From 346939e624b1927bde4b68f7bb9248d8c86e3248 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Fri, 20 Sep 2024 17:10:00 +0530 Subject: [PATCH 01/24] [MOSIP-35816] removed deployment script and updated chart Signed-off-by: ckm007 --- helm/mock-identity-system/copy_cm.sh | 22 ------------ helm/mock-identity-system/delete.sh | 30 ---------------- helm/mock-identity-system/install.sh | 51 --------------------------- helm/mock-identity-system/restart.sh | 24 ------------- helm/mock-identity-system/values.yaml | 41 ++++++++++++++++++--- 5 files changed, 36 insertions(+), 132 deletions(-) delete mode 100755 helm/mock-identity-system/copy_cm.sh delete mode 100755 helm/mock-identity-system/delete.sh delete mode 100755 helm/mock-identity-system/install.sh delete mode 100755 helm/mock-identity-system/restart.sh diff --git a/helm/mock-identity-system/copy_cm.sh b/helm/mock-identity-system/copy_cm.sh deleted file mode 100755 index cf4e5617..00000000 --- a/helm/mock-identity-system/copy_cm.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# Copy configmaps from other namespaces -# DST_NS: Destination namespace - -function copying_cm() { - COPY_UTIL=../copy_cm_func.sh - DST_NS=esignet - - $COPY_UTIL configmap global default $DST_NS - $COPY_UTIL configmap artifactory-share artifactory $DST_NS - $COPY_UTIL configmap config-server-share config-server $DST_NS - $COPY_UTIL configmap softhsm-mock-identity-system-share softhsm $DST_NS - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -copying_cm # calling function \ No newline at end of file diff --git a/helm/mock-identity-system/delete.sh b/helm/mock-identity-system/delete.sh deleted file mode 100755 index 001dec0f..00000000 --- a/helm/mock-identity-system/delete.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# Uninstalls all esignet helm charts -## Usage: ./delete.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -function Deleting_mock-identity-system() { - NS=esignet - while true; do - read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn - if [ $yn = "Y" ] - then - helm -n $NS delete mock-identity-system - break - else - break - fi - done - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -Deleting_mock-identity-system # calling function \ No newline at end of file diff --git a/helm/mock-identity-system/install.sh b/helm/mock-identity-system/install.sh deleted file mode 100755 index 2f80d17e..00000000 --- a/helm/mock-identity-system/install.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Installs all esignet helm charts -## Usage: ./install.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -NS=esignet -CHART_VERSION=0.0.1-develop - -echo Create $NS namespace -kubectl create ns $NS - -function installing_mock-identity-system() { - echo "Copy configmaps" - ./copy_cm.sh - - echo Istio label - kubectl label ns $NS istio-injection=enabled --overwrite - - echo "Do you have public domain & valid SSL? (Y/n) " - echo "Y: if you have public domain & valid ssl certificate" - echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments." - read -p "" flag - - if [ -z "$flag" ]; then - echo "'flag' was provided; EXITING;" - exit 1; - fi - ENABLE_INSECURE='' - if [ "$flag" = "n" ]; then - ENABLE_INSECURE='--set enable_insecure=true'; - fi - - echo Installing mock-identity-system - helm -n $NS install mock-identity-system mosip/mock-identity-system --version $CHART_VERSION $ENABLE_INSECURE - - kubectl -n $NS get deploy mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status - - echo Installed mock-identity-system service - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -installing_mock-identity-system # calling function diff --git a/helm/mock-identity-system/restart.sh b/helm/mock-identity-system/restart.sh deleted file mode 100755 index c9f3d318..00000000 --- a/helm/mock-identity-system/restart.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Restart the esignet services - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -function Restarting_mock-identity-system() { - NS=esignet - kubectl -n $NS rollout restart deploy mock-identity-system - - kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status - - echo Retarted mock-identity-system services - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -Restarting_mock-identity-system # calling function \ No newline at end of file diff --git a/helm/mock-identity-system/values.yaml b/helm/mock-identity-system/values.yaml index 057306f6..47978442 100644 --- a/helm/mock-identity-system/values.yaml +++ b/helm/mock-identity-system/values.yaml @@ -52,7 +52,7 @@ service: image: registry: docker.io - repository: mosipqa/mock-identity-system + repository: mosipdev/mock-identity-system tag: develop ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -240,14 +240,45 @@ updateStrategy: ## - name: FOO ## value: "bar" ## -extraEnvVars: [] +extraEnvVars: + - name: DATABASE_HOST + valueFrom: + configMapKeyRef: + name: mockid-postgres-config + key: database-host + - name: DATABASE_PORT + valueFrom: + configMapKeyRef: + name: mockid-postgres-config + key: database-port + - name: DATABASE_NAME + valueFrom: + configMapKeyRef: + name: mockid-postgres-config + key: database-name + - name: DATABASE_USERNAME + valueFrom: + configMapKeyRef: + name: mockid-postgres-config + key: database-username + - name: DB_DBUSER_PASSWORD + valueFrom: + secretKeyRef: + name: db-common-secrets + key: db-dbuser-password + - name: SOFTHSM_MOCK_IDENTITY_SYSTEM_SECURITY_PIN + valueFrom: + secretKeyRef: + name: mockid-softhsm + key: security-pin + - name: hsm_local_dir_name + value: hsm-client + - name: MOSIP_ESIGNET_MOCK_SUPPORTED_FIELDS + value: individualId,password ## ConfigMap with extra environment variables that used ## extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - softhsm-mock-identity-system-share ## Secret with extra environment variables From abf581700c14586e4c911e007219d153ddb42153 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Fri, 20 Sep 2024 17:15:06 +0530 Subject: [PATCH 02/24] [MOSIP-35816] corrected chart lint yaml Signed-off-by: ckm007 --- .github/workflows/chart-lint-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-lint-publish.yml b/.github/workflows/chart-lint-publish.yml index f0b73334..0c1f5600 100644 --- a/.github/workflows/chart-lint-publish.yml +++ b/.github/workflows/chart-lint-publish.yml @@ -40,7 +40,7 @@ on: - MOSIP* - release* paths: - - './helm/**' + - 'helm/**' jobs: chart-lint-publish: From ec8ddc62a6bd45e6693652e2b06a3f754aae0bfe Mon Sep 17 00:00:00 2001 From: ckm007 Date: Sat, 21 Sep 2024 22:32:22 +0530 Subject: [PATCH 03/24] [MOSIP-35816] moved deployment scripts to deploy Signed-off-by: ckm007 --- helm/copy_cm.sh | 23 ------ helm/copy_cm_func.sh | 33 -------- helm/delete-all.sh | 34 -------- helm/install-all.sh | 55 ------------- helm/mock-relying-party-service/copy_cm.sh | 22 ------ helm/mock-relying-party-service/delete.sh | 30 -------- helm/mock-relying-party-service/install.sh | 90 ---------------------- helm/mock-relying-party-service/restart.sh | 24 ------ helm/mock-relying-party-ui/delete.sh | 30 -------- helm/mock-relying-party-ui/install.sh | 58 -------------- helm/mock-relying-party-ui/restart.sh | 24 ------ helm/restart-all.sh | 26 ------- helm/softhsm-values.yaml | 7 -- 13 files changed, 456 deletions(-) delete mode 100755 helm/copy_cm.sh delete mode 100755 helm/copy_cm_func.sh delete mode 100755 helm/delete-all.sh delete mode 100755 helm/install-all.sh delete mode 100755 helm/mock-relying-party-service/copy_cm.sh delete mode 100755 helm/mock-relying-party-service/delete.sh delete mode 100755 helm/mock-relying-party-service/install.sh delete mode 100755 helm/mock-relying-party-service/restart.sh delete mode 100755 helm/mock-relying-party-ui/delete.sh delete mode 100755 helm/mock-relying-party-ui/install.sh delete mode 100755 helm/mock-relying-party-ui/restart.sh delete mode 100755 helm/restart-all.sh delete mode 100644 helm/softhsm-values.yaml diff --git a/helm/copy_cm.sh b/helm/copy_cm.sh deleted file mode 100755 index 27342f46..00000000 --- a/helm/copy_cm.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Copy configmaps from other namespaces -# DST_NS: Destination namespace - - -function copying_cm() { - COPY_UTIL=./copy_cm_func.sh - DST_NS=esignet - - $COPY_UTIL configmap global default $DST_NS - $COPY_UTIL configmap config-server-share config-server $DST_NS - $COPY_UTIL configmap artifactory-share artifactory $DST_NS - $COPY_UTIL configmap softhsm-mock-identity-system-share softhsm $DST_NS - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -copying_cm # calling function \ No newline at end of file diff --git a/helm/copy_cm_func.sh b/helm/copy_cm_func.sh deleted file mode 100755 index 7b225948..00000000 --- a/helm/copy_cm_func.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# Copy configmap and secret from one namespace to another. -# ./copy_cm_func.sh [name] -# Parameters: -# resource: configmap|secret -# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is -# clash of names - -if [ $1 = "configmap" ] -then - RESOURCE=configmap -elif [ $1 = "secret" ] -then - RESOURCE=secret -else - echo "Incorrect resource $1. Exiting.." - exit 1 -fi - - -if [ $# -ge 5 ] -then - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f - -else - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f - -fi - - - - - diff --git a/helm/delete-all.sh b/helm/delete-all.sh deleted file mode 100755 index 20b722df..00000000 --- a/helm/delete-all.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# Uninstalls mock-relying-party-service and mock-relying-party-ui -## Usage: ./delete.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -function Deleting_All() { - NS=esignet - SOFTHSM_NS=softhsm - while true; do - read -p "Are you sure you want to delete esignet mock service helm charts?(Y/n) " yn - if [ $yn = "Y" ] - then - helm -n $NS delete softhsm-mock-identity-system - helm -n $NS delete mock-relying-party-service - helm -n $NS delete mock-relying-party-ui - helm -n $NS delete mock-identity-system - break - else - break - fi - done - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -Deleting_All # calling function \ No newline at end of file diff --git a/helm/install-all.sh b/helm/install-all.sh deleted file mode 100755 index be4b9601..00000000 --- a/helm/install-all.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -# Installs all esignet mock service helm charts -## Usage: ./install.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -ROOT_DIR=`pwd` -SOFTHSM_NS=softhsm -SOFTHSM_CHART_VERSION=12.0.1-B2 - -echo Create $SOFTHSM_NS namespace -kubectl create ns $SOFTHSM_NS - -function installing_All() { - echo Istio label - kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite - helm repo add mosip https://mosip.github.io/mosip-helm - helm repo update - - echo Installing Softhsm for mock-identity-system - helm -n $SOFTHSM_NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait - echo Installed Softhsm for mock-identity-system - - ./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server - - kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_ - kubectl -n config-server rollout restart deploy config-server - kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status - - declare -a module=("mock-identity-system" - "mock-relying-party-service" - "mock-relying-party-ui" - ) - - echo Installing esignet mock services - - for i in "${module[@]}" - do - cd $ROOT_DIR/"$i" - ./install.sh - done - - echo All esignet mock services deployed sucessfully. - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -installing_All # calling function \ No newline at end of file diff --git a/helm/mock-relying-party-service/copy_cm.sh b/helm/mock-relying-party-service/copy_cm.sh deleted file mode 100755 index 62d06a68..00000000 --- a/helm/mock-relying-party-service/copy_cm.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# Copy configmaps from other namespaces -# DST_NS: Destination namespace - -function copying_cm() { - COPY_UTIL=../copy_cm_func.sh - DST_NS=esignet - - $COPY_UTIL configmap global default $DST_NS - $COPY_UTIL configmap config-server-share config-server $DST_NS - $COPY_UTIL configmap artifactory-share artifactory $DST_NS - $COPY_UTIL configmap softhsm-mock-identity-system-share softhsm $DST_NS - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -copying_cm # calling function diff --git a/helm/mock-relying-party-service/delete.sh b/helm/mock-relying-party-service/delete.sh deleted file mode 100755 index 7f8fae2f..00000000 --- a/helm/mock-relying-party-service/delete.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# Uninstalls all esignet helm charts -## Usage: ./delete.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -function Deleting_mock-relying-party-service() { - NS=esignet - while true; do - read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn - if [ $yn = "Y" ] - then - helm -n $NS delete mock-relying-party-service - break - else - break - fi - done - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -Deleting_mock-relying-party-service # calling function \ No newline at end of file diff --git a/helm/mock-relying-party-service/install.sh b/helm/mock-relying-party-service/install.sh deleted file mode 100755 index ffebe059..00000000 --- a/helm/mock-relying-party-service/install.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash -# Installs all esignet helm charts -## Usage: ./install.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -NS=esignet -CHART_VERSION=0.0.1-develop - -echo Create $NS namespace -kubectl create ns $NS - -function installing_mock-relying-party-service() { - echo Istio label - kubectl label ns $NS istio-injection=enabled --overwrite - - echo "Copy configmaps" - ./copy_cm.sh - - read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY - - if [ -z "$CLIENT_PRIVATE_KEY" ]; then - echo "Client Private key file not provided; EXITING;"; - exit 0; - fi - if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then - echo "Client Private key not found; EXITING;"; - exit 0; - fi - - echo "Do you have public domain & valid SSL? (Y/n) " - echo "Y: if you have public domain & valid ssl certificate" - echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments." - read -p "" flag - - if [ -z "$flag" ]; then - echo "'flag' was provided; EXITING;" - exit 1; - fi - ENABLE_INSECURE='' - if [ "$flag" = "n" ]; then - ENABLE_INSECURE='--set enable_insecure=true'; - fi - - read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY - - if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then - echo "Client jwe userinfo Private key file not provided; EXITING;"; - exit 0; - fi - if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then - echo "Client jwe userinfo Private key not found; EXITING;"; - exit 0; - fi - - echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists" - cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key - cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key - - kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets - kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets - kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key" - kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key" - - ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host}) - DEFAULT_ESIGNET_SERVICE_URL='http://esignet.esignet/v1/esignet' - read -p "Please provide Esignet service url : ( default: http://esignet.esignet/v1/esignet )" USER_PROVIDED_ESIGNET_SERVICE_URL - ESIGNET_SERVICE_URL=${USER_PROVIDED_ESIGNET_SERVICE_URL:-$DEFAULT_ESIGNET_SERVICE_URL} - - echo Installing Mock Relying Party Service - helm -n $NS install mock-relying-party-service mosip/mock-relying-party-service \ - --set mock_relying_party_service.ESIGNET_SERVICE_URL="$ESIGNET_SERVICE_URL" \ - --set mock_relying_party_service.ESIGNET_AUD_URL="https://$ESIGNET_HOST/v1/esignet/oauth/v2/token" \ - --version $CHART_VERSION $ENABLE_INSECURE - - kubectl -n $NS get deploy mock-relying-party-service -o name | xargs -n1 -t kubectl -n $NS rollout status - - echo Installed mock-relying-party-service service - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -installing_mock-relying-party-service # calling function diff --git a/helm/mock-relying-party-service/restart.sh b/helm/mock-relying-party-service/restart.sh deleted file mode 100755 index a14bd122..00000000 --- a/helm/mock-relying-party-service/restart.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Restart the esignet services - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -function Restarting_mock-relying-party-service() { - NS=esignet - kubectl -n $NS rollout restart deploy mock-relying-party-service - - kubectl -n $NS get mock-relying-party-service-test deploy -o name | xargs -n1 -t kubectl -n $NS rollout status - - echo Retarted mock-relying-party-service - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -Restarting_mock-relying-party-service # calling function diff --git a/helm/mock-relying-party-ui/delete.sh b/helm/mock-relying-party-ui/delete.sh deleted file mode 100755 index e19cd3e3..00000000 --- a/helm/mock-relying-party-ui/delete.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# Uninstalls all esignet helm charts -## Usage: ./delete.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -function Deleting_mock-relying-party-ui() { - NS=esignet - while true; do - read -p "Are you sure you want to delete all mock-relying-party-ui helm charts?(Y/n) " yn - if [ $yn = "Y" ] - then - helm -n $NS delete mock-relying-party-ui - break - else - break - fi - done - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -Deleting_mock-identity-system # calling function \ No newline at end of file diff --git a/helm/mock-relying-party-ui/install.sh b/helm/mock-relying-party-ui/install.sh deleted file mode 100755 index 1a2b205d..00000000 --- a/helm/mock-relying-party-ui/install.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -# Installs all esignet helm charts -## Usage: ./install.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -NS=esignet -CHART_VERSION=0.0.1-develop - -read -p "Please provide mock relying party ui domain (eg: healthservices.sandbox.xyz.net ) : " MOCK_UI_HOST - -if [ -z "$MOCK_UI_HOST" ]; then - echo "Mock relying party UI Host not provided; EXITING;" - exit 0; -fi - -CHK_MOCK_UI_HOST=$( nslookup "$MOCK_UI_HOST" ) -if [ $? -gt 0 ]; then - echo "Mock relying party UI Host does not exists; EXITING;" - exit 0; -fi - -echo Create $NS namespace -kubectl create ns $NS - -function installing_mock-relying-party-ui() { - echo Istio label - kubectl label ns $NS istio-injection=enabled --overwrite - - ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host}) - - echo Installing Mock Relying Party UI - helm -n $NS install mock-relying-party-ui mosip/mock-relying-party-ui \ - --set mock_relying_party_ui.mock_relying_party_ui_service_host="$MOCK_UI_HOST" \ - --set mock_relying_party_ui.ESIGNET_UI_BASE_URL="https://$ESIGNET_HOST" \ - --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \ - --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \ - --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \ - --set mock_relying_party_ui.SIGN_IN_BUTTON_PLUGIN_URL="https://$ESIGNET_HOST/plugins/sign-in-button-plugin.js" \ - --set istio.hosts\[0\]="$MOCK_UI_HOST" \ - -f values.yaml \ - --version $CHART_VERSION - - kubectl -n $NS get deploy mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status - - echo Installed mock-relying-party-ui service - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -installing_mock-relying-party-ui # calling function diff --git a/helm/mock-relying-party-ui/restart.sh b/helm/mock-relying-party-ui/restart.sh deleted file mode 100755 index 8874b6b0..00000000 --- a/helm/mock-relying-party-ui/restart.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Restart the esignet services - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -function Restarting_mock-relying-party-ui() { - NS=esignet - kubectl -n $NS rollout restart deploy mock-relying-party-ui - - kubectl -n $NS get mock-relying-party-ui deploy -o name | xargs -n1 -t kubectl -n $NS rollout status - - echo Retarted mock-relying-party-ui services - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -Restarting_mock-relying-party-ui # calling function \ No newline at end of file diff --git a/helm/restart-all.sh b/helm/restart-all.sh deleted file mode 100755 index bc1303e5..00000000 --- a/helm/restart-all.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Restarts the esignet mock service -## Usage: ./restart.sh [kubeconfig] - - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -function Restarting_All() { - NS=esignet - kubectl -n $NS rollout restart deploy mock-identity-system mock-relying-party-service mock-relying-party-ui - - kubectl -n $NS get deploy mock-identity-system mock-relying-party-service mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status - - echo Retarted mock relying party service & mock relying party ui - return 0 -} - -# set commands for error handling. -set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable -set -o errtrace # trace ERR through 'time command' and other functions -set -o pipefail # trace ERR through pipes -Restarting_All # calling function \ No newline at end of file diff --git a/helm/softhsm-values.yaml b/helm/softhsm-values.yaml deleted file mode 100644 index 581bbd13..00000000 --- a/helm/softhsm-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -resources: - limits: {} - # cpu: 250m - # memory: 1Gi - requests: - cpu: 100m - memory: 20Mi From d2fedea58db572dd364795e34784872772dafe00 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Sat, 21 Sep 2024 22:33:41 +0530 Subject: [PATCH 04/24] [MOSIP-35816] updarted chart values for latest changes to remove artifactory and config server dependency Signed-off-by: ckm007 --- helm/mock-identity-system/values.yaml | 2 +- helm/mock-relying-party-service/values.yaml | 5 ++--- helm/mock-relying-party-ui/values.yaml | 7 ++----- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/helm/mock-identity-system/values.yaml b/helm/mock-identity-system/values.yaml index 47978442..dcfa02e8 100644 --- a/helm/mock-identity-system/values.yaml +++ b/helm/mock-identity-system/values.yaml @@ -269,7 +269,7 @@ extraEnvVars: - name: SOFTHSM_MOCK_IDENTITY_SYSTEM_SECURITY_PIN valueFrom: secretKeyRef: - name: mockid-softhsm + name: softhsm-mock-identity-system key: security-pin - name: hsm_local_dir_name value: hsm-client diff --git a/helm/mock-relying-party-service/values.yaml b/helm/mock-relying-party-service/values.yaml index ebea1483..5aadfe42 100644 --- a/helm/mock-relying-party-service/values.yaml +++ b/helm/mock-relying-party-service/values.yaml @@ -250,12 +250,11 @@ extraEnvVars: [] ## ConfigMap with extra environment variables ## -extraEnvVarsCM: - - config-server-share +extraEnvVarsCM: [] ## Secret with extra environment variables ## -extraEnvVarsSecret: +extraEnvVarsSecret: [] ## Extra volumes to add to the deployment ## diff --git a/helm/mock-relying-party-ui/values.yaml b/helm/mock-relying-party-ui/values.yaml index 7b729330..308bf802 100644 --- a/helm/mock-relying-party-ui/values.yaml +++ b/helm/mock-relying-party-ui/values.yaml @@ -244,14 +244,11 @@ extraEnvVars: [] ## ConfigMap with extra environment variables ## -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share +extraEnvVarsCM: [] ## Secret with extra environment variables ## -extraEnvVarsSecret: +extraEnvVarsSecret: [] ## Extra volumes to add to the deployment ## From 926db5e4d470621f9fce1bd84361529cf775885b Mon Sep 17 00:00:00 2001 From: ckm007 Date: Sat, 21 Sep 2024 22:35:22 +0530 Subject: [PATCH 05/24] [MOSIP-35816] moved db-init scripts to deploy Signed-off-by: ckm007 --- db_scripts/README.md | 20 ------------------- db_scripts/init_db.sh | 38 ------------------------------------- db_scripts/init_values.yaml | 15 --------------- 3 files changed, 73 deletions(-) delete mode 100755 db_scripts/init_db.sh delete mode 100644 db_scripts/init_values.yaml diff --git a/db_scripts/README.md b/db_scripts/README.md index 02966181..b691caa0 100644 --- a/db_scripts/README.md +++ b/db_scripts/README.md @@ -6,25 +6,5 @@ This folder containers various SQL scripts to create database and tables in post The tables are described under `/ddl/`. Default data that's populated in the tables is present under `/dml` folder. -## Prerequisites -* Make sure that the esignet database has been initialized and its associated service is currently running. -* Command line utilities: - - kubectl - - helm -* Helm repos: - ```sh - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add mosip https://mosip.github.io/mosip-helm - ``` - -## Install in existing MOSIP K8 Cluster -These scripts are automatically run with below mentioned script in existing k8 cluster with Postgres installed. -### Install -* Set your kube_config file or kube_config variable on PC. -* Update `init_values.yaml` with db-common-password from the postgres namespace in the required field `dbUserPasswords.dbuserPassword` and ensure `databases.mosip_mockidentitysystem` is enabled. - ``` - ./init_db.sh` - ``` - ## Install for developers Developers may run the SQLs using `/deploy.sh` script. diff --git a/db_scripts/init_db.sh b/db_scripts/init_db.sh deleted file mode 100755 index b081475e..00000000 --- a/db_scripts/init_db.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# Script to initialize mockidentitysystem DB. -## Usage: ./init_db.sh [kubeconfig] - -if [ $# -ge 1 ] ; then - export KUBECONFIG=$1 -fi - -NS=esignet -CHART_VERSION=12.0.2 - -helm repo add mosip https://mosip.github.io/mosip-helm -helm repo update - -while true; do - read -p "CAUTION: Do we already have Postgres installed? Also make sure the mockidentitysystem DB is backed up as the same will be overriden. Do you still want to continue?" yn - if [ $yn = "Y" ] - then - kubectl create ns $NS - DB_USER_PASSWORD=$( kubectl -n postgres get secrets db-common-secrets -o jsonpath={.data.db-dbuser-password} | base64 -d ) - - echo Removing existing mosip_mockidentitysystem DB installation - helm -n $NS delete postgres-init-mockidentitysystem - kubectl -n $NS delete --ignore-not-found=true secret db-common-secrets - - echo Copy Postgres secrets - ../helm/copy_cm_func.sh secret postgres-postgresql postgres $NS - - echo Initializing DB - helm -n $NS install postgres-init-mockidentitysystem mosip/postgres-init -f init_values.yaml \ - --version $CHART_VERSION \ - --set dbUserPasswords.dbuserPassword="$DB_USER_PASSWORD" \ - --wait --wait-for-jobs - break - else - break - fi -done \ No newline at end of file diff --git a/db_scripts/init_values.yaml b/db_scripts/init_values.yaml deleted file mode 100644 index f9d3d87d..00000000 --- a/db_scripts/init_values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -#dbUserPasswords: -# dbuserPassword: "" - -databases: - mosip_mockidentitysystem: - enabled: true - host: "postgres-postgresql.postgres" - port: 5432 - su: - user: postgres - secret: - name: postgres-postgresql - key: postgres-password - dml: 1 - branch: develop From b1d92b8a437c1a93ddb56ce74550dd0a21a5c2ef Mon Sep 17 00:00:00 2001 From: ckm007 Date: Sat, 21 Sep 2024 22:38:55 +0530 Subject: [PATCH 06/24] [MOSIP-35816] added updated db-init scripts Signed-off-by: ckm007 --- deploy/postgres/.gitignore | 3 + deploy/postgres/README.md | 26 ++++++ deploy/postgres/generate-secret-cm.py | 125 ++++++++++++++++++++++++++ deploy/postgres/init_db.sh | 70 +++++++++++++++ deploy/postgres/init_values.yaml | 15 ++++ deploy/postgres/postgres-config.yaml | 12 +++ 6 files changed, 251 insertions(+) create mode 100644 deploy/postgres/.gitignore create mode 100644 deploy/postgres/README.md create mode 100644 deploy/postgres/generate-secret-cm.py create mode 100755 deploy/postgres/init_db.sh create mode 100644 deploy/postgres/init_values.yaml create mode 100644 deploy/postgres/postgres-config.yaml diff --git a/deploy/postgres/.gitignore b/deploy/postgres/.gitignore new file mode 100644 index 00000000..d3ae73ce --- /dev/null +++ b/deploy/postgres/.gitignore @@ -0,0 +1,3 @@ +mockid-postgres-config.yaml +esignet-postgres-postgresql.yaml +db-common-secrets.yaml diff --git a/deploy/postgres/README.md b/deploy/postgres/README.md new file mode 100644 index 00000000..aebb6627 --- /dev/null +++ b/deploy/postgres/README.md @@ -0,0 +1,26 @@ +# esignet-mock-services +Mock implementation of Identity system for e-signet + +## Overview +Contains bash script to initialise mocip_mockidentitysystem DB in K8 cluster. + +## Prerequisites +* Make sure that the esignet database has been initialized and its associated service is currently running. +* Command line utilities: + - kubectl + - helm + - puthon3 +* Helm repos: + ```sh + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add mosip https://mosip.github.io/mosip-helm + ``` + +## Install in existing MOSIP K8 Cluster +These scripts are automatically run with below mentioned script in existing k8 cluster with Postgres installed. +### Install +* Set your kube_config file or kube_config variable on PC. +* Update `init_values.yaml` with db-common-password from the postgres namespace in the required field `dbUserPasswords.dbuserPassword` and ensure `databases.mosip_mockidentitysystem` is enabled. + ``` + ./init_db.sh` + ``` diff --git a/deploy/postgres/generate-secret-cm.py b/deploy/postgres/generate-secret-cm.py new file mode 100644 index 00000000..8b1fec5b --- /dev/null +++ b/deploy/postgres/generate-secret-cm.py @@ -0,0 +1,125 @@ +import base64 +import os + +# Function to check if the namespace exists +def check_namespace(namespace): + result = os.system(f"kubectl get namespace {namespace} > /dev/null 2>&1") + if result != 0: + print(f"Namespace '{namespace}' does not exist. Creating namespace...") + os.system(f"kubectl create namespace {namespace}") + else: + print(f"Namespace '{namespace}' already exists.") + +# Function to check if a secret already exists +def secret_exists(secret_name, namespace): + result = os.system(f"kubectl get secret {secret_name} -n {namespace} > /dev/null 2>&1") + return result == 0 + +# Function to create or update a secret +def create_or_update_secret(secret_name, namespace, data_key, password): + base64_password = base64.b64encode(password.encode()).decode() + yaml_content = f""" +apiVersion: v1 +kind: Secret +metadata: + name: {secret_name} + namespace: {namespace} +type: Opaque +data: + {data_key}: {base64_password} +""" + yaml_file = f"{secret_name}.yaml" + with open(yaml_file, "w") as file: + file.write(yaml_content) + print(f"'{secret_name}' secret YAML written to {yaml_file}.") + if secret_exists(secret_name, namespace): + print(f"Updating existing secret '{secret_name}'...") + os.system(f"kubectl apply -f {yaml_file}") + else: + print(f"Creating new secret '{secret_name}'...") + os.system(f"kubectl create -f {yaml_file} --save-config") + +# Function to check if a ConfigMap already exists +def configmap_exists(configmap_name, namespace): + result = os.system(f"kubectl get configmap {configmap_name} -n {namespace} > /dev/null 2>&1") + return result == 0 + +# Function to create or update a ConfigMap +def create_or_update_configmap(configmap_name, namespace, postgres_host, postgres_port, db_user, db_name): + yaml_content = f""" +apiVersion: v1 +kind: ConfigMap +metadata: + name: {configmap_name} + namespace: {namespace} + labels: + app: postgres +data: + database-host: "{postgres_host}" + database-port: "{postgres_port}" + database-username: "{db_user}" + database-name: "{db_name}" +""" + yaml_file = f"{configmap_name}.yaml" + with open(yaml_file, "w") as file: + file.write(yaml_content) + print(f"'{configmap_name}' ConfigMap YAML written to {yaml_file}.") + + if configmap_exists(configmap_name, namespace): + print(f"Updating existing ConfigMap '{configmap_name}'...") + os.system(f"kubectl apply -f {yaml_file}") + else: + print(f"Creating new ConfigMap '{configmap_name}'...") + os.system(f"kubectl create -f {yaml_file} --save-config") + +# Main script logic +namespace = "mockid" +check_namespace(namespace) + +# Handle db-dbuser-password secret +db_secret_name = "db-common-secrets" +if secret_exists(db_secret_name, namespace): + overwrite = input(f"Secret '{db_secret_name}' already exists in namespace '{namespace}'. Overwrite? (y/n): ") + if overwrite.lower() == 'y': + password = input("Enter the password to be used for mockidsystemuser: ") + create_or_update_secret(db_secret_name, namespace, "db-dbuser-password", password) + else: + print(f"Skipping creation of '{db_secret_name}' secret.") +else: + print(f"Creating secret '{db_secret_name}'...") + password = input("Enter the password to be used for mockidsystemuser: ") + create_or_update_secret(db_secret_name, namespace, "db-dbuser-password", password) + +# Handle postgres-password secret +postgres_secret_name = "esignet-postgres-postgresql" +if secret_exists(postgres_secret_name, namespace): + overwrite = input(f"Secret '{postgres_secret_name}' already exists in namespace '{namespace}'. Overwrite? (y/n): ") + if overwrite.lower() == 'y': + postgres_password = input("Enter postgres user password: ") + create_or_update_secret(postgres_secret_name, namespace, "postgres-password", postgres_password) + else: + print(f"Skipping creation of '{postgres_secret_name}' secret.") +else: + print(f"Creating secret '{postgres_secret_name}'...") + postgres_password = input("Enter postgres user password: ") + create_or_update_secret(postgres_secret_name, namespace, "postgres-password", postgres_password) + +# Handle ConfigMap creation for PostgreSQL +configmap_name = "mockid-postgres-config" +if configmap_exists(configmap_name, namespace): + overwrite = input(f"ConfigMap '{configmap_name}' already exists in namespace '{namespace}'. Overwrite? (y/n): ") + if overwrite.lower() == 'y': + postgres_host = input("Enter PostgreSQL host: ") + postgres_port = input("Enter PostgreSQL port: ") + db_user = "mockidsystemuser" + db_name = "mosip_mockidentitysystem" + create_or_update_configmap(configmap_name, namespace, postgres_host, postgres_port, db_user, db_name) + else: + print(f"Skipping creation of '{configmap_name}' ConfigMap.") +else: + print(f"Creating ConfigMap '{configmap_name}'...") + postgres_host = input("Enter PostgreSQL host: ") + postgres_port = input("Enter PostgreSQL port: ") + db_user = input("Enter DB user: ") + db_name = input("Enter DB name: ") + create_or_update_configmap(configmap_name, namespace, postgres_host, postgres_port, db_user, db_name) diff --git a/deploy/postgres/init_db.sh b/deploy/postgres/init_db.sh new file mode 100755 index 00000000..b9626272 --- /dev/null +++ b/deploy/postgres/init_db.sh @@ -0,0 +1,70 @@ +#!/bin/bash +# Script to initialize mockidentitysystem DB. +## Usage: ./init_db.sh [kubeconfig] + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=mockid +CHART_VERSION=0.0.1-develop + +helm repo add mosip https://mosip.github.io/mosip-helm +helm repo update + +kubectl create ns $NS || true + +echo "Initialising mosip_mockidentitysystem DB" +echo "1. Setup mosip_mockidentitysystem DB in esignet postgres server." +echo "2. Setup mosip_mockidentitysystem DB in different postgres server" +while true; do + read -p "Please enter one of the above option: " option + if [ $option = "1" ] + then + DB_USER_PASSWORD=$( kubectl -n esignet get secrets db-common-secrets -o jsonpath={.data.db-dbuser-password} | base64 -d ) + + echo Removing existing mosip_mockidentitysystem DB installation + helm -n $NS delete postgres-init-mockidentitysystem || true + kubectl -n $NS delete --ignore-not-found=true secret db-common-secrets + + echo Copy Postgres secrets + ../copy_cm_func.sh secret esignet-postgres-postgresql esignet $NS + + echo Initializing DB + helm -n $NS install postgres-init-mockidentitysystem mosip/postgres-init -f init_values.yaml \ + --version $CHART_VERSION \ + --set dbUserPasswords.dbuserPassword="$DB_USER_PASSWORD" \ + --wait --wait-for-jobs + echo "DB initialised sucessfully. Creating DB config map" + kubectl apply -f postgres-config.yaml + break + elif [ $option = "2" ] + then + echo "Skipping DB setup in esignet postgres server" + python3 generate-secret-cm.py # Ensure python3 is installed and generate-secret-cm.py is present. + DB_HOST=$( kubectl -n $NS get cm mockid-postgres-config -o jsonpath={.data.postgres-host} ) + DB_PORT=$( kubectl -n $NS get cm mockid-postgres-config -o jsonpath={.data.postgres-host} ) + DB_USER_PASSWORD=$( kubectl -n $NS get secrets db-common-secrets -o jsonpath={.data.db-dbuser-password} | base64 -d ) + echo Removing existing mosip_mockidentitysystem DB installation + helm -n $NS delete postgres-init-mockidentitysystem || true + kubectl -n $NS delete --ignore-not-found=true secret db-common-secrets + echo Initializing DB + helm -n $NS install postgres-init-mockidentitysystem mosip/postgres-init -f init_values.yaml \ + --version $CHART_VERSION \ + --set database.mosip_mockidentitysystem.host=$DB_HOST \ + --set database.mosip_mockidentitysystem.port=$DB_PORT \ + --set dbUserPasswords.dbuserPassword="$DB_USER_PASSWORD" \ + --wait --wait-for-jobs + echo "DB initialised sucessfully." + break + else + echo "Please provide a correct option (1 or 2)" + fi +done diff --git a/deploy/postgres/init_values.yaml b/deploy/postgres/init_values.yaml new file mode 100644 index 00000000..a6517da7 --- /dev/null +++ b/deploy/postgres/init_values.yaml @@ -0,0 +1,15 @@ +#dbUserPasswords: +# dbuserPassword: "" + +databases: + mosip_mockidentitysystem: + enabled: true + host: "esignet-postgres-postgresql.esignet" + port: 5432 + su: + user: postgres + secret: + name: esignet-postgres-postgresql + key: postgres-password + dml: 1 + branch: develop diff --git a/deploy/postgres/postgres-config.yaml b/deploy/postgres/postgres-config.yaml new file mode 100644 index 00000000..8f62b433 --- /dev/null +++ b/deploy/postgres/postgres-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mockid-postgres-config + namespace: mockid + labels: + app: postgres +data: + database-host: "esignet-postgres-postgresql.esignet" + database-port: "5432" + database-username: "mockidsystemuser" + database-name: "mosip_mockidentitysystem" From 8b229a9bfc168417a83f8b6469d4679cd9a9831a Mon Sep 17 00:00:00 2001 From: ckm007 Date: Sat, 21 Sep 2024 22:40:14 +0530 Subject: [PATCH 07/24] [MOSIP-35816] added updated mock-identity-system scripts Signed-off-by: ckm007 --- deploy/mock-identity-system/delete.sh | 30 +++++++++++ deploy/mock-identity-system/install.sh | 68 +++++++++++++++++++++++++ deploy/mock-identity-system/restart.sh | 24 +++++++++ deploy/mock-identity-system/values.yaml | 46 +++++++++++++++++ 4 files changed, 168 insertions(+) create mode 100755 deploy/mock-identity-system/delete.sh create mode 100755 deploy/mock-identity-system/install.sh create mode 100755 deploy/mock-identity-system/restart.sh create mode 100644 deploy/mock-identity-system/values.yaml diff --git a/deploy/mock-identity-system/delete.sh b/deploy/mock-identity-system/delete.sh new file mode 100755 index 00000000..086b87bc --- /dev/null +++ b/deploy/mock-identity-system/delete.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function Deleting_mock-identity-system() { + NS=mockid + while true; do + read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn + if [[ $yn = "Y" ]] || [[ $yn = "y" ]] + then + helm -n $NS delete mock-identity-system + break + else + break + fi + done + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Deleting_mock-identity-system # calling function diff --git a/deploy/mock-identity-system/install.sh b/deploy/mock-identity-system/install.sh new file mode 100755 index 00000000..811a9e16 --- /dev/null +++ b/deploy/mock-identity-system/install.sh @@ -0,0 +1,68 @@ +#!/bin/bash +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=mockid +CHART_VERSION=0.0.1-develop + +echo Create $NS namespace +kubectl create ns $NS + +function installing_mock-identity-system() { + echo Istio label + helm repo add mosip https://mosip.github.io/mosip-helm + helm repo update + + echo Istio label + kubectl label ns $NS istio-injection=enabled --overwrite + + while true; do + read -p "Is Prometheus Service Monitor Operator deployed in the k8s cluster? (y/n): " response + if [[ "$response" == "y" || "$response" == "Y" ]]; then + servicemonitorflag=true + break + elif [[ "$response" == "n" || "$response" == "N" ]]; then + servicemonitorflag=false + break + else + echo "Not a correct response. Please respond with y (yes) or n (no)." + fi + done + + echo "Do you have public domain & valid SSL? (Y/n) " + echo "Y: if you have public domain & valid ssl certificate" + echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments." + read -p "" flag + + if [ -z "$flag" ]; then + echo "'flag' was provided; EXITING;" + exit 1; + fi + ENABLE_INSECURE='' + if [ "$flag" = "n" ]; then + ENABLE_INSECURE='--set enable_insecure=true'; + fi + + ../copy_cm_func.sh secret softhsm-mock-identity-system softhsm $NS + ../copy_cm_func.sh configmap softhsm-mock-identity-system-share softhsm $NS + + echo Installing mock-identity-system + helm -n $NS install mock-identity-system mosip/mock-identity-system --set metrics.serviceMonitor.enabled=$servicemonitorflag --version $CHART_VERSION $ENABLE_INSECURE -f values.yaml --wait + + kubectl -n $NS get deploy mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Installed mock-identity-system service + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_mock-identity-system # calling function diff --git a/deploy/mock-identity-system/restart.sh b/deploy/mock-identity-system/restart.sh new file mode 100755 index 00000000..619e38b9 --- /dev/null +++ b/deploy/mock-identity-system/restart.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function Restarting_mock-identity-system() { + NS=mockid + kubectl -n $NS rollout restart deploy mock-identity-system + + kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Retarted mock-identity-system services + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Restarting_mock-identity-system # calling function diff --git a/deploy/mock-identity-system/values.yaml b/deploy/mock-identity-system/values.yaml new file mode 100644 index 00000000..10918fd2 --- /dev/null +++ b/deploy/mock-identity-system/values.yaml @@ -0,0 +1,46 @@ +image: + registry: docker.io + repository: mosipdev/mock-identity-system + tag: develop + +extraEnvVars: + - name: DATABASE_HOST + valueFrom: + configMapKeyRef: + name: mockid-postgres-config + key: database-host + - name: DATABASE_PORT + valueFrom: + configMapKeyRef: + name: mockid-postgres-config + key: database-port + - name: DATABASE_NAME + valueFrom: + configMapKeyRef: + name: mockid-postgres-config + key: database-name + - name: DATABASE_USERNAME + valueFrom: + configMapKeyRef: + name: mockid-postgres-config + key: database-username + - name: DB_DBUSER_PASSWORD + valueFrom: + secretKeyRef: + name: db-common-secrets + key: db-dbuser-password + - name: SOFTHSM_MOCK_IDENTITY_SYSTEM_SECURITY_PIN + valueFrom: + secretKeyRef: + name: softhsm-mock-identity-system + key: security-pin + - name: hsm_local_dir_name + value: hsm-client + - name: MOSIP_ESIGNET_MOCK_SUPPORTED_FIELDS + value: individualId,password + +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - softhsm-mock-identity-system-share + From 3e8614ffba527e0e07c7a6b0553a0693a1e2fe18 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Sat, 21 Sep 2024 22:41:56 +0530 Subject: [PATCH 08/24] [MOSIP-35816] added updated mock-relying-party-service scripts Signed-off-by: ckm007 --- deploy/mock-relying-party-service/delete.sh | 30 +++++++ deploy/mock-relying-party-service/install.sh | 88 +++++++++++++++++++ deploy/mock-relying-party-service/restart.sh | 24 +++++ deploy/mock-relying-party-service/values.yaml | 25 ++++++ 4 files changed, 167 insertions(+) create mode 100755 deploy/mock-relying-party-service/delete.sh create mode 100755 deploy/mock-relying-party-service/install.sh create mode 100755 deploy/mock-relying-party-service/restart.sh create mode 100644 deploy/mock-relying-party-service/values.yaml diff --git a/deploy/mock-relying-party-service/delete.sh b/deploy/mock-relying-party-service/delete.sh new file mode 100755 index 00000000..55ac46e6 --- /dev/null +++ b/deploy/mock-relying-party-service/delete.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function Deleting_mock-relying-party-service() { + NS=esignet + while true; do + read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn + if [[ $yn = "Y" ]] || [[ $yn = "y" ]]; + then + helm -n $NS delete mock-relying-party-service + break + else + break + fi + done + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Deleting_mock-relying-party-service # calling function diff --git a/deploy/mock-relying-party-service/install.sh b/deploy/mock-relying-party-service/install.sh new file mode 100755 index 00000000..9353d2a6 --- /dev/null +++ b/deploy/mock-relying-party-service/install.sh @@ -0,0 +1,88 @@ +#!/bin/bash +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=0.0.1-develop + +echo Create $NS namespace +kubectl create ns $NS + +function installing_mock-relying-party-service() { + echo Istio label + kubectl label ns $NS istio-injection=enabled --overwrite + + read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY + + if [ -z "$CLIENT_PRIVATE_KEY" ]; then + echo "Client Private key file not provided; EXITING;"; + exit 0; + fi + if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then + echo "Client Private key not found; EXITING;"; + exit 0; + fi + + echo "Do you have public domain & valid SSL? (Y/n) " + echo "Y: if you have public domain & valid ssl certificate" + echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments." + read -p "" flag + + if [ -z "$flag" ]; then + echo "'flag' was provided; EXITING;" + exit 1; + fi + ENABLE_INSECURE='' + if [ "$flag" = "n" ]; then + ENABLE_INSECURE='--set enable_insecure=true'; + fi + + read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY + + if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then + echo "Client jwe userinfo Private key file not provided; EXITING;"; + exit 0; + fi + if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then + echo "Client jwe userinfo Private key not found; EXITING;"; + exit 0; + fi + + echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists" + cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key + cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key + + kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets + kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets + kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key" + kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key" + + ESIGNET_HOST=$(kubectl -n $NS get cm esignet-global -o jsonpath={.data.mosip-esignet-host}) + DEFAULT_ESIGNET_SERVICE_URL='http://esignet.esignet/v1/esignet' + read -p "Please provide Esignet service url : ( default: http://esignet.esignet/v1/esignet )" USER_PROVIDED_ESIGNET_SERVICE_URL + ESIGNET_SERVICE_URL=${USER_PROVIDED_ESIGNET_SERVICE_URL:-$DEFAULT_ESIGNET_SERVICE_URL} + + echo Installing Mock Relying Party Service + helm -n $NS install mock-relying-party-service mosip/mock-relying-party-service \ + --set mock_relying_party_service.ESIGNET_SERVICE_URL="$ESIGNET_SERVICE_URL" \ + --set mock_relying_party_service.ESIGNET_AUD_URL="https://$ESIGNET_HOST/v1/esignet/oauth/v2/token" \ + --version $CHART_VERSION $ENABLE_INSECURE \ + -f values.yaml --wait + + kubectl -n $NS get deploy mock-relying-party-service -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Installed mock-relying-party-service service + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_mock-relying-party-service # calling function diff --git a/deploy/mock-relying-party-service/restart.sh b/deploy/mock-relying-party-service/restart.sh new file mode 100755 index 00000000..a14bd122 --- /dev/null +++ b/deploy/mock-relying-party-service/restart.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function Restarting_mock-relying-party-service() { + NS=esignet + kubectl -n $NS rollout restart deploy mock-relying-party-service + + kubectl -n $NS get mock-relying-party-service-test deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Retarted mock-relying-party-service + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Restarting_mock-relying-party-service # calling function diff --git a/deploy/mock-relying-party-service/values.yaml b/deploy/mock-relying-party-service/values.yaml new file mode 100644 index 00000000..5f07ae9c --- /dev/null +++ b/deploy/mock-relying-party-service/values.yaml @@ -0,0 +1,25 @@ +image: + registry: docker.io + repository: mosipdev/mock-relying-party-service + tag: develop + +mock_relying_party_service: + host: '' + mountDir: "" # path inside docker + healthCheckUrl: + mock_relying_party_serviceMountDIr: /home/mosip/oidc/ + puburl: + privurl: + ESIGNET_SERVICE_URL: http://esignet.namespace/v1/esignet + ESIGNET_AUD_URL: https://esignet.sandbox.xyz.net/v1/esignet/oauth/v2/token + USERINFO_RESPONSE_TYPE: jwt + +extraEnvVars: [] + +## ConfigMap with extra environment variables +## +extraEnvVarsCM: [] + +## Secret with extra environment variables +## +extraEnvVarsSecret: [] From d2dbd49b6f7fc55dc58afdd643755ebe3209a6b5 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Sat, 21 Sep 2024 22:43:39 +0530 Subject: [PATCH 09/24] [MOSIP-35816] added updated mock-relying-party-ui scripts Signed-off-by: ckm007 --- deploy/mock-relying-party-ui/delete.sh | 30 ++++++++++++ deploy/mock-relying-party-ui/install.sh | 58 ++++++++++++++++++++++++ deploy/mock-relying-party-ui/restart.sh | 24 ++++++++++ deploy/mock-relying-party-ui/values.yaml | 38 ++++++++++++++++ 4 files changed, 150 insertions(+) create mode 100755 deploy/mock-relying-party-ui/delete.sh create mode 100755 deploy/mock-relying-party-ui/install.sh create mode 100755 deploy/mock-relying-party-ui/restart.sh create mode 100644 deploy/mock-relying-party-ui/values.yaml diff --git a/deploy/mock-relying-party-ui/delete.sh b/deploy/mock-relying-party-ui/delete.sh new file mode 100755 index 00000000..b250c0f4 --- /dev/null +++ b/deploy/mock-relying-party-ui/delete.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Uninstalls all esignet helm charts +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function Deleting_mock-relying-party-ui() { + NS=esignet + while true; do + read -p "Are you sure you want to delete all mock-relying-party-ui helm charts?(Y/n) " yn + if [[ $yn = "Y" ]] || [[ $yn = "y" ]]; + then + helm -n $NS delete mock-relying-party-ui + break + else + break + fi + done + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Deleting_mock-relying-party-ui # calling function diff --git a/deploy/mock-relying-party-ui/install.sh b/deploy/mock-relying-party-ui/install.sh new file mode 100755 index 00000000..9d904d6b --- /dev/null +++ b/deploy/mock-relying-party-ui/install.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# Installs all esignet helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=esignet +CHART_VERSION=0.0.1-develop + +read -p "Please provide mock relying party ui domain (eg: healthservices.sandbox.xyz.net ) : " MOCK_UI_HOST + +if [ -z "$MOCK_UI_HOST" ]; then + echo "Mock relying party UI Host not provided; EXITING;" + exit 0; +fi + +CHK_MOCK_UI_HOST=$( nslookup "$MOCK_UI_HOST" ) +if [ $? -gt 0 ]; then + echo "Mock relying party UI Host does not exists; EXITING;" + exit 0; +fi + +echo Create $NS namespace +kubectl create ns $NS + +function installing_mock-relying-party-ui() { + echo Istio label + kubectl label ns $NS istio-injection=enabled --overwrite + + ESIGNET_HOST=$(kubectl -n $NS get cm esignet-global -o jsonpath={.data.mosip-esignet-host}) + + echo Installing Mock Relying Party UI + helm -n $NS install mock-relying-party-ui mosip/mock-relying-party-ui \ + --set mock_relying_party_ui.mock_relying_party_ui_service_host="$MOCK_UI_HOST" \ + --set mock_relying_party_ui.ESIGNET_UI_BASE_URL="https://$ESIGNET_HOST" \ + --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \ + --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \ + --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \ + --set mock_relying_party_ui.SIGN_IN_BUTTON_PLUGIN_URL="https://$ESIGNET_HOST/plugins/sign-in-button-plugin.js" \ + --set istio.hosts\[0\]="$MOCK_UI_HOST" \ + -f values.yaml \ + --version $CHART_VERSION --wait + + kubectl -n $NS get deploy mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Installed mock-relying-party-ui service + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_mock-relying-party-ui # calling function diff --git a/deploy/mock-relying-party-ui/restart.sh b/deploy/mock-relying-party-ui/restart.sh new file mode 100755 index 00000000..8874b6b0 --- /dev/null +++ b/deploy/mock-relying-party-ui/restart.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Restart the esignet services + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function Restarting_mock-relying-party-ui() { + NS=esignet + kubectl -n $NS rollout restart deploy mock-relying-party-ui + + kubectl -n $NS get mock-relying-party-ui deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Retarted mock-relying-party-ui services + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Restarting_mock-relying-party-ui # calling function \ No newline at end of file diff --git a/deploy/mock-relying-party-ui/values.yaml b/deploy/mock-relying-party-ui/values.yaml new file mode 100644 index 00000000..5592e358 --- /dev/null +++ b/deploy/mock-relying-party-ui/values.yaml @@ -0,0 +1,38 @@ +image: + registry: docker.io + repository: mosipdev/mock-relying-party-ui + tag: develop + +## The url below is to access oidc API services. +## CAUTION: Domain name to acess oidc UI must be secure/internal/over vpn. +## Slash is important! +mock_relying_party_ui: + mock_relying_party_ui_port: '5000' + mock_relying_party_ui_service_host: 'healthservices.sandbox.xyz.net' + ESIGNET_UI_BASE_URL: https://esignet.sandbox.xyz.net + MOCK_RELYING_PARTY_SERVER_URL: https://healthservices.sandbox.xyz.net/mock-relying-party-service + REDIRECT_URI: https://healthservices.sandbox.xyz.net/userprofile + CLIENT_ID: 88Vjt34c5Twz1oJ + ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:linked-wallet + MOCK_RELYING_PARTY_SERVICE_INTERNAL_URL: http://mock-relying-party-service.esignet + REDIRECT_URI_REGISTRATION: https://healthservices.sandbox.xyz.net/registration + SIGN_IN_BUTTON_PLUGIN_URL: https://esignet.sandbox.xyz.net/plugins/sign-in-button-plugin.js + DISPLAY: page + PROMPT: consent + GRANT_TYPE: authorization_code + CLAIMS_LOCALES: en + SCOPE_USER_PROFILE: openid profile + CLAIMS_USER_PROFILE: '%7B%22userinfo%22:%7B%22given_name%22:%7B%22essential%22:true%7D,%22phone_number%22:%7B%22essential%22:false%7D,%22email%22:%7B%22essential%22:true%7D,%22picture%22:%7B%22essential%22:false%7D,%22gender%22:%7B%22essential%22:false%7D,%22birthdate%22:%7B%22essential%22:false%7D,%22address%22:%7B%22essential%22:false%7D%7D,%22id_token%22:%7B%7D%7D' + CLAIMS_REGISTRATION: '%7B%22userinfo%22:%7B%22given_name%22:%7B%22essential%22:true%7D,%22phone_number%22:%7B%22essential%22:false%7D,%22email%22:%7B%22essential%22:true%7D,%22picture%22:%7B%22essential%22:false%7D,%22gender%22:%7B%22essential%22:false%7D,%22birthdate%22:%7B%22essential%22:false%7D,%22address%22:%7B%22essential%22:false%7D%7D,%22id_token%22:%7B%7D%7D' + DEFAULT_LANG: en + FALLBACK_LANG: '%7B%22label%22%3A%22English%22%2C%22value%22%3A%22en%22%7D' + +extraEnvVars: [] + +## ConfigMap with extra environment variables +## +extraEnvVarsCM: [] + +## Secret with extra environment variables +## +extraEnvVarsSecret: [] From 608013884252df7de90a87defacece0286939a28 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Sat, 21 Sep 2024 22:50:57 +0530 Subject: [PATCH 10/24] [MOSIP-35816] added install-all.sh, delete-all.sh, restart-all.sh scripts Signed-off-by: ckm007 --- deploy/copy_cm_func.sh | 33 ++++++++++++++++++++++ deploy/delete-all.sh | 34 +++++++++++++++++++++++ deploy/install-all.sh | 57 ++++++++++++++++++++++++++++++++++++++ deploy/restart-all.sh | 31 +++++++++++++++++++++ deploy/softhsm-values.yaml | 7 +++++ 5 files changed, 162 insertions(+) create mode 100755 deploy/copy_cm_func.sh create mode 100755 deploy/delete-all.sh create mode 100755 deploy/install-all.sh create mode 100755 deploy/restart-all.sh create mode 100644 deploy/softhsm-values.yaml diff --git a/deploy/copy_cm_func.sh b/deploy/copy_cm_func.sh new file mode 100755 index 00000000..7b225948 --- /dev/null +++ b/deploy/copy_cm_func.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# Copy configmap and secret from one namespace to another. +# ./copy_cm_func.sh [name] +# Parameters: +# resource: configmap|secret +# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is +# clash of names + +if [ $1 = "configmap" ] +then + RESOURCE=configmap +elif [ $1 = "secret" ] +then + RESOURCE=secret +else + echo "Incorrect resource $1. Exiting.." + exit 1 +fi + + +if [ $# -ge 5 ] +then + kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5 + kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f - +else + kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2 + kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f - +fi + + + + + diff --git a/deploy/delete-all.sh b/deploy/delete-all.sh new file mode 100755 index 00000000..ceeebbb0 --- /dev/null +++ b/deploy/delete-all.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Uninstalls mock-relying-party-service and mock-relying-party-ui +## Usage: ./delete.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +Deleting_All() { + MOCK_NS=mockid + SOFTHSM_NS=softhsm + NS=esignet + while true; do + read -p "Are you sure you want to delete esignet mock service helm charts?(Y/n) " yn + if [[ $yn = "Y" ]] || [[ $yn = "y" ]]; + then + helm -n $NS delete mock-relying-party-service + helm -n $NS delete mock-relying-party-ui + helm -n $MOCK_NS delete mock-identity-system + break + else + break + fi + done + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Deleting_All # calling function diff --git a/deploy/install-all.sh b/deploy/install-all.sh new file mode 100755 index 00000000..21e5c498 --- /dev/null +++ b/deploy/install-all.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# Installs all esignet mock service helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +ROOT_DIR=`pwd` +NS=mockid +SOFTHSM_NS=softhsm +SOFTHSM_CHART_VERSION=12.0.1 + +echo Create $SOFTHSM_NS namespace +kubectl create ns $SOFTHSM_NS + +function installing_All() { + echo Istio label + kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite + helm repo add mosip https://mosip.github.io/mosip-helm + helm repo update + + echo Installing Softhsm for mock-identity-system + helm -n $SOFTHSM_NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait + echo Installed Softhsm for mock-identity-system + + ./copy_cm_func.sh secret softhsm-mock-identity-system softhsm $NS + ./copy_cm_func.sh configmap softhsm-mock-identity-system-share softhsm $NS + + echo "Initialise postgres with mock identity db creation" + cd postgres + ./init_db.sh + + declare -a module=("mock-identity-system" + "mock-relying-party-service" + "mock-relying-party-ui" + ) + + echo Installing esignet mock services + + for i in "${module[@]}" + do + cd $ROOT_DIR/"$i" + ./install.sh + done + + echo All esignet mock services deployed sucessfully. + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_All # calling function diff --git a/deploy/restart-all.sh b/deploy/restart-all.sh new file mode 100755 index 00000000..61bfb5db --- /dev/null +++ b/deploy/restart-all.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# Restarts the esignet mock service +## Usage: ./restart.sh [kubeconfig] + + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function Restarting_All() { + NS=esignet + MOCK_NS=mockid + kubectl -n $NS rollout restart deploy mock-relying-party-service mock-relying-party-ui + + kubectl -n $MOCK_NS rollout restart deploy mock-identity-system + + kubectl -n $NS get deploy mock-identity-system mock-relying-party-service mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status + + kubectl -n $MOCK_NS get deploy mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Retarted mock relying party service & mock relying party ui & mock identity service + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Restarting_All # calling function diff --git a/deploy/softhsm-values.yaml b/deploy/softhsm-values.yaml new file mode 100644 index 00000000..581bbd13 --- /dev/null +++ b/deploy/softhsm-values.yaml @@ -0,0 +1,7 @@ +resources: + limits: {} + # cpu: 250m + # memory: 1Gi + requests: + cpu: 100m + memory: 20Mi From ab5e6a746d2b2ccfc6c6de9c7a03cf1acd01a935 Mon Sep 17 00:00:00 2001 From: ase-101 Date: Mon, 23 Sep 2024 01:55:52 +0530 Subject: [PATCH 11/24] ES-842 corrected the verified claims logi (#249) Signed-off-by: ase-101 --- .../mock/identitysystem/controller/AuthController.java | 6 ++++++ .../service/impl/AuthenticationServiceImpl.java | 3 ++- .../src/main/resources/application-local.properties | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/controller/AuthController.java b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/controller/AuthController.java index 7f6a0cc2..27149f16 100644 --- a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/controller/AuthController.java +++ b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/controller/AuthController.java @@ -7,6 +7,7 @@ import io.mosip.esignet.mock.identitysystem.dto.*; import io.mosip.esignet.mock.identitysystem.service.AuthenticationService; +import io.mosip.esignet.mock.identitysystem.util.HelperUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.*; @@ -30,6 +31,7 @@ public ResponseWrapper kycAuth(@RequestBody @NotNull @Valid @PathVariable @NotBlank String clientId) { ResponseWrapper responseWrapper = new ResponseWrapper<>(); responseWrapper.setResponse(authenticationService.kycAuth(relyingPartyId, clientId, new KycAuthDto(kycAuthRequestDto))); + responseWrapper.setResponseTime(HelperUtil.getCurrentUTCDateTime()); return responseWrapper; } @@ -40,6 +42,7 @@ public ResponseWrapper kycAuthV2(@RequestBody @NotNull @Vali @PathVariable @NotBlank String clientId) { ResponseWrapper responseWrapper = new ResponseWrapper<>(); responseWrapper.setResponse(authenticationService.kycAuth(relyingPartyId, clientId, new KycAuthDto(kycAuthRequestDtoV2))); + responseWrapper.setResponseTime(HelperUtil.getCurrentUTCDateTime()); return responseWrapper; } @@ -50,6 +53,7 @@ public ResponseWrapper kycExchange(@PathVariable @NotBla @RequestBody @NotNull @Valid KycExchangeRequestDto kycExchangeRequestDto) { ResponseWrapper responseWrapper = new ResponseWrapper<>(); responseWrapper.setResponse(authenticationService.kycExchange(relyingPartyId, clientId, new KycExchangeDto(kycExchangeRequestDto, null))); + responseWrapper.setResponseTime(HelperUtil.getCurrentUTCDateTime()); return responseWrapper; } @@ -61,6 +65,7 @@ public ResponseWrapper kycExchangeV2(@PathVariable @NotB ResponseWrapper responseWrapper = new ResponseWrapper<>(); responseWrapper.setResponse(authenticationService.kycExchange(relyingPartyId, clientId, new KycExchangeDto(kycExchangeRequestDtoV2, kycExchangeRequestDtoV2.getAcceptedClaimDetail()))); + responseWrapper.setResponseTime(HelperUtil.getCurrentUTCDateTime()); return responseWrapper; } @@ -71,6 +76,7 @@ public ResponseWrapper sendOtp(@PathVariable @NotBlank String rel @Valid @RequestBody SendOtpDto sendOtpDto) { ResponseWrapper responseWrapper = new ResponseWrapper<>(); responseWrapper.setResponse(authenticationService.sendOtp(relyingPartyId, clientId, sendOtpDto)); + responseWrapper.setResponseTime(HelperUtil.getCurrentUTCDateTime()); return responseWrapper; } } diff --git a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java index 15d3abe8..2b88985b 100644 --- a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java +++ b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java @@ -74,7 +74,7 @@ public class AuthenticationServiceImpl implements AuthenticationService { @Autowired private VerifiedClaimRepository verifiedClaimRepository; - @Value("${mosip.mock.ida.kyc.transaction-timeout-secs:60}") + @Value("${mosip.mock.ida.kyc.transaction-timeout-secs:180}") private int transactionTimeoutInSecs; @Value("${mosip.mock.ida.kyc.encrypt:false}") @@ -399,6 +399,7 @@ private Map buildKycDataBasedOnPolicy(String individualId, JsonN List list = (List) kyc.getOrDefault("verified_claims", new ArrayList()); list.add(result); + kyc.put("verified_claims", list); } } else { diff --git a/mock-identity-system/src/main/resources/application-local.properties b/mock-identity-system/src/main/resources/application-local.properties index 56eea051..b7af7402 100644 --- a/mock-identity-system/src/main/resources/application-local.properties +++ b/mock-identity-system/src/main/resources/application-local.properties @@ -67,7 +67,7 @@ crypto.PrependThumbprint.enable=true mosip.esignet.mock.authenticator.ida.otp-channels=email,phone #Mock IDA OIDC Specified Cliams -mosip.mock.ida.identity-openid-claims-mapping={"fullName":"name","name":"name","email":"email","phone":"phone","gender":"gender","dateOfBirth":"birthdate","encodedPhoto":"picture"} +mosip.mock.ida.identity-openid-claims-mapping={"fullName":"name","name":"name","email":"email","phone":"phone_number","gender":"gender","dateOfBirth":"birthdate","encodedPhoto":"picture"} ##---------------------------------KBI Configurations------------------------------------------------------ #We can use any field from the IdentityData for KBI From a0f1e2c519080b029c3274ca6c70e8dc0abffefe Mon Sep 17 00:00:00 2001 From: Kaif Siddique <74772315+kaifk468@users.noreply.github.com> Date: Mon, 23 Sep 2024 21:30:19 +0530 Subject: [PATCH 12/24] modified getLanguageValuesList method (#250) Signed-off-by: Mohd Kaif Siddique Co-authored-by: Mohd Kaif Siddique --- .../service/impl/AuthenticationServiceImpl.java | 10 +++++----- .../esignet/mock/identitysystem/util/HelperUtil.java | 8 ++++++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java index 2b88985b..39500a7c 100644 --- a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java +++ b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java @@ -410,13 +410,13 @@ private Map buildKycDataBasedOnPolicy(String individualId, JsonN case "address": Map addressValues = new HashMap<>(); - addressValues.putAll(getKycValues(locales, "street_address", HelperUtil.getLanguageValuesList((ArrayNode) identityData.get("streetAddress")), + addressValues.putAll(getKycValues(locales, "street_address", HelperUtil.getLanguageValuesList(identityData.get("streetAddress")), claimDetail.getValue())); - addressValues.putAll(getKycValues(locales, "locality", HelperUtil.getLanguageValuesList((ArrayNode) identityData.get("locality")), + addressValues.putAll(getKycValues(locales, "locality", HelperUtil.getLanguageValuesList(identityData.get("locality")), claimDetail.getValue())); - addressValues.putAll(getKycValues(locales, "region", HelperUtil.getLanguageValuesList((ArrayNode) identityData.get("region")), + addressValues.putAll(getKycValues(locales, "region", HelperUtil.getLanguageValuesList(identityData.get("region")), claimDetail.getValue())); - addressValues.putAll(getKycValues(locales, "country", HelperUtil.getLanguageValuesList((ArrayNode) identityData.get("country")), + addressValues.putAll(getKycValues(locales, "country", HelperUtil.getLanguageValuesList( identityData.get("country")), claimDetail.getValue())); if (identityData.hasNonNull("postalCode")) { addressValues.put("postal_code", identityData.get("postalCode").asText()); @@ -429,7 +429,7 @@ private Map buildKycDataBasedOnPolicy(String individualId, JsonN if(keyMappingEntry.isEmpty() || !identityData.hasNonNull(keyMappingEntry.get().getKey())) { break; } if(identityData.get(keyMappingEntry.get().getKey()).isArray()) { - List languageValues = HelperUtil.getLanguageValuesList((ArrayNode) identityData.get(keyMappingEntry.get().getKey())); + List languageValues = HelperUtil.getLanguageValuesList( identityData.get(keyMappingEntry.get().getKey())); kyc.putAll(getKycValues(locales, keyMappingEntry.get().getValue(), languageValues, claimDetail.getValue())); } else { diff --git a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/util/HelperUtil.java b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/util/HelperUtil.java index 25827c8d..a37f513f 100644 --- a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/util/HelperUtil.java +++ b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/util/HelperUtil.java @@ -7,6 +7,7 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.node.JsonNodeType; import io.mosip.esignet.mock.identitysystem.dto.LanguageValue; import io.mosip.esignet.mock.identitysystem.exception.MockIdentityException; import io.mosip.kernel.core.util.StringUtils; @@ -22,6 +23,7 @@ import java.time.format.DateTimeFormatter; import java.util.ArrayList; import java.util.Base64; +import java.util.Collections; import java.util.List; import java.util.stream.IntStream; @@ -109,9 +111,11 @@ public static String getIdentityDataValue(JsonNode jsonNode, String field, Strin return null; } - public static List getLanguageValuesList(ArrayNode fieldValue){ + public static List getLanguageValuesList(JsonNode fieldValue){ + if(fieldValue == null || !fieldValue.isArray()) + return Collections.emptyList(); List languageValues=new ArrayList<>(); - for (JsonNode node : fieldValue) { + for (JsonNode node : (ArrayNode)fieldValue) { String language = node.get("language").asText(); String value = node.get("value").asText(); LanguageValue languageValue = new LanguageValue(); From 8a0a94203b7c1522b762baf3feb887ff08b8b6a2 Mon Sep 17 00:00:00 2001 From: GurukiranP Date: Tue, 24 Sep 2024 15:24:24 +0530 Subject: [PATCH 13/24] [ES-1678] Added a new error message for the ekyc failure in i18n. Signed-off-by: GurukiranP --- mock-relying-party-ui/public/locales/ar.json | 3 ++- mock-relying-party-ui/public/locales/en.json | 3 ++- mock-relying-party-ui/public/locales/hi.json | 3 ++- mock-relying-party-ui/public/locales/km.json | 3 ++- mock-relying-party-ui/public/locales/kn.json | 3 ++- mock-relying-party-ui/public/locales/ta.json | 3 ++- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/mock-relying-party-ui/public/locales/ar.json b/mock-relying-party-ui/public/locales/ar.json index f58fae3d..763a77dc 100644 --- a/mock-relying-party-ui/public/locales/ar.json +++ b/mock-relying-party-ui/public/locales/ar.json @@ -235,6 +235,7 @@ "consent_request_rejected": "تم رفض طلب الموافقة", "transaction_timeout": "لقد انتهت مهلة المعاملة. حاول مرة اخرى", "consent_rejected": "آسفون! لم يكن تسجيل الدخول الخاص بك ناجحًا نظرًا لعدم مشاركة الموافقة.", - "incompatible_browser": "آسفون! يرجى الترقية إلى أحدث إصدار من المتصفح والمحاولة مرة أخرى." + "incompatible_browser": "آسفون! يرجى الترقية إلى أحدث إصدار من المتصفح والمحاولة مرة أخرى.", + "ekyc_failed": "نحن متأسفون! تعذر إكمال التحقق من eKYC الخاص بك. يرجى إعادة المحاولة لاحقا." } } diff --git a/mock-relying-party-ui/public/locales/en.json b/mock-relying-party-ui/public/locales/en.json index 1d6492d9..4b220428 100644 --- a/mock-relying-party-ui/public/locales/en.json +++ b/mock-relying-party-ui/public/locales/en.json @@ -236,6 +236,7 @@ "consent_request_rejected": "Consent Request Rejected", "transaction_timeout": "The transaction has timed out. Please try again", "consent_rejected": "We’re sorry! Your login was unsuccessful as consent was not shared.", - "incompatible_browser": "We’re sorry! Please upgrade to the latest version of the browser & try again." + "incompatible_browser": "We’re sorry! Please upgrade to the latest version of the browser & try again.", + "ekyc_failed": "We’re sorry! Your eKYC verification could not be completed. Please try again later." } } diff --git a/mock-relying-party-ui/public/locales/hi.json b/mock-relying-party-ui/public/locales/hi.json index f36653d8..bd20640a 100644 --- a/mock-relying-party-ui/public/locales/hi.json +++ b/mock-relying-party-ui/public/locales/hi.json @@ -234,6 +234,7 @@ "consent_request_rejected": "सहमति अनुरोध अस्वीकृत", "transaction_timeout": "लेन-देन का समय समाप्त हो गया है. कृपया पुन: प्रयास करें", "consent_rejected": "हम क्षमा चाहते हैं! आपका लॉगिन असफल रहा क्योंकि सहमति साझा नहीं की गई थी।", - "incompatible_browser": "हम क्षमा चाहते हैं! कृपया ब्राउज़र के नवीनतम संस्करण में अपग्रेड करें और पुनः प्रयास करें।" + "incompatible_browser": "हम क्षमा चाहते हैं! कृपया ब्राउज़र के नवीनतम संस्करण में अपग्रेड करें और पुनः प्रयास करें।", + "ekyc_failed": "हमें खेद है! आपका eKYC सत्यापन पूरा नहीं किया जा सका। कृपया बाद में पुनः प्रयास करें." } } diff --git a/mock-relying-party-ui/public/locales/km.json b/mock-relying-party-ui/public/locales/km.json index 220f03f0..98073ff4 100644 --- a/mock-relying-party-ui/public/locales/km.json +++ b/mock-relying-party-ui/public/locales/km.json @@ -236,6 +236,7 @@ "consent_request_rejected": "សំណើការយល់ព្រមត្រូវបានបដិសេធ", "transaction_timeout": "ប្រតិបត្តិការបានអស់ពេលហើយ។ សូម​ព្យាយាម​ម្តង​ទៀត", "consent_rejected": "យើង​សុំទោស! ការចូលរបស់អ្នកមិនបានជោគជ័យទេ ដោយសារការយល់ព្រមមិនត្រូវបានចែករំលែក។", - "incompatible_browser": "យើង​សុំទោស! សូមដំឡើងកំណែទៅកំណែចុងក្រោយបំផុតនៃកម្មវិធីរុករកតាមអ៊ីនធឺណិត ហើយព្យាយាមម្តងទៀត។" + "incompatible_browser": "យើង​សុំទោស! សូមដំឡើងកំណែទៅកំណែចុងក្រោយបំផុតនៃកម្មវិធីរុករកតាមអ៊ីនធឺណិត ហើយព្យាយាមម្តងទៀត។", + "ekyc_failed": "យើង​សុំទោស! ការផ្ទៀងផ្ទាត់ eKYC របស់អ្នកមិនអាចបញ្ចប់បានទេ។ សូមព្យាយាមម្តងទៀតនៅពេលក្រោយ។" } } diff --git a/mock-relying-party-ui/public/locales/kn.json b/mock-relying-party-ui/public/locales/kn.json index a6b00399..beaf0078 100644 --- a/mock-relying-party-ui/public/locales/kn.json +++ b/mock-relying-party-ui/public/locales/kn.json @@ -234,6 +234,7 @@ "consent_request_rejected": "ಸಮ್ಮತಿ ವಿನಂತಿಯನ್ನು ತಿರಸ್ಕರಿಸಲಾಗಿದೆ", "transaction_timeout": "ವಹಿವಾಟಿನ ಅವಧಿ ಮೀರಿದೆ. ದಯವಿಟ್ಟು ಪುನಃ ಪ್ರಯತ್ನಿಸಿ", "consent_rejected": "ನಮ್ಮನ್ನು ಕ್ಷಮಿಸಿ! ಸಮ್ಮತಿಯನ್ನು ಹಂಚಿಕೊಳ್ಳದ ಕಾರಣ ನಿಮ್ಮ ಲಾಗಿನ್ ವಿಫಲವಾಗಿದೆ.", - "incompatible_browser": "ನಮ್ಮನ್ನು ಕ್ಷಮಿಸಿ! ದಯವಿಟ್ಟು ಬ್ರೌಸರ್‌ನ ಇತ್ತೀಚಿನ ಆವೃತ್ತಿಗೆ ಅಪ್‌ಗ್ರೇಡ್ ಮಾಡಿ ಮತ್ತು ಮತ್ತೆ ಪ್ರಯತ್ನಿಸಿ." + "incompatible_browser": "ನಮ್ಮನ್ನು ಕ್ಷಮಿಸಿ! ದಯವಿಟ್ಟು ಬ್ರೌಸರ್‌ನ ಇತ್ತೀಚಿನ ಆವೃತ್ತಿಗೆ ಅಪ್‌ಗ್ರೇಡ್ ಮಾಡಿ ಮತ್ತು ಮತ್ತೆ ಪ್ರಯತ್ನಿಸಿ.", + "ekyc_failed": "ಕ್ಷಮಿಸಿ! ನಿಮ್ಮ ಇಕೆವೈಸಿ ಪರಿಶೀಲನೆಯನ್ನು ಪೂರ್ಣಗೊಳಿಸಲು ಸಾಧ್ಯವಾಗಲಿಲ್ಲ. ದಯವಿಟ್ಟು ನಂತರ ಮತ್ತೆ ಪ್ರಯತ್ನಿಸಿ." } } diff --git a/mock-relying-party-ui/public/locales/ta.json b/mock-relying-party-ui/public/locales/ta.json index b33e4087..397297b0 100644 --- a/mock-relying-party-ui/public/locales/ta.json +++ b/mock-relying-party-ui/public/locales/ta.json @@ -234,6 +234,7 @@ "consent_request_rejected": "ஒப்புதல் கோரிக்கை நிராகரிக்கப்பட்டது", "transaction_timeout": "பரிவர்த்தனை நேரம் முடிந்தது. தயவு செய்து மீண்டும் முயற்சிக்கவும்", "consent_rejected": "நாங்கள் வருந்துகிறோம்! ஒப்புதல் பகிரப்படாததால் உங்கள் உள்நுழைவு தோல்வியடைந்தது.", - "incompatible_browser": "நாங்கள் வருந்துகிறோம்! உலாவியின் சமீபத்திய பதிப்பிற்கு மேம்படுத்தி மீண்டும் முயற்சிக்கவும்." + "incompatible_browser": "நாங்கள் வருந்துகிறோம்! உலாவியின் சமீபத்திய பதிப்பிற்கு மேம்படுத்தி மீண்டும் முயற்சிக்கவும்.", + "ekyc_failed": "நாங்கள் வருந்துகிறோம்! உங்கள் eKYC சரிபார்ப்பை நிறைவு செய்ய முடியவில்லை. தயவுசெய்து பின்னர் மீண்டும் முயற்சிக்கவும்." } } From 3ecdd8d169ae7f00cb9f1f4f1053afb9828d58c6 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Tue, 24 Sep 2024 19:30:53 +0530 Subject: [PATCH 14/24] [MOSIP-35816] updated installation scripts Signed-off-by: ckm007 --- deploy/{delete-all.sh => delete-mock.sh} | 7 +- deploy/{install-all.sh => install-mock.sh} | 18 ---- deploy/mock-identity-system/values.yaml | 83 ++++++++++--------- deploy/mock-relying-party-service/values.yaml | 35 ++++---- deploy/mock-relying-party-ui/values.yaml | 57 ++++++------- deploy/prereq.sh | 36 ++++++++ deploy/{restart-all.sh => restart-mock.sh} | 8 +- 7 files changed, 132 insertions(+), 112 deletions(-) rename deploy/{delete-all.sh => delete-mock.sh} (81%) rename deploy/{install-all.sh => install-mock.sh} (59%) create mode 100644 deploy/prereq.sh rename deploy/{restart-all.sh => restart-mock.sh} (88%) diff --git a/deploy/delete-all.sh b/deploy/delete-mock.sh similarity index 81% rename from deploy/delete-all.sh rename to deploy/delete-mock.sh index ceeebbb0..41ed05a1 100755 --- a/deploy/delete-all.sh +++ b/deploy/delete-mock.sh @@ -8,15 +8,14 @@ fi Deleting_All() { MOCK_NS=mockid - SOFTHSM_NS=softhsm NS=esignet while true; do read -p "Are you sure you want to delete esignet mock service helm charts?(Y/n) " yn if [[ $yn = "Y" ]] || [[ $yn = "y" ]]; then - helm -n $NS delete mock-relying-party-service - helm -n $NS delete mock-relying-party-ui - helm -n $MOCK_NS delete mock-identity-system + helm -n $NS delete mock-relying-party-service || true + helm -n $NS delete mock-relying-party-ui || true + helm -n $MOCK_NS delete mock-identity-system || true break else break diff --git a/deploy/install-all.sh b/deploy/install-mock.sh similarity index 59% rename from deploy/install-all.sh rename to deploy/install-mock.sh index 21e5c498..c7dbb9bd 100755 --- a/deploy/install-all.sh +++ b/deploy/install-mock.sh @@ -8,29 +8,11 @@ fi ROOT_DIR=`pwd` NS=mockid -SOFTHSM_NS=softhsm -SOFTHSM_CHART_VERSION=12.0.1 - -echo Create $SOFTHSM_NS namespace -kubectl create ns $SOFTHSM_NS function installing_All() { - echo Istio label - kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite helm repo add mosip https://mosip.github.io/mosip-helm helm repo update - echo Installing Softhsm for mock-identity-system - helm -n $SOFTHSM_NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait - echo Installed Softhsm for mock-identity-system - - ./copy_cm_func.sh secret softhsm-mock-identity-system softhsm $NS - ./copy_cm_func.sh configmap softhsm-mock-identity-system-share softhsm $NS - - echo "Initialise postgres with mock identity db creation" - cd postgres - ./init_db.sh - declare -a module=("mock-identity-system" "mock-relying-party-service" "mock-relying-party-ui" diff --git a/deploy/mock-identity-system/values.yaml b/deploy/mock-identity-system/values.yaml index 10918fd2..0918ed70 100644 --- a/deploy/mock-identity-system/values.yaml +++ b/deploy/mock-identity-system/values.yaml @@ -1,46 +1,47 @@ -image: - registry: docker.io - repository: mosipdev/mock-identity-system - tag: develop +## Uncomment required parms added with single '#' when needed. +#image: +# registry: docker.io +# repository: mosipdev/mock-identity-system +# tag: develop -extraEnvVars: - - name: DATABASE_HOST - valueFrom: - configMapKeyRef: - name: mockid-postgres-config - key: database-host - - name: DATABASE_PORT - valueFrom: - configMapKeyRef: - name: mockid-postgres-config - key: database-port - - name: DATABASE_NAME - valueFrom: - configMapKeyRef: - name: mockid-postgres-config - key: database-name - - name: DATABASE_USERNAME - valueFrom: - configMapKeyRef: - name: mockid-postgres-config - key: database-username - - name: DB_DBUSER_PASSWORD - valueFrom: - secretKeyRef: - name: db-common-secrets - key: db-dbuser-password - - name: SOFTHSM_MOCK_IDENTITY_SYSTEM_SECURITY_PIN - valueFrom: - secretKeyRef: - name: softhsm-mock-identity-system - key: security-pin - - name: hsm_local_dir_name - value: hsm-client - - name: MOSIP_ESIGNET_MOCK_SUPPORTED_FIELDS - value: individualId,password +#extraEnvVars: +# - name: DATABASE_HOST +# valueFrom: +# configMapKeyRef: +# name: mockid-postgres-config +# key: database-host +# - name: DATABASE_PORT +# valueFrom: +# configMapKeyRef: +# name: mockid-postgres-config +# key: database-port +# - name: DATABASE_NAME +# valueFrom: +# configMapKeyRef: +# name: mockid-postgres-config +# key: database-name +# - name: DATABASE_USERNAME +# valueFrom: +# configMapKeyRef: +# name: mockid-postgres-config +# key: database-username +# - name: DB_DBUSER_PASSWORD +# valueFrom: +# secretKeyRef: +# name: db-common-secrets +# key: db-dbuser-password +# - name: SOFTHSM_MOCK_IDENTITY_SYSTEM_SECURITY_PIN +# valueFrom: +# secretKeyRef: +# name: softhsm-mock-identity-system +# key: security-pin +# - name: hsm_local_dir_name +# value: hsm-client +# - name: MOSIP_ESIGNET_MOCK_SUPPORTED_FIELDS +# value: individualId,password ## ConfigMap with extra environment variables that used ## -extraEnvVarsCM: - - softhsm-mock-identity-system-share +#extraEnvVarsCM: +# - softhsm-mock-identity-system-share diff --git a/deploy/mock-relying-party-service/values.yaml b/deploy/mock-relying-party-service/values.yaml index 5f07ae9c..87764072 100644 --- a/deploy/mock-relying-party-service/values.yaml +++ b/deploy/mock-relying-party-service/values.yaml @@ -1,25 +1,26 @@ -image: - registry: docker.io - repository: mosipdev/mock-relying-party-service - tag: develop +## Uncomment required parms added with single '#' when needed. +#image: +# registry: docker.io +# repository: mosipdev/mock-relying-party-service +# tag: develop -mock_relying_party_service: - host: '' - mountDir: "" # path inside docker - healthCheckUrl: - mock_relying_party_serviceMountDIr: /home/mosip/oidc/ - puburl: - privurl: - ESIGNET_SERVICE_URL: http://esignet.namespace/v1/esignet - ESIGNET_AUD_URL: https://esignet.sandbox.xyz.net/v1/esignet/oauth/v2/token - USERINFO_RESPONSE_TYPE: jwt +#mock_relying_party_service: +# host: '' +# mountDir: "" # path inside docker +# healthCheckUrl: +# mock_relying_party_serviceMountDIr: /home/mosip/oidc/ +# puburl: +# privurl: +# ESIGNET_SERVICE_URL: http://esignet.namespace/v1/esignet +# ESIGNET_AUD_URL: https://esignet.sandbox.xyz.net/v1/esignet/oauth/v2/token +# USERINFO_RESPONSE_TYPE: jwt -extraEnvVars: [] +#extraEnvVars: [] ## ConfigMap with extra environment variables ## -extraEnvVarsCM: [] +#extraEnvVarsCM: [] ## Secret with extra environment variables ## -extraEnvVarsSecret: [] +#extraEnvVarsSecret: [] diff --git a/deploy/mock-relying-party-ui/values.yaml b/deploy/mock-relying-party-ui/values.yaml index 5592e358..6e4cc0a0 100644 --- a/deploy/mock-relying-party-ui/values.yaml +++ b/deploy/mock-relying-party-ui/values.yaml @@ -1,38 +1,39 @@ -image: - registry: docker.io - repository: mosipdev/mock-relying-party-ui - tag: develop +## Uncomment required parms added with single '#' when needed. +#image: +# registry: docker.io +# repository: mosipdev/mock-relying-party-ui +# tag: develop ## The url below is to access oidc API services. ## CAUTION: Domain name to acess oidc UI must be secure/internal/over vpn. ## Slash is important! -mock_relying_party_ui: - mock_relying_party_ui_port: '5000' - mock_relying_party_ui_service_host: 'healthservices.sandbox.xyz.net' - ESIGNET_UI_BASE_URL: https://esignet.sandbox.xyz.net - MOCK_RELYING_PARTY_SERVER_URL: https://healthservices.sandbox.xyz.net/mock-relying-party-service - REDIRECT_URI: https://healthservices.sandbox.xyz.net/userprofile - CLIENT_ID: 88Vjt34c5Twz1oJ - ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:linked-wallet - MOCK_RELYING_PARTY_SERVICE_INTERNAL_URL: http://mock-relying-party-service.esignet - REDIRECT_URI_REGISTRATION: https://healthservices.sandbox.xyz.net/registration - SIGN_IN_BUTTON_PLUGIN_URL: https://esignet.sandbox.xyz.net/plugins/sign-in-button-plugin.js - DISPLAY: page - PROMPT: consent - GRANT_TYPE: authorization_code - CLAIMS_LOCALES: en - SCOPE_USER_PROFILE: openid profile - CLAIMS_USER_PROFILE: '%7B%22userinfo%22:%7B%22given_name%22:%7B%22essential%22:true%7D,%22phone_number%22:%7B%22essential%22:false%7D,%22email%22:%7B%22essential%22:true%7D,%22picture%22:%7B%22essential%22:false%7D,%22gender%22:%7B%22essential%22:false%7D,%22birthdate%22:%7B%22essential%22:false%7D,%22address%22:%7B%22essential%22:false%7D%7D,%22id_token%22:%7B%7D%7D' - CLAIMS_REGISTRATION: '%7B%22userinfo%22:%7B%22given_name%22:%7B%22essential%22:true%7D,%22phone_number%22:%7B%22essential%22:false%7D,%22email%22:%7B%22essential%22:true%7D,%22picture%22:%7B%22essential%22:false%7D,%22gender%22:%7B%22essential%22:false%7D,%22birthdate%22:%7B%22essential%22:false%7D,%22address%22:%7B%22essential%22:false%7D%7D,%22id_token%22:%7B%7D%7D' - DEFAULT_LANG: en - FALLBACK_LANG: '%7B%22label%22%3A%22English%22%2C%22value%22%3A%22en%22%7D' - -extraEnvVars: [] +#mock_relying_party_ui: +# mock_relying_party_ui_port: '5000' +# mock_relying_party_ui_service_host: 'healthservices.sandbox.xyz.net' +# ESIGNET_UI_BASE_URL: https://esignet.sandbox.xyz.net +# MOCK_RELYING_PARTY_SERVER_URL: https://healthservices.sandbox.xyz.net/mock-relying-party-service +# REDIRECT_URI: https://healthservices.sandbox.xyz.net/userprofile +# CLIENT_ID: 88Vjt34c5Twz1oJ +# ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:linked-wallet +# MOCK_RELYING_PARTY_SERVICE_INTERNAL_URL: http://mock-relying-party-service.esignet +# REDIRECT_URI_REGISTRATION: https://healthservices.sandbox.xyz.net/registration +# SIGN_IN_BUTTON_PLUGIN_URL: https://esignet.sandbox.xyz.net/plugins/sign-in-button-plugin.js +# DISPLAY: page +# PROMPT: consent +# GRANT_TYPE: authorization_code +# CLAIMS_LOCALES: en +# SCOPE_USER_PROFILE: openid profile +# CLAIMS_USER_PROFILE: '%7B%22userinfo%22:%7B%22given_name%22:%7B%22essential%22:true%7D,%22phone_number%22:%7B%22essential%22:false%7D,%22email%22:%7B%22essential%22:true%7D,%22picture%22:%7B%22essential%22:false%7D,%22gender%22:%7B%22essential%22:false%7D,%22birthdate%22:%7B%22essential%22:false%7D,%22address%22:%7B%22essential%22:false%7D%7D,%22id_token%22:%7B%7D%7D' +# CLAIMS_REGISTRATION: '%7B%22userinfo%22:%7B%22given_name%22:%7B%22essential%22:true%7D,%22phone_number%22:%7B%22essential%22:false%7D,%22email%22:%7B%22essential%22:true%7D,%22picture%22:%7B%22essential%22:false%7D,%22gender%22:%7B%22essential%22:false%7D,%22birthdate%22:%7B%22essential%22:false%7D,%22address%22:%7B%22essential%22:false%7D%7D,%22id_token%22:%7B%7D%7D' +# DEFAULT_LANG: en +# FALLBACK_LANG: '%7B%22label%22%3A%22English%22%2C%22value%22%3A%22en%22%7D' +# MOCK_RP_UI_PUBLIC_URL +#extraEnvVars: [] ## ConfigMap with extra environment variables ## -extraEnvVarsCM: [] +#extraEnvVarsCM: [] ## Secret with extra environment variables ## -extraEnvVarsSecret: [] +#extraEnvVarsSecret: [] diff --git a/deploy/prereq.sh b/deploy/prereq.sh new file mode 100644 index 00000000..fc918b7c --- /dev/null +++ b/deploy/prereq.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# Installs and initialises pre-requisites for esignet mock service helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +ROOT_DIR=`pwd` +NS=mockid +SOFTHSM_NS=softhsm +SOFTHSM_CHART_VERSION=12.0.1 + +function installing_All() { + echo Create $SOFTHSM_NS namespace + kubectl create ns $SOFTHSM_NS || true + + echo Istio label + kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite + helm repo add mosip https://mosip.github.io/mosip-helm + helm repo update + + echo Installing Softhsm for mock-identity-system + helm -n $SOFTHSM_NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait + echo Installed Softhsm for mock-identity-system + + ./copy_cm_func.sh secret softhsm-mock-identity-system softhsm $NS + ./copy_cm_func.sh configmap softhsm-mock-identity-system-share softhsm $NS + + echo "Initialise postgres with mock identity db creation" + cd postgres + ./init_db.sh + + echo All esignet mock services deployed sucessfully. + return 0 +} diff --git a/deploy/restart-all.sh b/deploy/restart-mock.sh similarity index 88% rename from deploy/restart-all.sh rename to deploy/restart-mock.sh index 61bfb5db..e551dd13 100755 --- a/deploy/restart-all.sh +++ b/deploy/restart-mock.sh @@ -10,13 +10,13 @@ fi function Restarting_All() { NS=esignet MOCK_NS=mockid - kubectl -n $NS rollout restart deploy mock-relying-party-service mock-relying-party-ui + kubectl -n $NS rollout restart deploy mock-relying-party-service mock-relying-party-ui || true - kubectl -n $MOCK_NS rollout restart deploy mock-identity-system + kubectl -n $MOCK_NS rollout restart deploy mock-identity-system || true - kubectl -n $NS get deploy mock-identity-system mock-relying-party-service mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status + kubectl -n $NS get deploy mock-identity-system mock-relying-party-service mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status || true - kubectl -n $MOCK_NS get deploy mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status + kubectl -n $MOCK_NS get deploy mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status || true echo Retarted mock relying party service & mock relying party ui & mock identity service return 0 From 10d023f3e6f173a286acbd0b299aba2f74f8ad02 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Wed, 25 Sep 2024 12:25:49 +0530 Subject: [PATCH 15/24] [MOSIP-35816] updated README and installation scripts comments Signed-off-by: ckm007 --- README.md | 72 ++++++++++---------- deploy/delete-mock.sh | 2 +- deploy/mock-identity-system/delete.sh | 2 +- deploy/mock-identity-system/install.sh | 14 +++- deploy/mock-identity-system/restart.sh | 2 +- deploy/mock-relying-party-service/delete.sh | 2 +- deploy/mock-relying-party-service/install.sh | 2 +- deploy/mock-relying-party-service/restart.sh | 2 +- deploy/mock-relying-party-ui/delete.sh | 2 +- deploy/mock-relying-party-ui/install.sh | 2 +- deploy/mock-relying-party-ui/restart.sh | 4 +- deploy/prereq.sh | 4 +- 12 files changed, 60 insertions(+), 50 deletions(-) mode change 100644 => 100755 deploy/prereq.sh diff --git a/README.md b/README.md index 57e37ddd..a6a321bb 100644 --- a/README.md +++ b/README.md @@ -3,58 +3,56 @@ Repository contains mock implementation of auth for e-signet ## Installing in k8s cluster using helm ### Pre-requisites -1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC. -1. Make sure [DB setup](db_scripts/README.md#install-in-existing-mosip-k8-cluster) is done. -1. Add / merge below mentioned properties files into existing config branch: - * [mock-identity-system-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/mock-identity-system-default.properties) - * [application-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/application-default.properties) -1. Add below properties in [esignet-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/esignet-default.properties) incase using MockAuth for esignet. - ``` - mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration - mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl - mosip.esignet.integration.authenticator=MockAuthenticationService - mosip.esignet.integration.key-binder=MockKeyBindingWrapperService - mosip.esignet.integration.audit-plugin=LoggerAuditService - mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService - ``` -1. Below are the dependent services required for compliance toolkit service: +1. Set the kube config file of the Esignet K8 cluster having dependent services. +1. Below are the dependent services required for Mock Identity Services deployment: | Chart | Chart version | |---|---| - |[Keycloak](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 7.1.18 | - |[Keycloak-init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 12.0.1-B3 | |[Postgres](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 10.16.2 | |[Postgres Init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 12.0.1-B3 | - |[Config-server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/config-server) | 12.0.1-B3 | - |[Artifactory server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/artifactory) | 12.0.1-B3 | - |[esignet-softhsm](https://github.com/mosip/esignet/blob/v1.0.0/helm/install-all.sh) | 12.0.1-B2 | - |[redis](https://github.com/mosip/esignet/blob/v1.0.0/helm/redis)| 17.3.14 | - |[esignet](https://github.com/mosip/esignet/tree/v1.0.0/helm/esignet) | 1.0.0 | - |[oidc-ui](https://github.com/mosip/esignet/blob/v1.0.0/helm/oidc-ui) | 1.0.0 | + |[mock-identity-softhsm](https://github.com/mosip/esignet/blob/v1.0.0/helm/install-all.sh) | 12.0.1-B2 | -### Install +### Install Pe-req for mock identity service * Install `kubectl` and `helm` utilities. -* Run `install-all.sh` to deploy esignet services. +* Run `prereq-mockid.sh` to setup below mentioned pre-requisites for mock-identity-system. + * Setup softhsm for mock-identity in `Softhsm` namespace. + * Copy required `configmaps` and `secrets` to `mockid` namespace. + * Initialise mock Identity DB. ``` - cd helm - ./install-all.sh + cd deploy + ./prereq-mockid.sh ``` -* During the execution of the `install-all.sh` script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server. -* If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process. -* The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file. -* This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates. +### Install esignet mock services +* Install `kubectl` and `helm` utilities. +* setup `KUBECONFIG` variable to point to esignet k8 cluster kubeconfig file. + ``` + export KUBECONFIG=path/to/kubeconfig.config + ``` +* Execute installation script: + ``` + ./instll-mock.sh + ``` +* During installation of each module a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server. + * Opt (y,Y) : In case the Domain is mapped publically and valid SSL certificate is present. + * Ops (n,N) : If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. + * Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process. + * The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file. + * This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates. +* During Installation a prompt is there to confirm if prometheus service monitor is already deployed. + * Opt (y,Y) : In case Monitoring is installed with prometheus service monitor. + * Ops (n,N) : In case Monitoring is not installed or prometheus service monitor is not available. ### Delete -* Run `delete-all.sh` to remove esignet services. +* Run `delete-mock.sh` to remove esignet services. ``` - cd helm - ./delete-all.sh + cd deploy + ./delete-mock.sh ``` ### Restart -* Run `restart-all.sh` to restart esignet services. +* Run `restart-mock.sh` to restart esignet services. ``` - cd helm - ./restart.sh + cd deploy + ./restart-mock.sh ``` ## Onboard esignet mock and relying party services diff --git a/deploy/delete-mock.sh b/deploy/delete-mock.sh index 41ed05a1..6efa9455 100755 --- a/deploy/delete-mock.sh +++ b/deploy/delete-mock.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Uninstalls mock-relying-party-service and mock-relying-party-ui +# Uninstalls esignet mock services. ## Usage: ./delete.sh [kubeconfig] if [ $# -ge 1 ] ; then diff --git a/deploy/mock-identity-system/delete.sh b/deploy/mock-identity-system/delete.sh index 086b87bc..a3366d22 100755 --- a/deploy/mock-identity-system/delete.sh +++ b/deploy/mock-identity-system/delete.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Uninstalls all esignet helm charts +# Uninstalls esignet mock identity helm chart ## Usage: ./delete.sh [kubeconfig] if [ $# -ge 1 ] ; then diff --git a/deploy/mock-identity-system/install.sh b/deploy/mock-identity-system/install.sh index 811a9e16..89b97069 100755 --- a/deploy/mock-identity-system/install.sh +++ b/deploy/mock-identity-system/install.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Installs all esignet helm charts +# Installs esignet mock identity helm chart ## Usage: ./install.sh [kubeconfig] if [ $# -ge 1 ] ; then @@ -20,6 +20,18 @@ function installing_mock-identity-system() { echo Istio label kubectl label ns $NS istio-injection=enabled --overwrite + while true; do + read -p "Do you want to install mock identity service? (y/n): " response + if [[ "$response" == "y" || "$response" == "Y" ]]; then + break + elif [[ "$response" == "n" || "$response" == "N" ]]; then + exit + else + echo "Not a correct response. Please respond with y (yes) or n (no)." + fi + done + + while true; do read -p "Is Prometheus Service Monitor Operator deployed in the k8s cluster? (y/n): " response if [[ "$response" == "y" || "$response" == "Y" ]]; then diff --git a/deploy/mock-identity-system/restart.sh b/deploy/mock-identity-system/restart.sh index 619e38b9..57ab4750 100755 --- a/deploy/mock-identity-system/restart.sh +++ b/deploy/mock-identity-system/restart.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Restart the esignet services +# Restart the esignet mock identity services if [ $# -ge 1 ] ; then export KUBECONFIG=$1 diff --git a/deploy/mock-relying-party-service/delete.sh b/deploy/mock-relying-party-service/delete.sh index 55ac46e6..a28abfaa 100755 --- a/deploy/mock-relying-party-service/delete.sh +++ b/deploy/mock-relying-party-service/delete.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Uninstalls all esignet helm charts +# Uninstalls esignet mock-relying-party service ## Usage: ./delete.sh [kubeconfig] if [ $# -ge 1 ] ; then diff --git a/deploy/mock-relying-party-service/install.sh b/deploy/mock-relying-party-service/install.sh index 9353d2a6..ed284637 100755 --- a/deploy/mock-relying-party-service/install.sh +++ b/deploy/mock-relying-party-service/install.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Installs all esignet helm charts +# Installs esignet mock-relying-party service helm ## Usage: ./install.sh [kubeconfig] if [ $# -ge 1 ] ; then diff --git a/deploy/mock-relying-party-service/restart.sh b/deploy/mock-relying-party-service/restart.sh index a14bd122..b8a16f84 100755 --- a/deploy/mock-relying-party-service/restart.sh +++ b/deploy/mock-relying-party-service/restart.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Restart the esignet services +# Restarts esignet mock-relying-party service if [ $# -ge 1 ] ; then export KUBECONFIG=$1 diff --git a/deploy/mock-relying-party-ui/delete.sh b/deploy/mock-relying-party-ui/delete.sh index b250c0f4..5a5e3280 100755 --- a/deploy/mock-relying-party-ui/delete.sh +++ b/deploy/mock-relying-party-ui/delete.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Uninstalls all esignet helm charts +# Uninstalls esignet mock-relying-party ui ## Usage: ./delete.sh [kubeconfig] if [ $# -ge 1 ] ; then diff --git a/deploy/mock-relying-party-ui/install.sh b/deploy/mock-relying-party-ui/install.sh index 9d904d6b..10a00b25 100755 --- a/deploy/mock-relying-party-ui/install.sh +++ b/deploy/mock-relying-party-ui/install.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Installs all esignet helm charts +# Installs esignet mock-relying-party ui ## Usage: ./install.sh [kubeconfig] if [ $# -ge 1 ] ; then diff --git a/deploy/mock-relying-party-ui/restart.sh b/deploy/mock-relying-party-ui/restart.sh index 8874b6b0..53fe148c 100755 --- a/deploy/mock-relying-party-ui/restart.sh +++ b/deploy/mock-relying-party-ui/restart.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Restart the esignet services +# Restart esignet mock-relying-party ui if [ $# -ge 1 ] ; then export KUBECONFIG=$1 @@ -21,4 +21,4 @@ set -o errexit ## set -e : exit the script if any statement returns a non-true set -o nounset ## set -u : exit the script if you try to use an uninitialised variable set -o errtrace # trace ERR through 'time command' and other functions set -o pipefail # trace ERR through pipes -Restarting_mock-relying-party-ui # calling function \ No newline at end of file +Restarting_mock-relying-party-ui # calling function diff --git a/deploy/prereq.sh b/deploy/prereq.sh old mode 100644 new mode 100755 index fc918b7c..6729d3d6 --- a/deploy/prereq.sh +++ b/deploy/prereq.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Installs and initialises pre-requisites for esignet mock service helm charts +# Installs and initialises pre-requisites for esignet mock identity service helm charts ## Usage: ./install.sh [kubeconfig] if [ $# -ge 1 ] ; then @@ -31,6 +31,6 @@ function installing_All() { cd postgres ./init_db.sh - echo All esignet mock services deployed sucessfully. + echo All esignet mock identity services pre-requisites deployed sucessfully. return 0 } From 6e47d677284f52938e81d626b12a13850944edce Mon Sep 17 00:00:00 2001 From: ase-101 Date: Sun, 29 Sep 2024 11:26:51 +0530 Subject: [PATCH 16/24] Updated readme and docker compose Signed-off-by: ase-101 --- LICENSE | 373 ++++++++++++++++++++ README.md | 4 +- docker-compose/README.md | 31 +- docker-compose/dependent-docker-compose.yml | 2 +- docker-compose/docker-compose.yml | 2 +- mock-identity-system/README.md | 28 +- mock-relying-party-service/README.md | 2 +- 7 files changed, 408 insertions(+), 34 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..a612ad98 --- /dev/null +++ b/LICENSE @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/README.md b/README.md index 57e37ddd..fe7538a0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# esignet-mock-services -Repository contains mock implementation of auth for e-signet +# eSignet mock implementations +Repository contains mock implementations for eSignet. Only for non-production use. ## Installing in k8s cluster using helm ### Pre-requisites diff --git a/docker-compose/README.md b/docker-compose/README.md index b15ef31b..6f1eb7c8 100644 --- a/docker-compose/README.md +++ b/docker-compose/README.md @@ -1,18 +1,31 @@ ## Overview -This is the docker-compose setup to run mock identity system. This is not for production use. +This is the docker-compose setup to run mock identity system and mock relying party portal. This is not for production use. -## What is in the docker-compose setup folder? +## Overview + +This is the docker compose setup to run esignet UI and esignet-service with mock identity system. This is not for production use. + +## I am a developer, how to setup dependent services to run mock-identity-system? + +1. Run `docker compose --file dependent-docker-compose.yml up` to start all the dependent services. +2. Go to command line for the project root directory and run `mvn clean install -Dgpg.skip=true -DskipTests=true` +3. Start the [MockIdentitySystemApplication.java](../mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/MockIdentitySystemApplication.java) from your IDE. +4. Access the service swagger with this URL - http://localhost:8082/v1/mock-identity-system/swagger-ui.html -1. "config" folder holds the mock-identity system properties file. -2. "dependent-docker-compose.yml" file has all the dependent services to run mock-identity-system. -3. "init.sql" comprises DDL and DMLs required by mock-identity-system. +## How to start the mock Relying party UI? -## How to run this setup? +1. Run [mock-relying-party-portal-docker-compose.yml](mock-relying-party-portal-docker-compose.yml) to start relying party portal. +2. Access Relying party UI at http://localhost:3000 -1. Start the dependent-docker-compose.yml file +By default, mock Relying party portal is connecting to eSignet (Identity Provider) hosted in collab.mosip.net environment. +Below environment variables should be changed to point to different environment: +* ESIGNET_UI_BASE_URL +* CLIENT_ID +* ESIGNET_SERVICE_URL +* ESIGNET_AUD_URL +* CLIENT_PRIVATE_KEY -2. Build and start the mock-identity-system service. +Refer [README.md](../mock-relying-party-ui/README.md) for more details. -3. Access the service swagger with this URL - http://localhost:8082/v1/mock-identity-system/swagger-ui.html diff --git a/docker-compose/dependent-docker-compose.yml b/docker-compose/dependent-docker-compose.yml index 55272eb9..d756885e 100644 --- a/docker-compose/dependent-docker-compose.yml +++ b/docker-compose/dependent-docker-compose.yml @@ -1,6 +1,6 @@ services: database: - image: 'postgres:latest' + image: 'postgres:bookworm' ports: - 5455:5432 environment: diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml index 41ccbe79..a720385d 100644 --- a/docker-compose/docker-compose.yml +++ b/docker-compose/docker-compose.yml @@ -1,6 +1,6 @@ services: database: - image: 'postgres:latest' + image: 'postgres:bookworm' ports: - 5455:5432 environment: diff --git a/mock-identity-system/README.md b/mock-identity-system/README.md index 5b73483e..2f2393fe 100644 --- a/mock-identity-system/README.md +++ b/mock-identity-system/README.md @@ -9,36 +9,24 @@ Currently supports below endpoints * get-identity * kyc-auth * kyc-exchange +* Add verification metadata for every user claim Below authentication factors are supported: * PIN * OTP * BIO +* PWD +* WLA ## Local setup of mock-identity-system -1. Create a "mosip_mockidentitysystem" database. -2. Run all the scripts under db_scripts/mosip_mockidentitysystem/ddl folder. -3. Run the below 2 insert statements: - - > INSERT INTO mockidentitysystem.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES ('ROOT', 1095, 50, 'NA', true, 'mosipadmin', now()); - - > INSERT INTO mockidentitysystem.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES ('MOCK_AUTHENTICATION_SERVICE', 1095, 50, 'NA', true, 'mosipadmin', now()); +1. Run [docker-compose.yml](../docker-compose/docker-compose.yml) -4. Cross-check DB connection details in application-local.properties file -5. Now build the service with below command - - > mvn clean install -Dgpg.skip=true - -6. Locate the mock-identity-system jar under target folder, run the below command to start the service. - - > java -jar mock-identity-system.jar - -7. Once the service is started successfully, we should be able to access service swagger-ui with below URL: +2. Once the service is started successfully, we should be able to access service swagger-ui with below URL: > http://localhost:8082/v1/mock-identity-system/swagger-ui.html -8. Add an identity using below request: +3. Add an identity using below request: > curl -X 'POST' \ 'http://localhost:8082/v1/mock-identity-system/identity' \ @@ -51,8 +39,8 @@ Below authentication factors are supported: ## Databases -Refer to [SQL scripts](db_scripts). +Refer to [SQL scripts](../db_scripts) ## License -This project is licensed under the terms of [Mozilla Public License 2.0](LICENSE). +This project is licensed under the terms of [Mozilla Public License 2.0](../LICENSE). diff --git a/mock-relying-party-service/README.md b/mock-relying-party-service/README.md index fb397188..eea92adb 100644 --- a/mock-relying-party-service/README.md +++ b/mock-relying-party-service/README.md @@ -25,7 +25,7 @@ The application run on PORT=8888. - Env variables - ESIGNET_SERVICE_URL: MOSIP ESIGNET API URL (Example:http://esignet.esignet/v1/esignet) - - ESIGNET_AUD_URL: MOSIP ESIGNET OAUTH TOKEN URL (Example:http://esignet.esignet/v1/esignet/oauth/v2/token) + - ESIGNET_AUD_URL: Value to be used as `aud` claim in client_asseertion. With eSignet, it is https://esignet.domain.com/v1/esignet/oauth/v2/token - JWE_USERINFO_PRIVATE_KEY: Used for encrypting user information. - CLIENT_PRIVATE_KEY: Holds private key for authentication and security. - USERINFO_RESPONSE_TYPE: Response type for user information retrieval. From 1c822391ce748ebb7e4be707e1deaf96129e4f78 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Mon, 30 Sep 2024 16:13:58 +0530 Subject: [PATCH 17/24] [MOSIP-35816] added changes for partner onboarder to store reports in volume Signed-off-by: ckm007 --- partner-onboarder/README.md | 11 +- partner-onboarder/copy_cm.sh | 10 -- partner-onboarder/copy_cm_func.sh | 33 ------ partner-onboarder/copy_secrets.sh | 10 -- partner-onboarder/delete.sh | 10 +- partner-onboarder/install.sh | 161 +++++++++++++++++------------- partner-onboarder/values.yaml | 30 +++++- 7 files changed, 129 insertions(+), 136 deletions(-) delete mode 100755 partner-onboarder/copy_cm.sh delete mode 100755 partner-onboarder/copy_cm_func.sh delete mode 100755 partner-onboarder/copy_secrets.sh diff --git a/partner-onboarder/README.md b/partner-onboarder/README.md index bead756e..1edcd23e 100644 --- a/partner-onboarder/README.md +++ b/partner-onboarder/README.md @@ -1,7 +1,7 @@ # Partner Onboarder ## Overview -Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding). +Exchanges certificate for Mock Relying Party OIDC partner. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding). ## Install * Set `values.yaml` to run onboarder for specific modules. @@ -10,10 +10,8 @@ Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](http ./install.sh ``` # Troubleshootings - -* After completion of the job, a very detailed `html report` is prepared and stored at https://onboarder.{sandbox_base_url}.mosip.net - -* The user can go and view the same for more information or response messages. +* Once onboarder job is completed, detailed `html report` is prepared and stored at provided S3 bucket / NFS directory. +* Once onboarder helm installation is complted, please check the reports to confirm sucessfull onboarding. ### Commonly found issues @@ -28,6 +26,3 @@ Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](http 3. Upload of certificate will not be allowed to update other domain certificate Resolution: This is expected when you try to upload `ida-cred` certificate twice. It should only run once and if you see this error while uploading a second time it can be ignored as the cert is already present. - - - diff --git a/partner-onboarder/copy_cm.sh b/partner-onboarder/copy_cm.sh deleted file mode 100755 index 9d69e071..00000000 --- a/partner-onboarder/copy_cm.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# Copy configmaps from other namespaces -# DST_NS: Destination namespace - -COPY_UTIL=./copy_cm_func.sh -DST_NS=esignet - -$COPY_UTIL configmap global default $DST_NS -$COPY_UTIL configmap keycloak-env-vars keycloak $DST_NS -$COPY_UTIL configmap keycloak-host keycloak $DST_NS diff --git a/partner-onboarder/copy_cm_func.sh b/partner-onboarder/copy_cm_func.sh deleted file mode 100755 index 7b225948..00000000 --- a/partner-onboarder/copy_cm_func.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# Copy configmap and secret from one namespace to another. -# ./copy_cm_func.sh [name] -# Parameters: -# resource: configmap|secret -# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is -# clash of names - -if [ $1 = "configmap" ] -then - RESOURCE=configmap -elif [ $1 = "secret" ] -then - RESOURCE=secret -else - echo "Incorrect resource $1. Exiting.." - exit 1 -fi - - -if [ $# -ge 5 ] -then - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f - -else - kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2 - kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f - -fi - - - - - diff --git a/partner-onboarder/copy_secrets.sh b/partner-onboarder/copy_secrets.sh deleted file mode 100755 index 0438ce7e..00000000 --- a/partner-onboarder/copy_secrets.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# Copy secrets from other namespaces -# DST_NS: Destination namespace - -COPY_UTIL=./copy_cm_func.sh -DST_NS=esignet - -$COPY_UTIL secret s3 s3 $DST_NS -$COPY_UTIL secret keycloak keycloak $DST_NS -$COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS diff --git a/partner-onboarder/delete.sh b/partner-onboarder/delete.sh index 1240de56..81907422 100755 --- a/partner-onboarder/delete.sh +++ b/partner-onboarder/delete.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Uninstalls partner-onboarder helm +# Uninstalls mock relying party OIDC helm ## Usage: ./delete.sh [kubeconfig] if [ $# -ge 1 ] ; then @@ -9,10 +9,10 @@ fi function deleting_onboarder() { NS=esignet while true; do - read -p "Are you sure you want to delete all partner-onboarder ?(Y/n) " yn - if [ $yn = "Y" ]; then - echo Deleting esignet-demo-oidc-partner-onboarder helm - helm -n $NS delete esignet-demo-oidc-partner-onboarder + read -p "Are you sure you want to delete mock relying party OIDC helm ?(Y/n) " yn + if [[ $yn = "Y" ]] || [[ $yn = "y" ]] ; then + echo Deleting esignet-mock-rp-onboarder helm + helm -n $NS delete esignet-mock-rp-onboarder break fi done diff --git a/partner-onboarder/install.sh b/partner-onboarder/install.sh index 558bee91..bb8953b4 100755 --- a/partner-onboarder/install.sh +++ b/partner-onboarder/install.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Onboards default partners +# Onboards mock relying party OIDC helm ## Usage: ./install.sh [kubeconfig] if [ $# -ge 1 ] ; then @@ -12,7 +12,7 @@ echo "n: if you don't have public domain & valid ssl certificate" read -p "" flag if [ -z "$flag" ]; then - echo "'flag' was provided; EXITING;" + echo "'flag' was not provided; EXITING;" exit 1; fi ENABLE_INSECURE='' @@ -24,82 +24,107 @@ NS=esignet CHART_VERSION=0.0.1-develop echo Create $NS namespace -kubectl create ns $NS +kubectl create ns $NS || true function installing_onboarder() { - read -p "Is values.yaml for onboarder chart set correctly as part of Pre-requisites?(Y/n) " yn; - if [ $yn = "Y" ]; then - echo Istio label + read -p "Is values.yaml for onboarder chart set correctly as part of pre-requisites? (Y/n) : " yn; + if [[ $yn = "Y" ]] || [[ $yn = "y" ]] ; then + NFS_OPTION='' + S3_OPTION='' + config_complete=false # flag to check if S3 or NFS is configured + while [ "$config_complete" = false ]; do + read -p "Do you have S3 details for storing Onboarder reports? (Y/n) : " ans + if [[ "$ans" == "y" || "$ans" == "Y" ]]; then + read -p "Please provide S3 host: " s3_host + if [[ -z $s3_host ]]; then + echo "S3 host not provided; EXITING;" + exit 1; + fi + read -p "Please provide S3 region: " s3_region + if [[ $s3_region == *[' !@#$%^&*()+']* ]]; then + echo "S3 region should not contain spaces or special characters; EXITING;" + exit 1; + fi + read -p "Please provide S3 bucket: " s3_bucket + if [[ $s3_bucket == *[' !@#$%^&*()+']* ]]; then + echo "S3 bucket should not contain spaces or special characters; EXITING;" + exit 1; + fi + read -p "Please provide S3 access key: " s3_user_key + if [[ -z $s3_user_key ]]; then + echo "S3 access key not provided; EXITING;" + exit 1; + fi + read -p "Please provide S3 secret key: " s3_secret_key + if [[ -z $s3_secret_key ]]; then + echo "S3 secret key not provided; EXITING;" + exit 1; + fi + S3_OPTION="--set onboarding.configmaps.s3.s3-host=$s3_host --set onboarding.configmaps.s3.s3-user-key=$s3_user_key --set onboarding.configmaps.s3.s3-region=$s3_region --set onboarding.configmaps.s3.s3-bucket-name=$s3_bucket --set onboarding.secrets.s3.s3-user-secret=$s3_secret_key" + push_reports_to_s3=true + config_complete=true + elif [[ "$ans" == "n" || "$ans" == "N" ]]; then + push_reports_to_s3=false + read -p "Since S3 details are not available, do you want to use NFS directory mount for storing reports? (y/n) : " answer + if [[ $answer == "Y" ]] || [[ $answer == "y" ]]; then + read -p "Please provide NFS Server IP: " nfs_server + if [[ -z $nfs_server ]]; then + echo "NFS server not provided; EXITING." + exit 1; + fi + read -p "Please provide NFS directory to store reports from NFS server (e.g. /srv/nfs/mosip/onboarder/): " nfs_path + if [[ -z $nfs_path ]]; then + echo "NFS Path not provided; EXITING." + exit 1; + fi + NFS_OPTION="--set onboarding.volumes.reports.nfs.server=$nfs_server --set onboarding.volumes.reports.nfs.path=$nfs_path" + config_complete=true + else + echo "Please rerun the script with either S3 or NFS server details." + exit 1; + fi + else + echo "Invalid input. Please respond with Y (yes) or N (no)." + fi + done + + echo "Istio label" kubectl label ns $NS istio-injection=disabled --overwrite - helm repo update - - echo Copy configmaps - kubectl -n $NS --ignore-not-found=true delete cm s3 - sed -i 's/\r$//' copy_cm.sh - ./copy_cm.sh - kubectl -n $NS delete cm --ignore-not-found=true onboarding - - echo Copy secrets - sed -i 's/\r$//' copy_secrets.sh - ./copy_secrets.sh - - read -p "Provide onboarder bucket name : " s3_bucket - if [[ -z $s3_bucket ]]; then - echo "s3_bucket not provided; EXITING;"; - exit 1; - fi - if [[ $s3_bucket == *[' !@#$%^&*()+']* ]]; then - echo "s3_bucket should not contain spaces / any special character; EXITING"; - exit 1; - fi - read -p "Provide onboarder s3 bucket region : " s3_region - if [[ $s3_region == *[' !@#$%^&*()+']* ]]; then - echo "s3_region should not contain spaces / any special character; EXITING"; - exit 1; - fi - - read -p "Provide S3 URL : " s3_url - if [[ -z $s3_url ]]; then - echo "s3_url not provided; EXITING;" - exit 1; - fi - - s3_user_key=$( kubectl -n s3 get cm s3 -o json | jq -r '.data."s3-user-key"' ) - kubectl -n $NS --ignore-not-found=true delete cm esignet-onboarder-namespace - kubectl -n $NS get cm onboarder-namespace -o yaml | sed 's/name:.*/name: esignet-onboarder-namespace/g' | kubectl -n $NS create -f - - kubectl -n $NS --ignore-not-found=true delete cm onboarder-namespace - - - echo Onboarding default partners - helm -n $NS install esignet-demo-oidc-partner-onboarder mosip/partner-onboarder \ - --set onboarding.configmaps.s3.s3-host="$s3_url" \ - --set onboarding.configmaps.s3.s3-user-key="$s3_user_key" \ - --set onboarding.configmaps.s3.s3-region="$s3_region" \ - --set onboarding.configmaps.s3.s3-bucket-name="$s3_bucket" \ - $ENABLE_INSECURE \ - -f values.yaml \ - --version $CHART_VERSION \ - --wait --wait-for-jobs - - private_public_key_pair=$(kubectl logs -n $NS job/esignet-demo-oidc-partner-onboarder-demo-oidc | grep -Pzo "(?s)Private and Public KeyPair:\s*\K.*?(?=\s*mpartner default demo OIDC clientId:)" | tr -d '\0' | tr -d '\n') - echo Encoded Private and Public Key Pair: $private_public_key_pair - kubectl patch secret mock-relying-party-service-secrets -n $NS -p '{"data":{"client-private-key":"'$(echo -n "$private_public_key_pair" | base64 | tr -d '\n')'"}}' - kubectl rollout restart deployment -n esignet mock-relying-party-service - demo_oidc_clientid=$(kubectl logs -n $NS job/esignet-demo-oidc-partner-onboarder-demo-oidc | grep "mpartner default demo OIDC clientId:" | awk '{sub("clientId:", ""); print $5}') - echo mpartner default demo OIDC clientId is: $demo_oidc_clientid - kubectl -n esignet set env deployment/mock-relying-party-ui CLIENT_ID=$demo_oidc_clientid - - - echo Reports are moved to S3 under onboarder bucket +# helm repo update + + echo "Copy configmaps" + COPY_UTIL=../deploy/copy_cm_func.sh + $COPY_UTIL configmap keycloak-env-vars keycloak $NS + $COPY_UTIL configmap keycloak-host keycloak $NS + + $COPY_UTIL secret keycloak keycloak $NS + $COPY_UTIL secret keycloak-client-secrets keycloak $NS + + echo $NFS_OPTION + echo $S3_OPTION + echo $push_reports_to_s3 + + echo "Onboarding Mock Relying Party OIDC client" + helm -n $NS install esignet-mock-rp-onboarder ../../mosip-onboarding/helm/partner-onboarder/ \ + $NFS_OPTION \ + $S3_OPTION \ + --set onboarding.variables.push_reports_to_s3=$push_reports_to_s3 \ + --set extraEnvVarsCM[0]=esignet-global \ + --set extraEnvVarsCM[1]=keycloak-env-vars \ + --set extraEnvVarsCM[2]=keycloak-host \ + $ENABLE_INSECURE \ + -f values.yaml \ + --debug --wait --wait-for-jobs + echo "Partner onboarded successfully and reports are moved to S3 or NFS" return 0 fi } # set commands for error handling. set -e -set -o errexit ## set -e : exit the script if any statement returns a non-true return value -set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errexit # exit the script if any statement returns a non-true return value +set -o nounset # exit the script if you try to use an uninitialised variable set -o errtrace # trace ERR through 'time command' and other functions set -o pipefail # trace ERR through pipes installing_onboarder # calling function diff --git a/partner-onboarder/values.yaml b/partner-onboarder/values.yaml index 8bc87148..856a24f2 100644 --- a/partner-onboarder/values.yaml +++ b/partner-onboarder/values.yaml @@ -1,3 +1,8 @@ +image: + registry: docker.io + repository: mosipdev/partner-onboarder + tag: MOSIP-35987 + onboarding: modules: - name: ida @@ -16,7 +21,28 @@ onboarding: enabled: false - name: resident-oidc enabled: false - - name: demo-oidc + - name: mock-rp-oidc enabled: true - name: mimoto-keybinding - enabled: false \ No newline at end of file + enabled: false + - name: mimoto-oidc + enabled: false + - name: signup-oidc + enabled: false + +# volumes: +# reports: +# enabled: true +# name: onboarder-reports +# storageClass: nfs-client +# accessModes: +# - ReadWriteMany +# size: 10Mi +# existingClaim: +# # Dir where config and keys are written inside container +# mountDir: "/home/mosip/reports" +# nfs: +# path: '' # Dir within the nfs server where config repo is cloned/maintained locally. +# server: '' # Ip address of nfs server. +# variables: +# push-reports-to-s3: true From d26048d2b0a6cc5a1c3c52339a12e74b06f9be93 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Mon, 30 Sep 2024 16:14:23 +0530 Subject: [PATCH 18/24] [MOSIP-35816] removed unused secret creation Signed-off-by: ckm007 --- README.md | 22 +++-------- deploy/mock-relying-party-service/install.sh | 34 +---------------- deploy/prereq.sh | 38 ++++++++++++++++++- .../templates/deployment.yaml | 5 +-- 4 files changed, 45 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index a6a321bb..35765d43 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,14 @@ Repository contains mock implementation of auth for e-signet ### Install Pe-req for mock identity service * Install `kubectl` and `helm` utilities. -* Run `prereq-mockid.sh` to setup below mentioned pre-requisites for mock-identity-system. +* Run `prereq.sh` to setup below mentioned pre-requisites for mock services. * Setup softhsm for mock-identity in `Softhsm` namespace. * Copy required `configmaps` and `secrets` to `mockid` namespace. * Initialise mock Identity DB. + * Create empty secret for `client-private-key` and `jwe-userinfo-key` for mock relying party service. ``` cd deploy - ./prereq-mockid.sh + ./prereq.sh ``` ### Install esignet mock services * Install `kubectl` and `helm` utilities. @@ -55,18 +56,5 @@ Repository contains mock implementation of auth for e-signet ./restart-mock.sh ``` -## Onboard esignet mock and relying party services -* Run onboarder's [install.sh](partner-onboarder) script to exchange jwk certificates. -### Configurational steps after onboarding is completed. -* Below mentioned onboarding steps are added after 1.2.0.1-b3 - * Onboarding the default demo-oidc partner - - -### Onboarding the default demo-oidc partner -* After successfull partner onboarder run for demo-oidc partner , download html reports from `onboarder` bucket of object store . -* Get `CLIENT_ID` from response body of request `create-oidc-client` from the report **_demo-oidc.html_** -* Update deployment of `mock-relying-party-ui` in esignet namespace with `CLIENT_ID` value from last step . -* As per screenshot get the private and public key pair (shown as selected in the screenshot )from the response of the `get-jwks` request from the report **_demo-oidc.html_** - ![](docs/images/get-jwks-details.PNG) -* Update the client-private-key stored within the secrets in the esignet namespace with the base64-encoded value derived from the keypair obtained in the previous step. -* Restart mock-relying-party-service pod +## Partner onboarder +* Perform Partner onboarding for esignet mock using [steps](partner-onboarder/README.md). diff --git a/deploy/mock-relying-party-service/install.sh b/deploy/mock-relying-party-service/install.sh index ed284637..d92ae4ef 100755 --- a/deploy/mock-relying-party-service/install.sh +++ b/deploy/mock-relying-party-service/install.sh @@ -16,17 +16,6 @@ function installing_mock-relying-party-service() { echo Istio label kubectl label ns $NS istio-injection=enabled --overwrite - read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY - - if [ -z "$CLIENT_PRIVATE_KEY" ]; then - echo "Client Private key file not provided; EXITING;"; - exit 0; - fi - if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then - echo "Client Private key not found; EXITING;"; - exit 0; - fi - echo "Do you have public domain & valid SSL? (Y/n) " echo "Y: if you have public domain & valid ssl certificate" echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments." @@ -41,33 +30,14 @@ function installing_mock-relying-party-service() { ENABLE_INSECURE='--set enable_insecure=true'; fi - read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY - - if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then - echo "Client jwe userinfo Private key file not provided; EXITING;"; - exit 0; - fi - if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then - echo "Client jwe userinfo Private key not found; EXITING;"; - exit 0; - fi - - echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists" - cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key - cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key - - kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets - kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets - kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key" - kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key" - ESIGNET_HOST=$(kubectl -n $NS get cm esignet-global -o jsonpath={.data.mosip-esignet-host}) DEFAULT_ESIGNET_SERVICE_URL='http://esignet.esignet/v1/esignet' read -p "Please provide Esignet service url : ( default: http://esignet.esignet/v1/esignet )" USER_PROVIDED_ESIGNET_SERVICE_URL ESIGNET_SERVICE_URL=${USER_PROVIDED_ESIGNET_SERVICE_URL:-$DEFAULT_ESIGNET_SERVICE_URL} echo Installing Mock Relying Party Service - helm -n $NS install mock-relying-party-service mosip/mock-relying-party-service \ +# helm -n $NS install mock-relying-party-service mosip/mock-relying-party-service \ + helm -n $NS install mock-relying-party-service ../../helm/mock-relying-party-service/ \ --set mock_relying_party_service.ESIGNET_SERVICE_URL="$ESIGNET_SERVICE_URL" \ --set mock_relying_party_service.ESIGNET_AUD_URL="https://$ESIGNET_HOST/v1/esignet/oauth/v2/token" \ --version $CHART_VERSION $ENABLE_INSECURE \ diff --git a/deploy/prereq.sh b/deploy/prereq.sh index 6729d3d6..db8be9d9 100755 --- a/deploy/prereq.sh +++ b/deploy/prereq.sh @@ -11,7 +11,8 @@ NS=mockid SOFTHSM_NS=softhsm SOFTHSM_CHART_VERSION=12.0.1 -function installing_All() { + +function prereq_mockid () { echo Create $SOFTHSM_NS namespace kubectl create ns $SOFTHSM_NS || true @@ -34,3 +35,38 @@ function installing_All() { echo All esignet mock identity services pre-requisites deployed sucessfully. return 0 } + +function prereq_mockrp () { + echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists" + kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-private-key-jwk + kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets + kubectl -n $NS create secret generic mock-relying-party-private-key-jwk --from-literal=client-private-key='' --dry-run=client -o yaml | kubectl apply -f - + kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-literal=JWE_USERINFO_PRIVATE_KEY='' --dry-run=client -o yaml | kubectl apply -f - + return 0 +} + +function prereq () { + while true; do + read -p "Do you want to install and initialise pre-requisites for mock identity system? (y/n): " response + if [[ "$response" == "y" || "$response" == "Y" ]]; then + prereq_mockid + break + elif [[ "$response" == "n" || "$response" == "N" ]]; then + break + else + echo "Not a correct response. Please respond with y (yes) or n (no)." + fi + done + + prereq_mockrp + + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +prereq # calling function diff --git a/helm/mock-relying-party-service/templates/deployment.yaml b/helm/mock-relying-party-service/templates/deployment.yaml index b5e6d5c7..8527aa81 100644 --- a/helm/mock-relying-party-service/templates/deployment.yaml +++ b/helm/mock-relying-party-service/templates/deployment.yaml @@ -96,7 +96,7 @@ spec: valueFrom: secretKeyRef: key: client-private-key - name: mock-relying-party-service-secrets + name: mock-relying-party-private-key-jwk - name: JWE_USERINFO_PRIVATE_KEY valueFrom: secretKeyRef: @@ -132,9 +132,6 @@ spec: name: {{ . }} {{- end }} {{- end }} - - - ports: - name: container-port containerPort: {{ .Values.containerPort }} From e89dd77d22733021049f1fcb23559fd6f6569cb6 Mon Sep 17 00:00:00 2001 From: Harsh Vardhan Date: Thu, 3 Oct 2024 16:34:17 +0530 Subject: [PATCH 19/24] [INJICERT-434] optionally support using arbitrary field as PSUT value (#258) * [INJICERT-434] optionally support using individualID as PSUT Purpose: to break Certify <--> Mock DataProviderPlugin dependency wrt OIDCTransaction object stored in Redis Config changes required: * Introduces a config but does not break existing default behaviour, so no explicit change required Signed-off-by: Harsh Vardhan * [INJICERT-434] allow PSUT to set to any configured field * by default the kycAuth response will have the psut field, but this can be configured to have some other user data in the clear if required Breaking changes: None. The changes are backwards compatible Signed-off-by: Harsh Vardhan --------- Signed-off-by: Harsh Vardhan --- .../impl/AuthenticationServiceImpl.java | 11 +++++-- .../resources/application-default.properties | 4 +-- .../resources/application-local.properties | 3 +- .../impl/AuthenticationServiceImplTest.java | 32 +++++++++++++++++++ 4 files changed, 44 insertions(+), 6 deletions(-) diff --git a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java index 39500a7c..52175eb2 100644 --- a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java +++ b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImpl.java @@ -8,7 +8,6 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; import com.nimbusds.jose.jwk.RSAKey; import io.mosip.esignet.mock.identitysystem.dto.*; @@ -98,6 +97,9 @@ public class AuthenticationServiceImpl implements AuthenticationService { @Value("#{${mosip.mock.ida.identity-openid-claims-mapping}}") private Map oidcClaimsMapping; + @Value("${mosip.mock.ida.kyc.psut.field:psut}") + private String psutField; + ArrayList trnHash = new ArrayList<>(); @Override @@ -121,8 +123,11 @@ public KycAuthResponseDto kycAuth(String relyingPartyId, String clientId, KycAut KycAuthResponseDto kycAuthResponseDto = new KycAuthResponseDto(); kycAuthResponseDto.setAuthStatus(authStatus); kycAuthResponseDto.setKycToken(kycAuth.getKycToken()); - kycAuthResponseDto.setPartnerSpecificUserToken(kycAuth.getPartnerSpecificUserToken()); - + if (psutField.equals("psut")) { + kycAuthResponseDto.setPartnerSpecificUserToken(kycAuth.getPartnerSpecificUserToken()); + } else { + kycAuthResponseDto.setPartnerSpecificUserToken(HelperUtil.getIdentityDataValue(identityData, psutField, defaultLanguage)); + } if(kycAuthDto.isClaimMetadataRequired()) { kycAuthResponseDto.setClaimMetadata(getVerifiedClaimMetadata(kycAuthDto.getIndividualId(), identityData)); } diff --git a/mock-identity-system/src/main/resources/application-default.properties b/mock-identity-system/src/main/resources/application-default.properties index 1889a0cd..5c6f3c5b 100644 --- a/mock-identity-system/src/main/resources/application-default.properties +++ b/mock-identity-system/src/main/resources/application-default.properties @@ -121,7 +121,7 @@ mosip.esignet.mock.authenticator.ida.otp-channels=email,phone mosip.esignet.mock.supported-fields=individualId,pin,givenName,familyName,gender,dateOfBirth,email,phone,streetAddress,locality,region,postalCode,country mosip.mock.ida.kba.default.field-language=eng - +mosip.mock.ida.kyc.psut.field=psut #Related to health check of hsm mosip.kernel.keymgr.hsm.health.check.enabled=false mosip.kernel.keymgr.hsm.health.key.app-id=MOCK_AUTHENTICATION_SERVICE @@ -134,4 +134,4 @@ mosip.esignet.authenticator.auth-factor.kbi.field-details={{"id":"phone", "type" mosip.esignet.authenticator.auth-factor.kbi.field-language=eng mosip.mock.ida.kbi.default.field-language=eng -mosip.mock.ida.identity-openid-claims-mapping={"fullName":"name","name":"name","email":"email","phone":"phone_number","gender":"gender","dateOfBirth":"birthdate","encodedPhoto":"picture"} \ No newline at end of file +mosip.mock.ida.identity-openid-claims-mapping={"fullName":"name","name":"name","email":"email","phone":"phone_number","gender":"gender","dateOfBirth":"birthdate","encodedPhoto":"picture"} diff --git a/mock-identity-system/src/main/resources/application-local.properties b/mock-identity-system/src/main/resources/application-local.properties index b7af7402..499cdf19 100644 --- a/mock-identity-system/src/main/resources/application-local.properties +++ b/mock-identity-system/src/main/resources/application-local.properties @@ -72,4 +72,5 @@ mosip.mock.ida.identity-openid-claims-mapping={"fullName":"name","name":"name"," ##---------------------------------KBI Configurations------------------------------------------------------ #We can use any field from the IdentityData for KBI mosip.esignet.authenticator.auth-factor.kbi.field-details={{"id":"phone", "type":"text", "format":""},{"id":"email", "type":"text", "format":""},{"id":"dateOfBirth", "type":"date", "format":"yyyy-MM-dd"}} -mosip.mock.ida.kbi.default.field-language=eng \ No newline at end of file +mosip.mock.ida.kbi.default.field-language=eng +mosip.mock.ida.kyc.psut.field=psut diff --git a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java index 733d185c..024cdd18 100644 --- a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java +++ b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java @@ -66,6 +66,7 @@ public void setUp() throws Exception { ObjectMapper objectMapper = new ObjectMapper(); identityData = objectMapper.readTree(jsonIdentity); ReflectionTestUtils.setField(authenticationService, "objectMapper", objectMapper); + ReflectionTestUtils.setField(authenticationService,"psutField", "psut"); oidcClaimsMap.put("fullName", "name"); oidcClaimsMap.put("name", "name"); @@ -106,6 +107,37 @@ public void kycAuth_withValidKbiChallenge_thenPass() { Assert.assertTrue(kycAuthResponseDto.isAuthStatus()); } + @Test + public void kycAuth_withValidKbiChallengeCustomPSUTfield_thenPass() { + List> fieldDetailList = List.of(Map.of("id","individualId","type","text","format","string") + ,Map.of("id","fullName","type","text","format","") + ,Map.of("id","dateOfBirth","type","date","format","yyyy-MM-dd")); + ReflectionTestUtils.setField(authenticationService, "fieldDetailList", fieldDetailList); + ReflectionTestUtils.setField(authenticationService, "fieldLang", "eng"); + ReflectionTestUtils.setField(authenticationService,"objectMapper",new ObjectMapper()); + // set the PSUT field to contain the individualId instead + ReflectionTestUtils.setField(authenticationService,"psutField", "individualId"); + + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setKbi("eyJmdWxsTmFtZSI6IlNpZGRoYXJ0aCBLIE1hbnNvdXIiLCJkYXRlT2ZCaXJ0aCI6IjE5ODctMTEtMjUifQ=="); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId("transactionId"); + + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + LanguageValue languageValue = new LanguageValue(); + languageValue.setLanguage("eng"); + languageValue.setValue("Siddharth K Mansour"); + identityData.setFullName(List.of(languageValue)); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(this.identityData); + + Mockito.when(authRepository.save(Mockito.any())).thenReturn(new KycAuth()); + + KycAuthResponseDto kycAuthResponseDto = authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + Assert.assertEquals("8267411571", kycAuthResponseDto.getPartnerSpecificUserToken()); + Assert.assertTrue(kycAuthResponseDto.isAuthStatus()); + } + @Test public void kycAuth_withInCorrectKbiChallenge_thenFail() { From 712e323e01e8d83dfa94e1e10a927264a215e06e Mon Sep 17 00:00:00 2001 From: pvsaidurga <132046494+pvsaidurga@users.noreply.github.com> Date: Thu, 3 Oct 2024 17:16:34 +0530 Subject: [PATCH 20/24] [ES-1689] added test case (#259) Signed-off-by: Venkata Saidurga Polamraju --- .../controller/IdentityControllerTest.java | 15 ++++++ .../impl/AuthenticationServiceImplTest.java | 53 +++++++++++++++++++ .../service/impl/IdentityServiceTest.java | 43 ++++++++++++++- 3 files changed, 109 insertions(+), 2 deletions(-) diff --git a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/controller/IdentityControllerTest.java b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/controller/IdentityControllerTest.java index b9e016c7..c1985195 100644 --- a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/controller/IdentityControllerTest.java +++ b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/controller/IdentityControllerTest.java @@ -7,6 +7,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -160,4 +161,18 @@ public void addVerifiedClaim_withInvalidClaim_returnErrorResponse() throws Exce .andExpect(jsonPath("$.errors[0].errorCode").value(ErrorConstants.INVALID_REQUEST)); } + @Test + public void updateIdentity_withValidIdentity_thenPass() throws Exception { + RequestWrapper requestWrapper = new RequestWrapper(); + ZonedDateTime requestTime = ZonedDateTime.now(ZoneOffset.UTC); + requestWrapper.setRequestTime(requestTime.format(DateTimeFormatter.ofPattern(UTC_DATETIME_PATTERN))); + requestWrapper.setRequest(identityRequest); + + Mockito.doNothing().when(identityService).updateIdentity(identityRequest); + + mockMvc.perform(put("/identity").content(objectMapper.writeValueAsString(requestWrapper)) + .contentType(MediaType.APPLICATION_JSON)).andExpect(status().isOk()) + .andExpect(jsonPath("$.response.status").value("mock Identity data updated successfully")); + } + } diff --git a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java index 024cdd18..571968dc 100644 --- a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java +++ b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java @@ -333,6 +333,56 @@ public void kycExchange_withValidDetails_thenPass() throws MockIdentityException Assert.assertEquals("signedData", response.getKyc()); } + @Test + public void kycExchange_withInValidJwe_thenFail() throws MockIdentityException, JsonProcessingException { + ReflectionTestUtils.setField(authenticationService,"transactionTimeoutInSecs",60); + ReflectionTestUtils.setField(authenticationService,"encryptKyc",true); + ReflectionTestUtils.setField(authenticationService,"objectMapper",objectMapper); + String relyingPartyId = "relyingPartyId"; + String clientId = "clientId"; + + KycExchangeRequestDto kycExchangeRequestDto=new KycExchangeRequestDto(); + kycExchangeRequestDto.setKycToken("kycToken"); + kycExchangeRequestDto.setIndividualId("individualId"); + kycExchangeRequestDto.setTransactionId("transactionId"); + kycExchangeRequestDto.setClaimLocales(Arrays.asList("en","fr")); + kycExchangeRequestDto.setAcceptedClaims(Arrays.asList("name","gender")); + + kycExchangeRequestDto.setRequestDateTime(LocalDateTime.now()); + + KycAuth kycAuth=new KycAuth(); + kycAuth.setResponseTime(LocalDateTime.now().minusSeconds(2)); + kycAuth.setPartnerSpecificUserToken("token"); + + ObjectNode identityData = objectMapper.createObjectNode(); + identityData.put("gender", "Male"); + + ArrayNode arrayNode = objectMapper.createArrayNode(); + ObjectNode fullNameEng = objectMapper.createObjectNode(); + fullNameEng.put("value", "Test"); + fullNameEng.put("language", "eng"); + ObjectNode fullNameFra = objectMapper.createObjectNode(); + fullNameFra.put("value", "Test_fra"); + fullNameFra.put("language", "fra"); + arrayNode.add(fullNameEng); + arrayNode.add(fullNameFra); + identityData.put("fullName", arrayNode); + JWTSignatureResponseDto jwtSignatureResponseDto=new JWTSignatureResponseDto(); + jwtSignatureResponseDto.setJwtSignedData("signedData"); + + Mockito.when(authRepository.findByKycTokenAndValidityAndTransactionIdAndIndividualId( + Mockito.anyString(), eq(Valid.ACTIVE), Mockito.anyString(), Mockito.anyString())) + .thenReturn(Optional.of(kycAuth)); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(identityData); + Mockito.when(signatureService.jwtSign(Mockito.any())).thenReturn(jwtSignatureResponseDto); + + + MockIdentityException exception = Assert.assertThrows(MockIdentityException.class, () -> { + authenticationService.kycExchange(relyingPartyId, clientId, new KycExchangeDto(kycExchangeRequestDto,null)); + }); + Assert.assertEquals("mock-ida-008", exception.getMessage()); + } + @Test public void kycExchange_invalidToken_thenFail() { String relyingPartyId = "relyingPartyId"; @@ -483,9 +533,12 @@ public void kycExchangeV2_withDetail_thenPass() { verifiedClaim3.put("claims", claims3); verifiedClaimsList.add(verifiedClaim3); + ObjectNode addressClaim = objectMapper.createObjectNode(); + addressClaim.put("locality", NullNode.getInstance()); // Add the list of verified claims to the outer map acceptedClaims.put("verified_claims", verifiedClaimsList); + acceptedClaims.put("address",addressClaim); kycExchangeRequestDtoV2.setAcceptedClaimDetail(acceptedClaims); kycExchangeRequestDtoV2.setClaimLocales(List.of("eng")); diff --git a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/IdentityServiceTest.java b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/IdentityServiceTest.java index f74372d4..48200ecd 100644 --- a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/IdentityServiceTest.java +++ b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/IdentityServiceTest.java @@ -31,8 +31,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThrows; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; +import static org.mockito.Mockito.*; @RunWith(MockitoJUnitRunner.class) public class IdentityServiceTest { @@ -115,11 +114,25 @@ public void addIdentity_withValidDetails_thenPass() throws MockIdentityException IdentityData identityData = new IdentityData(); identityData.setEmail("email@gmail.com"); identityData.setEncodedPhoto("encodedPhoto"); + identityData.setPassword("password"); when(identityRepository.findById(identityData.getIndividualId())).thenReturn(Optional.empty()); identityService.addIdentity(identityData); verify(identityRepository).save(any(MockIdentity.class)); } + @Test + public void addIdentity_withDuplicateDetails_thenFail() throws MockIdentityException { + IdentityData identityData = new IdentityData(); + identityData.setEmail("email@gmail.com"); + identityData.setEncodedPhoto("encodedPhoto"); + when(identityRepository.findById(identityData.getIndividualId())).thenReturn(Optional.of(new MockIdentity())); + try{ + identityService.addIdentity(identityData); + }catch (MockIdentityException e){ + Assert.assertEquals(ErrorConstants.DUPLICATE_INDIVIDUAL_ID,e.getErrorCode()); + } + } + @Test public void getIdentity_withValidDetails_thenPass() throws MockIdentityException, JsonProcessingException { IdentityData identityData = new IdentityData(); @@ -145,4 +158,30 @@ public void getIdentity_withInvalidId_thenFail() { }); assertEquals(ErrorConstants.INVALID_INDIVIDUAL_ID, exception.getMessage()); } + + @Test + public void updateIdentity_withExistingIndividualId_thenPass() { + IdentityData identityData = new IdentityData(); + identityData.setIndividualId("existing-id"); + identityData.setPassword("new-password"); + MockIdentity mockIdentity = new MockIdentity(); + mockIdentity.setIndividualId("existing-id"); + mockIdentity.setIdentityJson("{\"existingField\": \"value\"}"); + when(identityRepository.findById("existing-id")).thenReturn(Optional.of(mockIdentity)); + identityService.updateIdentity(identityData); + verify(identityRepository, times(1)).save(mockIdentity); + Assert.assertNotNull(mockIdentity.getIdentityJson()); + } + + @Test + public void updateIdentity_withNonExistingIndividualId_thenFail() { + IdentityData identityData = new IdentityData(); + identityData.setIndividualId("non-existing-id"); + when(identityRepository.findById("non-existing-id")).thenReturn(Optional.empty()); + MockIdentityException exception = assertThrows(MockIdentityException.class, () -> { + identityService.updateIdentity(identityData); + }); + assertEquals(ErrorConstants.INVALID_INDIVIDUAL_ID, exception.getErrorCode()); + } + } \ No newline at end of file From 7e5b3d9d558be5c160c767bad6b76ed550bbc4a2 Mon Sep 17 00:00:00 2001 From: ase-101 Date: Thu, 3 Oct 2024 18:19:31 +0530 Subject: [PATCH 21/24] moved tomcat and prometheus configuration to bootstrap.properties Signed-off-by: ase-101 --- .../resources/application-default.properties | 16 -------------- .../src/main/resources/bootstrap.properties | 22 ++++++++++++++----- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/mock-identity-system/src/main/resources/application-default.properties b/mock-identity-system/src/main/resources/application-default.properties index 5c6f3c5b..25080536 100644 --- a/mock-identity-system/src/main/resources/application-default.properties +++ b/mock-identity-system/src/main/resources/application-default.properties @@ -25,22 +25,6 @@ # mosip.api.internal.url # mosip.api.public.url -## Tomcat access logs -server.tomcat.accesslog.enabled=true -server.tomcat.accesslog.directory=/dev -server.tomcat.accesslog.prefix=stdout -server.tomcat.accesslog.buffered=false -server.tomcat.accesslog.suffix= -server.tomcat.accesslog.file-date-format= -server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}","req.userAgent":"%{User-Agent}i","req.xForwardedFor":"%{X-Forwarded-For}i","req.referer":"%{Referer}i","req.method":"%m","req.remoteHost":"%a"} -server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve - -## Prometheus -management.endpoint.metrics.enabled=true -management.endpoints.web.exposure.include=* -management.endpoint.prometheus.enabled=true -management.metrics.export.prometheus.enabled=true - ##----------------------------------------- Database properties -------------------------------------------------------- mosip.mockidentitysystem.database.hostname=${database.host} mosip.mockidentitysystem.database.port=${database.port} diff --git a/mock-identity-system/src/main/resources/bootstrap.properties b/mock-identity-system/src/main/resources/bootstrap.properties index 0255d6e1..cc80ac20 100644 --- a/mock-identity-system/src/main/resources/bootstrap.properties +++ b/mock-identity-system/src/main/resources/bootstrap.properties @@ -12,10 +12,6 @@ health.config.enabled=false server.servlet.context-path=/v1/mock-identity-system management.security.enable=false management.endpoint.health.show-details=always -management.endpoints.web.exposure.include=info,health,refresh,mappings -management.endpoint.metrics.enabled=true -management.endpoint.prometheus.enabled=true -management.metrics.export.prometheus.enabled=true openapi.info.title=${spring.application.name} openapi.info.description=${spring.application.name} @@ -29,4 +25,20 @@ openapi.group.name=${openapi.info.title} openapi.group.paths[0]=/** springdoc.swagger-ui.disable-swagger-default-url=true springdoc.swagger-ui.tagsSorter=alpha -springdoc.swagger-ui.operationsSorter=alpha \ No newline at end of file +springdoc.swagger-ui.operationsSorter=alpha + +## Tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}","req.userAgent":"%{User-Agent}i","req.xForwardedFor":"%{X-Forwarded-For}i","req.referer":"%{Referer}i","req.method":"%m","req.remoteHost":"%a"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve + +## Prometheus +management.endpoint.metrics.enabled=true +management.endpoints.web.exposure.include=* +management.endpoint.prometheus.enabled=true +management.metrics.export.prometheus.enabled=true \ No newline at end of file From 0d0ed4b7527fbeda3c5c8ca290edcc80b94decc0 Mon Sep 17 00:00:00 2001 From: ase-101 Date: Fri, 4 Oct 2024 15:01:46 +0530 Subject: [PATCH 22/24] Updated Readme and pom version Signed-off-by: ase-101 --- README.md | 3 +++ ...9.3_to_0.9.4_rollback.sql => 0.9.3_to_0.10.0_rollback.sql} | 0 ...0.9.3_to_0.9.4_upgrade.sql => 0.9.3_to_0.10.0_upgrade.sql} | 0 mock-identity-system/README.md | 2 +- mock-identity-system/pom.xml | 4 ++-- mock-relying-party-service/README.md | 3 +++ mock-relying-party-ui/README.md | 3 +++ pom.xml | 2 +- 8 files changed, 13 insertions(+), 4 deletions(-) rename db_upgrade_script/mosip_mockidentitysystem/sql/{0.9.3_to_0.9.4_rollback.sql => 0.9.3_to_0.10.0_rollback.sql} (100%) rename db_upgrade_script/mosip_mockidentitysystem/sql/{0.9.3_to_0.9.4_upgrade.sql => 0.9.3_to_0.10.0_upgrade.sql} (100%) diff --git a/README.md b/README.md index b801b25d..ad97f42a 100644 --- a/README.md +++ b/README.md @@ -58,3 +58,6 @@ Repository contains mock implementations for eSignet. Only for non-production us ## Partner onboarder * Perform Partner onboarding for esignet mock using [steps](partner-onboarder/README.md). + +## License +This project is licensed under the terms of [Mozilla Public License 2.0](LICENSE). \ No newline at end of file diff --git a/db_upgrade_script/mosip_mockidentitysystem/sql/0.9.3_to_0.9.4_rollback.sql b/db_upgrade_script/mosip_mockidentitysystem/sql/0.9.3_to_0.10.0_rollback.sql similarity index 100% rename from db_upgrade_script/mosip_mockidentitysystem/sql/0.9.3_to_0.9.4_rollback.sql rename to db_upgrade_script/mosip_mockidentitysystem/sql/0.9.3_to_0.10.0_rollback.sql diff --git a/db_upgrade_script/mosip_mockidentitysystem/sql/0.9.3_to_0.9.4_upgrade.sql b/db_upgrade_script/mosip_mockidentitysystem/sql/0.9.3_to_0.10.0_upgrade.sql similarity index 100% rename from db_upgrade_script/mosip_mockidentitysystem/sql/0.9.3_to_0.9.4_upgrade.sql rename to db_upgrade_script/mosip_mockidentitysystem/sql/0.9.3_to_0.10.0_upgrade.sql diff --git a/mock-identity-system/README.md b/mock-identity-system/README.md index 2f2393fe..7163527c 100644 --- a/mock-identity-system/README.md +++ b/mock-identity-system/README.md @@ -2,7 +2,7 @@ ## About -This is the mock implementation of IDA system. +This is the mock implementation of MOSIP IDA system. Currently supports below endpoints * create-identity diff --git a/mock-identity-system/pom.xml b/mock-identity-system/pom.xml index 9b2ca072..d7d39db4 100644 --- a/mock-identity-system/pom.xml +++ b/mock-identity-system/pom.xml @@ -5,11 +5,11 @@ io.mosip.esignet.mock esignet-mock-parent - 0.9.5-SNAPSHOT + 0.10.0-SNAPSHOT mock-identity-system - 0.9.5-SNAPSHOT + 0.10.0-SNAPSHOT jar mock-identity-system diff --git a/mock-relying-party-service/README.md b/mock-relying-party-service/README.md index eea92adb..f2d92688 100644 --- a/mock-relying-party-service/README.md +++ b/mock-relying-party-service/README.md @@ -42,3 +42,6 @@ The application run on PORT=8888. ``` $ npm run devstart ``` + +## License +This project is licensed under the terms of [Mozilla Public License 2.0](../LICENSE). \ No newline at end of file diff --git a/mock-relying-party-ui/README.md b/mock-relying-party-ui/README.md index 77745017..a133fb30 100644 --- a/mock-relying-party-ui/README.md +++ b/mock-relying-party-ui/README.md @@ -67,3 +67,6 @@ The application run on PORT=5000 by default. ``` $ npm start ``` + +## License +This project is licensed under the terms of [Mozilla Public License 2.0](../LICENSE). \ No newline at end of file diff --git a/pom.xml b/pom.xml index ba2d35f1..e18d41c6 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 4.0.0 io.mosip.esignet.mock esignet-mock-parent - 0.9.5-SNAPSHOT + 0.10.0-SNAPSHOT pom esignet-mock Parent project of MOSIP e-Signet Mock Services From 44dd00c77d39a09cdfe17e9be718f96c069c07e6 Mon Sep 17 00:00:00 2001 From: Piyush7034 <47858366+Piyush7034@users.noreply.github.com> Date: Fri, 4 Oct 2024 22:14:40 +0530 Subject: [PATCH 23/24] Added JsonIgnoreProperties for kyc auth and exchange requests (#269) Signed-off-by: piyush-shukla03_infosys Co-authored-by: piyush-shukla03_infosys --- .../esignet/mock/identitysystem/dto/KycAuthRequestDto.java | 2 ++ .../esignet/mock/identitysystem/dto/KycExchangeRequestDto.java | 2 ++ 2 files changed, 4 insertions(+) diff --git a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/dto/KycAuthRequestDto.java b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/dto/KycAuthRequestDto.java index 55f0ff8f..404c1680 100644 --- a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/dto/KycAuthRequestDto.java +++ b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/dto/KycAuthRequestDto.java @@ -5,12 +5,14 @@ */ package io.mosip.esignet.mock.identitysystem.dto; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import lombok.Data; import java.util.List; @Data +@JsonIgnoreProperties(ignoreUnknown = true) public class KycAuthRequestDto { private String transactionId; diff --git a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/dto/KycExchangeRequestDto.java b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/dto/KycExchangeRequestDto.java index 5bb4f623..b866dadc 100644 --- a/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/dto/KycExchangeRequestDto.java +++ b/mock-identity-system/src/main/java/io/mosip/esignet/mock/identitysystem/dto/KycExchangeRequestDto.java @@ -6,12 +6,14 @@ package io.mosip.esignet.mock.identitysystem.dto; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import lombok.Data; import java.time.LocalDateTime; import java.util.List; @Data +@JsonIgnoreProperties(ignoreUnknown = true) public class KycExchangeRequestDto { private LocalDateTime requestDateTime; From aa0a8ccc8652e8360f54c62bd312d5c5e2fef3c6 Mon Sep 17 00:00:00 2001 From: pvsaidurga <132046494+pvsaidurga@users.noreply.github.com> Date: Tue, 8 Oct 2024 20:53:52 +0530 Subject: [PATCH 24/24] [ES-1689] (#271) * [ES-1689] Signed-off-by: Venkata Saidurga Polamraju * [ES-1689] Signed-off-by: Venkata Saidurga Polamraju * [ES-1689] Updated the review comments Signed-off-by: Venkata Saidurga Polamraju --------- Signed-off-by: Venkata Saidurga Polamraju --- .../impl/AuthenticationServiceImplTest.java | 329 ++++++++++++++++++ .../service/impl/IdentityServiceTest.java | 91 +++++ 2 files changed, 420 insertions(+) diff --git a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java index 571968dc..0dfc90e1 100644 --- a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java +++ b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/AuthenticationServiceImplTest.java @@ -107,6 +107,200 @@ public void kycAuth_withValidKbiChallenge_thenPass() { Assert.assertTrue(kycAuthResponseDto.isAuthStatus()); } + @Test + public void kycAuth_withInvalidIdentity_thenFail() { + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setKbi("eyJmdWxsTmFtZSI6IlNpZGRoYXJ0aCBLIE1hbnNvdXIiLCJkYXRlT2ZCaXJ0aCI6IjE5ODctMTEtMjUifQ=="); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId("transactionId"); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(null); + + try{ + authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + }catch (MockIdentityException e){ + Assert.assertEquals("invalid_individual_id",e.getMessage()); + } + } + + @Test + public void kycAuth_withoutSendOTPInvocation_thenFail() { + List> fieldDetailList = List.of(Map.of("id","individualId","type","text","format","string") + ,Map.of("id","fullName","type","text","format","") + ,Map.of("id","dateOfBirth","type","date","format","yyyy-MM-dd")); + ReflectionTestUtils.setField(authenticationService, "fieldDetailList", fieldDetailList); + ReflectionTestUtils.setField(authenticationService, "fieldLang", "eng"); + ReflectionTestUtils.setField(authenticationService,"objectMapper",new ObjectMapper()); + + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setOtp("111111"); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId("transactionId"); + + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + LanguageValue languageValue = new LanguageValue(); + languageValue.setLanguage("eng"); + languageValue.setValue("Siddharth K Mansour"); + identityData.setFullName(List.of(languageValue)); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(this.identityData); + try{ + authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + }catch (MockIdentityException e){ + Assert.assertEquals("invalid_transaction",e.getMessage()); + } + } + + @Test + public void kycAuth_withSendOTPInvocation_thenPass() { + List> fieldDetailList = List.of(Map.of("id","individualId","type","text","format","string") + ,Map.of("id","fullName","type","text","format","") + ,Map.of("id","dateOfBirth","type","date","format","yyyy-MM-dd")); + ReflectionTestUtils.setField(authenticationService,"otpChannels",Arrays.asList("email","phone")); + ReflectionTestUtils.setField(authenticationService, "fieldDetailList", fieldDetailList); + ReflectionTestUtils.setField(authenticationService, "fieldLang", "eng"); + ReflectionTestUtils.setField(authenticationService,"objectMapper",new ObjectMapper()); + ReflectionTestUtils.setField(authenticationService,"trnHash",new ArrayList<>()); + + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setOtp("111111"); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId("transactionId"); + + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + identityData.setIndividualId("individualId"); + identityData.setEmail("test@email.com"); + identityData.setPhone("1234567890"); + LanguageValue languageValue = new LanguageValue(); + languageValue.setLanguage("eng"); + languageValue.setValue("Siddharth K Mansour"); + identityData.setFullName(List.of(languageValue)); + SendOtpDto sendOtpDto=new SendOtpDto(); + sendOtpDto.setIndividualId("individualId"); + sendOtpDto.setOtpChannels(Arrays.asList("email","phone")); + sendOtpDto.setTransactionId("transactionId"); + + Mockito.when(identityService.getIdentity("individualId")).thenReturn(identityData); + authenticationService.sendOtp("relyingPartyId", "clientId", sendOtpDto); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(this.identityData); + Mockito.when(authRepository.save(Mockito.any())).thenReturn(new KycAuth()); + KycAuthResponseDto kycAuthResponseDto = authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + Assert.assertTrue(kycAuthResponseDto.isAuthStatus()); + } + + @Test + public void kycAuth_withInValidTransactionId_thenFail() { + List> fieldDetailList = List.of(Map.of("id","individualId","type","text","format","string") + ,Map.of("id","fullName","type","text","format","") + ,Map.of("id","dateOfBirth","type","date","format","yyyy-MM-dd")); + ReflectionTestUtils.setField(authenticationService, "fieldDetailList", fieldDetailList); + ReflectionTestUtils.setField(authenticationService, "fieldLang", "eng"); + ReflectionTestUtils.setField(authenticationService,"objectMapper",new ObjectMapper()); + + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setOtp("111111"); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId(""); + + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + LanguageValue languageValue = new LanguageValue(); + languageValue.setLanguage("eng"); + languageValue.setValue("Siddharth K Mansour"); + identityData.setFullName(List.of(languageValue)); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(this.identityData); + try{ + authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + }catch (MockIdentityException e){ + Assert.assertEquals("invalid_transaction_id",e.getMessage()); + } + } + + @Test + public void kycAuth_withValidPinChallenge_thenPass() { + + List> fieldDetailList = List.of(Map.of("id","individualId","type","text","format","string") + ,Map.of("id","fullName","type","text","format","") + ,Map.of("id","dateOfBirth","type","date","format","yyyy-MM-dd")); + ReflectionTestUtils.setField(authenticationService, "fieldDetailList", fieldDetailList); + ReflectionTestUtils.setField(authenticationService, "fieldLang", "eng"); + ReflectionTestUtils.setField(authenticationService,"objectMapper",new ObjectMapper()); + + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setPin("111111"); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId("transactionId"); + + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + LanguageValue languageValue = new LanguageValue(); + languageValue.setLanguage("eng"); + languageValue.setValue("Siddharth K Mansour"); + identityData.setFullName(List.of(languageValue)); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(this.identityData); + Mockito.when(authRepository.save(Mockito.any())).thenReturn(new KycAuth()); + + KycAuthResponseDto kycAuthResponseDto = authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + Assert.assertTrue(kycAuthResponseDto.isAuthStatus()); + } + + @Test + public void kycAuth_withValidBiometricsChallenge_thenPass() { + + List> fieldDetailList = List.of(Map.of("id","individualId","type","text","format","string") + ,Map.of("id","fullName","type","text","format","") + ,Map.of("id","dateOfBirth","type","date","format","yyyy-MM-dd")); + ReflectionTestUtils.setField(authenticationService, "fieldDetailList", fieldDetailList); + ReflectionTestUtils.setField(authenticationService, "fieldLang", "eng"); + ReflectionTestUtils.setField(authenticationService,"objectMapper",new ObjectMapper()); + + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setBiometrics("111111"); + kycAuthDto.setTokens(new ArrayList<>()); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId("transactionId"); + + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + LanguageValue languageValue = new LanguageValue(); + languageValue.setLanguage("eng"); + languageValue.setValue("Siddharth K Mansour"); + identityData.setFullName(List.of(languageValue)); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(this.identityData); + Mockito.when(authRepository.save(Mockito.any())).thenReturn(new KycAuth()); + + KycAuthResponseDto kycAuthResponseDto = authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + Assert.assertTrue(kycAuthResponseDto.isAuthStatus()); + } + + @Test + public void kycAuth_withValidPwdChallenge_thenPass() { + + List> fieldDetailList = List.of(Map.of("id","individualId","type","text","format","string") + ,Map.of("id","fullName","type","text","format","") + ,Map.of("id","dateOfBirth","type","date","format","yyyy-MM-dd")); + ReflectionTestUtils.setField(authenticationService, "fieldDetailList", fieldDetailList); + ReflectionTestUtils.setField(authenticationService, "fieldLang", "eng"); + ReflectionTestUtils.setField(authenticationService,"objectMapper",new ObjectMapper()); + + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setPassword("Mosip@123"); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId("transactionId"); + + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + identityData.setPassword("Mosip@123"); + LanguageValue languageValue = new LanguageValue(); + languageValue.setLanguage("eng"); + languageValue.setValue("Siddharth K Mansour"); + identityData.setFullName(List.of(languageValue)); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(this.identityData); + + KycAuthResponseDto kycAuthResponseDto = authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + Assert.assertNotNull(kycAuthResponseDto); + } + @Test public void kycAuth_withValidKbiChallengeCustomPSUTfield_thenPass() { List> fieldDetailList = List.of(Map.of("id","individualId","type","text","format","string") @@ -195,6 +389,31 @@ public void kycAuth_withInValidKbiChallenge_thenFail() { } } + @Test + public void kycAuth_withEmptyKbiChallenge_thenFail() { + + ReflectionTestUtils.setField(authenticationService, "fieldLang", "eng"); + ReflectionTestUtils.setField(authenticationService,"objectMapper",new ObjectMapper()); + + KycAuthDto kycAuthDto = new KycAuthDto(); + kycAuthDto.setKbi("xsTmFtZSI6IlNpZG0aCBLIiwiZG9iIjoiMTk4Ny0xMS0yNSJ9"); + kycAuthDto.setIndividualId("individualId"); + kycAuthDto.setTransactionId("transactionId"); + + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + LanguageValue languageValue = new LanguageValue(); + languageValue.setLanguage("eng"); + languageValue.setValue("Siddharth K Mansour"); + identityData.setFullName(List.of(languageValue)); + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(this.identityData); + try{ + authenticationService.kycAuth("relyingPartyId", "clientId", kycAuthDto); + }catch (MockIdentityException e){ + Assert.assertEquals("auth-failed",e.getMessage()); + } + } + @Test public void sendOtp_validIndividualIdAndOtpChannels_thenPass() throws MockIdentityException { ReflectionTestUtils.setField(authenticationService,"otpChannels",Arrays.asList("email","phone")); @@ -622,6 +841,116 @@ public void kycExchangeV2_withInValidIndividualId_thenFail() throws InvocationTa } } + @Test + public void kycExchangeV2_withDetailAndMatchedClaims_thenPass() { + Map oidcClaimsMap = new HashMap<>(); + oidcClaimsMap.put("name", "name"); + oidcClaimsMap.put("email", "email"); + oidcClaimsMap.put("phone", "phone"); + oidcClaimsMap.put("gender", "gender"); + oidcClaimsMap.put("dateOfBirth", "birthdate"); + oidcClaimsMap.put("encodedPhoto", "picture"); + ReflectionTestUtils.setField(authenticationService, "oidcClaimsMapping", oidcClaimsMap); + ReflectionTestUtils.setField(authenticationService, "objectMapper", new ObjectMapper()); + + // Create an IdentityData object + IdentityData identityData = new IdentityData(); + identityData.setDateOfBirth("1987/11/25"); + LanguageValue languageValueName = new LanguageValue(); + languageValueName.setLanguage("eng"); + languageValueName.setValue("Siddharth K Mansour"); + identityData.setName(List.of(languageValueName)); + + // Convert IdentityData to JsonNode + ObjectMapper objectMapper = new ObjectMapper(); + JsonNode identityDataJsonNode = objectMapper.valueToTree(identityData); + + KycExchangeDto kycExchangeRequestDtoV2 = new KycExchangeDto(); + kycExchangeRequestDtoV2.setIndividualId("individualId"); + kycExchangeRequestDtoV2.setTransactionId("transactionId"); + + Map acceptedClaims = new HashMap<>(); + + ObjectNode birthdate = objectMapper.createObjectNode(); + birthdate.put("essential", true); + acceptedClaims.put("birthdate", birthdate); + + ObjectNode gender = objectMapper.createObjectNode(); + gender.put("essential", false); + acceptedClaims.put("gender", gender); + + // Create a list for verified claims + ArrayNode verifiedClaimsList = objectMapper.createArrayNode(); + + // First verified claim with matching trust framework + ObjectNode verifiedClaim1 = objectMapper.createObjectNode(); + ObjectNode verification1 = objectMapper.createObjectNode(); + verification1.put("trust_framework", "pwd"); + verifiedClaim1.put("verification", verification1); + + ObjectNode claims1 = objectMapper.createObjectNode(); + claims1.put("email", NullNode.getInstance()); + claims1.put("birthdate", NullNode.getInstance()); + verifiedClaim1.put("claims", claims1); + verifiedClaimsList.add(verifiedClaim1); + + // Set up the second verified claim that should not match + ObjectNode verifiedClaim2 = objectMapper.createObjectNode(); + ObjectNode verification2 = objectMapper.createObjectNode(); + verification2.put("trust_framework", "non_matching"); + verifiedClaim2.put("verification", verification2); + + ObjectNode claims2 = objectMapper.createObjectNode(); + claims2.put("name", NullNode.getInstance()); + claims2.put("email", NullNode.getInstance()); + claims2.put("gender", NullNode.getInstance()); + verifiedClaim2.put("claims", claims2); + verifiedClaimsList.add(verifiedClaim2); + + // Add the list of verified claims to the outer map + acceptedClaims.put("verified_claims", verifiedClaimsList); + kycExchangeRequestDtoV2.setAcceptedClaimDetail(acceptedClaims); + kycExchangeRequestDtoV2.setClaimLocales(List.of("eng")); + kycExchangeRequestDtoV2.setRequestDateTime(LocalDateTime.now()); + + KycAuth kycAuth = new KycAuth(); + kycAuth.setKycToken("kycToken"); + kycAuth.setTransactionId("transactionId"); + kycAuth.setIndividualId("individualId"); + kycAuth.setPartnerSpecificUserToken("partnerSpecificUserToken"); + kycAuth.setResponseTime(LocalDateTime.now()); + Optional kycAuthOptional = Optional.of(kycAuth); + Mockito.when(authRepository.findByKycTokenAndValidityAndTransactionIdAndIndividualId(Mockito.any(), + Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(kycAuthOptional); + Mockito.when(authRepository.save(Mockito.any())).thenReturn(new KycAuth()); + + // Mock the identityService to return JsonNode + Mockito.when(identityService.getIdentityV2(Mockito.anyString())).thenReturn(identityDataJsonNode); + + VerifiedClaim verifiedClaim = new VerifiedClaim(); + verifiedClaim.setTrustFramework("pwd"); + verifiedClaim.setClaim("email"); + + VerifiedClaim verifiedClaim4 = new VerifiedClaim(); + verifiedClaim4.setTrustFramework("pwd"); + verifiedClaim4.setClaim("birthdate"); + + List verifiedClaimList = new ArrayList<>(); + verifiedClaimList.add(verifiedClaim); + verifiedClaimList.add(verifiedClaim4); + Optional> verifiedClaimsOptional = Optional.of(verifiedClaimList); + + Mockito.when(verifiedClaimRepository.findByIndividualIdAndClaimAndIsActive(Mockito.anyString(), Mockito.anyString(), Mockito.anyBoolean())) + .thenReturn(verifiedClaimsOptional); + + JWTSignatureResponseDto jwtSignatureResponseDto = new JWTSignatureResponseDto(); + jwtSignatureResponseDto.setJwtSignedData("jwtSignedData"); + Mockito.when(signatureService.jwtSign(Mockito.any())).thenReturn(jwtSignatureResponseDto); + + KycExchangeResponseDto kycExchangeResponseDto = authenticationService.kycExchange("relyingPartyId", "clientId", kycExchangeRequestDtoV2); + Assert.assertEquals("jwtSignedData", kycExchangeResponseDto.getKyc()); + } + @Test public void kycExchangeV2_withOutVerifiedClaims_thenPass() throws InvocationTargetException, IllegalAccessException, NoSuchMethodException { Map oidcClaimsMap=new HashMap<>(); diff --git a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/IdentityServiceTest.java b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/IdentityServiceTest.java index 48200ecd..92cdf8e1 100644 --- a/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/IdentityServiceTest.java +++ b/mock-identity-system/src/test/java/io/mosip/esignet/mock/identitysystem/service/impl/IdentityServiceTest.java @@ -87,6 +87,63 @@ public void addVerifiedClaim_withValidDetails_thenPass() { identityService.addVerifiedClaim(verifiedClaimRequestDto); } + @Test + public void addVerifiedClaim_withInvalidClaim_thenFail() { + + VerifiedClaimRequestDto verifiedClaimRequestDto = new VerifiedClaimRequestDto(); + verifiedClaimRequestDto.setActive(true); + verifiedClaimRequestDto.setIndividualId("123456"); + Map verificationDetail = new HashMap<>(); + + ObjectNode emailVerification = objectMapper.createObjectNode(); + emailVerification.put("trust_framework", "trust_framework"); + verificationDetail.put("null", emailVerification); + verifiedClaimRequestDto.setVerificationDetail(verificationDetail); + + IdentityData identityData = new IdentityData(); + identityData.setEmail("email@gmail.com"); + identityData.setEncodedPhoto("encodedPhoto"); + + MockIdentity mockIdentity = new MockIdentity(); + mockIdentity.setIndividualId("123456"); + mockIdentity.setIdentityJson("{\"individualId\":\"8267411571\",\"pin\":\"111111\",\"fullName\":[{\"language\":\"fra\",\"value\":\"Siddharth K Mansour\"},{\"language\":\"ara\",\"value\":\"تتگلدكنسَزقهِقِفل دسييسيكدكنوڤو\"},{\"language\":\"eng\",\"value\":\"Siddharth K Mansour\"}],\"email\":\"siddhartha.km@gmail.com\",\"phone\":\"+919427357934\"}"); + Mockito.when(identityRepository.findById(Mockito.anyString())).thenReturn(Optional.of(mockIdentity)); + try{ + identityService.addVerifiedClaim(verifiedClaimRequestDto); + }catch (MockIdentityException e){ + Assert.assertEquals(ErrorConstants.INVALID_CLAIM,e.getErrorCode()); + } + } + + @Test + public void addVerifiedClaim_withInvalidTrustFramework_thenFail() { + + VerifiedClaimRequestDto verifiedClaimRequestDto = new VerifiedClaimRequestDto(); + verifiedClaimRequestDto.setActive(true); + verifiedClaimRequestDto.setIndividualId("123456"); + Map verificationDetail = new HashMap<>(); + + ObjectNode emailVerification = objectMapper.createObjectNode(); + emailVerification.put("trust_framework", " "); + verificationDetail.put("email", emailVerification); + verifiedClaimRequestDto.setVerificationDetail(verificationDetail); + + IdentityData identityData = new IdentityData(); + identityData.setEmail("email@gmail.com"); + identityData.setEncodedPhoto("encodedPhoto"); + + MockIdentity mockIdentity = new MockIdentity(); + mockIdentity.setIndividualId("123456"); + mockIdentity.setIdentityJson("{\"individualId\":\"8267411571\",\"pin\":\"111111\",\"fullName\":[{\"language\":\"fra\",\"value\":\"Siddharth K Mansour\"},{\"language\":\"ara\",\"value\":\"تتگلدكنسَزقهِقِفل دسييسيكدكنوڤو\"},{\"language\":\"eng\",\"value\":\"Siddharth K Mansour\"}],\"email\":\"siddhartha.km@gmail.com\",\"phone\":\"+919427357934\"}"); + Mockito.when(verifiedClaimRepository.findById(Mockito.anyString())).thenReturn(Optional.empty()); + Mockito.when(identityRepository.findById(Mockito.anyString())).thenReturn(Optional.of(mockIdentity)); + try{ + identityService.addVerifiedClaim(verifiedClaimRequestDto); + }catch (MockIdentityException e){ + Assert.assertEquals(ErrorConstants.INVALID_REQUEST,e.getErrorCode()); + } + } + @Test public void addVerifiedClaim_withInValidIndividualId_thenFail() { VerifiedClaimRequestDto verifiedClaimRequestDto = new VerifiedClaimRequestDto(); @@ -148,6 +205,23 @@ public void getIdentity_withValidDetails_thenPass() throws MockIdentityException assertEquals(identityData.getIndividualId(), result.getIndividualId()); } + @Test + public void getIdentity_withInValidIdentityJson_thenFail() throws MockIdentityException, JsonProcessingException { + IdentityData identityData = new IdentityData(); + identityData.setEmail("email@gmail.com"); + identityData.setEncodedPhoto("encodedPhoto"); + MockIdentity mockIdentity = new MockIdentity(); + mockIdentity.setIndividualId("123456"); + mockIdentity.setIdentityJson("{ \\\"name\\\": \\\"John Doe, \\\"age\\\": 30 }"); + when(identityRepository.findById(identityData.getIndividualId())).thenReturn(Optional.of(mockIdentity)); + try { + identityService.getIdentity(identityData.getIndividualId()); + Assert.fail(); + }catch (MockIdentityException e){ + Assert.assertEquals(ErrorConstants.JSON_PROCESSING_ERROR,e.getErrorCode()); + } + } + @Test public void getIdentity_withInvalidId_thenFail() { IdentityData identityData = new IdentityData(); @@ -173,6 +247,23 @@ public void updateIdentity_withExistingIndividualId_thenPass() { Assert.assertNotNull(mockIdentity.getIdentityJson()); } + @Test + public void updateIdentity_withInvalidIdentityJson_thenFail() { + IdentityData identityData = new IdentityData(); + identityData.setIndividualId("existing-id"); + identityData.setPassword("new-password"); + MockIdentity mockIdentity = new MockIdentity(); + mockIdentity.setIndividualId("existing-id"); + mockIdentity.setIdentityJson("{ \\\"name\\\": \\\"John Doe, \\\"age\\\": 30 }"); + when(identityRepository.findById("existing-id")).thenReturn(Optional.of(mockIdentity)); + try { + identityService.updateIdentity(identityData); + Assert.fail(); + }catch (MockIdentityException e){ + Assert.assertEquals(ErrorConstants.JSON_PROCESSING_ERROR,e.getErrorCode()); + } + } + @Test public void updateIdentity_withNonExistingIndividualId_thenFail() { IdentityData identityData = new IdentityData();