diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml index 3e458666..a52ed15a 100644 --- a/.github/workflows/push_trigger.yml +++ b/.github/workflows/push_trigger.yml @@ -7,6 +7,7 @@ on: - release-* - master - develop + - 0.9.0 jobs: build: @@ -119,7 +120,7 @@ jobs: mvn -B package --file pom.xml -s $GITHUB_WORKSPACE/settings.xml - name: Publish the maven package run: | - mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.OSSRH_SNAPSHOT_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml + mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.RELEASE_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml env: GITHUB_TOKEN: ${{ secrets.RELEASE_token }} GPG_TTY: $(tty) diff --git a/.github/workflows/push_trigger_charts.yaml b/.github/workflows/push_trigger_charts.yaml index 8cf2ba3a..d8136d9a 100644 --- a/.github/workflows/push_trigger_charts.yaml +++ b/.github/workflows/push_trigger_charts.yaml @@ -5,6 +5,7 @@ on: branches: - 1.2.0.* - develop + - 0.9.0 paths: - 'charts/**' diff --git a/.github/workflows/release_chart.yml b/.github/workflows/release_chart.yml index 4c9e2158..98c63f92 100644 --- a/.github/workflows/release_chart.yml +++ b/.github/workflows/release_chart.yml @@ -19,6 +19,6 @@ jobs: with: token: ${{ secrets.ACTION_PAT }} charts_dir: ./helm - charts_url: https://github.com/mosip + charts_url: https://mosip.github.io/mosip-helm repository: mosip-helm branch: gh-pages diff --git a/.gitignore b/.gitignore index ec10b1b2..b607e6a5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,6 @@ mock-esignet-integration-impl/.idea/* mock-identity-system/target/* mock-esignet-integration-impl/target/* mock-identity-system/local.p12 +.idea +helm/*/charts +helm/*/Chart.lock diff --git a/README.md b/README.md index 0f4f6bfb..f00b84a2 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,57 @@ # esignet-mock-services Repository contains mock implementation of auth for e-signet + +## Installing in k8s cluster using helm +### Pre-requisites +1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC. +1. Make sure [DB setup](db_scripts/README.md#install-in-existing-mosip-k8-cluster) is done. +1. Add / merge below mentioned properties files into existing config branch: + * [mock-identity-system-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/mock-identity-system-default.properties) + * [application-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/application-default.properties) +1. Add below properties in [esignet-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/esignet-default.properties) incase using MockAuth for esignet. + ``` + mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration + mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl + mosip.esignet.integration.authenticator=MockAuthenticationService + mosip.esignet.integration.key-binder=MockKeyBindingWrapperService + mosip.esignet.integration.audit-plugin=LoggerAuditService + mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService + ``` +1. Below are the dependent services required for compliance toolkit service: + | Chart | Chart version | + |---|---| + |[Keycloak](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 7.1.18 | + |[Keycloak-init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 12.0.1-B3 | + |[Postgres](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 10.16.2 | + |[Postgres Init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 12.0.1-B3 | + |[Config-server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/config-server) | 12.0.1-B3 | + |[Artifactory server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/artifactory) | 12.0.1-B3 | + |[esignet-softhsm](https://github.com/mosip/esignet/blob/v1.0.0/helm/install-all.sh) | 12.0.1-B2 | + |[redis](https://github.com/mosip/esignet/blob/v1.0.0/helm/redis)| 17.3.14 | + |[esignet](https://github.com/mosip/esignet/tree/v1.0.0/helm/esignet) | 1.0.0 | + |[oidc-ui](https://github.com/mosip/esignet/blob/v1.0.0/helm/oidc-ui) | 1.0.0 | + +### Install +* Install `kubectl` and `helm` utilities. +* Run `install-all.sh` to deploy esignet services. + ``` + cd helm + ./install-all.sh + ``` + +### Delete +* Run `delete-all.sh` to remove esignet services. + ``` + cd helm + ./delete-all.sh + ``` + +### Restart +* Run `restart-all.sh` to restart esignet services. + ``` + cd helm + ./restart.sh + ``` + +## Onboard esignet mock and relying party services +* Run onboarder's [install.sh](partner-onboarder) script to exchange jwk certificates. diff --git a/db_scripts/README.md b/db_scripts/README.md index 567dfea5..02966181 100644 --- a/db_scripts/README.md +++ b/db_scripts/README.md @@ -1,2 +1,30 @@ # esignet-mock-services Mock implementation of auth for e-signet + +## Overview +This folder containers various SQL scripts to create database and tables in postgres. +The tables are described under `/ddl/`. +Default data that's populated in the tables is present under `/dml` folder. + +## Prerequisites +* Make sure that the esignet database has been initialized and its associated service is currently running. +* Command line utilities: + - kubectl + - helm +* Helm repos: + ```sh + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add mosip https://mosip.github.io/mosip-helm + ``` + +## Install in existing MOSIP K8 Cluster +These scripts are automatically run with below mentioned script in existing k8 cluster with Postgres installed. +### Install +* Set your kube_config file or kube_config variable on PC. +* Update `init_values.yaml` with db-common-password from the postgres namespace in the required field `dbUserPasswords.dbuserPassword` and ensure `databases.mosip_mockidentitysystem` is enabled. + ``` + ./init_db.sh` + ``` + +## Install for developers +Developers may run the SQLs using `/deploy.sh` script. diff --git a/db_scripts/init_db.sh b/db_scripts/init_db.sh new file mode 100755 index 00000000..e2d81a60 --- /dev/null +++ b/db_scripts/init_db.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# Script to initialize mockidentitysystem DB. +## Usage: ./init_db.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=12.0.1-B3 + +helm repo add mosip https://mosip.github.io/mosip-helm +helm repo update + +while true; do + read -p "CAUTION: Do we already have Postgres installed? Also make sure the mockidentitysystem DB is backed up as the same will be overriden. Do you still want to continue?" yn + if [ $yn = "Y" ] + then + kubectl create ns $NS + DB_USER_PASSWORD=$( kubectl -n postgres get secrets db-common-secrets -o jsonpath={.data.db-dbuser-password} | base64 -d ) + + echo Removing existing mosip_mockidentitysystem DB installation + helm -n $NS delete postgres-init-mockidentitysystem + kubectl -n $NS delete --ignore-not-found=true secret db-common-secrets + + echo Copy Postgres secrets + ../helm/copy_cm_func.sh secret postgres-postgresql postgres $NS + + echo Initializing DB + helm -n $NS install postgres-init-mockidentitysystem mosip/postgres-init -f init_values.yaml \ + --version $CHART_VERSION \ + --set dbUserPasswords.dbuserPassword="$DB_USER_PASSWORD" \ + --wait --wait-for-jobs + break + else + break + fi +done \ No newline at end of file diff --git a/db_scripts/init_values.yaml b/db_scripts/init_values.yaml new file mode 100644 index 00000000..3b28a62c --- /dev/null +++ b/db_scripts/init_values.yaml @@ -0,0 +1,68 @@ +#dbUserPasswords: +# dbuserPassword: "" + +databases: + mosip_toolkit: + enabled: false + + mosip_master: + enabled: false + + mosip_audit: + enabled: false + + mosip_keymgr: + enabled: false + + mosip_kernel: + enabled: false + + mosip_idmap: + enabled: false + + mosip_prereg: + enabled: false + + mosip_idrepo: + enabled: false + + mosip_ida: + enabled: false + + mosip_credential: + enabled: false + + mosip_regprc: + enabled: false + + mosip_regdevice: + enabled: false + + mosip_authdevice: + enabled: false + + mosip_pms: + enabled: false + + mosip_hotlist: + enabled: false + + mosip_resident: + enabled: false + + mosip_digitalcard: + enabled: false + + mosip_esignet: + enabled: false + + mosip_mockidentitysystem: + enabled: true + host: "postgres-postgresql.postgres" + port: 5432 + su: + user: postgres + secret: + name: postgres-postgresql + key: postgresql-password + dml: 1 diff --git a/helm/delete.sh b/helm/delete-all.sh similarity index 91% rename from helm/delete.sh rename to helm/delete-all.sh index f7706ec3..258d21d8 100755 --- a/helm/delete.sh +++ b/helm/delete-all.sh @@ -13,7 +13,7 @@ while true; do then helm -n $NS delete mock-relying-party-service helm -n $NS delete mock-relying-party-ui - helm -n $NS delete mock-identity-system + helm -n $NS delete mock-identity-system break else break diff --git a/helm/install-all.sh b/helm/install-all.sh new file mode 100755 index 00000000..be719f00 --- /dev/null +++ b/helm/install-all.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Installs all esignet mock service helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +ROOT_DIR=`pwd` +NS=softhsm +SOFTHSM_CHART_VERSION=12.0.1-B2 + +echo Istio label +kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite +helm repo add mosip https://mosip.github.io/mosip-helm +helm repo update + +echo Installing Softhsm for mock-identity-system +helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait +echo Installed Softhsm for mock-identity-system + +./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server + +kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_ + +#kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status + +declare -a module=("mock-identity-system" + "mock-relying-party-service" + "mock-relying-party-ui" + ) + +echo Installing esignet mock services + +for i in "${module[@]}" +do + cd $ROOT_DIR/"$i" + ./install.sh +done + +echo All esignet mock services deployed sucessfully. diff --git a/helm/install.sh b/helm/install.sh deleted file mode 100755 index f83717fc..00000000 --- a/helm/install.sh +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/sh -# Installs all esignet mock service helm charts -## Usage: ./install.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -NS=softhsm -CHART_VERSION=12.0.1-B2 -echo Installing Softhsm for mock-identity-system -helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $CHART_VERSION --wait -echo Installed Softhsm for mock-identity-system - -./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server - -kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM - -kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status - -read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY - -if [ -z "$CLIENT_PRIVATE_KEY" ]; then - echo "Client Private key file not provided; EXITING;"; - exit 0; -fi -if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then - echo "Client Private key not found; EXITING;"; - exit 0; -fi - -read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY - -if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then - echo "Client jwe userinfo Private key file not provided; EXITING;"; - exit 0; -fi -if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then - echo "Client jwe userinfo Private key not found; EXITING;"; - exit 0; -fi - -read -p "Please provide mock relying party ui domain (eg: healthservices.sandbox.xyz.net ) : " MOCK_UI_HOST - -if [ -z "$MOCK_UI_HOST" ]; then - echo "Mock relying party UI Host not provided; EXITING;" - exit 0; -fi - -CHK_MOCK_UI_HOST=$( nslookup "$MOCK_UI_HOST" ) -if [ $? -gt 0 ]; then - echo "Mock relying party UI Host does not exists; EXITING;" - exit 0; -fi - -NS=esignet -CHART_VERSION=0.0.1 - -echo Create $NS namespace -kubectl create ns $NS - -echo Istio label -kubectl label ns $NS istio-injection=enabled --overwrite - -echo "Build esignet mock service charts" -cd mock-relying-party-service -helm dependency update -cd ../mock-relying-party-ui -helm dependency update -cd ../mock-identity-system -helm dependency update - -cd ../ - -echo "Copy configmaps" -./copy_cm.sh - -echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists" -cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key -cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key - - -kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets -kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets -kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key" -kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key" - -API_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-api-host}) -ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host}) - -echo Installing Mock Relying Party Service -helm -n $NS install mock-relying-party-service ./mock-relying-party-service \ - --set mock_relying_party_service.ESIGNET_SERVICE_URL="https://$API_HOST"/v1/esignet"" \ - --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST"/v1/esignet/oauth/token"" - -echo Installing Mock Relying Party UI -helm -n $NS install mock-relying-party-ui ./mock-relying-party-ui \ - --set mock_relying_party_ui.mock_relying_party_ui_service_host="$MOCK_UI_HOST" \ - --set mock_relying_party_ui.ESIGNET_UI_BASE_URL="https://$ESIGNET_HOST" \ - --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \ - --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \ - --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \ - --set istio.hosts\[0\]="$MOCK_UI_HOST" - -echo Installing mock-identity-system -helm -n $NS install mock-identity-system ./mock-identity-system --version $CHART_VERSION - -kubectl -n $NS get deploy mock-relying-party-ui mock-relying-party-service mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status - -echo "Installed Mock Relying Party Service, Mock Relying Party UI & Mock Identity System" diff --git a/helm/mock-identity-system/Chart.yaml b/helm/mock-identity-system/Chart.yaml index 6c37268d..a170e20d 100644 --- a/helm/mock-identity-system/Chart.yaml +++ b/helm/mock-identity-system/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mock-identity-system description: A Helm chart for MOSIP mock-identity-system module type: application -version: 0.0.1 +version: 0.9.0 appVersion: "" dependencies: - name: common diff --git a/helm/mock-identity-system/copy_cm.sh b/helm/mock-identity-system/copy_cm.sh old mode 100644 new mode 100755 index c9a16fa9..cb7e1651 --- a/helm/mock-identity-system/copy_cm.sh +++ b/helm/mock-identity-system/copy_cm.sh @@ -1,11 +1,11 @@ #!/bin/sh # Copy configmaps from other namespaces -# DST_NS: Destination namespace +# DST_NS: Destination namespace COPY_UTIL=../copy_cm_func.sh -DST_NS=mock-identity-system +DST_NS=esignet -$COPY_UTIL configmap global default $DST_NS -$COPY_UTIL configmap artifactory-share artifactory $DST_NS +$COPY_UTIL configmap global default $DST_NS +$COPY_UTIL configmap artifactory-share artifactory $DST_NS $COPY_UTIL configmap config-server-share config-server $DST_NS $COPY_UTIL configmap softhsm-mock-identity-system-share softhsm $DST_NS diff --git a/helm/mock-identity-system/delete.sh b/helm/mock-identity-system/delete.sh new file mode 100755 index 00000000..0c25a7e7 --- /dev/null +++ b/helm/mock-identity-system/delete.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi +NS=esignet +while true; do + read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn + if [ $yn = "Y" ] + then + helm -n $NS delete mock-identity-system + break + else + break + fi +done diff --git a/helm/mock-identity-system/install.sh b/helm/mock-identity-system/install.sh new file mode 100755 index 00000000..b86778d7 --- /dev/null +++ b/helm/mock-identity-system/install.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=0.9.0 + +echo Create $NS namespace +kubectl create ns $NS + +echo "Copy configmaps" +./copy_cm.sh + +echo Istio label +kubectl label ns $NS istio-injection=enabled --overwrite + +echo Installing mock-identity-system +helm -n $NS install mock-identity-system mosip/mock-identity-system --version $CHART_VERSION + +kubectl -n $NS get deploy mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Installed mock-identity-system service diff --git a/helm/mock-identity-system/restart.sh b/helm/mock-identity-system/restart.sh new file mode 100755 index 00000000..5afc516e --- /dev/null +++ b/helm/mock-identity-system/restart.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +kubectl -n $NS rollout restart deploy mock-identity-system + +kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Retarted mock-identity-system services diff --git a/helm/mock-identity-system/values.yaml b/helm/mock-identity-system/values.yaml index 9f716b1a..90fd331d 100644 --- a/helm/mock-identity-system/values.yaml +++ b/helm/mock-identity-system/values.yaml @@ -52,8 +52,8 @@ service: image: registry: docker.io - repository: mosipdev/mock-identity-system - tag: develop + repository: mosipqa/mock-identity-system + tag: 0.9.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -248,6 +248,7 @@ extraEnvVarsCM: - global - config-server-share - artifactory-share + - softhsm-mock-identity-system-share ## Secret with extra environment variables ## diff --git a/helm/mock-relying-party-service/Chart.lock b/helm/mock-relying-party-service/Chart.lock deleted file mode 100644 index ba7e7a4e..00000000 --- a/helm/mock-relying-party-service/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.17.1 -digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690 -generated: "2022-11-16T14:22:53.378615881+05:30" diff --git a/helm/mock-relying-party-service/Chart.yaml b/helm/mock-relying-party-service/Chart.yaml index 449983a5..98d3a7fa 100644 --- a/helm/mock-relying-party-service/Chart.yaml +++ b/helm/mock-relying-party-service/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mock-relying-party-service