/asset/mcmpapi/mcmp_api.yaml
@@ -54,7 +54,27 @@ services:
     version: 0.3.0
     baseurl: http://mc-data-manager:3300
     auth:
-  
+
+  mc-application-manager-fe:
+    version: main
+    baseurl: http://application_manager_fe_url:18084
+    auth:
+
+  mc-workflow-manager-fe:
+    version: main
+    baseurl: http://workflow_manager_fe_url:18083
+    auth:
+
+  mc-data-manager-fe:
+    version: main
+    baseurl: http://data_manager_fe_url:3300
+    auth:
+
+  mc-cost-optimizer-fe:
+    version: main
+    baseurl: http://cost_optimizer_fe_url:7780
+    auth:
+
   # sample:
   #   baseurl: http://localhost:1323/test
   #   auth:
diff --git a/conf/mc-iam-manager/api.yaml b/conf/mc-iam-manager/api.yaml
index d65ed117..8462334f 100644
--- a/conf/mc-iam-manager/api.yaml
+++ b/conf/mc-iam-manager/api.yaml
@@ -46,6 +46,22 @@ services:
     version: 0.3.0
     baseurl: http://mc-data-manager:3300
     auth: null
+  mc-application-manager-fe:
+    version: main
+    baseurl: http://application_manager_fe_url:18084
+    auth: null
+  mc-workflow-manager-fe:
+    version: main
+    baseurl: http://workflow_manager_fe_url:18083
+    auth: null
+  mc-data-manager-fe:
+    version: main
+    baseurl: http://data_manager_fe_url:3300
+    auth: null
+  mc-cost-optimizer-fe:
+    version: main
+    baseurl: http://cost_optimizer_fe_url:7780
+    auth: null
 serviceActions:
   mc-infra-connector:
     Remove-Nodegroup:
diff --git a/conf/mc-iam-manager/frameworks.yaml b/conf/mc-iam-manager/frameworks.yaml
index 16687b72..a3790c53 100644
--- a/conf/mc-iam-manager/frameworks.yaml
+++ b/conf/mc-iam-manager/frameworks.yaml
@@ -25,11 +25,10 @@ frameworks:
     swagger: ../../src/docs/swagger.yaml   # Local path relative to this file
 
   # MC-Observability - Monitoring and Observability
-  # Note: Swagger file path needs to be verified - currently not found in v0.5.0
-  # - name: mc-observability
-  #   version: "0.5.0"                    # Latest release: v0.5.0 (Nov 3, 2025)
-  #   repository: https://github.com/m-cmp/mc-observability
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-observability/v0.5.0/swagger/swagger.yaml
+  - name: mc-observability
+    version: "0.5.0"                    # Latest release: v0.5.0 (Nov 3, 2025)
+    repository: https://github.com/m-cmp/mc-observability
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-observability/v0.5.0/swagger/swagger.yaml  # Note: path needs to be verified
 
   # MC-Application-Manager - Application Deployment Management
   - name: mc-application-manager
@@ -50,35 +49,55 @@ frameworks:
     swagger: https://raw.githubusercontent.com/m-cmp/mc-workflow-manager/v0.5.0/swagger.json
 
   # MC-Infra-Manager - Multi-Cloud Infrastructure Management
-  # Note: No releases found - using main branch
-  # - name: mc-infra-manager
-  #   version: "main"                     # No releases, using main branch
-  #   repository: https://github.com/m-cmp/mc-infra-manager
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-infra-manager/main/swagger.yaml
+  - name: mc-infra-manager
+    version: "main"                     # No releases, using main branch
+    repository: https://github.com/m-cmp/mc-infra-manager
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-infra-manager/main/swagger.yaml
 
   # MC-Infra-Connector - Cloud Infrastructure Connection
-  # Note: No releases found - using main branch
-  # - name: mc-infra-connector
-  #   version: "main"                     # No releases, using main branch
-  #   repository: https://github.com/m-cmp/mc-infra-connector
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-infra-connector/main/swagger.yaml
+  - name: mc-infra-connector
+    version: "main"                     # No releases, using main branch
+    repository: https://github.com/m-cmp/mc-infra-connector
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-infra-connector/main/swagger.yaml
 
