RANCHER-2013. Setup (Secure tenant) mod-requests-mediated for eureka-…

…based consortium institutional tenant (#804)

* RANCHER-2013. The additional pipeline parameter getter method has been added for getting consortia member tenants.

* RANCHER-2013. Secure tenant-like parameters have been added all across the repo.

* RANCHER-2013. Secure tenant-like parameters have been added to the create namespace from branch pipeline.

* RANCHER-2013. Secure tenant-like env variables has been introduced along with instantiating of the tenant's secure tenant parameter.

* RANCHER-2066. app-request-mediated-ui proper targeting has been implemented. (#805)

pipelines/folioRancher/folioNamespaceTools/manageNamespace/createNamespaceFromBranch/Jenkinsfile

@@ -26,11 +26,16 @@ properties([
     folioParameters.applications(),
     folioParameters.configType(),
     folioParameters.groupParameters("Environment features"
-      , ["LOAD_REFERENCE", "LOAD_SAMPLE", "BUILD_UI", "CONSORTIA", "LINKED_DATA", "SPLIT_FILES", "RW_SPLIT", "ECS_CCL", "GREENMAIL", "MOCK_SERVER", "RTR", "DATASET", "TYPE"]),
+      , [ "LOAD_REFERENCE", "LOAD_SAMPLE", "BUILD_UI", "CONSORTIA", "LINKED_DATA", "SPLIT_FILES"
+          , "RW_SPLIT", "ECS_CCL", "GREENMAIL", "MOCK_SERVER", "RTR", "DATASET", "TYPE"
+          , "HAS_SECURE_TENANT", "SECURE_TENANT"
+    ]),
     folioParameters.loadReference(),
     folioParameters.loadSample(),
     booleanParam(name: 'BUILD_UI', defaultValue: true, description: '(Optional) Set true to include UI'),
     booleanParam(name: 'CONSORTIA', defaultValue: true, description: '(Optional) Set true to create consortium'),
+    booleanParam(name: 'HAS_SECURE_TENANT', defaultValue: true, description: '(Optional) Set true to enable secure tenant on one of the consortia institutional tenant'),
+    folioParameters.consortiaSecureMemberTenant(),
     booleanParam(name: 'LINKED_DATA', defaultValue: true, description: '(Optional) Set true to deploy LinkedData'),
     booleanParam(name: 'SPLIT_FILES', defaultValue: true, description: '(Optional) Set true to enable split-files functionality'),
     booleanParam(name: 'RW_SPLIT', defaultValue: false, description: '(Optional) Set true to Enable Read/Write split'),
@@ -41,7 +46,7 @@ properties([
     booleanParam(name: 'DATASET', defaultValue: false, description: '(Optional) Set true to build BF like environment'),
     choice(name: 'TYPE', choices: ['full', 'terraform', 'update'], description: '(Required) Set action TYPE to perform'),
     folioParameters.groupParameters("Integrations"
-      , ["POSTGRESQL", "DB_VERSION", "KAFKA", "OPENSEARCH", "S3_BUCKET"]),
+      , [ "POSTGRESQL", "DB_VERSION", "KAFKA", "OPENSEARCH", "S3_BUCKET" ]),
     folioParameters.pgType(),
     folioParameters.pgVersion(),
     folioParameters.kafkaType(),
@@ -51,12 +56,22 @@ properties([
     string(name: 'MEMBERS', defaultValue: '', description: '(Optional) Coma separated list of GitHub teams who need an access to the namespace'),
     folioParameters.agent(),
     folioParameters.refreshParameters()
-    , folioParameters.hideParameters(
+    ,folioParameters.hideParameters(
     [
-      'EUREKA': ['OKAPI_VERSION'],
-      'OKAPI' : ['APPLICATION_SET', 'APPLICATIONS']
+      'EUREKA':['OKAPI_VERSION'],
+      'OKAPI': ['APPLICATION_SET', 'APPLICATIONS' ]
     ]
     , "PLATFORM")
+    ,folioParameters.hideParameters(
+    [
+      '' :['HAS_SECURE_TENANT', 'SECURE_TENANT']
+    ]
+    , "CONSORTIA")
+    ,folioParameters.hideParameters(
+    [
+      '' :['SECURE_TENANT']
+    ]
+    , "HAS_SECURE_TENANT")
   ])
 ])
 
@@ -93,6 +108,8 @@ CreateNamespaceParameters namespaceParams = new CreateNamespaceParameters.Builde
   .applicationSet(params.APPLICATION_SET)
   .applications(Constants.APPLICATION_BRANCH(params.APPLICATION_SET as String
     , (params.APPLICATIONS as String).split(',') as List))
+  .hasSecureTenant(params.HAS_SECURE_TENANT)
+  .secureTenantId(params.SECURE_TENANT)
   .pgType(params.POSTGRESQL)
   .pgVersion(params.DB_VERSION)
   .kafkaType(params.KAFKA)
@@ -133,7 +150,7 @@ if(namespaceParams.platform == PlatformType.EUREKA) {
   cypressSanityParameters.setOkapiUrl("https://${namespace.getDomains().kong}")
   //TODO: Temporary exclusion of the eholdings and software-version test cases.
   cypressSanityParameters.setExecParameters('--env grepTags="fse+sanity+-eholdings+-inventory"')
-} else {
+}else {
   cypressSanityParameters.setTestsSrcBranch('master')
   cypressSanityParameters.setOkapiUrl("https://${namespace.getDomains().okapi}")
   cypressSanityParameters.setExecParameters('--env grepTags="fse+sanity"')
@@ -159,8 +176,8 @@ ansiColor('xterm') {
         folioNamespaceCreate(namespaceParams)
       }
 
-      stage('[Cypress] Run sanity check') {
-        if (params.RUN_SANITY_CHECK) {
+      stage('[Cypress] Run sanity check'){
+        if(params.RUN_SANITY_CHECK) {
           folioCypressFlow.runWrapper(cypressSanityParameters.getCiBuildId(), false, '', false) {
             folioCypressFlow.multiThreadRun(cypressSanityParameters)
           }

src/org/folio/models/EurekaNamespace.groovy

@@ -14,6 +14,10 @@ class EurekaNamespace extends RancherNamespace {
 
   boolean enableECS_CCL = false
 
+  boolean hasSecureTenant = false
+
+  EurekaTenant secureTenant
+
   EurekaNamespace(String clusterName, String namespaceName) {
     super(clusterName, namespaceName)
   }
@@ -32,6 +36,10 @@ class EurekaNamespace extends RancherNamespace {
   void addTenant(OkapiTenant tenant) {
     super.addTenant(tenant)
 
+    hasSecureTenant = (tenant as EurekaTenant).isSecureTenant
+    if (hasSecureTenant)
+      secureTenant = tenant as EurekaTenant
+
     applications.putAll((tenant as EurekaTenant).applications)
   }
 

src/org/folio/models/EurekaTenant.groovy

@@ -33,6 +33,8 @@ class EurekaTenant extends OkapiTenant {
 
   Map<String, String> applications = [:]
 
+  boolean isSecureTenant = false
+
   EurekaTenant(){}
 
   /**
@@ -68,6 +70,16 @@ class EurekaTenant extends OkapiTenant {
     return this
   }
 
+  /**
+   * Chainable setter for consortia secure flag.
+   * @param isSecureTenant Flag indicating if the tenant is secure.
+   * @return The EurekaTenant object.
+   */
+  EurekaTenant withSecureTenant(boolean isSecureTenant) {
+    this.isSecureTenant = isSecureTenant
+    return this
+  }
+
   /**
    * Chainable setter for install JSON.
    * This method sets the installation JSON object while ensuring that specific
@@ -89,7 +101,8 @@ class EurekaTenant extends OkapiTenant {
   Map toMap(){
     Map ret = [
       name: tenantId,
-      description: tenantDescription
+      description: tenantDescription,
+      secure: isSecureTenant
     ]
 
     if(tenantId.trim())
@@ -113,6 +126,7 @@ class EurekaTenant extends OkapiTenant {
       "tenantId": "$tenantId",
       "tenantName": "$tenantName",
       "tenantDescription": "$tenantDescription",
+      "isSecureTenant": "$isSecureTenant",
       "applications": "$applications",
       "modules": $modules,
       "indexes": $indexes

src/org/folio/models/parameters/CreateNamespaceParameters.groovy

@@ -41,6 +41,10 @@ class CreateNamespaceParameters implements Cloneable {
 
   boolean rtr
 
+  boolean hasSecureTenant
+
+  String secureTenantId
+
   boolean uiBuild
 
   boolean dataset = false
@@ -51,7 +55,7 @@ class CreateNamespaceParameters implements Cloneable {
   @Deprecated
   String applicationSet = 'Complete'
 
-  Map<String, String> applications = [:]
+  Map<String,String> applications = [:]
 
   List<String> folioExtensions = []
 
@@ -289,6 +293,26 @@ class CreateNamespaceParameters implements Cloneable {
       return this
     }
 
+    /**
+     * Activate or not secure tenant
+     * @param has `true` to activate security on tenant secureTenantId
+     * @return Builder instance for method chaining.
+     */
+    Builder hasSecureTenant(boolean has) {
+      parameters.hasSecureTenant = has
+      return this
+    }
+
+    /**
+     * Defines the id of the tenant to secure
+     * @param id The id of the tenant to secure
+     * @return Builder instance for method chaining.
+     */
+    Builder secureTenantId(String id) {
+      parameters.secureTenantId = id
+      return this
+    }
+
     /**
      * Defines the type of environment to be used.
      * @param dataset `true` to enable BF like dataset; `false` to disable.

