From 68c4a4f696c84d5d12574ccd228f125cd3bd3ca6 Mon Sep 17 00:00:00 2001 From: Anusha Sunkada Date: Wed, 29 Mar 2023 14:27:50 +0530 Subject: [PATCH 1/8] release version changes (#58) Co-authored-by: ase-101 <> --- .github/workflows/push_trigger.yml | 1 + .github/workflows/push_trigger_charts.yaml | 1 + mock-esignet-integration-impl/pom.xml | 4 ++-- mock-identity-system/pom.xml | 4 ++-- pom.xml | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml index 3e458666..4ecad795 100644 --- a/.github/workflows/push_trigger.yml +++ b/.github/workflows/push_trigger.yml @@ -7,6 +7,7 @@ on: - release-* - master - develop + - 0.9.0 jobs: build: diff --git a/.github/workflows/push_trigger_charts.yaml b/.github/workflows/push_trigger_charts.yaml index 8cf2ba3a..d8136d9a 100644 --- a/.github/workflows/push_trigger_charts.yaml +++ b/.github/workflows/push_trigger_charts.yaml @@ -5,6 +5,7 @@ on: branches: - 1.2.0.* - develop + - 0.9.0 paths: - 'charts/**' diff --git a/mock-esignet-integration-impl/pom.xml b/mock-esignet-integration-impl/pom.xml index bccea627..b0cd033c 100644 --- a/mock-esignet-integration-impl/pom.xml +++ b/mock-esignet-integration-impl/pom.xml @@ -5,7 +5,7 @@ io.mosip.esignet.mock esignet-mock-parent - 0.0.1-SNAPSHOT + 0.9.0-SNAPSHOT mock-esignet-integration-impl @@ -55,7 +55,7 @@ io.mosip.kernel kernel-keymanager-service - 1.2.1-SNAPSHOT + 1.2.0.1-B2 provided lib diff --git a/mock-identity-system/pom.xml b/mock-identity-system/pom.xml index 0f473d46..20a36070 100644 --- a/mock-identity-system/pom.xml +++ b/mock-identity-system/pom.xml @@ -5,7 +5,7 @@ io.mosip.esignet.mock esignet-mock-parent - 0.0.1-SNAPSHOT + 0.9.0-SNAPSHOT mock-identity-system @@ -120,7 +120,7 @@ io.mosip.kernel kernel-keymanager-service - 1.2.1-SNAPSHOT + 1.2.0.1-B2 lib diff --git a/pom.xml b/pom.xml index c83d6fb6..11c84954 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 4.0.0 io.mosip.esignet.mock esignet-mock-parent - 0.0.1-SNAPSHOT + 0.9.0-SNAPSHOT pom esignet-mock Parent project of MOSIP e-Signet Mock Services From 37b8fb8837745c14817840cee7fd5f786bddc7eb Mon Sep 17 00:00:00 2001 From: syed salman <72004356+syedsalman3753@users.noreply.github.com> Date: Fri, 31 Mar 2023 23:17:27 +0530 Subject: [PATCH 2/8] [ MOSIP-26666 ] updated esignet-mock deployment scripts (#59) * [ MOSIP-26666 ] updated esignet-mock deployment scripts * [ MOSIP-26666 ] updated esignet-mock deployment scripts --------- Co-authored-by: syed-salman-technoforte --- .gitignore | 3 + db_scripts/init_db.sh | 38 ++++++++++++ db_scripts/init_values.yaml | 68 +++++++++++++++++++++ helm/install.sh | 16 +++-- helm/mock-identity-system/Chart.yaml | 2 +- helm/mock-identity-system/values.yaml | 1 + helm/mock-relying-party-service/Chart.lock | 6 -- helm/mock-relying-party-service/Chart.yaml | 2 +- helm/mock-relying-party-service/values.yaml | 2 +- helm/mock-relying-party-ui/Chart.lock | 6 -- helm/mock-relying-party-ui/Chart.yaml | 2 +- 11 files changed, 124 insertions(+), 22 deletions(-) create mode 100755 db_scripts/init_db.sh create mode 100644 db_scripts/init_values.yaml delete mode 100644 helm/mock-relying-party-service/Chart.lock delete mode 100644 helm/mock-relying-party-ui/Chart.lock diff --git a/.gitignore b/.gitignore index ec10b1b2..b607e6a5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,6 @@ mock-esignet-integration-impl/.idea/* mock-identity-system/target/* mock-esignet-integration-impl/target/* mock-identity-system/local.p12 +.idea +helm/*/charts +helm/*/Chart.lock diff --git a/db_scripts/init_db.sh b/db_scripts/init_db.sh new file mode 100755 index 00000000..e2d81a60 --- /dev/null +++ b/db_scripts/init_db.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# Script to initialize mockidentitysystem DB. +## Usage: ./init_db.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=12.0.1-B3 + +helm repo add mosip https://mosip.github.io/mosip-helm +helm repo update + +while true; do + read -p "CAUTION: Do we already have Postgres installed? Also make sure the mockidentitysystem DB is backed up as the same will be overriden. Do you still want to continue?" yn + if [ $yn = "Y" ] + then + kubectl create ns $NS + DB_USER_PASSWORD=$( kubectl -n postgres get secrets db-common-secrets -o jsonpath={.data.db-dbuser-password} | base64 -d ) + + echo Removing existing mosip_mockidentitysystem DB installation + helm -n $NS delete postgres-init-mockidentitysystem + kubectl -n $NS delete --ignore-not-found=true secret db-common-secrets + + echo Copy Postgres secrets + ../helm/copy_cm_func.sh secret postgres-postgresql postgres $NS + + echo Initializing DB + helm -n $NS install postgres-init-mockidentitysystem mosip/postgres-init -f init_values.yaml \ + --version $CHART_VERSION \ + --set dbUserPasswords.dbuserPassword="$DB_USER_PASSWORD" \ + --wait --wait-for-jobs + break + else + break + fi +done \ No newline at end of file diff --git a/db_scripts/init_values.yaml b/db_scripts/init_values.yaml new file mode 100644 index 00000000..3b28a62c --- /dev/null +++ b/db_scripts/init_values.yaml @@ -0,0 +1,68 @@ +#dbUserPasswords: +# dbuserPassword: "" + +databases: + mosip_toolkit: + enabled: false + + mosip_master: + enabled: false + + mosip_audit: + enabled: false + + mosip_keymgr: + enabled: false + + mosip_kernel: + enabled: false + + mosip_idmap: + enabled: false + + mosip_prereg: + enabled: false + + mosip_idrepo: + enabled: false + + mosip_ida: + enabled: false + + mosip_credential: + enabled: false + + mosip_regprc: + enabled: false + + mosip_regdevice: + enabled: false + + mosip_authdevice: + enabled: false + + mosip_pms: + enabled: false + + mosip_hotlist: + enabled: false + + mosip_resident: + enabled: false + + mosip_digitalcard: + enabled: false + + mosip_esignet: + enabled: false + + mosip_mockidentitysystem: + enabled: true + host: "postgres-postgresql.postgres" + port: 5432 + su: + user: postgres + secret: + name: postgres-postgresql + key: postgresql-password + dml: 1 diff --git a/helm/install.sh b/helm/install.sh index f83717fc..63a89df3 100755 --- a/helm/install.sh +++ b/helm/install.sh @@ -8,13 +8,15 @@ fi NS=softhsm CHART_VERSION=12.0.1-B2 +SOFTHSM_CHART_VERSION=12.0.1-B2 + echo Installing Softhsm for mock-identity-system -helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $CHART_VERSION --wait +helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait echo Installed Softhsm for mock-identity-system ./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server -kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM +kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_ kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status @@ -54,7 +56,7 @@ if [ $? -gt 0 ]; then fi NS=esignet -CHART_VERSION=0.0.1 +CHART_VERSION=0.9.0 echo Create $NS namespace kubectl create ns $NS @@ -90,8 +92,9 @@ ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host}) echo Installing Mock Relying Party Service helm -n $NS install mock-relying-party-service ./mock-relying-party-service \ - --set mock_relying_party_service.ESIGNET_SERVICE_URL="https://$API_HOST"/v1/esignet"" \ - --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST"/v1/esignet/oauth/token"" + --set mock_relying_party_service.ESIGNET_SERVICE_URL="http://esignet.$NS/v1/esignet" \ + --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST/v1/esignet/oauth/token" \ + --version $CHART_VERSION echo Installing Mock Relying Party UI helm -n $NS install mock-relying-party-ui ./mock-relying-party-ui \ @@ -100,7 +103,8 @@ helm -n $NS install mock-relying-party-ui ./mock-relying-party-ui \ --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \ --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \ --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \ - --set istio.hosts\[0\]="$MOCK_UI_HOST" + --set istio.hosts\[0\]="$MOCK_UI_HOST" \ + --version $CHART_VERSION echo Installing mock-identity-system helm -n $NS install mock-identity-system ./mock-identity-system --version $CHART_VERSION diff --git a/helm/mock-identity-system/Chart.yaml b/helm/mock-identity-system/Chart.yaml index 6c37268d..a170e20d 100644 --- a/helm/mock-identity-system/Chart.yaml +++ b/helm/mock-identity-system/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mock-identity-system description: A Helm chart for MOSIP mock-identity-system module type: application -version: 0.0.1 +version: 0.9.0 appVersion: "" dependencies: - name: common diff --git a/helm/mock-identity-system/values.yaml b/helm/mock-identity-system/values.yaml index 9f716b1a..288b9990 100644 --- a/helm/mock-identity-system/values.yaml +++ b/helm/mock-identity-system/values.yaml @@ -248,6 +248,7 @@ extraEnvVarsCM: - global - config-server-share - artifactory-share + - softhsm-mock-identity-system-share ## Secret with extra environment variables ## diff --git a/helm/mock-relying-party-service/Chart.lock b/helm/mock-relying-party-service/Chart.lock deleted file mode 100644 index ba7e7a4e..00000000 --- a/helm/mock-relying-party-service/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.17.1 -digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690 -generated: "2022-11-16T14:22:53.378615881+05:30" diff --git a/helm/mock-relying-party-service/Chart.yaml b/helm/mock-relying-party-service/Chart.yaml index 449983a5..98d3a7fa 100644 --- a/helm/mock-relying-party-service/Chart.yaml +++ b/helm/mock-relying-party-service/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mock-relying-party-service description: A Helm chart to file server application. type: application -version: 0.0.1 +version: 0.9.0 appVersion: "" dependencies: - name: common diff --git a/helm/mock-relying-party-service/values.yaml b/helm/mock-relying-party-service/values.yaml index 3bcaa27d..3b25a453 100644 --- a/helm/mock-relying-party-service/values.yaml +++ b/helm/mock-relying-party-service/values.yaml @@ -71,7 +71,7 @@ mock_relying_party_service: mock_relying_party_serviceMountDIr: /home/mosip/oidc/ puburl: privurl: - ESIGNET_SERVICE_URL: https://api.sandbox.xyz.net/v1/esignet + ESIGNET_SERVICE_URL: http://esignet.namespace/v1/esignet ESIGNET_AUD_URL: https://api.sandbox.xyz.net/v1/esignet/oauth/token USERINFO_RESPONSE_TYPE: jwt ## Port on which this particular spring service module is running. diff --git a/helm/mock-relying-party-ui/Chart.lock b/helm/mock-relying-party-ui/Chart.lock deleted file mode 100644 index 550b6cd7..00000000 --- a/helm/mock-relying-party-ui/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.17.1 -digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690 -generated: "2022-11-16T13:53:14.40504912+05:30" diff --git a/helm/mock-relying-party-ui/Chart.yaml b/helm/mock-relying-party-ui/Chart.yaml index 5e298311..28d3e5da 100644 --- a/helm/mock-relying-party-ui/Chart.yaml +++ b/helm/mock-relying-party-ui/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mock-relying-party-ui description: A Helm chart for MOSIP OIDC UI module type: application -version: 12.0.2 +version: 0.9.0 appVersion: "" dependencies: - name: common From 73317e4195e1d3527ed7bc127c8440a0c8e915f9 Mon Sep 17 00:00:00 2001 From: syed salman <72004356+syedsalman3753@users.noreply.github.com> Date: Wed, 12 Apr 2023 12:52:13 +0530 Subject: [PATCH 3/8] [ MOSIP-26666 ] updated README.md & deployment scripts (#61) * [ MOSIP-26666 ] updated README.md * [ MOSIP-26666 ] updated README.md * [ MOSIP-26666 ] Updated esignet-mock README.md and deployment scripts * [MOSIP-26666] * [ MOSIP-26666 ] Updated README.md * [ MOSIP-26666 ] updated mock-relying-party-service install.sh * [MOSIP-26666] * [ MOSIP-26666 ] set default value for ESIGNET_SERVICE_URL * [ MOSIP-26666 ] updated chart url in release_chart.yml --------- Co-authored-by: syed-salman-technoforte Co-authored-by: Keshav Mishra --- .github/workflows/release_chart.yml | 2 +- README.md | 55 +++++++++ db_scripts/README.md | 28 +++++ helm/{delete.sh => delete-all.sh} | 2 +- helm/install-all.sh | 41 +++++++ helm/install.sh | 114 ------------------ helm/mock-identity-system/copy_cm.sh | 8 +- helm/mock-identity-system/delete.sh | 18 +++ helm/mock-identity-system/install.sh | 26 ++++ helm/mock-identity-system/restart.sh | 13 ++ .../copy_cm.sh | 3 +- helm/mock-relying-party-service/delete.sh | 18 +++ helm/mock-relying-party-service/install.sh | 65 ++++++++++ helm/mock-relying-party-service/restart.sh | 13 ++ helm/mock-relying-party-ui/delete.sh | 18 +++ helm/mock-relying-party-ui/install.sh | 45 +++++++ helm/mock-relying-party-ui/restart.sh | 13 ++ helm/{restart.sh => restart-all.sh} | 0 18 files changed, 360 insertions(+), 122 deletions(-) rename helm/{delete.sh => delete-all.sh} (91%) create mode 100755 helm/install-all.sh delete mode 100755 helm/install.sh mode change 100644 => 100755 helm/mock-identity-system/copy_cm.sh create mode 100755 helm/mock-identity-system/delete.sh create mode 100755 helm/mock-identity-system/install.sh create mode 100755 helm/mock-identity-system/restart.sh rename helm/{ => mock-relying-party-service}/copy_cm.sh (92%) create mode 100755 helm/mock-relying-party-service/delete.sh create mode 100755 helm/mock-relying-party-service/install.sh create mode 100755 helm/mock-relying-party-service/restart.sh create mode 100755 helm/mock-relying-party-ui/delete.sh create mode 100755 helm/mock-relying-party-ui/install.sh create mode 100755 helm/mock-relying-party-ui/restart.sh rename helm/{restart.sh => restart-all.sh} (100%) diff --git a/.github/workflows/release_chart.yml b/.github/workflows/release_chart.yml index 4c9e2158..98c63f92 100644 --- a/.github/workflows/release_chart.yml +++ b/.github/workflows/release_chart.yml @@ -19,6 +19,6 @@ jobs: with: token: ${{ secrets.ACTION_PAT }} charts_dir: ./helm - charts_url: https://github.com/mosip + charts_url: https://mosip.github.io/mosip-helm repository: mosip-helm branch: gh-pages diff --git a/README.md b/README.md index 0f4f6bfb..c8ddaa9b 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,57 @@ # esignet-mock-services Repository contains mock implementation of auth for e-signet + +## Installing in k8s cluster using helm +### Pre-requisites +1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC. +1. Make sure [DB setup](db_scripts/README.md#install-in-existing-mosip-k8-cluster) is done. +1. Add / merge below mentioned properties files into existing config branch: + * [mock-identity-system-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/mock-identity-system-default.properties) + * [application-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/application-default.properties) +1. Add below properties in [esignet-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/esignet-default.properties) incase using MockAuth for esignet. + ``` + mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration + mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl + mosip.esignet.integration.authenticator=MockAuthenticationService + mosip.esignet.integration.key-binder=MockKeyBindingWrapperService + mosip.esignet.integration.audit-plugin=LoggerAuditService + mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService + ``` +1. Below are the dependent services required for compliance toolkit service: + | Chart | Chart version | + |---|---| + |[Keycloak](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 7.1.18 | + |[Keycloak-init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 12.0.1-B3 | + |[Postgres](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 10.16.2 | + |[Postgres Init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 12.0.1-B3 | + |[Config-server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/config-server) | 12.0.1-B3 | + |[Artifactory server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/artifactory) | 12.0.1-B3 | + |[esignet-softhsm](https://github.com/mosip/esignet/blob/v1.0.0/helm/install-all.sh) | 12.0.1-B2 | + |[redis](https://github.com/mosip/esignet/blob/v1.0.0/helm/redis)| 17.3.14 | + |[esignet](https://github.com/mosip/esignet/tree/v1.0.0/helm/esignet) | 1.0.0 | + |[oidc-ui](https://github.com/mosip/esignet/blob/v1.0.0/helm/oidc-ui) | 1.0.0 | + +### Install +* Install `kubectl` and `helm` utilities. +* Run `install-all.sh` to deploy esignet services. + ``` + cd helm + ./install-all.sh + ``` + +### Delete +* Run `delete-all.sh` to remove esignet services. + ``` + cd helm + ./delete-all.sh + ``` + +### Restart +* Run `restart-all.sh` to restart esignet services. + ``` + cd helm + ./restart.sh + ``` + +## Onboard esignet mock and relying party services +* Run onboarder's [install.sh](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/partner-onboarder) script to exchange jwk certificates. diff --git a/db_scripts/README.md b/db_scripts/README.md index 567dfea5..02966181 100644 --- a/db_scripts/README.md +++ b/db_scripts/README.md @@ -1,2 +1,30 @@ # esignet-mock-services Mock implementation of auth for e-signet + +## Overview +This folder containers various SQL scripts to create database and tables in postgres. +The tables are described under `/ddl/`. +Default data that's populated in the tables is present under `/dml` folder. + +## Prerequisites +* Make sure that the esignet database has been initialized and its associated service is currently running. +* Command line utilities: + - kubectl + - helm +* Helm repos: + ```sh + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add mosip https://mosip.github.io/mosip-helm + ``` + +## Install in existing MOSIP K8 Cluster +These scripts are automatically run with below mentioned script in existing k8 cluster with Postgres installed. +### Install +* Set your kube_config file or kube_config variable on PC. +* Update `init_values.yaml` with db-common-password from the postgres namespace in the required field `dbUserPasswords.dbuserPassword` and ensure `databases.mosip_mockidentitysystem` is enabled. + ``` + ./init_db.sh` + ``` + +## Install for developers +Developers may run the SQLs using `/deploy.sh` script. diff --git a/helm/delete.sh b/helm/delete-all.sh similarity index 91% rename from helm/delete.sh rename to helm/delete-all.sh index f7706ec3..258d21d8 100755 --- a/helm/delete.sh +++ b/helm/delete-all.sh @@ -13,7 +13,7 @@ while true; do then helm -n $NS delete mock-relying-party-service helm -n $NS delete mock-relying-party-ui - helm -n $NS delete mock-identity-system + helm -n $NS delete mock-identity-system break else break diff --git a/helm/install-all.sh b/helm/install-all.sh new file mode 100755 index 00000000..be719f00 --- /dev/null +++ b/helm/install-all.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Installs all esignet mock service helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +ROOT_DIR=`pwd` +NS=softhsm +SOFTHSM_CHART_VERSION=12.0.1-B2 + +echo Istio label +kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite +helm repo add mosip https://mosip.github.io/mosip-helm +helm repo update + +echo Installing Softhsm for mock-identity-system +helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait +echo Installed Softhsm for mock-identity-system + +./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server + +kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_ + +#kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status + +declare -a module=("mock-identity-system" + "mock-relying-party-service" + "mock-relying-party-ui" + ) + +echo Installing esignet mock services + +for i in "${module[@]}" +do + cd $ROOT_DIR/"$i" + ./install.sh +done + +echo All esignet mock services deployed sucessfully. diff --git a/helm/install.sh b/helm/install.sh deleted file mode 100755 index 63a89df3..00000000 --- a/helm/install.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/sh -# Installs all esignet mock service helm charts -## Usage: ./install.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -NS=softhsm -CHART_VERSION=12.0.1-B2 -SOFTHSM_CHART_VERSION=12.0.1-B2 - -echo Installing Softhsm for mock-identity-system -helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait -echo Installed Softhsm for mock-identity-system - -./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server - -kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_ - -kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status - -read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY - -if [ -z "$CLIENT_PRIVATE_KEY" ]; then - echo "Client Private key file not provided; EXITING;"; - exit 0; -fi -if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then - echo "Client Private key not found; EXITING;"; - exit 0; -fi - -read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY - -if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then - echo "Client jwe userinfo Private key file not provided; EXITING;"; - exit 0; -fi -if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then - echo "Client jwe userinfo Private key not found; EXITING;"; - exit 0; -fi - -read -p "Please provide mock relying party ui domain (eg: healthservices.sandbox.xyz.net ) : " MOCK_UI_HOST - -if [ -z "$MOCK_UI_HOST" ]; then - echo "Mock relying party UI Host not provided; EXITING;" - exit 0; -fi - -CHK_MOCK_UI_HOST=$( nslookup "$MOCK_UI_HOST" ) -if [ $? -gt 0 ]; then - echo "Mock relying party UI Host does not exists; EXITING;" - exit 0; -fi - -NS=esignet -CHART_VERSION=0.9.0 - -echo Create $NS namespace -kubectl create ns $NS - -echo Istio label -kubectl label ns $NS istio-injection=enabled --overwrite - -echo "Build esignet mock service charts" -cd mock-relying-party-service -helm dependency update -cd ../mock-relying-party-ui -helm dependency update -cd ../mock-identity-system -helm dependency update - -cd ../ - -echo "Copy configmaps" -./copy_cm.sh - -echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists" -cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key -cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key - - -kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets -kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets -kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key" -kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key" - -API_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-api-host}) -ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host}) - -echo Installing Mock Relying Party Service -helm -n $NS install mock-relying-party-service ./mock-relying-party-service \ - --set mock_relying_party_service.ESIGNET_SERVICE_URL="http://esignet.$NS/v1/esignet" \ - --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST/v1/esignet/oauth/token" \ - --version $CHART_VERSION - -echo Installing Mock Relying Party UI -helm -n $NS install mock-relying-party-ui ./mock-relying-party-ui \ - --set mock_relying_party_ui.mock_relying_party_ui_service_host="$MOCK_UI_HOST" \ - --set mock_relying_party_ui.ESIGNET_UI_BASE_URL="https://$ESIGNET_HOST" \ - --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \ - --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \ - --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \ - --set istio.hosts\[0\]="$MOCK_UI_HOST" \ - --version $CHART_VERSION - -echo Installing mock-identity-system -helm -n $NS install mock-identity-system ./mock-identity-system --version $CHART_VERSION - -kubectl -n $NS get deploy mock-relying-party-ui mock-relying-party-service mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status - -echo "Installed Mock Relying Party Service, Mock Relying Party UI & Mock Identity System" diff --git a/helm/mock-identity-system/copy_cm.sh b/helm/mock-identity-system/copy_cm.sh old mode 100644 new mode 100755 index c9a16fa9..cb7e1651 --- a/helm/mock-identity-system/copy_cm.sh +++ b/helm/mock-identity-system/copy_cm.sh @@ -1,11 +1,11 @@ #!