Merge branch 'release' into 'main'

Release See merge request simpl/simpl-open/development/iaa/simpl-cloud-gateway!29

Merge branch 'release' into 'main'
eb6136b4 · Flavio Ferraioli · 1a0e72b1 · 6891a818 · eb6136b4 · eb6136b4
Commit eb6136b4 authored 10 months ago by Flavio Ferraioli
--- a/Dockerfile
+++ b/Dockerfile
-FROM openjdk:17-jdk-alpine
+FROM eclipse-temurin:21-jdk-alpine
+RUN adduser -S -u 1001 1001
 COPY target/*.jar app.jar
+RUN chown 1001 /app.jar
+USER 1001
 ENTRYPOINT ["java","-jar","/app.jar"]
--- a/charts/README.md
+++ b/charts/README.md
+# ConfigMap Configuration
+
+This `ConfigMap` is designed to configure a Kubernetes application based on different profiles and environmental variables. The `ConfigMap` is templated using Helm, allowing customization based on the values provided in the Helm chart.
+
+## Overview
+
+The `ConfigMap` is used to store non-confidential configuration data in key-value pairs. This configuration supports two main profiles: `authority` and `participant`. Depending on the profile specified in the Helm chart, different environment variables will be set.
+
+## Configuration Details
+
+### Profiles
+
+- **Authority Profile**
+    - If the global profile is set to `authority`, the following environment variable is configured:
+        - `SAP_URL`: URL for the Security Attributes Provider.
+            - Format: `http://security-attributes-provider.<namespace>.svc.cluster.local:8080`
+        - `ONBOARDING_URL`: URL for the Onboarding.
+          - Format: `http://onboarding.<namespace>.svc.cluster.local:8080`
+        - `EJBCA_URL`: URL for the EJBCA.
+            - Format: `http://ejbca-community-helm.<namespace>.svc.cluster.local:30080`
+        - `IDENTITY_PROVIDER_URL`: URL for the Identity Provider.
+            - Format: `http://identity-provider.<namespace>.svc.cluster.local:8080`
+
+- **Participant Profile**
+    - If the global profile is set to `participant`, the following environment variable is configured:
+        - `AUTHORITY_URL`: URL of the authority backend.
+            - Value is derived from the `global.authorityUrl` specified in the Helm values.
+
+### Common Configuration
+
+Regardless of the profile, the following environment variables are configured:
+
+- `SPRING_PROFILES_ACTIVE`: This sets the active Spring profile.
+    - Value is derived from the `global.profile` specified in the Helm values.
+
+- `CORS_ALLOWED_HEADERS`: Specifies which HTTP headers are allowed in cross-origin requests.
+    - Default value: `Access-Control-Allow-Headers, Access-Control-Allow-Credentials, Access-Control-Allow-Origin, Access-Control-Allow-Methods, Keep-Alive, User-Agent, Content-Type, Authorization, Tenant, Channel, Platform, Set-Cookie, geolocation, x-mobility-mode, device, Cache-Control, X-Request-With, Accept, Origin`.
+
+- `CORS_ALLOWED_ORIGINS`: Specifies which origins are allowed to make cross-origin requests.
+    - Value is derived from `global.cors.allowOrigin` specified in the Helm values.
+
+- `KEYCLOAK_URL`: The URL for the Keycloak authentication service.
+    - This value is generated using the `miroservices.keycloakUrl` specified in the Helm values.
+
+- `USERSROLES_URL`: The URL for the Users&Roles service.
+    - This value is generated using the `miroservices.usersRolesUrl` specified in the Helm values.
+
+## Usage
+
+To use this `ConfigMap`, include it in your Helm chart and provide the necessary values in the `values.yaml` file. The `ConfigMap` will be generated based on the profile and other settings you define.
+
+### Example `values-global.yaml`
+
+```yaml
+global:
+  profile: participant / authority
+  hostBe: authority.be.aruba-simpl.cloud
+  hostTls: tls.authority.aruba-simpl.cloud
+  authorityUrl: "https://authority-service.example.com"
+
+  cors:
+    allowOrigin: "https://example.com"
+```
+### Example `values-authority.yaml`
+
+```yaml 
+microservices:
+  usersRolesUrl: http://users-roles.{{ .Release.Namespace }}.svc.cluster.local:8080
+  securityAttributesProviderUrl: http://security-attributes-provider.{{ .Release.Namespace }}.svc.cluster.local:8080
+  keycloakUrl: http://keycloak.{{ .Release.Namespace }}.svc.cluster.local
+  onboardingUrl: http://onboarding.{{ .Release.Namespace }}.svc.cluster.local:8080
+  ejbcaUrl: http://ejbca-community-helm.{{ .Release.Namespace }}.svc.cluster.local:30080
+  identityProviderUrl: http://identity-provider.{{ .Release.Namespace }}.svc.cluster.local:8080
+```
+
+### Example `values-participant.yaml`
+
+```yaml 
+microservices:
+  usersRolesUrl: http://users-roles.{{ .Release.Namespace }}.svc.cluster.local:8080
+  keycloakUrl: http://keycloak.{{ .Release.Namespace }}.svc.cluster.local
+```
\ No newline at end of file
--- a/charts/templates/configmap.yaml
+++ b/charts/templates/configmap.yaml
@@ -6,18 +6,20 @@ data:
  {{- if eq .Values.global.profile "authority" }}
  ONBOARDING_URL:  "{{ .Values.microservices.onboardingUrl }}"
  EJBCA_URL: "{{ .Values.microservices.ejbcaUrl }}"
+  IDENTITY_PROVIDER_URL: {{ .Values.microservices.identityProviderUrl }}
+  SAP_URL: "{{ .Values.microservices.securityAttributesProviderUrl }}"
  {{- end }}

