Bump tough-cookie from 4.0.0 to 4.1.3 in /mock-relying-party-ui

.github/workflows/push_trigger.yml

@@ -7,6 +7,7 @@ on:
       - release-*
       - master
       - develop
+      - 0.9.0
 
 jobs:
   build:
@@ -119,7 +120,7 @@ jobs:
           mvn -B package --file pom.xml -s $GITHUB_WORKSPACE/settings.xml
       - name: Publish the maven package
         run: |
-          mvn deploy  -DaltDeploymentRepository=ossrh::default::${{ secrets.OSSRH_SNAPSHOT_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml
+          mvn deploy  -DaltDeploymentRepository=ossrh::default::${{ secrets.RELEASE_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_token }}
           GPG_TTY: $(tty)

.github/workflows/push_trigger_charts.yaml

@@ -5,6 +5,7 @@ on:
     branches:
       - 1.2.0.*
       - develop
+      - 0.9.0
     paths:
         - 'charts/**'
 

.github/workflows/release_chart.yml

@@ -19,6 +19,6 @@ jobs:
         with:
           token: ${{ secrets.ACTION_PAT }}
           charts_dir: ./helm
-          charts_url: https://github.com/mosip
+          charts_url: https://mosip.github.io/mosip-helm
           repository: mosip-helm
           branch: gh-pages

.gitignore

@@ -2,3 +2,6 @@ mock-esignet-integration-impl/.idea/*
 mock-identity-system/target/*
 mock-esignet-integration-impl/target/*
 mock-identity-system/local.p12
+.idea
+helm/*/charts
+helm/*/Chart.lock

README.md

@@ -1,2 +1,69 @@
 # esignet-mock-services
 Repository contains mock implementation of auth for e-signet
+
+## Installing in k8s cluster using helm
+### Pre-requisites
+1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC.
+1. Make sure [DB setup](db_scripts/README.md#install-in-existing-mosip-k8-cluster) is done.
+1. Add / merge below mentioned properties files into existing config branch:
+     * [mock-identity-system-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/mock-identity-system-default.properties)
+     * [application-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/application-default.properties)
+1. Add below properties in [esignet-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/esignet-default.properties) incase using MockAuth for esignet.
+   ```
+   mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration
+   mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl
+   mosip.esignet.integration.authenticator=MockAuthenticationService
+   mosip.esignet.integration.key-binder=MockKeyBindingWrapperService
+   mosip.esignet.integration.audit-plugin=LoggerAuditService
+   mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService
+   ```
+1. Below are the dependent services required for compliance toolkit service:
+   | Chart | Chart version |
+   |---|---|
+   |[Keycloak](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 7.1.18 |
+   |[Keycloak-init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 12.0.1-B3 |
+   |[Postgres](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 10.16.2 |
+   |[Postgres Init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 12.0.1-B3 |
+   |[Config-server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/config-server) | 12.0.1-B3 |
+   |[Artifactory server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/artifactory) | 12.0.1-B3 |
+   |[esignet-softhsm](https://github.com/mosip/esignet/blob/v1.0.0/helm/install-all.sh) | 12.0.1-B2 |
+   |[redis](https://github.com/mosip/esignet/blob/v1.0.0/helm/redis)| 17.3.14 |
+   |[esignet](https://github.com/mosip/esignet/tree/v1.0.0/helm/esignet) | 1.0.0 |
+   |[oidc-ui](https://github.com/mosip/esignet/blob/v1.0.0/helm/oidc-ui) | 1.0.0 |
+
+### Install
+* Install `kubectl` and `helm` utilities.
+* Run `install-all.sh` to deploy esignet services.
+  ```
+  cd helm
+  ./install-all.sh
+  ```
+
+### Delete
+* Run `delete-all.sh` to remove esignet services.
+  ```
+  cd helm
+  ./delete-all.sh
+  ```
+
+### Restart
+* Run `restart-all.sh` to restart esignet services.
+  ```
+  cd helm
+  ./restart.sh
+  ```
+
+## Onboard esignet mock and relying party services
+* Run onboarder's [install.sh](partner-onboarder) script to exchange jwk certificates.
+### Configurational steps after onboarding is completed.
+*  Below mentioned onboarding steps are added after 1.2.0.1-b3
+   *  Onboarding the default demo-oidc partner
+
+###.Onboarding the default resident-oidc partner
+*  After successfull partner onboarder run for demo-oidc partner , download html reports from `onboarder` bucket of object store .
+*  Get `CLIENT_ID` from  response body of  request `create-oidc-client` from the report **_demo-oidc.html_**
+*  Update deployment of `mock-relying-party-ui` in esignet namespace with `CLIENT_ID` value from last step .
+*  As per screenshot get the private and public key pair (shown as selected in the screenshot )from the response of the `get-jwks` request from the report **_demo-oidc.html_** 
+   ![](docs/images/get-jwks-details.PNG)
+*  Update `client-private-key` in esignet namespace with  `base64 encoded` value of the keypair from previous step.
+*  Restart mock-relying-party-service pod

db_scripts/README.md

@@ -1,2 +1,30 @@
 # esignet-mock-services
 Mock implementation of auth for e-signet
+
+## Overview
+This folder containers various SQL scripts to create database and tables in postgres.
+The tables are described under `<db name>/ddl/`.
+Default data that's populated in the tables is present under `<db name>/dml` folder.
+
+## Prerequisites
+* Make sure that the esignet database has been initialized and its associated service is currently running.
+* Command line utilities:
+    - kubectl
+    - helm
+* Helm repos:
+  ```sh
+  helm repo add bitnami https://charts.bitnami.com/bitnami
+  helm repo add mosip https://mosip.github.io/mosip-helm
+  ```
+
+## Install in existing MOSIP K8 Cluster
+These scripts are automatically run with below mentioned script in existing k8 cluster with Postgres installed.
+### Install
+* Set your kube_config file or kube_config variable on PC.
+* Update `init_values.yaml` with db-common-password from the postgres namespace in the required field `dbUserPasswords.dbuserPassword` and ensure `databases.mosip_mockidentitysystem` is enabled.
+  ```
+  ./init_db.sh`
+  ```
+
+## Install for developers
+Developers may run the SQLs using `<db name>/deploy.sh` script.

db_scripts/init_db.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+# Script to initialize mockidentitysystem DB.
+## Usage: ./init_db.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=esignet
+CHART_VERSION=12.0.1-B3
+
+helm repo add mosip https://mosip.github.io/mosip-helm
+helm repo update
+
+while true; do
+    read -p "CAUTION: Do we already have Postgres installed? Also make sure the mockidentitysystem DB is backed up as the same will be overriden. Do you still want to continue?" yn
+    if [ $yn = "Y" ]
+      then
+        kubectl create ns $NS
+        DB_USER_PASSWORD=$( kubectl -n postgres get secrets db-common-secrets -o jsonpath={.data.db-dbuser-password} | base64 -d )
+
+        echo Removing existing mosip_mockidentitysystem DB installation
+        helm -n $NS delete postgres-init-mockidentitysystem
+        kubectl -n $NS delete --ignore-not-found=true secret db-common-secrets
+
+        echo Copy Postgres secrets
+        ../helm/copy_cm_func.sh secret postgres-postgresql postgres $NS
+
+        echo Initializing DB
+        helm -n $NS install postgres-init-mockidentitysystem mosip/postgres-init -f init_values.yaml \
+        --version $CHART_VERSION \
+        --set dbUserPasswords.dbuserPassword="$DB_USER_PASSWORD" \
+        --wait --wait-for-jobs
+        break
+      else
+        break
+    fi
+done

db_scripts/init_values.yaml

@@ -0,0 +1,68 @@
+#dbUserPasswords:
+#  dbuserPassword: ""
+
+databases:
+  mosip_toolkit:
+    enabled: false
+
+  mosip_master:
+    enabled: false
+
+  mosip_audit:
+    enabled: false
+
+  mosip_keymgr:
+    enabled: false
+
+  mosip_kernel:
+    enabled: false
+
+  mosip_idmap:
+    enabled: false
+
+  mosip_prereg:
+    enabled: false
+
+  mosip_idrepo:
+    enabled: false
+
+  mosip_ida:
+    enabled: false
+
+  mosip_credential:
+    enabled: false
+
+  mosip_regprc:
+    enabled: false
+
+  mosip_regdevice:
+    enabled: false
+
+  mosip_authdevice:
+    enabled: false
+
+  mosip_pms:
+    enabled: false
+
+  mosip_hotlist:
+    enabled: false
+
+  mosip_resident:
+    enabled: false
+
+  mosip_digitalcard:
+    enabled: false
+
+  mosip_esignet:
+    enabled: false  
+
+  mosip_mockidentitysystem:
+    enabled: true
+    host: "postgres-postgresql.postgres"
+    port: 5432
+    su:
+      user: postgres
+      secret:
+        name: postgres-postgresql
+        key: postgresql-password
+    dml: 1

helm/delete.sh → helm/delete-all.sh

@@ -13,7 +13,7 @@ while true; do
       then
         helm -n $NS delete mock-relying-party-service
         helm -n $NS delete mock-relying-party-ui
-	helm -n $NS delete mock-identity-system
+	    helm -n $NS delete mock-identity-system
         break
       else
         break

helm/install-all.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# Installs all esignet mock service helm charts
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+ROOT_DIR=`pwd`
+NS=softhsm
+SOFTHSM_CHART_VERSION=12.0.1-B2
+
+echo Istio label
+kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite
+helm repo add mosip https://mosip.github.io/mosip-helm
+helm repo update
+
+echo Installing Softhsm for mock-identity-system
+helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait
+echo Installed Softhsm for mock-identity-system
+
+./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server
+
+kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_
+
+#kubectl -n config-server get deploy -o name |  xargs -n1 -t  kubectl -n config-server rollout status
+
+declare -a module=("mock-identity-system"
+                   "mock-relying-party-service"
+		           "mock-relying-party-ui"
+                  )
+
+echo Installing esignet mock services
+
+for i in "${module[@]}"
+do
+  cd $ROOT_DIR/"$i"
+  ./install.sh
+done
+
+echo All esignet mock services deployed sucessfully.