src/org/folio/rest_v2/eureka/Eureka.groovy

@@ -134,6 +134,9 @@ class Eureka extends Base {
         tenant.applications.remove("app-consortia-manager")
         tenant.applications.remove("app-linked-data")
       }
+
+      if (!tenant.isSecureTenant)
+        tenant.applications.remove("app-requests-mediated-ui")
     }
 
     return this

vars/folioHelm.groovy

@@ -303,6 +303,28 @@ String generateModuleValues(RancherNamespace ns, String moduleName, String modul
           name: 'MOD_USERS_ID',
           value: 'mod-users-' + ns.getModules().getModuleByName('mod-users').getVersion()
         ]
+
+        break
+      case 'mod-requests-mediated':
+        moduleConfig['extraEnvVars'] += ns.hasSecureTenant ? [
+          name: 'SECURE_TENANT_ID',
+          value: ns.getSecureTenant().tenantId
+        ] : []
+
+        break
+      case 'edge-patron':
+        moduleConfig['integrations']['okapi'] = [enabled: false]
+
+        moduleConfig['extraEnvVars'] += ns.hasSecureTenant ? [
+          name: 'SECURE_TENANT_ID',
+          value: ns.getSecureTenant().tenantId
+        ] : []
+
+        moduleConfig['extraEnvVars'] += ns.hasSecureTenant ? [
+          name: 'SECURE_REQUESTS_FEATURE_ENABLED',
+          value: ns.getSecureTenant().hasSecureTenant
+        ] : []
+
         break
       case ~/edge-.*$/:
         moduleConfig['integrations']['okapi'] = [enabled: false]

vars/folioNamespaceCreateEureka.groovy

@@ -170,6 +170,7 @@ void call(CreateNamespaceParameters args) {
       DTO.convertMapTo(args.dataset ? folioDefault.tenants([], installRequestParams).findAll { it.value.getTenantId().startsWith('cs00000int') } :
         folioDefault.consortiaTenants([], installRequestParams), EurekaTenantConsortia.class).values().each { tenant ->
         tenant.withInstallJson(installJson)
+          .withSecureTenant(args.hasSecureTenant && args.secureTenantId == tenant.getTenantId())
           .withAWSSecretStoragePathName("${namespace.getClusterName()}-${namespace.getNamespaceName()}")
 
         if (tenant.getIsCentralConsortiaTenant()) {

vars/folioParameters.groovy

@@ -130,7 +130,7 @@ def branch(String paramName = 'FOLIO_BRANCH', String repository = 'platform-comp
   return _paramExtendedSingleSelect(paramName, '', folioStringScripts.getRepositoryBranches(repository), "(Required) Select what '${repository}' branch use for build")
 }
 
-def branchWithRef(String paramName = 'FOLIO_BRANCH', String reference) {
+def branchWithRef(String paramName = 'FOLIO_BRANCH', String reference = "") {
   return _paramExtendedSingleSelect(paramName, reference, folioStringScripts.getRepositoryBranches("\${${reference}}"), "(Required) Select what '${reference}' branch use for build")
 }
 
@@ -245,3 +245,14 @@ def containerImageTag(String paramName = 'CONTAINER_IMAGE_TAG', String reference
 def moduleSource() {
   return _paramChoice('MODULE_SOURCE', Constants.EUREKA_MODULE_SOURCES, 'Select Eureka module source')
 }
+
+def consortiaSecureMemberTenant(
+      String paramName = 'SECURE_TENANT'
+      , List value =
+        folioDefault.consortiaTenants()
+          .findAll {!(it.value.isCentralConsortiaTenant)}
+          .collect{it.value.tenantId}
+      , String description = 'Select secure tenant'
+) {
+  return _paramChoice(paramName, value, description)
+}

vars/folioStringScripts.groovy

@@ -193,7 +193,7 @@ return result
 
 static String getHideHTMLScript(Map hideMap, String reference) {
   return """
-def selectors = ${hideMap.inspect()}[${reference}]?.collect {
+def selectors = ${hideMap.inspect()}[${reference}.toString()]?.collect {
     "div.jenkins-form-item:has(input[value='\$it']):not(:has([id^=hiddenPanel]))"
   }?.join(", \\n")
 

vars/folioTriggerJob.groovy

@@ -33,6 +33,8 @@ def createNamespaceFromBranch(String jobName, CreateNamespaceParameters namespac
       booleanParam(name: 'GREENMAIL', value: namespaceParams.getGreenmail()),
       booleanParam(name: 'MOCK_SERVER', value: namespaceParams.getMockServer()),
       booleanParam(name: 'RTR', value: namespaceParams.getRtr()),
+      booleanParam(name: 'HAS_SECURE_TENANT', value: namespaceParams.getHasSecureTenant()),
+      string(name: 'SECURE_TENANT', value: namespaceParams.getSecureTenantId()),
       //TODO: Remove in the future release with getApplicationSet() method
       string(name: 'APPLICATION_SET', value: namespaceParams.getApplicationSet()),
       string(name: 'APPLICATIONS', value: namespaceParams.getApplications().keySet().join(',')),