   # MC-Data-Manager - Data Management
-  # Note: No releases found - using main branch
-  # - name: mc-data-manager
-  #   version: "main"                     # No releases, using main branch
-  #   repository: https://github.com/m-cmp/mc-data-manager
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-data-manager/main/swagger.yaml
+  - name: mc-data-manager
+    version: "main"                     # No releases, using main branch
+    repository: https://github.com/m-cmp/mc-data-manager
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-data-manager/main/swagger.yaml
 
   # MC-Across-Service-Manager - Cross-Service Management
-  # Note: Latest release is v0.1.0, not v0.5.0 - Swagger file path needs verification
-  # - name: mc-across-service-manager
-  #   version: "0.1.0"                   # Latest release: v0.1.0 (not v0.5.0)
-  #   repository: https://github.com/m-cmp/mc-across-service-manager
-  #   swagger: https://raw.githubusercontent.com/m-cmp/mc-across-service-manager/v0.1.0/swagger.yaml
+  - name: mc-across-service-manager
+    version: "0.1.0"                   # Latest release: v0.1.0
+    repository: https://github.com/m-cmp/mc-across-service-manager
+    # swagger: https://raw.githubusercontent.com/m-cmp/mc-across-service-manager/v0.1.0/swagger.yaml  # Note: path needs verification
 