/bin/sh # Copy configmaps from other namespaces -# DST_NS: Destination namespace +# DST_NS: Destination namespace COPY_UTIL=../copy_cm_func.sh -DST_NS=mock-identity-system +DST_NS=esignet -$COPY_UTIL configmap global default $DST_NS -$COPY_UTIL configmap artifactory-share artifactory $DST_NS +$COPY_UTIL configmap global default $DST_NS +$COPY_UTIL configmap artifactory-share artifactory $DST_NS $COPY_UTIL configmap config-server-share config-server $DST_NS $COPY_UTIL configmap softhsm-mock-identity-system-share softhsm $DST_NS diff --git a/helm/mock-identity-system/delete.sh b/helm/mock-identity-system/delete.sh new file mode 100755 index 00000000..0c25a7e7 --- /dev/null +++ b/helm/mock-identity-system/delete.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi +NS=esignet +while true; do + read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn + if [ $yn = "Y" ] + then + helm -n $NS delete mock-identity-system + break + else + break + fi +done diff --git a/helm/mock-identity-system/install.sh b/helm/mock-identity-system/install.sh new file mode 100755 index 00000000..b86778d7 --- /dev/null +++ b/helm/mock-identity-system/install.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=0.9.0 + +echo Create $NS namespace +kubectl create ns $NS + +echo "Copy configmaps" +./copy_cm.sh + +echo Istio label +kubectl label ns $NS istio-injection=enabled --overwrite + +echo Installing mock-identity-system +helm -n $NS install mock-identity-system mosip/mock-identity-system --version $CHART_VERSION + +kubectl -n $NS get deploy mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Installed mock-identity-system service diff --git a/helm/mock-identity-system/restart.sh b/helm/mock-identity-system/restart.sh new file mode 100755 index 00000000..5afc516e --- /dev/null +++ b/helm/mock-identity-system/restart.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +kubectl -n $NS rollout restart deploy mock-identity-system + +kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Retarted mock-identity-system services diff --git a/helm/copy_cm.sh b/helm/mock-relying-party-service/copy_cm.sh similarity index 92% rename from helm/copy_cm.sh rename to helm/mock-relying-party-service/copy_cm.sh index af4c31fc..cea78d46 100755 --- a/helm/copy_cm.sh +++ b/helm/mock-relying-party-service/copy_cm.sh @@ -2,10 +2,9 @@ # Copy configmaps from other namespaces # DST_NS: Destination namespace -COPY_UTIL=./copy_cm_func.sh +COPY_UTIL=../copy_cm_func.sh DST_NS=esignet - $COPY_UTIL configmap global default $DST_NS $COPY_UTIL configmap config-server-share config-server $DST_NS $COPY_UTIL configmap artifactory-share artifactory $DST_NS diff --git a/helm/mock-relying-party-service/delete.sh b/helm/mock-relying-party-service/delete.sh new file mode 100755 index 00000000..744ad424 --- /dev/null +++ b/helm/mock-relying-party-service/delete.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi +NS=esignet +while true; do + read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn + if [ $yn = "Y" ] + then + helm -n $NS delete mock-relying-party-service + break + else + break + fi +done diff --git a/helm/mock-relying-party-service/install.sh b/helm/mock-relying-party-service/install.sh new file mode 100755 index 00000000..f90dbd4c --- /dev/null +++ b/helm/mock-relying-party-service/install.sh @@ -0,0 +1,65 @@ +#!/bin/sh +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=0.9.0 + +echo Create $NS namespace +kubectl create ns $NS + +echo Istio label +kubectl label ns $NS istio-injection=enabled --overwrite + +echo "Copy configmaps" +./copy_cm.sh + +read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY + +if [ -z "$CLIENT_PRIVATE_KEY" ]; then + echo "Client Private key file not provided; EXITING;"; + exit 0; +fi +if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then + echo "Client Private key not found; EXITING;"; + exit 0; +fi + +read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY + +if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then + echo "Client jwe userinfo Private key file not provided; EXITING;"; + exit 0; +fi +if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then + echo "Client jwe userinfo Private key not found; EXITING;"; + exit 0; +fi + +echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists" +cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key +cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key + +kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets +kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets +kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key" +kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key" + +API_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-api-host}) +DEFAULT_ESIGNET_SERVICE_URL='http://esignet.esignet/v1/esignet' +read -p "Please provide Esignet service url : ( default: http://esignet.esignet/v1/esignet )" USER_PROVIDED_ESIGNET_SERVICE_URL +ESIGNET_SERVICE_URL=${USER_PROVIDED_ESIGNET_SERVICE_URL:-$DEFAULT_ESIGNET_SERVICE_URL} + +echo Installing Mock Relying Party Service +helm -n $NS install mock-relying-party-service mosip/mock-relying-party-service \ + --set mock_relying_party_service.ESIGNET_SERVICE_URL="$ESIGNET_SERVICE_URL" \ + --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST/v1/esignet/oauth/token" \ + --version $CHART_VERSION + +kubectl -n $NS get deploy mock-relying-party-service -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Installed mock-relying-party-service service diff --git a/helm/mock-relying-party-service/restart.sh b/helm/mock-relying-party-service/restart.sh new file mode 100755 index 00000000..60898df3 --- /dev/null +++ b/helm/mock-relying-party-service/restart.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +kubectl -n $NS rollout restart deploy mock-relying-party-service + +kubectl -n $NS get mock-relying-party-service deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Retarted mock-identity-system services diff --git a/helm/mock-relying-party-ui/delete.sh b/helm/mock-relying-party-ui/delete.sh new file mode 100755 index 00000000..7f7b9415 --- /dev/null +++ b/helm/mock-relying-party-ui/delete.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi +NS=esignet +while true; do + read -p "Are you sure you want to delete all mock-relying-party-ui helm charts?(Y/n) " yn + if [ $yn = "Y" ] + then + helm -n $NS delete mock-relying-party-ui + break + else + break + fi +done diff --git a/helm/mock-relying-party-ui/install.sh b/helm/mock-relying-party-ui/install.sh new file mode 100755 index 00000000..7ea8a39b --- /dev/null +++ b/helm/mock-relying-party-ui/install.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=0.9.0 + +read -p "Please provide mock relying party ui domain (eg: healthservices.sandbox.xyz.net ) : " MOCK_UI_HOST + +if [ -z "$MOCK_UI_HOST" ]; then + echo "Mock relying party UI Host not provided; EXITING;" + exit 0; +fi + +CHK_MOCK_UI_HOST=$( nslookup "$MOCK_UI_HOST" ) +if [ $? -gt 0 ]; then + echo "Mock relying party UI Host does not exists; EXITING;" + exit 0; +fi + +echo Create $NS namespace +kubectl create ns $NS + +echo Istio label +kubectl label ns $NS istio-injection=enabled --overwrite + +ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host}) + +echo Installing Mock Relying Party UI +helm -n $NS install mock-relying-party-ui mosip/mock-relying-party-ui \ + --set mock_relying_party_ui.mock_relying_party_ui_service_host="$MOCK_UI_HOST" \ + --set mock_relying_party_ui.ESIGNET_UI_BASE_URL="https://$ESIGNET_HOST" \ + --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \ + --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \ + --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \ + --set istio.hosts\[0\]="$MOCK_UI_HOST" \ + --version $CHART_VERSION + +kubectl -n $NS get deploy mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Installed mock-relying-party-service service diff --git a/helm/mock-relying-party-ui/restart.sh b/helm/mock-relying-party-ui/restart.sh new file mode 100755 index 00000000..637fa666 --- /dev/null +++ b/helm/mock-relying-party-ui/restart.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +kubectl -n $NS rollout restart deploy mock-relying-party-ui + +kubectl -n $NS get mock-relying-party-ui deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + +echo Retarted mock-relying-party-ui services diff --git a/helm/restart.sh b/helm/restart-all.sh similarity index 100% rename from helm/restart.sh rename to helm/restart-all.sh From ecd8aa261210de6b535127a290a11a1d252b01be Mon Sep 17 00:00:00 2001 From: syed salman <72004356+syedsalman3753@users.noreply.github.com> Date: Wed, 12 Apr 2023 23:58:15 +0530 Subject: [PATCH 4/8] [ MOSIP-26666 ] added onboarder for demo-oidc (#64) Co-authored-by: syed-salman-technoforte --- README.md | 2 +- helm/mock-relying-party-ui/values.yaml | 2 +- partner-onboarder/README.md | 33 +++++++++++++ partner-onboarder/copy_cm.sh | 10 ++++ partner-onboarder/copy_cm_func.sh | 33 +++++++++++++ partner-onboarder/copy_secrets.sh | 10 ++++ partner-onboarder/delete.sh | 28 +++++++++++ partner-onboarder/install.sh | 66 ++++++++++++++++++++++++++ partner-onboarder/values.yaml | 22 +++++++++ 9 files changed, 204 insertions(+), 2 deletions(-) create mode 100644 partner-onboarder/README.md create mode 100755 partner-onboarder/copy_cm.sh create mode 100755 partner-onboarder/copy_cm_func.sh create mode 100755 partner-onboarder/copy_secrets.sh create mode 100755 partner-onboarder/delete.sh create mode 100755 partner-onboarder/install.sh create mode 100644 partner-onboarder/values.yaml diff --git a/README.md b/README.md index c8ddaa9b..f00b84a2 100644 --- a/README.md +++ b/README.md @@ -54,4 +54,4 @@ Repository contains mock implementation of auth for e-signet ``` ## Onboard esignet mock and relying party services -* Run onboarder's [install.sh](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/partner-onboarder) script to exchange jwk certificates. +* Run onboarder's [install.sh](partner-onboarder) script to exchange jwk certificates. diff --git a/helm/mock-relying-party-ui/values.yaml b/helm/mock-relying-party-ui/values.yaml index 228f61e9..5398fe52 100644 --- a/helm/mock-relying-party-ui/values.yaml +++ b/helm/mock-relying-party-ui/values.yaml @@ -422,7 +422,7 @@ mock_relying_party_ui: MOCK_RELYING_PARTY_SERVER_URL: https://healthservices.sandbox.xyz.net/mock-relying-party-service REDIRECT_URI: https://healthservices.sandbox.xyz.net/userprofile CLIENT_ID: 88Vjt34c5Twz1oJ - ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:static-code + ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:linked-wallet MOCK_RELYING_PARTY_SERVICE_INTERNAL_URL: http://mock-relying-party-service.esignet REDIRECT_URI_REGISTRATION: https://healthservices.sandbox.xyz.net/registration ## oidc UI swagger should have only internal access. Hence linked to internal gateway diff --git a/partner-onboarder/README.md b/partner-onboarder/README.md new file mode 100644 index 00000000..bead756e --- /dev/null +++ b/partner-onboarder/README.md @@ -0,0 +1,33 @@ +# Partner Onboarder + +## Overview +Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding). + +## Install +* Set `values.yaml` to run onboarder for specific modules. +* run `./install.sh`. +``` +./install.sh +``` +# Troubleshootings + +* After completion of the job, a very detailed `html report` is prepared and stored at https://onboarder.{sandbox_base_url}.mosip.net + +* The user can go and view the same for more information or response messages. + +### Commonly found issues + + 1. KER-ATH-401: Authentication Failed + + Resolution: You need to provide correct secretkey for mosip-deployment-client. + + 2. Certificate dates are not valid + + Resolution: Check with admin regarding adding grace period in configuration. + + 3. Upload of certificate will not be allowed to update other domain certificate + + Resolution: This is expected when you try to upload `ida-cred` certificate twice. It should only run once and if you see this error while uploading a second time it can be ignored as the cert is already present. + + + diff --git a/partner-onboarder/copy_cm.sh b/partner-onboarder/copy_cm.sh new file mode 100755 index 00000000..9d69e071 --- /dev/null +++ b/partner-onboarder/copy_cm.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Copy configmaps from other namespaces +# DST_NS: Destination namespace + +COPY_UTIL=./copy_cm_func.sh +DST_NS=esignet + +$COPY_UTIL configmap global default $DST_NS +$COPY_UTIL configmap keycloak-env-vars keycloak $DST_NS +$COPY_UTIL configmap keycloak-host keycloak $DST_NS diff --git a/partner-onboarder/copy_cm_func.sh b/partner-onboarder/copy_cm_func.sh new file mode 100755 index 00000000..7b225948 --- /dev/null +++ b/partner-onboarder/copy_cm_func.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# Copy configmap and secret from one namespace to another. +# ./copy_cm_func.sh [name] +# Parameters: +# resource: configmap|secret +# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is +# clash of names + +if [ $1 = "configmap" ] +then + RESOURCE=configmap +elif [ $1 = "secret" ] +then + RESOURCE=secret +else + echo "Incorrect resource $1. Exiting.." + exit 1 +fi + + +if [ $# -ge 5 ] +then + kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5 + kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f - +else + kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2 + kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f - +fi + + + + + diff --git a/partner-onboarder/copy_secrets.sh b/partner-onboarder/copy_secrets.sh new file mode 100755 index 00000000..0438ce7e --- /dev/null +++ b/partner-onboarder/copy_secrets.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Copy secrets from other namespaces +# DST_NS: Destination namespace + +COPY_UTIL=./copy_cm_func.sh +DST_NS=esignet + +$COPY_UTIL secret s3 s3 $DST_NS +$COPY_UTIL secret keycloak keycloak $DST_NS +$COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS diff --git a/partner-onboarder/delete.sh b/partner-onboarder/delete.sh new file mode 100755 index 00000000..1240de56 --- /dev/null +++ b/partner-onboarder/delete.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Uninstalls partner-onboarder helm +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function deleting_onboarder() { + NS=esignet + while true; do + read -p "Are you sure you want to delete all partner-onboarder ?(Y/n) " yn + if [ $yn = "Y" ]; then + echo Deleting esignet-demo-oidc-partner-onboarder helm + helm -n $NS delete esignet-demo-oidc-partner-onboarder + break + fi + done + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +deleting_onboarder # calling function diff --git a/partner-onboarder/install.sh b/partner-onboarder/install.sh new file mode 100755 index 00000000..49317c55 --- /dev/null +++ b/partner-onboarder/install.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# Onboards default partners +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +echo "Do you have public domain & valid SSL? (Y/n) " +echo "Y: if you have public domain & valid ssl certificate" +echo "n: if you don't have public domain & valid ssl certificate" +read -p "" flag + +if [ -z "$flag" ]; then + echo "'flag' was provided; EXITING;" + exit 1; +fi +ENABLE_INSECURE='' +if [ "$flag" = "n" ]; then + ENABLE_INSECURE='--set onboarding.enableInsecure=true'; +fi + +NS=esignet +CHART_VERSION=12.0.1-B3 + +echo Create $NS namespace +kubectl create ns $NS + +function installing_onboarder() { + + read -p "Is values.yaml for onboarder chart set correctly as part of Pre-requisites?(Y/n) " yn; + if [ $yn = "Y" ]; then + echo Istio label + kubectl label ns $NS istio-injection=disabled --overwrite + helm repo update + + echo Copy configmaps + kubectl -n $NS --ignore-not-found=true delete cm s3 + sed -i 's/\r$//' copy_cm.sh + ./copy_cm.sh + + echo Copy secrets + sed -i 's/\r$//' copy_secrets.sh + ./copy_secrets.sh + + echo Onboarding default partners + helm -n $NS install esignet-demo-oidc-partner-onboarder mosip/partner-onboarder \ + --set onboarding.configmaps.s3.s3-host='http://minio.minio:9000' \ + --set onboarding.configmaps.s3.s3-user-key='admin' \ + --set onboarding.configmaps.s3.s3-region='' \ + $ENABLE_INSECURE \ + -f values.yaml \ + --version $CHART_VERSION + + echo Reports are moved to S3 under onboarder bucket + return 0 + fi +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_onboarder # calling function diff --git a/partner-onboarder/values.yaml b/partner-onboarder/values.yaml new file mode 100644 index 00000000..8bc87148 --- /dev/null +++ b/partner-onboarder/values.yaml @@ -0,0 +1,22 @@ +onboarding: + modules: + - name: ida + enabled: false + - name: print + enabled: false + - name: abis + enabled: false + - name: resident + enabled: false + - name: mobileid + enabled: false + - name: digitalcard + enabled: false + - name: esignet + enabled: false + - name: resident-oidc + enabled: false + - name: demo-oidc + enabled: true + - name: mimoto-keybinding + enabled: false \ No newline at end of file From a91756d426df337ca9e56f74f8ee5418e7207970 Mon Sep 17 00:00:00 2001 From: syed salman <72004356+syedsalman3753@users.noreply.github.com> Date: Thu, 13 Apr 2023 01:21:25 +0530 Subject: [PATCH 5/8] [ DSD-2545 ] updated docker images (#66) Co-authored-by: syed-salman-technoforte --- helm/mock-identity-system/values.yaml | 4 ++-- helm/mock-relying-party-service/values.yaml | 4 ++-- helm/mock-relying-party-ui/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/mock-identity-system/values.yaml b/helm/mock-identity-system/values.yaml index 288b9990..90fd331d 100644 --- a/helm/mock-identity-system/values.yaml +++ b/helm/mock-identity-system/values.yaml @@ -52,8 +52,8 @@ service: image: registry: docker.io - repository: mosipdev/mock-identity-system - tag: develop + repository: mosipqa/mock-identity-system + tag: 0.9.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/mock-relying-party-service/values.yaml b/helm/mock-relying-party-service/values.yaml index 3b25a453..3728c06b 100644 --- a/helm/mock-relying-party-service/values.yaml +++ b/helm/mock-relying-party-service/values.yaml @@ -51,8 +51,8 @@ service: image: registry: docker.io - repository: mosipdev/mock-relying-party-service - tag: develop + repository: mosipqa/mock-relying-party-service + tag: 0.9.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/mock-relying-party-ui/values.yaml b/helm/mock-relying-party-ui/values.yaml index 5398fe52..ccdfab0c 100644 --- a/helm/mock-relying-party-ui/values.yaml +++ b/helm/mock-relying-party-ui/values.yaml @@ -51,8 +51,8 @@ service: image: registry: docker.io - repository: mosipdev/mock-relying-party-ui - tag: develop + repository: mosipqa/mock-relying-party-ui + tag: 0.9.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From a0a92b1af1ed8640fec5b0f722ce9da9e184d90b Mon Sep 17 00:00:00 2001 From: Keshav Mishra Date: Thu, 13 Apr 2023 11:25:31 +0530 Subject: [PATCH 6/8] [MOSIP-26864] --- partner-onboarder/README.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/partner-onboarder/README.md b/partner-onboarder/README.md index bead756e..3a5ac842 100644 --- a/partner-onboarder/README.md +++ b/partner-onboarder/README.md @@ -1,7 +1,7 @@ # Partner Onboarder ## Overview -Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding). +Uploads certificate for default partners. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding). ## Install * Set `values.yaml` to run onboarder for specific modules. @@ -11,23 +11,21 @@ Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](http ``` # Troubleshootings -* After completion of the job, a very detailed `html report` is prepared and stored at https://onboarder.{sandbox_base_url}.mosip.net +* After completion of the job, a very detailed `html report` is prepared and stored in Minio inside onboarding bucket. -* The user can go and view the same for more information or response messages. - -### Commonly found issues +### Troubleshooting 1. KER-ATH-401: Authentication Failed - Resolution: You need to provide correct secretkey for mosip-deployment-client. + Resolution: Update secretkey for mosip-deployment-client. 2. Certificate dates are not valid - Resolution: Check with admin regarding adding grace period in configuration. + Resolution: Check grace period in configuration. 3. Upload of certificate will not be allowed to update other domain certificate - Resolution: This is expected when you try to upload `ida-cred` certificate twice. It should only run once and if you see this error while uploading a second time it can be ignored as the cert is already present. + Resolution: Expected when we try to upload `ida-cred` certificate twice. It can be ignored as the certificate is already present. From 43b64fb49c4877376dfce0f9cffafecc86652fb3 Mon Sep 17 00:00:00 2001 From: Keshav Mishra Date: Fri, 14 Apr 2023 15:59:38 +0530 Subject: [PATCH 7/8] Release Bot Pre-release changes (#71) Co-authored-by: Mohanraj209 --- .github/workflows/push_trigger.yml | 2 +- mock-esignet-integration-impl/pom.xml | 2 +- mock-identity-system/pom.xml | 2 +- pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml index 4ecad795..a52ed15a 100644 --- a/.github/workflows/push_trigger.yml +++ b/.github/workflows/push_trigger.yml @@ -120,7 +120,7 @@ jobs: mvn -B package --file pom.xml -s $GITHUB_WORKSPACE/settings.xml - name: Publish the maven package run: | - mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.OSSRH_SNAPSHOT_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml + mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.RELEASE_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml env: GITHUB_TOKEN: ${{ secrets.RELEASE_token }} GPG_TTY: $(tty) diff --git a/mock-esignet-integration-impl/pom.xml b/mock-esignet-integration-impl/pom.xml index b0cd033c..72fedc93 100644 --- a/mock-esignet-integration-impl/pom.xml +++ b/mock-esignet-integration-impl/pom.xml @@ -5,7 +5,7 @@ io.mosip.esignet.mock esignet-mock-parent - 0.9.0-SNAPSHOT + 0.9.0 mock-esignet-integration-impl diff --git a/mock-identity-system/pom.xml b/mock-identity-system/pom.xml index 20a36070..18430cee 100644 --- a/mock-identity-system/pom.xml +++ b/mock-identity-system/pom.xml @@ -5,7 +5,7 @@ io.mosip.esignet.mock esignet-mock-parent - 0.9.0-SNAPSHOT + 0.9.0 mock-identity-system diff --git a/pom.xml b/pom.xml index 11c84954..20881df4 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 4.0.0 io.mosip.esignet.mock esignet-mock-parent - 0.9.0-SNAPSHOT + 0.9.0 pom esignet-mock Parent project of MOSIP e-Signet Mock Services From c096a0aae4eb83935c839c07188c4b7bcb8fb017 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 15 Apr 2023 10:10:23 +0000 Subject: [PATCH 8/8] Bump json5 from 1.0.1 to 1.0.2 in /mock-relying-party-ui Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- mock-relying-party-ui/package-lock.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/mock-relying-party-ui/package-lock.json b/mock-relying-party-ui/package-lock.json index 2fa88a92..b7264309 100644 --- a/mock-relying-party-ui/package-lock.json +++ b/mock-relying-party-ui/package-lock.json @@ -10652,9 +10652,9 @@ "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=" }, "node_modules/json5": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz", - "integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==", + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", "bin": { "json5": "lib/cli.js" }, @@ -15513,9 +15513,9 @@ } }, "node_modules/tsconfig-paths/node_modules/json5": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", - "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", "dependencies": { "minimist": "^1.2.0" }, @@ -24376,9 +24376,9 @@ "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=" }, "json5": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz", - "integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==" + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==" }, "jsonfile": { "version": "6.1.0", @@ -27832,9 +27832,9 @@ }, "dependencies": { "json5": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", - "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", "requires": { "minimist": "^1.2.0" }