description: A Helm chart to file server application. type: application -version: 0.0.1 +version: 0.9.0 appVersion: "" dependencies: - name: common diff --git a/helm/copy_cm.sh b/helm/mock-relying-party-service/copy_cm.sh similarity index 92% rename from helm/copy_cm.sh rename to helm/mock-relying-party-service/copy_cm.sh index af4c31fc..cea78d46 100755 --- a/helm/copy_cm.sh +++ b/helm/mock-relying-party-service/copy_cm.sh @@ -2,10 +2,9 @@ # Copy configmaps from other namespaces # DST_NS: Destination namespace -COPY_UTIL=./copy_cm_func.sh +COPY_UTIL=../copy_cm_func.sh DST_NS=esignet - $COPY_UTIL configmap global default $DST_NS $COPY_UTIL configmap config-server-share config-server $DST_NS $COPY_UTIL configmap artifactory-share artifactory $DST_NS diff --git a/helm/mock-relying-party-service/delete.sh b/helm/mock-relying-party-service/delete.sh new file mode 100755 index 00000000..744ad424 --- /dev/null +++ b/helm/mock-relying-party-service/delete.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi +NS=esignet +while true; do + read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn + if [ $yn = "Y" ] + then + helm -n $NS delete mock-relying-party-service + break + else + break + fi +done diff --git a/helm/mock-relying-party-service/install.sh b/helm/mock-relying-party-service/install.sh new file mode 100755 index 00000000..f90dbd4c --- /dev/null +++ b/helm/mock-relying-party-service/install.sh @@ -0,0 +1,65 @@ +#!/bin/sh +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=0.9.0 + +echo Create $NS namespace +kubectl create ns $NS + +echo Istio label +kubectl label ns $NS istio-injection=enabled --overwrite + +echo "Copy configmaps" +./copy_cm.sh + +read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY + +if [ -z "$CLIENT_PRIVATE_KEY" ]; then + echo "Client Private key file not provided; EXITING;"; + exit 0; +fi +if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then + echo "Client Private key not found; EXITING;"; + exit 0; +fi + +read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY + +if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then + echo "Client jwe userinfo Private key file not provided; EXITING;"; + exit 0; +fi +if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then + echo "Client jwe userinfo Private key not found; EXITING;"; + exit 0; +fi + +echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists" +cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key +cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key + +kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets +kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets +kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key" +kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key" + +API_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-api-host}) +DEFAULT_ESIGNET_SERVICE_URL='http://esignet.esignet/v1/esignet' +read -p "Please provide Esignet service url : ( default: http://esignet.esignet/v1/esignet )" USER_PROVIDED_ESIGNET_SERVICE_URL +ESIGNET_SERVICE_URL=${USER_PROVIDED_ESIGNET_SERVICE_URL:-$DEFAULT_ESIGNET_SERVICE_URL} + +echo Installing Mock Relying Party Service +helm -n $NS install mock-relying-party-service mosip/mock-relying-party-service \ + --set mock_relying_party_service.ESIGNET_SERVICE_URL="$ESIGNET_SERVICE_URL" \ + --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST/v1/esignet/oauth/token" \ + --version $CHART_VERSION + +kubectl -n $NS get deploy mock-relying-party-service -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Installed mock-relying-party-service service diff --git a/helm/mock-relying-party-service/restart.sh b/helm/mock-relying-party-service/restart.sh new file mode 100755 index 00000000..60898df3 --- /dev/null +++ b/helm/mock-relying-party-service/restart.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +kubectl -n $NS rollout restart deploy mock-relying-party-service + +kubectl -n $NS get mock-relying-party-service deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Retarted mock-identity-system services diff --git a/helm/mock-relying-party-service/values.yaml b/helm/mock-relying-party-service/values.yaml index 3bcaa27d..3728c06b 100644 --- a/helm/mock-relying-party-service/values.yaml +++ b/helm/mock-relying-party-service/values.yaml @@ -51,8 +51,8 @@ service: image: registry: docker.io - repository: mosipdev/mock-relying-party-service - tag: develop + repository: mosipqa/mock-relying-party-service + tag: 0.9.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -71,7 +71,7 @@ mock_relying_party_service: mock_relying_party_serviceMountDIr: /home/mosip/oidc/ puburl: privurl: - ESIGNET_SERVICE_URL: https://api.sandbox.xyz.net/v1/esignet + ESIGNET_SERVICE_URL: http://esignet.namespace/v1/esignet ESIGNET_AUD_URL: https://api.sandbox.xyz.net/v1/esignet/oauth/token USERINFO_RESPONSE_TYPE: jwt ## Port on which this particular spring service module is running. diff --git a/helm/mock-relying-party-ui/Chart.lock b/helm/mock-relying-party-ui/Chart.lock deleted file mode 100644 index 550b6cd7..00000000 --- a/helm/mock-relying-party-ui/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.17.1 -digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690 -generated: "2022-11-16T13:53:14.40504912+05:30" diff --git a/helm/mock-relying-party-ui/Chart.yaml b/helm/mock-relying-party-ui/Chart.yaml index 5e298311..28d3e5da 100644 --- a/helm/mock-relying-party-ui/Chart.yaml +++ b/helm/mock-relying-party-ui/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mock-relying-party-ui description: A Helm chart for MOSIP OIDC UI module type: application -version: 12.0.2 +version: 0.9.0 appVersion: "" dependencies: - name: common diff --git a/helm/mock-relying-party-ui/delete.sh b/helm/mock-relying-party-ui/delete.sh new file mode 100755 index 00000000..7f7b9415 --- /dev/null +++ b/helm/mock-relying-party-ui/delete.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi +NS=esignet +while true; do + read -p "Are you sure you want to delete all mock-relying-party-ui helm charts?(Y/n) " yn + if [ $yn = "Y" ] + then + helm -n $NS delete mock-relying-party-ui + break + else + break + fi +done diff --git a/helm/mock-relying-party-ui/install.sh b/helm/mock-relying-party-ui/install.sh new file mode 100755 index 00000000..7ea8a39b --- /dev/null +++ b/helm/mock-relying-party-ui/install.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=0.9.0 + +read -p "Please provide mock relying party ui domain (eg: healthservices.sandbox.xyz.net ) : " MOCK_UI_HOST + +if [ -z "$MOCK_UI_HOST" ]; then + echo "Mock relying party UI Host not provided; EXITING;" + exit 0; +fi + +CHK_MOCK_UI_HOST=$( nslookup "$MOCK_UI_HOST" ) +if [ $? -gt 0 ]; then + echo "Mock relying party UI Host does not exists; EXITING;" + exit 0; +fi + +echo Create $NS namespace +kubectl create ns $NS + +echo Istio label +kubectl label ns $NS istio-injection=enabled --overwrite + +ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host}) + +echo Installing Mock Relying Party UI +helm -n $NS install mock-relying-party-ui mosip/mock-relying-party-ui \ + --set mock_relying_party_ui.mock_relying_party_ui_service_host="$MOCK_UI_HOST" \ + --set mock_relying_party_ui.ESIGNET_UI_BASE_URL="https://$ESIGNET_HOST" \ + --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \ + --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \ + --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \ + --set istio.hosts\[0\]="$MOCK_UI_HOST" \ + --version $CHART_VERSION + +kubectl -n $NS get deploy mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Installed mock-relying-party-service service diff --git a/helm/mock-relying-party-ui/restart.sh b/helm/mock-relying-party-ui/restart.sh new file mode 100755 index 00000000..637fa666 --- /dev/null +++ b/helm/mock-relying-party-ui/restart.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +kubectl -n $NS rollout restart deploy mock-relying-party-ui + +kubectl -n $NS get mock-relying-party-ui deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Retarted mock-relying-party-ui services diff --git a/helm/mock-relying-party-ui/values.yaml b/helm/mock-relying-party-ui/values.yaml index 228f61e9..ccdfab0c 100644 --- a/helm/mock-relying-party-ui/values.yaml +++ b/helm/mock-relying-party-ui/values.yaml @@ -51,8 +51,8 @@ service: image: registry: docker.io - repository: mosipdev/mock-relying-party-ui - tag: develop + repository: mosipqa/mock-relying-party-ui + tag: 0.9.