   # MC-Web-Console - Web Console Interface
-  # - name: mc-web-console
-  #   version: "0.1.0"
-  #   repository: https://github.com/m-cmp/mc-web-console
-  #   swagger: /path/to/swagger.yaml
+  - name: mc-web-console
+    version: "main"
+    repository: https://github.com/m-cmp/mc-web-console
+    # swagger: N/A (path unknown)
+
+  # MC-Application-Manager-FE - Application Manager Frontend
+  - name: mc-application-manager-fe
+    version: "main"
+    baseurl: http://application_manager_fe_url:18084
+    # swagger: N/A (frontend service)
+
+  # MC-Workflow-Manager-FE - Workflow Manager Frontend
+  - name: mc-workflow-manager-fe
+    version: "main"
+    baseurl: http://workflow_manager_fe_url:18083
+    # swagger: N/A (frontend service)
+
+  # MC-Data-Manager-FE - Data Manager Frontend
+  - name: mc-data-manager-fe
+    version: "main"
+    baseurl: http://data_manager_fe_url:3300
+    # swagger: N/A (frontend service)
+
+  # MC-Cost-Optimizer-FE - Cost Optimizer Frontend
+  - name: mc-cost-optimizer-fe
+    version: "main"
+    baseurl: http://cost_optimizer_fe_url:7780
+    # swagger: N/A (frontend service)
diff --git a/src/docs/docs.go b/src/docs/docs.go
index 9833b100..93c1277a 100644
--- a/src/docs/docs.go
+++ b/src/docs/docs.go
@@ -3869,6 +3869,73 @@ const docTemplate = `{
                 }
             }
         },
+        "/api/mcmp-apis": {
+            "post": {
+                "security": [
+                    {
+                        "BearerAuth": []
+                    }
+                ],
+                "description": "Creates a new MCMP API service (framework) record. Returns 409 if a service with the same name already exists.",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "McmpAPI"
+                ],
+                "summary": "Create MCMP API Service Definition",
+                "operationId": "CreateFrameworkService",
+                "parameters": [
+                    {
+                        "description": "Service definition",
+                        "name": "body",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/model.CreateMcmpApiServiceRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": "Created",
+                        "schema": {
+                            "$ref": "#/definitions/mcmpapi.McmpApiService"
+                        }
+                    },
+                    "400": {
+                        "description": "error: invalid request body or validation failure",
+                        "schema": {
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            }
+                        }
+                    },
+                    "409": {
+                        "description": "error: framework service already exists",
+                        "schema": {
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            }
+                        }
+                    },
+                    "500": {
+                        "description": "error: internal server error",
+                        "schema": {
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/api/mcmp-apis/import": {
             "post": {
                 "security": [
@@ -12759,6 +12826,41 @@ const docTemplate = `{
                 }
             }
         },
+        "mcmpapi.McmpApiService": {
+            "type": "object",
+            "properties": {
+                "authPass": {
+                    "description": "Consider encryption for password",
+                    "type": "string"
+                },
+                "authType": {
+                    "type": "string"
+                },
+                "authUser": {
+                    "type": "string"
+                },
+                "baseURL": {
+                    "type": "string"
+                },
+                "createdAt": {
+                    "type": "string"
+                },
+                "isActive": {
+                    "description": "Added IsActive field",
+                    "type": "boolean"
+                },
+                "name": {
+                    "description": "Service name acts as PK",
+                    "type": "string"
+                },
+                "updatedAt": {
+                    "type": "string"
+                },
+                "version": {
+                    "type": "string"
+                }
+            }
+        },
         "mcmpapi.McmpApiServiceAction": {
             "type": "object",
             "properties": {
@@ -13231,6 +13333,44 @@ const docTemplate = `{
                 }
             }
         },
+        "model.CreateMcmpApiServiceRequest": {
+            "type": "object",
+            "required": [
+                "baseUrl",
+                "name",
+                "version"
+            ],
+            "properties": {
+                "authPass": {
+                    "type": "string"
+                },
+                "authType": {
+                    "type": "string",
+                    "enum": [
+                        "none",
+                        "basic",
+                        "bearer"
+                    ]
+                },
+                "authUser": {
+                    "type": "string"
+                },
+                "baseUrl": {
+                    "type": "string"
+                },
+                "isActive": {
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string",
+                    "maxLength": 100
+                },
+                "version": {
+                    "type": "string",
+                    "maxLength": 50
+                }
+            }
+        },
         "model.CreateMenuMappingRequest": {
             "type": "object",
             "required": [
diff --git a/src/docs/swagger.json b/src/docs/swagger.json
index abc7ee3a..ede2dc88 100644
--- a/src/docs/swagger.json
+++ b/src/docs/swagger.json
@@ -3863,6 +3863,73 @@
                 }
             }
         },
+        "/api/mcmp-apis": {
+            "post": {
+                "security": [
+                    {
+                        "BearerAuth": []
+                    }
+                ],
+                "description": "Creates a new MCMP API service (framework) record. Returns 409 if a service with the same name already exists.",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "McmpAPI"
+                ],
+                "summary": "Create MCMP API Service Definition",
+                "operationId": "CreateFrameworkService",
+                "parameters": [
+                    {
+                        "description": "Service definition",
