Skip to content

Commit

Permalink
Exchange configuration overhaul.
Browse files Browse the repository at this point in the history 
Signed-off-by: Nathan Phelps <[email protected]>
  • Loading branch information
@naphelps
naphelps committed Sep 14, 2024
1 parent fd721ff commit 93427ce
Show file tree
Hide file tree
Showing 126 changed files with 2,757 additions and 2,063 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/build-push.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ on:
push:
branches:
- master
- v2.87
- v2.122
- v2.110
- v2.87

# Variables available to all jobs
env:
Expand All @@ -23,7 +24,7 @@ jobs:
# This job will build and then push to docker hub
build-push:
# The type of runner the job will run on
runs-on: ubuntu-20.04
runs-on: ubuntu-latest

steps:
# Ensure that the repo variables and secrets are set before running any other steps
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/dependency-graph.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
push:
branches:
- master
- v2.122
- v2.110
- v2.87
jobs:
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/run-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@ on:
pull_request:
branches:
- master
- v2.87
- v2.122
- v2.110
- v2.87

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
Expand All @@ -19,6 +20,7 @@ jobs:
DOCKER_NETWORK: exchange-api-network
DOCKER_REGISTRY: openhorizon
EXCHANGE_FE_HEADER: issuer
EXCHANGE_PEKKO_LOGLEVEL: debug
EXCHANGE_ROOTPW: ci-password
POSTGRES_DB_NAME: exchange
POSTGRES_DB_PORT: 5432
Expand Down
6 changes: 3 additions & 3 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
services: docker
language: scala
dist: focal
jdk: openjdk11
jdk: openjdk17
scala:
- 2.13.5
- 2.13.14
notifications:
slack:
secure: nPoYZ8FqRziV5+rQAc9GXFWtNsThBbOdxYOY8HpPwNWsWHtC2ZyPJBnNE6XIkmzR7+D5U8yOYqlk2CiqYLlSwa1+bqKuAyOBBhz51pDi8z+YXsjvgTpkxVmKv8N6jntAqo5eBFbVUW+/FPhKBD6qZIkbfRyThZSNZTSTv9oZ02Ynfb4NKuXgZeuinSotOaICiCvzfY4kYoe7EKss/XY6ON8qHUOcIQBsckDHrFEYwF270qNEIccZIkrOr3PKg3mXz2n+65T5i/UDNw3Z8RKDc32Y+TCfyAc3kyuQQYhKhL6/TLwAW/IPNGaFkUfR+2FH+C1VlLJpm1/mBj6uDvHBVRHSEL3ZofYFd5TTzUqkQRINATRQNpFNfjlMT3ifJrSyopKXyMsiea2y3EvM4/D3I5pHRvX2/BqidjJV3b5UIllirq/jk4PrCKshkKEZtC0CBNj4T8ewa9Qr3IxlKTFVHwnW1RWQmAXgFDFpbDzJ4vuLbUDhAKDXukWqoiwxTC3egMPQVnEFvxHVDAqdQUztsUjtg3LVXagLLl6+tYTwY53124aUXSkQMbANL+2ISZuRmg4dheTtaK/bE8L4dCQyyy7HFh03IbZGnGz3bhpDGxTBFAhnEQ4XWzYNpz8rEr0unvQTfBt2dUq4AH5bh1QseFh77lpBYWj9jxndZMbP9Pw=
Expand All @@ -17,6 +17,7 @@ env:
DOCKER_NETWORK=exchange-api-network
DOCKER_REGISTRY=openhorizon
EXCHANGE_FE_HEADER=issuer
EXCHANGE_PEKKO_LOGLEVEL=debug
EXCHANGE_ROOTPW=ci-password
POSTGRES_DB=exchange
POSTGRES_PORT=5432
Expand All @@ -37,7 +38,6 @@ before_script:
- 'sudo bash -c "echo ''{ \"api\": { \"db\": { \"jdbcUrl\": \"jdbc:postgresql://$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB\",
\"user\": \"$POSTGRES_USER\" }, \"root\": { \"password\": \"$EXCHANGE_ROOTPW\",
\"frontEndHeader\": \"$EXCHANGE_FE_HEADER\" } } }'' > /etc/horizon/exchange/config.json"'
- cat /etc/horizon/exchange/config.json
- unset SBT_OPTS
- make travis-test

Expand Down
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

All notable changes to this project will be documented in this file.

## [2.124.0] - 2024-09-14
- Application configuration overhaul.
- Some database configuration changes are not backwards compatible.
- GET methods for Node resources no longer return passwords for admin user types, unless directly owned.
- Added new rest paths for deployment patterns and policies aligning and clarifying these resources.
- `.../v1/orgs/<organization>/deployment/patterns/...`
- `.../v1/orgs/<organization>/deployment/policies/...`

## [2.123.0] - 2024-04-19
- pekko-http-xml 1.0.0 -> 1.0.1
- Reorganized class references in the Swagger documentation generator.
Expand Down
83 changes: 27 additions & 56 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,58 +175,6 @@ run-docker-db-postgres-https: target/docker/.run-docker-db-postgres-https
/etc/horizon/exchange:
sudo mkdir -p /etc/horizon/exchange

/etc/horizon/exchange/config-http.json: /etc/horizon/exchange
: $${EXCHANGE_ROOTPW:?}
sudo -- bash -c "printf \
'{\n'\
' \"api\": {\n'\
' \"db\": {\n'\
' \"jdbcUrl\": \"jdbc:postgresql://$(POSTGRES_CONTAINER_ADDRESS):$(POSTGRES_DB_PORT)/$(POSTGRES_DB_NAME)\",\n'\
' \"user\": \"$(POSTGRES_DB_USER)\"\n'\
' },\n'\
' \"logging\": {\n'\
' \"level\": \"$(EXCHANGE_LOG_LEVEL)\"\n'\
' },\n'\
' \"root\": {\n'\
' \"password\": \"$(EXCHANGE_ROOTPW)\",\n'\
' \"frontEndHeader\": \"$(EXCHANGE_FE_HEADER)\"\n'\
' },\n'\
' \"service\": {\n'\
' \"port\": $(EXCHANGE_CONTAINER_PORT_HTTP),\n'\
' \"portEncrypted\": null\n'\
' }\n'\
' }\n'\
'}' > /etc/horizon/exchange/config-http.json"
sudo chmod o+r /etc/horizon/exchange/config-http.json

/etc/horizon/exchange/config-https.json: /etc/horizon/exchange target/docker/.run-docker-db-postgres-https
: $${EXCHANGE_ROOTPW:?}
sudo -- bash -c "printf \
'{\n'\
' \"api\": {\n'\
' \"db\": {\n'\
' \"jdbcUrl\": \"jdbc:postgresql://$(POSTGRES_CONTAINER_ADDRESS):$(POSTGRES_DB_PORT)/$(POSTGRES_DB_NAME)\",\n'\
' \"user\": \"$(POSTGRES_DB_USER)\"\n'\
' },\n'\
' \"logging\": {\n'\
' \"level\": \"$(EXCHANGE_LOG_LEVEL)\"\n'\
' },\n'\
' \"root\": {\n'\
' \"password\": \"$(EXCHANGE_ROOTPW)\",\n'\
' \"frontEndHeader\": \"$(EXCHANGE_FE_HEADER)\"\n'\
' },\n'\
' \"service\": {\n'\
' \"port\": $(EXCHANGE_CONTAINER_PORT_HTTP),\n'\
' \"portEncrypted\": $(EXCHANGE_CONTAINER_PORT_HTTPS)\n'\
' },\n'\
' \"tls\": {\n'\
' \"password\": \"$(EXCHANGE_TRUST_PW)\",\n'\
' \"truststore\": \"/etc/horizon/exchange/localhost.p12\"\n'\
' }\n'\
' }\n'\
'}' > /etc/horizon/exchange/config-https.json"
sudo chmod o+r /etc/horizon/exchange/config-https.json

## Pre-Run - TLS Truststore -----------
## Only do this once to create the exchange truststore for https (which includes the private key, and cert with multiple names).
$(EXCHANGE_HOST_TRUST_DIR): /etc/horizon/exchange
Expand All @@ -240,7 +188,7 @@ target/localhost.crt: target/docker/stage/Dockerfile
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")


/etc/horizon/exchange/localhost.p12: target/localhost.crt
/etc/horizon/exchange/localhost.p12: /etc/horizon/exchange target/localhost.crt
openssl pkcs12 -export -out target/localhost.p12 -in target/localhost.crt -inkey target/localhost.key -aes-256-cbc -passout pass:$(EXCHANGE_TRUST_PW)
chmod o+r target/localhost.p12
sudo chown root:root target/localhost.p12
Expand All @@ -260,6 +208,13 @@ target/docker/.run-docker: /etc/horizon/exchange/config-http.json target/docker/
--network $(DOCKER_NETWORK) \
-d -t \
-p $(EXCHANGE_HOST_PORT_HTTP):$(EXCHANGE_CONTAINER_PORT_HTTP) \
-e EXCHANGE_DB_HOST=$(POSTGRES_CONTAINER_ADDRESS) \
-e EXCHANGE_DB_NAME=$(POSTGRES_DB_NAME) \
-e EXCHANGE_DB_PORT=$(POSTGRES_DB_PORT) \
-e EXCHANGE_DB_USER=$(POSTGRES_DB_USER) \
-e EXCHANGE_PEKKO_HTTP_PORT=$(EXCHANGE_CONTAINER_PORT_HTTP) \
-e EXCHANGE_PEKKO_LOGLEVEL=$(EXCHANGE_LOG_LEVEL) \
-e "EXCHANGE_ROOT_PW=$$EXCHANGE_ROOT_PW" \
-v /etc/horizon/exchange/config.json:/etc/horizon/exchange/exchange-api.tmpl:ro \
$(IMAGE_STRING):$(DOCKER_TAG)
@touch $@
Expand All @@ -268,14 +223,24 @@ target/docker/.run-docker: /etc/horizon/exchange/config-http.json target/docker/
run-docker: target/docker/.run-docker

## config.json is renamed to exchange-api.tmpl to overwrite the provided file of the same name in the Docker image. Prevents the container from attempting to overwrite a bind-mounted config.json with read-only permissions.
target/docker/.run-docker-icp-https: /etc/horizon/exchange/config-https.json target/docker/.docker-network /etc/horizon/exchange/localhost.p12 target/docker/.run-docker-db-postgres-https
target/docker/.run-docker-icp-https: target/docker/.docker-network /etc/horizon/exchange/localhost.p12 target/docker/.run-docker-db-postgres-https
sudo -- bash -c "cp /etc/horizon/exchange/config-https.json /etc/horizon/exchange/config.json"
docker run \
--name $(DOCKER_NAME) \
--network $(DOCKER_NETWORK) \
-d -t \
-p $(EXCHANGE_HOST_PORT_HTTP):$(EXCHANGE_CONTAINER_PORT_HTTP) \
-p $(EXCHANGE_HOST_PORT_HTTPS):$(EXCHANGE_CONTAINER_PORT_HTTPS) \
-e EXCHANGE_DB_HOST=$(POSTGRES_CONTAINER_ADDRESS) \
-e EXCHANGE_DB_NAME=$(POSTGRES_DB_NAME) \
-e EXCHANGE_DB_PORT=$(POSTGRES_DB_PORT) \
-e EXCHANGE_DB_USER=$(POSTGRES_DB_USER) \
-e EXCHANGE_PEKKO_HTTP_PORT=$(EXCHANGE_CONTAINER_PORT_HTTP) \
-e EXCHANGE_PEKKO_HTTPS_PORT=$(EXCHANGE_CONTAINER_PORT_HTTPS) \
-e EXCHANGE_PEKKO_LOGLEVEL=$(EXCHANGE_LOG_LEVEL) \
-e "EXCHANGE_ROOT_PW=$$EXCHANGE_ROOT_PW" \
-e "EXCHANGE_TLS_PASSWORD=$$EXCHANGE_TRUST_PW" \
-e EXCHANGE_TLS_TRUSTSTORE=/etc/horizon/exchange/localhost.p12 \
-e "JAVA_OPTS=$(JAVA_OPTS)" \
-e "ICP_EXTERNAL_MGMT_INGRESS=$$ICP_EXTERNAL_MGMT_INGRESS" \
-v /etc/horizon/exchange/config.json:/etc/horizon/exchange/exchange-api.tmpl:ro \
Expand All @@ -290,13 +255,20 @@ run-docker-icp-https: target/docker/.run-docker-icp-https

## config.json is mounted into the container as exchange-api.tmpl to overwrite the provided file of the same name in the Docker image. Bind-mounting it with read-only permissions prevents the container from attempting to overwrite it.
#
target/docker/.run-docker-icp: /etc/horizon/exchange/config-http.json target/docker/.docker-network
target/docker/.run-docker-icp: target/docker/.docker-network
sudo -- bash -c "cp /etc/horizon/exchange/config-http.json /etc/horizon/exchange/config.json"
docker run \
--name $(DOCKER_NAME) \
--network $(DOCKER_NETWORK) \
-d -t \
-p $(EXCHANGE_HOST_PORT_HTTP):$(EXCHANGE_CONTAINER_PORT_HTTP) \
-e EXCHANGE_DB_HOST=$(POSTGRES_CONTAINER_ADDRESS) \
-e EXCHANGE_DB_NAME=$(POSTGRES_DB_NAME) \
-e EXCHANGE_DB_PORT=$(POSTGRES_DB_PORT) \
-e EXCHANGE_DB_USER=$(POSTGRES_DB_USER) \
-e EXCHANGE_PEKKO_HTTP_PORT=$(EXCHANGE_CONTAINER_PORT_HTTP) \
-e EXCHANGE_PEKKO_LOGLEVEL=$(EXCHANGE_LOG_LEVEL) \
-e "EXCHANGE_ROOT_PW=$$EXCHANGE_ROOT_PW" \
-e "JAVA_OPTS=$(JAVA_OPTS)" \
-e "ICP_EXTERNAL_MGMT_INGRESS=$$ICP_EXTERNAL_MGMT_INGRESS" \
-v /etc/horizon/exchange/config.json:/etc/horizon/exchange/exchange-api.tmpl:ro \
Expand Down Expand Up @@ -382,7 +354,6 @@ clean: clean-docker clean-truststore

.PHONY: cleaner
cleaner: clean cleaner-docker cleaner-truststore
sudo rm -fr /etc/horizon/exchange/config*.json

.PHONY: cleanest
cleanest: cleaner cleanest-docker cleanest-truststore
Expand Down
22 changes: 10 additions & 12 deletions build.sbt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ val versionFunc = () => {
Global / excludeLintKeys += daemonGroupGid // was getting unused error, even tho i think they are used
Global / excludeLintKeys += dockerEnvVars

//Global / envVars := Map("HZN_ORG_ID" -> "mycluster")

lazy val root = (project in file("."))
.settings(
description := "'Containerized exchange-api'",
Expand All @@ -35,7 +37,7 @@ lazy val root = (project in file("."))
pekkoVersion := "[1.0.2]",
release := sys.env.getOrElse("GIT_SHORT_SHA", versionFunc()),
resolvers += Classpaths.typesafeReleases,
scalaVersion := "2.13.11",
scalaVersion := "2.13.14",
summary := "'Open Horizon exchange-api image'",
vendor := "'Open Horizon'",
version := sys.env.getOrElse("IMAGE_VERSION", versionFunc()),
Expand All @@ -51,6 +53,7 @@ lazy val root = (project in file("."))
// "org.apache.pekko" %% "pekko-http-spray-json" % "[10.2.1,)",
"com.github.pjfanning" %% "pekko-http-jackson" % "[2.3.3,)",
"org.apache.pekko" %% "pekko-http-cors" % "[1.0.0]",
"org.apache.pekko" %% "pekko-slf4j" % "[1.0.1]",

"org.json4s" %% "json4s-native" % "4.0.6",
"org.json4s" %% "json4s-jackson" % "4.0.6",
Expand All @@ -62,6 +65,8 @@ lazy val root = (project in file("."))
//"io.swagger.core.v3" % "swagger-core-jakarta" % "[2.1.12]", // Version 2.1.13+ requires newer versions of slick and slick-hikaricp
//"io.swagger.core.v3" % "swagger-jaxrs2-jakarta" % "[2.1.12]", // Version 2.1.13+ requires newer versions of slick and slick-hikaricp

"ch.qos.logback" % "logback-classic" % "1.5.6",
//"net.logstash.logback" % "logstash-logback-encoder" % "[7.4,)",
// "com.typesafe.slick" %% "slick" % "[3.3.3]", // Version 3.4.1 depends on slick-pg and slick-pg_json4s v0.21.0
"com.typesafe.slick" %% "slick-hikaricp" % "[3.4.1]", // Version 3.4.1 depends on slick-pg and slick-pg_json4s v0.21.0
// "com.github.tminglei" %% "slick-pg" % "[0.20.4]", // Version 0.21.0 depends on version 3.4.0 of slick and slick-hikaricp
Expand All @@ -70,7 +75,7 @@ lazy val root = (project in file("."))
// "com.zaxxer" % "HikariCP" % "[3.4.5,)",
// "org.slf4j" % "slf4j-simple" % "[1.7.25]", // Version 1.7.35+ requires newer versions of slick and slick-hikaricp
// "ch.qos.logback" % "logback-classic" % "1.3.0-alpha5",
"com.mchange" % "c3p0" % "[0.9.5.5,)",
//"com.mchange" % "c3p0" % "[0.9.5.5,)",
"org.scalaj" %% "scalaj-http" % "[2.4.2]", // Deprecated as of April 2022, in v2.4.2
"com.typesafe" % "config" % "[1.4.3,)",
"org.mindrot" % "jbcrypt" % "[0.4,)", // Last version (v0.4) release February 13, 2017
Expand All @@ -89,6 +94,7 @@ lazy val root = (project in file("."))
),
scalacOptions ++= Seq("-unchecked", "-deprecation", "-feature"),
javacOptions ++= Seq("-source", "17", "-target", "17", "-Xlint"),
//javaOptions ++= Seq("-Dconfig.file=/home/naphelps/git/exchange-api/target/config.json"),
fork := true,
Test / javaOptions ++= Seq("--add-opens", "java.base/java.net=ALL-UNNAMED"),
// Used when running test suites with HTTPS.
Expand All @@ -108,15 +114,12 @@ lazy val root = (project in file("."))
dockerBaseImage := "registry.access.redhat.com/ubi9-minimal:latest",
dockerEnvVars := Map("JAVA_OPTS" -> ""), // this is here so JAVA_OPTS can be overridden on the docker run cmd with a value like: -Xmx1G
// dockerEntrypoint ++= Seq("-Djava.security.auth.login.config=src/main/resources/jaas.config") // <- had trouble getting this to work
Docker / mappings ++= Seq((baseDirectory.value / "LICENSE.txt") -> "/1/licenses/LICENSE.txt",
(baseDirectory.value / "config" / "exchange-api.tmpl") -> "/2/etc/horizon/exchange/exchange-api.tmpl"
),
Docker / mappings ++= Seq((baseDirectory.value / "LICENSE.txt") -> "/1/licenses/LICENSE.txt"),
dockerCommands := Seq(Cmd("FROM", dockerBaseImage.value ++ " as stage0"),
Cmd("LABEL", "snp-multi-stage='intermediate'"),
Cmd("LABEL", "snp-multi-stage-id='6466ecf3-c305-40bb-909a-47e60bded33d'"),
Cmd("WORKDIR", "/etc/horizon/exchange"),
Cmd("COPY", "2/etc/horizon/exchange /2/etc/horizon/exchange"),
Cmd("RUN", "> /2/etc/horizon/exchange/config.json"),
Cmd("WORKDIR", "/licenses"),
Cmd("COPY", "1/licenses /1/licenses"),
Cmd("WORKDIR", "/opt/docker"),
Expand Down Expand Up @@ -149,12 +152,7 @@ lazy val root = (project in file("."))
Cmd("EXPOSE", "8080"),
Cmd("EXPOSE", "8083"),
Cmd("USER", "1001:1001"),
/*
* If bind-mounting your own config.json rename the configuration file in the container's filesystem to exchange-api.tmpl. This will overwrite the
* exchange-api.tmpl provided in this docker image and prevent cases where a bind-mount config.json is set with read-only permissions.
* Any mounted config.json can choose to use variables to take advantage of the substitution below.
*/
Cmd("ENTRYPOINT", "/usr/bin/envsubst $ENVSUBST_CONFIG < /etc/horizon/exchange/exchange-api.tmpl > /etc/horizon/exchange/config.json && /opt/docker/bin/" ++ name.value),
Cmd("ENTRYPOINT", "/opt/docker/bin/" ++ name.value),
Cmd("CMD", "[]")
)
)
12 changes: 0 additions & 12 deletions config/exchange-api.tmpl
View file

This file was deleted.

Loading

0 comments on commit 93427ce

Please sign in to comment.