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -422,7 +422,7 @@ mock_relying_party_ui: MOCK_RELYING_PARTY_SERVER_URL: https://healthservices.sandbox.xyz.net/mock-relying-party-service REDIRECT_URI: https://healthservices.sandbox.xyz.net/userprofile CLIENT_ID: 88Vjt34c5Twz1oJ - ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:static-code + ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:linked-wallet MOCK_RELYING_PARTY_SERVICE_INTERNAL_URL: http://mock-relying-party-service.esignet REDIRECT_URI_REGISTRATION: https://healthservices.sandbox.xyz.net/registration ## oidc UI swagger should have only internal access. Hence linked to internal gateway diff --git a/helm/restart.sh b/helm/restart-all.sh similarity index 100% rename from helm/restart.sh rename to helm/restart-all.sh diff --git a/mock-esignet-integration-impl/pom.xml b/mock-esignet-integration-impl/pom.xml index bccea627..72fedc93 100644 --- a/mock-esignet-integration-impl/pom.xml +++ b/mock-esignet-integration-impl/pom.xml @@ -5,7 +5,7 @@ io.mosip.esignet.mock esignet-mock-parent - 0.0.1-SNAPSHOT + 0.9.0 mock-esignet-integration-impl @@ -55,7 +55,7 @@ io.mosip.kernel kernel-keymanager-service - 1.2.1-SNAPSHOT + 1.2.0.1-B2 provided lib diff --git a/mock-identity-system/pom.xml b/mock-identity-system/pom.xml index 0f473d46..18430cee 100644 --- a/mock-identity-system/pom.xml +++ b/mock-identity-system/pom.xml @@ -5,7 +5,7 @@ io.mosip.esignet.mock esignet-mock-parent - 0.0.1-SNAPSHOT + 0.9.0 mock-identity-system @@ -120,7 +120,7 @@ io.mosip.kernel kernel-keymanager-service - 1.2.1-SNAPSHOT + 1.2.0.1-B2 lib diff --git a/mock-relying-party-ui/package-lock.json b/mock-relying-party-ui/package-lock.json index 2fa88a92..b7264309 100644 --- a/mock-relying-party-ui/package-lock.json +++ b/mock-relying-party-ui/package-lock.json @@ -10652,9 +10652,9 @@ "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=" }, "node_modules/json5": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz", - "integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==", + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", "bin": { "json5": "lib/cli.js" }, @@ -15513,9 +15513,9 @@ } }, "node_modules/tsconfig-paths/node_modules/json5": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", - "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", "dependencies": { "minimist": "^1.2.0" }, @@ -24376,9 +24376,9 @@ "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=" }, "json5": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz", - "integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==" + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==" }, "jsonfile": { "version": "6.1.0", @@ -27832,9 +27832,9 @@ }, "dependencies": { "json5": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", - "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", "requires": { "minimist": "^1.2.0" } diff --git a/partner-onboarder/README.md b/partner-onboarder/README.md new file mode 100644 index 00000000..3a5ac842 --- /dev/null +++ b/partner-onboarder/README.md @@ -0,0 +1,31 @@ +# Partner Onboarder + +## Overview +Uploads certificate for default partners. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding). + +## Install +* Set `values.yaml` to run onboarder for specific modules. +* run `./install.sh`. +``` +./install.sh +``` +# Troubleshootings + +* After completion of the job, a very detailed `html report` is prepared and stored in Minio inside onboarding bucket. + +### Troubleshooting + + 1. KER-ATH-401: Authentication Failed + + Resolution: Update secretkey for mosip-deployment-client. + + 2. Certificate dates are not valid + + Resolution: Check grace period in configuration. + + 3. Upload of certificate will not be allowed to update other domain certificate + + Resolution: Expected when we try to upload `ida-cred` certificate twice. It can be ignored as the certificate is already present. + + + diff --git a/partner-onboarder/copy_cm.sh b/partner-onboarder/copy_cm.sh new file mode 100755 index 00000000..9d69e071 --- /dev/null +++ b/partner-onboarder/copy_cm.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Copy configmaps from other namespaces +# DST_NS: Destination namespace + +COPY_UTIL=./copy_cm_func.sh +DST_NS=esignet + +$COPY_UTIL configmap global default $DST_NS +$COPY_UTIL configmap keycloak-env-vars keycloak $DST_NS +$COPY_UTIL configmap keycloak-host keycloak $DST_NS diff --git a/partner-onboarder/copy_cm_func.sh b/partner-onboarder/copy_cm_func.sh new file mode 100755 index 00000000..7b225948 --- /dev/null +++ b/partner-onboarder/copy_cm_func.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# Copy configmap and secret from one namespace to another. +# ./copy_cm_func.sh [name] +# Parameters: +# resource: configmap|secret +# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is +# clash of names + +if [ $1 = "configmap" ] +then + RESOURCE=configmap +elif [ $1 = "secret" ] +then + RESOURCE=secret +else + echo "Incorrect resource $1. Exiting.." + exit 1 +fi + + +if [ $# -ge 5 ] +then + kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5 + kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f - +else + kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2 + kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f - +fi + + + + + diff --git a/partner-onboarder/copy_secrets.sh b/partner-onboarder/copy_secrets.sh new file mode 100755 index 00000000..0438ce7e --- /dev/null +++ b/partner-onboarder/copy_secrets.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Copy secrets from other namespaces +# DST_NS: Destination namespace + +COPY_UTIL=./copy_cm_func.sh +DST_NS=esignet + +$COPY_UTIL secret s3 s3 $DST_NS +$COPY_UTIL secret keycloak keycloak $DST_NS +$COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS diff --git a/partner-onboarder/delete.sh b/partner-onboarder/delete.sh new file mode 100755 index 00000000..1240de56 --- /dev/null +++ b/partner-onboarder/delete.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Uninstalls partner-onboarder helm +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function deleting_onboarder() { + NS=esignet + while true; do + read -p "Are you sure you want to delete all partner-onboarder ?(Y/n) " yn + if [ $yn = "Y" ]; then + echo Deleting esignet-demo-oidc-partner-onboarder helm + helm -n $NS delete esignet-demo-oidc-partner-onboarder + break + fi + done + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +deleting_onboarder # calling function diff --git a/partner-onboarder/install.sh b/partner-onboarder/install.sh new file mode 100755 index 00000000..49317c55 --- /dev/null +++ b/partner-onboarder/install.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# Onboards default partners +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +echo "Do you have public domain & valid SSL? (Y/n) " +echo "Y: if you have public domain & valid ssl certificate" +echo "n: if you don't have public domain & valid ssl certificate" +read -p "" flag + +if [ -z "$flag" ]; then + echo "'flag' was provided; EXITING;" + exit 1; +fi +ENABLE_INSECURE='' +if [ "$flag" = "n" ]; then + ENABLE_INSECURE='--set onboarding.enableInsecure=true'; +fi + +NS=esignet +CHART_VERSION=12.0.1-B3 + +echo Create $NS namespace +kubectl create ns $NS + +function installing_onboarder() { + + read -p "Is values.yaml for onboarder chart set correctly as part of Pre-requisites?(Y/n) " yn; + if [ $yn = "Y" ]; then + echo Istio label + kubectl label ns $NS istio-injection=disabled --overwrite + helm repo update + + echo Copy configmaps + kubectl -n $NS --ignore-not-found=true delete cm s3 + sed -i 's/\r$//' copy_cm.sh + ./copy_cm.sh + + echo Copy secrets + sed -i 's/\r$//' copy_secrets.sh + ./copy_secrets.sh + + echo Onboarding default partners + helm -n $NS install esignet-demo-oidc-partner-onboarder mosip/partner-onboarder \ + --set onboarding.configmaps.s3.s3-host='http://minio.minio:9000' \ + --set onboarding.configmaps.s3.s3-user-key='admin' \ + --set onboarding.configmaps.s3.s3-region='' \ + $ENABLE_INSECURE \ + -f values.yaml \ + --version $CHART_VERSION + + echo Reports are moved to S3 under onboarder bucket + return 0 + fi +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_onboarder # calling function diff --git a/partner-onboarder/values.yaml b/partner-onboarder/values.yaml new file mode 100644 index 00000000..8bc87148 --- /dev/null +++ b/partner-onboarder/values.yaml @@ -0,0 +1,22 @@ +onboarding: + modules: + - name: ida + enabled: false + - name: print + enabled: false + - name: abis + enabled: false + - name: resident + enabled: false + - name: mobileid + enabled: false + - name: digitalcard + enabled: false + - name: esignet + enabled: false + - name: resident-oidc + enabled: false + - name: demo-oidc + enabled: true + - name: mimoto-keybinding + enabled: false \ No newline at end of file diff --git a/pom.xml b/pom.xml index c83d6fb6..20881df4 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 4.0.0 io.mosip.esignet.mock esignet-mock-parent - 0.0.1-SNAPSHOT + 0.9.0 pom esignet-mock Parent project of MOSIP e-Signet Mock Services