From 60906a6e7deb3082d178d43d50c1dfb352157ae6 Mon Sep 17 00:00:00 2001 From: Praveen Raju <80779423+praju-aot@users.noreply.github.com> Date: Mon, 8 Jan 2024 14:08:44 -0500 Subject: [PATCH] ORV2-1763 CORS changes and bug fixes (#1049) Co-authored-by: cberg-aot <93226309+cberg-aot@users.noreply.github.com> --- charts/onroutebc/values.yaml | 26 +- docker-compose.yml | 31 +- dops/Dockerfile | 17 +- dops/openshift.deploy.yml | 414 ------------------ .../log-async-method-execution.decorator.ts | 12 +- dops/src/main.ts | 12 + dops/src/modules/common/s3.service.ts | 12 +- dops/src/modules/dms/dms.service.ts | 2 - frontend/openshift.deploy.yml | 15 +- tps-migration/Dockerfile | 16 +- tps-migration/openshift.deploy.yml | 344 --------------- .../src/modules/tps-permit/s3.service.ts | 12 +- vehicles/Dockerfile | 5 +- vehicles/openshift.deploy.yml | 406 ----------------- vehicles/src/main.ts | 12 + vehicles/src/modules/email/email.service.ts | 20 +- 16 files changed, 111 insertions(+), 1245 deletions(-) delete mode 100644 dops/openshift.deploy.yml delete mode 100644 tps-migration/openshift.deploy.yml delete mode 100644 vehicles/openshift.deploy.yml diff --git a/charts/onroutebc/values.yaml b/charts/onroutebc/values.yaml index 544af1105..ef035a1aa 100644 --- a/charts/onroutebc/values.yaml +++ b/charts/onroutebc/values.yaml @@ -95,10 +95,9 @@ vehicles: enabled: true data: DOPS_URL: "https://{{.Release.Name}}-dops.apps.silver.devops.gov.bc.ca" - FRONTEND_URL: "https://{{.Release.Name}}-frontend.apps.silver.devops.gov.bc.ca" + FRONTEND_URL: "https://{{.Release.Name}}-frontend.apps.silver.devops.gov.bc.ca" + ACCESS_API_URL: "https://{{.Release.Name}}-vehicles.apps.silver.devops.gov.bc.ca" PAYBC_REDIRECT: "https://{{.Release.Name}}-frontend.apps.silver.devops.gov.bc.ca/payment" - VEHICLES_URL: "https://{{.Release.Name}}-vehicles.apps.silver.devops.gov.bc.ca" - containers: - name: vehicles command: @@ -115,8 +114,8 @@ vehicles: key: DOPS_URL - name: FRONTEND_URL key: FRONTEND_URL - - name: VEHICLES_URL - key: VEHICLES_URL + - name: ACCESS_API_URL + key: ACCESS_API_URL - name: PAYBC_REDIRECT key: PAYBC_REDIRECT ports: @@ -199,19 +198,25 @@ dops: configmap: enabled: true data: + DOPS_URL: "https://{{.Release.Name}}-dops.apps.silver.devops.gov.bc.ca" + FRONTEND_URL: "https://{{.Release.Name}}-frontend.apps.silver.devops.gov.bc.ca" ACCESS_API_URL: "https://{{.Release.Name}}-vehicles.apps.silver.devops.gov.bc.ca" containers: - name: dops command: - "sh" - "-c" - - "source /vault/secrets/auth0-{{.Values.global.vault.zone}} && source /vault/secrets/mssql-{{.Values.global.vault.zone}} && source /vault/secrets/cdogs-{{.Values.global.vault.zone}} && source /vault/secrets/dops-{{.Values.global.vault.zone}} && npm run start:prod" + - "source /vault/secrets/auth0-{{.Values.global.vault.zone}} && source /vault/secrets/mssql-{{.Values.global.vault.zone}} && source /vault/secrets/cdogs-{{.Values.global.vault.zone}} && source /vault/secrets/dops-{{.Values.global.vault.zone}} && source /vault/secrets/s3-{{.Values.global.vault.zone}} && npm run start:prod" registry: '{{ .Values.global.registry }}' repository: '{{ .Values.global.repository }}' # example, it includes registry and repository image: dops tag: "{{tpl .Values.global.tag .}}" env: - fromLocalConfigmap: + fromLocalConfigmap: + - name: DOPS_URL + key: DOPS_URL + - name: FRONTEND_URL + key: FRONTEND_URL - name: ACCESS_API_URL key: ACCESS_API_URL ports: @@ -280,6 +285,7 @@ dops: - "mssql-{{tpl $.Values.vault.zone $}}" - "cdogs-{{tpl $.Values.vault.zone $}}" - "dops-{{tpl $.Values.vault.zone $}}" + - "s3-{{tpl $.Values.vault.zone $}}" zone: "{{.Values.global.vault.zone}}" tps-migration: @@ -297,7 +303,7 @@ tps-migration: command: - "sh" - "-c" - - "source /vault/secrets/auth0-{{.Values.global.vault.zone}} && source /vault/secrets/mssql-{{.Values.global.vault.zone}} && source /vault/secrets/dops-{{.Values.global.vault.zone}} && source /vault/secrets/tps-{{.Values.global.vault.zone}} && npm run start:prod" + - "source /vault/secrets/auth0-{{.Values.global.vault.zone}} && source /vault/secrets/mssql-{{.Values.global.vault.zone}} && source /vault/secrets/s3-{{.Values.global.vault.zone}} && source /vault/secrets/tps-{{.Values.global.vault.zone}} && npm run start:prod" registry: '{{ .Values.global.registry }}' repository: '{{ .Values.global.repository }}' # example, it includes registry and repository image: tps-migration @@ -367,7 +373,7 @@ tps-migration: license: "{{.Values.global.license}}" secretPaths: - "auth0-{{tpl $.Values.vault.zone $}}" - - "mssql-{{tpl $.Values.vault.zone $}}" - - "dops-{{tpl $.Values.vault.zone $}}" + - "mssql-{{tpl $.Values.vault.zone $}}" - "tps-{{tpl $.Values.vault.zone $}}" + - "s3-{{tpl $.Values.vault.zone $}}" zone: "{{.Values.global.vault.zone}}" diff --git a/docker-compose.yml b/docker-compose.yml index 7e30d9d4d..b4b818175 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -63,8 +63,9 @@ services: CHES_CLIENT_ID: ${CHES_CLIENT_ID} CHES_CLIENT_SECRET: ${CHES_CLIENT_SECRET} CHES_URL: ${CHES_URL} + ACCESS_API_URL: "http://vehicles-api:5000" DOPS_URL: "http://dops-api:5001" - FRONT_END_URL: "http://frontend:3000" + FRONTEND_URL: "http://frontend:3000" PAYBC_API_KEY: ${PAYBC_API_KEY} PAYBC_REF_NUMBER: ${PAYBC_REF_NUMBER} PAYBC_BASE_URL: ${PAYBC_BASE_URL} @@ -107,18 +108,19 @@ services: AUTH0_AUDIENCE: ${AUTH0_AUDIENCE} AUTH0_IGNORE_EXP: ${AUTH0_IGNORE_EXP} DOPS_CVSE_FORMS_CACHE_TTL_MS: ${DOPS_CVSE_FORMS_CACHE_TTL_MS} - DOPS_S3_ACCESS_TYPE: ${DOPS_S3_ACCESS_TYPE} - DOPS_S3_ACCESSKEYID: ${DOPS_S3_ACCESSKEYID} - DOPS_S3_BUCKET: ${DOPS_S3_BUCKET} - DOPS_S3_PRESIGNED_URL_EXPIRY: ${DOPS_S3_PRESIGNED_URL_EXPIRY} - DOPS_S3_ENDPOINT: ${DOPS_S3_ENDPOINT} - DOPS_S3_KEY: ${DOPS_S3_KEY} - DOPS_S3_SECRETACCESSKEY: ${DOPS_S3_SECRETACCESSKEY} + OCIO_S3_ACCESSKEYID: ${OCIO_S3_ACCESSKEYID} + OCIO_S3_BUCKET: ${OCIO_S3_BUCKET} + OCIO_S3_PRESIGNED_URL_EXPIRY: ${OCIO_S3_PRESIGNED_URL_EXPIRY} + OCIO_S3_ENDPOINT: ${OCIO_S3_ENDPOINT} + OCIO_S3_KEY: ${OCIO_S3_KEY} + OCIO_S3_SECRETACCESSKEY: ${OCIO_S3_SECRETACCESSKEY} CDOGS_TOKEN_URL: ${CDOGS_TOKEN_URL} CDOGS_CLIENT_ID: ${CDOGS_CLIENT_ID} CDOGS_CLIENT_SECRET: ${CDOGS_CLIENT_SECRET} CDOGS_URL: ${CDOGS_URL} ACCESS_API_URL: "http://vehicles-api:5000" + DOPS_URL: "http://dops-api:5001" + FRONTEND_URL: "http://frontend:3000" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:5001/"] interval: 1m30s @@ -182,13 +184,12 @@ services: AUTH0_AUDIENCE: ${AUTH0_AUDIENCE} AUTH0_IGNORE_EXP: ${AUTH0_IGNORE_EXP} DOPS_CVSE_FORMS_CACHE_TTL_MS: ${DOPS_CVSE_FORMS_CACHE_TTL_MS} - DOPS_S3_ACCESS_TYPE: ${DOPS_S3_ACCESS_TYPE} - DOPS_S3_ACCESSKEYID: ${DOPS_S3_ACCESSKEYID} - DOPS_S3_BUCKET: ${DOPS_S3_BUCKET} - DOPS_S3_PRESIGNED_URL_EXPIRY: ${DOPS_S3_PRESIGNED_URL_EXPIRY} - DOPS_S3_ENDPOINT: ${DOPS_S3_ENDPOINT} - DOPS_S3_KEY: ${DOPS_S3_KEY} - DOPS_S3_SECRETACCESSKEY: ${DOPS_S3_SECRETACCESSKEY} + OCIO_S3_ACCESSKEYID: ${OCIO_S3_ACCESSKEYID} + OCIO_S3_BUCKET: ${OCIO_S3_BUCKET} + OCIO_S3_PRESIGNED_URL_EXPIRY: ${OCIO_S3_PRESIGNED_URL_EXPIRY} + OCIO_S3_ENDPOINT: ${OCIO_S3_ENDPOINT} + OCIO_S3_KEY: ${OCIO_S3_KEY} + OCIO_S3_SECRETACCESSKEY: ${OCIO_S3_SECRETACCESSKEY} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:5050/"] interval: 1m30s diff --git a/dops/Dockerfile b/dops/Dockerfile index ffcc9989e..ee61ec784 100644 --- a/dops/Dockerfile +++ b/dops/Dockerfile @@ -29,7 +29,7 @@ RUN mkdir /.cache && chmod 777 /.cache WORKDIR /app # Set node to production -ENV NODE_ENV production +ENV NODE_ENV ${NODE_ENV} # Set environment variables ENV DB_TYPE ${DB_TYPE} @@ -50,18 +50,19 @@ ENV AUTH0_ISSUER_URL ${AUTH0_ISSUER_URL} ENV AUTH0_AUDIENCE ${AUTH0_AUDIENCE} ENV AUTH0_IGNORE_EXP ${AUTH0_IGNORE_EXP} ENV DOPS_CVSE_FORMS_CACHE_TTL_MS ${DOPS_CVSE_FORMS_CACHE_TTL_MS} -ENV DOPS_S3_ACCESS_TYPE ${DOPS_S3_ACCESS_TYPE} -ENV DOPS_S3_ACCESSKEYID ${DOPS_S3_ACCESSKEYID} -ENV DOPS_S3_BUCKET ${DOPS_S3_BUCKET} -ENV DOPS_S3_PRESIGNED_URL_EXPIRY ${DOPS_S3_PRESIGNED_URL_EXPIRY} -ENV DOPS_S3_ENDPOINT ${DOPS_S3_ENDPOINT} -ENV DOPS_S3_KEY ${DOPS_S3_KEY} -ENV DOPS_S3_SECRETACCESSKEY ${DOPS_S3_SECRETACCESSKEY} +ENV OCIO_S3_ACCESSKEYID ${OCIO_S3_ACCESSKEYID} +ENV OCIO_S3_BUCKET ${OCIO_S3_BUCKET} +ENV OCIO_S3_PRESIGNED_URL_EXPIRY ${OCIO_S3_PRESIGNED_URL_EXPIRY} +ENV OCIO_S3_ENDPOINT ${OCIO_S3_ENDPOINT} +ENV OCIO_S3_KEY ${OCIO_S3_KEY} +ENV OCIO_S3_SECRETACCESSKEY ${OCIO_S3_SECRETACCESSKEY} ENV CDOGS_TOKEN_URL ${CDOGS_TOKEN_URL} ENV CDOGS_CLIENT_ID ${CDOGS_CLIENT_ID} ENV CDOGS_CLIENT_SECRET ${CDOGS_CLIENT_SECRET} ENV CDOGS_URL ${CDOGS_URL} ENV ACCESS_API_URL ${ACCESS_API_URL} +ENV DOPS_URL ${DOPS_URL} +ENV FRONTEND_URL ${FRONTEND_URL} # Copy production files from build COPY --from=builder /app/package*.json ./ diff --git a/dops/openshift.deploy.yml b/dops/openshift.deploy.yml deleted file mode 100644 index 483a1e2cd..000000000 --- a/dops/openshift.deploy.yml +++ /dev/null @@ -1,414 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -labels: - app: ${NAME}-${ZONE} - app.kubernetes.io/part-of: ${NAME}-${ZONE} -parameters: - - name: NAME - description: Module name - value: onroutebc - - name: COMPONENT - description: Component name - value: backend-dops - - name: ZONE - description: Deployment zone, e.g. pr-### or prod - required: true - - name: IMAGE_TAG - description: Image tag to use - value: latest - - name: DOMAIN - value: apps.silver.devops.gov.bc.ca - - name: CPU_REQUEST - value: "50m" - - name: MEMORY_REQUEST - value: "100Mi" - - name: CPU_LIMIT - value: "150m" - - name: MEMORY_LIMIT - value: "300Mi" - - name: MIN_REPLICAS - description: The minimum amount of replicas for the horizontal pod autoscaler. - value: "3" - - name: MAX_REPLICAS - description: The maximum amount of replicas for the horizontal pod autoscaler. - value: "5" - - name: REGISTRY - description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) - value: ghcr.io - - name: PROMOTE - description: Image (namespace/name:tag) to promote/import - value: bcgov/onroutebc:prod-backend-dops - - name: DATABASE_NAME - description: Name of Database to connect to - required: true - - name: DATABASE_USER - description: User connecting to database - required: true - - name: DATABASE_PASSWORD - description: Password of user connecting to database - required: true - - name: DATABASE_HOST - description: Host url/service of database connection - required: true - - name: AUTH0_ISSUER_URL - description: The principal that issued the JWT - required: true - - name: AUTH0_AUDIENCE - description: Identifies the recipients that the JWT is intended for - required: true - - name: AUTH0_IGNORE_EXP - description: The boolean flag to ignore the JWT expiration - required: true - - name: SITEMINDER_LOG_OFF_URL - description: The siteminder log off url - required: true - - name: DOPS_CVSE_FORMS_CACHE_TTL_MS - description: The cache time to live for CVSE FORMS in DOPS in Milliseconds - required: true - - name: DOPS_S3_ACCESS_TYPE - description: The key to switch between COMS or Direct access - required: true - - name: DOPS_S3_ACCESSKEYID - description: The Access Key for your S3 compatible object storage account - required: true - - name: DOPS_S3_BUCKET - description: The object storage bucket name - required: true - - name: DOPS_S3_PRESIGNED_URL_EXPIRY - description: The expiry time for pre-signed URLs to objects in seconds - required: true - - name: DOPS_S3_ENDPOINT - description: Object store URL - required: true - - name: DOPS_S3_KEY - description: The base path for storage location - required: true - - name: DOPS_S3_SECRETACCESSKEY - description: The Secret Access Key for your S3 compatible object storage account - required: true - - name: CDOGS_CLIENT_ID - description: The keycloak client ID for common hosted CDOGS - required: true - - name: CDOGS_CLIENT_SECRET - description: The keycloak client secret for common hosted CDOGS - required: true - - name: CDOGS_TOKEN_URL - description: The keycloak url for common hosted CDOGS - required: true - - name: CDOGS_URL - description: The CDOGS API url - required: true - - name: CHES_TOKEN_URL - description: The keycloak url for common hosted CHES - required: true - - name: CHES_CLIENT_ID - description: Client Id to request the access token for connecting to CHES - required: true - - name: CHES_CLIENT_SECRET - description: Client Secret to request the access token for connecting to CHES - required: true - - name: CHES_URL - description: The CHES API url - - name: NODE_ENV - description: The NODE Environment - required: true - - name: PAYBC_API_KEY - description: API Key for PayBC - required: true - - name: PAYBC_REF_NUMBER - description: Reference Number for PayBC - required: true - - name: PAYBC_BASE_URL - description: Base URL for PayBC - required: true - - name: GL_CODE - description: Gl code for PayBC - required: true -objects: - - apiVersion: v1 - kind: ConfigMap - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - data: - database-type: mssql - database-name: "${DATABASE_NAME}" - database-host: "${DATABASE_HOST}" - database-encrypt: "false" - database-port: "1433" - auth0-issuer-url: "${AUTH0_ISSUER_URL}" - auth0-audience: "${AUTH0_AUDIENCE}" - auth0-ignore-exp: "${AUTH0_IGNORE_EXP}" - auth0-ignore-exp: "${AUTH0_IGNORE_EXP}" - dops-cvse-forms-cache-ttl-ms: "${DOPS_CVSE_FORMS_CACHE_TTL_MS}" - dops-s3-access-type: "${DOPS_S3_ACCESS_TYPE}" - dops-s3-accesskeyid: "${DOPS_S3_ACCESSKEYID}" - dops-s3-bucket: "${DOPS_S3_BUCKET}" - dops-s3-presigned-url-expiry: "${DOPS_S3_PRESIGNED_URL_EXPIRY}" - dops-s3-endpoint: "${DOPS_S3_ENDPOINT}" - dops-s3-key: "${DOPS_S3_KEY}" - node-env: "${NODE_ENV}" - cdogs-token-url: "${CDOGS_TOKEN_URL}" - cdogs-url: "${CDOGS_URL}" - access-api-url: "https://${NAME}-${ZONE}-backend-vehicles.${DOMAIN}" - - apiVersion: v1 - kind: Secret - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - stringData: - database-user: "${DATABASE_USER}" - database-password: "${DATABASE_PASSWORD}" - cdogs-client-id: "${CDOGS_CLIENT_ID}" - cdogs-client-secret: "${CDOGS_CLIENT_SECRET}" - dops-s3-secretaccesskey: "${DOPS_S3_SECRETACCESSKEY}" - - apiVersion: v1 - kind: ImageStream - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - lookupPolicy: - local: false - tags: - - name: ${IMAGE_TAG} - from: - kind: DockerImage - name: ${REGISTRY}/${PROMOTE} - referencePolicy: - type: Local - - apiVersion: v1 - kind: DeploymentConfig - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - replicas: 1 - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - ${NAME} - from: - kind: ImageStreamTag - name: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - strategy: - type: Rolling - template: - metadata: - labels: - app: ${NAME}-${ZONE} - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - spec: - containers: - - image: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - imagePullPolicy: Always - name: ${NAME} - env: - - name: DB_TYPE - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-type - - name: MSSQL_HOST - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-host - - name: MSSQL_PORT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-port - - name: MSSQL_DB - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-name - - name: MSSQL_ENCRYPT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-encrypt - - name: MSSQL_SA_PASSWORD - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-password - - name: MSSQL_SA_USER - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-user - - name: AUTH0_ISSUER_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-issuer-url - - name: AUTH0_AUDIENCE - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-audience - - name: AUTH0_IGNORE_EXP - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-ignore-exp - - name: DOPS_CVSE_FORMS_CACHE_TTL_MS - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-cvse-forms-cache-ttl-ms - - name: DOPS_S3_ACCESS_TYPE - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-access-type - - name: DOPS_S3_ACCESSKEYID - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-accesskeyid - - name: DOPS_S3_BUCKET - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-bucket - - name: DOPS_S3_PRESIGNED_URL_EXPIRY - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-presigned-url-expiry - - name: DOPS_S3_ENDPOINT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-endpoint - - name: DOPS_S3_KEY - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-key - - name: DOPS_S3_SECRETACCESSKEY - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-secretaccesskey - - name: NODE_ENV - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: node-env - - name: CDOGS_TOKEN_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: cdogs-token-url - - name: CDOGS_CLIENT_ID - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: cdogs-client-id - - name: CDOGS_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: cdogs-client-secret - - name: CDOGS_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: cdogs-url - - name: ACCESS_API_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: access-api-url - ports: - - containerPort: 5001 - protocol: TCP - resources: - requests: - cpu: ${CPU_REQUEST} - memory: ${MEMORY_REQUEST} - limits: - cpu: ${CPU_LIMIT} - memory: ${MEMORY_LIMIT} - readinessProbe: - httpGet: - path: / - port: 5001 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 15 - timeoutSeconds: 5 - livenessProbe: - successThreshold: 1 - failureThreshold: 3 - httpGet: - path: / - port: 5001 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: true - - apiVersion: v1 - kind: Service - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - ports: - - name: 5001-tcp - protocol: TCP - port: 80 - targetPort: 5001 - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} - port: - targetPort: 5001-tcp - to: - kind: Service - name: ${NAME}-${ZONE}-${COMPONENT} - weight: 100 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - - apiVersion: autoscaling/v2 - kind: HorizontalPodAutoscaler - metadata: - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig - name: ${NAME}-${ZONE}-${COMPONENT} - minReplicas: ${{MIN_REPLICAS}} - maxReplicas: ${{MAX_REPLICAS}} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 diff --git a/dops/src/decorator/log-async-method-execution.decorator.ts b/dops/src/decorator/log-async-method-execution.decorator.ts index 1e358569f..02808aab5 100644 --- a/dops/src/decorator/log-async-method-execution.decorator.ts +++ b/dops/src/decorator/log-async-method-execution.decorator.ts @@ -13,8 +13,10 @@ export function LogAsyncMethodExecution(logMethodOptions?: { const logger = new Logger(target.constructor.name); const originalMethod = descriptor.value; descriptor.value = async function (...args: any[]) { - if (logMethodOptions?.printMemoryStats && - process.env.DOPS_API_LOG_LEVEL === 'debug') { + if ( + logMethodOptions?.printMemoryStats && + process.env.DOPS_API_LOG_LEVEL === 'debug' + ) { const memoryStats = process.memoryUsage(); memoryUsage = `, Memory usage: ${JSON.stringify(memoryStats)}`; } @@ -26,8 +28,10 @@ export function LogAsyncMethodExecution(logMethodOptions?: { const result = await originalMethod.apply(this, args); const end = performance.now(); const executionTime = end - start; - if (logMethodOptions?.printMemoryStats && - process.env.DOPS_API_LOG_LEVEL === 'debug') { + if ( + logMethodOptions?.printMemoryStats && + process.env.DOPS_API_LOG_LEVEL === 'debug' + ) { const memoryStats = process.memoryUsage(); memoryUsage = `, Memory usage: ${JSON.stringify(memoryStats)}`; } diff --git a/dops/src/main.ts b/dops/src/main.ts index b44b898d4..c3e239fa4 100644 --- a/dops/src/main.ts +++ b/dops/src/main.ts @@ -15,12 +15,24 @@ import helmet from 'helmet'; import { customLogger } from './logger/logger.config'; import { CorrelationIdInterceptor } from './interceptor/correlationId.interceptor'; +const allowedOrigins = [process.env.FRONTEND_URL]; + async function bootstrap() { const app = await NestFactory.create(AppModule, { logger: customLogger, }); app.use(helmet()); app.enableCors({ + origin: function (origin, callback) { + if ( + (origin && allowedOrigins.includes(origin)) || + process.env.NODE_ENV !== 'production' + ) { + callback(null, true); + } else { + callback(new Error('Not allowed by CORS')); + } + }, methods: ['GET', 'PUT', 'POST', 'DELETE'], maxAge: 7200, credentials: false, diff --git a/dops/src/modules/common/s3.service.ts b/dops/src/modules/common/s3.service.ts index 11ddf998b..7d7786603 100644 --- a/dops/src/modules/common/s3.service.ts +++ b/dops/src/modules/common/s3.service.ts @@ -19,13 +19,13 @@ export class S3Service { private readonly logger = new Logger(S3Service.name); constructor(private readonly httpService: HttpService) {} - private readonly _s3AccessKeyId = process.env.DOPS_S3_ACCESSKEYID; - private readonly _s3SecretAccessKey = process.env.DOPS_S3_SECRETACCESSKEY; - private readonly _s3EndPoint = process.env.DOPS_S3_ENDPOINT; - private readonly _s3Bucket = process.env.DOPS_S3_BUCKET; - private readonly _s3Key = process.env.DOPS_S3_KEY; + private readonly _s3AccessKeyId = process.env.OCIO_S3_ACCESSKEYID; + private readonly _s3SecretAccessKey = process.env.OCIO_S3_SECRETACCESSKEY; + private readonly _s3EndPoint = process.env.OCIO_S3_ENDPOINT; + private readonly _s3Bucket = process.env.OCIO_S3_BUCKET; + private readonly _s3Key = process.env.OCIO_S3_KEY; private readonly _s3PreSignedUrlExpiry = - process.env.DOPS_S3_PRESIGNED_URL_EXPIRY; + process.env.OCIO_S3_PRESIGNED_URL_EXPIRY; private s3client: S3Client = new S3Client({ apiVersion: '2006-03-01', diff --git a/dops/src/modules/dms/dms.service.ts b/dops/src/modules/dms/dms.service.ts index f11328645..ababaf9ca 100644 --- a/dops/src/modules/dms/dms.service.ts +++ b/dops/src/modules/dms/dms.service.ts @@ -27,8 +27,6 @@ export class DmsService { private readonly s3Service: S3Service, ) {} - private s3accessType = process.env.DOPS_S3_ACCESS_TYPE; - @LogAsyncMethodExecution() async create( currentUser: IUserJWT, diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml index ab1790c6a..f4ef62aed 100644 --- a/frontend/openshift.deploy.yml +++ b/frontend/openshift.deploy.yml @@ -77,25 +77,22 @@ parameters: - name: DOPS_CVSE_FORMS_CACHE_TTL_MS description: The cache time to live for CVSE FORMS in DOPS in Milliseconds required: true - - name: DOPS_S3_ACCESS_TYPE - description: The key to switch between COMS or Direct access - required: true - - name: DOPS_S3_ACCESSKEYID + - name: OCIO_S3_ACCESSKEYID description: The Access Key for your S3 compatible object storage account required: true - - name: DOPS_S3_BUCKET + - name: OCIO_S3_BUCKET description: The object storage bucket name required: true - - name: DOPS_S3_PRESIGNED_URL_EXPIRY + - name: OCIO_S3_PRESIGNED_URL_EXPIRY description: The expiry time for pre-signed URLs to objects in seconds required: true - - name: DOPS_S3_ENDPOINT + - name: OCIO_S3_ENDPOINT description: Object store URL required: true - - name: DOPS_S3_KEY + - name: OCIO_S3_KEY description: The base path for storage location required: true - - name: DOPS_S3_SECRETACCESSKEY + - name: OCIO_S3_SECRETACCESSKEY description: The Secret Access Key for your S3 compatible object storage account required: true - name: CHES_TOKEN_URL diff --git a/tps-migration/Dockerfile b/tps-migration/Dockerfile index 4cebae8ae..6feb681bf 100644 --- a/tps-migration/Dockerfile +++ b/tps-migration/Dockerfile @@ -28,7 +28,7 @@ RUN mkdir /.npm && chmod 777 /.npm WORKDIR /app # Set node to production -ENV NODE_ENV production +ENV NODE_ENV ${NODE_ENV} # Set environment variables ENV DB_TYPE ${DB_TYPE} @@ -48,14 +48,12 @@ ENV MSSQL_ENCRYPT ${MSSQL_ENCRYPT} ENV AUTH0_ISSUER_URL ${AUTH0_ISSUER_URL} ENV AUTH0_AUDIENCE ${AUTH0_AUDIENCE} ENV AUTH0_IGNORE_EXP ${AUTH0_IGNORE_EXP} -ENV DOPS_CVSE_FORMS_CACHE_TTL_MS ${DOPS_CVSE_FORMS_CACHE_TTL_MS} -ENV DOPS_S3_ACCESS_TYPE ${DOPS_S3_ACCESS_TYPE} -ENV DOPS_S3_ACCESSKEYID ${DOPS_S3_ACCESSKEYID} -ENV DOPS_S3_BUCKET ${DOPS_S3_BUCKET} -ENV DOPS_S3_PRESIGNED_URL_EXPIRY ${DOPS_S3_PRESIGNED_URL_EXPIRY} -ENV DOPS_S3_ENDPOINT ${DOPS_S3_ENDPOINT} -ENV DOPS_S3_KEY ${DOPS_S3_KEY} -ENV DOPS_S3_SECRETACCESSKEY ${DOPS_S3_SECRETACCESSKEY} +ENV OCIO_S3_ACCESSKEYID ${OCIO_S3_ACCESSKEYID} +ENV OCIO_S3_BUCKET ${OCIO_S3_BUCKET} +ENV OCIO_S3_PRESIGNED_URL_EXPIRY ${OCIO_S3_PRESIGNED_URL_EXPIRY} +ENV OCIO_S3_ENDPOINT ${OCIO_S3_ENDPOINT} +ENV OCIO_S3_KEY ${OCIO_S3_KEY} +ENV OCIO_S3_SECRETACCESSKEY ${OCIO_S3_SECRETACCESSKEY} # Copy production files from build COPY --from=builder /app/package*.json ./ diff --git a/tps-migration/openshift.deploy.yml b/tps-migration/openshift.deploy.yml deleted file mode 100644 index 160b1ff18..000000000 --- a/tps-migration/openshift.deploy.yml +++ /dev/null @@ -1,344 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -labels: - app: ${NAME}-${ZONE} - app.kubernetes.io/part-of: ${NAME}-${ZONE} -parameters: - - name: NAME - description: Module name - value: onroutebc - - name: COMPONENT - description: Component name - value: backend-vehicles - - name: ZONE - description: Deployment zone, e.g. pr-### or prod - required: true - - name: IMAGE_TAG - description: Image tag to use - value: latest - - name: DOMAIN - value: apps.silver.devops.gov.bc.ca - - name: CPU_REQUEST - value: "25m" - - name: MEMORY_REQUEST - value: "50Mi" - - name: CPU_LIMIT - value: "75m" - - name: MEMORY_LIMIT - value: "150Mi" - - name: MIN_REPLICAS - description: The minimum amount of replicas for the horizontal pod autoscaler. - value: "3" - - name: MAX_REPLICAS - description: The maximum amount of replicas for the horizontal pod autoscaler. - value: "5" - - name: REGISTRY - description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) - value: ghcr.io - - name: PROMOTE - description: Image (namespace/name:tag) to promote/import - value: bcgov/onroutebc:prod-backend-tps-migration - - name: DATABASE_NAME - description: Name of Database to connect to - required: true - - name: DATABASE_USER - description: User connecting to database - required: true - - name: DATABASE_PASSWORD - description: Password of user connecting to database - required: true - - name: DATABASE_HOST - description: Host url/service of database connection - required: true - - name: AUTH0_ISSUER_URL - description: The principal that issued the JWT - required: true - - name: AUTH0_AUDIENCE - description: Identifies the recipients that the JWT is intended for - required: true - - name: AUTH0_IGNORE_EXP - description: The boolean flag to ignore the JWT expiration - required: true - - name: SITEMINDER_LOG_OFF_URL - description: The siteminder log off url - required: true - - name: DOPS_CVSE_FORMS_CACHE_TTL_MS - description: The cache time to live for CVSE FORMS in DOPS in Milliseconds - required: true - - name: DOPS_S3_ACCESS_TYPE - description: The key to switch between COMS or Direct access - required: true - - name: DOPS_S3_ACCESSKEYID - description: The Access Key for your S3 compatible object storage account - required: true - - name: DOPS_S3_BUCKET - description: The object storage bucket name - required: true - - name: DOPS_S3_PRESIGNED_URL_EXPIRY - description: The expiry time for pre-signed URLs to objects in seconds - required: true - - name: DOPS_S3_ENDPOINT - description: Object store URL - required: true - - name: DOPS_S3_KEY - description: The base path for storage location - required: true - - name: DOPS_S3_SECRETACCESSKEY - description: The Secret Access Key for your S3 compatible object storage account - required: true -objects: - - apiVersion: v1 - kind: ConfigMap - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - data: - database-type: mssql - database-name: "${DATABASE_NAME}" - database-host: "${DATABASE_HOST}" - database-encrypt: "false" - database-port: "1433" - auth0-issuer-url: "${AUTH0_ISSUER_URL}" - auth0-audience: "${AUTH0_AUDIENCE}" - auth0-ignore-exp: "${AUTH0_IGNORE_EXP}" - dops-cvse-forms-cache-ttl-ms: "${DOPS_CVSE_FORMS_CACHE_TTL_MS}" - dops-s3-access-type: "${DOPS_S3_ACCESS_TYPE}" - dops-s3-accesskeyid: "${DOPS_S3_ACCESSKEYID}" - dops-s3-bucket: "${DOPS_S3_BUCKET}" - dops-s3-presigned-url-expiry: "${DOPS_S3_PRESIGNED_URL_EXPIRY}" - dops-s3-endpoint: "${DOPS_S3_ENDPOINT}" - dops-s3-key: "${DOPS_S3_KEY}" - vehicles-url: "https://${NAME}-${ZONE}-backend-vehicles.${DOMAIN}" - node-env: "${NODE_ENV}" - - apiVersion: v1 - kind: Secret - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - stringData: - database-user: "${DATABASE_USER}" - database-password: "${DATABASE_PASSWORD}" - dops-s3-secretaccesskey: "${DOPS_S3_SECRETACCESSKEY}" - - apiVersion: v1 - kind: ImageStream - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - lookupPolicy: - local: false - tags: - - name: ${IMAGE_TAG} - from: - kind: DockerImage - name: ${REGISTRY}/${PROMOTE} - referencePolicy: - type: Local - - apiVersion: v1 - kind: DeploymentConfig - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - replicas: 1 - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - ${NAME} - from: - kind: ImageStreamTag - name: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - strategy: - type: Rolling - template: - metadata: - labels: - app: ${NAME}-${ZONE} - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - spec: - containers: - - image: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - imagePullPolicy: Always - name: ${NAME} - env: - - name: DB_TYPE - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-type - - name: MSSQL_HOST - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-host - - name: MSSQL_PORT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-port - - name: MSSQL_DB - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-name - - name: MSSQL_ENCRYPT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-encrypt - - name: MSSQL_SA_PASSWORD - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-password - - name: MSSQL_SA_USER - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-user - - name: AUTH0_ISSUER_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-issuer-url - - name: AUTH0_AUDIENCE - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-audience - - name: AUTH0_IGNORE_EXP - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-ignore-exp - - name: DOPS_CVSE_FORMS_CACHE_TTL_MS - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-cvse-forms-cache-ttl-ms - - name: DOPS_S3_ACCESS_TYPE - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-access-type - - name: DOPS_S3_ACCESSKEYID - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-accesskeyid - - name: DOPS_S3_BUCKET - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-bucket - - name: DOPS_S3_PRESIGNED_URL_EXPIRY - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-presigned-url-expiry - - name: DOPS_S3_ENDPOINT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-endpoint - - name: DOPS_S3_KEY - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-key - - name: DOPS_S3_SECRETACCESSKEY - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-s3-secretaccesskey - - name: NODE_ENV - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: node-env - ports: - - containerPort: 5000 - protocol: TCP - resources: - requests: - cpu: ${CPU_REQUEST} - memory: ${MEMORY_REQUEST} - limits: - cpu: ${CPU_LIMIT} - memory: ${MEMORY_LIMIT} - readinessProbe: - httpGet: - path: / - port: 5000 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 15 - timeoutSeconds: 5 - livenessProbe: - successThreshold: 1 - failureThreshold: 3 - httpGet: - path: / - port: 5000 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - - apiVersion: v1 - kind: Service - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - ports: - - name: 5000-tcp - protocol: TCP - port: 80 - targetPort: 5000 - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} - port: - targetPort: 5000-tcp - to: - kind: Service - name: ${NAME}-${ZONE}-${COMPONENT} - weight: 100 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - - apiVersion: autoscaling/v2 - kind: HorizontalPodAutoscaler - metadata: - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig - name: ${NAME}-${ZONE}-${COMPONENT} - minReplicas: ${{MIN_REPLICAS}} - maxReplicas: ${{MAX_REPLICAS}} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 diff --git a/tps-migration/src/modules/tps-permit/s3.service.ts b/tps-migration/src/modules/tps-permit/s3.service.ts index c1bf8804a..4f7310491 100644 --- a/tps-migration/src/modules/tps-permit/s3.service.ts +++ b/tps-migration/src/modules/tps-permit/s3.service.ts @@ -10,13 +10,13 @@ import { Upload } from '@aws-sdk/lib-storage'; export class S3Service { constructor(private readonly httpService: HttpService) {} - private readonly _s3AccessKeyId = process.env.DOPS_S3_ACCESSKEYID; - private readonly _s3SecretAccessKey = process.env.DOPS_S3_SECRETACCESSKEY; - private readonly _s3EndPoint = process.env.DOPS_S3_ENDPOINT; - private readonly _s3Bucket = process.env.DOPS_S3_BUCKET; - private readonly _s3Key = process.env.DOPS_S3_KEY; + private readonly _s3AccessKeyId = process.env.OCIO_S3_ACCESSKEYID; + private readonly _s3SecretAccessKey = process.env.OCIO_S3_SECRETACCESSKEY; + private readonly _s3EndPoint = process.env.OCIO_S3_ENDPOINT; + private readonly _s3Bucket = process.env.OCIO_S3_BUCKET; + private readonly _s3Key = process.env.OCIO_S3_KEY; private readonly _s3PreSignedUrlExpiry = - process.env.DOPS_S3_PRESIGNED_URL_EXPIRY; + process.env.OCIO_S3_PRESIGNED_URL_EXPIRY; private s3Client: S3Client = new S3Client({ apiVersion: '2006-03-01', diff --git a/vehicles/Dockerfile b/vehicles/Dockerfile index bebf2f20d..ec1c31dbe 100644 --- a/vehicles/Dockerfile +++ b/vehicles/Dockerfile @@ -28,7 +28,7 @@ RUN mkdir /.npm && chmod 777 /.npm WORKDIR /app # Set node to production -ENV NODE_ENV production +ENV NODE_ENV ${NODE_ENV} # Set environment variables ENV DB_TYPE ${DB_TYPE} @@ -52,8 +52,9 @@ ENV CHES_TOKEN_URL ${CHES_TOKEN_URL} ENV CHES_CLIENT_ID ${CHES_CLIENT_ID} ENV CHES_CLIENT_SECRET ${CHES_CLIENT_SECRET} ENV CHES_URL ${CHES_URL} +ENV ACCESS_API_URL ${ACCESS_API_URL} ENV DOPS_URL ${DOPS_URL} -ENV FRONT_END_URL ${FRONT_END_URL} +ENV FRONTEND_URL ${FRONTEND_URL} ENV PAYBC_API_KEY ${PAYBC_API_KEY} ENV PAYBC_REF_NUMBER ${PAYBC_REF_NUMBER} ENV PAYBC_BASE_URL ${PAYBC_BASE_URL} diff --git a/vehicles/openshift.deploy.yml b/vehicles/openshift.deploy.yml deleted file mode 100644 index f253560bf..000000000 --- a/vehicles/openshift.deploy.yml +++ /dev/null @@ -1,406 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -labels: - app: ${NAME}-${ZONE} - app.kubernetes.io/part-of: ${NAME}-${ZONE} -parameters: - - name: NAME - description: Module name - value: onroutebc - - name: COMPONENT - description: Component name - value: backend-vehicles - - name: ZONE - description: Deployment zone, e.g. pr-### or prod - required: true - - name: IMAGE_TAG - description: Image tag to use - value: latest - - name: DOMAIN - value: apps.silver.devops.gov.bc.ca - - name: CPU_REQUEST - value: "25m" - - name: MEMORY_REQUEST - value: "50Mi" - - name: CPU_LIMIT - value: "75m" - - name: MEMORY_LIMIT - value: "150Mi" - - name: MIN_REPLICAS - description: The minimum amount of replicas for the horizontal pod autoscaler. - value: "3" - - name: MAX_REPLICAS - description: The maximum amount of replicas for the horizontal pod autoscaler. - value: "5" - - name: REGISTRY - description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) - value: ghcr.io - - name: PROMOTE - description: Image (namespace/name:tag) to promote/import - value: bcgov/onroutebc:prod-backend-vehicles - - name: DATABASE_NAME - description: Name of Database to connect to - required: true - - name: DATABASE_USER - description: User connecting to database - required: true - - name: DATABASE_PASSWORD - description: Password of user connecting to database - required: true - - name: DATABASE_HOST - description: Host url/service of database connection - required: true - - name: AUTH0_ISSUER_URL - description: The principal that issued the JWT - required: true - - name: AUTH0_AUDIENCE - description: Identifies the recipients that the JWT is intended for - required: true - - name: AUTH0_IGNORE_EXP - description: The boolean flag to ignore the JWT expiration - required: true - - name: SITEMINDER_LOG_OFF_URL - description: The siteminder log off url - required: true - - name: DOPS_CVSE_FORMS_CACHE_TTL_MS - description: The cache time to live for CVSE FORMS in DOPS in Milliseconds - required: true - - name: DOPS_S3_ACCESS_TYPE - description: The key to switch between COMS or Direct access - required: true - - name: DOPS_S3_ACCESSKEYID - description: The Access Key for your S3 compatible object storage account - required: true - - name: DOPS_S3_BUCKET - description: The object storage bucket name - required: true - - name: DOPS_S3_PRESIGNED_URL_EXPIRY - description: The expiry time for pre-signed URLs to objects in seconds - required: true - - name: DOPS_S3_ENDPOINT - description: Object store URL - required: true - - name: DOPS_S3_KEY - description: The base path for storage location - required: true - - name: DOPS_S3_SECRETACCESSKEY - description: The Secret Access Key for your S3 compatible object storage account - required: true - - name: CDOGS_CLIENT_ID - description: The keycloak client ID for common hosted CDOGS - required: true - - name: CDOGS_CLIENT_SECRET - description: The keycloak client secret for common hosted CDOGS - required: true - - name: CDOGS_TOKEN_URL - description: The keycloak url for common hosted CDOGS - required: true - - name: CDOGS_URL - description: The CDOGS API url - required: true - - name: CHES_TOKEN_URL - description: The keycloak url for common hosted CHES - required: true - - name: CHES_CLIENT_ID - description: Client Id to request the access token for connecting to CHES - required: true - - name: CHES_CLIENT_SECRET - description: Client Secret to request the access token for connecting to CHES - required: true - - name: CHES_URL - description: The CHES API url - required: true - - name: NODE_ENV - description: The NODE Environment - required: true - - name: PAYBC_API_KEY - description: API Key for PayBC - required: true - - name: PAYBC_REF_NUMBER - description: Reference Number for PayBC - required: true - - name: PAYBC_BASE_URL - description: Base URL for PayBC - required: true - - name: GL_CODE - description: Gl code for PayBC - required: true -objects: - - apiVersion: v1 - kind: ConfigMap - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - data: - database-type: mssql - database-name: "${DATABASE_NAME}" - database-host: "${DATABASE_HOST}" - database-encrypt: "false" - database-port: "1433" - auth0-issuer-url: "${AUTH0_ISSUER_URL}" - auth0-audience: "${AUTH0_AUDIENCE}" - auth0-ignore-exp: "${AUTH0_IGNORE_EXP}" - ches-token-url: "${CHES_TOKEN_URL}" - ches-url: "${CHES_URL}" - dops-url: "https://${NAME}-${ZONE}-backend-dops.${DOMAIN}" - vehicles-url: "https://${NAME}-${ZONE}-backend-vehicles.${DOMAIN}" - front-end-url: "https://${NAME}-${ZONE}-frontend.${DOMAIN}" - node-env: "${NODE_ENV}" - paybc-redirect: "https://${NAME}-${ZONE}-frontend.${DOMAIN}/payment" - - apiVersion: v1 - kind: Secret - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - stringData: - database-user: "${DATABASE_USER}" - database-password: "${DATABASE_PASSWORD}" - ches-client-id: "${CHES_CLIENT_ID}" - ches-client-secret: "${CHES_CLIENT_SECRET}" - paybc-api-key: "${PAYBC_API_KEY}" - paybc-ref-number: "${PAYBC_REF_NUMBER}" - paybc-base-url: "${PAYBC_BASE_URL}" - gl-code: "${GL_CODE}" - - apiVersion: v1 - kind: ImageStream - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - lookupPolicy: - local: false - tags: - - name: ${IMAGE_TAG} - from: - kind: DockerImage - name: ${REGISTRY}/${PROMOTE} - referencePolicy: - type: Local - - apiVersion: v1 - kind: DeploymentConfig - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - replicas: 1 - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - ${NAME} - from: - kind: ImageStreamTag - name: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - strategy: - type: Rolling - template: - metadata: - labels: - app: ${NAME}-${ZONE} - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - spec: - containers: - - image: ${NAME}-${ZONE}-${COMPONENT}:${IMAGE_TAG} - imagePullPolicy: Always - name: ${NAME} - env: - - name: DB_TYPE - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-type - - name: MSSQL_HOST - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-host - - name: MSSQL_PORT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-port - - name: MSSQL_DB - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-name - - name: MSSQL_ENCRYPT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-encrypt - - name: MSSQL_SA_PASSWORD - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-password - - name: MSSQL_SA_USER - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: database-user - - name: AUTH0_ISSUER_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-issuer-url - - name: AUTH0_AUDIENCE - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-audience - - name: AUTH0_IGNORE_EXP - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: auth0-ignore-exp - - name: CHES_TOKEN_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: ches-token-url - - name: CHES_CLIENT_ID - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: ches-client-id - - name: CHES_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: ches-client-secret - - name: CHES_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: ches-url - - name: DOPS_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: dops-url - - name: VEHICLES_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: vehicles-url - - name: FRONT_END_URL - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: front-end-url - - name: NODE_ENV - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: node-env - - name: PAYBC_API_KEY - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: paybc-api-key - - name: PAYBC_REF_NUMBER - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: paybc-ref-number - - name: PAYBC_BASE_URL - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: paybc-base-url - - name: PAYBC_REDIRECT - valueFrom: - configMapKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: paybc-redirect - - name: GL_CODE - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: gl-code - ports: - - containerPort: 5000 - protocol: TCP - resources: - requests: - cpu: ${CPU_REQUEST} - memory: ${MEMORY_REQUEST} - limits: - cpu: ${CPU_LIMIT} - memory: ${MEMORY_LIMIT} - readinessProbe: - httpGet: - path: / - port: 5000 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 15 - timeoutSeconds: 5 - livenessProbe: - successThreshold: 1 - failureThreshold: 3 - httpGet: - path: / - port: 5000 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - - apiVersion: v1 - kind: Service - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - ports: - - name: 5000-tcp - protocol: TCP - port: 80 - targetPort: 5000 - selector: - deploymentconfig: ${NAME}-${ZONE}-${COMPONENT} - - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - app: ${NAME}-${ZONE} - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - host: ${NAME}-${ZONE}-${COMPONENT}.${DOMAIN} - port: - targetPort: 5000-tcp - to: - kind: Service - name: ${NAME}-${ZONE}-${COMPONENT} - weight: 100 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - - apiVersion: autoscaling/v2 - kind: HorizontalPodAutoscaler - metadata: - name: ${NAME}-${ZONE}-${COMPONENT} - spec: - scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig - name: ${NAME}-${ZONE}-${COMPONENT} - minReplicas: ${{MIN_REPLICAS}} - maxReplicas: ${{MAX_REPLICAS}} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 100 diff --git a/vehicles/src/main.ts b/vehicles/src/main.ts index e703d81a2..af720f90f 100644 --- a/vehicles/src/main.ts +++ b/vehicles/src/main.ts @@ -15,12 +15,24 @@ import helmet from 'helmet'; import { customLogger } from './common/logger/logger.config'; import { CorrelationIdInterceptor } from './common/interceptor/correlationId.interceptor'; +const allowedOrigins = [process.env.FRONTEND_URL]; + async function bootstrap() { const app = await NestFactory.create(AppModule, { logger: customLogger, }); app.use(helmet()); app.enableCors({ + origin: function (origin, callback) { + if ( + (origin && allowedOrigins.includes(origin)) || + process.env.NODE_ENV !== 'production' + ) { + callback(null, true); + } else { + callback(new Error('Not allowed by CORS')); + } + }, methods: ['GET', 'PUT', 'POST', 'DELETE'], maxAge: 7200, credentials: false, diff --git a/vehicles/src/modules/email/email.service.ts b/vehicles/src/modules/email/email.service.ts index c303a880d..82075782a 100644 --- a/vehicles/src/modules/email/email.service.ts +++ b/vehicles/src/modules/email/email.service.ts @@ -116,20 +116,20 @@ export class EmailService { const compiledTemplate = Handlebars.compile(template); const htmlBody = compiledTemplate({ ...data, - headerLogo: process.env.FRONT_END_URL + '/BC_Logo_MOTI.png', - footerLogo: process.env.FRONT_END_URL + '/onRouteBC_Logo.png', - darkModeHeaderLogo: process.env.FRONT_END_URL + '/BC_Logo_Rev_MOTI.png', + headerLogo: process.env.FRONTEND_URL + '/BC_Logo_MOTI.png', + footerLogo: process.env.FRONTEND_URL + '/onRouteBC_Logo.png', + darkModeHeaderLogo: process.env.FRONTEND_URL + '/BC_Logo_Rev_MOTI.png', darkModeMedHeaderLogo: - process.env.FRONT_END_URL + '/BC_Logo_Rev_MOTI@2x.png', - darkModeFooterLogo: process.env.FRONT_END_URL + '/onRouteBC_Rev_Logo.png', + process.env.FRONTEND_URL + '/BC_Logo_Rev_MOTI@2x.png', + darkModeFooterLogo: process.env.FRONTEND_URL + '/onRouteBC_Rev_Logo.png', darkModeMedFooterLogo: - process.env.FRONT_END_URL + '/onRouteBC_Rev_Logo@2x.png', - whiteHeaderLogo: process.env.FRONT_END_URL + '/BC_Logo_MOTI_White.jpg', + process.env.FRONTEND_URL + '/onRouteBC_Rev_Logo@2x.png', + whiteHeaderLogo: process.env.FRONTEND_URL + '/BC_Logo_MOTI_White.jpg', whiteMedHeaderLogo: - process.env.FRONT_END_URL + '/BC_Logo_MOTI_White@2x.jpg', - whiteFooterLogo: process.env.FRONT_END_URL + '/onRouteBC_Logo_White.jpg', + process.env.FRONTEND_URL + '/BC_Logo_MOTI_White@2x.jpg', + whiteFooterLogo: process.env.FRONTEND_URL + '/onRouteBC_Logo_White.jpg', whiteMedFooterLogo: - process.env.FRONT_END_URL + '/onRouteBC_Logo_White@2x.jpg', + process.env.FRONTEND_URL + '/onRouteBC_Logo_White@2x.jpg', }); return htmlBody; }