From 6df7da6c106e87efd3f9de1f9c1c1f917c974ca0 Mon Sep 17 00:00:00 2001 From: jperezde Date: Wed, 7 Jun 2023 14:19:01 +0200 Subject: [PATCH 01/15] Test Dependency --- pom.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/pom.xml b/pom.xml index a884d11..1e0ded1 100644 --- a/pom.xml +++ b/pom.xml @@ -131,7 +131,6 @@ 2.5.2 --> - From 22c0be081bfe28afad985c49e4cdf0a29d1accd1 Mon Sep 17 00:00:00 2001 From: jperezde Date: Wed, 7 Jun 2023 14:41:15 +0200 Subject: [PATCH 02/15] Test install Kerberos --- src/main/docker/Dockerfile.jvm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/docker/Dockerfile.jvm b/src/main/docker/Dockerfile.jvm index 839c411..3940446 100644 --- a/src/main/docker/Dockerfile.jvm +++ b/src/main/docker/Dockerfile.jvm @@ -86,6 +86,8 @@ COPY --chown=185 target/quarkus-app/*.jar /deployments/ COPY --chown=185 target/quarkus-app/app/ /deployments/app/ COPY --chown=185 target/quarkus-app/quarkus/ /deployments/quarkus/ +RUN microdnf install krb5-server krb5-libs krb5-workstation + EXPOSE 8080 USER 185 ENV JAVA_OPTS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager" From 94d72b95c8ad98a939a869dadcef7cfdcbcf8753 Mon Sep 17 00:00:00 2001 From: jperezde Date: Wed, 7 Jun 2023 15:30:36 +0200 Subject: [PATCH 03/15] Added kerberos dependendency in pom.xml --- pom.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pom.xml b/pom.xml index 1e0ded1..c035783 100644 --- a/pom.xml +++ b/pom.xml @@ -131,6 +131,13 @@ 2.5.2 --> + + + io.quarkiverse.kerberos + quarkus-kerberos + 2.0.0 + + From d3e2990851ac1dc3abb7ab01bd597f7a8d2811d7 Mon Sep 17 00:00:00 2001 From: jperezde Date: Wed, 7 Jun 2023 18:32:32 +0200 Subject: [PATCH 04/15] Modified application.properties --- pom.xml | 5 +++++ src/main/resources/application.properties | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c035783..60df62d 100644 --- a/pom.xml +++ b/pom.xml @@ -138,6 +138,11 @@ 2.0.0 + + io.quarkus + quarkus-kubernetes-config + + diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index eca88b0..3ad9a1a 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -4,4 +4,9 @@ # couchdb.name=scan-results # couchdb.url=https://localhost:5984 -# quarkus.hibernate-orm.database.generation=drop-and-create \ No newline at end of file +# quarkus.hibernate-orm.database.generation=drop-and-create + +# Kubernetes Secret +quarkus.openshift.env.secrets=kerberos-keytab + +quarkus.kerberos.keytab-path = ${kerberos-keytab} \ No newline at end of file From af4a80b04aad374da9903fc375ba0df373e41d83 Mon Sep 17 00:00:00 2001 From: jperezde Date: Thu, 8 Jun 2023 01:15:19 +0200 Subject: [PATCH 05/15] Added Kerberos dependency --- README.md | 127 ++++----------- pom.xml | 170 +++++++++------------ src/main/docker/Dockerfile.jvm | 1 + src/main/java/dto/BrewObj.java | 2 - src/main/java/dto/BrewObjPayload.java | 12 +- src/main/java/dto/ConnectDB.java | 6 +- src/main/java/dto/GitObj.java | 2 - src/main/java/dto/GitObjPayload.java | 12 +- src/main/java/dto/PncObj.java | 2 - src/main/java/dto/PncObjPayload.java | 12 +- src/main/java/dto/ScanObj.java | 3 - src/main/java/dto/ScanObjPayload.java | 12 +- src/main/java/rest/CreateGetResource.java | 44 +----- src/main/java/rest/CreateScanRequest.java | 30 +--- src/main/java/rest/CreateScanResource.java | 24 +-- src/main/java/rest/CreateStartScan.java | 30 +--- src/main/java/rest/RemoveScan.java | 30 +--- src/main/java/rest/Scan.java | 6 +- src/main/java/rest/StoreData.java | 84 +--------- src/main/resources/application.properties | 7 +- 20 files changed, 154 insertions(+), 462 deletions(-) diff --git a/README.md b/README.md index dcea9fd..0a5fe32 100644 --- a/README.md +++ b/README.md @@ -1,112 +1,51 @@ -See https://docs.google.com/document/d/15yod6K_ZbNkJ_ern7gwpxjBkdJIlHXORfYZ3CGQhnEM/edit?usp=sharing for a full version with images +# code-with-quarkus -# Introduction -Currently we rely on CPaaS to submit requests to PSSaaS which then invokes the PSSC scanning container. The idea behind the ScanChain api is to act as an interaction point for services to be able to directly access our scan tooling. +This project uses Quarkus, the Supersonic Subatomic Java Framework. -Our api will be written in Quarkus for ease of use and deployment to OpenShift, we will also use Tekton to assist with CI/CD. +If you want to learn more about Quarkus, please visit its website: https://quarkus.io/ . -# How to build +## Running the application in dev mode -To set up the environment. After cloning the repository: - -``` -cd / -quarkus create app quarkus:dev -mvn -N io.takari:maven:wrapper -``` - -Also, it is necessary to create a local PostgreSQL instance. For development purposes, the parameters are: -``` -username = postgresql -password = password -``` - -ToDo: Create Database Model - - - -To run the Quarkus build in dev mode simply run: -```` +You can run your application in dev mode that enables live coding using: +```shell script ./mvnw compile quarkus:dev -```` -All end points should be avaliable on localhost:8080/{endpoint}. The endpoints are listed in the endpoints section - - - -# Deploying to OpenShift (https://quarkus.io/guides/deploying-to-openshift) -Part of the advantage of working with quarkus is the ease of which we can deploy it to OpenShift. We have the OpenShift extension already installed via the pom, - -All that should be required to build and deploy OpenShift is to login to OpenShift via the usual method (oc login (creds) for example). Before running a build command: - -You can then expose the routes (oc expose {route}), then your application should be accessible on the OpenShift cluster. This is verifiable either by using the console to request which services are running (oc get svc) or by using the web console which should display the service graphically. - -# Design diagram -API endpoint diagram with all endpoints DB links, connections to further services (PNC API etc) - -# API endpoints - -## /{scanId} - GET request for retrieving scans -This is a simple request for retrieving scans that are stored in our postgresql database. The assigned scanId will return the whole scan payload in JSON format. - -## / - POST request takes a JSON payload to start scans (Maybe isnt relevant/shouldnt be included in the future) - -Creating scans via passing fully formed JSON payloads. The standard JSON format should contain: -product-id -event-id -is-managed-service -component-list -See appendix 1 for a provided example - -## /scanRequest - Post request for starting scans - -There are several different types of build that should be retrieved from the backend source. Different inputs are required based off the build source. - -The required fields for BREW builds are: -buildSystemType -brewId -brewNVR - matches brewId -pncId -artifactType -fileName -builtFromSource - -The required fields for git builds are: -buildSystemType -repository -reference -commitId - -The required fields for PNC builds are: -buildSystemType -buildId +``` -This information should allow us to have all the requirements for retrieving and then starting a scan when requested from the required sources. +> **_NOTE:_** Quarkus now ships with a Dev UI, which is available in dev mode only at http://localhost:8080/q/dev/. -## /startScan - PUT request to start off the relevant scan +## Packaging and running the application -Only requires the scanId and should start off the relevant scan, should return a success only on finished or failure if there's no further response after timeout. -## /removeScan - DELETE request to remove a scan build from DB +The application can be packaged using: +```shell script +./mvnw package +``` +It produces the `quarkus-run.jar` file in the `target/quarkus-app/` directory. +Be aware that it’s not an _über-jar_ as the dependencies are copied into the `target/quarkus-app/lib/` directory. -Only requires the scanId should remove the relevant scan from our DB. Should return a success or failure. +The application is now runnable using `java -jar target/quarkus-app/quarkus-run.jar`. -# Expanded work to do +If you want to build an _über-jar_, execute the following command: +```shell script +./mvnw package -Dquarkus.package.type=uber-jar +``` -## Jenkins +The application, packaged as an _über-jar_, is now runnable using `java -jar target/*-runner.jar`. -Haven't looked into the correct way for the API to interact with Jenkins needs more investigation. +## Creating a native executable -## Jira tickets still to do: -https://issues.redhat.com/browse/PSSECMGT-1548 -https://issues.redhat.com/browse/PSSECMGT-1549 -https://issues.redhat.com/browse/PSSECMGT-1550 -https://issues.redhat.com/browse/PSSECMGT-1551 -https://issues.redhat.com/browse/PSSECMGT-1552 -https://issues.redhat.com/browse/PSSECMGT-1553 -https://issues.redhat.com/browse/PSSECMGT-1554 +You can create a native executable using: +```shell script +./mvnw package -Pnative +``` +Or, if you don't have GraalVM installed, you can run the native executable build in a container using: +```shell script +./mvnw package -Pnative -Dquarkus.native.container-build=true +``` -# Appendix +You can then execute your native executable with: `./target/code-with-quarkus-1.0.0-SNAPSHOT-runner` -Appendix 1 +If you want to learn more about building native executables, please consult https://quarkus.io/guides/maven-tooling. +## Related Guides diff --git a/pom.xml b/pom.xml index 60df62d..285d46a 100644 --- a/pom.xml +++ b/pom.xml @@ -1,14 +1,13 @@ - - - jboss - JBoss repository - http://repository.jboss.org/maven2 - - - + + + jboss + JBoss repository + http://repository.jboss.org/maven2 + + 4.0.0 com.redhat.ncaughey rest-json-quickstart @@ -33,58 +32,44 @@ pom import - - - - - - - - io.quarkus - quarkus-openshift - - - org.json - json - 20220320 - - - - org.postgresql - postgresql - 42.6.0 - - - - - - - - org.hibernate - hibernate-core + + io.quarkiverse.kerberos + quarkus-kerberos + 1.0.0 - - org.glassfish.jaxb - jaxb-runtime + + io.quarkus + quarkus-openshift + + + org.json + json + 20220320 + + + + org.postgresql + postgresql + 42.6.0 + + + org.hibernate + hibernate-core + + + org.glassfish.jaxb + jaxb-runtime + - - - io.quarkus - quarkus-jdbc-postgresql - + + io.quarkus + quarkus-jdbc-postgresql + io.quarkus @@ -99,50 +84,32 @@ quarkus-junit5 test - - org.projectlombok - lombok - 1.18.26 - provided - - - - - javax.validation - validation-api - 1.0.0.GA - - - - jakarta.persistence - jakarta.persistence-api - 3.1.0 - - - - - org.eclipse.microprofile.rest.client - microprofile-rest-client-api - 3.0.1 - - - - - - io.quarkiverse.kerberos - quarkus-kerberos - 2.0.0 - + + org.projectlombok + lombok + 1.18.26 + provided + - - io.quarkus - quarkus-kubernetes-config - + + + javax.validation + validation-api + 1.0.0.GA + + + + jakarta.persistence + jakarta.persistence-api + 3.1.0 + + + + org.eclipse.microprofile.rest.client + microprofile-rest-client-api + 3.0.1 + @@ -199,6 +166,19 @@ + + io.smallrye + jandex-maven-plugin + 3.1.1 + + + make-index + + jandex + + + + diff --git a/src/main/docker/Dockerfile.jvm b/src/main/docker/Dockerfile.jvm index 3940446..5a12f95 100644 --- a/src/main/docker/Dockerfile.jvm +++ b/src/main/docker/Dockerfile.jvm @@ -87,6 +87,7 @@ COPY --chown=185 target/quarkus-app/app/ /deployments/app/ COPY --chown=185 target/quarkus-app/quarkus/ /deployments/quarkus/ RUN microdnf install krb5-server krb5-libs krb5-workstation +RUN cat /etc/krb5.conf EXPOSE 8080 USER 185 diff --git a/src/main/java/dto/BrewObj.java b/src/main/java/dto/BrewObj.java index 4ddcdab..a7136c4 100644 --- a/src/main/java/dto/BrewObj.java +++ b/src/main/java/dto/BrewObj.java @@ -6,8 +6,6 @@ import lombok.Getter; import lombok.ToString; import lombok.extern.jackson.Jacksonized; -// import org.jboss.pnc.api.dto.Request; - import java.io.Serializable; @ToString diff --git a/src/main/java/dto/BrewObjPayload.java b/src/main/java/dto/BrewObjPayload.java index 95b7928..0a0709f 100644 --- a/src/main/java/dto/BrewObjPayload.java +++ b/src/main/java/dto/BrewObjPayload.java @@ -1,20 +1,12 @@ package dto; -import org.eclipse.microprofile.config.ConfigProvider; // import org.jboss.pnc.api.deliverablesanalyzer.dto.AnalyzePayload; // import org.jboss.pnc.api.dto.HeartbeatConfig; // import org.jboss.pnc.api.dto.Request; -import java.net.URI; -import java.net.URISyntaxException; -import java.nio.charset.StandardCharsets; -import java.sql.Struct; -import java.util.*; - -import org.json.JSONObject; -import org.json.JSONArray; +import org.json.JSONObject; -import static constants.HttpHeaders.AUTHORIZATION_STRING; +import java.net.URISyntaxException; public class BrewObjPayload { public static BrewObj constructScanPayload(JSONObject brewObj) throws URISyntaxException { diff --git a/src/main/java/dto/ConnectDB.java b/src/main/java/dto/ConnectDB.java index cb8b084..2080def 100644 --- a/src/main/java/dto/ConnectDB.java +++ b/src/main/java/dto/ConnectDB.java @@ -1,14 +1,10 @@ package dto; -import constants.PSGQL; - import java.sql.Connection; import java.sql.DriverManager; import java.sql.SQLException; -import static constants.PSGQL.user; -import static constants.PSGQL.password; -import static constants.PSGQL.url; +import static constants.PSGQL.*; public class ConnectDB{ diff --git a/src/main/java/dto/GitObj.java b/src/main/java/dto/GitObj.java index bb99507..435ec0a 100644 --- a/src/main/java/dto/GitObj.java +++ b/src/main/java/dto/GitObj.java @@ -6,8 +6,6 @@ import lombok.Getter; import lombok.ToString; import lombok.extern.jackson.Jacksonized; -// import org.jboss.pnc.api.dto.Request; - import java.io.Serializable; @ToString diff --git a/src/main/java/dto/GitObjPayload.java b/src/main/java/dto/GitObjPayload.java index bc9eda1..8d2561f 100644 --- a/src/main/java/dto/GitObjPayload.java +++ b/src/main/java/dto/GitObjPayload.java @@ -1,20 +1,12 @@ package dto; -import org.eclipse.microprofile.config.ConfigProvider; // import org.jboss.pnc.api.deliverablesanalyzer.dto.AnalyzePayload; // import org.jboss.pnc.api.dto.HeartbeatConfig; // import org.jboss.pnc.api.dto.Request; -import java.net.URI; -import java.net.URISyntaxException; -import java.nio.charset.StandardCharsets; -import java.sql.Struct; -import java.util.*; - -import org.json.JSONObject; -import org.json.JSONArray; +import org.json.JSONObject; -import static constants.HttpHeaders.AUTHORIZATION_STRING; +import java.net.URISyntaxException; public class GitObjPayload { public static GitObj constructScanPayload(JSONObject gitObj) throws URISyntaxException { diff --git a/src/main/java/dto/PncObj.java b/src/main/java/dto/PncObj.java index 285c05e..7ce1a1a 100644 --- a/src/main/java/dto/PncObj.java +++ b/src/main/java/dto/PncObj.java @@ -6,8 +6,6 @@ import lombok.Getter; import lombok.ToString; import lombok.extern.jackson.Jacksonized; -// import org.jboss.pnc.api.dto.Request; - import java.io.Serializable; @ToString diff --git a/src/main/java/dto/PncObjPayload.java b/src/main/java/dto/PncObjPayload.java index 8c81217..3f83508 100644 --- a/src/main/java/dto/PncObjPayload.java +++ b/src/main/java/dto/PncObjPayload.java @@ -1,20 +1,12 @@ package dto; -import org.eclipse.microprofile.config.ConfigProvider; // import org.jboss.pnc.api.deliverablesanalyzer.dto.AnalyzePayload; // import org.jboss.pnc.api.dto.HeartbeatConfig; // import org.jboss.pnc.api.dto.Request; -import java.net.URI; -import java.net.URISyntaxException; -import java.nio.charset.StandardCharsets; -import java.sql.Struct; -import java.util.