+                        "name": "body",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/model.CreateMcmpApiServiceRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": "Created",
+                        "schema": {
+                            "$ref": "#/definitions/mcmpapi.McmpApiService"
+                        }
+                    },
+                    "400": {
+                        "description": "error: invalid request body or validation failure",
+                        "schema": {
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            }
+                        }
+                    },
+                    "409": {
+                        "description": "error: framework service already exists",
+                        "schema": {
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            }
+                        }
+                    },
+                    "500": {
+                        "description": "error: internal server error",
+                        "schema": {
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/api/mcmp-apis/import": {
             "post": {
                 "security": [
@@ -12753,6 +12820,41 @@
                 }
             }
         },
+        "mcmpapi.McmpApiService": {
+            "type": "object",
+            "properties": {
+                "authPass": {
+                    "description": "Consider encryption for password",
+                    "type": "string"
+                },
+                "authType": {
+                    "type": "string"
+                },
+                "authUser": {
+                    "type": "string"
+                },
+                "baseURL": {
+                    "type": "string"
+                },
+                "createdAt": {
+                    "type": "string"
+                },
+                "isActive": {
+                    "description": "Added IsActive field",
+                    "type": "boolean"
+                },
+                "name": {
+                    "description": "Service name acts as PK",
+                    "type": "string"
+                },
+                "updatedAt": {
+                    "type": "string"
+                },
+                "version": {
+                    "type": "string"
+                }
+            }
+        },
         "mcmpapi.McmpApiServiceAction": {
             "type": "object",
             "properties": {
@@ -13225,6 +13327,44 @@
                 }
             }
         },
+        "model.CreateMcmpApiServiceRequest": {
+            "type": "object",
+            "required": [
+                "baseUrl",
+                "name",
+                "version"
+            ],
+            "properties": {
+                "authPass": {
+                    "type": "string"
+                },
+                "authType": {
+                    "type": "string",
+                    "enum": [
+                        "none",
+                        "basic",
+                        "bearer"
+                    ]
+                },
+                "authUser": {
+                    "type": "string"
+                },
+                "baseUrl": {
+                    "type": "string"
+                },
+                "isActive": {
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string",
+                    "maxLength": 100
+                },
+                "version": {
+                    "type": "string",
+                    "maxLength": 50
+                }
+            }
+        },
         "model.CreateMenuMappingRequest": {
             "type": "object",
             "required": [
diff --git a/src/docs/swagger.yaml b/src/docs/swagger.yaml
index 3aec2dba..4dd9569b 100644
--- a/src/docs/swagger.yaml
+++ b/src/docs/swagger.yaml
@@ -172,6 +172,30 @@ definitions:
       updatedAt:
         type: string
     type: object
+  mcmpapi.McmpApiService:
+    properties:
+      authPass:
+        description: Consider encryption for password
+        type: string
+      authType:
+        type: string
+      authUser:
+        type: string
+      baseURL:
+        type: string
+      createdAt:
+        type: string
+      isActive:
+        description: Added IsActive field
+        type: boolean
+      name:
+        description: Service name acts as PK
+        type: string
+      updatedAt:
+        type: string
+      version:
+        type: string
+    type: object
   mcmpapi.McmpApiServiceAction:
     properties:
       description:
@@ -489,6 +513,33 @@ definitions:
     required:
     - cspRoles
     type: object
+  model.CreateMcmpApiServiceRequest:
+    properties:
+      authPass:
+        type: string
+      authType:
+        enum:
+        - none
+        - basic
+        - bearer
+        type: string
+      authUser:
+        type: string
+      baseUrl:
+        type: string
+      isActive:
+        type: boolean
+      name:
+        maxLength: 100
+        type: string
+      version:
+        maxLength: 50
+        type: string
+    required:
+    - baseUrl
+    - name
+    - version
+    type: object
   model.CreateMenuMappingRequest:
     properties:
       menuIds:
@@ -4340,6 +4391,50 @@ paths:
       summary: Get platform actions by permission ID
       tags:
       - mcmp-api-permission-action-mappings
+  /api/mcmp-apis:
+    post:
+      consumes:
+      - application/json
+      description: Creates a new MCMP API service (framework) record. Returns 409
+        if a service with the same name already exists.
+      operationId: CreateFrameworkService
+      parameters:
+      - description: Service definition
+        in: body
+        name: body
+        required: true
+        schema:
+          $ref: '#/definitions/model.CreateMcmpApiServiceRequest'
+      produces:
+      - application/json
+      responses:
+        "201":
+          description: Created
+          schema:
+            $ref: '#/definitions/mcmpapi.McmpApiService'
+        "400":
+          description: 'error: invalid request body or validation failure'
+          schema:
+            additionalProperties:
+              type: string
+            type: object
+        "409":
+          description: 'error: framework service already exists'
+          schema:
+            additionalProperties:
+              type: string
+            type: object
+        "500":
+          description: 'error: internal server error'
+          schema:
+            additionalProperties:
+              type: string
+            type: object
+      security:
+      - BearerAuth: []
+      summary: Create MCMP API Service Definition
+      tags:
+      - McmpAPI
   /api/mcmp-apis/import:
     post:
       consumes: