Merge branch 'mosip:1.2.0-rc2' into 1.2.0-rc2

deployment/sandbox-v2/helm/charts/ingress-nginx/templates/config-nginx.yaml

@@ -9,3 +9,7 @@ metadata:
 data: 
   proxy-buffer-size: "32k" # NOTE: Auth header reponse is huge, nginx was giving 502 error otherwise
   proxy-body-size: 8m  # Biometrics may be there in request body
+  use-forwarded-headers: "true"
+  compute-full-forwarded-for: "true"
+  enable-real-ip: "true"
+  proxy-real-ip-cidr: "0.0.0.0/1"

deployment/sandbox-v2/helm/charts/kernel/templates/idgen-dep.yaml

@@ -46,7 +46,9 @@ spec:
         - name: artifactory_url_env
           value: {{ .Values.artifactoryUrl }} 
         - name: is_glowroot_env
-          value: {{ .Values.isGlowroot }} 
+          value: {{ .Values.isGlowroot }}
+        - name: iam_adapter_url_env
+          value: {{ .Values.iamAdapterUrl }}
         - name: JDK_JAVA_OPTIONS
           value: {{ $podconfig.java_opts }}
         ports:

deployment/sandbox-v2/helm/charts/kernel/templates/prid-dep.yaml

@@ -47,7 +47,9 @@ spec:
         - name: artifactory_url_env
           value: {{ .Values.artifactoryUrl }} 
         - name: is_glowroot_env
-          value: {{ .Values.isGlowroot }} 
+          value: {{ .Values.isGlowroot }}
+        - name: iam_adapter_url_env
+          value: {{ .Values.iamAdapterUrl }}
         - name: JDK_JAVA_OPTIONS
           value: {{ $podconfig.java_opts }}
         ports:

deployment/sandbox-v2/helm/charts/tusd/.gitignore

@@ -0,0 +1 @@
+values.yaml

deployment/sandbox-v2/helm/charts/tusd/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deployment/sandbox-v2/helm/charts/tusd/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: tusd
+description: A Helm chart for Mosip tusd server
+version: 1.2.0
+appVersion: 1.8.0

deployment/sandbox-v2/helm/charts/tusd/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{/* Template for impagepull secrets */}}
+{{- define "dockerHubSecret" }}
+{{ if .Values.dockerHub.private }}
+imagePullSecrets:
+- name: {{ .Values.dockerHub.keyname }}
+{{ end }}
+{{- end }}

deployment/sandbox-v2/helm/charts/tusd/templates/ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.docker.service }}
+  namespace: {{ .Release.Namespace}} 
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.com/health-checks: "true"
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /tusd
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: {{ .Values.docker.service }}
+            port: 
+              number: 80
+

deployment/sandbox-v2/helm/charts/tusd/templates/tusd-dep.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment 
+metadata:
+  name: {{  .Values.docker.service }}
+  namespace: {{ .Release.Namespace }} 
+spec:
+  replicas: {{ .Values.services.tusd.podconfig.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.docker.service }} 
+  minReadySeconds: {{ .Values.services.tusd.podconfig.minReadySeconds }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: {{ .Values.services.tusd.podconfig.maxUnavailable }}
+      maxSurge: {{ .Values.services.tusd.podconfig.maxSurge }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.docker.service }} 
+        exportLogs: {{ .Values.exportLogs }}
+    spec:
+      {{- include "dockerHubSecret" .  | indent 6}}
+      containers:
+      {{- include "dockerHubSecret" .  | indent 6}}
+      - name: {{  .Values.docker.service }}
+        image: {{ .Values.docker.image }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        ports:
+        - containerPort: {{ .Values.services.tusd.containerPort }}
+
+        readinessProbe:
+          tcpSocket:
+            port: {{  .Values.services.tusd.containerPort }}
+          periodSeconds: {{ .Values.probe.period }}
+          timeoutSeconds: {{ .Values.probe.timeout }}
+          failureThreshold: {{ .Values.probe.failureThreshold }}
+        livenessProbe:
+          tcpSocket:
+            port: {{  .Values.services.tusd.containerPort }}
+          periodSeconds: {{ .Values.probe.livenessPeriod }}
+          timeoutSeconds: {{ .Values.probe.timeout }}
+          failureThreshold: {{ .Values.probe.failureThreshold }}
+        startupProbe:
+          tcpSocket:
+            port: {{  .Values.services.tusd.containerPort }}
+          failureThreshold: {{ .Values.probe.failureThreshold }}
+          periodSeconds: {{ .Values.probe.startupPeriod }}
+          timeoutSeconds: {{ .Values.probe.timeout }}
+          initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}

deployment/sandbox-v2/helm/charts/tusd/templates/tusd-svc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.docker.service }}
+  namespace: {{ .Release.Namespace }} 
+
+spec:
+  selector:
+    app: {{ .Values.docker.service }}
+  ports:
+    - port: {{ .Values.services.tusd.servicePort }}
+      targetPort: {{ .Values.services.tusd.containerPort }}

deployment/sandbox-v2/helm/charts/tusd/values.template.j2

@@ -0,0 +1,25 @@
+name: tusd
+docker:
+  service: tusd
+  image: tusproject/tusd:v1.8.0
+imagePullPolicy: Always
+
+dockerHub:
+  private: {{ docker.hub.private }}  
+  keyname: {{ docker.hub.keyname }}
+
+services:
+  tusd:
+    podconfig:
+      {{ podconfig.tusd.service | to_nice_yaml(indent=6) | indent(6) }}
+    containerPort: 8080
+    servicePort: 80
+exportLogs: enabled  # Let filebeat export the logs
+
+probe:
+  period: 10 # Seconds
+  timeout: 5
+  livenessPeriod: 10
+  failureThreshold: 30
+  startupPeriod: 10
+  initialDelaySeconds: 60

deployment/sandbox-v2/playbooks/cluster.yml

@@ -38,5 +38,4 @@
         name: k8scluster/healthcheck
       when: "additional_features.healthcheck"
       run_once: yes
-      tags: healthcheck
-
+      tags: healthcheck

deployment/sandbox-v2/playbooks/tusd.yml

@@ -0,0 +1,15 @@
+# Antivirus running on MZ. 
+#
+
+- hosts: console
+  vars:
+    kube_config: '{{clusters.mz.kube_config}}' 
+    install_name: 'tusd'
+    helm_chart: '{{charts_root}}/tusd'
+    is_template: true  
+    helm_namespace: default
+    helm_values: '{{charts_root}}/tusd/values.template.j2'
+    helm_strings: ''
+  roles:
+    - {role:  helm}
+

deployment/sandbox-v2/podconfig.yml

@@ -663,7 +663,21 @@ podconfig:
         limits:
           cpu: 300m
           memory: 3Gi
-
+
+  tusd:
+    service:
+      replicas: 1
+      maxSurge: 1
+      maxUnavailable: 0
+      minReadySeconds: 10
+      resources:
+        requests:
+          cpu: 200m
+          memory: 1Gi
+        limits:
+          cpu: 300m
+          memory: 3Gi
+
   clamav:
     service:
       replicas: 1

deployment/sandbox-v2/roles/keycloak-init/defaults/main.yml

@@ -1,14 +1,12 @@
 keycloak_mosip_realms:
   - {realm_id: 'master', realm_file: 'realms/realm_master.json'}  # Only to update Master settings
   - {realm_id: 'mosip', realm_file: 'realms/realm_mosip.json'}
-  - {realm_id: 'preregistration', realm_file: 'realms/realm_prereg.json'}
 
 # IMPORTANT: If the client secret is changed below make sure you update the corresponding property in the property files of config-server. 
 keycloak_mosip_clients:
   - {realm_id: 'mosip', client_id: 'mosip-admin-client', secret: 'xyz123'}  
   - {realm_id: 'mosip', client_id: 'mosip-auth-client', secret: 'abc123'}  
   - {realm_id: 'mosip', client_id: 'mosip-prereg-client', secret: 'abc123'}  # TODO: To be removed later after client-realm bugfix.
-  - {realm_id: 'preregistration', client_id: 'mosip-prereg-client', secret: 'abc123'} 
   - {realm_id: 'mosip', client_id: 'mosip-regproc-client', secret: 'abc123'} 
   - {realm_id: 'mosip', client_id: 'mosip-ida-client', secret: 'abc123'} 
   - {realm_id: 'mosip', client_id: 'mosip-reg-client', secret: 'abc123'} 
@@ -53,11 +51,6 @@ keycloak_mosip_roles:  # Currently, all rolese belong to a realm (not to any cli
   - {realm_id: 'mosip', client_id: '', role_name: 'PARTNERMANAGER'}
   - {realm_id: 'mosip', client_id: '', role_name: 'PARTNER'}
   - {realm_id: 'mosip', client_id: '', role_name: 'POLICYMANAGER'}
-  - {realm_id: 'preregistration', client_id: '', role_name: 'INDIVIDUAL'}
-  - {realm_id: 'preregistration', client_id: '', role_name: 'AUTH'}
-  - {realm_id: 'preregistration', client_id: '', role_name: 'PRE_REGISTRATION_ADMIN'}
-  - {realm_id: 'preregistration', client_id: '', role_name: 'PREREG'}
-  - {realm_id: 'preregistration', client_id: '', role_name: 'REGISTRATION_PROCESSOR'}
   - {realm_id: 'mosip', client_id: '', role_name: 'CREDENTIAL_ISSUANCE'}
   - {realm_id: 'mosip', client_id: '', role_name: 'CREDENTIAL_REQUEST'}
   - {realm_id: 'mosip', client_id: '', role_name: 'CREATE_SHARE'}
@@ -471,10 +464,6 @@ keycloak_mosip_user_role_map:
   - {realm_id: 'mosip', username: 'service-account-mosip-prereg-client', role_name: 'PRE_REGISTRATION_ADMIN'}
   - {realm_id: 'mosip', username: 'service-account-mosip-prereg-client', role_name: 'PREREG'}
   - {realm_id: 'mosip', username: 'service-account-mosip-prereg-client', role_name: 'REGISTRATION_PROCESSOR'}
-  - {realm_id: 'preregistration', username: 'service-account-mosip-prereg-client', role_name: 'INDIVIDUAL'}
-  - {realm_id: 'preregistration', username: 'service-account-mosip-prereg-client', role_name: 'PRE_REGISTRATION_ADMIN'}
-  - {realm_id: 'preregistration', username: 'service-account-mosip-prereg-client', role_name: 'PREREG'}
-  - {realm_id: 'preregistration', username: 'service-account-mosip-prereg-client', role_name: 'REGISTRATION_PROCESSOR'}
   - {realm_id: 'mosip', username: 'service-account-mosip-auth-client', role_name: 'AUTH'}
   - {realm_id: 'mosip', username: 'service-account-mosip-regproc-client', role_name: 'REGISTRATION_PROCESSOR'}
   - {realm_id: 'mosip', username: 'service-account-mosip-regproc-client', role_name: 'DATA_READ'}

deployment/sandbox-v2/roles/keycloak-init/files/realms/realm_master.json

@@ -73,7 +73,7 @@
     "resetPasswordAllowed": false, 
     "revokeRefreshToken": false, 
     "smtpServer": {}, 
-    "sslRequired": "external", 
+    "sslRequired": "all",
     "ssoSessionIdleTimeout": 86400, 
     "ssoSessionIdleTimeoutRememberMe": 0, 
     "ssoSessionMaxLifespan": 36000, 

deployment/sandbox-v2/roles/keycloak-init/files/realms/realm_mosip.json

@@ -72,7 +72,7 @@
     "resetPasswordAllowed": false, 
     "revokeRefreshToken": false, 
     "smtpServer": {}, 
-    "sslRequired": "external", 
+    "sslRequired": "all",
     "ssoSessionIdleTimeout": 86400, 
     "ssoSessionIdleTimeoutRememberMe": 0, 
     "ssoSessionMaxLifespan": 36000,