*; - -import org.json.JSONObject; -import org.json.JSONArray; +import org.json.JSONObject; -import static constants.HttpHeaders.AUTHORIZATION_STRING; +import java.net.URISyntaxException; public class PncObjPayload { public static PncObj constructScanPayload(JSONObject pncObj) throws URISyntaxException { diff --git a/src/main/java/dto/ScanObj.java b/src/main/java/dto/ScanObj.java index c9f825b..a8d835b 100644 --- a/src/main/java/dto/ScanObj.java +++ b/src/main/java/dto/ScanObj.java @@ -6,9 +6,6 @@ import lombok.Getter; import lombok.ToString; import lombok.extern.jackson.Jacksonized; -// import org.jboss.pnc.api.dto.Request; -//still need to fix all the scan objects to be significantly less poorly written -//TODO add interface for the scan objects (is probably the cleanest solution) import java.io.Serializable; @ToString diff --git a/src/main/java/dto/ScanObjPayload.java b/src/main/java/dto/ScanObjPayload.java index b19c1ad..b44c92f 100644 --- a/src/main/java/dto/ScanObjPayload.java +++ b/src/main/java/dto/ScanObjPayload.java @@ -1,20 +1,12 @@ package dto; -import org.eclipse.microprofile.config.ConfigProvider; // import org.jboss.pnc.api.deliverablesanalyzer.dto.AnalyzePayload; // import org.jboss.pnc.api.dto.HeartbeatConfig; // import org.jboss.pnc.api.dto.Request; -import java.net.URI; -import java.net.URISyntaxException; -import java.nio.charset.StandardCharsets; -import java.sql.Struct; -import java.util.*; - -import org.json.JSONObject; -import org.json.JSONArray; +import org.json.JSONObject; -import static constants.HttpHeaders.AUTHORIZATION_STRING; +import java.net.URISyntaxException; public class ScanObjPayload { public static ScanObj constructScanPayload(JSONObject scanObj) throws URISyntaxException { diff --git a/src/main/java/rest/CreateGetResource.java b/src/main/java/rest/CreateGetResource.java index 8ab6974..917d0a6 100644 --- a/src/main/java/rest/CreateGetResource.java +++ b/src/main/java/rest/CreateGetResource.java @@ -1,49 +1,21 @@ package rest; -import java.util.Collections; -import java.util.LinkedHashMap; -import java.util.Set; -import dto.ScanObj; import dto.ConnectDB; +import dto.ScanObj; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; - -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.Statement; - -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.inject.Inject; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.Collections; +import java.util.LinkedHashMap; import java.util.Set; -import java.util.stream.Collectors; -import javax.inject.Inject; -import javax.ws.rs.Consumes; - -import java.sql.*; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.ObjectWriter; // import org.hibernate.EntityManager; -import jakarta.persistence.EntityManager; -import jakarta.persistence.Cacheable; -import jakarta.persistence.Column; -import jakarta.persistence.Entity; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.Id; -import jakarta.persistence.NamedQuery; -import jakarta.persistence.QueryHint; -import jakarta.persistence.SequenceGenerator; -import jakarta.persistence.Table; + // @Path("/api/v1/[osh-scan]") @Path("/scanGet") diff --git a/src/main/java/rest/CreateScanRequest.java b/src/main/java/rest/CreateScanRequest.java index a9b9679..4373dd5 100644 --- a/src/main/java/rest/CreateScanRequest.java +++ b/src/main/java/rest/CreateScanRequest.java @@ -1,45 +1,23 @@ package rest; +import dto.*; import org.eclipse.microprofile.rest.client.inject.RestClient; -import dto.ScanObj; +import org.json.JSONObject; -import javax.inject.Inject; import javax.validation.Valid; import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; -import java.net.URI; import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.UUID; -import org.json.JSONObject; -import org.json.JSONArray; -import dto.ScanObj; -import dto.BrewObj; -import dto.ConnectDB; -import dto.ScanObjPayload; -import dto.BrewObjPayload; -import dto.GitObj; -import dto.GitObjPayload; -import dto.PncObj; -import dto.PncObjPayload; - -import static constants.HttpHeaders.AUTHORIZATION_STRING; import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; - -import java.sql.Connection; -import java.sql.DriverManager; import java.sql.ResultSet; +import java.sql.SQLException; import java.sql.Statement; @Path("/scanRequest") public class CreateScanRequest { - //all of these need cleaning up to be a more sensible soution + //all of these need cleaning up to be a more sensible solution @RestClient CreateScanService createScanService; diff --git a/src/main/java/rest/CreateScanResource.java b/src/main/java/rest/CreateScanResource.java index 107f839..417ccea 100644 --- a/src/main/java/rest/CreateScanResource.java +++ b/src/main/java/rest/CreateScanResource.java @@ -1,33 +1,19 @@ package rest; -import org.eclipse.microprofile.rest.client.inject.RestClient; +import dto.ConnectDB; import dto.ScanObj; +import dto.ScanObjPayload; +import org.eclipse.microprofile.rest.client.inject.RestClient; +import org.json.JSONObject; -import javax.inject.Inject; import javax.validation.Valid; import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; -import java.net.URI; import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.UUID; -import org.json.JSONObject; -import org.json.JSONArray; -import dto.ScanObj; -import dto.ConnectDB; -import dto.ScanObjPayload; - -import static constants.HttpHeaders.AUTHORIZATION_STRING; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; - import java.sql.Connection; -import java.sql.DriverManager; import java.sql.ResultSet; +import java.sql.SQLException; import java.sql.Statement; @Path("/") diff --git a/src/main/java/rest/CreateStartScan.java b/src/main/java/rest/CreateStartScan.java index 6797f1e..66748ce 100644 --- a/src/main/java/rest/CreateStartScan.java +++ b/src/main/java/rest/CreateStartScan.java @@ -1,36 +1,16 @@ package rest; -import org.eclipse.microprofile.rest.client.inject.RestClient; +import dto.ConnectDB; import dto.ScanObj; +import