  {{- if eq .Values.global.profile "participant" }}
  AUTHORITY_URL: {{ .Values.global.authorityUrl }}
  {{- end }}

-  CORS_ALLOWED_ORIGINS: {{ .Values.global.cors.allowOrigin }}
  SPRING_PROFILES_ACTIVE: {{ .Values.global.profile }}
  GATEWAY_URL: "{{- include "microservices.backend.url" . }}"
  USERSROLES_URL: "{{ .Values.microservices.usersRolesUrl }}"
-  SAP_URL: "{{ .Values.microservices.securityAttributesProviderUrl }}"
  KEYCLOAK_URL: "{{ .Values.microservices.keycloakUrl }}"
+
  CORS_ALLOWED_HEADERS: Access-Control-Allow-Headers,Access-Control-Allow-Credentials,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Keep-Alive,User-Agent,Content-Type,Authorization,Tenant,Channel,Platform,Set-Cookie,geolocation,x-mobility-mode,device,Cache-Control,X-Request-With,Accept,Origin
+  CORS_ALLOWED_ORIGINS: {{ .Values.global.cors.allowOrigin }}


--- a/charts/templates/hpa.yaml
+++ b/charts/templates/hpa.yaml
@@ -9,7 +9,7 @@ spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
-    name: {{ include "microservices.fullname" . }}
+    name: {{ .Chart.Name }}
  minReplicas: {{ .Values.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
  metrics:

--- a/charts/values.yaml
+++ b/charts/values.yaml
@@ -25,13 +25,14 @@ podLabels: {}
 podSecurityContext: {}
  # fsGroup: 2000

-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: false
+  runAsNonRoot: true
+  runAsUser: 1001
+

 service:
  type: ClusterIP
@@ -92,6 +93,7 @@ microservices:
  keycloakUrl: http://keycloak.{{ .Release.Namespace }}.svc.cluster.local
  onboardingUrl: http://onboarding.{{ .Release.Namespace }}.svc.cluster.local:8080
  ejbcaUrl: http://ejbca-community-helm.{{ .Release.Namespace }}.svc.cluster.local:30080
+  identityProviderUrl: http://identity-provider.{{ .Release.Namespace }}.svc.cluster.local:8080

 nodeSelector: {}


--- a/pipeline.variables.sh
+++ b/pipeline.variables.sh
-PROJECT_VERSION_NUMBER="0.0.4"
\ No newline at end of file
+PROJECT_VERSION_NUMBER="0.5.0"
\ No newline at end of file
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>com.aruba.simpl</groupId>
 		<artifactId>simpl-parent</artifactId>
-		<version>0.0.4-SNAPSHOT</version>
+		<version>0.5.0</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>


--- a/src/main/java/com/aruba/simpl/gatewayserver/configurations/SecurityConfig.java
+++ b/src/main/java/com/aruba/simpl/gatewayserver/configurations/SecurityConfig.java
@@ -34,14 +34,15 @@ public class SecurityConfig {
    @Bean
    public ReactiveDefaultSecurityAutoConfiguration.ReactivePublicUrlCustomizer publicUrlCustomizer() {
        return publicUrl -> {
-            publicUrl.add(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/public/sap-api/participant"));
+            publicUrl.add(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/public/identity-api/participant"));
            publicUrl.add(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/ocsp"));
            publicUrl.add(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/ca/**"));
            publicUrl.add(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/crl/**"));
-            publicUrl.add(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/public/sap-api/participant"));
+            publicUrl.add(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/public/identity-api/participant"));
            addSwaggerPublicUrl(publicUrl, "sap-api");
            addSwaggerPublicUrl(publicUrl, "onboarding-api");
            addSwaggerPublicUrl(publicUrl, "user-api");
+            addSwaggerPublicUrl(publicUrl, "identity-api");
        };
    }


--- a/src/main/resources/application-authority.yml
+++ b/src/main/resources/application-authority.yml
@@ -26,6 +26,12 @@ spring:
            - Path=/*/sap-api/**
          filters:
            - StripPrefix=2
+        - id: identity-provider
+          uri: ${identity-provider.url}
+          predicates:
+            - Path=/*/identity-api/**
+          filters:
+            - StripPrefix=2
        - id: ocsp
          uri: ${ejbca.url}
          predicates:
@@ -54,6 +60,9 @@ springdoc:
        name: Onboarding Service
      - url: /public/user-api/v3/api-docs
        name: Users & Roles Service
+      - url: /public/identity-api/v3/api-docs
+        name: Identity Provider Service
+
 keycloak:
  app:
    realm: authority
--- a/src/main/resources/application-local.yml
+++ b/src/main/resources/application-local.yml
@@ -4,6 +4,8 @@ onboarding:
  url: http://localhost:8081
 sap:
  url: http://localhost:8082
+identity-provider:
+  url: http://localhost:8083
 gateway:
  url: http://localhost:${server.port}
 keycloak: