Merge pull request #34 from EOEPCA/release/v0.9.0

Release/v0.9.0

.github/workflows/container_creation.yml

@@ -0,0 +1,44 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Login Service BB Workflow
+
+# Controls when the action will run. 
+on: push
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_COMPOSE_VERSION: 1.25.4
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Checkout code
+        uses: actions/checkout@v2
+      # Runs a single command using the runners shell
+      - name: Setup Python 3.6.9
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.6.9
+      # Runs a set of commands using the runners shell
+      - name: Testing
+        run: |
+          sudo apt-get install jq python3-venv
+      #   pip install -r ./src/requirements.txt
+      #     pytest ./tests
+      # Uncomment below if wanted Dockerhub Publication
+      # - name: Container Creation and Publishing
+      #   run: ./gh_actions/setupCluster.sh
+      # - name: Release Container
+      #   if: github.ref == 'refs/heads/master' && github.event != 'pull_request'
+      #   run: ./gh_actions/release.sh um-license-manager
+
+
+
+

.github/workflows/documentation.yml

@@ -0,0 +1,30 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Login Service Documentation
+
+# Controls when the action will run. 
+on: push
+  # Triggers the workflow on push or pull request events but only for the develop branch
+
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    env:
+      GH_USER_NAME: ${{ secrets.GH_USER_NAME }}
+      GH_USER_EMAIL: ${{ secrets.GH_USER_EMAIL }}
+      GH_REPOS_NAME: ${{ secrets.GH_REPOS_NAME }}
+      GH_TOKEN: ${{ secrets.GH_TOKEN }}
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Checkout code
+        uses: actions/checkout@v2
+      # Runs a set of commands using the runners shell
+      - name: Generate the docs
+        run: ./docs/bin/generate-docs.sh
+      - name: Publish the docs
+        run: ./docs/bin/publish-docs.sh

.github/workflows/test.yml

@@ -0,0 +1,40 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Login Service Test Workflow
+
+# Controls when the action will run. 
+on: push
+  # Triggers the workflow on push or pull request events but only for the develop branch
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # Set the job key. The key is displayed as the job name
+  # when a job name is not provided
+  prepare-system:
+    # Name the Job
+    name: Prepare system to run tests
+    # Set the type of machine to run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks out a copy of your repository on the ubuntu-latest machine
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Setup Python 3.6.9
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.6.9
+      - name: Install ubuntu dependencies
+        run: sudo apt-get install jq python3-venv
+      - name: Change to main folder
+        run: cd ..
+      - name: Create python env
+        run: python3 -m venv env
+      - name: Activate environment
+        run: |
+          source env/bin/activate
+      # - name: Run main
+      #   run: python src/main.py
+      # - name: Run tests
+      #   run: python tests/sum_test.py

charts/login-service/Chart.yaml

@@ -1,4 +1,4 @@
-apiVersion: v2
+apiVersion: v1
 name: login-service
 description: A Helm chart for Login Service
 maintainers:
@@ -22,31 +22,3 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 appVersion: 1
-
-# moved from requirements.yaml
-dependencies:
-  - name: config
-    condition: config.enabled
-    version: 1.1.0
-
-  - name: opendj
-    condition: opendj.enabled
-    version: 1.1.0
-
-  - name: nginx
-    condition: nginx.enabled
-    version: 1.1.0
-
-  - name: oxauth
-    condition: oxauth.enabled
-    version: 1.1.0
-
-  - name: oxtrust
-    condition: oxtrust.enabled
-    version: 1.1.0
-
-  - name: oxpassport
-    version: 1.1.0
-    condition: oxpassport.enabled
-    tags:
-      - oxpassport

charts/login-service/charts/config/templates/configmaps.yaml

@@ -34,7 +34,8 @@ data:
       "org_name": {{ .Values.orgName | quote }},
       "gluu_config_adapter": {{.Values.gluuConfAdapter | quote }},
       "ldap_type": {{.Values.ldapType | quote }},
-      "redis_pw": {{.Values.redisPass | quote }}
+      "redis_pw": {{.Values.redisPass | quote }},
+      "pdp_ep": {{.Values.pdpEp | quote }}
     }
 
 ---

charts/login-service/charts/config/templates/load-init-config.yml

@@ -10,7 +10,7 @@ spec:
         app: {{ template "login-service.name" . }}-load
     spec:
       volumes:
-        - name: {{ template "login-service.name" . }}-config
+        - name: vol-userman
           persistentVolumeClaim:
             claimName: {{ include "config.fullname" . }}
         - name: {{ include "config.fullname" . }}-mount-gen-file
@@ -22,9 +22,16 @@ spec:
       containers:
       - name: {{ template "login-service.name" . }}-load
         image: gluufederation/config-init:4.1.1_02
+        resources:
+          requests:
+            memory: {{ .Values.requests.memory }}
+            cpu: {{ .Values.requests.cpu }}
+          # limits:
+          #   memory: {{ .Values.limits.memory }}
         volumeMounts:
           - mountPath: /opt/config-init/db/
-            name: {{ template "login-service.name" . }}-config
+            subPath: config-init/db
+            name: vol-userman
           - mountPath: /opt/config-init/db/generate.json
             name: {{ include "config.fullname" . }}-mount-gen-file
             subPath: generate.json

charts/login-service/charts/config/values.yaml

@@ -16,13 +16,20 @@ orgName: Deimos Space S.L.U.
 gluuConfAdapter: kubernetes
 ldapType: opendj
 redisPass: aaaa
+pdpEp: /pdp
 
 nameOverride: ""
 fullNameOverride: ""
 
 # VolumeClaim values
 volumeClaim:
-  storage: 1Gi
+  name: um-login-service-config-pvc
+
+limits:
+  memory: 600Mi
+requests:
+  cpu: 100m
+  memory: 500Mi
 
 persistence:
   size: 1Gi

charts/login-service/charts/opendj/scripts/77-customAttributes.ldif

@@ -27,8 +27,14 @@ attributeTypes: ( 1.3.6.1.4.1.48710.1.3.1403 NAME 'TermsConditions'
   SUBSTR caseIgnoreSubstringsMatch 
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
   X-ORIGIN 'Gluu custom attribute' )
+attributeTypes: ( 1.3.6.1.4.1.48710.1.3.1404 NAME 'StorageDetails'
+  DESC 'Custom Attribute' 
+  EQUALITY caseIgnoreMatch 
+  SUBSTR caseIgnoreSubstringsMatch 
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
+  X-ORIGIN 'Gluu custom attribute' )
 objectClasses: ( 1.3.6.1.4.1.48710.1.4.101 NAME 'gluuCustomPerson'
   SUP ( top )
   AUXILIARY
-  MAY ( TermsConditions $ Licenses $ apiKeys $ isOperator $ telephoneNumber $ mobile $ carLicense $ facsimileTelephoneNumber $ departmentNumber $ employeeType $ cn $ st $ manager $ street $ postOfficeBox $ employeeNumber $ preferredDeliveryMethod $ roomNumber $ secretary $ homePostalAddress $ l $ postalCode $ description $ title )
+  MAY ( StorageDetails $ TermsConditions $ Licenses $ apiKeys $ isOperator $ telephoneNumber $ mobile $ carLicense $ facsimileTelephoneNumber $ departmentNumber $ employeeType $ cn $ st $ manager $ street $ postOfficeBox $ employeeNumber $ preferredDeliveryMethod $ roomNumber $ secretary $ homePostalAddress $ l $ postalCode $ description $ title )
   X-ORIGIN 'Gluu - Custom persom objectclass' )

charts/login-service/charts/opendj/templates/configmap.yaml

@@ -15,6 +15,7 @@ data:
   GLUU_CACHE_TYPE: {{ .Values.gluuRedisCacheType | quote }}
   GLUU_REDIS_URL: {{ .Values.gluuRedisUrl | quote }}
   GLUU_REDIS_TYPE: {{ .Values.gluuRedisType | quote }}
+  PDP_EP: {{ .Values.persistence.pdpEp | quote}}
   {{- else }}
   GLUU_CACHE_TYPE: {{ .Values.gluuCacheType | quote }}
   {{- end }}

charts/login-service/charts/opendj/templates/persistence.yml

@@ -32,4 +32,7 @@ spec:
           value: {{ .Values.persistence.clientIDv }}
         - name: {{ .Values.persistence.clientSecret }}
           value: {{ .Values.persistence.clientSecretv }}
-
+        - name: {{ .Values.persistence.coihClientID }}
+          value: '{{ .Values.persistence.coihClientIDv }}'
+        - name: {{ .Values.persistence.coihClientSecret }}
+          value: {{ .Values.persistence.coihClientSecretv }}