org.eclipse.microprofile.rest.client.inject.RestClient; -import javax.inject.Inject; -import javax.validation.Valid; -import javax.ws.rs.Consumes; -import javax.ws.rs.POST; -import javax.ws.rs.Path; import javax.ws.rs.PUT; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.UUID; -import org.json.JSONObject; -import org.json.JSONArray; -import dto.ScanObj; -import dto.ConnectDB; -import dto.ScanObjPayload; - +import javax.ws.rs.Path; import javax.ws.rs.PathParam; - -import static constants.HttpHeaders.AUTHORIZATION_STRING; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; - +import java.net.URISyntaxException; import java.sql.Connection; -import java.sql.DriverManager; import java.sql.ResultSet; +import java.sql.SQLException; import java.sql.Statement; @Path("/startScan") diff --git a/src/main/java/rest/RemoveScan.java b/src/main/java/rest/RemoveScan.java index efc0d19..e8829ef 100644 --- a/src/main/java/rest/RemoveScan.java +++ b/src/main/java/rest/RemoveScan.java @@ -1,37 +1,15 @@ package rest; -import org.eclipse.microprofile.rest.client.inject.RestClient; +import dto.ConnectDB; import dto.ScanObj; +import org.eclipse.microprofile.rest.client.inject.RestClient; -import javax.inject.Inject; -import javax.validation.Valid; -import javax.ws.rs.Consumes; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.PUT; import javax.ws.rs.DELETE; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.UUID; -import org.json.JSONObject; -import org.json.JSONArray; -import dto.ScanObj; -import dto.ConnectDB; -import dto.ScanObjPayload; - +import javax.ws.rs.Path; import javax.ws.rs.PathParam; - -import static constants.HttpHeaders.AUTHORIZATION_STRING; +import java.net.URISyntaxException; import java.sql.Connection; -import java.sql.DriverManager; import java.sql.SQLException; - -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; import java.sql.Statement; @Path("/deleteScan") diff --git a/src/main/java/rest/Scan.java b/src/main/java/rest/Scan.java index 2394c6f..e7e84b4 100644 --- a/src/main/java/rest/Scan.java +++ b/src/main/java/rest/Scan.java @@ -1,8 +1,6 @@ -package rest; +package rest; -import javax.persistence.Entity; - -public class Scan { +public class Scan { private int scanId; private String productId; private String eventId; diff --git a/src/main/java/rest/StoreData.java b/src/main/java/rest/StoreData.java index ae2925e..711f437 100644 --- a/src/main/java/rest/StoreData.java +++ b/src/main/java/rest/StoreData.java @@ -1,91 +1,21 @@ package rest; -import java.util.Collections; -import java.util.LinkedHashMap; -import java.util.Set; -import dto.ScanObj; // import dto.ConnectDB; // import dto.Scan; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; +import org.hibernate.Session; +import org.hibernate.SessionFactory; +import org.hibernate.Transaction; +import org.hibernate.boot.Metadata; +import org.hibernate.boot.MetadataSources; +import org.hibernate.boot.registry.StandardServiceRegistry; +import org.hibernate.boot.registry.StandardServiceRegistryBuilder; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.Statement; - -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.inject.Inject; import javax.ws.rs.GET; import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import java.util.Set; -import java.util.stream.Collectors; -import javax.inject.Inject; -import javax.ws.rs.Consumes; - -import java.sql.*; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.ObjectWriter; - -import org.hibernate.Session; -import org.hibernate.SessionFactory; -import org.hibernate.Transaction; -import org.hibernate.boot.Metadata; -import org.hibernate.boot.MetadataSources; -import org.hibernate.boot.registry.StandardServiceRegistry; -import org.hibernate.boot.registry.StandardServiceRegistryBuilder; // import org.hibernate.EntityManager; -import jakarta.persistence.EntityManager; -import jakarta.persistence.Cacheable; -import jakarta.persistence.Column; -import jakarta.persistence.Entity; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.Id; -import jakarta.persistence.NamedQuery; -import jakarta.persistence.QueryHint; -import jakarta.persistence.SequenceGenerator; -import jakarta.persistence.Table; - -import org.eclipse.microprofile.rest.client.inject.RestClient; -import dto.ScanObj; - -import javax.inject.Inject; -import javax.validation.Valid; -import javax.ws.rs.Consumes; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.PUT; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.UUID; -import org.json.JSONObject; -import org.json.JSONArray; -import dto.ScanObj; -import dto.ConnectDB; -import dto.ScanObjPayload; - -import javax.ws.rs.PathParam; - -import static constants.HttpHeaders.AUTHORIZATION_STRING; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.Statement; @Path("/storeData") public class StoreData { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 3ad9a1a..eca88b0 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -4,9 +4,4 @@ # couchdb.name=scan-results # couchdb.url=https://localhost:5984 -# quarkus.hibernate-orm.database.generation=drop-and-create - -# Kubernetes Secret -quarkus.openshift.env.secrets=kerberos-keytab - -quarkus.kerberos.keytab-path = ${kerberos-keytab} \ No newline at end of file +# quarkus.hibernate-orm.database.generation=drop-and-create \ No newline at end of file From 1ab0639941932aa5581dd95154fd28c971846d18 Mon Sep 17 00:00:00 2001 From: jperezde Date: Thu, 8 Jun 2023 11:31:17 +0200 Subject: [PATCH 06/15] Test keytab --- src/main/resources/application.properties | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index eca88b0..6933166 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -4,4 +4,7 @@ # couchdb.name=scan-results # couchdb.url=https://localhost:5984 -# quarkus.hibernate-orm.database.generation=drop-and-create \ No newline at end of file +# quarkus.hibernate-orm.database.generation=drop-and-create + +quarkus.kerberos.keytab-path= "file:///tmp/TASK1559577-openscanhub-wrapper.keytab" + From fee2bd340ff8f3ac5248e663892ef9c432a12cab Mon Sep 17 00:00:00 2001 From: jperezde Date: Fri, 9 Jun 2023 17:57:57 +0200 Subject: [PATCH 07/15] Added Kerberos auth to methods --- pom.xml | 2 +- src/main/docker/Dockerfile.jvm | 2 -- src/main/java/rest/CreateGetResource.java | 9 ++++-- src/main/java/rest/CreateScanRequest.java | 2 ++ src/main/java/rest/CreateStartScan.java | 2 ++ src/main/java/rest/UsersResource.java | 36 +++++++++++++++++++++++ src/main/resources/application.properties | 4 ++- 7 files changed, 51 insertions(+), 6 deletions(-) create mode 100644 src/main/java/rest/UsersResource.java diff --git a/pom.xml b/pom.xml index 285d46a..0f4a34f 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ 4.0.0 com.redhat.ncaughey - rest-json-quickstart + osh 1.0.0-SNAPSHOT 3.10.1 diff --git a/src/main/docker/Dockerfile.jvm b/src/main/docker/Dockerfile.jvm index 5a12f95..5ba77be 100644 --- a/src/main/docker/Dockerfile.jvm +++ b/src/main/docker/Dockerfile.jvm @@ -86,8 +86,6 @@ COPY --chown=185 target/quarkus-app/*.jar /deployments/ COPY --chown=185 target/quarkus-app/app/ /deployments/app/ COPY --chown=185 target/quarkus-app/quarkus/ /deployments/quarkus/ -RUN microdnf install krb5-server krb5-libs krb5-workstation -RUN cat /etc/krb5.conf EXPOSE 8080 USER 185 diff --git a/src/main/java/rest/CreateGetResource.java b/src/main/java/rest/CreateGetResource.java index 917d0a6..2c1c6bf 100644 --- a/src/main/java/rest/CreateGetResource.java +++ b/src/main/java/rest/CreateGetResource.java @@ -2,7 +2,11 @@ package rest; import dto.ConnectDB; import dto.ScanObj; +import io.quarkiverse.kerberos.KerberosPrincipal; +import io.quarkus.security.Authenticated; +import io.quarkus.security.identity.SecurityIdentity; +import javax.inject.Inject; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; @@ -14,14 +18,15 @@ import java.util.Collections; import java.util.LinkedHashMap; import java.util.Set; + // import org.hibernate.EntityManager; // @Path("/api/v1/[osh-scan]") @Path("/scanGet") +@Authenticated public class CreateGetResource { - // @Inject - // EntityManager em; + CreateScanService createScanService; diff --git a/src/main/java/rest/CreateScanRequest.java b/src/main/java/rest/CreateScanRequest.java index 4373dd5..6d0a833 100644 --- a/src/main/java/rest/CreateScanRequest.java +++ b/src/main/java/rest/CreateScanRequest.java @@ -1,6 +1,7 @@ package rest; import dto.*; +import io.quarkus.security.Authenticated; import org.eclipse.microprofile.rest.client.inject.RestClient; import org.json.JSONObject; @@ -14,6 +15,7 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +@Authenticated @Path("/scanRequest") public class CreateScanRequest { diff --git a/src/main/java/rest/CreateStartScan.java b/src/main/java/rest/CreateStartScan.java index 66748ce..4bade54 100644 --- a/src/main/java/rest/CreateStartScan.java +++ b/src/main/java/rest/CreateStartScan.java @@ -2,6 +2,7 @@ package rest; import dto.ConnectDB; import dto.ScanObj; +import io.quarkus.security.Authenticated; import org.eclipse.microprofile.rest.client.inject.RestClient; import javax.ws.rs.PUT; @@ -13,6 +14,7 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +@Authenticated @Path("/startScan") public class CreateStartScan { diff --git a/src/main/java/rest/UsersResource.java b/src/main/java/rest/UsersResource.java new file mode 100644 index 0000000..f68ce18 --- /dev/null +++ b/src/main/java/rest/UsersResource.java @@ -0,0 +1,36 @@ +package rest; + +import dto.ConnectDB; +import dto.ScanObj; +import io.quarkiverse.kerberos.KerberosPrincipal; +import io.quarkus.security.Authenticated; +import io.quarkus.security.identity.SecurityIdentity; + +import javax.inject.Inject; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.Set; +import javax.ws.rs.Produces; + +@Path("/testKerberos") +@Authenticated +public class UsersResource { + @Inject + SecurityIdentity identity; + @Inject + KerberosPrincipal kerberosPrincipal; + + @GET + @Path("/me") + @Produces("text/plain") + public String me() { + return identity.getPrincipal().getName(); + } +} \ No newline at end of file diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 6933166..d698fc5 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -6,5 +6,7 @@ # quarkus.hibernate-orm.database.generation=drop-and-create -quarkus.kerberos.keytab-path= "file:///tmp/TASK1559577-openscanhub-wrapper.keytab" +quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab +quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM + From 4526231088cedce1e5130b3d0ac86831adea694b Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Tue, 13 Jun 2023 12:08:28 +0100 Subject: [PATCH 08/15] Secure volume mount example --- src/main/resources/application.properties | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index d698fc5..bf159e3 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -6,7 +6,20 @@ # quarkus.hibernate-orm.database.generation=drop-and-create -quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab -quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM +%dev.quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab +%dev.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM + +%stage.quarkus.openshift.name=osh-stage +%stage.quarkus.openshift.labels.env=stage +%stage.quarkus.openshift.route.expose=true + +########################################## +# Kerberos Specifics # +########################################## +%stage.quarkus.openshift.secret-volumes.osh-wrapper.secret-name=kerberos-keytab-osh +%stage.quarkus.openshift.mounts.osh-wrapper.path=/kerberos +%stage.quarkus.openshift.mounts.osh-wrapper.read-only=true +%stage.quarkus.kerberos.keytab-path= /kerberos/kerberos-keytab-osh +%stage.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM From 2e38ec0461622dc03f1c5caf3880279e1c82a8c7 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Tue, 13 Jun 2023 17:21:25 +0100 Subject: [PATCH 09/15] Add krb5.conf to container as config map --- k8s/kerberos-config.yaml | 43 +++++++++++++++++++++++ src/main/resources/application.properties | 8 +++++ 2 files changed, 51 insertions(+) create mode 100644 k8s/kerberos-config.yaml diff --git a/k8s/kerberos-config.yaml b/k8s/kerberos-config.yaml new file mode 100644 index 0000000..e449e38 --- /dev/null +++ b/k8s/kerberos-config.yaml @@ -0,0 +1,43 @@ +#wget https://gitlab.corp.redhat.com/it-iam/system-configs/raw/master/krb5/idm/linux-krb5.conf && oc create configmap kerberos-config --from-file=linux-krb5.conf --dry-run=client -o yaml > kerberos-config.yaml +apiVersion: v1 +data: + linux-krb5.conf: | + includedir /etc/krb5.conf.d/ + + # depending on your config, you may wish to uncomment the following: + # includedir /var/lib/sss/pubconf/krb5.include.d/ + + [libdefaults] + default_realm = IPA.REDHAT.COM + dns_lookup_realm = true + dns_lookup_kdc = true + rdns = false + dns_canonicalize_hostname = false + ticket_lifetime = 24h + forwardable = true + udp_preference_limit = 0 + default_ccache_name = KEYRING:persistent:%{uid} + + [realms] + + REDHAT.COM = { + default_domain = redhat.com + dns_lookup_kdc = true + master_kdc = kerberos.corp.redhat.com + admin_server = kerberos.corp.redhat.com + } + + IPA.REDHAT.COM = { + default_domain = ipa.redhat.com + dns_lookup_kdc = true + # Trust tickets issued by legacy realm on this host + auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*// + auth_to_local = DEFAULT + } + + #DO NOT ADD A [domain_realms] section + #https://mojo.redhat.com/docs/DOC-1166841 +kind: ConfigMap +metadata: + creationTimestamp: null + name: kerberos-config diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index bf159e3..4c3d438 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -22,4 +22,12 @@ %stage.quarkus.kerberos.keytab-path= /kerberos/kerberos-keytab-osh %stage.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM +%stage.quarkus.openshift.mounts.osh-wrapper-config-vol.path=/etc/krb5.conf +%stage.quarkus.openshift.mounts.osh-wrapper-config-vol.sub-path=linux-krb5.conf +%stage.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.config-map-name=kerberos-config +%stage.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.items."linux-krb5.conf".path=linux-krb5.conf +%stage.quarkus.openshift.mounts.osh-wrapper-config-vol.read-only=true + + +%stage.quarkus.log.level=DEBUG From e3fcecac060a00c251095c26cd28baea3d4d6690 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Tue, 13 Jun 2023 18:17:34 +0100 Subject: [PATCH 10/15] Change to osh rather than osh-stage Kerberos is tied to `osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com` not `osh-stage-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com` --- src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 4c3d438..92cde6d 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -9,7 +9,7 @@ %dev.quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab %dev.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM -%stage.quarkus.openshift.name=osh-stage +%stage.quarkus.openshift.name=osh %stage.quarkus.openshift.labels.env=stage %stage.quarkus.openshift.route.expose=true From b1942b512ae5444a9fd448fcfc65e7be0e33a9d8 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Wed, 14 Jun 2023 10:35:37 +0100 Subject: [PATCH 11/15] Change kerberos settings --- k8s/kerberos-config.yaml | 7 ++++--- k8s/linux-krb5.conf | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 k8s/linux-krb5.conf diff --git a/k8s/kerberos-config.yaml b/k8s/kerberos-config.yaml index e449e38..786f28c 100644 --- a/k8s/kerberos-config.yaml +++ b/k8s/kerberos-config.yaml @@ -1,4 +1,4 @@ -#wget https://gitlab.corp.redhat.com/it-iam/system-configs/raw/master/krb5/idm/linux-krb5.conf && oc create configmap kerberos-config --from-file=linux-krb5.conf --dry-run=client -o yaml > kerberos-config.yaml +#oc create configmap kerberos-config --from-file=linux-krb5.conf --dry-run=client -o yaml > kerberos-config.yaml apiVersion: v1 data: linux-krb5.conf: | @@ -15,8 +15,10 @@ data: dns_canonicalize_hostname = false ticket_lifetime = 24h forwardable = true - udp_preference_limit = 0 + udp_preference_limit = 1 default_ccache_name = KEYRING:persistent:%{uid} + max_retries = 1 + kdc_timeout = 1500 [realms] @@ -34,7 +36,6 @@ data: auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*// auth_to_local = DEFAULT } - #DO NOT ADD A [domain_realms] section #https://mojo.redhat.com/docs/DOC-1166841 kind: ConfigMap diff --git a/k8s/linux-krb5.conf b/k8s/linux-krb5.conf new file mode 100644 index 0000000..701d438 --- /dev/null +++ b/k8s/linux-krb5.conf @@ -0,0 +1,36 @@ +includedir /etc/krb5.conf.d/ + +# depending on your config, you may wish to uncomment the following: +# includedir /var/lib/sss/pubconf/krb5.include.d/ + +[libdefaults] + default_realm = IPA.REDHAT.COM + dns_lookup_realm = true + dns_lookup_kdc = true + rdns = false + dns_canonicalize_hostname = false + ticket_lifetime = 24h + forwardable = true + udp_preference_limit = 1 + default_ccache_name = KEYRING:persistent:%{uid} + max_retries = 1 + kdc_timeout = 1500 + +[realms] + + REDHAT.COM = { + default_domain = redhat.com + dns_lookup_kdc = true + master_kdc = kerberos.corp.redhat.com + admin_server = kerberos.corp.redhat.com + } + + IPA.REDHAT.COM = { + default_domain = ipa.redhat.com + dns_lookup_kdc = true + # Trust tickets issued by legacy realm on this host + auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*// + auth_to_local = DEFAULT + } +#DO NOT ADD A [domain_realms] section +#https://mojo.redhat.com/docs/DOC-1166841 From c15a0c5ee1fbf981a068ae137173986c9374f838 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Wed, 14 Jun 2023 11:12:18 +0100 Subject: [PATCH 12/15] Add example deploy and set TLS to edge --- src/main/resources/application.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 92cde6d..cfe76d7 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,3 +1,4 @@ +#Example deploy - mvn deploy -Dquarkus.profile=stage -Dquarkus.kubernetes.deploy=true # quarkus.rest-client."rest.CreateScanService".url=https://localhost:8080/ # quarkus.rest-client."rest.CreateScanService".scope=javax.inject.Singleton @@ -11,6 +12,7 @@ %stage.quarkus.openshift.name=osh %stage.quarkus.openshift.labels.env=stage +%stage.quarkus.openshift.route.tls.termination=edge %stage.quarkus.openshift.route.expose=true ########################################## From e755fe945cdeed93d2bac33a5f541247a1bc6749 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Wed, 14 Jun 2023 14:32:31 +0100 Subject: [PATCH 13/15] Use edge TLS termination Quarkus < 3.x doesn't support some of the route options, we need to apply this YAML instead and disable auto route enable still todo, combine yaml's into one for easier oc apply -f or have quarkus apply the snippets for us --- k8s/stage/edgeroute.yml | 20 ++++++++++++++++++++ k8s/{ => stage}/kerberos-config.yaml | 0 src/main/resources/application.properties | 9 +++++++-- 3 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 k8s/stage/edgeroute.yml rename k8s/{ => stage}/kerberos-config.yaml (100%) diff --git a/k8s/stage/edgeroute.yml b/k8s/stage/edgeroute.yml new file mode 100644 index 0000000..b7b22b0 --- /dev/null +++ b/k8s/stage/edgeroute.yml @@ -0,0 +1,20 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: osh + app.kubernetes.io/version: 1.0.0-SNAPSHOT + app.openshift.io/runtime: quarkus + env: stage + name: osh +spec: + port: + targetPort: http + tls: + termination: edge + to: + kind: "" + name: osh + weight: null +status: {} diff --git a/k8s/kerberos-config.yaml b/k8s/stage/kerberos-config.yaml similarity index 100% rename from k8s/kerberos-config.yaml rename to k8s/stage/kerberos-config.yaml diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index cfe76d7..5edad7b 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -12,8 +12,14 @@ %stage.quarkus.openshift.name=osh %stage.quarkus.openshift.labels.env=stage +%stage.quarkus.log.level=DEBUG + +#Only in Quarkus > 3.x %stage.quarkus.openshift.route.tls.termination=edge -%stage.quarkus.openshift.route.expose=true +#As we cant create a edge terminated route (quarkus <3.x) lets disable route creation for now +%stage.quarkus.openshift.route.expose=false +%stage.quarkus.openshift.route.target-port=https +%stage.quarkus.openshift.route.tls.insecure-edge-termination-policy=redirect ########################################## # Kerberos Specifics # @@ -31,5 +37,4 @@ %stage.quarkus.openshift.mounts.osh-wrapper-config-vol.read-only=true -%stage.quarkus.log.level=DEBUG From fa4ea264e2ca02331b93632c9dcc75be5071e3d6 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Wed, 14 Jun 2023 14:37:37 +0100 Subject: [PATCH 14/15] Add a comment on how the file was created --- k8s/stage/edgeroute.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/stage/edgeroute.yml b/k8s/stage/edgeroute.yml index b7b22b0..735c1a0 100644 --- a/k8s/stage/edgeroute.yml +++ b/k8s/stage/edgeroute.yml @@ -1,3 +1,4 @@ +#oc create route edge --service=osh --dry-run=client -o yaml > edgeroute.yml apiVersion: route.openshift.io/v1 kind: Route metadata: From 1c1007b811e47d9605310f7e60554146d6e102ac Mon Sep 17 00:00:00 2001 From: Nicholas Caughey Date: Thu, 15 Jun 2023 16:59:59 +0100 Subject: [PATCH 15/15] changing the groupid to be associated with the project --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0f4a34f..45de826 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ 4.0.0 - com.redhat.ncaughey + com.redhat.pctOshWrapper osh 1.0.0-SNAPSHOT