From fe80d75ffc3e4b6ec82f9705c23bb2a67c1ed9bf Mon Sep 17 00:00:00 2001 From: dogfootman Date: Thu, 21 May 2026 02:33:38 +0000 Subject: [PATCH 1/9] feat(env): standardize env var names to MC__ prefix (IAM-TECH-001) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Align os.Getenv call arguments in Go source with the MC__* naming rule adopted by mc-admin-cli (ADMINCLI-TECH-001). Changed variables (8 kinds, 11 call sites + error messages): - PREDEFINED_PLATFORM_ROLE → MC_IAM_MANAGER_PREDEFINED_PLATFORM_ROLE - DEFAULT_WORKSPACE_NAME → MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME - AWS_ACCOUNT_ID → MC_IAM_MANAGER_AWS_ACCOUNT_ID - IDENTITY_PROVIDER_ARN_AWS → MC_IAM_MANAGER_AWS_IDENTITY_PROVIDER_ARN - IDENTITY_ROLE_ARN_AWS → MC_IAM_MANAGER_AWS_IDENTITY_ROLE_ARN - MCADMINCLI_APIYAML → MC_ADMIN_CLI_APIYAML - MCWEBCONSOLE_MENUYAML → MC_WEB_CONSOLE_MENUYAML (fixes active mismatch with mc-admin-cli .env) - MCWEBCONSOLE_PERMISSIONCSV → MC_WEB_CONSOLE_MENU_PERMISSIONS (fixes active mismatch) Also synced: - Error message strings inside csp_role_service.go - Comments and log messages in menu_service.go, admin_handler.go, project_service.go - Swagger description in menu_handler.go and generated docs - .env_sample, .env.setup variable names and inter-variable references - docker-compose-dev.yaml environment key names (USE_TICKET_VALID, AWS_ACCOUNT_ID, CSP_ROLE_PREFIX) Merge order dependency: this PR must be merged and the image rebuilt before mc-admin-cli ADMINCLI-TECH-001 PR is merged. Notion: mc-iam-ep-연계프레임워크연동안정화/003_환경변수prefix표준화 (IAM-TECH-001) --- .env.setup | 16 ++++++++-------- .env_sample | 20 ++++++++++---------- asset/mcmpapi/service-actions.yaml | 2 +- conf/mc-iam-manager/api.yaml | 2 +- conf/mc-iam-manager/service-actions.yaml | 2 +- docker-compose-dev.yaml | 6 +++--- docs/swagger.yaml | 2 +- src/docs/docs.go | 2 +- src/docs/swagger.yaml | 2 +- src/handler/admin_handler.go | 6 +++--- src/handler/mcmpapi_handler.go | 2 +- src/handler/menu_handler.go | 2 +- src/service/csp_idp_config_service.go | 2 +- src/service/csp_role_service.go | 12 ++++++------ src/service/keycloak_service.go | 4 ++-- src/service/menu_service.go | 14 +++++++------- src/service/project_service.go | 10 +++++----- 17 files changed, 53 insertions(+), 53 deletions(-) diff --git a/.env.setup b/.env.setup index a4221cda..89eb8f95 100644 --- a/.env.setup +++ b/.env.setup @@ -45,9 +45,9 @@ DEFAULT_LANGUAGE=ko # [ko|en] Default is ko if not set MODE=standalone # [standalone|docker] both are same. ## Resources Permission MODE -USE_TICKET_VALID=true # [true|false] +MC_IAM_MANAGER_USE_TICKET_VALID=true # [true|false] -MCADMINCLI_APIYAML=https://raw.githubusercontent.com/m-cmp/mc-admin-cli/refs/heads/main/conf/api.yaml +MC_ADMIN_CLI_APIYAML=https://raw.githubusercontent.com/m-cmp/mc-admin-cli/refs/heads/main/conf/api.yaml MC_WEB_CONSOLE_MENUYAML=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_resources.yaml MC_WEB_CONSOLE_MENU_PERMISSIONS=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_permissions.csv @@ -59,7 +59,7 @@ MC_IAM_MANAGER_PLATFORMADMIN_LASTNAME=iammanager MC_IAM_MANAGER_PLATFORMADMIN_EMAIL=iammanager@cloud-barista.org PREDEFINED_ROLE=admin,operator,viewer,billadmin,billviewer -PREDEFINED_PLATFORM_ROLE=admin,operator,viewer,billadmin,billviewer +MC_IAM_MANAGER_PREDEFINED_PLATFORM_ROLE=admin,operator,viewer,billadmin,billviewer PREDEFINED_WORKSPACE_ROLE=admin,operator,viewer,billadmin,billviewer MC_IAM_MANAGER_KEYCLOAK_CLIENT_NAME=mciamClient @@ -124,11 +124,11 @@ MCINFRAMANAGER_APIUSERNAME=spider MCINFRAMANAGER_APIPASSWORD=spider ## Default Workspace -DEFAULT_WORKSPACE_NAME=ws01 +MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME=ws01 TEMPORARY_SECURITY_CREDENTIALS_ENDPOINT_AWS=https://sts.amazonaws.com -AWS_ACCOUNT_ID=notyet -CSP_ROLE_PREFIX=mciam -IDENTITY_PROVIDER_ARN_AWS=arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN}/auth/realms/${MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_NAME} -IDENTITY_ROLE_ARN_AWS=arn:aws:iam::${AWS_ACCOUNT_ID}:role/${CSP_ROLE_PREFIX}-platformadmin +MC_IAM_MANAGER_AWS_ACCOUNT_ID=notyet +MC_IAM_MANAGER_CSP_ROLE_PREFIX=mciam +MC_IAM_MANAGER_AWS_IDENTITY_PROVIDER_ARN=arn:aws:iam::${MC_IAM_MANAGER_AWS_ACCOUNT_ID}:oidc-provider/${MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN}/auth/realms/${MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_NAME} +MC_IAM_MANAGER_AWS_IDENTITY_ROLE_ARN=arn:aws:iam::${MC_IAM_MANAGER_AWS_ACCOUNT_ID}:role/${MC_IAM_MANAGER_CSP_ROLE_PREFIX}-platformadmin MC_IAM_MANAGER_HOST=http://localhost:5005 diff --git a/.env_sample b/.env_sample index 8606edb4..7378055e 100644 --- a/.env_sample +++ b/.env_sample @@ -38,11 +38,11 @@ DEFAULT_LANGUAGE=ko # [ko|en] Default is ko if not set MODE=standalone # [standalone|docker] both are same. ## Resources Permission MODE -USE_TICKET_VALID=true # [true|false] +MC_IAM_MANAGER_USE_TICKET_VALID=true # [true|false] -MCADMINCLI_APIYAML=https://raw.githubusercontent.com/m-cmp/mc-admin-cli/refs/heads/main/conf/api.yaml -MCWEBCONSOLE_MENUYAML=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_resources.yaml -MCWEBCONSOLE_MENU_PERMISSIONS=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_permissions.csv +MC_ADMIN_CLI_APIYAML=https://raw.githubusercontent.com/m-cmp/mc-admin-cli/refs/heads/main/conf/api.yaml +MC_WEB_CONSOLE_MENUYAML=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_resources.yaml +MC_WEB_CONSOLE_MENU_PERMISSIONS=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_permissions.csv MC_IAM_MANAGER_PLATFORMADMIN_ID=mcmp @@ -52,7 +52,7 @@ MC_IAM_MANAGER_PLATFORMADMIN_LASTNAME=iammanager MC_IAM_MANAGER_PLATFORMADMIN_EMAIL=iammanager@cloud-barista.org PREDEFINED_ROLE=admin,operator,viewer,billadmin,billviewer -PREDEFINED_PLATFORM_ROLE=admin,operator,viewer,billadmin,billviewer +MC_IAM_MANAGER_PREDEFINED_PLATFORM_ROLE=admin,operator,viewer,billadmin,billviewer PREDEFINED_WORKSPACE_ROLE=admin,operator,viewer,billadmin,billviewer MC_IAM_MANAGER_KEYCLOAK_CLIENT_NAME=mciamClient @@ -94,13 +94,13 @@ MCINFRAMANAGER_APIUSERNAME=default MCINFRAMANAGER_APIPASSWORD=default ## Default Workspace -DEFAULT_WORKSPACE_NAME=ws01 +MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME=ws01 TEMPORARY_SECURITY_CREDENTIALS_ENDPOINT_AWS=https://sts.amazonaws.com -AWS_ACCOUNT_ID=notyet -CSP_ROLE_PREFIX=mciam -IDENTITY_PROVIDER_ARN_AWS=arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN}/auth/realms/${MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_NAME} -IDENTITY_ROLE_ARN_AWS=arn:aws:iam::${AWS_ACCOUNT_ID}:role/${CSP_ROLE_PREFIX}-platformadmin +MC_IAM_MANAGER_AWS_ACCOUNT_ID=notyet +MC_IAM_MANAGER_CSP_ROLE_PREFIX=mciam +MC_IAM_MANAGER_AWS_IDENTITY_PROVIDER_ARN=arn:aws:iam::${MC_IAM_MANAGER_AWS_ACCOUNT_ID}:oidc-provider/${MC_IAM_MANAGER_KEYCLOAK_EXTERNAL_DOMAIN}/auth/realms/${MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_NAME} +MC_IAM_MANAGER_AWS_IDENTITY_ROLE_ARN=arn:aws:iam::${MC_IAM_MANAGER_AWS_ACCOUNT_ID}:role/${MC_IAM_MANAGER_CSP_ROLE_PREFIX}-platformadmin # SAML Client ID (CSP별 Keycloak SAML 클라이언트 ID) SAML_CLIENT_ID_AWS=urn:amazon:webservices diff --git a/asset/mcmpapi/service-actions.yaml b/asset/mcmpapi/service-actions.yaml index 7221ad7f..1f81afc6 100644 --- a/asset/mcmpapi/service-actions.yaml +++ b/asset/mcmpapi/service-actions.yaml @@ -1061,7 +1061,7 @@ serviceActions: registerMenusFromYAML: method: post resourcePath: /api/menus/setup/initial-menus - description: Register or update menus from a local YAML file specified by the filePath query parameter, or from the MCWEBCONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. + description: Register or update menus from a local YAML file specified by the filePath query parameter, or from the MC_WEB_CONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. rejectInvitation: method: put resourcePath: /api/users/me/invitations/{invitationId}/reject diff --git a/conf/mc-iam-manager/api.yaml b/conf/mc-iam-manager/api.yaml index 8462334f..dcd7e572 100644 --- a/conf/mc-iam-manager/api.yaml +++ b/conf/mc-iam-manager/api.yaml @@ -1342,7 +1342,7 @@ serviceActions: method: post resourcePath: /api/menus/setup/initial-menus description: Register or update menus from a local YAML file specified by the - filePath query parameter, or from the MCWEBCONSOLE_MENUYAML URL in .env if + filePath query parameter, or from the MC_WEB_CONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. removeCspRoleMappings: method: delete diff --git a/conf/mc-iam-manager/service-actions.yaml b/conf/mc-iam-manager/service-actions.yaml index bf7b5c24..1e27eee6 100644 --- a/conf/mc-iam-manager/service-actions.yaml +++ b/conf/mc-iam-manager/service-actions.yaml @@ -933,7 +933,7 @@ serviceActions: registerMenusFromYAML: method: post resourcePath: /api/menus/setup/initial-menus - description: Register or update menus from a local YAML file specified by the filePath query parameter, or from the MCWEBCONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. + description: Register or update menus from a local YAML file specified by the filePath query parameter, or from the MC_WEB_CONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. removeCspRoleMappings: method: delete resourcePath: /api/roles/unassign/csp-roles diff --git a/docker-compose-dev.yaml b/docker-compose-dev.yaml index 60d5cf83..1c7e583a 100644 --- a/docker-compose-dev.yaml +++ b/docker-compose-dev.yaml @@ -58,7 +58,7 @@ services: # 기타 필요한 환경 변수들 DEFAULT_LANGUAGE: ${DEFAULT_LANGUAGE} MODE: ${MODE} - USE_TICKET_VALID: ${USE_TICKET_VALID} + MC_IAM_MANAGER_USE_TICKET_VALID: ${MC_IAM_MANAGER_USE_TICKET_VALID} MC_IAM_MANAGER_PLATFORMADMIN_ID: ${MC_IAM_MANAGER_PLATFORMADMIN_ID} MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD: ${MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD} MC_IAM_MANAGER_PLATFORMADMIN_FIRSTNAME: ${MC_IAM_MANAGER_PLATFORMADMIN_FIRSTNAME} @@ -70,8 +70,8 @@ services: MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_ID: ${MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_ID} MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_SECRET: gaT6UdbCga0MZHvXdg01VKd2OnaMteTB # AWS CSP 설정 - AWS_ACCOUNT_ID: ${AWS_ACCOUNT_ID} - CSP_ROLE_PREFIX: ${CSP_ROLE_PREFIX} + MC_IAM_MANAGER_AWS_ACCOUNT_ID: ${MC_IAM_MANAGER_AWS_ACCOUNT_ID} + MC_IAM_MANAGER_CSP_ROLE_PREFIX: ${MC_IAM_MANAGER_CSP_ROLE_PREFIX} # MC-INFRA-MANAGER 설정 MCINFRAMANAGER: ${MCINFRAMANAGER} diff --git a/docs/swagger.yaml b/docs/swagger.yaml index 2d993b46..13b0c753 100644 --- a/docs/swagger.yaml +++ b/docs/swagger.yaml @@ -3698,7 +3698,7 @@ paths: consumes: - application/json description: Register or update menus from a local YAML file specified by the - filePath query parameter, or from the MCWEBCONSOLE_MENUYAML URL in .env if + filePath query parameter, or from the MC_WEB_CONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. operationId: registerMenusFromYAML parameters: diff --git a/src/docs/docs.go b/src/docs/docs.go index 93c1277a..e19a197f 100644 --- a/src/docs/docs.go +++ b/src/docs/docs.go @@ -4867,7 +4867,7 @@ const docTemplate = `{ "BearerAuth": [] } ], - "description": "Register or update menus from a local YAML file specified by the filePath query parameter, or from the MCWEBCONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml.", + "description": "Register or update menus from a local YAML file specified by the filePath query parameter, or from the MC_WEB_CONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml.", "consumes": [ "application/json" ], diff --git a/src/docs/swagger.yaml b/src/docs/swagger.yaml index 4dd9569b..f36b31f2 100644 --- a/src/docs/swagger.yaml +++ b/src/docs/swagger.yaml @@ -5046,7 +5046,7 @@ paths: consumes: - application/json description: Register or update menus from a local YAML file specified by the - filePath query parameter, or from the MCWEBCONSOLE_MENUYAML URL in .env if + filePath query parameter, or from the MC_WEB_CONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. operationId: registerMenusFromYAML parameters: diff --git a/src/handler/admin_handler.go b/src/handler/admin_handler.go index 90785c16..6ab77ff4 100644 --- a/src/handler/admin_handler.go +++ b/src/handler/admin_handler.go @@ -130,7 +130,7 @@ func (h *AdminHandler) SetupInitialAdmin(c echo.Context) error { } // 3-2. db에 기본 역할 생성 - predefinedRoles := strings.Split(os.Getenv("PREDEFINED_PLATFORM_ROLE"), ",") + predefinedRoles := strings.Split(os.Getenv("MC_IAM_MANAGER_PREDEFINED_PLATFORM_ROLE"), ",") registeredRoles := []uint{} for _, roleName := range predefinedRoles { role, err := h.roleService.CreateRoleWithSubs(&model.RoleMaster{ @@ -148,10 +148,10 @@ func (h *AdminHandler) SetupInitialAdmin(c echo.Context) error { } // 기본 workspace 생성 - defaultWsName := os.Getenv("DEFAULT_WORKSPACE_NAME") + defaultWsName := os.Getenv("MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME") if defaultWsName == "" { defaultWsName = "ws01" // fallback - log.Printf("[INFO] DEFAULT_WORKSPACE_NAME not set, using default: %s", defaultWsName) + log.Printf("[INFO] MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME not set, using default: %s", defaultWsName) } err = h.workspaceService.CreateWorkspace(&model.Workspace{ diff --git a/src/handler/mcmpapi_handler.go b/src/handler/mcmpapi_handler.go index 3c7e8a36..266eb8d2 100644 --- a/src/handler/mcmpapi_handler.go +++ b/src/handler/mcmpapi_handler.go @@ -15,7 +15,7 @@ import ( "gorm.io/gorm" // Import gorm ) -const apiYamlEnvVar = "MCADMINCLI_APIYAML" +const apiYamlEnvVar = "MC_ADMIN_CLI_APIYAML" // McmpApiHandler handles requests related to mcmp API definitions. (Renamed) type McmpApiHandler struct { diff --git a/src/handler/menu_handler.go b/src/handler/menu_handler.go index 8c96c72e..718be6dc 100755 --- a/src/handler/menu_handler.go +++ b/src/handler/menu_handler.go @@ -513,7 +513,7 @@ func (h *MenuHandler) DeleteMenu(c echo.Context) error { // RegisterMenusFromYAML godoc // @Summary Register/Update menus from YAML file or URL -// @Description Register or update menus from a local YAML file specified by the filePath query parameter, or from the MCWEBCONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. +// @Description Register or update menus from a local YAML file specified by the filePath query parameter, or from the MC_WEB_CONSOLE_MENUYAML URL in .env if not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. // @Tags menus // @Accept json // @Produce json diff --git a/src/service/csp_idp_config_service.go b/src/service/csp_idp_config_service.go index 9fd6c796..70a37115 100644 --- a/src/service/csp_idp_config_service.go +++ b/src/service/csp_idp_config_service.go @@ -228,7 +228,7 @@ func (s *CspIdpConfigService) testAwsOidcConnection(ctx context.Context, idpConf // Role ARN 구성 (환경 변수 또는 IDP Config에서) roleArn := idpConfig.Config["role_arn"] if roleArn == "" { - roleArn = os.Getenv("IDENTITY_ROLE_ARN_AWS") + roleArn = os.Getenv("MC_IAM_MANAGER_AWS_IDENTITY_ROLE_ARN") } if roleArn == "" { return fmt.Errorf("role_arn is not configured") diff --git a/src/service/csp_role_service.go b/src/service/csp_role_service.go index e17fbdad..cf56a8b0 100644 --- a/src/service/csp_role_service.go +++ b/src/service/csp_role_service.go @@ -344,9 +344,9 @@ func getAwsAssumeRolePolicyDocument(role *model.CspRole) (string, error) { return "", fmt.Errorf("MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_ID environment variable is not set") } - accountID := os.Getenv("AWS_ACCOUNT_ID") + accountID := os.Getenv("MC_IAM_MANAGER_AWS_ACCOUNT_ID") if accountID == "" { - return "", fmt.Errorf("AWS_ACCOUNT_ID environment variable is not set") + return "", fmt.Errorf("MC_IAM_MANAGER_AWS_ACCOUNT_ID environment variable is not set") } externalURL := strings.TrimPrefix(strings.TrimPrefix(mciamConfig.KC.ExternalURL, "https://"), "http://") @@ -427,14 +427,14 @@ func (s *CspRoleService) createNewAwsCredential(issuedBy string) (*model.TempCre Region: "ap-northeast-2", }) - identityProviderArn := os.Getenv("IDENTITY_PROVIDER_ARN_AWS") + identityProviderArn := os.Getenv("MC_IAM_MANAGER_AWS_IDENTITY_PROVIDER_ARN") if identityProviderArn == "" { - return nil, fmt.Errorf("IDENTITY_PROVIDER_ARN_AWS environment variable is not set") + return nil, fmt.Errorf("MC_IAM_MANAGER_AWS_IDENTITY_PROVIDER_ARN environment variable is not set") } - roleArn := os.Getenv("IDENTITY_ROLE_ARN_AWS") + roleArn := os.Getenv("MC_IAM_MANAGER_AWS_IDENTITY_ROLE_ARN") if roleArn == "" { - return nil, fmt.Errorf("IDENTITY_ROLE_ARN_AWS environment variable is not set") + return nil, fmt.Errorf("MC_IAM_MANAGER_AWS_IDENTITY_ROLE_ARN environment variable is not set") } input := &sts.AssumeRoleWithWebIdentityInput{ diff --git a/src/service/keycloak_service.go b/src/service/keycloak_service.go index e48da252..4bd93c63 100644 --- a/src/service/keycloak_service.go +++ b/src/service/keycloak_service.go @@ -1539,8 +1539,8 @@ func (s *keycloakService) SetupPredefinedRoles(ctx context.Context, accessToken return fmt.Errorf("failed to get realm roles: %w", err) } - // PREDEFINED_PLATFORM_ROLE에 정의된 역할들이 없으면 생성 - predefinedRoles := strings.Split(os.Getenv("PREDEFINED_PLATFORM_ROLE"), ",") + // MC_IAM_MANAGER_PREDEFINED_PLATFORM_ROLE에 정의된 역할들이 없으면 생성 + predefinedRoles := strings.Split(os.Getenv("MC_IAM_MANAGER_PREDEFINED_PLATFORM_ROLE"), ",") for _, roleName := range predefinedRoles { roleName = strings.TrimSpace(roleName) if roleName == "" { diff --git a/src/service/menu_service.go b/src/service/menu_service.go index 2eba51a3..39aac637 100755 --- a/src/service/menu_service.go +++ b/src/service/menu_service.go @@ -372,7 +372,7 @@ func (s *MenuService) Delete(id string) error { } // LoadAndRegisterMenusFromYAML YAML 파일에서 메뉴를 로드하여 DB에 등록(Upsert) -// filePath 쿼리 파라미터가 없으면 .env의 MCWEBCONSOLE_MENUYAML URL에서 다운로드 시도 +// filePath 쿼리 파라미터가 없으면 .env의 MC_WEB_CONSOLE_MENUYAML URL에서 다운로드 시도 func (s *MenuService) LoadAndRegisterMenusFromYAML(filePath string) error { effectiveFilePath := filePath downloaded := false @@ -382,7 +382,7 @@ func (s *MenuService) LoadAndRegisterMenusFromYAML(filePath string) error { // Load .env file to get the URL (assuming .env is at project root) // .env path should be relative to project root when running the binary util.LoadEnvFiles() - menuURL := os.Getenv("MCWEBCONSOLE_MENUYAML") + menuURL := os.Getenv("MC_WEB_CONSOLE_MENUYAML") // Default local path relative to project root assetPath := util.GetAssetPath() @@ -427,13 +427,13 @@ func (s *MenuService) LoadAndRegisterMenusFromYAML(filePath string) error { } } } else if menuURL != "" { - // If MCWEBCONSOLE_MENUYAML is set but not a URL, assume it's a local path relative to project root - fmt.Printf("Using local menu YAML path from MCWEBCONSOLE_MENUYAML: %s\n", menuURL) + // If MC_WEB_CONSOLE_MENUYAML is set but not a URL, assume it's a local path relative to project root + fmt.Printf("Using local menu YAML path from MC_WEB_CONSOLE_MENUYAML: %s\n", menuURL) // Assuming menuURL is relative to project root: effectiveFilePath = menuURL // Use the path directly } else { - // If MCWEBCONSOLE_MENUYAML is not set, use the default local path - fmt.Printf("MCWEBCONSOLE_MENUYAML not set or invalid URL, using default local path: %s\n", defaultLocalPath) + // If MC_WEB_CONSOLE_MENUYAML is not set, use the default local path + fmt.Printf("MC_WEB_CONSOLE_MENUYAML not set or invalid URL, using default local path: %s\n", defaultLocalPath) effectiveFilePath = defaultLocalPath } } @@ -551,7 +551,7 @@ func (s *MenuService) InitializeMenuPermissionsFromCSV(filePath string) error { if effectiveFilePath == "" { // Load .env file to get the URL (assuming .env is at project root) util.LoadEnvFiles() - permissionURL := os.Getenv("MCWEBCONSOLE_PERMISSIONCSV") + permissionURL := os.Getenv("MC_WEB_CONSOLE_MENU_PERMISSIONS") // Default local path relative to project root assetPath := util.GetAssetPath() diff --git a/src/service/project_service.go b/src/service/project_service.go index 798593c1..cb29f249 100644 --- a/src/service/project_service.go +++ b/src/service/project_service.go @@ -72,10 +72,10 @@ func (s *ProjectService) Create(ctx context.Context, project *model.Project, wor log.Printf("Validated specified workspace: %s (ID: %d)", targetWorkspace.Name, targetWorkspace.ID) } else { // No workspace specified, use default - defaultWsName := os.Getenv("DEFAULT_WORKSPACE_NAME") + defaultWsName := os.Getenv("MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME") if defaultWsName == "" { defaultWsName = "default" - log.Printf("DEFAULT_WORKSPACE_NAME not set in environment, using default value: %s", defaultWsName) + log.Printf("MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME not set in environment, using default value: %s", defaultWsName) } log.Printf("Using default workspace name: %s", defaultWsName) targetWorkspace, err = s.workspaceRepo.FindWorkspaceByName(defaultWsName) @@ -357,10 +357,10 @@ func (s *ProjectService) SyncProjectsWithInfraManager(ctx context.Context) error log.Printf("Found %d projects assigned to at least one workspace.", len(assignedProjectMap)) // Get default workspace ID once - defaultWsName := os.Getenv("DEFAULT_WORKSPACE_NAME") + defaultWsName := os.Getenv("MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME") if defaultWsName == "" { defaultWsName = "default" - log.Printf("DEFAULT_WORKSPACE_NAME not set in environment, using default value: %s", defaultWsName) + log.Printf("MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME not set in environment, using default value: %s", defaultWsName) } log.Printf("Using workspace name: %s", defaultWsName) defaultWs, err := s.workspaceRepo.FindWorkspaceByName(defaultWsName) @@ -643,7 +643,7 @@ func (s *ProjectService) CreateProject(project *model.Project) error { } // 기본 워크스페이스 조회 - defaultWorkspace, err := s.workspaceRepo.FindWorkspaceByName(os.Getenv("DEFAULT_WORKSPACE_NAME")) + defaultWorkspace, err := s.workspaceRepo.FindWorkspaceByName(os.Getenv("MC_IAM_MANAGER_DEFAULT_WORKSPACE_NAME")) if err != nil { return fmt.Errorf("기본 워크스페이스를 찾을 수 없습니다: %v", err) } From f7b610edf390b8c88fd0794382002c7c19694189 Mon Sep 17 00:00:00 2001 From: dogfootman Date: Fri, 22 May 2026 16:34:52 +0000 Subject: [PATCH 2/9] feat: add installAll.sh bootstrap for standalone docker operation Introduces installAll.sh at repo root to provide the same bootstrap UX as mc-admin-cli (env sync, preset scripts, docker compose up, container health monitoring) without requiring the mcc Go binary. Key changes: - installAll.sh: supports -m dev|prod, -d , -r log|background|skip flags; replaces `mcc infra run` with direct `docker compose` calls; EXPECTED_CONTAINERS updated to the 13 services in this repo - .env.setup: add COMPOSE_PROJECT_NAME=mc-iam-manager to pin project name - Dockerfile.mciammanager: narrow COPY asset to explicit subdirs (mcmpapi/menu/organization), excluding the now-removed asset/setup/ - asset/setup/: removed (superseded by canonical conf/mc-iam-manager/ scripts) - DOCKER_README.md: rewritten to reflect current service list and new installAll.sh entrypoint; removes stale references to 0_preset_create_nginx_conf.sh and docker-compose.all.yaml --- .env.setup | 1 + DOCKER_README.md | 249 ++++---- Dockerfile.mciammanager | 6 +- asset/setup/0_preset_dev.sh | 132 ---- asset/setup/0_preset_prod.sh | 74 --- asset/setup/1_setup_auto.sh | 479 --------------- asset/setup/1_setup_manual.sh | 258 -------- asset/setup/actors.md | 113 ---- .../setup/presetup/nginx/nginx.template.conf | 139 ----- asset/setup/test-result-uc14.md | 281 --------- asset/setup/usecases.md | 155 ----- installAll.sh | 565 ++++++++++++++++++ 12 files changed, 696 insertions(+), 1756 deletions(-) delete mode 100755 asset/setup/0_preset_dev.sh delete mode 100755 asset/setup/0_preset_prod.sh delete mode 100755 asset/setup/1_setup_auto.sh delete mode 100755 asset/setup/1_setup_manual.sh delete mode 100755 asset/setup/actors.md delete mode 100644 asset/setup/presetup/nginx/nginx.template.conf delete mode 100644 asset/setup/test-result-uc14.md delete mode 100755 asset/setup/usecases.md create mode 100755 installAll.sh diff --git a/.env.setup b/.env.setup index dd7bf25d..b46a3103 100644 --- a/.env.setup +++ b/.env.setup @@ -1,4 +1,5 @@ # Common Use case +COMPOSE_PROJECT_NAME=mc-iam-manager HEALTH_CHECK_INTERVAL=1m HEALTH_CHECK_TIMEOUT=5s HEALTH_CHECK_RETRIES=3 diff --git a/DOCKER_README.md b/DOCKER_README.md index 55095f10..a3fa989f 100644 --- a/DOCKER_README.md +++ b/DOCKER_README.md @@ -2,28 +2,37 @@ ## 개요 -이 문서는 M-CMP IAM Manager를 Docker 환경에서 배포하는 방법을 단계별로 안내합니다. +이 문서는 M-CMP IAM Manager를 Docker 환경에서 단독으로 배포하는 방법을 단계별로 안내합니다. 시스템은 Keycloak 인증, PostgreSQL 데이터베이스, Nginx 리버스 프록시, 그리고 SSL 인증서 관리를 포함합니다. -## 시스템 요구사항 +--- -### 필수 조건 -- Ubuntu 22.04 LTS (외부 접근 가능) -- Docker Engine 24.0+ -- Docker Compose v2 -- 도메인 이름 (예: example.com) -- SSL 인증서 발급용 이메일 주소 -- 방화벽에서 다음 포트 허용: - - HTTP (80) - - HTTPS (443) - - SSH (22) +## 빠른 시작 (권장) -### 네트워크 요구사항 -- 외부에서 접근 가능한 공인 IP -- 도메인 DNS 설정 완료 -- 80/443 포트 외부 접근 허용 +`installAll.sh`는 초기 환경 부트스트랩부터 컨테이너 기동·모니터링까지 한 번에 처리합니다. -## 설치 및 배포 과정 +```bash +# 로컬 PC (plain HTTP) +./installAll.sh -m dev -d localhost -r background + +# 원격 VM (self-signed HTTPS) +./installAll.sh -m dev -d -r background + +# 운영 도메인 (Let's Encrypt HTTPS) +./installAll.sh -m prod -d iam.example.com -r background + +# 옵션 없이 실행하면 대화형 모드 +./installAll.sh +``` + +옵션 설명: +- `-m dev|prod` : 개발(self-signed cert) / 운영(Let's Encrypt) 모드 +- `-d ` : 공개 도메인 또는 IP (`localhost` 기본값) +- `-r log|background|skip` : 서비스 기동 방식 + +--- + +## 수동 설치 (단계별) ### 1단계: Docker 설치 @@ -58,116 +67,104 @@ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin # Docker 서비스 시작 및 활성화 sudo systemctl start docker sudo systemctl enable docker - -# 설치 확인 -sudo docker run hello-world ``` ### 2단계: 환경 설정 -프로젝트 환경 변수를 설정합니다. - ```bash -# 환경 설정 파일 복사 -cp .env_sample .env +# .env.setup을 복사해 .env 생성 +cp .env.setup .env -# 환경 변수 편집 +# 필수 환경 변수 편집 nano .env ``` 주요 설정 항목: -- `DOMAIN_NAME`: 도메인 이름 (예: mciam.onecloudcon.com) -- `EMAIL`: SSL 인증서 발급용 이메일 -- `MCIAMMANAGER_PORT`: 애플리케이션 포트 (기본값: 3000) -- `KEYCLOAK_ADMIN`: Keycloak 관리자 계정 -- `KEYCLOAK_ADMIN_PASSWORD`: Keycloak 관리자 비밀번호 +- `MC_IAM_MANAGER_PUBLIC_DOMAIN`: 공개 도메인 또는 IP +- `MC_IAM_MANAGER_CERT_EMAIL`: SSL 인증서 발급용 이메일 (prod 모드) +- `MC_IAM_MANAGER_PORT`: 애플리케이션 포트 (기본값: 5005) +- `MC_IAM_MANAGER_KEYCLOAK_ADMIN`: Keycloak 관리자 계정 +- `MC_IAM_MANAGER_KEYCLOAK_ADMIN_PASSWORD`: Keycloak 관리자 비밀번호 +- `MC_IAM_MANAGER_PLATFORMADMIN_ID/PASSWORD`: MCMP 플랫폼 관리자 계정 -### 3단계: SSL 인증서 발급 +### 3단계: Nginx 설정 생성 -Let's Encrypt를 사용하여 SSL 인증서를 발급합니다. +모드에 따라 nginx.conf와 인증서를 생성합니다. ```bash -# SSL 인증서 발급 -sudo docker compose -f docker-compose.cert.yaml up -``` - -성공적인 인증서 발급 시 다음과 같은 메시지가 표시됩니다: - -``` -mcmp-certbot | Requesting a certificate for mciam.onecloudcon.com -mcmp-certbot | Successfully received certificate. -mcmp-certbot | Certificate is saved at: /etc/letsencrypt/live/mciam.onecloudcon.com/fullchain.pem -mcmp-certbot | Key is saved at: /etc/letsencrypt/live/mciam.onecloudcon.com/privkey.pem -mcmp-certbot | This certificate expires on 2025-10-20. +# dev 모드 (self-signed 인증서) +cd conf/mc-iam-manager/ +./0_preset_dev.sh +cd - + +# prod 모드 (먼저 Let's Encrypt 인증서 발급 후 nginx 설정) +docker compose -f docker-compose.cert.yaml --env-file .env up +cd conf/mc-iam-manager/ +./0_preset_prod.sh +cd - ``` -### 4단계: Nginx 설정 생성 +생성되는 파일: `container-volume/mc-iam-manager/nginx/nginx.conf` -환경 변수를 기반으로 Nginx 설정 파일을 생성합니다. +### 4단계: 시스템 배포 ```bash -# Nginx 설정 스크립트 실행 -./asset/setup/0_preset_create_nginx_conf.sh -``` - -생성된 파일: `dockerfiles/nginx/nginx.conf` - -### 5단계: 시스템 배포 - -전체 시스템을 배포합니다. +# 백그라운드 실행 +docker compose --env-file .env up -d -```bash -# 전체 시스템 배포 -sudo docker compose -f docker-compose.all.yaml up -d +# 포그라운드 실행 (로그 실시간 확인) +docker compose --env-file .env up ``` +--- + ## 배포 확인 ### 서비스 상태 확인 ```bash # 컨테이너 상태 확인 -sudo docker ps +docker compose ps # 서비스 로그 확인 -sudo docker compose -f docker-compose.all.yaml logs -f +docker compose logs -f + +# 특정 서비스 로그 +docker compose logs -f mc-iam-manager ``` ### 정상 배포 확인 사항 #### PostgreSQL 정상 배포 ``` -mciam-postgres | database system is ready to accept connections +mc-iam-manager-db | database system is ready to accept connections ``` #### Keycloak 정상 배포 ``` -mciam-keycloak | Keycloak 24.0.1 on JVM (powered by Quarkus 3.8.1) started in 17.266s. Listening on: http://0.0.0.0:8080 -mciam-keycloak | Added user 'admin' to realm 'master' +mc-iam-manager-kc | Keycloak 24.0.1 on JVM (powered by Quarkus 3.8.1) started in 17.266s. ``` #### IAM Manager 정상 배포 ``` -mciam-manager | High performance, minimalist Go web framework -mciam-manager | https://echo.labstack.com -mciam-manager | http server started on [::]:3000 -``` - -#### Nginx 정상 배포 -``` -mciam-nginx | Configuration complete; ready for start up +mc-iam-manager | http server started on [::]:5005 ``` ### 접속 테스트 ```bash -# HTTPS 접속 테스트 -curl -k https://your-domain.com/readyz +# readyz 엔드포인트 확인 +curl http://localhost:5005/readyz + +# HTTPS (self-signed 또는 prod) +curl -k https:///readyz -# HTTP에서 HTTPS 리다이렉트 테스트 -curl -I http://your-domain.com +# Keycloak admin console +open http://localhost:8080/admin/ ``` +--- + ## 시스템 아키텍처 ``` @@ -176,81 +173,87 @@ Internet v [Nginx Reverse Proxy] (Port 80/443) | - +---> [IAM Manager] (Port 3000) + +---> [mc-iam-manager] (Port 5005) | - +---> [Keycloak] (Port 8080) + +---> [mc-iam-manager-kc / Keycloak] (Port 8080) | - +---> [PostgreSQL] (Port 5432) + +---> [mc-iam-manager-db / PostgreSQL] (Port 15432) ``` -### 서비스 구성 -- **Nginx**: 리버스 프록시, SSL 종료, 정적 파일 서빙 -- **IAM Manager**: 메인 애플리케이션 (Echo Framework) -- **Keycloak**: 인증 및 권한 관리 -- **PostgreSQL**: 데이터베이스 -- **Certbot**: SSL 인증서 자동 발급/갱신 +### 서비스 구성 (docker-compose.yaml 기준 전체 서비스) + +| 서비스 | 역할 | 포트 | +|---|---|---| +| mc-infra-connector | CB-Spider (CSP 연동) | 1024 | +| mc-infra-manager | CB-Tumblebug (인프라 관리) | 1323 | +| mc-infra-manager-etcd | etcd | 2379/2380 | +| mc-infra-manager-postgres | Tumblebug DB | 6432 | +| mc-infra-manager-openbao | Vault 호환 시크릿 관리 | 8200 | +| mc-iam-manager | IAM 앱 (Echo Framework) | 5005 | +| mc-iam-manager-db | IAM/Keycloak 공유 PostgreSQL | 15432 | +| mc-iam-manager-kc | Keycloak | 8080 | +| mc-iam-manager-nginx | 리버스 프록시 | 80/443 | +| mc-iam-manager-post-initial | 초기화 컨테이너 (실행 후 종료) | - | +| mc-web-console-db | 웹 콘솔 DB | 15433 | +| mc-web-console-api | 웹 콘솔 API | 3000 | +| mc-web-console-front | 웹 콘솔 프론트엔드 | 3001 | + +--- ## 문제 해결 -### 일반적인 문제 +### 인증서 발급 실패 +- 도메인 DNS 설정 및 80번 포트 외부 접근 가능 여부 확인 +- 이메일 주소 유효성 확인 (`MC_IAM_MANAGER_CERT_EMAIL`) -#### Docker 서비스 시작 실패 +### Nginx 설정 오류 ```bash -sudo systemctl start docker -sudo systemctl status docker +docker exec mc-iam-manager-nginx nginx -t ``` -#### 인증서 발급 실패 -- 도메인 DNS 설정 확인 -- 80번 포트 외부 접근 가능 여부 확인 -- 이메일 주소 유효성 확인 - -#### Nginx 설정 오류 +### Keycloak 헬스체크 실패 ```bash -# Nginx 설정 문법 검사 -sudo docker exec mciam-nginx nginx -t +docker logs mc-iam-manager-kc ``` +PostgreSQL 연결 상태 및 환경 변수(`MC_IAM_MANAGER_KEYCLOAK_*`) 확인 -#### Keycloak 헬스체크 실패 -- PostgreSQL 연결 상태 확인 -- Keycloak 로그 확인 -- 환경 변수 설정 확인 - -### 로그 확인 +### mc-iam-manager-post-initial 초기화 재실행 +post-initial 컨테이너는 IAM/Keycloak이 healthy 상태일 때 자동으로 초기화를 수행합니다. +실패한 경우 다음으로 재실행: ```bash -# 특정 서비스 로그 확인 -sudo docker compose -f docker-compose.all.yaml logs [service-name] - -# 실시간 로그 모니터링 -sudo docker compose -f docker-compose.all.yaml logs -f [service-name] +docker compose up mc-iam-manager-post-initial ``` -## 유지보수 +--- -### 인증서 갱신 -Let's Encrypt 인증서는 90일마다 갱신이 필요합니다. +## 유지보수 +### 서비스 중지 및 재시작 ```bash -# 수동 갱신 -sudo docker compose -f docker-compose.cert.yaml run --rm mcmp-certbot renew +# 정지 (볼륨 보존) +docker compose stop -# 자동 갱신 설정 (cron) -0 12 * * * /usr/bin/docker compose -f /path/to/docker-compose.cert.yaml run --rm mcmp-certbot renew +# 재시작 +docker compose start + +# 완전 삭제 (볼륨 포함) +docker compose down -v +sudo rm -rf container-volume ``` -### 백업 +### 인증서 갱신 (prod 모드) ```bash -# PostgreSQL 데이터 백업 -sudo docker exec mciam-postgres pg_dump -U iammanager iammanagerdb > backup.sql - -# Keycloak 데이터 백업 -sudo tar -czf keycloak-backup.tar.gz dockercontainer-volume/keycloak/ +docker compose -f docker-compose.cert.yaml run --rm mcmp-certbot renew ``` ### 업데이트 ```bash -# 이미지 업데이트 -sudo docker compose -f docker-compose.all.yaml pull -sudo docker compose -f docker-compose.all.yaml up -d +docker compose pull +docker compose up -d ``` + +### env 변수 추가 시 + +신규 변수는 `.env.setup`과 `.env_sample`에 동시에 추가하세요. +`installAll.sh` 재실행 시 `sync_missing_env_vars`가 기존 `.env`에 누락 변수를 자동으로 append합니다. diff --git a/Dockerfile.mciammanager b/Dockerfile.mciammanager index bc12ad38..023f2513 100644 --- a/Dockerfile.mciammanager +++ b/Dockerfile.mciammanager @@ -16,8 +16,10 @@ RUN go mod download # Copy the contents of the src directory COPY src/ ./ -# Copy asset directory from project root -COPY asset ./asset +# Copy required asset subdirectories (asset/setup/ excluded) +COPY asset/mcmpapi ./asset/mcmpapi +COPY asset/menu ./asset/menu +COPY asset/organization ./asset/organization # Build the application statically # Output binary to /mc-iam-manager diff --git a/asset/setup/0_preset_dev.sh b/asset/setup/0_preset_dev.sh deleted file mode 100755 index 22d9976e..00000000 --- a/asset/setup/0_preset_dev.sh +++ /dev/null @@ -1,132 +0,0 @@ -#!/bin/bash - -# 템플릿 파일에서 환경변수를 .env 파일의 값으로 대치하는 스크립트 - -# 스크립트 실행 디렉토리 확인 -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")" - -# .env 파일 경로 -ENV_FILE="$PROJECT_ROOT/.env" - - -# 인증서 파일 생성할 경로 (Let's Encrypt 구조와 동일) -CERT_PARENT_DIR="$PROJECT_ROOT/dockercontainer-volume" # dockercontainer-volume 디렉토리 - -# --- 3. 필요한 디렉토리 생성 (Let's Encrypt 구조와 동일) --- -echo "Creating necessary directories..." - -# dockercontainer-volume 디렉토리 먼저 생성 -mkdir -p "${CERT_PARENT_DIR}" || { echo "Error: Failed to create ${CERT_PARENT_DIR}"; exit 1; } - - -# 템플릿 파일 경로 -TEMPLATE_FILE="$PROJECT_ROOT/asset/setup/presetup/nginx/nginx.template.conf" - -# 출력 파일 경로 -OUTPUT_FILE="$PROJECT_ROOT/dockerfiles/nginx/nginx.conf" - -# .env 파일 존재 확인 -if [ ! -f "$ENV_FILE" ]; then - echo "오류: .env 파일을 찾을 수 없습니다: $ENV_FILE" - exit 1 -fi - -# 템플릿 파일 존재 확인 -if [ ! -f "$TEMPLATE_FILE" ]; then - echo "오류: nginx 템플릿 파일을 찾을 수 없습니다: $TEMPLATE_FILE" - exit 1 -fi - -# .env 파일을 안전하게 로드 -echo "환경변수를 로드합니다..." - -# .env 파일에서 필요한 변수들을 직접 읽어오기 (줄바꿈 문자 제거) -DOMAIN_NAME=$(grep "^DOMAIN_NAME=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | tr -d '\r' | xargs) -MC_IAM_MANAGER_PORT=$(grep "^MC_IAM_MANAGER_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | tr -d '\r' | xargs) - -echo "읽어온 환경변수:" -echo " DOMAIN_NAME: $DOMAIN_NAME" -echo " MC_IAM_MANAGER_PORT: $MC_IAM_MANAGER_PORT" - -# DOMAIN_NAME을 읽은 후 CERT_DIR 정의 -CERT_DIR="${CERT_PARENT_DIR}/certs/live/${DOMAIN_NAME}" # Let's Encrypt 구조와 동일한 인증서 저장 경로 - -# Let's Encrypt 구조와 동일한 certs/live/도메인명 디렉토리 생성 -mkdir -p "${CERT_DIR}" || { echo "Error: Failed to create ${CERT_DIR}"; exit 1; } - - -## 로컬환경(인증서) 설정 -# --- 3. hosts 파일에 도메인 추가 (관리자 권한 필요) --- -HOSTS_FILE="/etc/hosts" # hosts 파일 경로 (macOS/Linux 기준) -echo "Adding ${DOMAIN_NAME} to ${HOSTS_FILE}..." -if grep -q "127.0.0.1 ${DOMAIN_NAME}" "${HOSTS_FILE}"; then - echo "${DOMAIN_NAME} already exists in ${HOSTS_FILE}. Skipping." -else - # hosts 파일에 추가 (sudo 권한 필요) - # macOS/Linux에서 이 스크립트를 직접 실행 시 sudo로 실행해야 합니다. - echo "127.0.0.1 ${DOMAIN_NAME}" | sudo tee -a "${HOSTS_FILE}" > /dev/null - if [ $? -eq 0 ]; then - echo "${DOMAIN_NAME} added successfully to ${HOSTS_FILE}." - else - echo "Failed to add ${DOMAIN_NAME} to ${HOSTS_FILE}. Please run this script with sudo or manually add it." - echo "Manual step: Add '127.0.0.1 ${DOMAIN_NAME}' to ${HOSTS_FILE}" - fi -fi - - -# --- 4. Self-Signed Certificate 생성 --- -echo "Generating Self-Signed Certificate for ${DOMAIN_NAME}... ${CERT_DIR}" - -# 기존 인증서 삭제 (새로 발급하기 위해) -if [ -f "${CERT_DIR}/privkey.pem" ]; then - echo "Removing existing certificate files..." - rm "${CERT_DIR}/privkey.pem" "${CERT_DIR}/fullchain.pem" 2>/dev/null -fi - -openssl genrsa -out "${CERT_DIR}/privkey.pem" 2048 -openssl req -new -key "${CERT_DIR}/privkey.pem" -out "${CERT_DIR}/csr.pem" -subj "/CN=${DOMAIN_NAME}" -openssl x509 -req -days 365 -in "${CERT_DIR}/csr.pem" -signkey "${CERT_DIR}/privkey.pem" -out "${CERT_DIR}/fullchain.pem" -rm "${CERT_DIR}/csr.pem" # CSR 파일 제거 - -if [ -f "${CERT_DIR}/fullchain.pem" ]; then - echo "Self-Signed Certificate generated successfully at ${CERT_DIR}." -else - echo "Failed to generate Self-Signed Certificate." - exit 1 -fi - - - -# 출력 디렉토리 생성 -OUTPUT_DIR="$(dirname "$OUTPUT_FILE")" -mkdir -p "$OUTPUT_DIR" - -echo "nginx 설정 파일을 생성합니다..." -echo "템플릿: $TEMPLATE_FILE" -echo "출력: $OUTPUT_FILE" - - -# 템플릿 파일을 복사하고 환경변수 대치 -cp "$TEMPLATE_FILE" "$OUTPUT_FILE" - -# 환경변수 대치 (한 번에 처리) -if [ -n "$DOMAIN_NAME" ] && [ -n "$MC_IAM_MANAGER_PORT" ]; then - # 템플릿 파일을 복사하고 환경변수를 한 번에 대치 - sed -e "s/\${DOMAIN_NAME}/$DOMAIN_NAME/g" \ - -e "s/\${PORT}/$MC_IAM_MANAGER_PORT/g" \ - "$TEMPLATE_FILE" > "$OUTPUT_FILE" - echo "✓ DOMAIN_NAME 대치 완료: $DOMAIN_NAME" - echo "✓ PORT 대치 완료: $MC_IAM_MANAGER_PORT" -else - echo "경고: DOMAIN_NAME 또는 MC_IAM_MANAGER_PORT 환경변수가 설정되지 않았습니다." - # 환경변수가 없으면 템플릿 파일을 그대로 복사 - cp "$TEMPLATE_FILE" "$OUTPUT_FILE" -fi - -echo "nginx 설정 파일 생성이 완료되었습니다: $OUTPUT_FILE" - -# 생성된 파일의 내용 확인 (선택사항) -echo "" -echo "=== 생성된 nginx.conf 파일 내용 ===" -cat "$OUTPUT_FILE" diff --git a/asset/setup/0_preset_prod.sh b/asset/setup/0_preset_prod.sh deleted file mode 100755 index 041d40ec..00000000 --- a/asset/setup/0_preset_prod.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash - -# 템플릿 파일에서 환경변수를 .env 파일의 값으로 대치하는 스크립트 - -# 스크립트 실행 디렉토리 확인 -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")" - -# .env 파일 경로 -ENV_FILE="$PROJECT_ROOT/.env" - -# 템플릿 파일 경로 -TEMPLATE_FILE="$PROJECT_ROOT/asset/setup/presetup/nginx/nginx.template.conf" - -# 출력 파일 경로 -OUTPUT_FILE="$PROJECT_ROOT/dockerfiles/nginx/nginx.conf" - -# .env 파일 존재 확인 -if [ ! -f "$ENV_FILE" ]; then - echo "오류: .env 파일을 찾을 수 없습니다: $ENV_FILE" - exit 1 -fi - -# 템플릿 파일 존재 확인 -if [ ! -f "$TEMPLATE_FILE" ]; then - echo "오류: nginx 템플릿 파일을 찾을 수 없습니다: $TEMPLATE_FILE" - exit 1 -fi - -# 출력 디렉토리 생성 -OUTPUT_DIR="$(dirname "$OUTPUT_FILE")" -mkdir -p "$OUTPUT_DIR" - -echo "nginx 설정 파일을 생성합니다..." -echo "템플릿: $TEMPLATE_FILE" -echo "출력: $OUTPUT_FILE" - -# .env 파일을 안전하게 로드 -echo "환경변수를 로드합니다..." - -# .env 파일에서 필요한 변수들을 직접 읽어오기 -DOMAIN_NAME=$(grep "^DOMAIN_NAME=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs) -MC_IAM_MANAGER_PORT=$(grep "^MC_IAM_MANAGER_PORT=" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs) - -echo "읽어온 환경변수:" -echo " DOMAIN_NAME: $DOMAIN_NAME" -echo " MC_IAM_MANAGER_PORT: $MC_IAM_MANAGER_PORT" - -# 템플릿 파일을 복사하고 환경변수 대치 -cp "$TEMPLATE_FILE" "$OUTPUT_FILE" - -# 환경변수 대치 -# ${DOMAIN_NAME} 대치 -if [ -n "$DOMAIN_NAME" ]; then - sed -i "s/\${DOMAIN_NAME}/$DOMAIN_NAME/g" "$OUTPUT_FILE" - echo "✓ DOMAIN_NAME 대치 완료: $DOMAIN_NAME" -else - echo "경고: DOMAIN_NAME 환경변수가 설정되지 않았습니다." -fi - -# ${PORT} 대치 (MC_IAM_MANAGER_PORT 사용) -if [ -n "$MC_IAM_MANAGER_PORT" ]; then - sed -i "s/\${PORT}/$MC_IAM_MANAGER_PORT/g" "$OUTPUT_FILE" - echo "✓ PORT 대치 완료: $MC_IAM_MANAGER_PORT" -else - echo "경고: MC_IAM_MANAGER_PORT 환경변수가 설정되지 않았습니다." -fi - -echo "nginx 설정 파일 생성이 완료되었습니다: $OUTPUT_FILE" - -# 생성된 파일의 내용 확인 (선택사항) -echo "" -echo "=== 생성된 nginx.conf 파일 내용 ===" -cat "$OUTPUT_FILE" diff --git a/asset/setup/1_setup_auto.sh b/asset/setup/1_setup_auto.sh deleted file mode 100755 index 049ad199..00000000 --- a/asset/setup/1_setup_auto.sh +++ /dev/null @@ -1,479 +0,0 @@ -#!/bin/bash - -# Load .env from current directory or parent -if [ -f "../../.env" ]; then - source ../../.env -elif [ -f ".env" ]; then - source .env -else - echo "Warning: .env file not found, using defaults" -fi - -# 자동화된 설정 함수 -auto_setup() { - echo "=== Starting automated setup process ===" - - # 1. 플랫폼 어드민 초기화 - echo "Step 1: Initializing platform admin..." - init_platform_admin - if [ $? -ne 0 ]; then - echo "ERROR: Platform admin initialization failed" - return 1 - fi - echo "✓ Platform admin initialized successfully" - - # 2. 로그인 - echo "Step 2: Logging in..." - login - if [ $? -ne 0 ]; then - echo "ERROR: Login failed" - return 1 - fi - echo "✓ Login successful" - - # 3. 역할 데이터 초기화 - echo "Step 3: Initializing predefined roles..." - init_predefined_roles - if [ $? -ne 0 ]; then - echo "ERROR: Role initialization failed" - return 1 - fi - echo "✓ Predefined roles initialized successfully" - - # 4. 메뉴 데이터 초기화 - echo "Step 4: Initializing menu data..." - init_menu - if [ $? -ne 0 ]; then - echo "ERROR: Menu initialization failed" - return 1 - fi - echo "✓ Menu data initialized successfully" - - # 5. API 리소스 데이터 초기화 - echo "Step 5: Initializing API resources..." - init_api_resources - if [ $? -ne 0 ]; then - echo "ERROR: API resources initialization failed" - return 1 - fi - echo "✓ API resources initialized successfully" - - # 5-1. 프레임워크 서비스 URL 등록 (sync-projects 전 서비스 레지스트리 선행 등록) - echo "Step 5-1: Registering framework service URLs..." - register_framework_services - if [ $? -ne 0 ]; then - echo "ERROR: Framework service registration failed" - return 1 - fi - echo "✓ Framework services registered successfully" - - # 6. 프로젝트 동기화 - echo "Step 6: Syncing projects..." - sync_projects - if [ $? -ne 0 ]; then - echo "ERROR: Project sync failed" - return 1 - fi - echo "✓ Projects synced successfully" - - # 7. 워크스페이스-프로젝트 매핑 - echo "Step 7: Mapping workspace to all projects..." - map_workspace_projects - if [ $? -ne 0 ]; then - echo "ERROR: Workspace-project mapping failed" - return 1 - fi - echo "✓ Workspace-project mapping completed successfully" - - echo "=== Automated setup completed successfully ===" -} - -init_platform_admin() { - echo "Initializing platform admin..." - - # 환경 변수 사용 - json_data=$(jq -n \ - --arg email "$MC_IAM_MANAGER_PLATFORMADMIN_EMAIL" \ - --arg password "$MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD" \ - --arg username "$MC_IAM_MANAGER_PLATFORMADMIN_ID" \ - '{email: $email, password: $password, username: $username}') - - response=$(curl -s -X POST \ - --header 'Content-Type: application/json' \ - --data "$json_data" \ - "$MC_IAM_MANAGER_HOST/api/initial-admin") - - # 응답 검증 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to make request to platform admin API" - return 1 - fi - - echo "Platform admin initialization response: $response" - - # 성공 여부 확인 (응답에 에러가 없는지 확인) - if echo "$response" | jq -e '.error' > /dev/null 2>&1; then - echo "ERROR: Platform admin initialization failed" - return 1 - fi - - return 0 -} - -login() { - echo "Logging in with platform admin credentials from .env file..." - - # 환경 변수에서 플랫폼 어드민 정보 사용 - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ID" ] || [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD" ]; then - echo "ERROR: Platform admin credentials not found in .env file" - echo "Please check MC_IAM_MANAGER_PLATFORMADMIN_ID and MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD in .env" - return 1 - fi - - echo "Using platform admin ID: $MC_IAM_MANAGER_PLATFORMADMIN_ID" - - response=$(curl --location --silent --header 'Content-Type: application/json' --data '{ - "id":"'"$MC_IAM_MANAGER_PLATFORMADMIN_ID"'", - "password":"'"$MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD"'" - }' "$MC_IAM_MANAGER_HOST/api/auth/login") - - echo "Login response: $response" - - # 디버깅: jq가 설치되어 있는지 확인 - if ! command -v jq &> /dev/null; then - echo "ERROR: jq is not installed. Please install jq first." - return 1 - fi - - # 디버깅: 응답이 유효한 JSON인지 확인 - if ! echo "$response" | jq . > /dev/null 2>&1; then - echo "ERROR: Invalid JSON response" - echo "Raw response: $response" - return 1 - fi - - # 디버깅: access_token 필드가 있는지 확인 - if ! echo "$response" | jq -e '.access_token' > /dev/null 2>&1; then - echo "ERROR: access_token field not found in response" - echo "Available fields:" - echo "$response" | jq 'keys' - return 1 - fi - - MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN="$(echo "$response" | jq -r '.access_token')" - - # 디버깅: 토큰이 제대로 추출되었는지 확인 - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ] || [ "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" = "null" ]; then - echo "ERROR: Failed to extract access token" - echo "Extracted token: '$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN'" - return 1 - fi - - echo "Access token extracted successfully: ${MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN:0:20}..." - echo "Login successful" - return 0 -} - -init_predefined_roles() { - echo "Initializing platform roles..." - IFS=',' read -ra ROLES <<< "$PREDEFINED_ROLE" - for role in "${ROLES[@]}"; do - echo "Creating role: $role" - json_data=$(jq -n --arg name "$role" --arg description "$role Role" \ - '{name: $name, description: $description, role_types: ["workspace", "platform"]}') - response=$(curl -s -X POST \ - --header 'Content-Type: application/json' \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --data "$json_data" \ - "$MC_IAM_MANAGER_HOST/api/roles") - - # 응답 검증 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to create role: $role" - return 1 - fi - - echo "Response for role $role: $response" - - # 성공 여부 확인 - if echo "$response" | jq -e '.error' > /dev/null 2>&1; then - echo "ERROR: Failed to create role: $role" - return 1 - fi - done - echo "Platform roles initialized" - return 0 -} - -init_menu() { - echo "Initializing menu data..." - wget -q -O ./menu.yaml "$MCWEBCONSOLE_MENUYAML" - - # wget 성공 여부 확인 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to download menu.yaml" - return 1 - fi - - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/setup/initial-menus") - - # 응답 검증 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to initialize menu data" - return 1 - fi - - echo "Menu initialization response: $response" - - # 성공 여부 확인 - if echo "$response" | jq -e '.error' > /dev/null 2>&1; then - echo "ERROR: Menu initialization failed" - return 1 - fi - - echo "Menu data initialized" - return 0 -} - -init_api_resources() { - echo "Initializing API resources..." - wget -q -O ./api.yaml "$MCADMINCLI_APIYAML" - - # wget 성공 여부 확인 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to download api.yaml" - return 1 - fi - - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/setup/sync-mcmp-apis") - - # 응답 검증 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to initialize API resources" - return 1 - fi - - echo "API resources initialization response: $response" - - # 성공 여부 확인 - if echo "$response" | jq -e '.error' > /dev/null 2>&1; then - echo "ERROR: API resources initialization failed" - return 1 - fi - - echo "API resources initialized" - return 0 -} - -register_framework_services() { - echo "Registering framework service URLs to mcmp_api_services..." - - register_service() { - local name="$1" - local version="$2" - local base_url="$3" - local auth_type="${4:-none}" - local auth_user="${5:-}" - local auth_pass="${6:-}" - - json_data=$(jq -n \ - --arg name "$name" \ - --arg version "$version" \ - --arg baseUrl "$base_url" \ - --arg authType "$auth_type" \ - --arg authUser "$auth_user" \ - --arg authPass "$auth_pass" \ - --argjson isActive true \ - '{name: $name, version: $version, baseUrl: $baseUrl, authType: $authType, authUser: $authUser, authPass: $authPass, isActive: $isActive}') - - response=$(curl -s -w "HTTPSTATUS:%{http_code}" -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - --data "$json_data" \ - "$MC_IAM_MANAGER_HOST/api/mcmp-apis") - - http_code=$(echo $response | tr -d '\n' | sed -e 's/.*HTTPSTATUS://') - response_body=$(echo $response | sed -e 's/HTTPSTATUS\:.*//g') - - if [ "$http_code" = "201" ]; then - echo " ✓ Registered: $name ($base_url)" - elif [ "$http_code" = "409" ]; then - echo " ✓ Already registered: $name (skipped)" - else - echo " ✗ Failed to register $name (HTTP $http_code): $response_body" - return 1 - fi - return 0 - } - - INFRA_MANAGER_VERSION=$(grep -A1 "^ mc-infra-manager:" ./api.yaml 2>/dev/null | grep "version:" | awk '{print $2}' | tr -d '"') - INFRA_MANAGER_VERSION="${INFRA_MANAGER_VERSION:-0.12.6}" - - register_service "mc-infra-manager" "$INFRA_MANAGER_VERSION" \ - "http://mc-infra-manager:${MC_INFRA_MANAGER_PORT:-1323}/tumblebug" \ - "basic" "$MC_INFRA_MANAGER_API_USERNAME" "$MC_INFRA_MANAGER_API_PASSWORD" - if [ $? -ne 0 ]; then - return 1 - fi - - echo "Framework service registration completed" - return 0 -} - -init_cloud_resources() { - echo "Initializing cloud resources..." - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: multipart/form-data' \ - --form "file=@./cloud-resource.yaml" \ - "$MC_IAM_MANAGER_HOST/api/resource/file/framework/all") - echo "Cloud resources initialization response: $response" - echo "Cloud resources initialized" -} - -map_api_cloud_resources() { - echo "Mapping API-Cloud resources..." - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/resource/mapping/api-cloud") - echo "API-Cloud resources mapping response: $response" - echo "API-Cloud resources mapping completed" -} - - -map_workspace_csp_roles() { - echo "Mapping workspace roles to CSP IAM roles..." - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/workspace-roles/csp-mapping") - echo "Workspace-CSP role mapping response: $response" - echo "Workspace-CSP role mapping completed" -} - - -sync_projects() { - echo "Syncing projects with mc-infra-manager..." - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/projects/sync") - - # 응답 검증 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to sync projects" - return 1 - fi - - echo "Project sync response: $response" - - # 성공 여부 확인 - if echo "$response" | jq -e '.error' > /dev/null 2>&1; then - echo "ERROR: Project sync failed" - return 1 - fi - - echo "Project sync completed" - return 0 -} - -map_workspace_projects() { - echo "Getting workspace list..." - - # 워크스페이스 목록 가져오기 - workspace_response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - --data '{}' \ - "$MC_IAM_MANAGER_HOST/api/workspaces/list") - - # 응답 검증 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to get workspace list" - return 1 - fi - - echo "Workspace list response: $workspace_response" - - # 첫 번째 워크스페이스 ID 추출 - workspace_id=$(echo "$workspace_response" | jq -r '.[0].id // empty') - - if [ -z "$workspace_id" ] || [ "$workspace_id" = "null" ]; then - echo "ERROR: No workspace found or failed to extract workspace ID" - return 1 - fi - - echo "Using workspace ID: $workspace_id" - - # 프로젝트 목록 가져오기 - echo "Getting project list..." - project_response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - --data '{}' \ - "$MC_IAM_MANAGER_HOST/api/projects/list") - - # 응답 검증 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to get project list" - return 1 - fi - - echo "Project list response: $project_response" - - # 모든 프로젝트 ID 추출 - project_ids=$(echo "$project_response" | jq -r '[.[].id]') - - if [ -z "$project_ids" ] || [ "$project_ids" = "[]" ]; then - echo "WARNING: No projects found to assign to workspace" - return 0 - fi - - echo "Found project IDs: $project_ids" - - # 워크스페이스에 모든 프로젝트 매핑 - json_data=$(jq -n --arg workspace_id "$workspace_id" --argjson project_ids "$project_ids" \ - '{workspaceId: $workspace_id, projectIds: $project_ids}') - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - --data "$json_data" \ - "$MC_IAM_MANAGER_HOST/api/workspaces/assign/projects") - - # 응답 검증 - if [ $? -ne 0 ]; then - echo "ERROR: Failed to map workspace to projects" - return 1 - fi - - echo "Workspace-Project mapping response: $response" - - # 성공 여부 확인 - if echo "$response" | jq -e '.error' > /dev/null 2>&1; then - echo "ERROR: Workspace-project mapping failed" - return 1 - fi - - echo "Workspace-Project mapping completed for workspace ID: $workspace_id" - return 0 -} - -# 자동 설정 실행 -echo "Starting automated setup process..." -auto_setup - -# 자동 설정 완료 후 종료 -if [ $? -eq 0 ]; then - echo "Setup completed successfully!" - exit 0 -else - echo "Setup failed with errors!" - exit 1 -fi \ No newline at end of file diff --git a/asset/setup/1_setup_manual.sh b/asset/setup/1_setup_manual.sh deleted file mode 100755 index 378a80bf..00000000 --- a/asset/setup/1_setup_manual.sh +++ /dev/null @@ -1,258 +0,0 @@ -#!/bin/bash - -source ../../.env - -init_platform_admin() { - echo "Initializing platform admin..." - - # 환경 변수 사용 - json_data=$(jq -n \ - --arg email "$MC_IAM_MANAGER_PLATFORMADMIN_EMAIL" \ - --arg password "$MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD" \ - --arg username "$MC_IAM_MANAGER_PLATFORMADMIN_ID" \ - '{email: $email, password: $password, username: $username}') - - response=$(curl -s -X POST \ - --header 'Content-Type: application/json' \ - --data "$json_data" \ - "$MC_IAM_MANAGER_HOST/api/initial-admin") - echo "Platform admin initialization response: $response" -} - -login() { - read -p "Enter the platformadmin ID: " MC_IAM_MANAGER_PLATFORMADMIN_ID - read -s -p "Enter the platformadmin password: " MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD - echo - response=$(curl --location --silent --header 'Content-Type: application/json' --data '{ - "id":"'"$MC_IAM_MANAGER_PLATFORMADMIN_ID"'", - "password":"'"$MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD"'" - }' "$MC_IAM_MANAGER_HOST/api/auth/login") - - echo "Login response: $response" - - # 디버깅: jq가 설치되어 있는지 확인 - if ! command -v jq &> /dev/null; then - echo "ERROR: jq is not installed. Please install jq first." - return 1 - fi - - # 디버깅: 응답이 유효한 JSON인지 확인 - if ! echo "$response" | jq . > /dev/null 2>&1; then - echo "ERROR: Invalid JSON response" - echo "Raw response: $response" - return 1 - fi - - # 디버깅: access_token 필드가 있는지 확인 - if ! echo "$response" | jq -e '.access_token' > /dev/null 2>&1; then - echo "ERROR: access_token field not found in response" - echo "Available fields:" - echo "$response" | jq 'keys' - return 1 - fi - - MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN="$(echo "$response" | jq -r '.access_token')" - - # 디버깅: 토큰이 제대로 추출되었는지 확인 - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ] || [ "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" = "null" ]; then - echo "ERROR: Failed to extract access token" - echo "Extracted token: '$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN'" - return 1 - fi - - echo "Access token extracted successfully: ${MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN:0:20}..." - echo "Login successful" -} - -init_predefined_roles() { - echo "Initializing platform roles..." - IFS=',' read -ra ROLES <<< "$PREDEFINED_ROLE" - for role in "${ROLES[@]}"; do - echo "Creating role: $role" - json_data=$(jq -n --arg name "$role" --arg description "$role Role" \ - '{name: $name, description: $description, role_types: ["workspace", "platform"]}') - response=$(curl -s -X POST \ - --header 'Content-Type: application/json' \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --data "$json_data" \ - "$MC_IAM_MANAGER_HOST/api/roles") - echo "Response for role $role: $response" - done - echo "Platform roles initialized" -} - -init_menu() { - echo "Initializing menu data..." - wget -q -O ./menu.yaml "$MCWEBCONSOLE_MENUYAML" - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/setup/initial-menus") - echo "Menu initialization response: $response" - echo "Menu data initialized" -} - -init_api_resources() { - echo "Initializing API resources..." - wget -q -O ./api.yaml "$MCADMINCLI_APIYAML" - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/setup/sync-mcmp-apis") - echo "API resources initialization response: $response" - echo "API resources initialized" -} - -init_cloud_resources() { - echo "Initializing cloud resources..." - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: multipart/form-data' \ - --form "file=@./cloud-resource.yaml" \ - "$MC_IAM_MANAGER_HOST/api/resource/file/framework/all") - echo "Cloud resources initialization response: $response" - echo "Cloud resources initialized" -} - -map_api_cloud_resources() { - echo "Mapping API-Cloud resources..." - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/resource/mapping/api-cloud") - echo "API-Cloud resources mapping response: $response" - echo "API-Cloud resources mapping completed" -} - - -map_workspace_csp_roles() { - echo "Mapping workspace roles to CSP IAM roles..." - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/workspace-roles/csp-mapping") - echo "Workspace-CSP role mapping response: $response" - echo "Workspace-CSP role mapping completed" -} - - -sync_projects() { - echo "Syncing projects with mc-infra-manager..." - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - "$MC_IAM_MANAGER_HOST/api/projects/sync") - echo "Project sync response: $response" - echo "Project sync completed" -} - -map_workspace_projects() { - read -p "Enter workspace ID: " workspace_id - json_data=$(jq -n --arg workspace_id "$workspace_id" --arg all_projects "true" \ - '{workspace_id: $workspace_id, all_projects: $all_projects}') - response=$(curl -s -X POST \ - --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ - --header 'Content-Type: application/json' \ - --data "$json_data" \ - "$MC_IAM_MANAGER_HOST/api/workspaces/projects/mapping") - echo "Workspace-Project mapping response: $response" - echo "Workspace-Project mapping completed" -} - -while true; do - echo "Select an option:" - echo "0. Exit" - echo "1. Init Platform And PlatformAdmin" - echo "2. PlatformAdmin Login" - echo "3. Init Role Data" - echo "4. Init Menu Data" - echo "5. Init API Resource Data" - echo "6. Init Cloud Resource Data" - echo "7. Map API-Cloud Resources" - echo "8. Init Workspace Roles" - echo "9. Map Workspace-CSP Roles" - echo "10. Sync Projects" - echo "11. Map Workspace-All Projects" - - read -p "Enter your choice (0-8): " choice - - case $choice in - 0) - echo "Exiting..." - exit 0 - ;; - 1) - init_platform_admin - ;; - 2) - login - ;; - 3) - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ]; then - echo "Please login first (option 2)" - echo "Current token value: '$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN'" - else - init_predefined_roles - fi - ;; - 4) - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ]; then - echo "Please login first (option 2)" - echo "Current token value: '$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN'" - else - init_menu - fi - ;; - 5) - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ]; then - echo "Please login first (option 2)" - echo "Current token value: '$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN'" - else - init_api_resources - fi - ;; - 7) - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ]; then - echo "Please login first (option 2)" - echo "Current token value: '$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN'" - else - init_cloud_resources - fi - ;; - 8) - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ]; then - echo "Please login first (option 2)" - echo "Current token value: '$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN'" - else - map_api_cloud_resources - fi - ;; - 9) - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ]; then - echo "Please login first (option 2)" - echo "Current token value: '$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN'" - else - map_workspace_csp_roles - fi - ;; - 10) - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ]; then - echo "Please login first (option 1)" - else - sync_projects - fi - ;; - 11) - if [ -z "$MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" ]; then - echo "Please login first (option 1)" - else - map_workspace_projects - fi - ;; - *) - echo "Invalid option. Please try again." - ;; - esac - - echo -done \ No newline at end of file diff --git a/asset/setup/actors.md b/asset/setup/actors.md deleted file mode 100755 index a7bfeafe..00000000 --- a/asset/setup/actors.md +++ /dev/null @@ -1,113 +0,0 @@ -# test를 진행하기 위한 actor를 정의한다. - -* actor는 model/User 를 참조한다. 정의된 json이름을 사용한다. -* profile은 사전정의된 platformRole을 참조한다.(PREDEFINED_PLATFORM_ROLE=admin,operator,viewer,billadmin,billviewer) - -user profile1 : 관리자(admin) -- username : testadmin01 -- email : testadmin01@test.com -- firstname : ta -- lastname : 01 -- password : testadmin011111 - -user profile2 : 운영자(operator) -- username : testoperator01 -- email : testoperator01@test.com -- firstname : to -- lastname : 01 -- password : testoperator011111 - -user profile3 : 뷰어(viewer) -- username : testviewer01 -- email : testviewer01@test.com -- firstname : tv -- lastname : 01 -- password : testviewer011111 - -user profile4 : 재정관리자(billadmin) -- username : testbilladmin01 -- email : testbilladmin01@test.com -- firstname : tba -- lastname : 01 -- password : testbilladmin011111 - -user profile4 : 재정뷰어(billadmin) -- username : testbillviewer01 -- email : testbillviewer01@test.com -- firstname : tbv -- lastname : 01 -- password : testbillviewer011111 - -# test를 진행하기 위한 project를 정의한다. -project profile1 -- projectname : testprj01 -- projectdesc : testprj01 desc - -project profile2 -- projectname : testprj02 -- projectdesc : testprj02 desc - - -# test를 진행하기 위한 workspace를 정의한다. -workspace profile1 -- workspacename : testws01 -- workspacedesc : testws01 desc - -workspace profile2 -- workspacename : testws02 -- workspacedesc : testws02 desc - - -# test를 진행하기 위한 그룹용 사용자를 정의한다. - -user profile6 : 그룹관리자(org-admin) -- username : orgadmin01 -- email : orgadmin01@test.com -- firstname : oa -- lastname : 01 -- password : orgadmin011111 - -user profile7 : 그룹멤버1(org-member) -- username : orgmember01 -- email : orgmember01@test.com -- firstname : om -- lastname : 01 -- password : orgmember011111 - -user profile8 : 그룹멤버2(org-member) -- username : orgmember02 -- email : orgmember02@test.com -- firstname : om -- lastname : 02 -- password : orgmember021111 - - -# test를 진행하기 위한 그룹을 정의한다. - -# seed 그룹 (groups.yaml에서 로딩) -group profile1 (seed - root) -- name : MZC -- group_code : 01 -- description : M-CMP 최상위 그룹 - -group profile2 (seed - child) -- name : mc-iam-manager -- group_code : 0106 -- parent : MZC(01) - -group profile3 (seed - child) -- name : mc-infra-manager -- group_code : 0107 -- parent : MZC(01) - -# CRUD 테스트용 그룹 -group profile4 (create) -- name : TestOrg-Dev -- description : 개발팀 테스트 그룹 - -group profile5 (create - child) -- name : TestOrg-Dev-Backend -- description : 백엔드팀 테스트 그룹 -- parent : TestOrg-Dev - - diff --git a/asset/setup/presetup/nginx/nginx.template.conf b/asset/setup/presetup/nginx/nginx.template.conf deleted file mode 100644 index 83074c8e..00000000 --- a/asset/setup/presetup/nginx/nginx.template.conf +++ /dev/null @@ -1,139 +0,0 @@ -# Basic Nginx configuration for MC-IAM Manager - -worker_processes auto; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 768; -} - -http { - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - gzip on; - - # SSL 설정 - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - server { - listen 80; - server_name ${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}; - - # Nginx 자체 health check - location /nginx-health { - access_log off; - return 200 "nginx is healthy\n"; - add_header Content-Type text/plain; - } - - # Health check endpoint (HTTP에서 접근 가능) - location /health { - proxy_pass http://mc-iam-manager:${MC_IAM_MANAGER_PORT}/readyz; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - - # Health check용 타임아웃 설정 - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - } - - # HTTP to HTTPS 리다이렉트 - return 301 https://$server_name$request_uri; - - # ACME challenge location for Certbot (HTTP에서만 필요) - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } - } - - server { - listen 443 ssl; - http2 on; - server_name ${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}; - - ssl_certificate /etc/nginx/certs/live/${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}/fullchain.pem; - ssl_certificate_key /etc/nginx/certs/live/${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}/privkey.pem; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options DENY always; - add_header X-Content-Type-Options nosniff always; - add_header X-XSS-Protection "1; mode=block" always; - - # Nginx 자체 health check - location /nginx-health { - access_log off; - return 200 "nginx is healthy\n"; - add_header Content-Type text/plain; - } - - # Health check endpoint (HTTPS에서도 접근 가능) - location /health { - proxy_pass http://mc-iam-manager:${MC_IAM_MANAGER_PORT}/readyz; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - - # Health check용 타임아웃 설정 - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - } - - location / { - proxy_pass http://mc-iam-manager:${MC_IAM_MANAGER_PORT}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - - # 타임아웃 설정 - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - } - - location /auth/ { - proxy_pass http://mc-iam-manager-kc:${MC_IAM_MANAGER_KEYCLOAK_PORT}/auth/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - - # Keycloak Admin UI를 위한 헤더 설정 - proxy_hide_header X-Frame-Options; - add_header X-Frame-Options "SAMEORIGIN" always; - - # 타임아웃 설정 - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - } - } -} diff --git a/asset/setup/test-result-uc14.md b/asset/setup/test-result-uc14.md deleted file mode 100644 index d42b2d52..00000000 --- a/asset/setup/test-result-uc14.md +++ /dev/null @@ -1,281 +0,0 @@ -# usecase14 테스트 결과서 - -**기능**: 그룹 역할할당 (플랫폼 역할 + 워크스페이스 역할) -**테스트 일시**: 2026-03-04 -**테스트 환경**: mc-iam-manager-dev (localhost:5006), PostgreSQL, Keycloak - ---- - -## 기능별 통과 여부 Summary - -| # | 기능 | 항목 수 | 통과 | 실패 | 결과 | -|---|------|---------|------|------|------| -| 1 | 그룹에 platform role 할당 | 2 | 2 | 0 | ✅ PASS | -| 2 | 메뉴 자동 합산 확인 | 2 | 2 | 0 | ✅ PASS | -| 3 | 그룹에 workspace role 매핑 | 2 | 2 | 0 | ✅ PASS | -| 4 | 워크스페이스 매핑 조회 | 1 | 1 | 0 | ✅ PASS | -| 5 | 자동 접근 권한 + 우선순위 확인 | 1 | 1 | 0 | ✅ PASS | -| 6 | 매핑 역할 변경 | 2 | 2 | 0 | ✅ PASS | -| 7 | 매핑 제거 | 3 | 3 | 0 | ✅ PASS | -| 8 | platform role 해제 | 3 | 3 | 0 | ✅ PASS | -| - | **전체** | **16** | **16** | **0** | **✅ ALL PASS** | - ---- - -## 테스트 환경 및 사전 데이터 - -### Actor - -| Profile | Username | DB ID | 역할 | -|---------|----------|-------|------| -| profile1 (admin) | mcmp | 1 | platformAdmin | -| profile6 (org-admin) | orgadmin01 | 2 | operator | -| profile7 (org-member) | orgmember01 | 3 | viewer (개인) | -| profile8 (org-member) | orgmember02 | 4 | viewer | - -### 사전 데이터 - -| 리소스 | Name | DB ID | -|--------|------|-------| -| Group (profile2) | mc-iam-manager | 13 | -| Group (profile1) | MZC | 7 | -| Workspace (profile1) | testws01 | 2 | -| Platform Role | operator | 2 | -| Platform Role | viewer | 3 | - -### 사전 조건 (UC12, UC13 수행 완료) - -- orgmember01(3), orgmember02(4), orgadmin01(2) 사용자 생성 완료 -- orgmember01 = viewer 플랫폼 역할 개인 할당 완료 -- orgmember01, orgmember02, orgadmin01 → mc-iam-manager 그룹 소속 완료 -- orgadmin01 → MZC + mc-iam-manager 다중 소속 완료 - ---- - -## usecase14 상세 테스트 결과 - -### 1. 그룹에 platform role 할당 - -#### TC14-1-1: 그룹에 operator role 할당 - -- **요청**: `POST /api/groups/id/13/platform-roles` - ```json - { "role_id": 2 } - ``` -- **기대**: 201 Created, DB(mcmp_group_platform_roles) 저장, Keycloak AddRealmRoleToGroup 호출 -- **실제**: HTTP 201 - ```json - { "message": "그룹에 플랫폼 역할이 할당되었습니다." } - ``` -- **결과**: ✅ PASS - -#### TC14-1-2: 할당된 platform role 목록 조회 - -- **요청**: `GET /api/groups/id/13/platform-roles` -- **기대**: 200 OK, operator role 1건 반환 -- **실제**: HTTP 200 - ```json - [ - { - "group_id": 13, - "group_name": "mc-iam-manager", - "role_id": 2, - "role_name": "operator", - "created_at": "2026-03-04T..." - } - ] - ``` -- **결과**: ✅ PASS - ---- - -### 2. 메뉴 자동 합산 확인 - -#### TC14-2-1: orgmember01 로그인 후 JWT realm_access.roles 확인 - -- **조건**: orgmember01의 개인 platform role = viewer, mc-iam-manager 그룹의 platform role = operator -- **요청**: `POST /api/auth/login` (`id: orgmember01`) -- **기대**: JWT의 `realm_access.roles`에 operator 포함 (그룹 역할 자동 합산) -- **실제**: `realm_access.roles` = `['billviewer', 'operator']` - - operator: ✅ 포함 (그룹 역할 KC 자동 합산 동작) - - viewer: Keycloak 기존 사용자 상태로 인해 목록에 미반영 (사전 테스트 환경 잔존 데이터) -- **결과**: ✅ PASS (그룹 platform role → JWT 자동 합산 동작 확인) - -> **비고**: `billviewer`는 KC 테스트 환경 잔존 데이터. 신규 생성 사용자 기준으로 그룹 operator 역할이 JWT에 정상 포함됨. - -#### TC14-2-2: POST /api/users/menus-tree/list (합산 메뉴 조회) - -- **요청**: `POST /api/users/menus-tree/list` (orgmember01 토큰) -- **기대**: 200 OK (viewer+operator 합산 메뉴 반환) -- **실제**: HTTP 200, 메뉴 목록 반환 -- **결과**: ✅ PASS - ---- - -### 3. 그룹에 workspace role 매핑 - -#### TC14-3-1: 그룹-워크스페이스 매핑 생성 (viewer) - -- **요청**: `POST /api/groups/id/13/workspaces` - ```json - { "workspace_id": 2, "role_id": 3 } - ``` -- **기대**: 201 Created, DB(mcmp_group_workspace_roles) 저장 (Keycloak 미사용) -- **실제**: HTTP 201 - ```json - { "message": "그룹이 워크스페이스에 매핑되었습니다." } - ``` -- **결과**: ✅ PASS - -#### TC14-3-2: 중복 매핑 시도 - -- **요청**: 동일 `POST /api/groups/id/13/workspaces` (workspace_id=2 재시도) -- **기대**: 409 Conflict -- **실제**: HTTP 409 -- **결과**: ✅ PASS - ---- - -### 4. 워크스페이스 매핑 조회 - -#### TC14-4-1: GET /api/groups/id/13/workspaces - -- **요청**: `GET /api/groups/id/13/workspaces` -- **기대**: 200 OK, mc-iam-manager → testws01 viewer 매핑 1건 -- **실제**: HTTP 200 - ```json - [ - { - "group_id": 13, - "group_name": "mc-iam-manager", - "workspace_id": 2, - "workspace_name": "testws01", - "role_id": 3, - "role_name": "viewer", - "created_at": "2026-03-04T..." - } - ] - ``` -- **결과**: ✅ PASS - ---- - -### 5. 자동 접근 권한 + 우선순위 확인 - -#### TC14-5-1: 개인 UserWorkspaceRole(operator) vs 그룹 역할(viewer) 우선순위 - -- **조건**: mc-iam-manager 그룹 = testws01 viewer, orgmember01 개인 = testws01 operator -- **요청**: `GET /api/workspaces/id/2/users/id/3` (관리자 조회) -- **기대**: 개인 operator 역할이 적용됨 -- **실제**: - ```json - [{ "user_id": 3, "workspace_id": 2, "role_id": 2, "role_name": "operator" }] - ``` - - UserWorkspaceRole에 개인 operator 저장 확인 (그룹 viewer와 별개) -- **결과**: ✅ PASS (개인 역할이 명시적으로 저장됨) - ---- - -### 6. 매핑 역할 변경 - -#### TC14-6-1: PUT /api/groups/id/13/workspaces/2 (viewer → operator) - -- **요청**: `PUT /api/groups/id/13/workspaces/2` - ```json - { "role_id": 2 } - ``` -- **기대**: 200 OK, role_id가 3(viewer) → 2(operator)로 변경 -- **실제**: HTTP 200 - ```json - { "message": "그룹 워크스페이스 역할이 변경되었습니다." } - ``` -- **결과**: ✅ PASS - -#### TC14-6-2: 변경 후 GET 확인 - -- **요청**: `GET /api/groups/id/13/workspaces` -- **기대**: role_name = operator -- **실제**: HTTP 200, `role_name: "operator"` 확인 -- **결과**: ✅ PASS - ---- - -### 7. 매핑 제거 - -#### TC14-7-1: DELETE /api/groups/id/13/workspaces/2 - -- **요청**: `DELETE /api/groups/id/13/workspaces/2` -- **기대**: 200 OK -- **실제**: HTTP 200 - ```json - { "message": "그룹-워크스페이스 매핑이 제거되었습니다." } - ``` -- **결과**: ✅ PASS - -#### TC14-7-2: 제거 후 GET 확인 - -- **요청**: `GET /api/groups/id/13/workspaces` -- **기대**: `[]` (빈 배열) -- **실제**: `[]` -- **결과**: ✅ PASS - -#### TC14-7-3: 없는 매핑 재삭제 시도 - -- **요청**: `DELETE /api/groups/id/13/workspaces/2` (이미 삭제됨) -- **기대**: 404 Not Found -- **실제**: HTTP 404 -- **결과**: ✅ PASS - ---- - -### 8. platform role 해제 - -#### TC14-8-1: DELETE /api/groups/id/13/platform-roles/2 - -- **요청**: `DELETE /api/groups/id/13/platform-roles/2` -- **기대**: 200 OK, DB 삭제 + Keycloak RemoveRealmRoleFromGroup 호출 -- **실제**: HTTP 200 - ```json - { "message": "그룹의 플랫폼 역할이 해제되었습니다." } - ``` -- **결과**: ✅ PASS - -#### TC14-8-2: 해제 후 GET 확인 - -- **요청**: `GET /api/groups/id/13/platform-roles` -- **기대**: `[]` (빈 배열) -- **실제**: `[]` -- **결과**: ✅ PASS - -#### TC14-8-3: 그룹 멤버 재로그인 후 operator 미포함 확인 - -- **요청**: `POST /api/auth/login` (`id: orgmember01`) 재로그인 -- **기대**: JWT `realm_access.roles`에 operator 미포함 -- **실제**: `realm_access.roles` = `['billviewer']` (operator 없음) - - operator 포함: false ✅ -- **결과**: ✅ PASS - ---- - -## 버그 수정 이력 - -| 항목 | 내용 | 수정 | -|------|------|------| -| 빈 목록 null 반환 | `FindGroupPlatformRoles`, `FindGroupWorkspaceRoles`에서 결과 없을 때 `null` 반환 | `var results` → `results := make([]..., 0)` 로 수정하여 `[]` 반환 | - ---- - -## 신규 API 목록 - -| Method | Path | 기능 | DB | KC | -|--------|------|------|----|----| -| POST | `/api/groups/id/:groupId/platform-roles` | 그룹 platform role 할당 | ✅ | ✅ | -| GET | `/api/groups/id/:groupId/platform-roles` | 그룹 platform role 조회 | ✅ | - | -| DELETE | `/api/groups/id/:groupId/platform-roles/:roleId` | 그룹 platform role 해제 | ✅ | ✅ | -| POST | `/api/groups/id/:groupId/workspaces` | 그룹-워크스페이스 매핑 | ✅ | - | -| GET | `/api/groups/id/:groupId/workspaces` | 그룹 워크스페이스 매핑 조회 | ✅ | - | -| PUT | `/api/groups/id/:groupId/workspaces/:workspaceId` | 그룹 워크스페이스 역할 변경 | ✅ | - | -| DELETE | `/api/groups/id/:groupId/workspaces/:workspaceId` | 그룹-워크스페이스 매핑 제거 | ✅ | - | -| POST | `/api/users/id/:userId/groups` | 사용자-그룹 할당 (KC 동기화) | ✅ | ✅ | -| GET | `/api/users/id/:userId/groups` | 사용자 그룹 목록 | ✅ | - | -| DELETE | `/api/users/id/:userId/groups/:groupId` | 사용자-그룹 제거 (KC 동기화) | ✅ | ✅ | diff --git a/asset/setup/usecases.md b/asset/setup/usecases.md deleted file mode 100755 index f4a8bfa5..00000000 --- a/asset/setup/usecases.md +++ /dev/null @@ -1,155 +0,0 @@ -## 사용예시를 정의한다. -### usecase00은 사전작업이므로 무시한다. -### 관련 sampledata는 actors.md 에 정의한다. - -//usecase00 : 플랫폼 관리자 추가. keycloak console에서 작업 후 .env 파일 갱신.(realm추가, client추가, role추가, user 추가) - -usecase01 : 사용자 추가 - - user profile1~4까지 추가 - -usecase02 : platform Role 할당 - - user profile1 = admin - - user profile2 = operator - - user profile3 = viewer - - user profile4 = billadmin - - user profile5 = billviewer - -usecase03 : workspace와 project mapping - - workspace profile1~2 생성 - - project profile1~2 생성 - - workspace에 project 할당 - . testws01 - testprj01 - . testws01 - testprj02 - - workspace에서 project 할당 해제 - . testws01 - testprj02 할당 해제 - -usecase04 : platform role에 해당하는 작업 수행 - - user profile1~5가 menuTree 조회 - - -usecase05 : workspace role 할당 - - user profile1 을 workspace profile1에 admin - - user profile2 을 workspace profile1에 operator - - user profile3 을 workspace profile1에 viewer - - user profile4 을 workspace profile1에 billadmin - - user profile5 을 workspace profile1에 billviewer - -usecase06 : workspace role과 csp role 매핑 - - csp role 목록 조회 - . workspace role 목록과 csp role 목록 비교 - - csp role이 workspace role에 없으면 workspace role추가( csp role의 prefix는 mcmp_ ) - . workspace role : admin 과 csp role mcmp_admin - . workspace role : operator 과 csp role mcmp_operator - . workspace role : viewer 과 csp role mcmp_viewer - . workspace role : billadmin 과 csp role mcmp_billadmin - . workspace role : billviewer 과 csp role mcmp_billviewer - -usecase07 : workspace role 관리 - - predefined된 workspace role은 삭제 불가. - - 새로운 workspace role 추가 - . workspace role : observer -> csp role : mcmp_opserver - - workspace role과 csp role 매핑 - - workspace role과 csp role 매핑해제 - -usecase08 : csp role 관리 - - 등록된 role에 permission 추가.( readonly to edit) - - 등록된 role에 permission 추가.( vm to k8s) - - -usecase09 : api access 관리 - - api 등록 - - api resource 에 operationId(=action) 등록 - - workspace role에 따라 access 제어 - -usecase10 : 임시자격증명 발급 및 사용 - - 자신의 롤안에서 임시자격증명 발급하여 조회기능 수행 - - 임시자격증명으로 롤 밖 action 수행 - - 임시자격증명으로 생성,삭제기능 수행 - -usecase11 : 그룹 생성 - - seed 데이터 로딩 - . user profile1(admin)이 초기 그룹 데이터 로딩 - . POST /api/setup/initial-groups - . GET /api/groups?tree=true 로 트리 확인 - . MZC(01) 하위 8개 프레임워크 그룹(0101~0108) 확인 - - 최상위 그룹 생성 - . group profile4(TestOrg-Dev) 생성 - . POST /api/groups {"name":"TestOrg-Dev", "description":"개발팀 테스트 그룹"} - . group_code 자동생성 확인 (예: 02) - - 하위 그룹 생성 - . group profile5(TestOrg-Dev-Backend) 생성 - . POST /api/groups {"name":"TestOrg-Dev-Backend", "parent_id": } - . group_code 자동생성 확인 (예: 0201) - - 그룹 조회 - . GET /api/groups?tree=true 전체 트리 확인 - . GET /api/groups/id/:groupId 단건 조회 - . GET /api/groups/code/:code 코드로 조회 - - 그룹 수정 - . PUT /api/groups/id/:groupId {"name":"TestOrg-Dev-Updated"} - - 그룹 삭제 - . 하위그룹 있을 때 삭제 시도 -> 실패(400) 확인 - . 하위그룹 제거 후 삭제 -> 성공(200) 확인 - -usecase12 : 그룹용 사용자 생성 - - user profile6~8 추가 - . user profile6(orgadmin01) 추가 - . user profile7(orgmember01) 추가 - . user profile8(orgmember02) 추가 - - platform role 할당 - . user profile6 = operator - . user profile7 = viewer - . user profile8 = viewer - -usecase13 : 그룹에 사용자 추가 - - 사용자를 그룹에 할당 - . user profile1(admin)이 user profile6(orgadmin01)을 group profile1(MZC)에 할당 - . POST /api/users/id//groups {"group_ids": []} - . user profile7(orgmember01)을 group profile2(mc-iam-manager)에 할당 - . user profile8(orgmember02)을 group profile2(mc-iam-manager)에 할당 - - 다중 그룹 소속 - . user profile6(orgadmin01)을 group profile2(mc-iam-manager)에도 추가 - . user profile6이 MZC + mc-iam-manager 2개 그룹 소속 - - 그룹 소속 확인 - . GET /api/users/id//groups -> MZC, mc-iam-manager 2개 확인 - . GET /api/groups/id//users -> profile6, profile7, profile8 확인 - - 그룹에서 사용자 제거 - . DELETE /api/users/id//groups/ - . profile6에서 MZC 제거 후 mc-iam-manager만 소속 확인 - -usecase14 : 그룹 역할할당 - - 그룹에 platform role 할당 - . user profile1(admin)이 group profile2(mc-iam-manager)에 operator role 할당 - . POST /api/groups/id/:groupId/platform-roles {"role_id": } - . DB: mcmp_group_platform_roles에 저장 - . Keycloak: AddRealmRoleToGroup으로 그룹에 realm role 매핑 - . GET /api/groups/id/:groupId/platform-roles 로 할당 확인 - - 메뉴 자동 합산 확인 - . user profile7(orgmember01)은 개인 platform role = viewer (usecase12에서 할당) - . user profile7은 mc-iam-manager 그룹 소속 (usecase13에서 할당) - . user profile7 로그인 → JWT realm_access.roles에 viewer + operator 포함 확인 - . POST /api/users/menus-tree/list → viewer 메뉴 + operator 메뉴 합산 확인 - - 그룹에 workspace role 매핑 - . user profile1(admin)이 group profile2(mc-iam-manager)를 workspace profile1(testws01)에 매핑 - . POST /api/groups/id/:groupId/workspaces {"workspace_id": , "role_id": } - . DB: mcmp_group_workspace_roles에 저장 (Keycloak 미사용) - . mc-iam-manager 그룹 멤버(profile6,7,8)가 testws01에서 viewer 역할 자동 획득 - - 워크스페이스 매핑 조회 - . GET /api/groups/id/:groupId/workspaces → 매핑된 워크스페이스 + 역할 목록 - - 자동 접근 권한 확인 - . user profile7(orgmember01, mc-iam-manager 소속)이 testws01 접근 → viewer 역할로 접근 가능 - . 개인 UserWorkspaceRole 없이도 그룹 매핑으로 접근 가능 확인 - - 우선순위 확인: 개인 UserWorkspaceRole > 그룹 매핑 역할 - . user profile7에게 testws01에 operator 개인 할당 (usecase05 방식) - . 그룹은 viewer, 개인은 operator → operator가 적용되는지 확인 - - 매핑 역할 변경 - . PUT /api/groups/id/:groupId/workspaces/:workspaceId {"role_id": } - . viewer → operator로 변경 - - 매핑 제거 - . DELETE /api/groups/id/:groupId/workspaces/:workspaceId - . 제거 후 자동 접근 권한 해제 확인 - - platform role 해제 - . DELETE /api/groups/id/:groupId/platform-roles/:roleId - . DB + Keycloak에서 제거 - . 그룹 멤버 재로그인 후 해당 role 메뉴 미표시 확인 - - diff --git a/installAll.sh b/installAll.sh new file mode 100755 index 00000000..7351d6f0 --- /dev/null +++ b/installAll.sh @@ -0,0 +1,565 @@ +#!/bin/bash + +# MC-IAM-Manager Mode Configuration Script + +# ============================================================================= +# Usage Function +# ============================================================================= +usage() { + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " -m, --mode IAM mode selection (dev|prod)" + echo " dev: Developer mode with self-signed certificate (Mode A)" + echo " prod: Production mode with Let's Encrypt certificate (Mode B)" + echo " -d, --domain Public domain or IP" + echo " dev (local PC): localhost (default) — plain HTTP, no certs, no hosts change" + echo " dev (local PC): mciam.local — plain HTTP (needs /etc/hosts entry)" + echo " dev (remote VM): VM public IP (e.g. 1.2.3.4) — HTTPS self-signed" + echo " prod: real FQDN required (e.g. iam.example.com)" + echo " -r, --run Service run mode (log|background|skip)" + echo " log: Run with log mode" + echo " background: Run in background with monitoring" + echo " skip: Skip execution" + echo " -h, --help Display this help message" + echo "" + echo "Examples:" + echo " $0 -m dev -r background # Local PC: default domain (localhost, plain HTTP)" + echo " $0 -m dev -d 1.2.3.4 -r background # Remote VM: use public IP" + echo " $0 -m prod -d iam.example.com -r background # Remote VM: use real domain + Let's Encrypt" + echo " $0 # Interactive mode" + exit 1 +} + +# ============================================================================= +# Parameter Parsing +# ============================================================================= +IAM_MODE="" +IAM_DOMAIN="" +RUN_MODE="" + +while [[ $# -gt 0 ]]; do + case $1 in + -m|--mode) + IAM_MODE="$2" + shift 2 + ;; + -d|--domain) + IAM_DOMAIN="$2" + shift 2 + ;; + -r|--run) + RUN_MODE="$2" + shift 2 + ;; + -h|--help) + usage + ;; + *) + echo "Unknown option: $1" + usage + ;; + esac +done + +# Parameter Validation +if [ -n "$IAM_MODE" ] && [ "$IAM_MODE" != "dev" ] && [ "$IAM_MODE" != "prod" ]; then + echo "Error: Invalid mode. Please use 'dev' or 'prod'." + usage +fi + +if [ -n "$RUN_MODE" ] && [ "$RUN_MODE" != "log" ] && [ "$RUN_MODE" != "background" ] && [ "$RUN_MODE" != "skip" ]; then + echo "Error: Invalid run mode. Please use 'log', 'background', or 'skip'." + usage +fi + +# ============================================================================= +# Container List Definition (User Configurable) +# ============================================================================= + +# Expected running containers (defined in docker-compose.yaml) +EXPECTED_CONTAINERS=( + "mc-infra-connector" + "mc-infra-manager" + "mc-infra-manager-etcd" + "mc-infra-manager-postgres" + "mc-infra-manager-openbao" + "mc-iam-manager" + "mc-iam-manager-db" + "mc-iam-manager-kc" + "mc-iam-manager-nginx" + # "mc-iam-manager-post-initial" # Container that exits after execution + "mc-web-console-db" + "mc-web-console-api" + "mc-web-console-front" +) + +# Containers without Health Check (treated as successful when in Up state) +NO_HEALTH_CHECK_CONTAINERS=( + "mc-iam-manager-nginx" + "mc-infra-manager-openbao" +) + +# ============================================================================= + +# Save current directory at script start +ORIGINAL_DIR="$(pwd)" + +# ============================================================================= +# IAM Mode Selection +# ============================================================================= + +# If mode is not specified via parameter, select interactively +if [ -z "$IAM_MODE" ]; then + echo "==========================================" + echo "MC-IAM-Manager Configuration Mode Selection" + echo "==========================================" + echo "" + echo "MC-IAM-Manager can be configured in two modes:" + echo "" + echo "[Developer Mode - Local Authentication]" + echo " - localhost (default): plain HTTP, no certificates, no /etc/hosts change required" + echo " - IP/domain input: HTTPS with self-signed certificate" + echo " - Optimized for local development environment" + echo " - Quick setup and testing" + echo "" + echo "[Production Mode - CA Authentication]" + echo " - Uses Let's Encrypt CA certificates" + echo " - For use with real domains" + echo " - HTTPS based on security certificates" + echo " - Suitable for production environments" + echo "" + echo "==========================================" + + while true; do + echo -n "Which mode would you like to configure? (1: Developer Mode, 2: Production Mode): " + read -r choice + + case $choice in + 1) + IAM_MODE="dev" + break + ;; + 2) + IAM_MODE="prod" + break + ;; + *) + echo "Invalid selection. Please enter 1 or 2." + ;; + esac + done +fi + +# ============================================================================= +# .env Bootstrap +# ============================================================================= + +PROJECT_ROOT_ABS="$(cd "$ORIGINAL_DIR" && pwd)" + +ensure_env_file() { + local setup_file="$1" + local env_file="$2" + if [ ! -f "$env_file" ]; then + if [ -f "$setup_file" ]; then + cp "$setup_file" "$env_file" + echo "✓ Created $(basename "$env_file") from $(basename "$setup_file")" + else + echo "Error: $setup_file not found." + exit 1 + fi + fi +} + +sync_missing_env_vars() { + local setup_file="$1" + local env_file="$2" + + if [ ! -f "$setup_file" ] || [ ! -f "$env_file" ]; then + return 0 + fi + + local tmpfile + tmpfile=$(mktemp) + + while IFS= read -r line; do + _key="${line%%=*}" + if ! grep -qE "^${_key}=" "$env_file"; then + printf '%s\n' "$line" >> "$tmpfile" + fi + done < <(grep -E '^[A-Z_][A-Z0-9_]*=' "$setup_file") + + if [ -s "$tmpfile" ]; then + local rel="${env_file##*/mc-iam-manager/}" + { + printf '\n' + printf '# === Synced from %s by installAll.sh on %s ===\n' \ + "$(basename "$setup_file")" "$(date -Iseconds)" + cat "$tmpfile" + } >> "$env_file" + echo "✓ Synced $(wc -l < "$tmpfile") missing var(s) into ${rel}" + fi + rm -f "$tmpfile" +} + +ensure_env_file "$PROJECT_ROOT_ABS/.env.setup" "$PROJECT_ROOT_ABS/.env" + +sync_missing_env_vars "$PROJECT_ROOT_ABS/.env.setup" "$PROJECT_ROOT_ABS/.env" + +# ============================================================================= +# Domain Configuration +# ============================================================================= + +if [ -z "$IAM_DOMAIN" ]; then + echo "" + echo "==========================================" + echo "Public Domain Configuration" + echo "==========================================" + if [ "$IAM_MODE" = "dev" ]; then + echo "" + echo " [Local PC - HTTP] Just press Enter to use 'localhost' (plain HTTP, no certs)." + echo " No /etc/hosts modification required." + echo " Or enter 'mciam.local' for a named local domain" + echo " (requires 127.0.0.1 mciam.local in /etc/hosts)." + echo "" + echo " [Remote VM - HTTPS] Enter the VM's public IP (e.g. 43.202.200.215)." + echo " Self-signed certificate will be issued for the IP." + echo "" + echo " [With Domain] Use Production Mode (-m prod) for Let's Encrypt cert." + echo "" + echo -n "Enter domain or IP [localhost]: " + read -r IAM_DOMAIN + IAM_DOMAIN="${IAM_DOMAIN:-localhost}" + else + echo "" + echo "Mode B: Let's Encrypt certificate will be issued for this domain." + echo "The domain must be a real FQDN with valid DNS pointing to this server." + echo "" + while [ -z "$IAM_DOMAIN" ]; do + echo -n "Enter public FQDN (e.g. iam.example.com): " + read -r IAM_DOMAIN + if [ -z "$IAM_DOMAIN" ]; then + echo "Domain is required for Production Mode. Please enter a valid FQDN." + fi + done + fi +fi + +echo "" +echo "Using domain: $IAM_DOMAIN" + +apply_domain() { + local env_file="$1" + local domain="$2" + sed -i "s|^MC_IAM_MANAGER_PUBLIC_DOMAIN=.*|MC_IAM_MANAGER_PUBLIC_DOMAIN=${domain}|" "$env_file" + echo "✓ Set MC_IAM_MANAGER_PUBLIC_DOMAIN=${domain} in $(basename "$env_file")" +} + +apply_domain "$PROJECT_ROOT_ABS/.env" "$IAM_DOMAIN" + +# ============================================================================= +# Process selected mode +case $IAM_MODE in + dev) + echo "" + cd "$PROJECT_ROOT_ABS/conf/mc-iam-manager/" || { + echo "Error: Cannot find mc-iam-manager directory." + cd "$ORIGINAL_DIR" + exit 1 + } + + if [ "$IAM_DOMAIN" = "localhost" ] || [ "$IAM_DOMAIN" = "127.0.0.1" ] || [ "$IAM_DOMAIN" = "mciam.local" ]; then + echo "Local PC mode ($IAM_DOMAIN) — configuring plain HTTP, no certificates." + echo "" + + if [ -f "0_preset_local.sh" ]; then + chmod +x 0_preset_local.sh + ./0_preset_local.sh + if [ $? -eq 0 ]; then + echo "" + echo "✓ Local HTTP mode configuration completed." + else + echo "" + echo "❌ Error occurred during local HTTP mode configuration." + cd "$ORIGINAL_DIR" + exit 1 + fi + else + echo "Error: Cannot find 0_preset_local.sh file." + cd "$ORIGINAL_DIR" + exit 1 + fi + else + echo "You have selected Developer Mode - Local Authentication." + echo "Generating self-signed certificate and configuring local environment..." + echo "" + + if [ -f "0_preset_dev.sh" ]; then + chmod +x 0_preset_dev.sh + ./0_preset_dev.sh + if [ $? -eq 0 ]; then + echo "" + echo "✓ Developer mode configuration completed." + else + echo "" + echo "❌ Error occurred during developer mode configuration." + cd "$ORIGINAL_DIR" + exit 1 + fi + else + echo "Error: Cannot find 0_preset_dev.sh file." + cd "$ORIGINAL_DIR" + exit 1 + fi + fi + ;; + prod) + echo "" + echo "You have selected Production Mode - CA Authentication." + echo "Generating Let's Encrypt certificate and configuring production environment..." + echo "" + + # Production mode: Generate certificate + echo "Step 1: Generating Let's Encrypt certificate..." + + cd "$PROJECT_ROOT_ABS" || { + echo "Error: Cannot return to project root." + exit 1 + } + + docker compose -f "$PROJECT_ROOT_ABS/docker-compose.cert.yaml" --env-file "$PROJECT_ROOT_ABS/.env" up + if [ $? -eq 0 ]; then + echo "✓ Certificate generation completed." + # Reclaim ownership of volume directories created by the certbot container (runs as root) + if command -v sudo >/dev/null 2>&1; then + sudo chown -R "$USER:$USER" "$PROJECT_ROOT_ABS/container-volume" + fi + else + echo "❌ Error occurred during certificate generation." + exit 1 + fi + + echo "" + echo "Step 2: Configuring production mode..." + + # Execute production mode script + cd "$PROJECT_ROOT_ABS/conf/mc-iam-manager/" || { + echo "Error: Cannot find mc-iam-manager directory." + cd "$ORIGINAL_DIR" + exit 1 + } + + if [ -f "0_preset_prod.sh" ]; then + chmod +x 0_preset_prod.sh + ./0_preset_prod.sh + if [ $? -eq 0 ]; then + echo "" + echo "✓ Production mode configuration completed." + else + echo "" + echo "❌ Error occurred during production mode configuration." + cd "$ORIGINAL_DIR" + exit 1 + fi + else + echo "Error: Cannot find 0_preset_prod.sh file." + cd "$ORIGINAL_DIR" + exit 1 + fi + ;; +esac + +# Return to original directory after all mode configurations +cd "$ORIGINAL_DIR" + +echo "" +echo "======================================================" +echo "Configuration completed!" +echo "Run './installAll.sh -r background' or 'docker compose up -d' to start the service." +echo "======================================================" + +# ============================================================================= +# Service Run Mode Selection +# ============================================================================= + +# If run mode is not specified via parameter, select interactively +if [ -z "$RUN_MODE" ]; then + echo "" + echo "Select service run mode:" + echo "1. Log Mode - Run with real-time logs" + echo "2. Background Mode - Run in background with status monitoring" + echo "3. Skip - Do not run" + echo "" + + while true; do + echo -n "Select run mode (1/2/3): " + read -r run_choice + + case $run_choice in + 1) + RUN_MODE="log" + break + ;; + 2) + RUN_MODE="background" + break + ;; + 3) + RUN_MODE="skip" + break + ;; + *) + echo "Invalid selection. Please enter 1, 2, or 3." + ;; + esac + done +fi + +# Process selected run mode +case $RUN_MODE in + log) + echo "" + echo "Starting service in log mode..." + echo "==========================================" + + cd "$PROJECT_ROOT_ABS" || { + echo "Error: Cannot return to project root." + exit 1 + } + + docker compose --env-file .env up || true + ;; + background) + echo "" + echo "Starting service in background mode..." + echo "==========================================" + + cd "$PROJECT_ROOT_ABS" || { + echo "Error: Cannot return to project root." + exit 1 + } + + echo "Starting service in background..." + echo "Image download and initial setup in progress..." + echo "" + + docker compose --env-file .env up -d + + echo "" + echo "Image download and initial setup completed." + echo "Monitoring container status..." + echo "" + + # Container monitoring function + monitor_containers() { + local all_healthy=false + local check_count=0 + local max_checks=120 # 20 minutes (120 * 10 seconds) + + while [ "$all_healthy" = false ] && [ $check_count -lt $max_checks ]; do + clear + echo "==========================================" + echo "Container Status Monitoring" + echo "==========================================" + echo "" + + # Get container status (sorted by name) + local container_status=$(docker ps --format "table {{.Names}}\t{{.Status}}" | grep -E "^mc-" | sort) + + if [ -n "$container_status" ]; then + echo "$container_status" + else + echo "Containers have not started yet..." + echo "Image download and initial setup in progress..." + fi + + echo "" + echo "==========================================" + + # Check currently running container status + local running_containers=$(docker ps --format "{{.Names}}\t{{.Status}}" 2>/dev/null | grep -E "^mc-" | sort) + local all_expected_running=true + local unhealthy_count=0 + local running_count=0 + local missing_containers=() + + # Check if each expected container is running and healthy + for container in "${EXPECTED_CONTAINERS[@]}"; do + if echo "$running_containers" | grep -q "^$container"; then + running_count=$((running_count + 1)) + + # Containers without health check are treated as successful when Up + local is_no_health_check=false + for no_health_container in "${NO_HEALTH_CHECK_CONTAINERS[@]}"; do + if [ "$container" = "$no_health_container" ]; then + is_no_health_check=true + break + fi + done + + if [ "$is_no_health_check" = true ]; then + # Containers without health check are successful if Up + if echo "$running_containers" | grep "^$container" | grep -q "Up"; then + # Success (just increment count) + : + else + unhealthy_count=$((unhealthy_count + 1)) + fi + else + # Containers with health check verify healthy status + if echo "$running_containers" | grep "^$container" | grep -q "unhealthy\|starting\|restarting"; then + unhealthy_count=$((unhealthy_count + 1)) + fi + fi + else + all_expected_running=false + missing_containers+=("$container") + fi + done + + # Display list of containers waiting to start + if [ ${#missing_containers[@]} -gt 0 ]; then + echo "" + echo "Containers waiting to start:" + printf " %s\n" "${missing_containers[@]}" + fi + + # Check if all expected containers are running and healthy + if [ "$all_expected_running" = true ] && [ "$unhealthy_count" -eq 0 ] && [ "$running_count" -gt 0 ]; then + all_healthy=true + echo "" + echo "🎉 All environments have been set up!" + echo "" + echo "Final container status:" + echo "$container_status" + echo "" + MC_IAM_PORT="${MC_IAM_MANAGER_PORT:-5005}" + MC_KC_PORT="${MC_IAM_MANAGER_KEYCLOAK_PORT:-8080}" + echo " mc-iam-manager : http://localhost:${MC_IAM_PORT}/readyz" + echo " Keycloak admin : http://localhost:${MC_KC_PORT}/admin/" + break + else + echo "" + echo "Checking status again in 10 seconds... (${check_count}/${max_checks})" + check_count=$((check_count + 1)) + sleep 10 + fi + done + + if [ "$all_healthy" = false ]; then + echo "" + echo "⚠️ Some containers did not reach healthy status." + echo "To check status: docker compose ps" + echo "To check logs: docker logs " + fi + } + + # Start container monitoring + monitor_containers + ;; + skip) + echo "" + echo "Skipping service execution." + echo "You can start the service later with 'docker compose up -d' command." + ;; +esac From 1b82f650e99a166f08731820b8fabd1a406707d9 Mon Sep 17 00:00:00 2001 From: dogfootman Date: Sat, 23 May 2026 04:29:27 +0000 Subject: [PATCH 3/9] fix(docker-compose): remove tool/mcc bind mount and replace with native health checks - Remove all ./tool/mcc:/app/tool/mcc volume mounts from 7 services (mcc is a docker compose wrapper and should not run inside containers) - Replace mcc-based health checks with native tools: - mc-infra-connector: curl -f - mc-iam-manager-kc: bash /dev/tcp (no wget/curl in Keycloak image) - mc-web-console-api: bash /dev/tcp (no wget/curl in Go image) - Add conf/mc-iam-manager/0_preset_local.sh for localhost (plain HTTP) preset (was missing, causing installAll.sh -m dev -d localhost to fail) --- conf/mc-iam-manager/0_preset_local.sh | 174 ++++++++++++++++++++++++++ docker-compose.yaml | 19 +-- 2 files changed, 178 insertions(+), 15 deletions(-) create mode 100755 conf/mc-iam-manager/0_preset_local.sh diff --git a/conf/mc-iam-manager/0_preset_local.sh b/conf/mc-iam-manager/0_preset_local.sh new file mode 100755 index 00000000..1887a6cf --- /dev/null +++ b/conf/mc-iam-manager/0_preset_local.sh @@ -0,0 +1,174 @@ +#!/bin/bash + +# localhost (plain HTTP) preset — no certs, no /etc/hosts modification + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")" + +echo "PROJECT_ROOT: $PROJECT_ROOT" + +ENV_FILE="${PROJECT_ROOT}/.env" + +if [ ! -f "$ENV_FILE" ]; then + echo "Error: .env file not found: $ENV_FILE" + exit 1 +fi + +source "$ENV_FILE" + +CURRENT_USER=$(whoami) +CURRENT_GROUP=$(id -gn) + +NGINX_DIR="${PROJECT_ROOT}/container-volume/mc-iam-manager/nginx" +mkdir -p "$NGINX_DIR" || { echo "Error: Failed to create $NGINX_DIR"; exit 1; } +chown -R "${CURRENT_USER}:${CURRENT_GROUP}" "${PROJECT_ROOT}/container-volume/mc-iam-manager" +echo "✓ Container volume directory created" + +MC_IAM_MANAGER_PORT="${MC_IAM_MANAGER_PORT:-5005}" +MC_IAM_MANAGER_KEYCLOAK_PORT="${MC_IAM_MANAGER_KEYCLOAK_PORT:-8080}" +MC_OBSERVABILITY_GRAFANA_PROXY_PORT="${MC_OBSERVABILITY_GRAFANA_PROXY_PORT:-3010}" +MC_COST_OPTIMIZER_FE_PROXY_PORT="${MC_COST_OPTIMIZER_FE_PROXY_PORT:-3011}" +MC_COST_OPTIMIZER_FE_PORT="${MC_COST_OPTIMIZER_FE_PORT:-7780}" + +OUTPUT_FILE="${NGINX_DIR}/nginx.conf" + +cat > "$OUTPUT_FILE" << NGINX_EOF +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + gzip on; + + server { + listen 80; + server_name localhost 127.0.0.1; + + location /nginx-health { + access_log off; + return 200 "nginx is healthy\n"; + add_header Content-Type text/plain; + } + + location /health { + proxy_pass http://mc-iam-manager:${MC_IAM_MANAGER_PORT}/readyz; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_connect_timeout 10s; + proxy_send_timeout 10s; + proxy_read_timeout 10s; + } + + location /auth/ { + proxy_pass http://mc-iam-manager-kc:${MC_IAM_MANAGER_KEYCLOAK_PORT}/auth/; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_set_header X-Forwarded-Host \$host; + proxy_set_header X-Forwarded-Server \$host; + proxy_hide_header X-Frame-Options; + add_header X-Frame-Options "SAMEORIGIN" always; + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + + location / { + proxy_pass http://mc-iam-manager:${MC_IAM_MANAGER_PORT}; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_set_header X-Forwarded-Host \$host; + proxy_set_header X-Forwarded-Server \$host; + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + + server { + listen 3001; + server_name localhost 127.0.0.1; + + location / { + resolver 127.0.0.11 valid=10s; + set \$upstream_console mc-web-console-front; + proxy_pass http://\$upstream_console:3001\$request_uri; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + + server { + listen ${MC_OBSERVABILITY_GRAFANA_PROXY_PORT}; + server_name localhost 127.0.0.1; + + location / { + resolver 127.0.0.11 valid=10s; + set \$upstream_grafana mc-observability-grafana; + proxy_pass http://\$upstream_grafana:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + + server { + listen ${MC_COST_OPTIMIZER_FE_PROXY_PORT}; + server_name localhost 127.0.0.1; + + location / { + resolver 127.0.0.11 valid=10s; + set \$upstream_cost_fe mc-cost-optimizer-fe; + proxy_pass http://\$upstream_cost_fe:${MC_COST_OPTIMIZER_FE_PORT}; + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } +} +NGINX_EOF + +echo "✓ Plain HTTP nginx.conf generated: $OUTPUT_FILE" +echo "" +echo "=== 생성된 nginx.conf ===" +cat "$OUTPUT_FILE" diff --git a/docker-compose.yaml b/docker-compose.yaml index f26b9fd3..aa89572a 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -26,7 +26,6 @@ services: published: ${MC_INFRA_CONNECTOR_PORT} protocol: tcp volumes: - - ./tool/mcc:/app/tool/mcc - ./conf/mc-infra-connector/:/root/go/src/github.com/cloud-barista/cb-spider/conf/:ro - ./container-volume/mc-infra-connector/meta_db/:/root/go/src/github.com/cloud-barista/cb-spider/meta_db/ - ./container-volume/mc-infra-connector/log/:/root/go/src/github.com/cloud-barista/cb-spider/log/ @@ -40,8 +39,7 @@ services: - ID_TRANSFORM_MODE=OFF - ADMINWEB=ON healthcheck: - # for CB-Spider - test: [ "CMD", "/app/tool/mcc", "rest", "get", "http://localhost:1024/spider/readyz" ] + test: ["CMD-SHELL", "curl -f -s http://localhost:1024/spider/readyz || exit 1"] <<: *default-health-check ##### MC-INFRA-MANAGER ######################################################################################################################### @@ -69,7 +67,6 @@ services: mc-infra-manager-openbao: condition: service_healthy volumes: - - ./tool/mcc:/app/tool/mcc - ./conf/mc-infra-manager/:/app/conf/:ro - ./container-volume/mc-infra-manager/meta_db/:/app/meta_db/ - ./container-volume/mc-infra-manager/log/:/app/log/ @@ -229,8 +226,6 @@ services: # - For other services: uses ./conf/mc-iam-manager/.env file env_file: - ./.env - volumes: - - ./tool/mcc:/app/tool/mcc healthcheck: test: ["CMD-SHELL", "wget -q -O- http://localhost:${MC_IAM_MANAGER_PORT:-5005}/readyz || exit 1"] <<: *default-health-check @@ -295,19 +290,17 @@ services: KC_HTTP_ENABLED: "true" KC_PROXY: edge volumes: - - ./tool/mcc:/app/tool/mcc - ./container-volume/mc-iam-manager/keycloak/data/:/opt/keycloak/data/ # Environment file configuration: # - For mc-iam-manager: uses project root .env file # - For mc-admin-cli: uses ./conf/mc-iam-manager/.env file # - For other services: uses ./conf/mc-iam-manager/.env file env_file: - - ./.env + - ./.env depends_on: - mc-iam-manager-db healthcheck: - test: [ "CMD", "/app/tool/mcc", "rest", "get", "http://localhost:8080/auth/" ] - # test: [ "CMD", "/app/tool/mcc", "rest", "get", "http://localhost:8080/health/ready" ] + test: ["CMD-SHELL", "bash -c 'exec 3<>/dev/tcp/localhost/8080 && echo -e \"GET /auth/ HTTP/1.0\\r\\n\\r\\n\" >&3 && head -1 <&3 | grep -qE \"200|302\"'"] <<: *default-health-check mc-iam-manager-nginx: @@ -354,7 +347,6 @@ services: env_file: - ./.env volumes: - - ./tool/mcc:/app/tool/mcc - ./conf/mc-iam-manager/:/app/mc-iam-manager/ working_dir: /app/mc-iam-manager command: bash /app/mc-iam-manager/docker-post-init.sh @@ -425,10 +417,9 @@ services: MC_IAM_MANAGER_PORT: ${MC_IAM_MANAGER_PORT} MC_IAM_MANAGER_HOST: mc-iam-manager volumes: - - ./tool/mcc:/app/tool/mcc - ./conf/mc-web-console/api/conf/:/conf/ healthcheck: - test: [ "CMD", "/app/tool/mcc", "rest", "get", "http://localhost:3000/readyz" ] + test: ["CMD-SHELL", "bash -c 'exec 3<>/dev/tcp/localhost/3000 && echo -e \"GET /readyz HTTP/1.0\\r\\n\\r\\n\" >&3 && head -1 <&3 | grep -q 200'"] <<: *default-health-check mc-web-console-front: @@ -451,8 +442,6 @@ services: API_PORT: 3000 FRONT_ADDR: 0.0.0.0 FRONT_PORT: 3001 - volumes: - - ./tool/mcc:/app/tool/mcc healthcheck: test: ["CMD-SHELL", "wget -q -O- http://localhost:3001 || exit 1"] <<: *default-health-check \ No newline at end of file From 63d3d4fada7b7d20c5bfa331cb95ef8cc37bb666 Mon Sep 17 00:00:00 2001 From: dogfootman Date: Sat, 23 May 2026 05:30:41 +0000 Subject: [PATCH 4/9] fix(docker-compose): route mc-web-console-front through nginx on port 3001 - Add MC_WEB_CONSOLE_FRONT_PORT to nginx port bindings (was missing) so https://:3001 is proxied by nginx with SSL - Remove direct host port binding from mc-web-console-front (nginx handles the external exposure) - Add front port URI to Keycloak mciamClient redirectUris in 1_setup_auto.sh so OAuth callback to https://:3001/* is allowed --- conf/mc-iam-manager/1_setup_auto.sh | 9 +++++++-- docker-compose.yaml | 5 +---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/conf/mc-iam-manager/1_setup_auto.sh b/conf/mc-iam-manager/1_setup_auto.sh index 71452d32..30410aa2 100755 --- a/conf/mc-iam-manager/1_setup_auto.sh +++ b/conf/mc-iam-manager/1_setup_auto.sh @@ -602,9 +602,14 @@ configure_keycloak_client_uris() { CURRENT=$(curl -s "${KC_ADMIN_URL}/clients/${CLIENT_ID}" \ -H "Authorization: Bearer ${KC_ADMIN_TOKEN}") + FRONT_HOST="${MC_IAM_MANAGER_PUBLIC_DOMAIN}${MC_WEB_CONSOLE_FRONT_PORT:+:${MC_WEB_CONSOLE_FRONT_PORT}}" + FRONT_SCHEME=$(echo "$PUBLIC_HOST" | grep -o 'https\?') + FRONT_URI="${FRONT_SCHEME}://${FRONT_HOST}" + UPDATED=$(echo "$CURRENT" | jq \ --arg h "$PUBLIC_HOST" \ - '.rootUrl = $h | .baseUrl = $h | .redirectUris = [$h + "/*"] | .webOrigins = [$h]') + --arg f "$FRONT_URI" \ + '.rootUrl = $h | .baseUrl = $h | .redirectUris = [$h + "/*", $f + "/*"] | .webOrigins = [$h, $f]') HTTP=$(curl -s -o /dev/null -w "%{http_code}" -X PUT \ "${KC_ADMIN_URL}/clients/${CLIENT_ID}" \ @@ -613,7 +618,7 @@ configure_keycloak_client_uris() { -d "$UPDATED") if [ "$HTTP" = "204" ]; then - echo " ✓ Updated: $CLIENT_NAME → redirectUris=[${PUBLIC_HOST}/*]" + echo " ✓ Updated: $CLIENT_NAME → redirectUris=[${PUBLIC_HOST}/*, ${FRONT_URI}/*]" else echo " ✗ Failed to update $CLIENT_NAME (HTTP $HTTP)" fi diff --git a/docker-compose.yaml b/docker-compose.yaml index aa89572a..2aed4da1 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -309,6 +309,7 @@ services: ports: - "${MC_IAM_MANAGER_NGINX_HTTP_PORT}:80" - "${MC_IAM_MANAGER_NGINX_HTTPS_PORT}:443" + - "${MC_WEB_CONSOLE_FRONT_PORT}:${MC_WEB_CONSOLE_FRONT_PORT}" environment: - DOMAIN_NAME=${MC_IAM_MANAGER_PUBLIC_DOMAIN} volumes: @@ -433,10 +434,6 @@ services: networks: - mc-web-console-network - mc-iam-manager-network - ports: - - target: 3001 - published: ${MC_WEB_CONSOLE_FRONT_PORT} - protocol: tcp environment: API_ADDR: mc-web-console-api API_PORT: 3000 From c24f85a89f48562b310a7fbf96d460d63a9bb2e4 Mon Sep 17 00:00:00 2001 From: dogfootman Date: Sat, 23 May 2026 05:37:08 +0000 Subject: [PATCH 5/9] fix(docker-compose): use MC_WEB_CONSOLE_ prefixed env vars for front container The mc-web-console-front binary reads MC_WEB_CONSOLE_API_ADDR / MC_WEB_CONSOLE_API_PORT (not API_ADDR / API_PORT). Without the prefix, the binary fell back to localhost:3000, causing 500 on all /api/* proxy calls. --- docker-compose.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 2aed4da1..8bcf40e8 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -435,10 +435,10 @@ services: - mc-web-console-network - mc-iam-manager-network environment: - API_ADDR: mc-web-console-api - API_PORT: 3000 - FRONT_ADDR: 0.0.0.0 - FRONT_PORT: 3001 + MC_WEB_CONSOLE_API_ADDR: mc-web-console-api + MC_WEB_CONSOLE_API_PORT: 3000 + MC_WEB_CONSOLE_FRONT_ADDR: 0.0.0.0 + MC_WEB_CONSOLE_FRONT_PORT: 3001 healthcheck: test: ["CMD-SHELL", "wget -q -O- http://localhost:3001 || exit 1"] <<: *default-health-check \ No newline at end of file From ab9a4362f236223f65147e557b7640fda01eeb5e Mon Sep 17 00:00:00 2001 From: dogfootman Date: Sat, 23 May 2026 05:54:05 +0000 Subject: [PATCH 6/9] fix(prod): fix chicken-and-egg cert issuance and update data configs - installAll.sh prod mode: start nginx in HTTP-only mode before running certbot so the ACME challenge can be served via webroot; reload nginx with SSL config after cert is issued - docker-compose.cert.yaml: switch to webroot mode (was standalone which conflicts with running nginx), fix volume path and env var names (MC_IAM_MANAGER_PUBLIC_DOMAIN / MC_IAM_MANAGER_CERT_EMAIL), add mc-iam-manager-network so certbot can reach nginx - conf/mc-iam-manager/menu.yaml: add Menus under organizations, add CSP Accounts under cloudsps, update isaction flags - conf/mc-iam-manager/api.yaml: sync API resource definitions --- conf/mc-iam-manager/api.yaml | 2947 +++++++++++++-------------------- conf/mc-iam-manager/menu.yaml | 54 +- docker-compose.cert.yaml | 26 +- installAll.sh | 54 +- 4 files changed, 1225 insertions(+), 1856 deletions(-) diff --git a/conf/mc-iam-manager/api.yaml b/conf/mc-iam-manager/api.yaml index 8462334f..daaf566a 100644 --- a/conf/mc-iam-manager/api.yaml +++ b/conf/mc-iam-manager/api.yaml @@ -3,2363 +3,1733 @@ services: mc-infra-connector: - version: 0.9.8 + version: 0.12.18 baseurl: http://mc-infra-connector:1024/spider auth: type: basic - username: null - password: null + username: + password: + mc-iam-manager: - version: 0.3.0 - baseurl: http://mc-iam-manager:5005 + version: 0.5.2 + baseurl: http://mc-iam-manager:5000 auth: type: bearer + mc-infra-manager: - version: 0.9.22 + version: 0.12.9 baseurl: http://mc-infra-manager:1323/tumblebug auth: type: basic - username: default - password: default + username: spider + password: spider + mc-web-console: - version: main + version: 0.5.2 baseurl: http://mc-web-console:3000 auth: type: bearer + mc-observability: - version: 0.2.3 - baseurl: http://mc-observability:18080 - auth: null + version: 0.5.0 + baseurl: http://mc-observability-manager:18080 + auth: + mc-application-manager: - version: 0.3.0 + version: 0.5.2 baseurl: http://mc-application-manager:18084 - auth: null + auth: + mc-workflow-manager: - version: 0.3.0 + version: 0.5.1 baseurl: http://mc-workflow-manager:18083 - auth: null + auth: + mc-cost-optimizer: - version: 0.3.0 - baseurl: http://mc-cost-optimizer:9090 - auth: null + version: 0.5.2 + baseurl: http://mc-cost-optimizer-be:9090 + auth: + mc-data-manager: - version: 0.3.0 + version: 0.5.3 baseurl: http://mc-data-manager:3300 - auth: null - mc-application-manager-fe: - version: main - baseurl: http://application_manager_fe_url:18084 - auth: null - mc-workflow-manager-fe: - version: main - baseurl: http://workflow_manager_fe_url:18083 - auth: null - mc-data-manager-fe: - version: main - baseurl: http://data_manager_fe_url:3300 - auth: null - mc-cost-optimizer-fe: - version: main - baseurl: http://cost_optimizer_fe_url:7780 - auth: null + auth: + + # sample: + # baseurl: http://localhost:1323/test + # auth: + # type: "" + serviceActions: mc-infra-connector: Remove-Nodegroup: method: delete resourcePath: /cluster/{Name}/nodegroup/{NodeGroupName} - description: Remove an existing Node Group from a Cluster. + description: "Remove an existing Node Group from a Cluster." List-Connection-Configs: method: get resourcePath: /connectionconfig - description: Retrieve a list of registered Connection Configs. + description: "Retrieve a list of registered Connection Configs." Create-Connection-Config: method: post resourcePath: /connectionconfig - description: Create a new Connection Config. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#4-cloud-connection-configuration-%EC%A0%95%EB%B3%B4-%EB%93%B1%EB%A1%9D-%EB%B0%8F-%EA%B4%80%EB%A6%AC)] + description: "Create a new Connection Config. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#4-cloud-connection-configuration-%EC%A0%95%EB%B3%B4-%EB%93%B1%EB%A1%9D-%EB%B0%8F-%EA%B4%80%EB%A6%AC)]" Count-Subnets-By-Connection: method: get resourcePath: /countsubnet/{ConnectionName} - description: Get the total number of Subnets for a specific connection. + description: "Get the total number of Subnets for a specific connection." Count-Vpcs-By-Connection: method: get resourcePath: /countvpc/{ConnectionName} - description: Get the total number of VPCs for a specific connection. + description: "Get the total number of VPCs for a specific connection." Upload-Cloud-Driver: method: post resourcePath: /driver/upload - description: Upload a Cloud Driver library file. + description: "Upload a Cloud Driver library file." Health-Check-Readyz: method: get resourcePath: /readyz - description: Checks the health of CB-Spider service and its dependencies via - /readyz endpoint. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/Readiness-Check-Guide)] + description: "Checks the health of CB-Spider service and its dependencies via /readyz endpoint. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/Readiness-Check-Guide)]" Unregister-Subnet: method: delete resourcePath: /regsubnet/{Name} - description: Unregister a Subnet from a specified VPC. + description: "Unregister a Subnet from a specified VPC." Get-Vm-Status: method: get resourcePath: /vmstatus/{Name} - description: Retrieve the status of a specific Virtual Machine (VM). + description: "Retrieve the status of a specific Virtual Machine (VM)." List-All-Vpc: method: get resourcePath: /allvpc - description: Retrieve a comprehensive list of all Virtual Private Clouds (VPCs) - associated with a specific connection,
including those mapped between - CB-Spider and the CSP,
only registered in CB-Spider's metadata,
- and only existing in the CSP. + description: "Retrieve a comprehensive list of all Virtual Private Clouds (VPCs) associated with a specific connection,
including those mapped between CB-Spider and the CSP,
only registered in CB-Spider's metadata,
and only existing in the CSP." Any-Call: method: post resourcePath: /anycall - description: Execute a custom function (FID) with key-value parameters through - AnyCall. 🕷️ [[Development Guide](https://github.com/cloud-barista/cb-spider/wiki/AnyCall-API-Extension-Guide)] + description: "Execute a custom function (FID) with key-value parameters through AnyCall. 🕷️ [[Development Guide](https://github.com/cloud-barista/cb-spider/wiki/AnyCall-API-Extension-Guide)]" Get-Credential: method: get resourcePath: /credential/{CredentialName} - description: Retrieve details of a specific Credential. + description: "Retrieve details of a specific Credential." Unregister-Credential: method: delete resourcePath: /credential/{CredentialName} - description: Unregister a specific Credential. + description: "Unregister a specific Credential." Get-Disk: method: get resourcePath: /disk/{Name} - description: Retrieve details of a specific Disk. + description: "Retrieve details of a specific Disk." Delete-Disk: method: delete resourcePath: /disk/{Name} - description: Delete a specified Disk. + description: "Delete a specified Disk." List-Product-Family: method: get resourcePath: /productfamily/{RegionName} - description: Retrieve a list of Product Families associated with a specific - connection and region. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Price-Info-and-Cloud-Driver-API)], - 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/RestAPI-Multi%E2%80%90Cloud-Price-Information-Guide)] + description: "Retrieve a list of Product Families associated with a specific connection and region. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Price-Info-and-Cloud-Driver-API)], 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/RestAPI-Multi%E2%80%90Cloud-Price-Information-Guide)]" Get-Region: method: get resourcePath: /region/{RegionName} - description: Retrieve details of a specific Region. + description: "Retrieve details of a specific Region." Unregister-Region: method: delete resourcePath: /region/{RegionName} - description: Unregister a specific Region. + description: "Unregister a specific Region." Remove-Csp-Subnet: method: delete resourcePath: /vpc/{VPCName}/cspsubnet/{Id} - description: Remove an existing CSP Subnet from a VPC. + description: "Remove an existing CSP Subnet from a VPC." List-All-Vm: method: get resourcePath: /allvm - description: Retrieve a comprehensive list of all Virtual Machines (VMs) associated - with a specific connection,
including those mapped between CB-Spider - and the CSP,
only registered in CB-Spider's metadata,
and only existing - in the CSP. + description: "Retrieve a comprehensive list of all Virtual Machines (VMs) associated with a specific connection,
including those mapped between CB-Spider and the CSP,
only registered in CB-Spider's metadata,
and only existing in the CSP." Get-Myimage: method: get resourcePath: /myimage/{Name} - description: Retrieve details of a specific MyImage. + description: "Retrieve details of a specific MyImage." Delete-Myimage: method: delete resourcePath: /myimage/{Name} - description: Delete a specified MyImage. + description: "Delete a specified MyImage." Count-All-Clusters: method: get resourcePath: /countcluster - description: Get the total number of Clusters across all connections. + description: "Get the total number of Clusters across all connections." Count-All-Subnets: method: get resourcePath: /countsubnet - description: Get the total number of Subnets across all connections. + description: "Get the total number of Subnets across all connections." Get-Image: method: get resourcePath: /vmimage/{Name} - description: Retrieve details of a specific Public Image. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/How-to-get-Image-List-with-REST-API)] + description: "Retrieve details of a specific Public Image. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/How-to-get-Image-List-with-REST-API)]" Remove-Subnet: method: delete resourcePath: /vpc/{VPCName}/subnet/{SubnetName} - description: Remove an existing Subnet from a VPC. + description: "Remove an existing Subnet from a VPC." List-All-Cluster: method: get resourcePath: /allcluster - description: Retrieve a comprehensive list of all Clusters associated with a - specific connection,
including those mapped between CB-Spider and the - CSP,
only registered in CB-Spider's metadata,
and only existing - in the CSP. + description: "Retrieve a comprehensive list of all Clusters associated with a specific connection,
including those mapped between CB-Spider and the CSP,
only registered in CB-Spider's metadata,
and only existing in the CSP." Upgrade-Cluster: method: put resourcePath: /cluster/{Name}/upgrade - description: Upgrade a Cluster to a specified version. + description: "Upgrade a Cluster to a specified version." Count-Clusters-By-Connection: method: get resourcePath: /countcluster/{ConnectionName} - description: Get the total number of Clusters for a specific connection. + description: "Get the total number of Clusters for a specific connection." Count-All-Nlbs: method: get resourcePath: /countnlb - description: Get the total number of Network Load Balancers (NLBs) across all - connections. + description: "Get the total number of Network Load Balancers (NLBs) across all connections." Attach-Disk: method: put resourcePath: /disk/{Name}/attach - description: Attach an existing Disk to a VM. + description: "Attach an existing Disk to a VM." Get-Cluster-Owner-Vpc: method: post resourcePath: /getclusterowner - description: Retrieve the owner VPC of a specified Cluster. + description: "Retrieve the owner VPC of a specified Cluster." Count-Vms-By-Connection: method: get resourcePath: /countvm/{ConnectionName} - description: Get the total number of Virtual Machines (VMs) for a specific connection. + description: "Get the total number of Virtual Machines (VMs) for a specific connection." Get-Region-Zone-Preconfig: method: get resourcePath: /preconfig/regionzone/{Name} - description: Retrieve details of a specific pre-configured Region Zone based - on driver and credential names. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/REST-API-Region-Zone-Information-Guide)] + description: "Retrieve details of a specific pre-configured Region Zone based on driver and credential names. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/REST-API-Region-Zone-Information-Guide)]" Get-Price-Info: method: post resourcePath: /priceinfo/{ProductFamily}/{RegionName} - description: 'Retrieve price details of a specific Product Family in a specific - Region. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Price-Info-and-Cloud-Driver-API)], - 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/RestAPI-Multi%E2%80%90Cloud-Price-Information-Guide)] -
* example body: {"connectionName":"aws-connection","FilterList":[{"Key":"instanceType","Value":"t2.micro"}]}' + description: 'Retrieve price details of a specific Product Family in a specific Region. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Price-Info-and-Cloud-Driver-API)], 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/RestAPI-Multi%E2%80%90Cloud-Price-Information-Guide)]
* example body: {"connectionName":"aws-connection","FilterList":[{"Key":"instanceType","Value":"t2.micro"}]}' Register-Vm: method: post resourcePath: /regvm - description: Register a new Virtual Machine (VM) with the specified name and - CSP ID. + description: "Register a new Virtual Machine (VM) with the specified name and CSP ID." List-Key: method: get resourcePath: /keypair - description: Retrieve a list of KeyPairs associated with a specific connection. + description: "Retrieve a list of KeyPairs associated with a specific connection." Create-Key: method: post resourcePath: /keypair - description: Create a new KeyPair with the specified configurations. 🕷️ [[User - Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#5-vm-keypair-%EC%83%9D%EC%84%B1-%EB%B0%8F-%EC%A0%9C%EC%96%B4)] + description: "Create a new KeyPair with the specified configurations. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#5-vm-keypair-%EC%83%9D%EC%84%B1-%EB%B0%8F-%EC%A0%9C%EC%96%B4)]" Unregister-Vm: method: delete resourcePath: /regvm/{Name} - description: Unregister a Virtual Machine (VM) with the specified name. + description: "Unregister a Virtual Machine (VM) with the specified name." List-All-Securitygroups: method: get resourcePath: /allsecuritygroup - description: Retrieve a comprehensive list of all Security Groups associated - with a specific connection,
including those mapped between CB-Spider - and the CSP,
only registered in CB-Spider's metadata,
and only existing - in the CSP. + description: "Retrieve a comprehensive list of all Security Groups associated with a specific connection,
including those mapped between CB-Spider and the CSP,
only registered in CB-Spider's metadata,
and only existing in the CSP." Delete-Csp-Securitygroup: method: delete resourcePath: /cspsecuritygroup/{Id} - description: Delete a specified CSP Security Group. + description: "Delete a specified CSP Security Group." List-Preconfigured-Original-Org-Region: method: get resourcePath: /preconfig/orgregion - description: Retrieve a list of pre-configured Original Regions based on driver - and credential names.
The response structure may vary depending on the - request DriverName and CredentialName. + description: "Retrieve a list of pre-configured Original Regions based on driver and credential names.
The response structure may vary depending on the request DriverName and CredentialName." Unregister-Vpc: method: delete resourcePath: /regvpc/{Name} - description: Unregister a VPC with the specified name. + description: "Unregister a VPC with the specified name." List-Org-Vm-Spec: method: get resourcePath: /vmorgspec - description: Retrieve a list of Original VM Specs associated with a specific - connection.
The response structure may vary depending on the request - ConnectionName. + description: "Retrieve a list of Original VM Specs associated with a specific connection.
The response structure may vary depending on the request ConnectionName." Get-Org-Vm-Spec: method: get resourcePath: /vmorgspec/{Name} - description: Retrieve details of a specific Original VM Spec. + description: "Retrieve details of a specific Original VM Spec." List-All-Key: method: get resourcePath: /allkeypair - description: Retrieve a comprehensive list of all KeyPairs associated with a - specific connection,
including those mapped between CB-Spider and the - CSP,
only registered in CB-Spider's metadata,
and only existing - in the CSP. + description: "Retrieve a comprehensive list of all KeyPairs associated with a specific connection,
including those mapped between CB-Spider and the CSP,
only registered in CB-Spider's metadata,
and only existing in the CSP." Get-Region-Zone: method: get resourcePath: /regionzone/{Name} - description: Retrieve details of a specific Region Zone. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/REST-API-Region-Zone-Information-Guide)] + description: "Retrieve details of a specific Region Zone. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/REST-API-Region-Zone-Information-Guide)]" Add-Rules-Securitygroup: method: post resourcePath: /securitygroup/{SGName}/rules - description: Add new rules to a Security Group. + description: "Add new rules to a Security Group." Remove-Rules-Securitygroup: method: delete resourcePath: /securitygroup/{SGName}/rules - description: Remove existing rules from a Security Group. + description: "Remove existing rules from a Security Group." Delete-Csp-Myimage: method: delete resourcePath: /cspmyimage/{Id} - description: Delete a specified CSP MyImage. + description: "Delete a specified CSP MyImage." Unregister-Myimage: method: delete resourcePath: /regmyimage/{Name} - description: Unregister a MyImage with the specified name. + description: "Unregister a MyImage with the specified name." Register-Nlb: method: post resourcePath: /regnlb - description: Register a new Network Load Balancer (NLB) with the specified name - and CSP ID. + description: "Register a new Network Load Balancer (NLB) with the specified name and CSP ID." Get-Securitygroup: method: get resourcePath: /securitygroup/{Name} - description: Retrieve details of a specific Security Group. + description: "Retrieve details of a specific Security Group." Delete-Securitygroup: method: delete resourcePath: /securitygroup/{Name} - description: Delete a specified Security Group. + description: "Delete a specified Security Group." Terminate-Vm: method: delete resourcePath: /vm/{Name} - description: Terminate a specified Virtual Machine (VM). + description: "Terminate a specified Virtual Machine (VM)." Get-Vm: method: get resourcePath: /vm/{Name} - description: Retrieve details of a specific Virtual Machine (VM). + description: "Retrieve details of a specific Virtual Machine (VM)." Register-Subnet: method: post resourcePath: /regsubnet - description: Register a new Subnet within a specified VPC. + description: "Register a new Subnet within a specified VPC." Add-Subnet: method: post resourcePath: /vpc/{VPCName}/subnet - description: Add a new Subnet to an existing VPC. + description: "Add a new Subnet to an existing VPC." List-Cloudos: method: get resourcePath: /cloudos - description: Retrieve a list of supported Cloud OS. + description: "Retrieve a list of supported Cloud OS." Count-All-Keys: method: get resourcePath: /countkeypair - description: Get the total number of KeyPairs across all connections. + description: "Get the total number of KeyPairs across all connections." Count-Securitygroups-By-Connection: method: get resourcePath: /countsecuritygroup/{ConnectionName} - description: Get the total number of Security Groups for a specific connection. + description: "Get the total number of Security Groups for a specific connection." Health-Check-Ping: method: get resourcePath: /ping - description: Checks the health of CB-Spider service and its dependencies via - /ping endpoint. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/Readiness-Check-Guide)] + description: "Checks the health of CB-Spider service and its dependencies via /ping endpoint. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/Readiness-Check-Guide)]" List-Vm-Status: method: get resourcePath: /vmstatus - description: Retrieve a list of statuses for Virtual Machines (VMs) associated - with a specific connection. + description: "Retrieve a list of statuses for Virtual Machines (VMs) associated with a specific connection." Count-Connections-By-Provider: method: get resourcePath: /countconnectionconfig/{ProviderName} - description: Get the total number of connections for a specific provider. + description: "Get the total number of connections for a specific provider." Delete-Csp-Cluster: method: delete resourcePath: /cspcluster/{Id} - description: Delete a specified CSP Cluster. + description: "Delete a specified CSP Cluster." Unregister-Cluster: method: delete resourcePath: /regcluster/{Name} - description: Unregister a Cluster with the specified name. + description: "Unregister a Cluster with the specified name." Register-Myimage: method: post resourcePath: /regmyimage - description: Register a new MyImage with the specified name and CSP ID. + description: "Register a new MyImage with the specified name and CSP ID." Unregister-Securitygroup: method: delete resourcePath: /regsecuritygroup/{Name} - description: Unregister a Security Group with the specified name. + description: "Unregister a Security Group with the specified name." Get-Vm-Spec: method: get resourcePath: /vmspec/{Name} - description: Retrieve details of a specific VM spec. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#2-vm-spec-%EC%A0%95%EB%B3%B4-%EC%A0%9C%EA%B3%B5)] + description: "Retrieve details of a specific VM spec. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#2-vm-spec-%EC%A0%95%EB%B3%B4-%EC%A0%9C%EA%B3%B5)]" List-Cluster: method: get resourcePath: /cluster - description: Retrieve a list of Clusters associated with a specific connection. + description: "Retrieve a list of Clusters associated with a specific connection." Create-Cluster: method: post resourcePath: /cluster - description: 'Create a new Cluster with specified configurations. 🕷️ [[Concept - Guide](https://github.com/cloud-barista/cb-spider/wiki/Provider-Managed-Kubernetes-and-Driver-API)] -
* NodeGroupList is optional, depends on CSP type:
 - Type-I - (e.g., Tencent, Alibaba): requires separate Node Group addition after Cluster - creation.
 - Type-II (e.g., Azure, NHN): mandates at least one Node - Group during initial Cluster creation.' + description: "Create a new Cluster with specified configurations. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Provider-Managed-Kubernetes-and-Driver-API)]
* NodeGroupList is optional, depends on CSP type:
 - Type-I (e.g., Tencent, Alibaba): requires separate Node Group addition after Cluster creation.
 - Type-II (e.g., Azure, NHN): mandates at least one Node Group during initial Cluster creation." Count-All-Myimages: method: get resourcePath: /countmyimage - description: Get the total number of MyImages across all connections. + description: "Get the total number of MyImages across all connections." Detach-Disk: method: put resourcePath: /disk/{Name}/detach - description: Detach an existing Disk from a VM. + description: "Detach an existing Disk from a VM." List-Cloud-Drivers: method: get resourcePath: /driver - description: Retrieve a list of registered Cloud Drivers. + description: "Retrieve a list of registered Cloud Drivers." Register-Cloud-Driver: method: post resourcePath: /driver - description: Register a new Cloud Driver. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#1-cloud-driver-%EC%A0%95%EB%B3%B4-%EB%93%B1%EB%A1%9D-%EB%B0%8F-%EA%B4%80%EB%A6%AC)] + description: "Register a new Cloud Driver. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#1-cloud-driver-%EC%A0%95%EB%B3%B4-%EB%93%B1%EB%A1%9D-%EB%B0%8F-%EA%B4%80%EB%A6%AC)]" List-Nlb: method: get resourcePath: /nlb - description: Retrieve a list of Network Load Balancers (NLBs) associated with - a specific connection. + description: "Retrieve a list of Network Load Balancers (NLBs) associated with a specific connection." Create-Nlb: method: post resourcePath: /nlb - description: Create a new Network Load Balancer (NLB) with specified configurations. - 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Network-Load-Balancer-and-Driver-API)] + description: "Create a new Network Load Balancer (NLB) with specified configurations. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Network-Load-Balancer-and-Driver-API)]" List-Org-Zone: method: get resourcePath: /orgzone - description: Retrieve a list of Original Zones associated with a specific connection. -
The response structure may vary depending on the request ConnectionName. + description: "Retrieve a list of Original Zones associated with a specific connection.
The response structure may vary depending on the request ConnectionName." Health-Check-Healthcheck: method: get resourcePath: /healthcheck - description: Checks the health of CB-Spider service and its dependencies via - /healthcheck endpoint. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/Readiness-Check-Guide)] + description: "Checks the health of CB-Spider service and its dependencies via /healthcheck endpoint. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/Readiness-Check-Guide)]" Delete-Key: method: delete resourcePath: /keypair/{Name} - description: Delete a specified KeyPair. + description: "Delete a specified KeyPair." Get-Key: method: get resourcePath: /keypair/{Name} - description: Retrieve details of a specific KeyPair. + description: "Retrieve details of a specific KeyPair." List-Image: method: get resourcePath: /vmimage - description: Retrieve a list of Public Images associated with a specific connection. - 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/How-to-get-Image-List-with-REST-API)] + description: "Retrieve a list of Public Images associated with a specific connection. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/How-to-get-Image-List-with-REST-API)]" Get-Cluster: method: get resourcePath: /cluster/{Name} - description: Retrieve details of a specific Cluster. + description: "Retrieve details of a specific Cluster." Delete-Cluster: method: delete resourcePath: /cluster/{Name} - description: Delete a specified Cluster. + description: "Delete a specified Cluster." Get-Csp-Vm: method: get resourcePath: /cspvm/{Id} - description: Retrieve details of a specific CSP Virtual Machine (VM). + description: "Retrieve details of a specific CSP Virtual Machine (VM)." Terminate-Csp-Vm: method: delete resourcePath: /cspvm/{Id} - description: Terminate a specified CSP Virtual Machine (VM). + description: "Terminate a specified CSP Virtual Machine (VM)." Health-Check-Health: method: get resourcePath: /health - description: Checks the health of CB-Spider service and its dependencies via - /health endpoint. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/Readiness-Check-Guide)] + description: "Checks the health of CB-Spider service and its dependencies via /health endpoint. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/Readiness-Check-Guide)]" Register-Vpc: method: post resourcePath: /regvpc - description: Register a new Virtual Private Cloud (VPC) with the specified name - and CSP ID. + description: "Register a new Virtual Private Cloud (VPC) with the specified name and CSP ID." Unregister-Nlb: method: delete resourcePath: /regnlb/{Name} - description: Unregister a Network Load Balancer (NLB) with the specified name. + description: "Unregister a Network Load Balancer (NLB) with the specified name." Get-Sg-Owner-Vpc: method: post resourcePath: /getsecuritygroupowner - description: Retrieve the owner VPC of a specified Security Group. + description: "Retrieve the owner VPC of a specified Security Group." Create-Vpc: method: post resourcePath: /vpc - description: Create a new Virtual Private Cloud (VPC) with specified subnet - configurations. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#3-vpcsubnet-%EC%83%9D%EC%84%B1-%EB%B0%8F-%EC%A0%9C%EC%96%B4)] + description: "Create a new Virtual Private Cloud (VPC) with specified subnet configurations. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#3-vpcsubnet-%EC%83%9D%EC%84%B1-%EB%B0%8F-%EC%A0%9C%EC%96%B4)]" List-Vpc: method: get resourcePath: /vpc - description: Retrieve a list of Virtual Private Clouds (VPCs) associated with - a specific connection. + description: "Retrieve a list of Virtual Private Clouds (VPCs) associated with a specific connection." Control-Vm: method: put resourcePath: /controlvm/{Name} - description: Control the state of a Virtual Machine (VM) such as suspend, resume, - or reboot. + description: "Control the state of a Virtual Machine (VM) such as suspend, resume, or reboot." List-All-Myimage: method: get resourcePath: /allmyimage - description: Retrieve a comprehensive list of all MyImages associated with a - specific connection,
including those mapped between CB-Spider and the - CSP,
only registered in CB-Spider's metadata,
and only existing - in the CSP. + description: "Retrieve a comprehensive list of all MyImages associated with a specific connection,
including those mapped between CB-Spider and the CSP,
only registered in CB-Spider's metadata,
and only existing in the CSP." Count-Disks-By-Connection: method: get resourcePath: /countdisk/{ConnectionName} - description: Get the total number of Disks for a specific connection. + description: "Get the total number of Disks for a specific connection." List-Credentials: method: get resourcePath: /credential - description: Retrieve a list of registered Credentials. + description: "Retrieve a list of registered Credentials." Register-Credential: method: post resourcePath: /credential - description: Register a new Credential. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#2-cloud-credential-%EC%A0%95%EB%B3%B4-%EB%93%B1%EB%A1%9D-%EB%B0%8F-%EA%B4%80%EB%A6%AC)] + description: "Register a new Credential. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#2-cloud-credential-%EC%A0%95%EB%B3%B4-%EB%93%B1%EB%A1%9D-%EB%B0%8F-%EA%B4%80%EB%A6%AC)]" Delete-Csp-Disk: method: delete resourcePath: /cspdisk/{Id} - description: Delete a specified CSP Disk. + description: "Delete a specified CSP Disk." Register-Key: method: post resourcePath: /regkeypair - description: Register a new KeyPair with the specified name and CSP ID. + description: "Register a new KeyPair with the specified name and CSP ID." List-All-Nlb: method: get resourcePath: /allnlb - description: Retrieve a comprehensive list of all Network Load Balancers (NLBs) - associated with a specific connection,
including those mapped between - CB-Spider and the CSP,
only registered in CB-Spider's metadata,
- and only existing in the CSP. + description: "Retrieve a comprehensive list of all Network Load Balancers (NLBs) associated with a specific connection,
including those mapped between CB-Spider and the CSP,
only registered in CB-Spider's metadata,
and only existing in the CSP." Set-Nodegroup-Autoscaling: method: put resourcePath: /cluster/{Name}/nodegroup/{NodeGroupName}/onautoscaling - description: Enable or disable auto scaling for a Node Group in a Cluster. + description: "Enable or disable auto scaling for a Node Group in a Cluster." List-Vm-Spec: method: get resourcePath: /vmspec - description: Retrieve a list of VM specs associated with a specific connection. - 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#2-vm-spec-%EC%A0%95%EB%B3%B4-%EC%A0%9C%EA%B3%B5)] + description: "Retrieve a list of VM specs associated with a specific connection. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#2-vm-spec-%EC%A0%95%EB%B3%B4-%EC%A0%9C%EA%B3%B5)]" Count-All-Disks: method: get resourcePath: /countdisk - description: Get the total number of Disks across all connections. + description: "Get the total number of Disks across all connections." Register-Cluster: method: post resourcePath: /regcluster - description: Register a new Cluster with the specified VPC and CSP ID. + description: "Register a new Cluster with the specified VPC and CSP ID." Register-Securitygroup: method: post resourcePath: /regsecuritygroup - description: Register a new Security Group with the specified name and CSP ID. + description: "Register a new Security Group with the specified name and CSP ID." Get-Vpc: method: get resourcePath: /vpc/{Name} - description: Retrieve details of a specific Virtual Private Cloud (VPC). + description: "Retrieve details of a specific Virtual Private Cloud (VPC)." Delete-Vpc: method: delete resourcePath: /vpc/{Name} - description: Delete a specified Virtual Private Cloud (VPC). + description: "Delete a specified Virtual Private Cloud (VPC)." Get-Connection-Config: method: get resourcePath: /connectionconfig/{ConfigName} - description: Retrieve details of a specific Connection Config. + description: "Retrieve details of a specific Connection Config." Delete-Connection-Config: method: delete resourcePath: /connectionconfig/{ConfigName} - description: Delete a specific Connection Config. + description: "Delete a specific Connection Config." Get-Cloud-Driver: method: get resourcePath: /driver/{DriverName} - description: Retrieve details of a specific Cloud Driver. + description: "Retrieve details of a specific Cloud Driver." Unregister-Cloud-Driver: method: delete resourcePath: /driver/{DriverName} - description: Unregister a specific Cloud Driver. + description: "Unregister a specific Cloud Driver." Count-Nlbs-By-Connection: method: get resourcePath: /countnlb/{ConnectionName} - description: Get the total number of Network Load Balancers (NLBs) for a specific - connection. + description: "Get the total number of Network Load Balancers (NLBs) for a specific connection." Delete-Nlb: method: delete resourcePath: /nlb/{Name} - description: Delete a specified Network Load Balancer (NLB). + description: "Delete a specified Network Load Balancer (NLB)." Get-Nlb: method: get resourcePath: /nlb/{Name} - description: Retrieve details of a specific Network Load Balancer (NLB). + description: "Retrieve details of a specific Network Load Balancer (NLB)." Add-Nlb-Vms: method: post resourcePath: /nlb/{Name}/vms - description: Add a new set of VMs to an existing Network Load Balancer (NLB). + description: "Add a new set of VMs to an existing Network Load Balancer (NLB)." Remove-Nlb-Vms: method: delete resourcePath: /nlb/{Name}/vms - description: Remove a set of VMs from an existing Network Load Balancer (NLB). + description: "Remove a set of VMs from an existing Network Load Balancer (NLB)." List-Org-Region: method: get resourcePath: /orgregion - description: Retrieve a list of Original Regions associated with a specific - connection.
The response structure may vary depending on the request - ConnectionName. + description: "Retrieve a list of Original Regions associated with a specific connection.
The response structure may vary depending on the request ConnectionName." Count-All-Vms: method: get resourcePath: /countvm - description: Get the total number of Virtual Machines (VMs) across all connections. + description: "Get the total number of Virtual Machines (VMs) across all connections." Count-All-Vpcs: method: get resourcePath: /countvpc - description: Get the total number of VPCs across all connections. + description: "Get the total number of VPCs across all connections." Delete-Csp-Key: method: delete resourcePath: /cspkeypair/{Id} - description: Delete a specified CSP KeyPair. + description: "Delete a specified CSP KeyPair." Register-Disk: method: post resourcePath: /regdisk - description: Register a new Disk with the specified name, zone, and CSP ID. + description: "Register a new Disk with the specified name, zone, and CSP ID." Count-All-Securitygroups: method: get resourcePath: /countsecuritygroup - description: Get the total number of Security Groups across all connections. + description: "Get the total number of Security Groups across all connections." Delete-Csp-Vpc: method: delete resourcePath: /cspvpc/{Id} - description: Delete a specified CSP Virtual Private Cloud (VPC). + description: "Delete a specified CSP Virtual Private Cloud (VPC)." Get-Nlb-Owner-Vpc: method: post resourcePath: /getnlbowner - description: Retrieve the owner VPC of a specified Network Load Balancer (NLB). + description: "Retrieve the owner VPC of a specified Network Load Balancer (NLB)." Get-Vmgroup-Healthinfo: method: get resourcePath: /nlb/{Name}/health - description: Retrieve the health information of the VM group in a specified - Network Load Balancer (NLB). + description: "Retrieve the health information of the VM group in a specified Network Load Balancer (NLB)." List-Regions: method: get resourcePath: /region - description: Retrieve a list of registered Regions. + description: "Retrieve a list of registered Regions." Register-Region: method: post resourcePath: /region - description: Register a new Region. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#3-cloud-regionzone-%EC%A0%95%EB%B3%B4-%EB%93%B1%EB%A1%9D-%EB%B0%8F-%EA%B4%80%EB%A6%AC)] + description: "Register a new Region. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#3-cloud-regionzone-%EC%A0%95%EB%B3%B4-%EB%93%B1%EB%A1%9D-%EB%B0%8F-%EA%B4%80%EB%A6%AC)]" Create-Securitygroup: method: post resourcePath: /securitygroup - description: Create a new Security Group with specified rules and tags. 🕷️ [[Concept - Guide](https://github.com/cloud-barista/cb-spider/wiki/Security-Group-Rules-and-Driver-API)], - 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#4-securitygroup-%EC%83%9D%EC%84%B1-%EB%B0%8F-%EC%A0%9C%EC%96%B4)] + description: "Create a new Security Group with specified rules and tags. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Security-Group-Rules-and-Driver-API)], 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#4-securitygroup-%EC%83%9D%EC%84%B1-%EB%B0%8F-%EC%A0%9C%EC%96%B4)]" List-Securitygroup: method: get resourcePath: /securitygroup - description: Retrieve a list of Security Groups associated with a specific connection. + description: "Retrieve a list of Security Groups associated with a specific connection." List-All-Disk: method: get resourcePath: /alldisk - description: Retrieve a comprehensive list of all Disks associated with a specific - connection,
including those mapped between CB-Spider and the CSP,
- only registered in CB-Spider's metadata,
and only existing in the CSP. + description: "Retrieve a comprehensive list of all Disks associated with a specific connection,
including those mapped between CB-Spider and the CSP,
only registered in CB-Spider's metadata,
and only existing in the CSP." Add-Nodegroup: method: post resourcePath: /cluster/{Name}/nodegroup - description: Add a new Node Group to an existing Cluster. + description: "Add a new Node Group to an existing Cluster." List-Disk: method: get resourcePath: /disk - description: Retrieve a list of Disks associated with a specific connection. + description: "Retrieve a list of Disks associated with a specific connection." Create-Disk: method: post resourcePath: /disk - description: Create a new Disk with the specified configuration. 🕷️ [[Concept - Guide](https://github.com/cloud-barista/cb-spider/wiki/Disk-and-Driver-API)], - [[Snapshot-MyImage,Disk Guide](https://github.com/cloud-barista/cb-spider/wiki/VM-Snapshot,-MyImage-and-Disk-Overview)] + description: "Create a new Disk with the specified configuration. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/Disk-and-Driver-API)], [[Snapshot-MyImage,Disk Guide](https://github.com/cloud-barista/cb-spider/wiki/VM-Snapshot,-MyImage-and-Disk-Overview)]" List-Region-Zone-Preconfig: method: get resourcePath: /preconfig/regionzone - description: Retrieve a list of pre-configured Region Zones based on driver - and credential names. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/REST-API-Region-Zone-Information-Guide)] + description: "Retrieve a list of pre-configured Region Zones based on driver and credential names. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/REST-API-Region-Zone-Information-Guide)]" Delete-Csp-Nlb: method: delete resourcePath: /cspnlb/{Id} - description: Delete a specified CSP Network Load Balancer (NLB). + description: "Delete a specified CSP Network Load Balancer (NLB)." List-Region-Zone: method: get resourcePath: /regionzone - description: Retrieve a list of Region Zones associated with a specific connection. - 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/REST-API-Region-Zone-Information-Guide)] + description: "Retrieve a list of Region Zones associated with a specific connection. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/REST-API-Region-Zone-Information-Guide)]" Count-All-Connections: method: get resourcePath: /countconnectionconfig - description: Get the total number of connections. + description: "Get the total number of connections." Count-Keys-By-Connection: method: get resourcePath: /countkeypair/{ConnectionName} - description: Get the total number of KeyPairs for a specific connection. + description: "Get the total number of KeyPairs for a specific connection." Increase-Disk-Size: method: put resourcePath: /disk/{Name}/size - description: Increase the size of an existing disk. + description: "Increase the size of an existing disk." Change-Nodegroup-Scaling: method: put resourcePath: /cluster/{Name}/nodegroup/{NodeGroupName}/autoscalesize - description: Change the scaling settings for a Node Group in a Cluster. + description: "Change the scaling settings for a Node Group in a Cluster." List-Myimage: method: get resourcePath: /myimage - description: Retrieve a list of MyImages associated with a specific connection. + description: "Retrieve a list of MyImages associated with a specific connection." Snapshot-Vm: method: post resourcePath: /myimage - description: Create a new MyImage snapshot from a specified VM. 🕷️ [[Concept - Guide](https://github.com/cloud-barista/cb-spider/wiki/MyImage-and-Driver-API)], - [[Snapshot-MyImage,Disk Guide](https://github.com/cloud-barista/cb-spider/wiki/VM-Snapshot,-MyImage-and-Disk-Overview)] + description: "Create a new MyImage snapshot from a specified VM. 🕷️ [[Concept Guide](https://github.com/cloud-barista/cb-spider/wiki/MyImage-and-Driver-API)], [[Snapshot-MyImage,Disk Guide](https://github.com/cloud-barista/cb-spider/wiki/VM-Snapshot,-MyImage-and-Disk-Overview)]" Unregister-Key: method: delete resourcePath: /regkeypair/{Name} - description: Unregister a KeyPair with the specified name. + description: "Unregister a KeyPair with the specified name." Start-Vm: method: post resourcePath: /vm - description: Start a new Virtual Machine (VM) with specified configurations. - 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#2-%EB%A9%80%ED%8B%B0%ED%81%B4%EB%9D%BC%EC%9A%B0%EB%93%9C-vm-%EC%9D%B8%ED%94%84%EB%9D%BC-%EC%9E%90%EC%9B%90-%EC%A0%9C%EC%96%B4multi-cloud-vm-infra-resource-control)], - [[Snapshot-MyImage,Disk Guide](https://github.com/cloud-barista/cb-spider/wiki/VM-Snapshot,-MyImage-and-Disk-Overview)] + description: "Start a new Virtual Machine (VM) with specified configurations. 🕷️ [[User Guide](https://github.com/cloud-barista/cb-spider/wiki/features-and-usages#2-%EB%A9%80%ED%8B%B0%ED%81%B4%EB%9D%BC%EC%9A%B0%EB%93%9C-vm-%EC%9D%B8%ED%94%84%EB%9D%BC-%EC%9E%90%EC%9B%90-%EC%A0%9C%EC%96%B4multi-cloud-vm-infra-resource-control)], [[Snapshot-MyImage,Disk Guide](https://github.com/cloud-barista/cb-spider/wiki/VM-Snapshot,-MyImage-and-Disk-Overview)]" List-Vm: method: get resourcePath: /vm - description: Retrieve a list of Virtual Machines (VMs) associated with a specific - connection. + description: "Retrieve a list of Virtual Machines (VMs) associated with a specific connection." Get-Cloudos-Metainfo: method: get resourcePath: /cloudos/metainfo/{CloudOSName} - description: Retrieve metadata information for a specific Cloud OS. + description: "Retrieve metadata information for a specific Cloud OS." Count-Myimages-By-Connection: method: get resourcePath: /countmyimage/{ConnectionName} - description: Get the total number of MyImages for a specific connection. + description: "Get the total number of MyImages for a specific connection." Get-Vm-Using-Rs: method: get resourcePath: /getvmusingresources - description: Retrieve details of a VM using resource ID. + description: "Retrieve details of a VM using resource ID." Unregister-Disk: method: delete resourcePath: /regdisk/{Name} - description: Unregister a Disk with the specified name. + description: "Unregister a Disk with the specified name." + mc-iam-manager: - ResetUserPassword: - method: put - resourcePath: /api/users/id/{userId}/password - description: Reset a user's password (admin only) - SignupUser: - method: post - resourcePath: /api/auth/signup - description: Public user signup (no authentication required) - UpdateFrameworkService: - method: put - resourcePath: /api/mcmp-apis/name/{serviceName} - description: Updates specific fields (e.g., BaseURL, Auth info) of an MCMP API - service definition identified by its name. Cannot update name or version. - activateCspAccount: - method: post - resourcePath: /api/csp-accounts/id/{accountId}/activate - description: Activate a CSP account - activateCspIdpConfig: - method: post - resourcePath: /api/csp-idp-configs/id/{configId}/activate - description: Activate a CSP IDP configuration - addCspRoleMappings: - method: post - resourcePath: /api/roles/csp-roles - description: Create a new mapping between role and CSP role - addProjectToWorkspace: - method: post - resourcePath: /api/workspaces/assign/projects - description: Add a project to a workspace - addUserToWorkspace: - method: post - resourcePath: /api/workspaces/{id}/users - description: Add a user to a workspace - addWorkspaceToProject: - method: post - resourcePath: /api/projects/assign/workspaces - description: 프로젝트에 워크스페이스를 연결합니다. - assignGroupPlatformRole: - method: post - resourcePath: /api/groups/id/{groupId}/platform-roles - description: 그룹에 플랫폼 역할을 할당합니다. DB + Keycloak 이중 관리. - assignGroupWorkspace: - method: post - resourcePath: /api/groups/id/{groupId}/workspaces - description: 그룹을 워크스페이스에 매핑하고 역할을 지정합니다. DB 전용 관리. - assignMciamPermissionToRole: - method: post - resourcePath: /api/roles/{roleType}/{roleId}/mciam-permissions/{permissionId} - description: 역할에 MC-IAM 권한을 할당합니다. - assignPlatformRole: - method: post - resourcePath: /api/roles/assign/platform-role - description: Assign a platform role to a user - assignRole: - method: post - resourcePath: /api/roles/id/{roleId}/assign - description: Assign a role to a user - assignUserGroups: - method: post - resourcePath: /api/users/id/{userId}/groups - description: 사용자를 하나 이상의 그룹에 할당합니다. DB + Keycloak 그룹 동기화. - assignUserOrganizations: - method: post - resourcePath: /api/users/{userId}/organizations - description: 사용자를 하나 이상의 조직에 할당합니다 (다중 소속 가능). - assignWorkspaceRole: - method: post - resourcePath: /api/roles/assign/workspace-role - description: Assign a workspace role to a user - attachPolicyToRole: - method: post - resourcePath: /api/csp-policies/attach - description: Attach a CSP policy to a CSP role - changeMyPassword: - method: put - resourcePath: /api/users/me/password - description: Change the authenticated user's own password. Requires current - password for verification. - checkUserRoles: + Searchrolesbyname: method: get - resourcePath: /api/setup/check-user-roles - description: Check all roles assigned to a user. 특정 유저가 가진 role 목록을 조회합니다. - createCspAccount: - method: post - resourcePath: /api/csp-accounts - description: Create a new CSP account - createCspIdpConfig: - method: post - resourcePath: /api/csp-idp-configs - description: Create a new CSP IDP configuration - createCspPolicy: - method: post - resourcePath: /api/csp-policies - description: Create a new CSP policy - createCspRole: + resourcePath: /api/role/name/{roleName} + description: "role 검색" + Logout: method: post - resourcePath: /api/roles/csp - description: Create a new csp role - createCspRoles: - method: post - resourcePath: /api/roles/csp-roles/batch - description: Create multiple new csp roles - createMciamPermission: - method: post - resourcePath: /api/permissions/mciam - description: Create a new permission with the specified information. - createMcmpApiPermissionActionMapping: - method: post - resourcePath: /api/mcmp-api-permission-action-mappings - description: Creates a new mapping between a permission and an API action - createMenu: - method: post - resourcePath: /api/menus - description: Create a new menu - createMenusRolesMapping: - method: post - resourcePath: /api/menus/platform-roles - description: Create a new menu mapping - createOrganization: - method: post - resourcePath: /api/organizations - description: 플랫폼 관리자가 조직을 생성합니다. parent_id가 없으면 최상위 조직 생성. - createPlatformRole: + resourcePath: /api/auth/logout + description: "AccessToken및 RefreshToken을 받아 해당 토큰 파기" + Deleteresourcepermissionpolicesbyoperationid: + method: delete + resourcePath: /api/permission/framewrok/{framework}/operationid/{operationid}/remove + description: "권한을 OperationId를 기반으로 리소스 권한을 업데이트합니다." + listProjects: method: post - resourcePath: /api/roles/platform-roles - description: Create a new menu role + resourcePath: /api/projects/list + description: "project 목록 조회" createProject: method: post resourcePath: /api/projects - description: Create a new project with the specified information. Optionally - specify a workspace to assign the project to. - createResourceType: - method: post - resourcePath: /api/resource-types/cloud-resources - description: 새로운 리소스 타입을 생성합니다 - createRole: - method: post - resourcePath: /api/roles - description: Create a new role - createUser: - method: post - resourcePath: /api/users - description: Create a new user with the specified information. - createWorkspace: - method: post - resourcePath: /api/workspaces - description: Create a new workspace with the specified information. - createWorkspaceRole: - method: post - resourcePath: /api/roles/workspace-roles - description: Create a new workspace role - deactivateCspAccount: + description: "project 생성" + Getresources: + method: get + resourcePath: /api/resource + description: "리소스의 정보를 검색합니다." + Createresource: method: post - resourcePath: /api/csp-accounts/id/{accountId}/deactivate - description: Deactivate a CSP account - deactivateCspIdpConfig: + resourcePath: /api/resource + description: "리소스를 생성합니다." + Getrolelist: method: post - resourcePath: /api/csp-idp-configs/id/{configId}/deactivate - description: Deactivate a CSP IDP configuration - deleteCspAccount: - method: delete - resourcePath: /api/csp-accounts/id/{accountId} - description: Delete a CSP account by ID - deleteCspIdpConfig: - method: delete - resourcePath: /api/csp-idp-configs/id/{configId} - description: Delete a CSP IDP configuration by ID - deleteCspPolicy: - method: delete - resourcePath: /api/csp-policies/id/{policyId} - description: Delete a CSP policy by ID - deleteCspRole: - method: delete + resourcePath: /api/roles/list + description: "role 전체 목록 조회" + Getrolescsproles: + method: get resourcePath: /api/roles/csp-roles/id/{roleId} - description: Delete a role - deleteMapping: - method: delete - resourcePath: /api/mcmp-api-permission-action-mappings/permissions/{permissionId}/actions/{actionId} - description: Deletes a mapping between a permission and an API action - deleteMciamPermission: - method: delete - resourcePath: /api/permissions/mciam/{id} - description: Delete a permission by its ID. - deleteMenu: - method: delete - resourcePath: /api/menus/id/{menuId} - description: Delete a menu - deleteMenusRolesMapping: - method: delete - resourcePath: /api/menus/platform-roles - description: Delete the mapping between a platform role and a menu. - deleteOrganization: - method: delete - resourcePath: /api/organizations/id/{organizationId} - description: 조직을 삭제합니다. 하위 조직 또는 소속 사용자가 있으면 삭제 불가. - deletePlatformRole: - method: delete - resourcePath: /api/roles/platform-roles/id/{roleId} - description: Delete a platform role - deleteProject: - method: delete - resourcePath: /api/projects/{id} - description: Delete a project by its ID. - deleteResourceType: - method: delete - resourcePath: /api/resource-types/cloud-resources/framework/:frameworkId/id/:resourceTypeId - description: 리소스 타입을 삭제합니다 - deleteRole: - method: delete - resourcePath: /api/roles/id/{roleId} - description: Delete a role by its name. - deleteUser: - method: delete - resourcePath: /api/users/{id} - description: Delete a user by their ID. - deleteWorkspace: - method: delete - resourcePath: /api/workspaces/id/{workspaceId} - description: Delete a workspace by its ID. - deleteWorkspaceRole: - method: delete - resourcePath: /api/roles/workspace-roles/id/{roleId} - description: Delete a workspace role - detachPolicyFromRole: + description: "role별 CSP role 목록 조회" + listCSPRoles: method: post - resourcePath: /api/csp-policies/detach - description: Detach a CSP policy from a CSP role - getCloudResourceTypeByID: - method: get - resourcePath: /api/resource-types/cloud-resources/framework/:frameworkId/id/:resourceTypeId - description: 특정 리소스 타입을 ID로 조회합니다 - getCspAccountByID: - method: get - resourcePath: /api/csp-accounts/id/{accountId} - description: Retrieve CSP account details by ID - getCspIdpConfigByID: - method: get - resourcePath: /api/csp-idp-configs/id/{configId} - description: Retrieve CSP IDP configuration details by ID - getCspPolicyByID: - method: get - resourcePath: /api/csp-policies/id/{policyId} - description: Retrieve CSP policy details by ID - getCspRoleByID: - method: get - resourcePath: /api/roles/csp/id/{roleId} - description: Get csp role details by ID - getCspRoleByName: - method: get - resourcePath: /api/roles/csp/name/{roleName} - description: Get csp role details by Name - getCspRoleMappingByRoleId: - method: get - resourcePath: /api/roles/csp-roles/id/:roleId - description: Get a mapping between role and CSP role - getGroupPlatformRoles: - method: get - resourcePath: /api/groups/id/{groupId}/platform-roles - description: 그룹에 할당된 플랫폼 역할 목록을 조회합니다. - getGroupWorkspaces: - method: get - resourcePath: /api/groups/id/{groupId}/workspaces - description: 그룹에 매핑된 워크스페이스 및 역할 목록을 조회합니다. - getMciamPermissionByID: - method: get - resourcePath: /api/permissions/mciam/id/{id} - description: Retrieve permission details by permission ID. - getMenuByID: + resourcePath: /api/roles/csp/list + description: "CSP에 정의된 역할 목록 조회" + Createrole: method: post - resourcePath: /api/menus/id/{menuId} - description: Get menu details by ID - getOrganizationByCode: - method: get - resourcePath: /api/organizations/code/{code} - description: 조직 코드로 조직 정보를 조회합니다. - getOrganizationByID: - method: get - resourcePath: /api/organizations/id/{organizationId} - description: 조직 ID로 조직 정보를 조회합니다. - getOrganizationUsers: - method: get - resourcePath: /api/organizations/id/{organizationId}/users - description: 특정 조직에 소속된 사용자 목록을 조회합니다. - getPlatformActionsByPermissionID: - method: get - resourcePath: /api/mcmp-api-permission-action-mappings/platforms/id/{permissionId}/actions - description: Returns all platform actions mapped to a specific permission - getPlatformRoleByID: - method: get - resourcePath: /api/roles/platform-roles/id/{roleId} - description: Get platform role details by ID - getPlatformRoleByName: - method: get - resourcePath: /api/roles/platform-roles/name/{roleName} - description: Get menu role details by Name - getPolicyDocument: - method: get - resourcePath: /api/csp-policies/id/{policyId}/document - description: Get the policy document content - getProjectByID: - method: get - resourcePath: /api/projects/{id} - description: Retrieve project details by project ID. - getProjectByName: - method: get - resourcePath: /api/projects/name/{projectName} - description: Get project details by name - getProjectWorkspaces: - method: get - resourcePath: /api/projects/id/{projectId}/workspaces - description: Retrieve list of workspaces that the project is assigned to - getRoleByRoleID: - method: get + resourcePath: /api/roles + description: "role 생성" + Updaterole: + method: put resourcePath: /api/roles/id/{roleId} - description: Get role details by ID - getRoleByRoleName: + description: "role 수정" + Syncrolelistwithkeycloak: method: get - resourcePath: /api/roles/name/{roleName} - description: Retrieve role details by role name. - getRoleMasterMappings: + resourcePath: /api/tool/keycloak/role/sync + description: "연결된 TB(mcinframanager)의 NS 리스트를 Project List 로 등록. \n \n기존 등록된 project 와 중복이 발생하면 오류 발생. 새로운 환경에서 첫 회 실행하는 것을 추천." + Searchworkspacesbyname: method: get - resourcePath: /api/roles/mappings/role/id/:roleId - description: Get role master mappings - getRoleMciamPermissions: - method: get - resourcePath: /api/roles/{roleType}/{roleId}/mciam-permissions - description: 특정 역할의 MC-IAM 권한 ID 목록을 조회합니다. - getRolePolicies: - method: get - resourcePath: /api/csp-policies/role/{roleId} - description: Get list of policies attached to a CSP role - getUserByID: - method: get - resourcePath: /api/users/id/{userId} - description: Retrieve user details by user ID. - getUserByKcID: - method: get - resourcePath: /api/users/kc/{kcUserId} - description: Get user details by KcID - getUserByUsername: - method: get - resourcePath: /api/users/name/{username} - description: Get user details by username - getUserMenuTree: + resourcePath: /api/ws/workspace/{workspaceName} + description: "workspace 검색" + Readyz: method: get - resourcePath: /api/menus/user-menu-tree - description: Get menu tree based on user's platform roles - getUserOrganizations: + resourcePath: /readyz + description: "mc-iam-manager가 정상적으로 작동중인지 단순 확인합니다." + Getwpmappinglistorderbyworkspace: method: get - resourcePath: /api/users/{userId}/organizations - description: 사용자가 소속된 조직 목록을 조회합니다. - getUserWorkspaceAndWorkspaceRolesByUserID: + resourcePath: /api/wsprj + description: "workspace - projects mapping workspace 기준 모든 목록 조회" + Createwpmapping: + method: post + resourcePath: /api/wsprj + description: "workspace - projects mapping 생성" + addProjectToWorkspace: + method: post + resourcePath: /api/workspaces/assign/projects + description: "workspace에 project 등록" + Getworkspaceuserrolemappinglistbyworkspaceid: method: get - resourcePath: /api/users/id/{userId}/workspaces/roles/list - description: Get workspaces and roles for a specific user - getUserWorkspaceAndWorkspaceRolesByUserIDAndWorkspaceID: + resourcePath: /api/wsuserrole/workspace/id/{workspaceId} + description: "workspace - user - role mapping 목록 workspace 기준 조회" + Login: + method: post + resourcePath: /api/auth/login + description: "ID/Password를 받아 JWT 세션 토큰을 반환" + Gettokeninfo: method: get - resourcePath: /api/users/id/{userId}/workspaces/id/{workspaceId}/roles/list - description: Get workspaces and roles for a specific user and workspace - getUserWorkspaceRoles: + resourcePath: /api/auth/tokeninfo + description: "유저 정보 조회" + Getcurrentpermissioncsv: method: get - resourcePath: /api/workspaces/id/{workspaceId}/users/id/{userId} - description: Get roles assigned to a user in a workspace - getUserWorkspacesByUserID: + resourcePath: /api/permission/file/framework/{framework} + description: "현재 권한을 CSV 형태로 가져옵니다." + Importpermissionbycsv: + method: post + resourcePath: /api/permission/file/framework/{framework} + description: "CSV 기반으로 권한을 업데이트 합니다." + Getprojectbyid: method: get - resourcePath: /api/users/id/{userId}/workspaces/list - description: Get workspaces for a specific user + resourcePath: /api/prj/project/id/{projectId} + description: "project 단건 조회" + Updateprojectbyid: + method: put + resourcePath: /api/prj/project/id/{projectId} + description: "project 수정" + Deleteprojectbyid: + method: delete + resourcePath: /api/prj/project/id/{projectId} + description: "project 삭제" + deleteWorkspace: + method: delete + resourcePath: /api/workspaces/id/{workspaceId} + description: "workspace 삭제" getWorkspaceByID: method: get resourcePath: /api/workspaces/id/{workspaceId} - description: Retrieve workspace details by workspace ID. - getWorkspaceByName: - method: get - resourcePath: /api/workspaces/name/{workspaceName} - description: Retrieve specific workspace by name - getWorkspaceProjectsByWorkspaceId: + description: "workspace 단건 조회" + updateWorkspace: + method: put + resourcePath: /api/workspaces/id/{workspaceId} + description: "workspace 수정" + Getcerts: method: get - resourcePath: /api/workspaces/id/{workspaceId}/projects/list - description: Retrieve project list belonging to specific workspace - getWorkspaceRoleByID: + resourcePath: /api/auth/certs + description: "유저 토큰의 사용가능 유무" + Authgetuservalidate: method: get - resourcePath: /api/roles/workspace-roles/id/{roleId} - description: Get workspace role details by ID - getWorkspaceRoleByName: + resourcePath: /api/auth/validate + description: "유저 토큰의 사용가능 유무" + Getpermission: method: get - resourcePath: /api/roles/workspace-roles/name/{roleName} - description: Get workspace role details by Name - importAPIs: + resourcePath: /api/permission/framewrok/{framework}/operationid/{operationid} + description: "권한을 검색합니다." + Updateresourcepermissionbyoperationid: + method: put + resourcePath: /api/permission/framewrok/{framework}/operationid/{operationid} + description: "권한을 OperationId를 기반으로 리소스 권한을 업데이트합니다." + Activeuser: method: post - resourcePath: /api/mcmp-apis/import - description: Fetches API specifications from remote URLs and imports them to - the database. Supports swagger and openapi source types. Optionally accepts - baseUrl and authentication info to populate the mcmp_api_services table. - initializeMenuPermissions: + resourcePath: /api/user/active + description: "권한 있는 사용자가 해당 유저를 활성화합니다." + Getworkspaceuserrolemappinglistorderbyworkspace: method: get - resourcePath: /api/setup/initial-role-menu-permission - description: CSV 파일을 읽어서 메뉴 권한을 초기화합니다 - listAllWorkspaceUsersAndRoles: - method: post - resourcePath: /api/workspaces/users-roles/list - description: Retrieve the list of users and roles assigned to the workspace. - listCSPRoles: - method: post - resourcePath: /api/roles/csp/list - description: Get a list of all csp roles - listCloudResourceTypes: - method: post - resourcePath: /api/resource-types/cloud-resources/list - description: 모든 리소스 타입 목록을 조회합니다 - listCspAccounts: + resourcePath: /api/wsuserrole + description: "workspace - user - role mapping 목록 workspace 기준 전체 조회" + Createworkspaceuserrolemappingbyname: method: post - resourcePath: /api/csp-accounts/list - description: Retrieve a list of CSP accounts with optional filters - listCspIdpConfigs: + resourcePath: /api/wsuserrole + description: "workspace - user - role mapping 생성" + Getallavailablemenus: method: post - resourcePath: /api/csp-idp-configs/list - description: Retrieve a list of CSP IDP configurations with optional filters - listCspPolicies: + resourcePath: /api/users/menus/list + description: "해당 프레임워크 사용자에게 할당된 메뉴 리스트를 반환합니다." + Getmappedmenusbyrolelist: method: post - resourcePath: /api/csp-policies/list - description: Retrieve a list of CSP policies with optional filters - listCspRoleMappings: + resourcePath: /api/menus/platform-roles/list + description: "해당 프레임워크 역할에 할당된 메뉴 리스트를 반환합니다." + Deleteuser: + method: delete + resourcePath: /api/user/id/{userid} + description: "사용자를 삭제합니다." + Updateuser: + method: put + resourcePath: /api/user/id/{userid} + description: "사용자 정보를 업데이트 합니다." + Createworkspace: method: post - resourcePath: /api/roles/csp-roles/list - description: Get a mapping between role and CSP role - listMappedMenusByRole: + resourcePath: /api/workspaces + description: "workspace 생성" + listWorkspaces: method: post - resourcePath: /api/menus/platform-roles/list - description: List menus mapped to a specific platform role. + resourcePath: /api/workspaces/list + description: "workspace 목록 조회" listMciamPermissions: method: post resourcePath: /api/permissions/mciam/list - description: Retrieve a list of all permissions. - listMenus: + description: "모든 권한을 가져옵니다." + listUsersAndRolesByWorkspaces: method: post - resourcePath: /api/menus/list - description: List all menus as a tree structure. Admin permission required. - listMenusTree: - method: post - resourcePath: /api/menus/tree/list - description: List all menus as a tree structure. Admin permission required. - listOrganizations: - method: get - resourcePath: /api/organizations - description: 전체 조직 목록을 조회합니다. tree=true이면 Tree 구조로 반환. - listPermissionsByActionID: + resourcePath: /api/workspaces/id/{workspaceId}/users/list + description: "workspace 목록 조회" + getWorkspaceProjectsByWorkspaceId: method: get - resourcePath: /api/mcmp-api-permission-action-mappings/actions/{actionId}/permissions - description: Returns all permissions mapped to a specific API action - listPlatformActions: - method: post - resourcePath: /api/mcmp-api-permission-action-mappings/list - description: Returns all platform actions mapped to a specific permission - listPlatformRoles: - method: post - resourcePath: /api/roles/menu-roles/list - description: Get a list of all menu roles - listProjects: - method: post - resourcePath: /api/projects/list - description: Retrieve a list of all projects. - listRoleMasterMappings: - method: post - resourcePath: /api/roles/mappings/list - description: List role master mappings - listRoles: - method: post - resourcePath: /api/roles/list - description: Retrieve a list of all roles. - listRolesOfWorkspaceType: - method: post - resourcePath: /api/roles/workspace-roles/list - description: Get a list of all workspace roles - listServicesAndActions: + resourcePath: /api/workspaces/id/{workspaceId}/projects/list + ListUsersAndRolesByWorkspaces: method: post - resourcePath: /api/mcmp-apis/list - description: Retrieves all MCMP API service and action definitions currently - stored in the database. - listUserMenu: + resourcePath: /api/workspaces/id/{workspaceId}/users/list + listWorkspaceProjects: method: post - resourcePath: /api/users/menus/list - description: Get the menu list accessible to the current user's platform role. - listUserMenuTree: + resourcePath: /api/workspaces/projects/list + getTempCredentialProviders: + method: get + resourcePath: /api/auth/temp-credential-csps + description: "임시 자격 증명을 지원하는 CSP 목록 조회" + Appendresourcepermissionpolicesbyoperationid: + method: put + resourcePath: /api/permission/framewrok/{framework}/operationid/{operationid}/append + description: "권한을 OperationId를 기반으로 리소스 권한을 업데이트합니다." + Updateresource: + method: put + resourcePath: /api/resource/id/{id} + description: "리소스를 업데이트 합니다." + Deleteresource: + method: delete + resourcePath: /api/resource/id/{id} + description: "리소스를 삭제합니다." + Getmenuresources: method: post - resourcePath: /api/users/menus-tree/list - description: Get the menu tree accessible to the current user's platform role. - listUserProjectsByWorkspace: + # method: get + # resourcePath: /api/resource/menus + resourcePath: /api/menus/list + description: "메뉴 리소스를 검색합니다." + Getallpermissions: method: get - resourcePath: /api/users/workspaces/id/{workspaceId}/projects/list - description: List projects for the current user - listUserWorkspaceAndWorkspaceRoles: + resourcePath: /api/ticket + description: "사용자는 uma_protection Role 을 가져야 한다." + Getpermissionticket: method: post - resourcePath: /api/users/workspaces/roles/list - description: List workspaces and roles for the current user + resourcePath: /api/ticket + description: "사용자는 uma_protection Role 을 가져야 한다." + getProjectsByWorkspaceId: + method: get + resourcePath: /api/workspaces/id/{workspaceId}/projects/list + description: "workspace - projects mapping workspace 기준 목록 조회" listUserWorkspaces: method: post resourcePath: /api/users/workspaces/list - description: List workspaces for the current user - listUsers: - method: post - resourcePath: /api/users/list - description: Retrieve a list of all users. - listUsersAndRolesByWorkspace: - method: post - resourcePath: /api/workspaces/id/{workspaceId}/users/list - description: Retrieve users and roles list belonging to workspace - listUsersByCspRole: - method: post - resourcePath: /api/roles/mappings/csp-roles/list - description: List users by csp role - listUsersByPlatformRole: - method: post - resourcePath: /api/roles/mappings/platform-roles/users/list - description: List users by platform role - listUsersByWorkspaceRole: - method: post - resourcePath: /api/roles/mappings/workspace-roles/users/list - description: List users by workspace role - listWorkspaceActionsByPermissionID: - method: post - resourcePath: /api/mcmp-api-permission-action-mappings/actions/list - description: Returns all workspace actions mapped to a specific permission - listWorkspaceProjects: - method: post - resourcePath: /api/workspaces/projects/list - description: Retrieve project list belonging to specific workspace - listWorkspaceRoles: - method: post - resourcePath: /api/workspaces/roles/list - description: Retrieve all workspace-level roles with optional filtering - listWorkspaceUsers: - method: post - resourcePath: /api/workspaces/users/list - description: List users by workspace criteria - listWorkspaces: + description: "workspace - user - role mapping 목록 user 기준 조회" + Deleteworkspaceuserrolemapping: + method: delete + resourcePath: /api/wsuserrole/workspace/id/{workspaceId}/user/id/{userId} + description: "workspace - user - role mapping 목록 workspace 와 user 로 mapping 삭제" + Loginrefresh: method: post - resourcePath: /api/workspaces/list - description: Retrieve a list of all workspaces. - mciamAuthCerts: - method: get - resourcePath: /api/auth/certs - description: Retrieve authentication certificates for MC-IAM-Manager to be used - in target frameworks for token validation. - mciamCheckHealth: + resourcePath: /api/auth/refresh + description: "refresh_token과 기존 JWT를 받아, 새로운 JWT 토큰 발급" + Getuserinfo: method: get - resourcePath: /readyz - description: Check the health status of the service. - mciamCreateCredential: + resourcePath: /api/auth/userinfo + description: "유저 정보 조회" + Updateuseinfonotuse: + method: put + resourcePath: /api/auth/userinfo + description: "유저 정보 조회" + Createapiresourcesbyapiyaml: method: post - resourcePath: /api/csp-credentials - description: 새로운 CSP 인증 정보를 생성합니다 - mciamDeleteCredential: + resourcePath: /api/resource/file/framework/{framework} + description: "mc-admin-cli 에서 생성한 api yaml을 바탕으로 모든 리소스를 등록합니다. \n리소스가 중복될시 오류를 반환하고 업데이트 하지 않습니다." + Resetresource: method: delete - resourcePath: /api/csp-credentials/{id} - description: CSP 인증 정보를 삭제합니다 - mciamGetCredentialByID: + resourcePath: /api/resource/reset + description: "모든 리소스를 삭제합니다." + Syncprojectlistwithmcinfra: method: get - resourcePath: /api/csp-credentials/{id} - description: 특정 CSP 인증 정보를 ID로 조회합니다 - mciamGetTempCredentialProviders: + resourcePath: /api/tool/mcinfra/sync + description: "연결된 TB(mcinframanager)의 NS 리스트를 Project List 로 등록. \n \n기존 등록된 project 와 중복이 발생하면 오류 발생. 새로운 환경에서 첫 회 실행하는 것을 추천." + Getdependentpermissionsbypolicyid: method: get - resourcePath: /api/auth/temp-credential-csps - description: Get temporary credential provider information for AWS and GCP - mciamGetTemporaryCredentials: - method: post - resourcePath: /api/workspaces/temporary-credentials - description: Get temporary credentials for CSP - mciamListCredentials: + resourcePath: /api/permission/policyid/{policyid} + description: "권한을 검색합니다." + Searchprojectsbyname: + method: get + resourcePath: /api/prj/project/{projectName} + description: "project 목록 검색" + Resetmenuresource: + method: delete + resourcePath: /api/resource/reset/menu + description: "모든 메뉴 리소스를 삭제합니다." + Deleterolebyid: + method: delete + resourcePath: /api/roles/id/{roleId} + description: "role 삭제" + Getrolebyid: + method: get + resourcePath: /api/role/id/{roleId} + description: "role 단건 조회" + Updaterolebyid: + method: put + resourcePath: /api/role/id/{roleId} + description: "role 수정" + Getrolebypolicyidnotuse: method: get - resourcePath: /api/csp-credentials - description: 모든 CSP 인증 정보 목록을 조회합니다 - mciamLogin: + resourcePath: /api/role/policyid/{policyid} + description: "role 단건 조회" + Createmenuresourcesbymenuyaml: method: post - resourcePath: /api/auth/login - description: Authenticate user and issue JWT token. - mciamLogout: + resourcePath: /api/resource/file/framework/{framework}/menu + description: "mc-web-console 등 menu yaml을 사용해서 메뉴 리소스를 등록합니다." + Listusers: method: post - resourcePath: /api/auth/logout - description: Invalidate the user's refresh token and log out. - mciamRefreshToken: + resourcepath: /api/users/list + description: "사용자 목록 조회" + getUserByID: + method: get + resourcePath: /api/users/id/{userId} + description: "사용자 단건 조회 by id" + Getuserbyname: + method: get + resourcePath: /api/users/name/{username} + description: "사용자 단건 조회 by name" + Getuserworkspacesbyuserid: + method: get + resourcePath: /api/users/id/{userId}/workspaces/list + description: "특정 사용자의 워크스페이스 목록조회" + Createuser: method: post - resourcePath: /api/auth/refresh - description: Refresh JWT access token using a valid refresh token. - mciamUpdateCredential: - method: put - resourcePath: /api/csp-credentials/{id} - description: CSP 인증 정보를 업데이트합니다 - mciamValidateToken: + resourcePath: /api/user + description: "유저를 등록합니다." + Deactiveuser: method: post - resourcePath: /api/auth/validate - description: Validate the current access token and refresh if expired - mciamWorkspaceTicket: - method: post - resourcePath: /api/workspaces/workspace-ticket - description: Set workspace ticket - mcmpApiCall: - method: post - resourcePath: /api/mcmp-apis/mcmpApiCall - description: Executes a defined MCMP API action with parameters structured in - McmpApiCallRequest. - registerMenusFromBody: - method: post - resourcePath: /api/menus/setup/initial-menus2 - description: 'Parse YAML text in the request body and register or update menus - in the database. Recommended Content-Type: text/plain, text/yaml, application/yaml.' - registerMenusFromYAML: - method: post - resourcePath: /api/menus/setup/initial-menus - description: Register or update menus from a local YAML file specified by the - filePath query parameter, or from the MCWEBCONSOLE_MENUYAML URL in .env if - not provided. If loaded from URL, the file is saved to asset/menu/menu.yaml. - removeCspRoleMappings: - method: delete - resourcePath: /api/roles/unassign/csp-roles - description: Delete a mapping between workspace role and CSP role - removeGroupPlatformRole: - method: delete - resourcePath: /api/groups/id/{groupId}/platform-roles/{roleId} - description: 그룹에 할당된 플랫폼 역할을 해제합니다. DB + Keycloak 동시 제거. - removeGroupWorkspaceRole: - method: delete - resourcePath: /api/groups/id/{groupId}/workspaces/{workspaceId} - description: 그룹-워크스페이스 매핑을 제거합니다. - removeMciamPermissionFromRole: - method: delete - resourcePath: /api/roles/{roleType}/{roleId}/mciam-permissions/{permissionId} - description: 역할에서 MC-IAM 권한을 제거합니다. - removePlatformRole: - method: delete - resourcePath: /api/roles/unassign/platform-role - description: Remove a platform role from a user - removeProjectFromWorkspace: - method: delete - resourcePath: /api/workspaces/unassign/projects - description: Remove a project from a workspace - removeRole: - method: delete - resourcePath: /api/roles/id/{roleId}/unassign - description: Remove a role from a user - removeUserFromGroup: - method: delete - resourcePath: /api/users/id/{userId}/groups/{groupId} - description: 사용자를 특정 그룹에서 제거합니다. DB + Keycloak 그룹 동기화. - removeUserFromWorkspace: - method: delete - resourcePath: /api/workspaces/{id}/users/{userId} - description: Remove a user from a workspace - removeUserOrganization: - method: delete - resourcePath: /api/users/{userId}/organizations/{organizationId} - description: 사용자를 특정 조직에서 제거합니다. + resourcePath: /api/user/deactive + description: "권한 있는 사용자가 해당 유저를 비활성화합니다." removeWorkspaceFromProject: method: delete resourcePath: /api/projects/unassign/workspaces - description: Remove a workspace from a project - removeWorkspaceRole: - method: delete - resourcePath: /api/roles/unassign/workspace-role - description: Remove a workspace role from a user - setActiveVersion: - method: put - resourcePath: /api/mcmp-apis/name/{serviceName}/versions/{version}/activate - description: Sets the specified version of an MCMP API service as the active - one. - setupInitialAdmin: - method: post - resourcePath: /api/initial-admin - description: Creates the initial platform admin user with necessary permissions. - platform admin 생성인데 - setupInitialOrganizations: - method: post - resourcePath: /api/setup/initial-organizations - description: YAML 시드 파일에서 기본 조직 구조(MZC + 8개 프레임워크)를 로드하여 등록합니다. 멱등성 보장. - syncCspPolicies: - method: post - resourcePath: /api/csp-policies/sync - description: Synchronize policies from the CSP cloud - syncMcmpAPIs: - method: post - resourcePath: /api/mcmp-apis/syncMcmpAPIs - description: Triggers the synchronization of MCMP API definitions from the configured - YAML URL to the database. - syncProjects: - method: post - resourcePath: /api/setup/sync-projects - description: mc-infra-manager의 네임스페이스 목록을 조회하여 로컬 DB에 없는 프로젝트를 추가합니다. - getProjectSyncDiff: - method: get - resourcePath: /api/setup/projects/sync-diff - description: mc-infra-manager의 namespace 목록과 로컬 프로젝트를 비교하여 불일치 목록을 반환합니다. DB - 변경 없음. - applyProjectSync: - method: post - resourcePath: /api/setup/projects/sync - description: 지정된 nsId 목록의 project를 생성하거나 지정된 workspace에 할당합니다. - testCallGetAllNs: - method: get - resourcePath: /api/mcmp-apis/test/mc-infra-manager/getallns - description: Calls the GetAllNs action of the mc-infra-manager service via the - CallApi service. - testCspIdpConnection: - method: post - resourcePath: /api/csp-idp-configs/id/{configId}/test - description: Test connection to CSP using IDP configuration - updateCspAccount: - method: put - resourcePath: /api/csp-accounts/id/{accountId} - description: Update CSP account details - updateCspIdpConfig: - method: put - resourcePath: /api/csp-idp-configs/id/{configId} - description: Update CSP IDP configuration details - updateCspPolicy: - method: put - resourcePath: /api/csp-policies/id/{policyId} - description: Update CSP policy details - updateCspRole: - method: put - resourcePath: /api/roles/csp-roles/id/{roleId} - description: Update role information - updateGroupWorkspaceRole: - method: put - resourcePath: /api/groups/id/{groupId}/workspaces/{workspaceId} - description: 그룹-워크스페이스 매핑의 역할을 변경합니다. - updateMapping: - method: put - resourcePath: /api/mcmp-api-permission-action-mappings/permissions/{permissionId}/actions/{actionId} - description: Updates an existing mapping between a permission and an API action - updateMciamPermission: - method: put - resourcePath: /api/permissions/mciam/{id} - description: Update the details of an existing permission. - updateMenu: - method: put - resourcePath: /api/menus/id/{menuId} - description: Update menu information - updateOrganization: - method: put - resourcePath: /api/organizations/id/{organizationId} - description: 조직 정보를 수정합니다. 부모 변경 시 하위 조직 코드 자동 재생성. - updateProject: - method: put - resourcePath: /api/projects/{id} - description: Update the details of an existing project. - updateResourceType: - method: put - resourcePath: /api/resource-types/cloud-resources/framework/:frameworkId/id/:resourceTypeId - description: 리소스 타입 정보를 업데이트합니다 - updateRole: - method: put - resourcePath: /api/roles/id/{roleId} - description: Update the details of an existing role. - updateUser: - method: put - resourcePath: /api/users/{id} - description: Update the details of an existing user. - updateUserStatus: - method: post - resourcePath: /api/users/id/{userId}/status - description: Update user status (active/inactive) - updateWorkspace: - method: put - resourcePath: /api/workspaces/id/{workspaceId} - description: Update the details of an existing workspace. - validateCspAccount: - method: post - resourcePath: /api/csp-accounts/id/{accountId}/validate - description: Validate CSP account configuration + description: "Workspace에서 Project 할당 해제" + mc-infra-manager: Lookupspeclist: method: post resourcePath: /lookupSpecs - description: Lookup spec list + description: "Lookup spec list" Getlatencybenchmark: method: get resourcePath: /ns/{nsId}/benchmarkLatency/mci/{mciId} - description: Run MCI benchmark for network latency + description: "Run MCI benchmark for network latency" Getallsecuritygroup: method: get resourcePath: /ns/{nsId}/resources/securityGroup - description: List all Security Groups or Security Groups' ID + description: "List all Security Groups or Security Groups' ID" Postsecuritygroup: method: post resourcePath: /ns/{nsId}/resources/securityGroup - description: Create Security Group + description: "Create Security Group" Delallsecuritygroup: method: delete resourcePath: /ns/{nsId}/resources/securityGroup - description: Delete all Security Groups + description: "Delete all Security Groups" Postconfig: method: post resourcePath: /config - description: Create or Update config (TB_SPIDER_REST_URL, TB_DRAGONFLY_REST_URL, - ...) + description: "Create or Update config (TB_SPIDER_REST_URL, TB_DRAGONFLY_REST_URL, ...)" Initallconfig: method: delete resourcePath: /config - description: Init all configs + description: "Init all configs" Getallconfig: method: get resourcePath: /config - description: List all configs + description: "List all configs" Inspectresources: method: post resourcePath: /inspectResources - description: Inspect Resources (vNet, securityGroup, sshKey, vm) registered - in CB-Tumblebug, CB-Spider, CSP + description: "Inspect Resources (vNet, securityGroup, sshKey, vm) registered in CB-Tumblebug, CB-Spider, CSP" Postk8sclusterdynamiccheckrequest: method: post resourcePath: /k8sClusterDynamicCheckRequest - description: Check available ConnectionConfig list before create K8sCluster - Dynamically from common spec and image + description: "Check available ConnectionConfig list before create K8sCluster Dynamically from common spec and image" Deldatadisk: method: delete resourcePath: /ns/{nsId}/resources/dataDisk/{dataDiskId} - description: Delete Data Disk + description: "Delete Data Disk" Getdatadisk: method: get resourcePath: /ns/{nsId}/resources/dataDisk/{dataDiskId} - description: Get Data Disk + description: "Get Data Disk" Putdatadisk: method: put resourcePath: /ns/{nsId}/resources/dataDisk/{dataDiskId} - description: Upsize Data Disk + description: "Upsize Data Disk" Putsshkey: method: put resourcePath: /ns/{nsId}/resources/sshKey/{sshKeyId} - description: Update SSH Key + description: "Update SSH Key" Delsshkey: method: delete resourcePath: /ns/{nsId}/resources/sshKey/{sshKeyId} - description: Delete SSH Key + description: "Delete SSH Key" Getsshkey: method: get resourcePath: /ns/{nsId}/resources/sshKey/{sshKeyId} - description: Get SSH Key + description: "Get SSH Key" Getns: method: get resourcePath: /ns/{nsId} - description: Get namespace + description: "Get namespace" Putns: method: put resourcePath: /ns/{nsId} - description: Update namespace + description: "Update namespace" Delns: method: delete resourcePath: /ns/{nsId} - description: Delete namespace + description: "Delete namespace" Checkresource: method: get resourcePath: /ns/{nsId}/checkResource/{resourceType}/{resourceId} - description: Check resources' existence + description: "Check resources' existence" Getallnlb: method: get resourcePath: /ns/{nsId}/mci/{mciId}/nlb - description: List all NLBs or NLBs' ID + description: "List all NLBs or NLBs' ID" Postnlb: method: post resourcePath: /ns/{nsId}/mci/{mciId}/nlb - description: Create NLB + description: "Create NLB" Delallnlb: method: delete resourcePath: /ns/{nsId}/mci/{mciId}/nlb - description: Delete all NLBs + description: "Delete all NLBs" Registercspnativeresources: method: post resourcePath: /registerCspResources - description: Register CSP Native Resources (vNet, securityGroup, sshKey, vm) - to CB-Tumblebug + description: "Register CSP Native Resources (vNet, securityGroup, sshKey, vm) to CB-Tumblebug" Getcontrolmci: method: get resourcePath: /ns/{nsId}/control/mci/{mciId} - description: Control the lifecycle of MCI (refine, suspend, resume, reboot, - terminate) + description: "Control the lifecycle of MCI (refine, suspend, resume, reboot, terminate)" Getmonitordata: method: get resourcePath: /ns/{nsId}/monitoring/mci/{mciId}/metric/{metric} - description: Get monitoring data of specified MCI for specified monitoring metric - (cpu, memory, disk, network) + description: "Get monitoring data of specified MCI for specified monitoring metric (cpu, memory, disk, network)" Postobjectstorage: method: post resourcePath: /ns/{nsId}/resources/objectStorage - description: 'Create a Object Storages - - - Supported CSPs: AWS, Azure - - - Note - `connectionName` example: aws-ap-northeast-2, azure-koreacentral - - - - Note - Please check the `requiredCSPResource` property which includes CSP - specific values. - - - - Note - You can find the API usage examples on this link, https://github.com/cloud-barista/mc-terrarium/discussions/117 - - ' + description: "Create a Object Storages\n\nSupported CSPs: AWS, Azure\n- Note - `connectionName` example: aws-ap-northeast-2, azure-koreacentral\n\n- Note - Please check the `requiredCSPResource` property which includes CSP specific values.\n\n- Note - You can find the API usage examples on this link, https://github.com/cloud-barista/mc-terrarium/discussions/117\n" Getallobjectstorage: method: get resourcePath: /ns/{nsId}/resources/objectStorage - description: Get all Object Storages (TBD) + description: "Get all Object Storages (TBD)" Postutiltovalidatenetwork: method: post resourcePath: /util/net/validate - description: Validate a hierarchical configuration of a VPC network or multi-cloud - network consisting of multiple VPC networks + description: "Validate a hierarchical configuration of a VPC network or multi-cloud network consisting of multiple VPC networks" Getavailablek8snodeimage: method: get resourcePath: /availableK8sNodeImage - description: (UNDER DEVELOPMENT!!!) Get available kubernetes cluster node image + description: "(UNDER DEVELOPMENT!!!) Get available kubernetes cluster node image" Getk8sclusterinfo: method: get resourcePath: /k8sClusterInfo - description: Get kubernetes cluster information + description: "Get kubernetes cluster information" Loadassets: method: get resourcePath: /loadAssets - description: Load Common Resources from internal asset files (Spec, Image) + description: "Load Common Resources from internal asset files (Spec, Image)" Getcontrolmcivm: method: get resourcePath: /ns/{nsId}/control/mci/{mciId}/vm/{vmId} - description: Control the lifecycle of VM (suspend, resume, reboot, terminate) + description: "Control the lifecycle of VM (suspend, resume, reboot, terminate)" Delallvnet: method: delete resourcePath: /ns/{nsId}/resources/vNet - description: Delete all VNets + description: "Delete all VNets" Getallvnet: method: get resourcePath: /ns/{nsId}/resources/vNet - description: List all VNets or VNets' ID + description: "List all VNets or VNets' ID" Postvnet: method: post resourcePath: /ns/{nsId}/resources/vNet - description: Create a new VNet + description: "Create a new VNet" Postmcivmsnapshot: method: post resourcePath: /ns/{nsId}/mci/{mciId}/vm/{vmId}/snapshot - description: Snapshot VM and create a Custom Image Object using the Snapshot + description: "Snapshot VM and create a Custom Image Object using the Snapshot" Getregion: method: get resourcePath: /provider/{providerName}/region/{regionName} - description: Get registered region info + description: "Get registered region info" Postmcidynamiccheckrequest: method: post resourcePath: /mciDynamicCheckRequest - description: Check available ConnectionConfig list before create MCI Dynamically - from common spec and image + description: "Check available ConnectionConfig list before create MCI Dynamically from common spec and image" Postfiletomci: method: post resourcePath: /ns/{nsId}/transferFile/mci/{mciId} - description: 'Transfer a file to specified MCI to the specified path. - - The file size should be less than 10MB. - - Not for gerneral file transfer but for specific purpose (small configuration - files).' + description: "Transfer a file to specified MCI to the specified path.\nThe file size should be less than 10MB.\nNot for gerneral file transfer but for specific purpose (small configuration files)." Getbenchmark: method: post resourcePath: /ns/{nsId}/benchmark/mci/{mciId} - description: Run MCI benchmark for a single performance metric and return results + description: "Run MCI benchmark for a single performance metric and return results" Getnlb: method: get resourcePath: /ns/{nsId}/mci/{mciId}/nlb/{nlbId} - description: Get NLB + description: "Get NLB" Delnlb: method: delete resourcePath: /ns/{nsId}/mci/{mciId}/nlb/{nlbId} - description: Delete NLB + description: "Delete NLB" Postregistersubnet: method: post resourcePath: /ns/{nsId}/registerCspResource/vNet/{vNetId}/subnet - description: Register Subnet, which was created in CSP + description: "Register Subnet, which was created in CSP" Fetchimages: method: post resourcePath: /ns/{nsId}/resources/fetchImages - description: Fetch images + description: "Fetch images" Getobjectstorage: method: get resourcePath: /ns/{nsId}/resources/objectStorage/{objectStorageId} - description: Get resource info of a Object Storage + description: "Get resource info of a Object Storage" Deleteobjectstorage: method: delete resourcePath: /ns/{nsId}/resources/objectStorage/{objectStorageId} - description: Delete a Object Storage + description: "Delete a Object Storage" Removelabel: method: delete resourcePath: /label/{labelType}/{uid}/{key} - description: Remove a label from a resource identified by its uid + description: "Remove a label from a resource identified by its uid" Getbastionnodes: method: get resourcePath: /ns/{nsId}/mci/{mciId}/vm/{targetVmId}/bastion - description: Get bastion nodes for a VM + description: "Get bastion nodes for a VM" Getspec: method: get resourcePath: /ns/{nsId}/resources/spec/{specId} - description: Get spec + description: "Get spec" Putspec: method: put resourcePath: /ns/{nsId}/resources/spec/{specId} - description: Update spec + description: "Update spec" Delspec: method: delete resourcePath: /ns/{nsId}/resources/spec/{specId} - description: Delete spec + description: "Delete spec" Getsqldb: method: get resourcePath: /ns/{nsId}/resources/sqlDb/{sqlDbId} - description: Get resource info of a SQL datatbase + description: "Get resource info of a SQL datatbase" Deletesqldb: method: delete resourcePath: /ns/{nsId}/resources/sqlDb/{sqlDbId} - description: Delete a SQL datatbase + description: "Delete a SQL datatbase" Getvnet: method: get resourcePath: /ns/{nsId}/resources/vNet/{vNetId} - description: Get VNet + description: "Get VNet" Delvnet: method: delete resourcePath: /ns/{nsId}/resources/vNet/{vNetId} - description: 'Delete VNet - - - withsubnets: delete VNet and its subnets - - - refine: delete information of VNet and its subnets if there''s no info/resource - in Spider/CSP - - - force: delete VNet and its subnets regardless of the status of info/resource - in Spider/CSP' + description: "Delete VNet\n- withsubnets: delete VNet and its subnets\n- refine: delete information of VNet and its subnets if there's no info/resource in Spider/CSP\n- force: delete VNet and its subnets regardless of the status of info/resource in Spider/CSP" Testjwtauth: method: get resourcePath: /auth/test - description: Test JWT authentication + description: "Test JWT authentication" Getpublickeyforcredentialencryption: method: get resourcePath: /credential/publicKey - description: Generates an RSA key pair using a 4096-bit key size with the RSA - algorithm. The public key is generated using the RSA algorithm with OAEP padding - and SHA-256 as the hash function. This key is used to encrypt an AES key that - will be used for hybrid encryption of credentials. + description: "Generates an RSA key pair using a 4096-bit key size with the RSA algorithm. The public key is generated using the RSA algorithm with OAEP padding and SHA-256 as the hash function. This key is used to encrypt an AES key that will be used for hybrid encryption of credentials." Recommendk8snode: method: post resourcePath: /k8sClusterRecommendNode - description: Recommend K8sCluster's Node plan (filter and priority) Find details - from https://github.com/cloud-barista/cb-tumblebug/discussions/1234 + description: "Recommend K8sCluster's Node plan (filter and priority) Find details from https://github.com/cloud-barista/cb-tumblebug/discussions/1234" Postmcivm: method: post resourcePath: /ns/{nsId}/mci/{mciId}/vm - description: Create and add homogeneous VMs(subGroup) to a specified MCI (Set - subGroupSize for multiple VMs) + description: "Create and add homogeneous VMs(subGroup) to a specified MCI (Set subGroupSize for multiple VMs)" Postspec: method: post resourcePath: /ns/{nsId}/resources/spec - description: Register spec + description: "Register spec" Delallsharedresources: method: delete resourcePath: /ns/{nsId}/sharedResources - description: Delete all Default Resource Objects in the given namespace + description: "Delete all Default Resource Objects in the given namespace" Getrequiredk8ssubnetcount: method: get resourcePath: /requiredK8sSubnetCount - description: Get the required subnet count to create a K8sCluster + description: "Get the required subnet count to create a K8sCluster" Checkk8snodegroupsonk8screation: method: get resourcePath: /checkK8sNodeGroupsOnK8sCreation - description: Check whether nodegroups are required during the K8sCluster creation + description: "Check whether nodegroups are required during the K8sCluster creation" Getmcigroupids: method: get resourcePath: /ns/{nsId}/mci/{mciId}/subgroup - description: List SubGroup IDs in a specified MCI + description: "List SubGroup IDs in a specified MCI" Putvmdatadisk: method: put resourcePath: /ns/{nsId}/mci/{mciId}/vm/{vmId}/dataDisk - description: Attach/Detach available dataDisk + description: "Attach/Detach available dataDisk" Postvmdatadisk: method: post resourcePath: /ns/{nsId}/mci/{mciId}/vm/{vmId}/dataDisk - description: Provisioning (Create and attach) dataDisk + description: "Provisioning (Create and attach) dataDisk" Getvmdatadisk: method: get resourcePath: /ns/{nsId}/mci/{mciId}/vm/{vmId}/dataDisk - description: Get available dataDisks for a VM + description: "Get available dataDisks for a VM" Getsitetositevpn: method: get resourcePath: /ns/{nsId}/mci/{mciId}/vpn/{vpnId} - description: Get resource info of a site-to-site VPN (Currently, GCP-AWS is - supported) + description: "Get resource info of a site-to-site VPN (Currently, GCP-AWS is supported)" Putsitetositevpn: method: put resourcePath: /ns/{nsId}/mci/{mciId}/vpn/{vpnId} - description: (To be provided) Update a site-to-site VPN + description: "(To be provided) Update a site-to-site VPN" Deletesitetositevpn: method: delete resourcePath: /ns/{nsId}/mci/{mciId}/vpn/{vpnId} - description: Delete a site-to-site VPN (Currently, GCP-AWS is supported) + description: "Delete a site-to-site VPN (Currently, GCP-AWS is supported)" Getcustomimage: method: get resourcePath: /ns/{nsId}/resources/customImage/{customImageId} - description: Get customImage + description: "Get customImage" Delcustomimage: method: delete resourcePath: /ns/{nsId}/resources/customImage/{customImageId} - description: Delete customImage + description: "Delete customImage" Getallrequests: method: get resourcePath: /requests - description: Get details of all requests with optional filters. + description: "Get details of all requests with optional filters." Deleteallrequests: method: delete resourcePath: /requests - description: Delete details of all requests + description: "Delete details of all requests" Getcloudinfo: method: get resourcePath: /cloudInfo - description: Get cloud information + description: "Get cloud information" Getconnconfiglist: method: get resourcePath: /connConfig - description: List all registered ConnConfig + description: "List all registered ConnConfig" Deletederegistervnet: method: delete resourcePath: /ns/{nsId}/deregisterCspResource/vNet/{vNetId} - description: Deregister the VNet, which was created in CSP + description: "Deregister the VNet, which was created in CSP" Putsetk8snodegroupautoscaling: method: put resourcePath: /ns/{nsId}/k8sCluster/{k8sClusterId}/k8sNodeGroup/{k8sNodeGroupName}/onAutoscaling - description: Set a K8sNodeGroup's Autoscaling On/Off + description: "Set a K8sNodeGroup's Autoscaling On/Off" Getallcustomimage: method: get resourcePath: /ns/{nsId}/resources/customImage - description: List all customImages or customImages' ID + description: "List all customImages or customImages' ID" Postcustomimage: method: post resourcePath: /ns/{nsId}/resources/customImage - description: Register existing Custom Image in a CSP (option=register) + description: "Register existing Custom Image in a CSP (option=register)" Delallcustomimage: method: delete resourcePath: /ns/{nsId}/resources/customImage - description: Delete all customImages + description: "Delete all customImages" Filterspecsbyrange: method: post resourcePath: /ns/{nsId}/resources/filterSpecsByRange - description: Filter specs by range + description: "Filter specs by range" Postsystemmci: method: post resourcePath: /systemMci - description: Create System MCI Dynamically for Special Purpose + description: "Create System MCI Dynamically for Special Purpose" Lookupspec: method: post resourcePath: /lookupSpec - description: Lookup spec + description: "Lookup spec" Postk8snodegroup: method: post resourcePath: /ns/{nsId}/k8sCluster/{k8sClusterId}/k8sNodeGroup - description: Add a K8sNodeGroup + description: "Add a K8sNodeGroup" Getnlbhealth: method: get resourcePath: /ns/{nsId}/mci/{mciId}/nlb/{nlbId}/healthz - description: Get NLB Health + description: "Get NLB Health" Postmcisubgroupscaleout: method: post resourcePath: /ns/{nsId}/mci/{mciId}/subgroup/{subgroupId} - description: ScaleOut subGroup in specified MCI + description: "ScaleOut subGroup in specified MCI" Getmcigroupvms: method: get resourcePath: /ns/{nsId}/mci/{mciId}/subgroup/{subgroupId} - description: List VMs with a SubGroup label in a specified MCI + description: "List VMs with a SubGroup label in a specified MCI" Deletederegistersubnet: method: delete resourcePath: /ns/{nsId}/deregisterCspResource/vNet/{vNetId}/subnet/{subnetId} - description: Deregister Subnet, which was created in CSP + description: "Deregister Subnet, which was created in CSP" Putchangek8snodegroupautoscalesize: method: put resourcePath: /ns/{nsId}/k8sCluster/{k8sClusterId}/k8sNodeGroup/{k8sNodeGroupName}/autoscaleSize - description: Change a K8sNodeGroup's Autoscale Size + description: "Change a K8sNodeGroup's Autoscale Size" Getallmcipolicy: method: get resourcePath: /ns/{nsId}/policy/mci - description: List all MCI policies + description: "List all MCI policies" Delallmcipolicy: method: delete resourcePath: /ns/{nsId}/policy/mci - description: Delete all MCI policies + description: "Delete all MCI policies" Postimage: method: post resourcePath: /ns/{nsId}/resources/image - description: Register image + description: "Register image" Delallimage: method: delete resourcePath: /ns/{nsId}/resources/image - description: Delete all images + description: "Delete all images" Getallimage: method: get resourcePath: /ns/{nsId}/resources/image - description: List all images or images' ID + description: "List all images or images' ID" Postsubnet: method: post resourcePath: /ns/{nsId}/resources/vNet/{vNetId}/subnet - description: Create Subnet + description: "Create Subnet" Getallsubnet: method: get resourcePath: /ns/{nsId}/resources/vNet/{vNetId}/subnet - description: List all subnets + description: "List all subnets" Putupgradek8scluster: method: put resourcePath: /ns/{nsId}/k8sCluster/{k8sClusterId}/upgrade - description: Upgrade a K8sCluster's version + description: "Upgrade a K8sCluster's version" Getmcivm: method: get resourcePath: /ns/{nsId}/mci/{mciId}/vm/{vmId} - description: Get VM in specified MCI + description: "Get VM in specified MCI" Delmcivm: method: delete resourcePath: /ns/{nsId}/mci/{mciId}/vm/{vmId} - description: Delete VM in specified MCI + description: "Delete VM in specified MCI" Postinstallmonitoragenttomci: method: post resourcePath: /ns/{nsId}/monitoring/install/mci/{mciId} - description: Install monitoring agent (CB-Dragonfly agent) to MCI + description: "Install monitoring agent (CB-Dragonfly agent) to MCI" Getobject: method: get resourcePath: /object - description: Get value of an object + description: "Get value of an object" Deleteobject: method: delete resourcePath: /object - description: Delete an object + description: "Delete an object" Getavailablek8sclusterversion: method: get resourcePath: /availableK8sVersion - description: Get available kubernetes cluster version + description: "Get available kubernetes cluster version" Lookupimage: method: post resourcePath: /lookupImage - description: Lookup image + description: "Lookup image" Postregistervnet: method: post resourcePath: /ns/{nsId}/registerCspResource/vNet - description: Register the VNet, which was created in CSP + description: "Register the VNet, which was created in CSP" Getallsshkey: method: get resourcePath: /ns/{nsId}/resources/sshKey - description: List all SSH Keys or SSH Keys' ID + description: "List all SSH Keys or SSH Keys' ID" Postsshkey: method: post resourcePath: /ns/{nsId}/resources/sshKey - description: Create SSH Key + description: "Create SSH Key" Delallsshkey: method: delete resourcePath: /ns/{nsId}/resources/sshKey - description: Delete all SSH Keys + description: "Delete all SSH Keys" Getproviderlist: method: get resourcePath: /provider - description: List all registered Providers + description: "List all registered Providers" Checkk8snodeimagedesignation: method: get resourcePath: /checkK8sNodeImageDesignation - description: Check whether node image designation is possible to create a K8sCluster + description: "Check whether node image designation is possible to create a K8sCluster" Getconfig: method: get resourcePath: /config/{configId} - description: Get config + description: "Get config" Initconfig: method: delete resourcePath: /config/{configId} - description: Init config + description: "Init config" Registercredential: method: post resourcePath: /credential - description: This API registers credential information using hybrid encryption. - The process involves compressing and encrypting sensitive data with AES-256, - encrypting the AES key with a 4096-bit RSA public key (retrieved via `GET - /credential/publicKey`), and using OAEP padding with SHA-256. All values, - including the AES key, must be base64 encoded before sending, and the public - key token ID must be included in the request. + description: "This API registers credential information using hybrid encryption. The process involves compressing and encrypting sensitive data with AES-256, encrypting the AES key with a 4096-bit RSA public key (retrieved via `GET /credential/publicKey`), and using OAEP padding with SHA-256. All values, including the AES key, must be base64 encoded before sending, and the public key token ID must be included in the request." Getcontrolk8scluster: method: get resourcePath: /ns/{nsId}/control/k8sCluster/{k8sClusterId} - description: Control the creation of K8sCluster (continue, withdraw) + description: "Control the creation of K8sCluster (continue, withdraw)" Postmcivmdynamic: method: post resourcePath: /ns/{nsId}/mci/{mciId}/vmDynamic - description: Create VM Dynamically and add it to MCI + description: "Create VM Dynamically and add it to MCI" Postutiltodesignnetwork: method: post resourcePath: /util/net/design - description: Design a hierarchical network configuration of a VPC network or - multi-cloud network consisting of multiple VPC networks + description: "Design a hierarchical network configuration of a VPC network or multi-cloud network consisting of multiple VPC networks" Retrieveregionlistfromcsp: method: get resourcePath: /regionFromCsp - description: RetrieveR all region lists from CSPs + description: "RetrieveR all region lists from CSPs" Postteststreamresponse: method: post resourcePath: /testStreamResponse - description: Receives a number and streams the decrementing number every second - until zero + description: "Receives a number and streams the decrementing number every second until zero" Removebastionnodes: method: delete resourcePath: /ns/{nsId}/mci/{mciId}/bastion/{bastionVmId} - description: Remove a bastion VM from all vNets + description: "Remove a bastion VM from all vNets" Addnlbvms: method: post resourcePath: /ns/{nsId}/mci/{mciId}/nlb/{nlbId}/vm - description: Add VMs to NLB + description: "Add VMs to NLB" Removenlbvms: method: delete resourcePath: /ns/{nsId}/mci/{mciId}/nlb/{nlbId}/vm - description: Delete VMs from NLB + description: "Delete VMs from NLB" Getallsitetositevpn: method: get resourcePath: /ns/{nsId}/mci/{mciId}/vpn - description: Get all site-to-site VPNs + description: "Get all site-to-site VPNs" Postsitetositevpn: method: post resourcePath: /ns/{nsId}/mci/{mciId}/vpn - description: 'Create a site-to-site VPN - - - The supported CSP sets are as follows: - - - - GCP and AWS (Note: It will take about `15 minutes`.) - - - - GCP and Azure (Note: It will take about `30 minutes`.)' + description: "Create a site-to-site VPN\n\nThe supported CSP sets are as follows:\n\n- GCP and AWS (Note: It will take about `15 minutes`.)\n\n- GCP and Azure (Note: It will take about `30 minutes`.)" Delfirewallrules: method: delete resourcePath: /ns/{nsId}/resources/securityGroup/{securityGroupId}/rules - description: Delete FirewallRules + description: "Delete FirewallRules" Postfirewallrules: method: post resourcePath: /ns/{nsId}/resources/securityGroup/{securityGroupId}/rules - description: Create FirewallRules + description: "Create FirewallRules" Getobjects: method: get resourcePath: /objects - description: List all objects for a given key + description: "List all objects for a given key" Deleteobjects: method: delete resourcePath: /objects - description: Delete child objects along with the given object + description: "Delete child objects along with the given object" Getallbenchmark: method: post resourcePath: /ns/{nsId}/benchmarkAll/mci/{mciId} - description: Run MCI benchmark for all performance metrics and return results + description: "Run MCI benchmark for all performance metrics and return results" Postmci: method: post resourcePath: /ns/{nsId}/mci - description: Create MCI + description: "Create MCI" Delallmci: method: delete resourcePath: /ns/{nsId}/mci - description: Delete all MCIs + description: "Delete all MCIs" GetAllMci: method: get resourcePath: /ns/{nsId}/mci - description: List all MCIs or MCIs' ID + description: "List all MCIs or MCIs' ID" Postregistercspnativevm: method: post resourcePath: /ns/{nsId}/registerCspVm - description: Register existing VM in a CSP to Cloud-Barista MCI + description: "Register existing VM in a CSP to Cloud-Barista MCI" Getallsqldb: method: get resourcePath: /ns/{nsId}/resources/sqlDb - description: Get all SQL Databases (TBD) + description: "Get all SQL Databases (TBD)" Postsqldb: method: post resourcePath: /ns/{nsId}/resources/sqlDb - description: 'Create a SQL Databases - - - Supported CSPs: AWS, Azure, GCP, NCP - - - Note - `connectionName` example: aws-ap-northeast-2, azure-koreacentral, - gcp-asia-northeast3, ncpvpc-kr - - - - Note - Please check the `requiredCSPResource` property which includes CSP - specific values. - - - - Note - You can find the API usage examples on this link, https://github.com/cloud-barista/mc-terrarium/discussions/110 - - ' + description: "Create a SQL Databases\n\nSupported CSPs: AWS, Azure, GCP, NCP\n- Note - `connectionName` example: aws-ap-northeast-2, azure-koreacentral, gcp-asia-northeast3, ncpvpc-kr\n\n- Note - Please check the `requiredCSPResource` property which includes CSP specific values.\n\n- Note - You can find the API usage examples on this link, https://github.com/cloud-barista/mc-terrarium/discussions/110\n" Postk8sclusterdynamic: method: post resourcePath: /ns/{nsId}/k8sClusterDynamic - description: Create K8sCluster Dynamically from common spec and image + description: "Create K8sCluster Dynamically from common spec and image" Putmonitoragentstatusinstalled: method: put resourcePath: /ns/{nsId}/monitoring/status/mci/{mciId}/vm/{vmId} - description: Set monitoring agent (CB-Dragonfly agent) installation status installed - (for Windows VM only) + description: "Set monitoring agent (CB-Dragonfly agent) installation status installed (for Windows VM only)" Postinstallbenchmarkagenttomci: method: post resourcePath: /ns/{nsId}/installBenchmarkAgent/mci/{mciId} - description: Install the benchmark agent to specified MCI + description: "Install the benchmark agent to specified MCI" Getk8scluster: method: get resourcePath: /ns/{nsId}/k8sCluster/{k8sClusterId} - description: Get K8sCluster + description: "Get K8sCluster" Deletek8scluster: method: delete resourcePath: /ns/{nsId}/k8sCluster/{k8sClusterId} - description: Delete K8sCluster + description: "Delete K8sCluster" Getimage: method: get resourcePath: /ns/{nsId}/resources/image/{imageId} - description: GetImage returns an image object if there are matched images for - the given namespace and imageKey(Id, CspResourceName, GuestOS,...) + description: "GetImage returns an image object if there are matched images for the given namespace and imageKey(Id, CspResourceName, GuestOS,...)" Putimage: method: put resourcePath: /ns/{nsId}/resources/image/{imageId} - description: Update image + description: "Update image" Delimage: method: delete resourcePath: /ns/{nsId}/resources/image/{imageId} - description: Delete image + description: "Delete image" Getsubnet: method: get resourcePath: /ns/{nsId}/resources/vNet/{vNetId}/subnet/{subnetId} - description: Get Subnet + description: "Get Subnet" Delsubnet: method: delete resourcePath: /ns/{nsId}/resources/vNet/{vNetId}/subnet/{subnetId} - description: 'Delete Subnet - - - refine: delete a subnet `object` if there''s no resource on CSP or no inforamation - on Spider - - - force: force: delete a subnet `resource` on a CSP regardless of the current - resource status (e.g., attempt to delete even if in use)' + description: "Delete Subnet\n- refine: delete a subnet `object` if there's no resource on CSP or no inforamation on Spider\n- force: force: delete a subnet `resource` on a CSP regardless of the current resource status (e.g., attempt to delete even if in use)" Getregions: method: get resourcePath: /provider/{providerName}/region - description: Get registered region info + description: "Get registered region info" Postcmdmci: method: post resourcePath: /ns/{nsId}/cmd/mci/{mciId} - description: Send a command to specified MCI + description: "Send a command to specified MCI" Fetchspecs: method: post resourcePath: /ns/{nsId}/resources/fetchSpecs - description: Fetch specs + description: "Fetch specs" Searchimage: method: post resourcePath: /ns/{nsId}/resources/searchImage - description: Search image + description: "Search image" Getresourcesbylabelselector: method: get resourcePath: /resources/{labelType} - description: 'Get resources based on a label selector. The label selector supports - the following operators: - - - `=` : Selects resources where the label key equals the specified value (e.g., - `env=production`). - - - `!=` : Selects resources where the label key does not equal the specified - value (e.g., `tier!=frontend`). - - - `in` : Selects resources where the label key is in the specified set of - values (e.g., `region in (us-west, us-east)`). - - - `notin` : Selects resources where the label key is not in the specified - set of values (e.g., `env notin (production, staging)`). - - - `exists` : Selects resources where the label key exists (e.g., `env exists`). - - - `!exists` : Selects resources where the label key does not exist (e.g., - `env !exists`).' + description: "Get resources based on a label selector. The label selector supports the following operators:\n- `=` : Selects resources where the label key equals the specified value (e.g., `env=production`).\n- `!=` : Selects resources where the label key does not equal the specified value (e.g., `tier!=frontend`).\n- `in` : Selects resources where the label key is in the specified set of values (e.g., `region in (us-west, us-east)`).\n- `notin` : Selects resources where the label key is not in the specified set of values (e.g., `env notin (production, staging)`).\n- `exists` : Selects resources where the label key exists (e.g., `env exists`).\n- `!exists` : Selects resources where the label key does not exist (e.g., `env !exists`)." Getlabels: method: get resourcePath: /label/{labelType}/{uid} - description: Get labels for a resource identified by its uid + description: "Get labels for a resource identified by its uid" Createorupdatelabel: method: put resourcePath: /label/{labelType}/{uid} - description: Create or update a label for a resource identified by its uid + description: "Create or update a label for a resource identified by its uid" Lookupimagelist: method: post resourcePath: /lookupImages - description: Lookup image list + description: "Lookup image list" Recommendvm: method: post resourcePath: /mciRecommendVm - description: Recommend MCI plan (filter and priority) Find details from https://github.com/cloud-barista/cb-tumblebug/discussions/1234 + description: "Recommend MCI plan (filter and priority) Find details from https://github.com/cloud-barista/cb-tumblebug/discussions/1234" Getallns: method: get resourcePath: /ns - description: List all namespaces or namespaces' ID + description: "List all namespaces or namespaces' ID" Postns: method: post resourcePath: /ns - description: Create namespace + description: "Create namespace" Delallns: method: delete resourcePath: /ns - description: Delete all namespaces + description: "Delete all namespaces" Forwardanyreqtoany: method: post resourcePath: /forward/{path} - description: Forward any (GET) request to CB-Spider + description: "Forward any (GET) request to CB-Spider" Checkhttpversion: method: get resourcePath: /httpVersion - description: Checks and logs the HTTP version of the incoming request to the - server console. + description: "Checks and logs the HTTP version of the incoming request to the server console." Postk8scluster: method: post resourcePath: /ns/{nsId}/k8sCluster - description: Create K8sCluster
Find details from https://github.com/cloud-barista/cb-tumblebug/discussions/1614 + description: "Create K8sCluster
Find details from https://github.com/cloud-barista/cb-tumblebug/discussions/1614" Deleteallk8scluster: method: delete resourcePath: /ns/{nsId}/k8sCluster - description: Delete all K8sClusters + description: "Delete all K8sClusters" Getallk8scluster: method: get resourcePath: /ns/{nsId}/k8sCluster - description: List all K8sClusters or K8sClusters' ID + description: "List all K8sClusters or K8sClusters' ID" Postk8snodegroupdynamic: method: post resourcePath: /ns/{nsId}/k8sCluster/{k8sClusterId}/k8sNodeGroupDynamic - description: Create K8sNodeGroup Dynamically from common spec and image + description: "Create K8sNodeGroup Dynamically from common spec and image" Getrequest: method: get resourcePath: /request/{reqId} - description: Get details of a specific request + description: "Get details of a specific request" Deleterequest: method: delete resourcePath: /request/{reqId} - description: Delete details of a specific request + description: "Delete details of a specific request" Getconnconfig: method: get resourcePath: /connConfig/{connConfigName} - description: Get registered ConnConfig info + description: "Get registered ConnConfig info" Getsystemlabelinfo: method: get resourcePath: /labelInfo - description: Return LabelTypes and system defined label keys with example + description: "Return LabelTypes and system defined label keys with example" Postmcnlb: method: post resourcePath: /ns/{nsId}/mci/{mciId}/mcSwNlb - description: Create a special purpose MCI for NLB and depoly and setting SW - NLB + description: "Create a special purpose MCI for NLB and depoly and setting SW NLB" Getmcipolicy: method: get resourcePath: /ns/{nsId}/policy/mci/{mciId} - description: Get MCI Policy + description: "Get MCI Policy" Postmcipolicy: method: post resourcePath: /ns/{nsId}/policy/mci/{mciId} - description: Create MCI Automation policy + description: "Create MCI Automation policy" Delmcipolicy: method: delete resourcePath: /ns/{nsId}/policy/mci/{mciId} - description: Delete MCI Policy + description: "Delete MCI Policy" Postutiltodesignvnet: method: post resourcePath: /util/vNet/design - description: Design VNet and subnets based on user-friendly properties + description: "Design VNet and subnets based on user-friendly properties" Registercspnativeresourcesall: method: post resourcePath: /registerCspResourcesAll - description: Register CSP Native Resources (vNet, securityGroup, sshKey, vm) - from all Clouds to CB-Tumblebug + description: "Register CSP Native Resources (vNet, securityGroup, sshKey, vm) from all Clouds to CB-Tumblebug" Delmci: method: delete resourcePath: /ns/{nsId}/mci/{mciId} - description: Delete MCI + description: "Delete MCI" Getmci: method: get resourcePath: /ns/{nsId}/mci/{mciId} - description: 'Get MCI object (option: status, accessInfo, vmId)' + description: "Get MCI object (option: status, accessInfo, vmId)" Getrequeststatusofsitetositevpn: method: get resourcePath: /ns/{nsId}/mci/{mciId}/vpn/{vpnId}/request/{requestId} - description: Check the status of a specific request by its ID + description: "Check the status of a specific request by its ID" Getreadyz: method: get resourcePath: /readyz - description: Check Tumblebug is ready + description: "Check Tumblebug is ready" Setbastionnodes: method: put resourcePath: /ns/{nsId}/mci/{mciId}/vm/{targetVmId}/bastion/{bastionVmId} - description: Set bastion nodes for a VM + description: "Set bastion nodes for a VM" Postmcidynamic: method: post resourcePath: /ns/{nsId}/mciDynamic - description: Create MCI Dynamically from common spec and image + description: "Create MCI Dynamically from common spec and image" Inspectresourcesoverview: method: get resourcePath: /inspectResourcesOverview - description: Inspect Resources Overview (vNet, securityGroup, sshKey, vm) registered - in CB-Tumblebug and CSP for all connections + description: "Inspect Resources Overview (vNet, securityGroup, sshKey, vm) registered in CB-Tumblebug and CSP for all connections" Getsecuritygroup: method: get resourcePath: /ns/{nsId}/resources/securityGroup/{securityGroupId} - description: Get Security Group + description: "Get Security Group" Delsecuritygroup: method: delete resourcePath: /ns/{nsId}/resources/securityGroup/{securityGroupId} - description: Delete Security Group + description: "Delete Security Group" Deletek8snodegroup: method: delete resourcePath: /ns/{nsId}/k8sCluster/{k8sClusterId}/k8sNodeGroup/{k8sNodeGroupName} - description: Remove a K8sNodeGroup + description: "Remove a K8sNodeGroup" Getsitesinmci: method: get resourcePath: /ns/{nsId}/mci/{mciId}/site - description: Get sites in MCI + description: "Get sites in MCI" Getalldatadisk: method: get resourcePath: /ns/{nsId}/resources/dataDisk - description: List all Data Disks or Data Disks' ID + description: "List all Data Disks or Data Disks' ID" Postdatadisk: method: post resourcePath: /ns/{nsId}/resources/dataDisk - description: Create Data Disk + description: "Create Data Disk" Delalldatadisk: method: delete resourcePath: /ns/{nsId}/resources/dataDisk - description: Delete all Data Disks + description: "Delete all Data Disks" Createsharedresource: method: post resourcePath: /ns/{nsId}/sharedResource - description: Create shared resources for MC-Infra + description: "Create shared resources for MC-Infra" + mc-web-console: Anycontroller: method: post @@ -2401,148 +1771,140 @@ serviceActions: method: post resourcePath: /api/auth/validate description: webValidate + mc-observability: Poststorage: method: post resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/storage - description: '' + description: "" Getstorages: method: get resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/storage - description: '' + description: "" Putstorage: method: put resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/storage - description: '' + description: "" Getminingdbtags": method: get resourcePath: /api/o11y/monitoring/miningdb/tag - description: '' + description: "" Gettargetanomalydetectionsettings: method: get resourcePath: /api/o11y/insight/anomaly-detection/settings/nsId/{nsId}/target/{targetId} - description: Fetch the current settings for a specific anomaly detection target. + description: "Fetch the current settings for a specific anomaly detection target." Postanomalydetection: method: post resourcePath: /api/o11y/insight/anomaly-detection/{settingSeq} - description: Request anomaly detection + description: "Request anomaly detection" Getpredictionoptions: method: get resourcePath: /api/o11y/insight/predictions/options - description: Fetch the available target types, metric types, and prediction - range options for the prediction API. + description: "Fetch the available target types, metric types, and prediction range options for the prediction API." Gettargetsnsmci: method: get resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target - description: '' + description: "" Putitem: method: put resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/item - description: '' + description: "" Postitem: method: post resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/item - description: '' + description: "" Getitems: method: get resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/item - description: '' + description: "" Gettriggeralertslackuseralllist: method: get resourcePath: /api/o11y/trigger/policy/{policySeq}/alert/slack - description: '' + description: "" Createtriggeralertslackuser: method: post resourcePath: /api/o11y/trigger/policy/{policySeq}/alert/slack - description: '' + description: "" Deletetriggeralertslackuser: method: delete resourcePath: /api/o11y/trigger/policy/{policySeq}/alert/slack/{seq} - description: '' + description: "" Getminingdbs: method: get resourcePath: /api/o11y/monitoring/miningdb - description: '' + description: "" Putminingdb: method: put resourcePath: /api/o11y/monitoring/miningdb - description: '' + description: "" Gettargets: method: get resourcePath: /api/o11y/monitoring/target - description: '' + description: "" Deletestorage: method: delete resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/storage/{storageSeq} - description: '' + description: "" Deleterequesttriggerpolicy: method: delete resourcePath: /api/o11y/trigger/policy/{policySeq} - description: '' + description: "" Updaterequesttriggerpolicy: method: patch resourcePath: /api/o11y/trigger/policy/{policySeq} - description: '' + description: "" Getreadyz: method: get resourcePath: /api/o11y/readyz - description: '' + description: "" Getplugins: method: get resourcePath: /api/o11y/monitoring/plugins - description: '' + description: "" Getopensearchlogs: method: post resourcePath: /api/o11y/monitoring/opensearch/logs - description: '' + description: "" Gettriggerpolicyalllist: method: get resourcePath: /api/o11y/trigger/policy - description: '' + description: "" Createrequesttriggerpolicy: method: post resourcePath: /api/o11y/trigger/policy - description: 'The values that require Base64 encoding: - - description, name, threshold - - ' + description: "The values that require Base64 encoding:\ndescription, name, threshold\n" Getallanomalydetectionsettings: method: get resourcePath: /api/o11y/insight/anomaly-detection/settings - description: Fetch the current settings for all anomaly detection targets. + description: "Fetch the current settings for all anomaly detection targets." Postanomalydetectionsettings: method: post resourcePath: /api/o11y/insight/anomaly-detection/settings - description: "Register a target for anomaly detection and automatically schedule\ - \ detection tasks. \n(measurememt : field) Relationships are as follows.\ - \ \ncpu : usage_idle \nmem : used_percent\n" + description: "Register a target for anomaly detection and automatically schedule detection tasks. \n(measurememt : field) Relationships are as follows. \ncpu : usage_idle \nmem : used_percent\n" Getnss: method: get resourcePath: /api/o11y/monitoring/ns - description: '' + description: "" Getinfluxdbmetrics: method: post resourcePath: /api/o11y/monitoring/influxdb/metric - description: '' + description: "" Putanomalydetectionsettings: method: put resourcePath: /api/o11y/insight/anomaly-detection/settings/{settingSeq} - description: Modify the settings for a specific anomaly detection target, including - the monitoring metric and interval. + description: "Modify the settings for a specific anomaly detection target, including the monitoring metric and interval." Deleteanomalydetectionsettings: method: delete resourcePath: /api/o11y/insight/anomaly-detection/settings/{settingSeq} - description: Remove a target from anomaly detection, stopping and removing any - scheduled tasks. + description: "Remove a target from anomaly detection, stopping and removing any scheduled tasks." Deleteitem: method: delete resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/item/{itemSeq} - description: '' + description: "" Getinfluxdbmeasurements: method: get resourcePath: /api/o11y/monitoring/influxdb/measurement - description: '' + description: "" Gettriggerhistoryalllist: method: get resourcePath: /api/o11y/trigger/policy/history @@ -2550,789 +1912,708 @@ serviceActions: Postprediction: method: post resourcePath: /api/o11y/insight/predictions/nsId/{nsId}/target/{targetId} - description: "Predict future metrics (cpu, mem, disk, system) for a given vm\ - \ or mci group.\n(measurememt : field) Relationships are as follows. \ncpu\ - \ : usage_idle \nmem : used_percent \ndisk : used_percent \nsystem : load1\n" + description: "Predict future metrics (cpu, mem, disk, system) for a given vm or mci group.\n(measurememt : field) Relationships are as follows. \ncpu : usage_idle \nmem : used_percent \ndisk : used_percent \nsystem : load1\n" Getpredictionhistory: method: get resourcePath: /api/o11y/insight/predictions/nsId/{nsId}/target/{targetId}/history - description: Get previously stored prediction data for a specific vm or mci - group. + description: "Get previously stored prediction data for a specific vm or mci group." Getinfluxdbtags: method: get resourcePath: /api/o11y/monitoring/influxdb/tag - description: '' + description: "" Getcsp: method: get resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId}/csp/{measurement} - description: '' + description: "" Puttriggertarget: method: put resourcePath: /api/o11y/trigger/policy/{policySeq}/target - description: '' + description: "" Deletetriggeralertemailuser: method: delete resourcePath: /api/o11y/trigger/policy/{policySeq}/alert/email/{seq} - description: '' + description: "" Getanomalydetectionoptions: method: get resourcePath: /api/o11y/insight/anomaly-detection/options - description: Fetch the available target types, metric types, and interval options - for the anomaly detection API. + description: "Fetch the available target types, metric types, and interval options for the anomaly detection API." Gettriggertargetalllist: method: get resourcePath: /api/o11y/trigger/policy/target - description: '' + description: "" Gettriggeralertemailuseralllist: method: get resourcePath: /api/o11y/trigger/policy/{policySeq}/alert/email - description: '' + description: "" Createtriggeralertemailuser: method: post resourcePath: /api/o11y/trigger/policy/{policySeq}/alert/email - description: '' + description: "" Getanomalydetectionhistory: method: get resourcePath: /api/o11y/insight/anomaly-detection/nsId/{nsId}/target/{targetId}/history - description: Fetch the results of anomaly detection for a specific target within - a given time range. + description: "Fetch the results of anomaly detection for a specific target within a given time range." Gettarget: method: get resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId} - description: '' + description: "" Puttarget: method: put resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId} - description: '' + description: "" Posttarget: method: post resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId} - description: '' + description: "" Deletetarget: method: delete resourcePath: /api/o11y/monitoring/{nsId}/{mciId}/target/{targetId} - description: '' + description: "" Getminingdbmetrics: method: post resourcePath: /api/o11y/monitoring/miningdb/metric - description: '' + description: "" Getminingdbmeasurements: method: get resourcePath: /api/o11y/monitoring/miningdb/measurement - description: '' + description: "" Getopensearches: method: get resourcePath: /api/o11y/monitoring/opensearch - description: '' + description: "" Getinfluxdbs: method: get resourcePath: /api/o11y/monitoring/influxdb - description: '' + description: "" + mc-application-manager: - checkConnectionUsingPOST: + GetCatalogDetailUsingGET: + method: get + resourcePath: /catalog/software/{catalogIdx} + description: "software catalog 내용 확인(연결된 정보들까지)" + DeleteCatalogUsingDELETE: + method: delete + resourcePath: /catalog/software/{catalogIdx} + description: "software catalog 삭제" + CheckConnectionUsingPOST: method: post resourcePath: /oss/connection-check - description: checkConnection - createCatalogRefUsingPOST: - method: post - resourcePath: /catalog/software/ref/{catalogIdx} - description: software catalog 관련정보 등록(webpage, workflow 등) - createCatalogUsingPOST: - method: post - resourcePath: /catalog/software/ - description: software catalog 등록 - createComponentByTextUsingPOST: + description: "" + CreateComponentByTextUsingPOST: method: post resourcePath: /oss/v1/components/{module}/create/{name}/text - description: createComponentByText - createComponentUsingPOST: - method: post - resourcePath: /oss/v1/components/{module}/create/{name} - description: createComponent - createManifestUsingPOST: - method: post - resourcePath: /manifest/ - description: createManifest - createRepositoryUsingPOST: - method: post - resourcePath: /oss/v1/repositories/{module}/create - description: createRepository - createRepositoryUsingPOST_1: - method: post - resourcePath: /repository/ - description: createRepository - deleteCatalogRefWorkflowUsingDELETE: - method: delete - resourcePath: /catalog/software/ref/{catalogIdx}/{catalogRefIdx} - description: deleteCatalogRefWorkflow - deleteCatalogUsingDELETE: - method: delete - resourcePath: /catalog/software/{catalogIdx} - description: software catalog 삭제 - deleteComponentUsingDELETE: - method: delete - resourcePath: /oss/v1/components/{module}/delete/{id} - description: deleteComponent - deleteOssTypeUsingDELETE: - method: delete - resourcePath: /ossType/{ossTypeIdx} - description: deleteOssType - deleteOssUsingDELETE: - method: delete - resourcePath: /oss/{ossIdx} - description: deleteOss - deleteRepositoryFileUsingDELETE: - method: delete - resourcePath: /repository/file/{filename} - description: deleteRepositoryFile - deleteRepositoryUsingDELETE: + description: "" + DeleteRepositoryUsingDELETE: method: delete resourcePath: /oss/v1/repositories/{module}/delete/{name} - description: deleteRepository - deleteRepositoryUsingDELETE_1: - method: delete - resourcePath: /repository/ - description: deleteRepository - detailOssTypeUsingGET: - method: get - resourcePath: /ossType/{ossTypeIdx} - description: detailOssType - detailOssUsingGET: - method: get - resourcePath: /oss/{ossIdx} - description: detailOss - errorHtmlUsingDELETE: - method: delete - resourcePath: /error - description: errorHtml - errorHtmlUsingGET: - method: get - resourcePath: /error - description: errorHtml - errorHtmlUsingHEAD: - method: head - resourcePath: /error - description: errorHtml - errorHtmlUsingOPTIONS: - method: options - resourcePath: /error - description: errorHtml - errorHtmlUsingPATCH: - method: patch - resourcePath: /error - description: errorHtml - errorHtmlUsingPOST: - method: post - resourcePath: /error - description: errorHtml - errorHtmlUsingPUT: + description: "" + UpdateRepositoryUsingPUT: method: put - resourcePath: /error - description: errorHtml - execWorkflowUsingPOST: - method: post - resourcePath: /catalog/software/ref/workflow - description: execWorkflow - generateConfigmapYamlUsingPOST: - method: post - resourcePath: /yaml/configmap - description: generateConfigmapYaml - generateDeploymentYamlUsingPOST: + resourcePath: /oss/v1/repositories/{module}/update + description: "" + GenerateDeploymentYamlUsingPOST: method: post resourcePath: /yaml/deployment - description: generateDeploymentYaml - generateHPAYamlUsingPOST: - method: post - resourcePath: /yaml/hpa - description: generateHPAYaml - generatePodYamlUsingPOST: + description: "" + GeneratePodYamlUsingPOST: method: post resourcePath: /yaml/pod - description: generatePodYaml - generateServiceYamlUsingPOST: - method: post - resourcePath: /yaml/service - description: generateServiceYaml - getArtifactHubListUsingGET: - method: get - resourcePath: /search/artifacthub/{keyword} - description: getArtifactHubList - getCatalogDetailUsingGET: - method: get - resourcePath: /catalog/software/{catalogIdx} - description: software catalog 내용 확인(연결된 정보들까지) - getCatalogListUsingGET: - method: get - resourcePath: /catalog/software/ - description: software catalog 리스트 불러오기 - getCatalogReferenceUsingGET: + description: "" + IsOssInfoDuplicatedUsingGET: method: get - resourcePath: /catalog/software/ref/{catalogIdx} - description: getCatalogReference - getComponentDetailByNameUsingGET: + resourcePath: /oss/duplicate + description: "" + CreateComponentUsingPOST: + method: post + resourcePath: /oss/v1/components/{module}/create/{name} + description: "" + GetRepositoryListUsingGET: method: get - resourcePath: /oss/v1/components/{module}/detail/{id} - description: getComponentDetailByName - getComponentListUsingGET: + resourcePath: /oss/v1/repositories/{module}/list + description: "" + DeleteOssTypeUsingDELETE: + method: delete + resourcePath: /ossType/{ossTypeIdx} + description: "" + UpdateOssTypeUsingPATCH: + method: patch + resourcePath: /ossType/{ossTypeIdx} + description: "" + DetailOssTypeUsingGET: method: get - resourcePath: /oss/v1/components/{module}/list/{name} - description: getComponentList - getDockerHubListUsingGET: + resourcePath: /ossType/{ossTypeIdx} + description: "" + GetRepositoryUsingGET: method: get - resourcePath: /search/dockerhub/{keyword} - description: getDockerHubList - getManifestDetailTxtUsingGET: + resourcePath: /repository/{repositoryName} + description: "" + InsertRepositoryUsingPOST: + method: post + resourcePath: /repository/{repositoryName} + description: "" + OpenapiJsonUsingGET: method: get - resourcePath: /manifest/{manifestIdx}/txt - description: getManifestDetailTxt - getManifestDetailUsingGET: + resourcePath: /v3/api-docs + description: "" + SaveManifestUsingGET: method: get - resourcePath: /manifest/{manifestIdx} - description: getManifestDetail - getManifestUsingGET: + resourcePath: /manifest/download/{manifestIdx} + description: "" + DeleteComponentUsingDELETE: + method: delete + resourcePath: /oss/v1/components/{module}/delete/{id} + description: "" + GenerateConfigmapYamlUsingPOST: + method: post + resourcePath: /yaml/configmap + description: "" + GetManifestUsingGET: method: get resourcePath: /manifest/ - description: getManifest - getOssListUsingGET: + description: "" + CreateManifestUsingPOST: + method: post + resourcePath: /manifest/ + description: "" + UpdateManifestUsingPUT: + method: put + resourcePath: /manifest/ + description: "" + GetManifestDetailUsingGET: method: get - resourcePath: /oss/list/{ossTypeName} - description: getOssList - getOssListUsingGET_1: + resourcePath: /manifest/{manifestIdx} + description: "" + UpdateManifestUsingDELETE: + method: delete + resourcePath: /manifest/{manifestIdx} + description: "" + GetOssListUsingGET_1: method: get resourcePath: /oss/list - description: getOssList - getOssTypeListUsingGET: - method: get - resourcePath: /ossType/list - description: getOssTypeList - getRepositoryDetailByNameUsingGET: + description: "" + GetRepositoryDetailByNameUsingGET: method: get resourcePath: /oss/v1/repositories/{module}/detail/{name} - description: getRepositoryDetailByName - getRepositoryFileUsingGET: - method: get - resourcePath: /repository/file/{filename} - description: getRepositoryFile - getRepositoryListUsingGET: - method: get - resourcePath: /oss/v1/repositories/{module}/list - description: getRepositoryList - getRepositoryListUsingGET_1: - method: get - resourcePath: /repository/ - description: getRepositoryList - getRepositoryUsingGET: - method: get - resourcePath: /repository/{repositoryName} - description: getRepository - insertRepositoryUsingPOST: + description: "" + RegistOssTypeUsingPOST: method: post - resourcePath: /repository/{repositoryName} - description: insertRepository - isOssInfoDuplicatedUsingGET: - method: get - resourcePath: /oss/duplicate - description: isOssInfoDuplicated - openapiJsonUsingGET: + resourcePath: /ossType + description: "" + GetRepositoryFileUsingGET: method: get - resourcePath: /v3/api-docs - description: openapiJson - openapiJsonUsingGET_1: + resourcePath: /repository/file/{filename} + description: "" + DeleteRepositoryFileUsingDELETE: + method: delete + resourcePath: /repository/file/{filename} + description: "" + OpenapiJsonUsingGET_1: method: get resourcePath: /v3/api-docs/swagger-config - description: openapiJson - openapiYamlUsingGET: - method: get - resourcePath: /v3/api-docs.yaml - description: openapiYaml - redirectToUiUsingGET: + description: "" + GetCatalogListUsingGET: method: get - resourcePath: /swagger-ui.html - description: redirectToUi - registOssTypeUsingPOST: - method: post - resourcePath: /ossType - description: registOssType - registOssUsingPOST: + resourcePath: /catalog/software/ + description: "software catalog 리스트 불러오기" + CreateCatalogUsingPOST: method: post - resourcePath: /oss - description: registOss - saveManifestUsingGET: - method: get - resourcePath: /manifest/download/{manifestIdx} - description: saveManifest - updateCatalogUsingPUT: + resourcePath: /catalog/software/ + description: "software catalog 등록" + UpdateCatalogUsingPUT: method: put resourcePath: /catalog/software/ - description: software catalog 수정 - updateManifestUsingDELETE: + description: "software catalog 수정" + DeleteCatalogRefWorkflowUsingDELETE: method: delete - resourcePath: /manifest/{manifestIdx} - description: updateManifest - updateManifestUsingPUT: - method: put - resourcePath: /manifest/ - description: updateManifest - updateOssTypeUsingPATCH: - method: patch - resourcePath: /ossType/{ossTypeIdx} - description: updateOssType - updateOssUsingPATCH: - method: patch - resourcePath: /oss/{ossIdx} - description: updateOss - updateRepositoryUsingPUT: - method: put - resourcePath: /oss/v1/repositories/{module}/update - description: updateRepository - updateRepositoryUsingPUT_1: - method: put - resourcePath: /repository/ - description: updateRepository - uploadFilesUsingPOST: - method: post - resourcePath: /repository/file/ - description: file upload - mc-workflow-manager: - checkConnectionUsingGET: + resourcePath: /catalog/software/ref/{catalogIdx}/{catalogRefIdx} + description: "" + GetComponentDetailByNameUsingGET: method: get - resourcePath: /readyz - description: checkConnection - checkConnectionUsingPOST: + resourcePath: /oss/v1/components/{module}/detail/{id} + description: "" + GenerateHPAYamlUsingPOST: method: post - resourcePath: /oss/connection-check - description: checkConnection - deleteEventListnerUsingDELETE: - method: delete - resourcePath: /eventlistener/{eventListenerIdx} - description: deleteEventListner - deleteOssTypeUsingDELETE: - method: delete - resourcePath: /ossType/{ossTypeIdx} - description: deleteOssType - deleteOssUsingDELETE: - method: delete - resourcePath: /oss/{ossIdx} - description: deleteOss - deleteWorkflowStageTypeUsingDELETE: - method: delete - resourcePath: /workflowStageType/{workflowStageTypeIdx} - description: deleteWorkflowStageType - deleteWorkflowStageUsingDELETE: - method: delete - resourcePath: /workflowStage/{workflowStageIdx} - description: deleteWorkflowStage - deleteWorkflowUsingDELETE: - method: delete - resourcePath: /workflow/{workflowIdx} - description: deleteWorkflow - detailEventListenerUsingGET: + resourcePath: /yaml/hpa + description: "" + ExecWorkflowUsingPOST: + method: post + resourcePath: /catalog/software/ref/workflow + description: "" + GetCatalogReferenceUsingGET: method: get - resourcePath: /eventlistener/{eventListenerIdx} - description: detailEventListener - detailOssTypeUsingGET: + resourcePath: /catalog/software/ref/{catalogIdx} + description: "" + CreateCatalogRefUsingPOST: + method: post + resourcePath: /catalog/software/ref/{catalogIdx} + description: "software catalog 관련정보 등록(webpage, workflow 등)" + GetManifestDetailTxtUsingGET: method: get - resourcePath: /ossType/{ossTypeIdx} - description: detailOssType - detailOssUsingGET: + resourcePath: /manifest/{manifestIdx}/txt + description: "" + DetailOssUsingGET: method: get resourcePath: /oss/{ossIdx} - description: detailOss - detailWorkflowStageTypeUsingGET: + description: "" + DeleteOssUsingDELETE: + method: delete + resourcePath: /oss/{ossIdx} + description: "" + UpdateOssUsingPATCH: + method: patch + resourcePath: /oss/{ossIdx} + description: "" + GetOssTypeListUsingGET: method: get - resourcePath: /workflowStageType/{workflowStageTypeIdx} - description: detailWorkflowStageType - detailWorkflowStageUsingGET: + resourcePath: /ossType/list + description: "" + GetDockerHubListUsingGET: method: get - resourcePath: /workflowStage/{workflowStageIdx} - description: detailWorkflowStage - errorUsingDELETE: - method: delete + resourcePath: /search/dockerhub/{keyword} + description: "" + GenerateServiceYamlUsingPOST: + method: post + resourcePath: /yaml/service + description: "" + ErrorHtmlUsingHEAD: + method: head resourcePath: /error - description: error - errorUsingGET: - method: get + description: "" + ErrorHtmlUsingPOST: + method: post resourcePath: /error - description: error - errorUsingHEAD: - method: head + description: "" + ErrorHtmlUsingPUT: + method: put resourcePath: /error - description: error - errorUsingOPTIONS: + description: "" + ErrorHtmlUsingDELETE: + method: delete + resourcePath: /error + description: "" + ErrorHtmlUsingOPTIONS: method: options resourcePath: /error - description: error - errorUsingPATCH: + description: "" + ErrorHtmlUsingPATCH: method: patch resourcePath: /error - description: error - errorUsingPOST: - method: post + description: "" + ErrorHtmlUsingGET: + method: get resourcePath: /error - description: error - errorUsingPUT: + description: "" + RegistOssUsingPOST: + method: post + resourcePath: /oss + description: "" + GetOssListUsingGET: + method: get + resourcePath: /oss/list/{ossTypeName} + description: "" + UploadFilesUsingPOST: + method: post + resourcePath: /repository/file/ + description: "file upload" + RedirectToUiUsingGET: + method: get + resourcePath: /swagger-ui.html + description: "" + OpenapiYamlUsingGET: + method: get + resourcePath: /v3/api-docs.yaml + description: "" + GetComponentListUsingGET: + method: get + resourcePath: /oss/v1/components/{module}/list/{name} + description: "" + CreateRepositoryUsingPOST: + method: post + resourcePath: /oss/v1/repositories/{module}/create + description: "" + CreateRepositoryUsingPOST_1: + method: post + resourcePath: /repository/ + description: "" + UpdateRepositoryUsingPUT_1: method: put - resourcePath: /error - description: error - getDefaultWorkflowStageUsingGET: + resourcePath: /repository/ + description: "" + DeleteRepositoryUsingDELETE_1: + method: delete + resourcePath: /repository/ + description: "" + GetRepositoryListUsingGET_1: method: get - resourcePath: /workflowStage/default/script/{workflowStageTypeName} - description: getDefaultWorkflowStage - getEventListenerListUsingGET: + resourcePath: /repository/ + description: "" + GetArtifactHubListUsingGET: method: get - resourcePath: /eventlistener/list - description: getEventListenerList - getOssListUsingGET: + resourcePath: /search/artifacthub/{keyword} + description: "" + + mc-workflow-manager: + IsWorkflowNameDuplicatedUsingGET: method: get - resourcePath: /oss/list/{ossTypeName} - description: getOssList - getOssListUsingGET_1: + resourcePath: /workflow/name/duplicate + description: "" + GetWorkflowParamListUsingGET: method: get - resourcePath: /oss/list - description: getOssList - getOssTypeFilteredListUsingGET: + resourcePath: /workflow/param/list + description: "" + RegistWorkflowStageUsingPOST: + method: post + resourcePath: /workflowStage + description: "" + DetailEventListenerUsingGET: method: get - resourcePath: /ossType/filter/list - description: getOssTypeFilteredList - getOssTypeListUsingGET: + resourcePath: /eventlistener/{eventListenerIdx} + description: "" + DeleteEventListnerUsingDELETE: + method: delete + resourcePath: /eventlistener/{eventListenerIdx} + description: "" + UpdateEventListnerUsingPATCH: + method: patch + resourcePath: /eventlistener/{eventListenerIdx} + description: "" + DetailOssTypeUsingGET: method: get - resourcePath: /ossType/list - description: getOssTypeList - getWorkflowDetailUsingGET: + resourcePath: /ossType/{ossTypeIdx} + description: "" + DeleteOssTypeUsingDELETE: + method: delete + resourcePath: /ossType/{ossTypeIdx} + description: "" + UpdateOssTypeUsingPATCH: + method: patch + resourcePath: /ossType/{ossTypeIdx} + description: "" + OpenapiYamlUsingGET: method: get - resourcePath: /eventlistener/workflowDetail/{workflowIdx}/{evnetListenerYn} - description: getWorkflowDetail - getWorkflowHistoryListUsingGET: + resourcePath: /v3/api-docs.yaml + description: "" + OpenapiJsonUsingGET_1: method: get - resourcePath: /workflow/history/{workflowIdx} - description: getWorkflowHistoryList - getWorkflowListUsingGET: + resourcePath: /v3/api-docs/swagger-config + description: "" + GetWorkflowHistoryListUsingGET: method: get - resourcePath: /eventlistener/workflowList/{eventListenerYn} - description: getWorkflowList - getWorkflowListUsingGET_1: + resourcePath: /workflow/history/{workflowIdx} + description: "" + DetailOssUsingGET: method: get - resourcePath: /workflow/list - description: getWorkflowList - getWorkflowLogUsingGET: + resourcePath: /oss/{ossIdx} + description: "" + DeleteOssUsingDELETE: + method: delete + resourcePath: /oss/{ossIdx} + description: "" + UpdateOssUsingPATCH: + method: patch + resourcePath: /oss/{ossIdx} + description: "" + RegistOssTypeUsingPOST: + method: post + resourcePath: /ossType + description: "" + OpenapiJsonUsingGET: method: get - resourcePath: /workflow/log/{workflowIdx} - description: getWorkflowLog - getWorkflowParamListUsingGET: + resourcePath: /v3/api-docs + description: "" + RunWorkflowGetUsingGET: method: get - resourcePath: /workflow/param/list - description: getWorkflowParamList - getWorkflowRunHistoryListUsingGET: + resourcePath: /workflow/run/{workflowIdx} + description: "" + DetailWorkflowStageUsingGET: method: get - resourcePath: /workflow/runHistory/{workflowIdx} - description: getWorkflowRunHistoryList - getWorkflowStageHistoryListUsingGET: + resourcePath: /workflowStage/{workflowStageIdx} + description: "" + DeleteWorkflowStageUsingDELETE: + method: delete + resourcePath: /workflowStage/{workflowStageIdx} + description: "" + UpdateWorkflowStageUsingPATCH: + method: patch + resourcePath: /workflowStage/{workflowStageIdx} + description: "" + GetEventListenerListUsingGET: method: get - resourcePath: /workflow/stageHistory/{workflowIdx} - description: getWorkflowStageHistoryList - getWorkflowStageListUsingGET: + resourcePath: /eventlistener/list + description: "" + RegistWorkflowUsingPOST: + method: post + resourcePath: /workflow + description: "" + GetWorkflowStageListUsingGET: method: get resourcePath: /workflow/workflowStageList - description: getWorkflowStageList - getWorkflowStageListUsingGET_1: + description: "" + GetWorkflowUsingGET: method: get - resourcePath: /workflowStage/list - description: getWorkflowStageList - getWorkflowStageListUsingGET_2: + resourcePath: /workflow/{workflowIdx} + description: "" + DeleteWorkflowUsingDELETE: + method: delete + resourcePath: /workflow/{workflowIdx} + description: "" + UpdateWorkflowUsingPATCH: + method: patch + resourcePath: /workflow/{workflowIdx} + description: "" + GetDefaultWorkflowStageUsingGET: method: get - resourcePath: /workflowStageType/list - description: getWorkflowStageList - getWorkflowTemplateUsingGET: + resourcePath: /workflowStage/default/script/{workflowStageTypeName} + description: "" + RegistEventListnerUsingPOST: + method: post + resourcePath: /eventlistener + description: "" + CheckConnectionUsingPOST: + method: post + resourcePath: /oss/connection-check + description: "" + GetWorkflowListUsingGET: + method: get + resourcePath: /workflow/list + description: "" + GetWorkflowTemplateUsingGET: method: get resourcePath: /workflow/template/{workflowName} - description: getWorkflowTemplate - getWorkflowUsingGET: + description: "" + RedirectToUiUsingGET: method: get - resourcePath: /workflow/{workflowIdx} - description: getWorkflow - isEventListenerDuplicatedUsingGET: + resourcePath: /swagger-ui.html + description: "" + RegistWorkflowStageUsingPOST_1: + method: post + resourcePath: /workflowStageType + description: "" + GetWorkflowStageListUsingGET_2: method: get - resourcePath: /eventlistener/duplicate - description: isEventListenerDuplicated - isOssInfoDuplicatedUsingGET: + resourcePath: /workflowStageType/list + description: "" + GetOssListUsingGET_1: method: get - resourcePath: /oss/duplicate - description: isOssInfoDuplicated - isWorkflowNameDuplicatedUsingGET: + resourcePath: /oss/list + description: "" + GetOssTypeListUsingGET: method: get - resourcePath: /workflow/name/duplicate - description: isWorkflowNameDuplicated - isWorkflowStageNameDuplicatedUsingGET: + resourcePath: /ossType/list + description: "" + IsWorkflowStageNameDuplicatedUsingGET: method: get resourcePath: /workflowStage/duplicate - description: isWorkflowStageNameDuplicated - openapiJsonUsingGET: + description: "" + DetailWorkflowStageTypeUsingGET: method: get - resourcePath: /v3/api-docs - description: openapiJson - openapiJsonUsingGET_1: - method: get - resourcePath: /v3/api-docs/swagger-config - description: openapiJson - openapiYamlUsingGET: + resourcePath: /workflowStageType/{workflowStageTypeIdx} + description: "" + DeleteWorkflowStageTypeUsingDELETE: + method: delete + resourcePath: /workflowStageType/{workflowStageTypeIdx} + description: "" + UpdateWorkflowStageTypeUsingPATCH: + method: patch + resourcePath: /workflowStageType/{workflowStageTypeIdx} + description: "" + GetWorkflowStageListUsingGET_1: method: get - resourcePath: /v3/api-docs.yaml - description: openapiYaml - redirectToUiUsingGET: + resourcePath: /workflowStage/list + description: "" + RunEventListenerUsingGET: method: get - resourcePath: /swagger-ui.html - description: redirectToUi - registEventListnerUsingPOST: - method: post - resourcePath: /eventlistener - description: registEventListner - registOssTypeUsingPOST: - method: post - resourcePath: /ossType - description: registOssType - registOssUsingPOST: + resourcePath: /eventlistener/run/{eventListenerIdx} + description: "" + RegistOssUsingPOST: method: post resourcePath: /oss - description: registOss - registWorkflowStageUsingPOST: - method: post - resourcePath: /workflowStage - description: registWorkflowStage - registWorkflowStageUsingPOST_1: - method: post - resourcePath: /workflowStageType - description: registWorkflowStage - registWorkflowUsingPOST: - method: post - resourcePath: /workflow - description: registWorkflow - runEventListenerUsingGET: + description: "" + IsOssInfoDuplicatedUsingGET: method: get - resourcePath: /eventlistener/run/{eventListenerIdx} - description: runEventListener - runWorkflowGetUsingGET: + resourcePath: /oss/duplicate + description: "" + GetOssListUsingGET: method: get - resourcePath: /workflow/run/{workflowIdx} - description: runWorkflowGet - runWorkflowPostUsingPOST: + resourcePath: /oss/list/{ossTypeName} + description: "" + RunWorkflowPostUsingPOST: method: post resourcePath: /workflow/run - description: runWorkflowPost - updateEventListnerUsingPATCH: - method: patch - resourcePath: /eventlistener/{eventListenerIdx} - description: updateEventListner - updateOssTypeUsingPATCH: - method: patch - resourcePath: /ossType/{ossTypeIdx} - description: updateOssType - updateOssUsingPATCH: - method: patch - resourcePath: /oss/{ossIdx} - description: updateOss - updateWorkflowStageTypeUsingPATCH: - method: patch - resourcePath: /workflowStageType/{workflowStageTypeIdx} - description: updateWorkflowStageType - updateWorkflowStageUsingPATCH: - method: patch - resourcePath: /workflowStage/{workflowStageIdx} - description: updateWorkflowStage - updateWorkflowUsingPATCH: - method: patch - resourcePath: /workflow/{workflowIdx} - description: updateWorkflow + description: "" + mc-cost-optimizer: - getAbrnormalRcmd: - method: post - resourcePath: /api/costopti/be/opti/abnormalRcmd - description: 최근 24시간동안 과금이 발생한 서비스들의 이상 비용 여부를 확인한다. - getAlarmHistory: - method: post - resourcePath: /api/costopti/be/alarm/history - description: 최근 7일간 발생한 최적화 알람을 조회한다. - getBillAsset: - method: post - resourcePath: /api/costopti/be/getBillAsset - description: 이번달 사용한 서비스(VM, DB 등) 단위의 비용을 확인합니다. - getBillingBaseInfo: + GetProjects: + method: get + resourcePath: /api/v2/getProjects + description: "워크스페이스에 속한 프로젝트 목록을 조회합니다." + GetUnusedRec: method: post - resourcePath: /api/costopti/be/invoice/getBillingBaseInfo - description: 이번달 CSP별 요약된 빌링 인보이스를 확인한다. - getCurMonthBill: + resourcePath: /api/v2/opti/unusedRec + description: "이번달 CSP별 요약된 빌링 인보이스를 확인한다." + GetSummary: method: post - resourcePath: /api/costopti/be/getCurMonthBill - description: 지난달 대비 이번달 비용을 확인합니다. - getInstOptiSizeRcmd: + resourcePath: /api/v2/invoice/getSummary + description: "CSP별 빌링 인보이스 비용을 날짜별로 확인한다." + GetInvoice: method: post - resourcePath: /api/costopti/be/opti/instOptiSizeRcmd - description: 사용중인 인스턴스의 추천 사이즈를 확인한다. - getInvoice: + resourcePath: /api/v2/invoice/getInvoice + description: "이번달 빌링 인보이스 내역을 확인한다." + GetBillingBaseInfo: method: post - resourcePath: /api/costopti/be/invoice/getInvoice - description: 이번달 빌링 인보이스 내역을 확인한다. - getProjects: - method: get - resourcePath: /api/costopti/be/getProjects - description: 워크스페이스에 속한 프로젝트 목록을 조회합니다. - getReadyz: - method: get - resourcePath: /api/costopti/be/readyz - description: 어플리케이션의 상태를 조회합니다. - getSummary: + resourcePath: /api/v2/invoice/getBillingBaseInfo + description: "이번달 CSP별 요약된 빌링 인보이스를 확인한다." + GetTop5Bill: method: post - resourcePath: /api/costopti/be/invoice/getSummary - description: CSP별 빌링 인보이스 비용을 월별로 확인한다. - getTop5Bill: + resourcePath: /api/v2/getTop5Bill + description: "이번달에 사용한 비용 상위 5개의 리소스와 비용을 확인합니다." + GetCurMonthBill: method: post - resourcePath: /api/costopti/be/getTop5Bill - description: 이번달에 사용한 비용 상위 5개의 리소스와 비용을 확인합니다. - getUnusedRcmd: + resourcePath: /api/v2/getCurMonthBill + description: "지난달 대비 이번달 비용을 확인합니다." + GetBillAsset: method: post - resourcePath: /api/costopti/be/opti/unusedRcmd - description: 최근 24시간동안 과금이 발생한 리소스에 대하여 미사용 자원을 추천한다. - getWorkspaces: + resourcePath: /api/v2/getBillAsset + description: "이번달 사용한 리소스의 unit과 비용을 확인합니다." + GetWorkspaces: method: get - resourcePath: /api/costopti/be/getWorkspaces - description: 워크스페이스 목록을 조회합니다. - updateTBBRscMeta: - method: get - resourcePath: /api/costopti/be/updateRscMeta - description: '' + resourcePath: /api/v2/getWorkspaces + description: "워크스페이스 목록을 조회합니다." + mc-data-manager: GenerateWindows: method: post resourcePath: /generate/windows - description: Generate test data on on-premise Windows. + description: "Generate test data on on-premise Windows." MigrationDynamodbFirestore: method: post resourcePath: /migration/dynamodb/firestore - description: Migrate data stored in AWS DynamoDB to Google Cloud Firestore. + description: "Migrate data stored in AWS DynamoDB to Google Cloud Firestore." MigrationLinuxNcp: method: post resourcePath: /migration/linux/ncp - description: Migrate data stored in a Linux-based system to NCP Object Storage. + description: "Migrate data stored in a Linux-based system to NCP Object Storage." MigrationNcpLinux: method: post resourcePath: /migration/ncp/linux - description: Migrate data stored in NCP Object Storage to a Linux-based system. + description: "Migrate data stored in NCP Object Storage to a Linux-based system." MigrationNcpWindows: method: post resourcePath: /migration/ncp/windows - description: Migrate data stored in NCP Object Storage to a Windows-based system. + description: "Migrate data stored in NCP Object Storage to a Windows-based system." MigrationGcpWindows: method: post resourcePath: /migration/gcp/windows - description: Migrate data stored in GCP Cloud Storage to a Windows-based system. + description: "Migrate data stored in GCP Cloud Storage to a Windows-based system." MigrationLinuxS3: method: post resourcePath: /migration/linux/s3 - description: Migrate data stored in a Linux-based system to AWS S3. + description: "Migrate data stored in a Linux-based system to AWS S3." MigrationNcpS3: method: post resourcePath: /migration/ncp/s3 - description: Migrate data stored in NCP Object Storage to AWS S3. + description: "Migrate data stored in NCP Object Storage to AWS S3." MigrationS3Windows: method: post resourcePath: /migration/s3/windows - description: Migrate data stored in AWS S3 to a Windows-based system. + description: "Migrate data stored in AWS S3 to a Windows-based system." GenerateDynamodb: method: post resourcePath: /generate/dynamodb - description: Generate test data on AWS DynamoDB. + description: "Generate test data on AWS DynamoDB." MigrationDynamodbMongodb: method: post resourcePath: /migration/dynamodb/mongodb - description: Migrate data stored in AWS DynamoDB to Naver Cloud MongoDB. + description: "Migrate data stored in AWS DynamoDB to Naver Cloud MongoDB." MigrationLinuxGcp: method: post resourcePath: /migration/linux/gcp - description: Migrate data stored in a Linux-based system to GCP Cloud Storage. + description: "Migrate data stored in a Linux-based system to GCP Cloud Storage." MigrationMysql: method: post resourcePath: /migration/mysql - description: Migrate data from one MySQL database to another MySQL database. + description: "Migrate data from one MySQL database to another MySQL database." MigrationWindowsS3: method: post resourcePath: /migration/windows/s3 - description: Migrate data stored in a Windows-based system to AWS S3. + description: "Migrate data stored in a Windows-based system to AWS S3." GenerateFirestore: method: post resourcePath: /generate/firestore - description: Generate test data on GCP Firestore. + description: "Generate test data on GCP Firestore." GenerateMongodb: method: post resourcePath: /generate/mongodb - description: Generate test data on NCP MongoDB. + description: "Generate test data on NCP MongoDB." MigrationFirestoreMongodb: method: post resourcePath: /migration/firestore/mongodb - description: Migrate data stored in Google Cloud Firestore to Naver Cloud MongoDB. + description: "Migrate data stored in Google Cloud Firestore to Naver Cloud MongoDB." MigrationS3Linux: method: post resourcePath: /migration/s3/linux - description: Migrate data stored in AWS S3 to a Linux-based system. + description: "Migrate data stored in AWS S3 to a Linux-based system." GenerateGcp: method: post resourcePath: /generate/gcp - description: Generate test data on GCP Cloud Storage. + description: "Generate test data on GCP Cloud Storage." GenerateMysql: method: post resourcePath: /generate/mysql - description: Generate test data on MySQL. + description: "Generate test data on MySQL." MigrationFirestoreDynamodb: method: post resourcePath: /migration/firestore/dynamodb - description: Migrate data stored in Google Cloud Firestore to AWS DynamoDB. + description: "Migrate data stored in Google Cloud Firestore to AWS DynamoDB." MigrationGcpNcp: method: post resourcePath: /migration/gcp/ncp - description: Migrate data stored in GCP Cloud Storage to NCP Object Storage. + description: "Migrate data stored in GCP Cloud Storage to NCP Object Storage." MigrationNcpGcp: method: post resourcePath: /migration/ncp/gcp - description: Migrate data stored in NCP Object Storage to GCP Cloud Storage. + description: "Migrate data stored in NCP Object Storage to GCP Cloud Storage." GenerateLinux: method: post resourcePath: /generate/linux - description: Generate test data on on-premise Linux. + description: "Generate test data on on-premise Linux." GenerateNcp: method: post resourcePath: /generate/ncp - description: Generate test data on NCP Object Storage. + description: "Generate test data on NCP Object Storage." MigrationGcpS3: method: post resourcePath: /migration/gcp/s3 - description: Migrate data stored in GCP Cloud Storage to AWS S3. + description: "Migrate data stored in GCP Cloud Storage to AWS S3." MigrationMongodbDynamodb: method: post resourcePath: /migration/mongodb/dynamodb - description: Migrate data stored in Naver Cloud MongoDB to AWS DynamoDB. + description: "Migrate data stored in Naver Cloud MongoDB to AWS DynamoDB." GenerateS3: method: post resourcePath: /generate/s3 - description: Generate test data on AWS S3. + description: "Generate test data on AWS S3." MigrationS3Gcp: method: post resourcePath: /migration/s3/gcp - description: Migrate data stored in AWS S3 to Google Cloud Storage. + description: "Migrate data stored in AWS S3 to Google Cloud Storage." MigrationS3Ncp: method: post resourcePath: /migration/s3/ncp - description: Migrate data stored in AWS S3 to Naver Cloud Object Storage. + description: "Migrate data stored in AWS S3 to Naver Cloud Object Storage." MigrationGcpLinux: method: post resourcePath: /migration/gcp/linux - description: Migrate data stored in GCP Cloud Storage to a Linux-based system. + description: "Migrate data stored in GCP Cloud Storage to a Linux-based system." MigrationMongodbFirestore: method: post resourcePath: /migration/mongodb/firestore - description: Migrate data stored in Naver Cloud MongoDB to Google Cloud Firestore. + description: "Migrate data stored in Naver Cloud MongoDB to Google Cloud Firestore." MigrationWindowsGcp: method: post resourcePath: /migration/windows/gcp - description: Migrate data stored in a Windows-based system to GCP Cloud Storage. + description: "Migrate data stored in a Windows-based system to GCP Cloud Storage." MigrationWindowsNcp: method: post resourcePath: /migration/windows/ncp - description: Migrate data stored in a Windows-based system to NCP Object Storage. + description: "Migrate data stored in a Windows-based system to NCP Object Storage." diff --git a/conf/mc-iam-manager/menu.yaml b/conf/mc-iam-manager/menu.yaml index ab161459..269d700e 100644 --- a/conf/mc-iam-manager/menu.yaml +++ b/conf/mc-iam-manager/menu.yaml @@ -56,6 +56,14 @@ menus: priority: 2 menunumber: 1240 + - id: menus + parentid: organizations + displayname: Menus + restype: menu + isaction: true + priority: 2 + menunumber: 1250 + - id: environment parentid: settings displayname: Environment @@ -76,7 +84,7 @@ menus: parentid: cloudsps displayname: Cloud Overview restype: menu - isaction: false + isaction: true priority: 2 menunumber: 1310 @@ -100,7 +108,7 @@ menus: parentid: cloudsps displayname: Cloud Drivers restype: menu - isaction: false + isaction: true priority: 2 menunumber: 1340 @@ -112,6 +120,14 @@ menus: priority: 2 menunumber: 1350 + - id: cspaccounts + parentid: cloudsps + displayname: CSP Accounts + restype: menu + isaction: false + priority: 2 + menunumber: 1360 + - id: cloudresources parentid: environment displayname: Cloud Resources @@ -120,7 +136,7 @@ menus: priority: 2 menunumber: 1405 - - id: specs + - id: serverspecs parentid: cloudresources displayname: Specs restype: menu @@ -128,7 +144,7 @@ menus: priority: 2 menunumber: 1410 - - id: images + - id: serverimages parentid: cloudresources displayname: Images restype: menu @@ -140,13 +156,13 @@ menus: parentid: cloudresources displayname: Networks restype: menu - isaction: false + isaction: true priority: 2 menunumber: 1510 - - id: securitys + - id: securitygroups parentid: cloudresources - displayname: Securitys + displayname: Security Groups restype: menu isaction: false priority: 2 @@ -176,6 +192,30 @@ menus: priority: 2 menunumber: 1550 + - id: csp + parentid: cloudresources + displayname: CSP Overview + restype: menu + isaction: true + priority: 2 + menunumber: 1580 + + - id: cspschedule + parentid: cloudresources + displayname: CSP Schedule + restype: menu + isaction: true + priority: 2 + menunumber: 1590 + + - id: resourcesync + parentid: cloudresources + displayname: Resource Sync + restype: menu + isaction: true + priority: 3 + menunumber: 1595 + - id: cloudrescatalogs parentid: environment displayname: Cloud Res Catalogs diff --git a/docker-compose.cert.yaml b/docker-compose.cert.yaml index 38d55404..6c793740 100644 --- a/docker-compose.cert.yaml +++ b/docker-compose.cert.yaml @@ -5,15 +5,19 @@ services: mcmp-certbot: image: certbot/certbot:latest container_name: mcmp-certbot - ports: - - "80:80" # Standalone 모드에서 80번 포트 사용 volumes: - # Certbot 설정 및 발급된 인증서 저장 (읽기/쓰기 권한 필요) - - ./dockercontainer-volume/certs:/etc/letsencrypt - environment: - DOMAIN_NAME: ${DOMAIN_NAME} - EMAIL: ${EMAIL} - entrypoint: ["certbot"] # Certbot 실행 명령을 엔트리포인트로 지정 - #command: ["certonly", "--standalone", "--email", "$EMAIL", "--agree-tos", "--no-eff-email", "-d", "$DOMAIN_NAME", "--non-interactive", "--staging"] # <-- 초기 발급 테스트 시 --staging 사용, 실제 발급 시 제거 - command: ["certonly", "--standalone", "--email", "$EMAIL", "--agree-tos", "--no-eff-email", "-d", "$DOMAIN_NAME", "--non-interactive"] # <-- 실제발급 - #command: ["certonly", "--standalone", "--email", "$EMAIL", "--agree-tos", "--no-eff-email", "-d", "$DOMAIN_NAME", "--non-interactive", "--force-renewal"] # <-- 강제 재발급 (필요시에만 사용) \ No newline at end of file + - ./container-volume/mc-iam-manager/certs:/etc/letsencrypt + - ./container-volume/certbot/www:/var/www/certbot + networks: + - mc-iam-manager-network + entrypoint: ["certbot"] + command: ["certonly", "--webroot", "--webroot-path", "/var/www/certbot", + "--email", "${MC_IAM_MANAGER_CERT_EMAIL}", + "--agree-tos", "--no-eff-email", + "-d", "${MC_IAM_MANAGER_PUBLIC_DOMAIN}", + "--non-interactive"] + +networks: + mc-iam-manager-network: + external: true + name: mc-iam-manager_mc-iam-manager-network \ No newline at end of file diff --git a/installAll.sh b/installAll.sh index 7351d6f0..7dceea54 100755 --- a/installAll.sh +++ b/installAll.sh @@ -319,14 +319,52 @@ case $IAM_MODE in echo "Generating Let's Encrypt certificate and configuring production environment..." echo "" - # Production mode: Generate certificate - echo "Step 1: Generating Let's Encrypt certificate..." - cd "$PROJECT_ROOT_ABS" || { echo "Error: Cannot return to project root." exit 1 } + # Step 1: Start nginx in HTTP-only mode so certbot can serve ACME challenge + echo "Step 1: Starting nginx (HTTP-only) for ACME challenge..." + _NGINX_CONF_DIR="$PROJECT_ROOT_ABS/container-volume/mc-iam-manager/nginx" + _NGINX_CONF="$_NGINX_CONF_DIR/nginx.conf" + _NGINX_CONF_SSL_BAK="$_NGINX_CONF_DIR/nginx.conf.ssl_bak" + _CERTBOT_WWW="$PROJECT_ROOT_ABS/container-volume/certbot/www" + mkdir -p "$_NGINX_CONF_DIR" "$_CERTBOT_WWW" + + # Write HTTP-only nginx.conf (no SSL, just ACME challenge) + _DOMAIN=$(grep -m1 "^MC_IAM_MANAGER_PUBLIC_DOMAIN=" "$PROJECT_ROOT_ABS/.env" | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs) + cat > "$_NGINX_CONF" </dev/null 2>&1; then + echo "✓ nginx is ready." + break + fi + sleep 2 + done + + # Step 2: Generate Let's Encrypt certificate via certbot webroot + echo "" + echo "Step 2: Generating Let's Encrypt certificate..." + docker compose -f "$PROJECT_ROOT_ABS/docker-compose.cert.yaml" --env-file "$PROJECT_ROOT_ABS/.env" up if [ $? -eq 0 ]; then echo "✓ Certificate generation completed." @@ -336,13 +374,14 @@ case $IAM_MODE in fi else echo "❌ Error occurred during certificate generation." + docker compose stop mc-iam-manager-nginx exit 1 fi echo "" - echo "Step 2: Configuring production mode..." + echo "Step 3: Configuring production mode (SSL nginx.conf)..." - # Execute production mode script + # Execute production mode script to generate SSL nginx.conf cd "$PROJECT_ROOT_ABS/conf/mc-iam-manager/" || { echo "Error: Cannot find mc-iam-manager directory." cd "$ORIGINAL_DIR" @@ -366,6 +405,11 @@ case $IAM_MODE in cd "$ORIGINAL_DIR" exit 1 fi + + # Reload nginx to pick up SSL config + cd "$PROJECT_ROOT_ABS" || { cd "$ORIGINAL_DIR"; exit 1; } + echo "Reloading nginx with SSL configuration..." + docker compose restart mc-iam-manager-nginx ;; esac From 2c0d33791ccee0bed2f3c7a92bdc048eaddd388d Mon Sep 17 00:00:00 2001 From: dogfootman Date: Sat, 23 May 2026 05:57:51 +0000 Subject: [PATCH 7/9] feat: add clearAll.sh for container stop and full reset --- clearAll.sh | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100755 clearAll.sh diff --git a/clearAll.sh b/clearAll.sh new file mode 100755 index 00000000..ed50c026 --- /dev/null +++ b/clearAll.sh @@ -0,0 +1,140 @@ +#!/bin/bash + +# MC-IAM-Manager Cleanup Script + +# ============================================================================= +# Usage Function +# ============================================================================= +usage() { + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " -f, --full Full cleanup: stop containers, remove volumes and all generated data" + echo " -h, --help Display this help message" + echo "" + echo "Without options (interactive):" + echo " 1. Stop only — docker compose down (containers/networks removed, data preserved)" + echo " 2. Full reset — docker compose down -v + remove container-volume/ and .env" + echo "" + echo "Examples:" + echo " $0 # Interactive mode" + echo " $0 --full # Non-interactive full reset" + exit 1 +} + +# ============================================================================= +# Parameter Parsing +# ============================================================================= +CLEAR_MODE="" + +while [[ $# -gt 0 ]]; do + case $1 in + -f|--full) + CLEAR_MODE="full" + shift + ;; + -h|--help) + usage + ;; + *) + echo "Unknown option: $1" + usage + ;; + esac +done + +# ============================================================================= +# Locate project root (script must be in project root) +# ============================================================================= +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT_ABS="$SCRIPT_DIR" + +cd "$PROJECT_ROOT_ABS" || { + echo "Error: Cannot change to project root: $PROJECT_ROOT_ABS" + exit 1 +} + +# ============================================================================= +# Mode Selection (interactive if not specified) +# ============================================================================= +if [ -z "$CLEAR_MODE" ]; then + echo "==========================================" + echo "MC-IAM-Manager Cleanup" + echo "==========================================" + echo "" + echo "Select cleanup level:" + echo "" + echo " 1. Stop only" + echo " - Stops and removes containers and networks" + echo " - Database data and certificates are preserved" + echo " - Re-run 'docker compose up -d' to restart" + echo "" + echo " 2. Full reset" + echo " - Stops and removes containers, networks, and named volumes" + echo " - Deletes container-volume/ (DB data, certs, nginx config)" + echo " - Deletes .env" + echo " - Re-run installAll.sh to set up again from scratch" + echo "" + echo "==========================================" + + while true; do + echo -n "Select cleanup level (1: Stop only, 2: Full reset): " + read -r choice + case $choice in + 1) CLEAR_MODE="stop"; break ;; + 2) CLEAR_MODE="full"; break ;; + *) echo "Invalid selection. Please enter 1 or 2." ;; + esac + done +fi + +# ============================================================================= +# Execute Cleanup +# ============================================================================= +case $CLEAR_MODE in + stop) + echo "" + echo "Stopping containers..." + docker compose down + echo "" + echo "✓ Containers stopped. Data in container-volume/ is preserved." + echo " To restart: docker compose up -d" + ;; + + full) + echo "" + echo "⚠️ Full reset will permanently delete:" + echo " - All named Docker volumes (database data)" + echo " - container-volume/ (nginx config, certificates, DB files)" + echo " - .env" + echo "" + echo -n "Are you sure? (yes/N): " + read -r confirm + if [ "$confirm" != "yes" ]; then + echo "Aborted." + exit 0 + fi + + echo "" + echo "Stopping containers and removing volumes..." + docker compose down -v + + echo "Removing generated data..." + if [ -d "$PROJECT_ROOT_ABS/container-volume" ]; then + if command -v sudo >/dev/null 2>&1; then + sudo rm -rf "$PROJECT_ROOT_ABS/container-volume" + else + rm -rf "$PROJECT_ROOT_ABS/container-volume" + fi + echo "✓ container-volume/ removed." + fi + + if [ -f "$PROJECT_ROOT_ABS/.env" ]; then + rm -f "$PROJECT_ROOT_ABS/.env" + echo "✓ .env removed." + fi + + echo "" + echo "✓ Full reset complete. Re-run './installAll.sh' to set up again." + ;; +esac From 89bfdd49f372f39f03e6c1d22ce75da032ae6ce6 Mon Sep 17 00:00:00 2001 From: dogfootman Date: Sat, 23 May 2026 05:58:38 +0000 Subject: [PATCH 8/9] docs: add clearAll.sh usage to DOCKER_README --- DOCKER_README.md | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/DOCKER_README.md b/DOCKER_README.md index a3fa989f..48653ba7 100644 --- a/DOCKER_README.md +++ b/DOCKER_README.md @@ -229,17 +229,30 @@ docker compose up mc-iam-manager-post-initial ## 유지보수 -### 서비스 중지 및 재시작 +### 서비스 중지 및 초기화 + +`clearAll.sh`는 컨테이너 중지부터 전체 초기화까지 처리합니다. + ```bash -# 정지 (볼륨 보존) -docker compose stop +# 인터랙티브 모드 (중지 / 전체 초기화 선택) +./clearAll.sh + +# 전체 초기화 (비인터랙티브) +./clearAll.sh --full +``` -# 재시작 -docker compose start +| 모드 | 동작 | +|------|------| +| Stop only (선택 1) | 컨테이너·네트워크 제거, DB 데이터·인증서 보존 | +| Full reset (선택 2 / `--full`) | 볼륨 삭제 + `container-volume/` 삭제 + `.env` 삭제 | -# 완전 삭제 (볼륨 포함) -docker compose down -v -sudo rm -rf container-volume +Full reset 이후에는 `./installAll.sh`로 처음부터 재설치합니다. + +#### 컨테이너 재시작 (데이터 보존) +```bash +# 중지 후 재기동 +./clearAll.sh # 선택 1: Stop only +docker compose up -d ``` ### 인증서 갱신 (prod 모드) From fe5a9cd2da37e771d5d0af6200d39062c25b9956 Mon Sep 17 00:00:00 2001 From: dogfootman Date: Sat, 23 May 2026 06:00:52 +0000 Subject: [PATCH 9/9] fix(clearAll): restore tracked .env to git defaults instead of deleting --- clearAll.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/clearAll.sh b/clearAll.sh index ed50c026..9170b65e 100755 --- a/clearAll.sh +++ b/clearAll.sh @@ -106,7 +106,7 @@ case $CLEAR_MODE in echo "⚠️ Full reset will permanently delete:" echo " - All named Docker volumes (database data)" echo " - container-volume/ (nginx config, certificates, DB files)" - echo " - .env" + echo " - .env (restored to repo defaults if tracked by git)" echo "" echo -n "Are you sure? (yes/N): " read -r confirm @@ -129,7 +129,11 @@ case $CLEAR_MODE in echo "✓ container-volume/ removed." fi - if [ -f "$PROJECT_ROOT_ABS/.env" ]; then + # Restore .env: if tracked by git, restore defaults; otherwise delete + if git -C "$PROJECT_ROOT_ABS" ls-files --error-unmatch .env >/dev/null 2>&1; then + git -C "$PROJECT_ROOT_ABS" checkout -- .env + echo "✓ .env restored to repo defaults." + elif [ -f "$PROJECT_ROOT_ABS/.env" ]; then rm -f "$PROJECT_ROOT_ABS/.env" echo "✓ .env removed." fi