charts/login-service/charts/opendj/templates/pvc.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: eoepca-userman-pvc
+  name: {{ .Values.volumeClaim.name }}
   namespace: {{ .Release.Namespace }}
   labels:
     eoepca_type: userman

charts/login-service/charts/opendj/templates/statefulset.yaml

@@ -14,16 +14,22 @@ spec:
         app: {{ .Values.global.serviceName }} # has to match .spec.selector.matchLabels
     spec:
       volumes:
-        - name: eoepca-userman-pv-host
+        - name: vol-userman
           persistentVolumeClaim:
-            claimName: eoepca-userman-pvc
+            claimName: {{ .Values.volumeClaim.name }}
         - name: config-attributes
           configMap:
             name: custom-attributes-config
       containers:
       - name: {{ template "login-service.fullname" . }}-init-container
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         image: {{ .Values.image }}
+        resources:
+          requests:
+            memory: {{ .Values.requests.memory }}
+            cpu: {{ .Values.requests.cpu }}
+        #   limits:
+        #     memory: {{ .Values.limits.memory }}
         lifecycle:
           postStart:
             exec:
@@ -42,27 +48,27 @@ spec:
             mountPath: /data/
           - mountPath: /opt/opendj/config
             subPath: opendj/config
-            name: eoepca-userman-pv-host
+            name: vol-userman
           - mountPath: /opt/opendj/ldif
             subPath: opendj/ldif
-            name: eoepca-userman-pv-host
+            name: vol-userman
           - mountPath: /opt/opendj/logs
             subPath: opendj/logs
-            name: eoepca-userman-pv-host
+            name: vol-userman
           - mountPath: /opt/opendj/db
             subPath: opendj/db
-            name: eoepca-userman-pv-host
+            name: vol-userman
           - mountPath: /flag
             subPath: opendj/flag
-            name: eoepca-userman-pv-host
-        readinessProbe:
-          tcpSocket: 
-            port: {{ .Values.tcpSocket.port }}
-          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
-        livenessProbe:
-          tcpSocket:
-            port: {{ .Values.tcpSocket.port }}
-          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            name: vol-userman
+        # readinessProbe:
+        #   tcpSocket: 
+        #     port: {{ .Values.tcpSocket.port }}
+        #   initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+        #   periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+        # livenessProbe:
+        #   tcpSocket:
+        #     port: {{ .Values.tcpSocket.port }}
+        #   initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+        #   periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
 

charts/login-service/charts/opendj/values.yaml

@@ -38,7 +38,7 @@ persistence:
   statefulSetReplicas: 1
   imagePullPolicy: Always
   restartPolicy: Never
-  image: eoepca/um-login-persistence:task189_1
+  image: eoepca/um-login-persistence:v0.9.0
   configAdapter: GLUU_CONFIG_ADAPTER
   adapter: "kubernetes"
   secretAdapter: GLUU_SECRET_ADAPTER
@@ -56,16 +56,27 @@ persistence:
   clientIDv: "59f1fed27153f631bc08"
   clientSecret: LP_CLIENT_SECRET
   clientSecretv: "640baffac0948454c48de2505726f53d11adc8a6"
+  pdpEp: /pdp
+#COIH Provider values needs to be configured after deployment for security issues
+  coihClientID: COIH_CLIENT_ID
+  coihClientIDv: ""
+  coihClientSecret: COIH_CLIENT_SECRET
+  coihClientSecretv: ""
 #container specific values declared here
 tcpSocket:
   port: 1636
 readinessProbe:
-  initialDelaySeconds: 90
+  initialDelaySeconds: 150
   periodSeconds: 90
 livenessProbe:
-  initialDelaySeconds: 90
+  initialDelaySeconds: 150
   periodSeconds: 90
 
+limits:
+  memory: 600Mi
+requests:
+  cpu: 700m
+  memory: 500Mi
 #servicePorts values used in StatefulSet container
 ports:
   ldaps:
@@ -129,6 +140,10 @@ volumeReplMounts:
 #VolumeClaimTemplates
 storage: 1Gi
 
+# VolumeClaim values
+volumeClaim:
+  name: um-login-service-opendj-pvc
+
 #opendj-config-pv
 opendj-config:
   hostPath: