From 83280946629ddb1466b018ae6937c0f1d44b4977 Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Wed, 25 Sep 2024 19:29:07 +0530 Subject: [PATCH 01/30] [DSD-35987]Adding changes for better logging and storage of reports. Signed-off-by: Mahesh.Binayak --- default.sh | 66 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 50 insertions(+), 16 deletions(-) diff --git a/default.sh b/default.sh index 126423d..bbc1bf3 100644 --- a/default.sh +++ b/default.sh @@ -8,6 +8,8 @@ upload_ida_root_cert() { echo "Uploading ida root cert" + reports_dir="./reports/IDA/$current_date/$current_time" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var cert-application-id=ROOT \ @@ -20,12 +22,14 @@ upload_ida_root_cert() { --folder download-ida-certificate \ --folder upload-ca-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/ida-root.html + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/ida-root.html" } upload_ida_cert() { echo "Uploading ida cert" + reports_dir="./reports/IDA/$current_date/$current_time" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var cert-application-id=IDA \ @@ -38,11 +42,13 @@ upload_ida_cert() { --folder download-ida-certificate \ --folder upload-ca-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/ida-ca.html + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/ida.html" } upload_ida_partner_cert () { echo "Uploading mpartner-default-auth cert" + reports_dir="./reports/IDA/$current_date/$current_time" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -59,11 +65,13 @@ upload_ida_partner_cert () { --folder upload-leaf-certificate \ --folder upload-signed-leaf-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/ida-partner.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/ida-partner.html" --reporter-htmlextra-showEnvironmentData } upload_ida_cred_cert () { echo "Uploading ida cred cert to keymanager for zero knowledge encryption" + reports_dir="./reports/IDA/$current_date/$current_time" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -77,11 +85,13 @@ upload_ida_cred_cert () { --folder download-ida-certificate \ --folder upload-ida-cred-cert-to-keymanager \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/ida-cred.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/ida-cred.html" --reporter-htmlextra-showEnvironmentData } upload_resident_cert() { echo "Uploading mpartner-default-resident cert" + reports_dir="./reports/RESIDENT/$current_date/$current_time" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -100,10 +110,12 @@ upload_resident_cert() { --folder upload-leaf-certificate \ --folder upload-signed-leaf-certifcate-to-keymanager \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/resident.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/resident.html" --reporter-htmlextra-showEnvironmentData } upload_print_cert() { echo "Uploading mpartner-default-print cert" + reports_dir="./reports/PRINT/$current_date/$current_time" + mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/print/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/print/client-inline.pem" root_ca_cert=`awk '{ print $0 }' $root_cert_path` @@ -122,11 +134,13 @@ upload_print_cert() { --folder upload-ca-certificate \ --folder upload-leaf-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/print.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/print.html" --reporter-htmlextra-showEnvironmentData } upload_abis_cert () { echo "Uploading mpartner-default-abis cert" + reports_dir="./reports/ABIS/$current_date/$current_time" + mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/abis/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/abis/client-inline.pem" root_ca_cert=`awk '{ print $0 }' $root_cert_path` @@ -145,10 +159,12 @@ upload_abis_cert () { --folder upload-ca-certificate \ --folder upload-leaf-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/abis.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/abis.html" --reporter-htmlextra-showEnvironmentData } upload_mpartner_default_mobile_cert() { echo "Uploading mpartner-default-mobile cert" + reports_dir="./reports/MOBILEID/$current_date/$current_time" + mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/mpartner-default-mobile/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/mpartner-default-mobile/client-inline.pem" root_ca_cert=`awk '{ print $0 }' $root_cert_path` @@ -170,10 +186,12 @@ upload_mpartner_default_mobile_cert() { --folder upload-leaf-certificate \ --folder mapping-partner-to-policy-credential-type \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/mpartner-default-mobile.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mpartner-default-mobile.html" --reporter-htmlextra-showEnvironmentData } upload_mpartner_default_digitalcard_cert() { echo "Uploading mpartner-default-digitalcard cert" + reports_dir="./reports/DIGITALCARD/$current_date/$current_time" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -192,11 +210,13 @@ upload_mpartner_default_digitalcard_cert() { --folder upload-leaf-certificate \ --folder upload-signed-leaf-certifcate-to-keymanager \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/digitalcard.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mpartner-default-digitalcard.html" --reporter-htmlextra-showEnvironmentData } onboard_esignet_partner() { echo "Onboarding esignet-partner" + reports_dir="./reports/ESIGNET/$current_date/$current_time" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -233,7 +253,7 @@ onboard_esignet_partner() { --folder login-to-keycloak-as-admin \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-esignet-misp-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/e-signet.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-esignet-misp-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/esignet.html" --reporter-htmlextra-showEnvironmentData MISP_LICENSE_KEY=$(jq -r '.values[] | select(.key == "mpartner-default-esignet-misp-license-key") | .value' config-secrets.json) if [ -z "$MISP_LICENSE_KEY" ]; then @@ -243,6 +263,8 @@ fi onboard_relying_party_with_demo_oidc_client(){ echo "Onboarding demo-oidc-client" + reports_dir="./reports/DEMO_OIDC/$current_date/$current_time" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -286,13 +308,15 @@ onboard_relying_party_with_demo_oidc_client(){ --folder create-oidc-client \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-demo-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/demo-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-demo-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/demo-oidc.html" --reporter-htmlextra-showEnvironmentData privateandpublickeypair=$(jq -r '.values[] | select(.key == "privateandpublickeypair") | .value' config-secrets.json) privateandpublickeypair=$(echo -n "$privateandpublickeypair" | base64) mpartnerdefaultdemooidcclientID=$(jq -r '.values[] | select(.key == "mpartner-default-demo-oidc-clientID") | .value' "config-secrets.json") } onboard_resident_oidc_client() { echo "Onboarding resident oidc client" +reports_dir="./reports/RESIDENT_OIDC/$current_date/$current_time" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-jwks.sh if [ $? -gt 0 ]; then echo "JWK Key generation failed; EXITING"; @@ -344,11 +368,13 @@ echo "Onboarding resident oidc client" --folder create-oidc-client \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-resident-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/resident-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-resident-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/resident-oidc.html" --reporter-htmlextra-showEnvironmentData mpartnerdefaultresidentoidcclientID=$(jq -r '.values[] | select(.key == "mpartner-default-resident-oidc-clientID") | .value' "config-secrets.json") } onboard_mimoto_keybinding_partner(){ echo "Onboarding Mimoto Keybinding partner" + reports_dir="./reports/MIMOTO_KEYBINDING/$current_date/$current_time" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -388,11 +414,13 @@ onboard_mimoto_keybinding_partner(){ --folder request-for-partner-apikey \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-mimoto-keybinding-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/mimoto-keybinding.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-mimoto-keybinding-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mimoto-keybinding.html" --reporter-htmlextra-showEnvironmentData mpartnerdefaultmimotokeybindingapikey=$(jq -r '.values[] | select(.key == "mpartner-default-mimotokeybinding-apikey") | .value' "config-secrets.json") } onboard_mimoto_oidc_partner(){ echo "Onboarding Mimoto OIDC partner" + reports_dir="./reports/MIMOTO_OIDC/$current_date/$current_time" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -446,11 +474,13 @@ onboard_mimoto_oidc_partner(){ --folder create-oidc-client \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-mimoto-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/mimoto-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-mimoto-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mimoto-oidc.html" --reporter-htmlextra-showEnvironmentData mpartnerdefaultmimotooidcclientID=$(jq -r '.values[] | select(.key == "mpartner-default-mimotooidc-clientID") | .value' "config-secrets.json") } onboard_esignet_signup_oidc_partner(){ echo "Onboarding Esignet-signup OIDC partner" + reports_dir="./reports/SIGNUP_OIDC/$current_date/$current_time" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -489,10 +519,12 @@ onboard_esignet_signup_oidc_partner(){ --folder create-oidc-client-through-esignet \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export ./reports/signup-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/signup-oidc.html" --reporter-htmlextra-showEnvironmentData } onboard_esignet_sunbird_partner(){ echo "Onboarding Sunbird partner" + reports_dir="./reports/SUNBIRD/$current_date/$current_time" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -531,11 +563,13 @@ onboard_esignet_sunbird_partner(){ --folder create-oidc-client-through-esignet-sunbird \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export ./reports/sunbird-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/sunbird-oidc.html" --reporter-htmlextra-showEnvironmentData } ## Script starts from here export MYDIR=$(pwd) DATE=$(date -u +%FT%T.%3NZ) +current_date=$(date +"%d-%m-%Y") +current_time=$(date +"%H-%M %p") KEYCLOAK_URL=$(printenv keycloak-external-url) KEYCLOAK_CLIENT="mosip-deployment-client" KEYCLOAK_CLIENT_SECRET="$mosip_deployment_client_secret" From b1f5fe22547633d99d4685a991603844210ff6c0 Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Thu, 26 Sep 2024 21:51:36 +0530 Subject: [PATCH 02/30] [DSD-35987]Adding changes for s3 push flag and renamed to mock-rp-oidc client Signed-off-by: Mahesh.Binayak --- ...y.json => default-mock-rp-oidc-policy.json | 0 default.sh | 59 +++++++++---------- upload-reports.sh | 51 +++++++++------- 3 files changed, 59 insertions(+), 51 deletions(-) rename default-demo-oidc-policy.json => default-mock-rp-oidc-policy.json (100%) diff --git a/default-demo-oidc-policy.json b/default-mock-rp-oidc-policy.json similarity index 100% rename from default-demo-oidc-policy.json rename to default-mock-rp-oidc-policy.json diff --git a/default.sh b/default.sh index bbc1bf3..1cf6f07 100644 --- a/default.sh +++ b/default.sh @@ -8,7 +8,7 @@ upload_ida_root_cert() { echo "Uploading ida root cert" - reports_dir="./reports/IDA/$current_date/$current_time" + reports_dir="./reports/IDA/$current_datetime" mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ @@ -28,7 +28,7 @@ upload_ida_root_cert() { upload_ida_cert() { echo "Uploading ida cert" - reports_dir="./reports/IDA/$current_date/$current_time" + reports_dir="./reports/IDA/$current_datetime" mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ @@ -47,7 +47,7 @@ upload_ida_cert() { upload_ida_partner_cert () { echo "Uploading mpartner-default-auth cert" - reports_dir="./reports/IDA/$current_date/$current_time" + reports_dir="./reports/IDA/$current_datetime" mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ @@ -70,7 +70,7 @@ upload_ida_partner_cert () { upload_ida_cred_cert () { echo "Uploading ida cred cert to keymanager for zero knowledge encryption" - reports_dir="./reports/IDA/$current_date/$current_time" + reports_dir="./reports/IDA/$current_datetime" mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ @@ -90,7 +90,7 @@ upload_ida_cred_cert () { upload_resident_cert() { echo "Uploading mpartner-default-resident cert" - reports_dir="./reports/RESIDENT/$current_date/$current_time" + reports_dir="./reports/RESIDENT/$current_datetime" mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ @@ -114,7 +114,7 @@ upload_resident_cert() { } upload_print_cert() { echo "Uploading mpartner-default-print cert" - reports_dir="./reports/PRINT/$current_date/$current_time" + reports_dir="./reports/PRINT/$current_datetime" mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/print/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/print/client-inline.pem" @@ -139,7 +139,7 @@ upload_print_cert() { upload_abis_cert () { echo "Uploading mpartner-default-abis cert" - reports_dir="./reports/ABIS/$current_date/$current_time" + reports_dir="./reports/ABIS/$current_datetime" mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/abis/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/abis/client-inline.pem" @@ -163,7 +163,7 @@ upload_abis_cert () { } upload_mpartner_default_mobile_cert() { echo "Uploading mpartner-default-mobile cert" - reports_dir="./reports/MOBILEID/$current_date/$current_time" + reports_dir="./reports/MOBILEID/$current_datetime" mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/mpartner-default-mobile/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/mpartner-default-mobile/client-inline.pem" @@ -190,7 +190,7 @@ upload_mpartner_default_mobile_cert() { } upload_mpartner_default_digitalcard_cert() { echo "Uploading mpartner-default-digitalcard cert" - reports_dir="./reports/DIGITALCARD/$current_date/$current_time" + reports_dir="./reports/DIGITALCARD/$current_datetime" mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ @@ -215,7 +215,7 @@ upload_mpartner_default_digitalcard_cert() { onboard_esignet_partner() { echo "Onboarding esignet-partner" - reports_dir="./reports/ESIGNET/$current_date/$current_time" + reports_dir="./reports/ESIGNET/$current_datetime" mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ @@ -261,9 +261,9 @@ if [ -z "$MISP_LICENSE_KEY" ]; then fi } -onboard_relying_party_with_demo_oidc_client(){ - echo "Onboarding demo-oidc-client" - reports_dir="./reports/DEMO_OIDC/$current_date/$current_time" +onboard_mock_relying_party_with_mock_rp_oidc_client(){ + echo "Onboarding mock-rp-oidc-client" + reports_dir="./reports/MOCK_RP_OIDC/$current_datetime" mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) @@ -273,8 +273,8 @@ onboard_relying_party_with_demo_oidc_client(){ newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ - --env-var partner-manager-username=demooidc-kc-mockusername \ - --env-var partner-manager-password=demooidc-kc-mockuserpassword \ + --env-var partner-manager-username=mock-rp-oidc-kc-mockusername \ + --env-var partner-manager-password=mock-rp-oidc-kc-mockuserpassword \ --env-var application-id=$APPLICATION_ID \ --env-var module-clientid=$MODULE_CLIENTID \ --env-var module-secretkey=$MODULE_SECRETKEY \ @@ -308,14 +308,14 @@ onboard_relying_party_with_demo_oidc_client(){ --folder create-oidc-client \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-demo-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/demo-oidc.html" --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-mock-rp-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mock-rp-oidc.html" --reporter-htmlextra-showEnvironmentData privateandpublickeypair=$(jq -r '.values[] | select(.key == "privateandpublickeypair") | .value' config-secrets.json) privateandpublickeypair=$(echo -n "$privateandpublickeypair" | base64) mpartnerdefaultdemooidcclientID=$(jq -r '.values[] | select(.key == "mpartner-default-demo-oidc-clientID") | .value' "config-secrets.json") } onboard_resident_oidc_client() { echo "Onboarding resident oidc client" -reports_dir="./reports/RESIDENT_OIDC/$current_date/$current_time" +reports_dir="./reports/RESIDENT_OIDC/$current_datetime" mkdir -p "$reports_dir" sh $MYDIR/certs/create-jwks.sh if [ $? -gt 0 ]; then @@ -373,7 +373,7 @@ mpartnerdefaultresidentoidcclientID=$(jq -r '.values[] | select(.key == "mpartne } onboard_mimoto_keybinding_partner(){ echo "Onboarding Mimoto Keybinding partner" - reports_dir="./reports/MIMOTO_KEYBINDING/$current_date/$current_time" + reports_dir="./reports/MIMOTO_KEYBINDING/$current_datetime" mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) @@ -419,7 +419,7 @@ mpartnerdefaultmimotokeybindingapikey=$(jq -r '.values[] | select(.key == "mpart } onboard_mimoto_oidc_partner(){ echo "Onboarding Mimoto OIDC partner" - reports_dir="./reports/MIMOTO_OIDC/$current_date/$current_time" + reports_dir="./reports/MIMOTO_OIDC/$current_datetime" mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) @@ -479,7 +479,7 @@ mpartnerdefaultmimotooidcclientID=$(jq -r '.values[] | select(.key == "mpartner- } onboard_esignet_signup_oidc_partner(){ echo "Onboarding Esignet-signup OIDC partner" - reports_dir="./reports/SIGNUP_OIDC/$current_date/$current_time" + reports_dir="./reports/SIGNUP_OIDC/$current_datetime" mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) @@ -523,7 +523,7 @@ onboard_esignet_signup_oidc_partner(){ } onboard_esignet_sunbird_partner(){ echo "Onboarding Sunbird partner" - reports_dir="./reports/SUNBIRD/$current_date/$current_time" + reports_dir="./reports/SUNBIRD/$current_datetime" mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) @@ -568,8 +568,7 @@ onboard_esignet_sunbird_partner(){ ## Script starts from here export MYDIR=$(pwd) DATE=$(date -u +%FT%T.%3NZ) -current_date=$(date +"%d-%m-%Y") -current_time=$(date +"%H-%M %p") +current_datetime=$(date +"%dth-%b-%I-%M %p") KEYCLOAK_URL=$(printenv keycloak-external-url) KEYCLOAK_CLIENT="mosip-deployment-client" KEYCLOAK_CLIENT_SECRET="$mosip_deployment_client_secret" @@ -627,13 +626,13 @@ elif [ "$MODULE" = "esignet" ]; then echo "Updating esignet MISP_LICENSE_KEY" kubectl create secret generic esignet-misp-onboarder-key -n $ns_esignet --from-literal=mosip-esignet-misp-key=$MISP_LICENSE_KEY --dry-run=client -o yaml | kubectl apply -f - echo "MISP Key Updated successfully" -elif [ "$MODULE" = "demo-oidc" ]; then +elif [ "$MODULE" = "mock-rp-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client MODULE_SECRETKEY=$mosip_pms_client_secret - POLICY_NAME=mpolicy-default-demo-oidc - POLICY_GROUP_NAME=mpolicygroup-default-demo-oidc - export PARTNER_KC_USERNAME=mpartner-default-demo-oidc + POLICY_NAME=mpolicy-default-mock-rp-oidc + POLICY_GROUP_NAME=mpolicygroup-default-mock-rp-oidc + export PARTNER_KC_USERNAME=mpartner-default-mock-rp-oidc PARTNER_ORGANIZATION_NAME=IITB PARTNER_TYPE=Auth_Partner OIDC_CLIENT_NAME='Health service OIDC Client' @@ -641,12 +640,12 @@ elif [ "$MODULE" = "demo-oidc" ]; then REDIRECT_URIS=https://healthservices.$( printenv installation-domain)/userprofile root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" client_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/Client.pem" - onboard_relying_party_with_demo_oidc_client - echo "Updating jwk privateandpublickeypair and Mpartner Default Demo Oidc Client ID" + onboard_relying_party_with_mock_rp_oidc_client + echo "Updating jwk privateandpublickeypair and Mpartner Default Mock Relying Party Oidc Client ID" kubectl patch secret mock-relying-party-service-secrets -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' kubectl rollout restart deployment -n $ns_esignet mock-relying-party-service kubectl -n $ns_esignet set env deployment/mock-relying-party-ui CLIENT_ID=$mpartnerdefaultdemooidcclientID - echo "JWK PrivatePublic Key Pair and Mpartner Default Demo Oidc Client ID updated successfully" + echo "JWK PrivatePublic Key Pair and Mpartner Default Mock Relying Party Oidc Client ID updated successfully" elif [ "$MODULE" = "resident-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client diff --git a/upload-reports.sh b/upload-reports.sh index 3806183..ae8ad3c 100755 --- a/upload-reports.sh +++ b/upload-reports.sh @@ -1,28 +1,37 @@ #!/bin/sh -S3_HOST=$( printenv s3-host ) -S3_REGION=$( printenv s3-region ) -S3_USER_KEY=$( printenv s3-user-key ) -S3_USER_SECRET=$( printenv s3-user-secret ) -S3_BUCKET_NAME=$( printenv s3-bucket-name ) - -if [ ! -z "$S3_REGION" ]; then - S3_REGION="--region $S3_REGION" -else - S3_REGION='' -fi -echo -e "\n\n=========================== PUSHING REPORTS TO S3 ================================================\n" -echo -e "S3_HOST: $S3_HOST\n" -echo -e "S3_REGION: $S3_REGION\n" -echo -e "S3_USER_KEY: $S3_USER_KEY\n" -echo -e "S3_USER_SECRET: $S3_USER_SECRET\n" -echo -e "S3_BUCKET_NAME: $S3_BUCKET_NAME\n" +PUSH_REPORTS_TO_S3=$( printenv push-reports-to-s3 ) + + +if [ "$PUSH_REPORTS_TO_S3" = "true" ]; then + + S3_HOST=$( printenv s3-host ) + S3_REGION=$( printenv s3-region ) + S3_USER_KEY=$( printenv s3-user-key ) + S3_USER_SECRET=$( printenv s3-user-secret ) + S3_BUCKET_NAME=$( printenv s3-bucket-name ) -mc alias set s3 "$S3_HOST" "$S3_USER_KEY" "$S3_USER_SECRET" + if [ ! -z "$S3_REGION" ]; then + S3_REGION="--region $S3_REGION" + else + S3_REGION='' + fi -mc mb s3/"$S3_BUCKET_NAME" --ignore-existing $S3_REGION + echo -e "\n\n=========================== PUSHING REPORTS TO S3 ================================================\n" + echo -e "S3_HOST: $S3_HOST\n" + echo -e "S3_REGION: $S3_REGION\n" + echo -e "S3_USER_KEY: $S3_USER_KEY\n" + echo -e "S3_USER_SECRET: $S3_USER_SECRET\n" + echo -e "S3_BUCKET_NAME: $S3_BUCKET_NAME\n" -mc cp --recursive reports "s3/$S3_BUCKET_NAME/" + mc alias set s3 "$S3_HOST" "$S3_USER_KEY" "$S3_USER_SECRET" -echo -e "\n\nReports pushed to minio" \ No newline at end of file + mc mb s3/"$S3_BUCKET_NAME" --ignore-existing $S3_REGION + + mc cp --recursive reports "s3/$S3_BUCKET_NAME/" + + echo -e "\n\nReports pushed to MinIO" +else + echo -e "\n\nFlag 'push-reports-to-s3' is not set to false. Skipping report push to s3 bucket.\n" +fi From 6a2d4dd900491e81dbac7614486dd84dc66dafb4 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Mon, 30 Sep 2024 16:16:27 +0530 Subject: [PATCH 03/30] [MOSIP-35987] updated onboarder changes to store reports in volumes Signed-off-by: ckm007 --- helm/partner-onboarder/templates/pv.yaml | 19 +++++++++++++++++++ helm/partner-onboarder/templates/pvc.yaml | 23 +++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 helm/partner-onboarder/templates/pv.yaml create mode 100644 helm/partner-onboarder/templates/pvc.yaml diff --git a/helm/partner-onboarder/templates/pv.yaml b/helm/partner-onboarder/templates/pv.yaml new file mode 100644 index 0000000..bc9de7c --- /dev/null +++ b/helm/partner-onboarder/templates/pv.yaml @@ -0,0 +1,19 @@ +{{- if .Values.onboarding.volumes.reports.enabled }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.onboarding.volumes.reports.name }} + labels: + name: {{ .Values.onboarding.volumes.reports.name }} +spec: + storageClassName: {{ .Values.onboarding.volumes.reports.storageClass }} + capacity: + storage: {{ .Values.onboarding.volumes.reports.size }} + accessModes: + {{- range .Values.onboarding.volumes.reports.accessModes }} + - {{ . }} + {{- end }} + nfs: + server: {{ .Values.onboarding.volumes.reports.nfs.server }} + path: {{ .Values.onboarding.volumes.reports.nfs.path }} +{{- end }} diff --git a/helm/partner-onboarder/templates/pvc.yaml b/helm/partner-onboarder/templates/pvc.yaml new file mode 100644 index 0000000..b391b2d --- /dev/null +++ b/helm/partner-onboarder/templates/pvc.yaml @@ -0,0 +1,23 @@ +{{- range $module := $.Values.onboarding.modules }} +{{- if $module.enabled }} +{{- if $.Values.onboarding.volumes.reports.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $module.name }}-pvc + namespace: {{ $.Release.Namespace | quote }} +spec: + storageClassName: {{ $.Values.onboarding.volumes.reports.storageClass }} + accessModes: + {{- range $.Values.onboarding.volumes.reports.accessModes }} + - {{ . }} + {{- end }} + resources: + requests: + storage: {{ $.Values.onboarding.volumes.reports.size }} + selector: + matchLabels: + name: {{ $.Values.onboarding.volumes.reports.name }} +{{- end }} +{{- end }} +{{- end }} From 6cb397c2bd7a8e2cb4a81356a064102761205549 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Mon, 30 Sep 2024 16:16:41 +0530 Subject: [PATCH 04/30] [MOSIP-35987] updated onboarder changes to store reports in volumes Signed-off-by: ckm007 --- helm/partner-onboarder/.gitignore | 2 +- helm/partner-onboarder/templates/jobs.yaml | 15 ++++++++++++++- helm/partner-onboarder/templates/pv.yaml | 20 ++++++++++++-------- helm/partner-onboarder/templates/pvc.yaml | 2 +- helm/partner-onboarder/values.yaml | 22 +++++++++++++++++++--- 5 files changed, 47 insertions(+), 14 deletions(-) diff --git a/helm/partner-onboarder/.gitignore b/helm/partner-onboarder/.gitignore index 5df6a14..f791801 100644 --- a/helm/partner-onboarder/.gitignore +++ b/helm/partner-onboarder/.gitignore @@ -1,2 +1,2 @@ charts/ -Charts.yaml +Chart.lock diff --git a/helm/partner-onboarder/templates/jobs.yaml b/helm/partner-onboarder/templates/jobs.yaml index dc02639..77219a6 100644 --- a/helm/partner-onboarder/templates/jobs.yaml +++ b/helm/partner-onboarder/templates/jobs.yaml @@ -38,6 +38,8 @@ spec: env: - name: MODULE value: {{ $module.name }} + - name: push_reports_to_s3 + value: {{ quote $.Values.onboarding.variables.push_reports_to_s3 }} envFrom: {{- if $.Values.onboarding.configmaps }} {{- range $cm_name, $cm_value := $.Values.onboarding.configmaps }} @@ -66,5 +68,16 @@ spec: {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} {{- end }} + volumeMounts: + {{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} + - name: {{ $.Values.onboarding.volumes.reports.name }} + mountPath: /home/mosip/reports/ + {{- end }} + volumes: + {{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} + - name: {{ $.Values.onboarding.volumes.reports.name }} + persistentVolumeClaim: + claimName: {{ $.Values.onboarding.volumes.reports.name }}-{{ $module.name }}-pvc + {{- end }} +{{- end }} {{- end }} -{{- end }} \ No newline at end of file diff --git a/helm/partner-onboarder/templates/pv.yaml b/helm/partner-onboarder/templates/pv.yaml index bc9de7c..400484d 100644 --- a/helm/partner-onboarder/templates/pv.yaml +++ b/helm/partner-onboarder/templates/pv.yaml @@ -1,19 +1,23 @@ -{{- if .Values.onboarding.volumes.reports.enabled }} +{{- range $module := $.Values.onboarding.modules }} +{{- if $module.enabled }} +{{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} apiVersion: v1 kind: PersistentVolume metadata: - name: {{ .Values.onboarding.volumes.reports.name }} + name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $module.name }}-pv labels: - name: {{ .Values.onboarding.volumes.reports.name }} + name: {{ $.Values.onboarding.volumes.reports.name }} spec: - storageClassName: {{ .Values.onboarding.volumes.reports.storageClass }} + storageClassName: {{ $.Values.onboarding.volumes.reports.storageClass }} capacity: - storage: {{ .Values.onboarding.volumes.reports.size }} + storage: {{ $.Values.onboarding.volumes.reports.size }} accessModes: - {{- range .Values.onboarding.volumes.reports.accessModes }} + {{- range $.Values.onboarding.volumes.reports.accessModes }} - {{ . }} {{- end }} nfs: - server: {{ .Values.onboarding.volumes.reports.nfs.server }} - path: {{ .Values.onboarding.volumes.reports.nfs.path }} + server: {{ $.Values.onboarding.volumes.reports.nfs.server }} + path: {{ $.Values.onboarding.volumes.reports.nfs.path }} +{{- end }} +{{- end }} {{- end }} diff --git a/helm/partner-onboarder/templates/pvc.yaml b/helm/partner-onboarder/templates/pvc.yaml index b391b2d..b583e78 100644 --- a/helm/partner-onboarder/templates/pvc.yaml +++ b/helm/partner-onboarder/templates/pvc.yaml @@ -1,6 +1,6 @@ {{- range $module := $.Values.onboarding.modules }} {{- if $module.enabled }} -{{- if $.Values.onboarding.volumes.reports.enabled }} +{{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/helm/partner-onboarder/values.yaml b/helm/partner-onboarder/values.yaml index 36c7e97..1973096 100644 --- a/helm/partner-onboarder/values.yaml +++ b/helm/partner-onboarder/values.yaml @@ -262,7 +262,6 @@ extraEnvVarsCM: ## Secret with extra environment variables ## extraEnvVarsSecret: - - s3 - keycloak - keycloak-client-secrets @@ -441,7 +440,7 @@ onboarding: enabled: true - name: esignet enabled: false - - name: demo-oidc + - name: mock-rp-oidc enabled: false - name: resident-oidc enabled: false @@ -451,7 +450,6 @@ onboarding: enabled: false - name: signup-oidc enabled: false - configmaps: s3: s3-host: 'http://minio.minio:9000' @@ -462,3 +460,21 @@ onboarding: ns_esignet: esignet ns_signup: signup secrets: + s3: + s3-user-secret: 'password' + volumes: + reports: + name: onboarder-reports + storageClass: nfs-client + accessModes: + - ReadWriteMany + size: 10Mi + existingClaim: + # Dir where config and keys are written inside container + mountDir: /home/mosip/reports + nfs: + path: "/srv/nfs/sandbox/onboarding" # Dir within the nfs server where config repo is cloned/maintained locally. + server: "nfs-server" # Ip address of nfs server. + variables: + push_reports_to_s3: true + From 1921215e44bfd9e81c7fc23e557f034dd9d38355 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Tue, 1 Oct 2024 11:13:21 +0530 Subject: [PATCH 05/30] [MOSIP-35987]Updated default.sh Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.sh b/default.sh index 1cf6f07..4e04165 100644 --- a/default.sh +++ b/default.sh @@ -640,7 +640,7 @@ elif [ "$MODULE" = "mock-rp-oidc" ]; then REDIRECT_URIS=https://healthservices.$( printenv installation-domain)/userprofile root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" client_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/Client.pem" - onboard_relying_party_with_mock_rp_oidc_client + onboard_mock_relying_party_with_mock_rp_oidc_client echo "Updating jwk privateandpublickeypair and Mpartner Default Mock Relying Party Oidc Client ID" kubectl patch secret mock-relying-party-service-secrets -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' kubectl rollout restart deployment -n $ns_esignet mock-relying-party-service From 7b053c7cba166496d7c630897b0a92a6a050e711 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:00:06 +0530 Subject: [PATCH 06/30] [MOSIP-35987]Update upload-reports.sh Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- upload-reports.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/upload-reports.sh b/upload-reports.sh index ae8ad3c..75cae53 100755 --- a/upload-reports.sh +++ b/upload-reports.sh @@ -1,7 +1,6 @@ #!/bin/sh - -PUSH_REPORTS_TO_S3=$( printenv push-reports-to-s3 ) +PUSH_REPORTS_TO_S3=$( printenv push_reports_to_s3 ) if [ "$PUSH_REPORTS_TO_S3" = "true" ]; then @@ -33,5 +32,5 @@ if [ "$PUSH_REPORTS_TO_S3" = "true" ]; then echo -e "\n\nReports pushed to MinIO" else - echo -e "\n\nFlag 'push-reports-to-s3' is not set to false. Skipping report push to s3 bucket.\n" + echo -e "\n\nFlag 'push_reports_to_s3' is set to false. Skipping report push to s3 bucket.\n" fi From 93e639d14107b7c6a0fac2c129e3df3e0b2c511a Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Tue, 1 Oct 2024 15:16:51 +0530 Subject: [PATCH 07/30] Update default.sh Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.sh b/default.sh index 4e04165..e800b42 100644 --- a/default.sh +++ b/default.sh @@ -568,7 +568,7 @@ onboard_esignet_sunbird_partner(){ ## Script starts from here export MYDIR=$(pwd) DATE=$(date -u +%FT%T.%3NZ) -current_datetime=$(date +"%dth-%b-%I-%M %p") +current_datetime=$(date -u +"%d-%m-%y-%H-%M"-UTC) KEYCLOAK_URL=$(printenv keycloak-external-url) KEYCLOAK_CLIENT="mosip-deployment-client" KEYCLOAK_CLIENT_SECRET="$mosip_deployment_client_secret" From 41753c59167a14fe91fa2820c04806aa8c543cb9 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Tue, 1 Oct 2024 15:50:48 +0530 Subject: [PATCH 08/30] [MOSIP-35816] updated pv name and selecter for secviceaccountname Signed-off-by: ckm007 --- helm/partner-onboarder/templates/jobs.yaml | 2 +- helm/partner-onboarder/templates/pv.yaml | 4 +++- helm/partner-onboarder/templates/pvc.yaml | 2 +- helm/partner-onboarder/templates/rolebinding.yaml | 6 +++--- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/helm/partner-onboarder/templates/jobs.yaml b/helm/partner-onboarder/templates/jobs.yaml index 77219a6..05c19f3 100644 --- a/helm/partner-onboarder/templates/jobs.yaml +++ b/helm/partner-onboarder/templates/jobs.yaml @@ -77,7 +77,7 @@ spec: {{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} - name: {{ $.Values.onboarding.volumes.reports.name }} persistentVolumeClaim: - claimName: {{ $.Values.onboarding.volumes.reports.name }}-{{ $module.name }}-pvc + claimName: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc {{- end }} {{- end }} {{- end }} diff --git a/helm/partner-onboarder/templates/pv.yaml b/helm/partner-onboarder/templates/pv.yaml index 400484d..7d4f38b 100644 --- a/helm/partner-onboarder/templates/pv.yaml +++ b/helm/partner-onboarder/templates/pv.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $module.name }}-pv + name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc labels: name: {{ $.Values.onboarding.volumes.reports.name }} spec: @@ -18,6 +18,8 @@ spec: nfs: server: {{ $.Values.onboarding.volumes.reports.nfs.server }} path: {{ $.Values.onboarding.volumes.reports.nfs.path }} +# mountOptions: +# - nolock {{- end }} {{- end }} {{- end }} diff --git a/helm/partner-onboarder/templates/pvc.yaml b/helm/partner-onboarder/templates/pvc.yaml index b583e78..5913bd2 100644 --- a/helm/partner-onboarder/templates/pvc.yaml +++ b/helm/partner-onboarder/templates/pvc.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $module.name }}-pvc + name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc namespace: {{ $.Release.Namespace | quote }} spec: storageClassName: {{ $.Values.onboarding.volumes.reports.storageClass }} diff --git a/helm/partner-onboarder/templates/rolebinding.yaml b/helm/partner-onboarder/templates/rolebinding.yaml index 4c8513a..94ebe35 100644 --- a/helm/partner-onboarder/templates/rolebinding.yaml +++ b/helm/partner-onboarder/templates/rolebinding.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} subjects: - kind: ServiceAccount - name: {{ .Release.Name }} + name: {{ template "partner-onboarder.serviceAccountName" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role @@ -19,11 +19,11 @@ metadata: namespace: {{ .Release.Namespace }} subjects: - kind: ServiceAccount - name: {{ .Release.Name }} + name: {{ template "partner-onboarder.serviceAccountName" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role name: {{ .Release.Name }}-secrets-pods-role apiGroup: rbac.authorization.k8s.io ---- \ No newline at end of file +--- From 2e59b6f3d01cea66a0ada997acc900e0c674bdac Mon Sep 17 00:00:00 2001 From: ckm007 Date: Tue, 1 Oct 2024 16:08:14 +0530 Subject: [PATCH 09/30] [MOSIP-36196] updated pv name and selecter for secviceaccountname Signed-off-by: ckm007 --- helm/partner-onboarder/values.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/helm/partner-onboarder/values.yaml b/helm/partner-onboarder/values.yaml index 1973096..69236cf 100644 --- a/helm/partner-onboarder/values.yaml +++ b/helm/partner-onboarder/values.yaml @@ -427,17 +427,17 @@ metrics: onboarding: modules: - name: ida - enabled: true + enabled: false - name: print - enabled: true + enabled: false - name: abis - enabled: true + enabled: false - name: resident - enabled: true + enabled: false - name: mimoto - enabled: true + enabled: false - name: digitalcard - enabled: true + enabled: false - name: esignet enabled: false - name: mock-rp-oidc @@ -445,7 +445,7 @@ onboarding: - name: resident-oidc enabled: false - name: mimoto-keybinding - enabled: true + enabled: false - name: mimoto-oidc enabled: false - name: signup-oidc From d06c849e7936b360a739eee660a3f12583aabfe4 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Tue, 1 Oct 2024 19:09:28 +0530 Subject: [PATCH 10/30] [MOSIP-35987] updated onboarder secret name to resolve duplicate k8 object error Signed-off-by: ckm007 --- helm/partner-onboarder/templates/configmap.yaml | 4 ++-- helm/partner-onboarder/templates/jobs.yaml | 4 ++-- helm/partner-onboarder/templates/secrets.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/partner-onboarder/templates/configmap.yaml b/helm/partner-onboarder/templates/configmap.yaml index 2fa6e24..ea337c6 100644 --- a/helm/partner-onboarder/templates/configmap.yaml +++ b/helm/partner-onboarder/templates/configmap.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ $cm_name }} + name: {{ $cm_name }}-{{ $.Release.Name }} namespace: {{ $.Release.Namespace }} labels: {{- include "common.labels.standard" $ | nindent 8 }} {{- if $.Values.commonLabels }} @@ -18,4 +18,4 @@ data: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/partner-onboarder/templates/jobs.yaml b/helm/partner-onboarder/templates/jobs.yaml index 05c19f3..d076237 100644 --- a/helm/partner-onboarder/templates/jobs.yaml +++ b/helm/partner-onboarder/templates/jobs.yaml @@ -44,13 +44,13 @@ spec: {{- if $.Values.onboarding.configmaps }} {{- range $cm_name, $cm_value := $.Values.onboarding.configmaps }} - configMapRef: - name: {{ $cm_name }} + name: {{ $cm_name }}-{{ $.Release.Name }} {{- end }} {{- end }} {{- if $.Values.onboarding.secrets }} {{- range $secret_name, $secret_value := $.Values.onboarding.secrets }} - secretRef: - name: {{ $secret_name }} + name: {{ $secret_name }}-{{ $.Release.Name }} {{- end }} {{- end }} {{- if $.Values.extraEnvVarsSecret }} diff --git a/helm/partner-onboarder/templates/secrets.yaml b/helm/partner-onboarder/templates/secrets.yaml index 006af14..78ff130 100644 --- a/helm/partner-onboarder/templates/secrets.yaml +++ b/helm/partner-onboarder/templates/secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ $secret_name }} + name: {{ $secret_name }}-{{ $.Release.Name }} namespace: {{ $.Release.Namespace }} labels: {{- include "common.labels.standard" $ | nindent 8 }} {{- if $.Values.commonLabels }} @@ -19,4 +19,4 @@ data: {{ $key }}: {{ $value | b64enc | quote }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From 2a2c55cd5632ff84c7578991d4f55685e8176d8a Mon Sep 17 00:00:00 2001 From: ckm007 Date: Fri, 4 Oct 2024 12:12:29 +0530 Subject: [PATCH 11/30] [MOSIP-35987] updated chart version and corrected lint failure Signed-off-by: ckm007 --- helm/partner-onboarder/Chart.yaml | 2 +- helm/partner-onboarder/values.yaml | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/helm/partner-onboarder/Chart.yaml b/helm/partner-onboarder/Chart.yaml index cabe82f..cb075e7 100644 --- a/helm/partner-onboarder/Chart.yaml +++ b/helm/partner-onboarder/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: partner-onboarder description: A Helm chart for onboarding default partners for MOSIP sandbox. type: application -version: 0.0.1-develop +version: 1.5.0-ES-develop appVersion: "" dependencies: - name: common diff --git a/helm/partner-onboarder/values.yaml b/helm/partner-onboarder/values.yaml index 69236cf..8fdc6d2 100644 --- a/helm/partner-onboarder/values.yaml +++ b/helm/partner-onboarder/values.yaml @@ -53,8 +53,8 @@ service: image: registry: docker.io - repository: mosipqa/partner-onboarder - tag: develop + repository: mosipdev/partner-onboarder + tag: MOSIP-35987 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -460,7 +460,7 @@ onboarding: ns_esignet: esignet ns_signup: signup secrets: - s3: + s3: s3-user-secret: 'password' volumes: reports: @@ -477,4 +477,3 @@ onboarding: server: "nfs-server" # Ip address of nfs server. variables: push_reports_to_s3: true - From 3abbc9d774fa30d4f586f0c41c3b2a24b92208b0 Mon Sep 17 00:00:00 2001 From: ckm007 Date: Fri, 4 Oct 2024 21:48:45 +0530 Subject: [PATCH 12/30] [DSD-6382] corrected chart version as per semver Signed-off-by: ckm007 --- helm/partner-onboarder/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/partner-onboarder/Chart.yaml b/helm/partner-onboarder/Chart.yaml index cb075e7..bbadd18 100644 --- a/helm/partner-onboarder/Chart.yaml +++ b/helm/partner-onboarder/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: partner-onboarder description: A Helm chart for onboarding default partners for MOSIP sandbox. type: application -version: 1.5.0-ES-develop +version: 1.5.0-es-develop appVersion: "" dependencies: - name: common From 03c92d3d842fd70fc5d56c79847667df3c64e3dd Mon Sep 17 00:00:00 2001 From: Chandra Keshav Mishra Date: Fri, 4 Oct 2024 21:52:05 +0530 Subject: [PATCH 13/30] [DSD-6382] Update chart-lint-publish.yml Signed-off-by: Chandra Keshav Mishra --- .github/workflows/chart-lint-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/chart-lint-publish.yml b/.github/workflows/chart-lint-publish.yml index c8d6ba3..c8d7ee1 100644 --- a/.github/workflows/chart-lint-publish.yml +++ b/.github/workflows/chart-lint-publish.yml @@ -38,6 +38,7 @@ on: - 0.* - develop - release* + - MOSIP-35987 paths: - 'helm/**' From ba1029d683db54aef8bd68ee69bd6136ec17839c Mon Sep 17 00:00:00 2001 From: ckm007 Date: Mon, 7 Oct 2024 00:09:24 +0530 Subject: [PATCH 14/30] [DSD-6382] updated onboarder readme Signed-off-by: ckm007 --- README.md | 13 ++++--------- helm/partner-onboarder/README.md | 22 +++------------------- 2 files changed, 7 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 0f21950..0a9a1f3 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,13 @@ # Partner Onboarding Utils ## Overview -This repository contains Postman collection to onboard partners on to MOSIP. - +This repository contains Postman collection to onboard partners on to MOSIP. * `run-onboard.sh`: Onboard any partner. * `default.sh`: Onboard default partners that are required to run a sandbox. - ## Docker -Docker to run `default.sh` is created to facilitate easy onboarding during installion. Refer `docker-build.sh` and `docker-run.sh`. Use this docker while installing MOSIP on Kubernetes. The docker runs an HTTP server to view the reports. Although this is a one-time job, the docker is run as Kubernetes Deployment with long sleep time set to review reports. If you restart the docker it will run the onboarding again. - -The scripts assume a Keycloak client `mosip-deployment-client` with roles `GLOBAL_ADMIN`, `ID_AUTHENTICATION`, `PARTNER_ADMIN` is already created. - -If the `ENABLE_INSECURE` environment variable is set to `true`, the script will proceed with downloading an SSL certificate and subsequently provide it for utilization in **Newman** collections and **curl** API calls during execution. This functionality is designed for scenarios where the script is required to be used on a server that possesses self-signed SSL certificates. - +* Docker to run `default.sh` is created to facilitate easy onboarding during installion. Refer `docker-build.sh` and `docker-run.sh`. Use this docker while installing MOSIP on Kubernetes. The docker runs an HTTP server to view the reports. Although this is a one-time job, the docker is run as Kubernetes Deployment with long sleep time set to review reports. If you restart the docker it will run the onboarding again. +* The scripts assume a Keycloak client `mosip-deployment-client` with roles `GLOBAL_ADMIN`, `ID_AUTHENTICATION`, `PARTNER_ADMIN` is already created. +* If the `ENABLE_INSECURE` environment variable is set to `true`, the script will proceed with downloading an SSL certificate and subsequently provide it for utilization in **Newman** collections and **curl** API calls during execution. This functionality is designed for scenarios where the script is required to be used on a server that possesses self-signed SSL certificates. ## License This project is licensed under the terms of [Mozilla Public License 2.0](LICENSE). diff --git a/helm/partner-onboarder/README.md b/helm/partner-onboarder/README.md index b7169ca..fd50657 100644 --- a/helm/partner-onboarder/README.md +++ b/helm/partner-onboarder/README.md @@ -1,40 +1,24 @@ -# OTPManager - -Helm chart for installing Kernel module OTPManager. - +# Partner Onboarder +Helm chart for installing MOSIP Partner onboarder. ## TL;DR - ```console $ helm repo add mosip https://mosip.github.io $ helm install my-release mosip/partner-onboarder ``` - -## Introduction - -OTPManager is part of the kernel modules, but has a separate Helm chart so as to install and manage it in a completely indepedent namespace. - ## Prerequisites - Kubernetes 1.12+ - Helm 3.1.0 - PV provisioner support in the underlying infrastructure - ReadWriteMany volumes for deployment scaling - ## Installing the Chart - To install the chart with the release name `partner-onboarder`. - ```console helm install my-release mosip/partner-onboarder ``` - -> **Tip**: List all releases using `helm list` - +**Tip**: List all releases using `helm list` ## Uninstalling the Chart - To uninstall/delete the `my-release` deployment: - ```console helm delete my-release ``` - From 58bfe9a1688febc3caf53c074f07141682131ab2 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Mon, 7 Oct 2024 19:29:24 +0530 Subject: [PATCH 15/30] Updated default.sh to remove all the redundant success msgs. Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- default.sh | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/default.sh b/default.sh index e800b42..6c2a5de 100644 --- a/default.sh +++ b/default.sh @@ -623,9 +623,7 @@ elif [ "$MODULE" = "esignet" ]; then PARTNER_ORGANIZATION_NAME=IITB PARTNER_TYPE=Misp_Partner onboard_esignet_partner - echo "Updating esignet MISP_LICENSE_KEY" kubectl create secret generic esignet-misp-onboarder-key -n $ns_esignet --from-literal=mosip-esignet-misp-key=$MISP_LICENSE_KEY --dry-run=client -o yaml | kubectl apply -f - - echo "MISP Key Updated successfully" elif [ "$MODULE" = "mock-rp-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -641,11 +639,9 @@ elif [ "$MODULE" = "mock-rp-oidc" ]; then root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" client_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/Client.pem" onboard_mock_relying_party_with_mock_rp_oidc_client - echo "Updating jwk privateandpublickeypair and Mpartner Default Mock Relying Party Oidc Client ID" kubectl patch secret mock-relying-party-service-secrets -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' kubectl rollout restart deployment -n $ns_esignet mock-relying-party-service kubectl -n $ns_esignet set env deployment/mock-relying-party-ui CLIENT_ID=$mpartnerdefaultdemooidcclientID - echo "JWK PrivatePublic Key Pair and Mpartner Default Mock Relying Party Oidc Client ID updated successfully" elif [ "$MODULE" = "resident-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -659,9 +655,7 @@ elif [ "$MODULE" = "resident-oidc" ]; then LOGO_URI="https://$( printenv mosip-resident-host )/assets/MOSIP%20Vertical%20Black.png" REDIRECT_URIS="https://$( printenv mosip-api-internal-host )/resident/v1/login-redirect/**" onboard_resident_oidc_client - echo "Updating Resident OIDC Client Id" kubectl create secret generic resident-oidc-onboarder-key -n $ns_esignet --from-literal=resident-oidc-clientid=$mpartnerdefaultresidentoidcclientID --dry-run=client -o yaml | kubectl apply -f - - echo "Resident OIDC client id updated successfully" elif [ "$MODULE" = "mimoto-keybinding" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -675,9 +669,7 @@ elif [ "$MODULE" = "resident-oidc" ]; then root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" client_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/Client.pem" onboard_mimoto_keybinding_partner - echo "Updating Mimoto Wallet Binding Partner API Key" kubectl create secret generic mimoto-wallet-binding-partner-api-key -n $ns_mimoto --from-literal=mimoto-wallet-binding-partner-api-key=$mpartnerdefaultmimotokeybindingapikey --dry-run=client -o yaml | kubectl apply -f - - echo "Mimoto Wallet Binding Partner API Key updated successfully" elif [ "$MODULE" = "mimoto-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -694,9 +686,7 @@ elif [ "$MODULE" = "resident-oidc" ]; then LOGO_URI="https://$( printenv mosip-api-host )/inji/inji-home-logo.png" REDIRECT_URIS="io.mosip.residentapp.inji:\/\/oauthredirect,https://inji.$( printenv installation-domain).mosip.net/redirect" onboard_mimoto_oidc_partner - echo "Updating Mimoto OIDC Partner Client ID" kubectl create secret generic mimoto-oidc-partner-clientid -n $ns_mimoto --from-literal=mimoto-oidc-partner-clientid=$mpartnerdefaultmimotooidcclientID --dry-run=client -o yaml | kubectl apply -f - - echo "Mimoto OIDC Partner Client ID updated successfully" elif [ "$MODULE" = "signup-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -709,7 +699,6 @@ elif [ "$MODULE" = "resident-oidc" ]; then LOGO_URI="https://healthservices.$( printenv installation-domain)/images/brand_logo.png" REDIRECT_URIS="https://signup.$( printenv installation-domain)/identity-verification" onboard_esignet_signup_oidc_partner - echo "Esignet signup oidc client onboarding completed" elif [ "$MODULE" = "sunbird-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -722,7 +711,5 @@ elif [ "$MODULE" = "resident-oidc" ]; then LOGO_URI="https://sunbird.org/images/sunbird-logo-new.png" REDIRECT_URIS="io.mosip.residentapp.inji:\/\/oauthredirect,https://inji.$( printenv installation-domain)/redirect" onboard_esignet_sunbird_partner - echo "Updating Sunbird-OIDC Partner Client ID" kubectl create secret generic sunbird-oidc-partner-clientid -n $ns_mimoto --from-literal=sunbird-oidc-partner-clientid=$mpartnerdefaultsunbirdoidcclientID --dry-run=client -o yaml | kubectl apply -f - - echo "Esignet Sunbird Partner onboarding completed" fi From 374e4f60aa400f9f31e1e7e616696604898f07e7 Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Mon, 7 Oct 2024 20:57:43 +0530 Subject: [PATCH 16/30] Added changes in postman to support clientID creation Signed-off-by: Mahesh.Binayak --- onboarding.postman_collection.json | 3038 ---------------------------- 1 file changed, 3038 deletions(-) delete mode 100644 onboarding.postman_collection.json diff --git a/onboarding.postman_collection.json b/onboarding.postman_collection.json deleted file mode 100644 index ae1d71b..0000000 --- a/onboarding.postman_collection.json +++ /dev/null @@ -1,3038 +0,0 @@ -{ - "info": { - "_postman_id": "88397269-8200-4407-a8cc-7b48c0f91cc3", - "name": "onboarding Copy", - "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", - "_exporter_id": "12620596" - }, - "item": [ - { - "name": "create_keycloak_user", - "item": [ - { - "name": "login-to-keycloak-as-admin", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = JSON.parse(responseBody);\r", - "//var data = JSON.stringify(jsonData);\r", - "console.log(jsonData.access_token);\r", - "pm.environment.set(\"keycloak-token\", jsonData.access_token);\r", - "" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Content-Type", - "value": "application/x-www-form-urlencoded", - "type": "text" - } - ], - "body": { - "mode": "urlencoded", - "urlencoded": [ - { - "key": "grant_type", - "value": "password", - "type": "text" - }, - { - "key": "client_id", - "value": "admin-cli", - "type": "text" - }, - { - "key": "username", - "value": "{{keycloak-admin-username}}", - "type": "text" - }, - { - "key": "password", - "value": "{{keycloak-admin-password}}", - "type": "text" - } - ] - }, - "url": { - "raw": "{{keycloak-url}}/auth/realms/master/protocol/openid-connect/token", - "host": [ - "{{keycloak-url}}" - ], - "path": [ - "auth", - "realms", - "master", - "protocol", - "openid-connect", - "token" - ] - } - }, - "response": [] - }, - { - "name": "create-user", - "event": [ - { - "listen": "prerequest", - "script": { - "exec": [ - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "auth": { - "type": "bearer", - "bearer": [ - { - "key": "token", - "value": "{{keycloak-token}}", - "type": "string" - } - ] - }, - "method": "POST", - "header": [], - "body": { - "mode": "raw", - "raw": "{\r\n \"username\": \"{{partner-manager-username}}\",\r\n \"firstName\": \"{{$randomFirstName}}\",\r\n \"lastName\": \"{{$randomLastName}}\",\r\n \"email\": \"{{$randomExampleEmail}}\",\r\n \"enabled\": true,\r\n \"credentials\": [\r\n {\r\n \"temporary\": false,\r\n \"type\": \"password\",\r\n \"value\": \"{{partner-manager-password}}\"\r\n }\r\n ]\r\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{keycloak-url}}/auth/admin/realms/mosip/users", - "host": [ - "{{keycloak-url}}" - ], - "path": [ - "auth", - "admin", - "realms", - "mosip", - "users" - ] - } - }, - "response": [] - }, - { - "name": "get-user-details", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = JSON.parse(responseBody);\r", - "//\r", - "var userid = jsonData[0].id;\r", - "console.log(userid);\r", - "pm.environment.set(\"partner-kc-userid\",userid);" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "auth": { - "type": "bearer", - "bearer": [ - { - "key": "token", - "value": "{{keycloak-token}}", - "type": "string" - } - ] - }, - "method": "GET", - "header": [ - { - "key": "Content-Type", - "value": "application/json", - "type": "text" - } - ], - "url": { - "raw": "{{keycloak-url}}/auth/admin/realms/mosip/users?username={{partner-manager-username}}", - "host": [ - "{{keycloak-url}}" - ], - "path": [ - "auth", - "admin", - "realms", - "mosip", - "users" - ], - "query": [ - { - "key": "username", - "value": "{{partner-manager-username}}" - } - ] - } - }, - "response": [] - }, - { - "name": "get-role-id-for-all-roles", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = JSON.parse(responseBody);\r", - "var count =jsonData.length;\r", - "//console.log (count);\r", - "for(var i=0;i uri.trim());\r", - " pm.environment.set(\"redirect_uris_array\", JSON.stringify(redirectUris));\r", - "} else {\r", - " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", - " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", - "}\r", - "" - ], - "type": "text/javascript", - "packages": {} - } - }, - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"validating clientid\", function () {", - " pm.expect(pm.response.text()).to.include(\"clientId\");", - "});", - "pm.test(\"validating clientid status\", function () {", - " pm.expect(pm.response.text()).to.include(\"ACTIVE\");", - "});", - "var responseJson = pm.response.json();", - "var partnerKcUsername = pm.variables.get(\"partner-kc-username\");", - "", - "if (partnerKcUsername === \"mpartner-default-demo-oidc\") {", - " pm.environment.set(\"mpartner-default-demo-oidc-clientID\", responseJson.response.clientId);", - "} else if (partnerKcUsername === \"mpartner-default-resident-oidc\") {", - " pm.environment.set(\"mpartner-default-resident-oidc-clientID\", responseJson.response.clientId);", - "} else if (partnerKcUsername === \"mpartner-default-mimotooidc\") {", - " pm.environment.set(\"mpartner-default-mimotooidc-clientID\", responseJson.response.clientId);", - "} else if (partnerKcUsername === \"esignet-sunbird-partner\") {", - " pm.environment.set(\"mpartner-default-sunbirdoidc-clientID\", responseJson.response.clientId);", - "} ", - "", - "" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "auth": { - "type": "bearer", - "bearer": [ - { - "key": "token", - "value": "{{authtoken}}", - "type": "string" - } - ] - }, - "method": "POST", - "header": [ - { - "key": "Cookie", - "value": "Authorization={{authtoken}}", - "type": "text" - }, - { - "key": "Authorization", - "value": "{{authorizationToken}}", - "type": "text" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"requestTime\": \"{{$isoTimestamp}}\",\n \"request\": {\n \"name\": \"{{oidc-client-name}}\",\n \"publicKey\": {\n \"kty\": \"RSA\",\n \"e\": \"AQAB\",\n \"use\": \"sig\",\n \"kid\": \"{{keyid}}\",\n \"alg\": \"RS256\",\n \"n\": \"{{key}}\"\n},\n \"policyId\" : \"{{policy-id}}\",\n \"authPartnerId\": \"{{partner-kc-username}}\",\n \"logoUri\": \"{{logo-uri}}\",\n \"redirectUris\": \n {{redirect_uris_array}}\n ,\n \"grantTypes\": [\n \"authorization_code\"\n ],\n \"clientAuthMethods\": [\n \"private_key_jwt\"\n ]\n }\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{url}}/v1/partnermanager/oidc/client", - "host": [ - "{{url}}" - ], - "path": [ - "v1", - "partnermanager", - "oidc", - "client" - ] - } - }, - "response": [] - }, - { - "name": "create-oidc-client-through-esignet", - "event": [ - { - "listen": "prerequest", - "script": { - "exec": [ - "// Pre-request script in Postman\r", - "let redirectUris = pm.environment.get(\"redirect-uris\");\r", - "\r", - "if (redirectUris) {\r", - " redirectUris = redirectUris.split(',').map(uri => uri.trim());\r", - " pm.environment.set(\"redirect_uris_array\", JSON.stringify(redirectUris));\r", - "} else {\r", - " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", - " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", - "}\r", - "" - ], - "type": "text/javascript", - "packages": {} - } - }, - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"validating clientid\", function () {\r", - " pm.expect(pm.response.text()).to.include(\"clientId\");\r", - "});\r", - "pm.test(\"validating clientid status\", function () {\r", - " pm.expect(pm.response.text()).to.include(\"ACTIVE\");\r", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "auth": { - "type": "bearer", - "bearer": [ - { - "key": "token", - "value": "{{authtoken}}", - "type": "string" - } - ] - }, - "method": "POST", - "header": [], - "body": { - "mode": "raw", - "raw": "{\r\n \"requestTime\": \"{{$isoTimestamp}}\",\r\n \"request\": {\r\n \"clientId\": \"{{oidc-clientid}}\",\r\n \"clientName\": \"{{oidc-client-name}}\",\r\n \"publicKey\":\r\n {\r\n \"kty\": \"RSA\",\r\n \"e\": \"AQAB\",\r\n \"use\": \"sig\",\r\n \"kid\": \"{{keyid}}\",\r\n \"alg\": \"RS256\",\r\n \"n\": \"{{key}}\"\r\n},\r\n \"relyingPartyId\": \"{{oidc-client-name}}\",\r\n \"userClaims\": [\r\n \r\n ],\r\n \"authContextRefs\": [\r\n \"mosip:idp:acr:id-token\"\r\n ],\r\n \"logoUri\": \"{{logo-uri}}\",\r\n \"redirectUris\":{{redirect_uris_array}},\r\n \"grantTypes\": [\r\n \"authorization_code\"\r\n ],\r\n \"clientAuthMethods\": [\r\n \"private_key_jwt\"\r\n ]\r\n }\r\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{external-url}}/v1/esignet/client-mgmt/oidc-client", - "host": [ - "{{external-url}}" - ], - "path": [ - "v1", - "esignet", - "client-mgmt", - "oidc-client" - ] - } - }, - "response": [] - }, - { - "name": "create-oidc-client-through-esignet-sunbird", - "event": [ - { - "listen": "prerequest", - "script": { - "exec": [ - "// Pre-request script in Postman\r", - "let redirectUris = pm.environment.get(\"redirect-uris\");\r", - "\r", - "if (redirectUris) {\r", - " redirectUris = redirectUris.split(',').map(uri => uri.trim());\r", - " pm.environment.set(\"redirect_uris_array\", JSON.stringify(redirectUris));\r", - "} else {\r", - " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", - " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", - "}\r", - "" - ], - "type": "text/javascript", - "packages": {} - } - }, - { - "listen": "test", - "script": { - "exec": [ - "pm.test(\"validating clientid\", function () {\r", - " pm.expect(pm.response.text()).to.include(\"clientId\");\r", - "});\r", - "pm.test(\"validating clientid status\", function () {\r", - " pm.expect(pm.response.text()).to.include(\"ACTIVE\");\r", - "});" - ], - "type": "text/javascript", - "packages": {} - } - } - ], - "request": { - "auth": { - "type": "bearer", - "bearer": [ - { - "key": "token", - "value": "{{authtoken}}", - "type": "string" - } - ] - }, - "method": "POST", - "header": [], - "body": { - "mode": "raw", - "raw": "{\r\n \"requestTime\": \"{{$isoTimestamp}}\",\r\n \"request\": {\r\n \"clientId\": \"{{oidc-clientid}}\",\r\n \"clientName\": \"{{oidc-client-name}}\",\r\n \"publicKey\":\r\n {\r\n \"kty\": \"RSA\",\r\n \"e\": \"AQAB\",\r\n \"use\": \"sig\",\r\n \"kid\": \"{{keyid}}\",\r\n \"alg\": \"RS256\",\r\n \"n\": \"{{key}}\"\r\n},\r\n \"relyingPartyId\": \"{{oidc-client-name}}\",\r\n \"userClaims\": [\r\n \r\n ],\r\n \"authContextRefs\": [\r\n \"mosip:idp:acr:knowledge\"\r\n ],\r\n \"logoUri\": \"{{logo-uri}}\",\r\n \"redirectUris\":{{redirect_uris_array}},\r\n \"grantTypes\": [\r\n \"authorization_code\"\r\n ],\r\n \"clientAuthMethods\": [\r\n \"private_key_jwt\"\r\n ]\r\n }\r\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{sunbird-url}}/v1/esignet/client-mgmt/oidc-client", - "host": [ - "{{sunbird-url}}" - ], - "path": [ - "v1", - "esignet", - "client-mgmt", - "oidc-client" - ] - } - }, - "response": [] - } - ] - }, - { - "name": "request_for_partner_api_key", - "item": [ - { - "name": "authenticate-as-partner-for-api-key", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = JSON.parse(responseBody);\r", - "var data = jsonData.response.token;\r", - "//console.log(data);\r", - "pm.environment.set(\"authtoken\",data);" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [], - "body": { - "mode": "raw", - "raw": "{\r\n \"id\": \"string\",\r\n \"version\": \"string\",\r\n \"requesttime\": \"{{$isoTimestamp}}\",\r\n \"metadata\": {},\r\n \"request\": {\r\n \"userName\": \"{{partner-kc-username}}\",\r\n \"password\": \"{{partner-kc-userpassword}}\",\r\n \"appId\": \"{{application-id}}\",\r\n \"clientId\": \"{{module-clientid}}\",\r\n \"clientSecret\": \"{{module-secretkey}}\"\r\n }\r\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{url}}/v1/authmanager/authenticate/internal/useridPwd", - "host": [ - "{{url}}" - ], - "path": [ - "v1", - "authmanager", - "authenticate", - "internal", - "useridPwd" - ] - } - }, - "response": [] - }, - { - "name": "request-for-partner-apikey", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "pm.test('getting apikey',function(){\r", - " const {response} =pm.response.json();\r", - " pm.environment.set('mpartner-default-mimotokeybinding-apikey',response.apiKey);\r", - "})\r", - "" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "auth": { - "type": "apikey", - "apikey": [ - { - "key": "value", - "value": "Authorization={{authtoken}}", - "type": "string" - }, - { - "key": "key", - "value": "Cookie", - "type": "string" - }, - { - "key": "in", - "value": "header", - "type": "string" - } - ] - }, - "method": "PATCH", - "header": [], - "body": { - "mode": "raw", - "raw": "{\r\n \"id\": \"string\",\r\n \"version\": \"string\",\r\n \"requesttime\": \"{{$isoTimestamp}}\",\r\n \"metadata\": {},\r\n \"request\": {\r\n \"policyName\": \"{{policy-name}}\",\r\n \"label\": \"{{partner-kc-userid}}\"\r\n }\r\n}", - "options": { - "raw": { - "language": "json" - } - } - }, - "url": { - "raw": "{{url}}/v1/partnermanager/partners/{{partner-kc-username}}/generate/apikey", - "host": [ - "{{url}}" - ], - "path": [ - "v1", - "partnermanager", - "partners", - "{{partner-kc-username}}", - "generate", - "apikey" - ] - } - }, - "response": [] - }, - { - "name": "login-to-keycloak-as-admin", - "event": [ - { - "listen": "test", - "script": { - "exec": [ - "var jsonData = JSON.parse(responseBody);\r", - "//var data = JSON.stringify(jsonData);\r", - "console.log(jsonData.access_token);\r", - "pm.environment.set(\"keycloak-token\", jsonData.access_token);\r", - "" - ], - "type": "text/javascript" - } - }, - { - "listen": "prerequest", - "script": { - "exec": [ - "" - ], - "type": "text/javascript" - } - } - ], - "request": { - "method": "POST", - "header": [ - { - "key": "Content-Type", - "value": "application/x-www-form-urlencoded", - "type": "text" - } - ], - "body": { - "mode": "urlencoded", - "urlencoded": [ - { - "key": "grant_type", - "value": "password", - "type": "text" - }, - { - "key": "client_id", - "value": "admin-cli", - "type": "text" - }, - { - "key": "username", - "value": "{{keycloak-admin-username}}", - "type": "text" - }, - { - "key": "password", - "value": "{{keycloak-admin-password}}", - "type": "text" - } - ] - }, - "url": { - "raw": "{{keycloak-url}}/auth/realms/master/protocol/openid-connect/token", - "host": [ - "{{keycloak-url}}" - ], - "path": [ - "auth", - "realms", - "master", - "protocol", - "openid-connect", - "token" - ] - } - }, - "response": [] - }, - { - "name": "delete-user", - "request": { - "auth": { - "type": "bearer", - "bearer": [ - { - "key": "token", - "value": "{{keycloak-token}}", - "type": "string" - } - ] - }, - "method": "DELETE", - "header": [], - "url": { - "raw": "{{keycloak-url}}/auth/admin/realms/mosip/users/{{partner-kc-userid}}", - "host": [ - "{{keycloak-url}}" - ], - "path": [ - "auth", - "admin", - "realms", - "mosip", - "users", - "{{partner-kc-userid}}" - ] - } - }, - "response": [] - } - ] - } - ], - "event": [ - { - "listen": "prerequest", - "script": { - "type": "text/javascript", - "exec": [ - "" - ] - } - }, - { - "listen": "test", - "script": { - "type": "text/javascript", - "exec": [ - "" - ] - } - } - ] -} \ No newline at end of file From 964259a72870023a7dac7c96b8981a2c332a1f3e Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Mon, 7 Oct 2024 21:02:15 +0530 Subject: [PATCH 17/30] Added changes in postman to support clientID creation Signed-off-by: Mahesh.Binayak --- onboarding.postman_collection.json | 3038 ++++++++++++++++++++++++++++ 1 file changed, 3038 insertions(+) create mode 100644 onboarding.postman_collection.json diff --git a/onboarding.postman_collection.json b/onboarding.postman_collection.json new file mode 100644 index 0000000..f1df71c --- /dev/null +++ b/onboarding.postman_collection.json @@ -0,0 +1,3038 @@ +{ + "info": { + "_postman_id": "aac9a17f-14fc-43cf-a894-693c7f28c9ed", + "name": "onboarding Copy", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", + "_exporter_id": "12620596" + }, + "item": [ + { + "name": "create_keycloak_user", + "item": [ + { + "name": "login-to-keycloak-as-admin", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "var jsonData = JSON.parse(responseBody);\r", + "//var data = JSON.stringify(jsonData);\r", + "console.log(jsonData.access_token);\r", + "pm.environment.set(\"keycloak-token\", jsonData.access_token);\r", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "grant_type", + "value": "password", + "type": "text" + }, + { + "key": "client_id", + "value": "admin-cli", + "type": "text" + }, + { + "key": "username", + "value": "{{keycloak-admin-username}}", + "type": "text" + }, + { + "key": "password", + "value": "{{keycloak-admin-password}}", + "type": "text" + } + ] + }, + "url": { + "raw": "{{keycloak-url}}/auth/realms/master/protocol/openid-connect/token", + "host": [ + "{{keycloak-url}}" + ], + "path": [ + "auth", + "realms", + "master", + "protocol", + "openid-connect", + "token" + ] + } + }, + "response": [] + }, + { + "name": "create-user", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{keycloak-token}}", + "type": "string" + } + ] + }, + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"username\": \"{{partner-manager-username}}\",\r\n \"firstName\": \"{{$randomFirstName}}\",\r\n \"lastName\": \"{{$randomLastName}}\",\r\n \"email\": \"{{$randomExampleEmail}}\",\r\n \"enabled\": true,\r\n \"credentials\": [\r\n {\r\n \"temporary\": false,\r\n \"type\": \"password\",\r\n \"value\": \"{{partner-manager-password}}\"\r\n }\r\n ]\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{keycloak-url}}/auth/admin/realms/mosip/users", + "host": [ + "{{keycloak-url}}" + ], + "path": [ + "auth", + "admin", + "realms", + "mosip", + "users" + ] + } + }, + "response": [] + }, + { + "name": "get-user-details", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "var jsonData = JSON.parse(responseBody);\r", + "//\r", + "var userid = jsonData[0].id;\r", + "console.log(userid);\r", + "pm.environment.set(\"partner-kc-userid\",userid);" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{keycloak-token}}", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json", + "type": "text" + } + ], + "url": { + "raw": "{{keycloak-url}}/auth/admin/realms/mosip/users?username={{partner-manager-username}}", + "host": [ + "{{keycloak-url}}" + ], + "path": [ + "auth", + "admin", + "realms", + "mosip", + "users" + ], + "query": [ + { + "key": "username", + "value": "{{partner-manager-username}}" + } + ] + } + }, + "response": [] + }, + { + "name": "get-role-id-for-all-roles", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "var jsonData = JSON.parse(responseBody);\r", + "var count =jsonData.length;\r", + "//console.log (count);\r", + "for(var i=0;i uri.trim());\r", + " pm.environment.set(\"redirect_uris_array\", JSON.stringify(redirectUris));\r", + "} else {\r", + " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", + " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", + "}\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + }, + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"validating clientid\", function () {", + " pm.expect(pm.response.text()).to.include(\"clientId\");", + "});", + "pm.test(\"validating clientid status\", function () {", + " pm.expect(pm.response.text()).to.include(\"ACTIVE\");", + "});", + "var responseJson = pm.response.json();", + "var partnerKcUsername = pm.variables.get(\"partner-kc-username\");", + "", + "if (partnerKcUsername === \"mpartner-default-mock-rp-oidc\") {", + " pm.environment.set(\"mpartner-default-demo-oidc-clientID\", responseJson.response.clientId);", + "} else if (partnerKcUsername === \"mpartner-default-resident-oidc\") {", + " pm.environment.set(\"mpartner-default-resident-oidc-clientID\", responseJson.response.clientId);", + "} else if (partnerKcUsername === \"mpartner-default-mimotooidc\") {", + " pm.environment.set(\"mpartner-default-mimotooidc-clientID\", responseJson.response.clientId);", + "} else if (partnerKcUsername === \"esignet-sunbird-partner\") {", + " pm.environment.set(\"mpartner-default-sunbirdoidc-clientID\", responseJson.response.clientId);", + "} ", + "", + "" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{authtoken}}", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Cookie", + "value": "Authorization={{authtoken}}", + "type": "text" + }, + { + "key": "Authorization", + "value": "{{authorizationToken}}", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"requestTime\": \"{{$isoTimestamp}}\",\n \"request\": {\n \"name\": \"{{oidc-client-name}}\",\n \"publicKey\": {\n \"kty\": \"RSA\",\n \"e\": \"AQAB\",\n \"use\": \"sig\",\n \"kid\": \"{{keyid}}\",\n \"alg\": \"RS256\",\n \"n\": \"{{key}}\"\n},\n \"policyId\" : \"{{policy-id}}\",\n \"authPartnerId\": \"{{partner-kc-username}}\",\n \"logoUri\": \"{{logo-uri}}\",\n \"redirectUris\": \n {{redirect_uris_array}}\n ,\n \"grantTypes\": [\n \"authorization_code\"\n ],\n \"clientAuthMethods\": [\n \"private_key_jwt\"\n ]\n }\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{url}}/v1/partnermanager/oidc/client", + "host": [ + "{{url}}" + ], + "path": [ + "v1", + "partnermanager", + "oidc", + "client" + ] + } + }, + "response": [] + }, + { + "name": "create-oidc-client-through-esignet", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "// Pre-request script in Postman\r", + "let redirectUris = pm.environment.get(\"redirect-uris\");\r", + "\r", + "if (redirectUris) {\r", + " redirectUris = redirectUris.split(',').map(uri => uri.trim());\r", + " pm.environment.set(\"redirect_uris_array\", JSON.stringify(redirectUris));\r", + "} else {\r", + " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", + " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", + "}\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + }, + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"validating clientid\", function () {\r", + " pm.expect(pm.response.text()).to.include(\"clientId\");\r", + "});\r", + "pm.test(\"validating clientid status\", function () {\r", + " pm.expect(pm.response.text()).to.include(\"ACTIVE\");\r", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{authtoken}}", + "type": "string" + } + ] + }, + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"requestTime\": \"{{$isoTimestamp}}\",\r\n \"request\": {\r\n \"clientId\": \"{{oidc-clientid}}\",\r\n \"clientName\": \"{{oidc-client-name}}\",\r\n \"publicKey\":\r\n {\r\n \"kty\": \"RSA\",\r\n \"e\": \"AQAB\",\r\n \"use\": \"sig\",\r\n \"kid\": \"{{keyid}}\",\r\n \"alg\": \"RS256\",\r\n \"n\": \"{{key}}\"\r\n},\r\n \"relyingPartyId\": \"{{oidc-client-name}}\",\r\n \"userClaims\": [\r\n \r\n ],\r\n \"authContextRefs\": [\r\n \"mosip:idp:acr:id-token\"\r\n ],\r\n \"logoUri\": \"{{logo-uri}}\",\r\n \"redirectUris\":{{redirect_uris_array}},\r\n \"grantTypes\": [\r\n \"authorization_code\"\r\n ],\r\n \"clientAuthMethods\": [\r\n \"private_key_jwt\"\r\n ]\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{external-url}}/v1/esignet/client-mgmt/oidc-client", + "host": [ + "{{external-url}}" + ], + "path": [ + "v1", + "esignet", + "client-mgmt", + "oidc-client" + ] + } + }, + "response": [] + }, + { + "name": "create-oidc-client-through-esignet-sunbird", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "// Pre-request script in Postman\r", + "let redirectUris = pm.environment.get(\"redirect-uris\");\r", + "\r", + "if (redirectUris) {\r", + " redirectUris = redirectUris.split(',').map(uri => uri.trim());\r", + " pm.environment.set(\"redirect_uris_array\", JSON.stringify(redirectUris));\r", + "} else {\r", + " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", + " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", + "}\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + }, + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"validating clientid\", function () {\r", + " pm.expect(pm.response.text()).to.include(\"clientId\");\r", + "});\r", + "pm.test(\"validating clientid status\", function () {\r", + " pm.expect(pm.response.text()).to.include(\"ACTIVE\");\r", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{authtoken}}", + "type": "string" + } + ] + }, + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"requestTime\": \"{{$isoTimestamp}}\",\r\n \"request\": {\r\n \"clientId\": \"{{oidc-clientid}}\",\r\n \"clientName\": \"{{oidc-client-name}}\",\r\n \"publicKey\":\r\n {\r\n \"kty\": \"RSA\",\r\n \"e\": \"AQAB\",\r\n \"use\": \"sig\",\r\n \"kid\": \"{{keyid}}\",\r\n \"alg\": \"RS256\",\r\n \"n\": \"{{key}}\"\r\n},\r\n \"relyingPartyId\": \"{{oidc-client-name}}\",\r\n \"userClaims\": [\r\n \r\n ],\r\n \"authContextRefs\": [\r\n \"mosip:idp:acr:knowledge\"\r\n ],\r\n \"logoUri\": \"{{logo-uri}}\",\r\n \"redirectUris\":{{redirect_uris_array}},\r\n \"grantTypes\": [\r\n \"authorization_code\"\r\n ],\r\n \"clientAuthMethods\": [\r\n \"private_key_jwt\"\r\n ]\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{sunbird-url}}/v1/esignet/client-mgmt/oidc-client", + "host": [ + "{{sunbird-url}}" + ], + "path": [ + "v1", + "esignet", + "client-mgmt", + "oidc-client" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "request_for_partner_api_key", + "item": [ + { + "name": "authenticate-as-partner-for-api-key", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "var jsonData = JSON.parse(responseBody);\r", + "var data = jsonData.response.token;\r", + "//console.log(data);\r", + "pm.environment.set(\"authtoken\",data);" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"id\": \"string\",\r\n \"version\": \"string\",\r\n \"requesttime\": \"{{$isoTimestamp}}\",\r\n \"metadata\": {},\r\n \"request\": {\r\n \"userName\": \"{{partner-kc-username}}\",\r\n \"password\": \"{{partner-kc-userpassword}}\",\r\n \"appId\": \"{{application-id}}\",\r\n \"clientId\": \"{{module-clientid}}\",\r\n \"clientSecret\": \"{{module-secretkey}}\"\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{url}}/v1/authmanager/authenticate/internal/useridPwd", + "host": [ + "{{url}}" + ], + "path": [ + "v1", + "authmanager", + "authenticate", + "internal", + "useridPwd" + ] + } + }, + "response": [] + }, + { + "name": "request-for-partner-apikey", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test('getting apikey',function(){\r", + " const {response} =pm.response.json();\r", + " pm.environment.set('mpartner-default-mimotokeybinding-apikey',response.apiKey);\r", + "})\r", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "apikey", + "apikey": [ + { + "key": "value", + "value": "Authorization={{authtoken}}", + "type": "string" + }, + { + "key": "key", + "value": "Cookie", + "type": "string" + }, + { + "key": "in", + "value": "header", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"id\": \"string\",\r\n \"version\": \"string\",\r\n \"requesttime\": \"{{$isoTimestamp}}\",\r\n \"metadata\": {},\r\n \"request\": {\r\n \"policyName\": \"{{policy-name}}\",\r\n \"label\": \"{{partner-kc-userid}}\"\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{url}}/v1/partnermanager/partners/{{partner-kc-username}}/generate/apikey", + "host": [ + "{{url}}" + ], + "path": [ + "v1", + "partnermanager", + "partners", + "{{partner-kc-username}}", + "generate", + "apikey" + ] + } + }, + "response": [] + }, + { + "name": "login-to-keycloak-as-admin", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "var jsonData = JSON.parse(responseBody);\r", + "//var data = JSON.stringify(jsonData);\r", + "console.log(jsonData.access_token);\r", + "pm.environment.set(\"keycloak-token\", jsonData.access_token);\r", + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "grant_type", + "value": "password", + "type": "text" + }, + { + "key": "client_id", + "value": "admin-cli", + "type": "text" + }, + { + "key": "username", + "value": "{{keycloak-admin-username}}", + "type": "text" + }, + { + "key": "password", + "value": "{{keycloak-admin-password}}", + "type": "text" + } + ] + }, + "url": { + "raw": "{{keycloak-url}}/auth/realms/master/protocol/openid-connect/token", + "host": [ + "{{keycloak-url}}" + ], + "path": [ + "auth", + "realms", + "master", + "protocol", + "openid-connect", + "token" + ] + } + }, + "response": [] + }, + { + "name": "delete-user", + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{keycloak-token}}", + "type": "string" + } + ] + }, + "method": "DELETE", + "header": [], + "url": { + "raw": "{{keycloak-url}}/auth/admin/realms/mosip/users/{{partner-kc-userid}}", + "host": [ + "{{keycloak-url}}" + ], + "path": [ + "auth", + "admin", + "realms", + "mosip", + "users", + "{{partner-kc-userid}}" + ] + } + }, + "response": [] + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] +} \ No newline at end of file From 181148f176d88b1b2106c20746325d4f642d8d26 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Mon, 7 Oct 2024 21:05:25 +0530 Subject: [PATCH 18/30] Update default.sh to allow renaming of secret Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.sh b/default.sh index 6c2a5de..e9bba12 100644 --- a/default.sh +++ b/default.sh @@ -639,7 +639,7 @@ elif [ "$MODULE" = "mock-rp-oidc" ]; then root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" client_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/Client.pem" onboard_mock_relying_party_with_mock_rp_oidc_client - kubectl patch secret mock-relying-party-service-secrets -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' + kubectl patch mock-relying-party-private-key-jwk -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' kubectl rollout restart deployment -n $ns_esignet mock-relying-party-service kubectl -n $ns_esignet set env deployment/mock-relying-party-ui CLIENT_ID=$mpartnerdefaultdemooidcclientID elif [ "$MODULE" = "resident-oidc" ]; then From 72026d66cd8364071213f2d7c374469598f7c1b1 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Mon, 7 Oct 2024 21:15:29 +0530 Subject: [PATCH 19/30] Update default.sh Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.sh b/default.sh index e9bba12..a07819a 100644 --- a/default.sh +++ b/default.sh @@ -639,7 +639,7 @@ elif [ "$MODULE" = "mock-rp-oidc" ]; then root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" client_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/Client.pem" onboard_mock_relying_party_with_mock_rp_oidc_client - kubectl patch mock-relying-party-private-key-jwk -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' + kubectl patch secret mock-relying-party-private-key-jwk -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' kubectl rollout restart deployment -n $ns_esignet mock-relying-party-service kubectl -n $ns_esignet set env deployment/mock-relying-party-ui CLIENT_ID=$mpartnerdefaultdemooidcclientID elif [ "$MODULE" = "resident-oidc" ]; then From f60955a3c40352ba93b294786faa9f8bb14d2f42 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Tue, 8 Oct 2024 20:56:08 +0530 Subject: [PATCH 20/30] [MOSIP-35987]Update default.sh to change secret name Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.sh b/default.sh index a07819a..0831388 100644 --- a/default.sh +++ b/default.sh @@ -486,7 +486,7 @@ onboard_esignet_signup_oidc_partner(){ partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) sh $MYDIR/certs/convert.sh $MYDIR mv $MYDIR/certs/$PARTNER_KC_USERNAME/keystore.p12 $MYDIR/certs/$PARTNER_KC_USERNAME/oidckeystore.p12 - kubectl -n $ns_signup create secret generic signupoidc --from-file=$MYDIR/certs/$PARTNER_KC_USERNAME/oidckeystore.p12 --dry-run=client -o yaml | kubectl apply -f - + kubectl -n $ns_signup create secret generic signup-keystore --from-file=$MYDIR/certs/$PARTNER_KC_USERNAME/oidckeystore.p12 --dry-run=client -o yaml | kubectl apply -f - if [ $? -gt 0 ]; then echo "JWK Key generation failed; EXITING"; From 0d8e13f656dc7d4fa172be086f8a44c733e0bfe6 Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Wed, 16 Oct 2024 21:02:48 +0530 Subject: [PATCH 21/30] [MOSIP-35987] added option to use mock-rp with or without mosip Signed-off-by: Mahesh.Binayak --- default.sh | 14 ++++ onboarding.postman_collection.json | 105 ++++++++++++++++++++++------- 2 files changed, 95 insertions(+), 24 deletions(-) diff --git a/default.sh b/default.sh index 0831388..3e4dcc8 100644 --- a/default.sh +++ b/default.sh @@ -287,6 +287,7 @@ onboard_mock_relying_party_with_mock_rp_oidc_client(){ --env-var logo-uri=$LOGO_URI \ --env-var redirect-uris=$REDIRECT_URIS\ --env-var keycloak-url=$KEYCLOAK_URL \ + --env-var withmosip="$with_mosip" \ --env-var keycloak-admin-password=$KEYCLOAK_ADMIN_PASSWORD \ --env-var keycloak-admin-username=$KEYCLOAK_ADMIN_USERNAME \ --env-var cert-manager-username="$KEYCLOAK_CLIENT" \ @@ -625,6 +626,19 @@ elif [ "$MODULE" = "esignet" ]; then onboard_esignet_partner kubectl create secret generic esignet-misp-onboarder-key -n $ns_esignet --from-literal=mosip-esignet-misp-key=$MISP_LICENSE_KEY --dry-run=client -o yaml | kubectl apply -f - elif [ "$MODULE" = "mock-rp-oidc" ]; then + + read -p "Do you want to use mock-replying-party with mosip ? (y/n): " choice + + + if [ "$choice" = "n" ] || [ "$choice" = "N" ]; then + with_mosip=0 + elif [ "$choice" = "y" ] || [ "$choice" = "Y" ]; then + exit 0 + else + echo "Invalid input! Please enter 'y' or 'n'." + exit 0 + fi + APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client MODULE_SECRETKEY=$mosip_pms_client_secret diff --git a/onboarding.postman_collection.json b/onboarding.postman_collection.json index f1df71c..28abdc5 100644 --- a/onboarding.postman_collection.json +++ b/onboarding.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "aac9a17f-14fc-43cf-a894-693c7f28c9ed", + "_postman_id": "75999666-39ef-4287-bc61-d3c8a991e429", "name": "onboarding Copy", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "12620596" @@ -379,16 +379,20 @@ "})\r", "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -450,9 +454,13 @@ "const policydata = pm.iterationData.toObject();\r", "console.log(JSON.stringify(policydata));\r", "pm.environment.set('policy-data', JSON.stringify(policydata));\r", + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}\r", "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -468,7 +476,8 @@ " pm.environment.set('policy-name',response.name);\r", "})" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -525,9 +534,12 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -638,9 +650,12 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -649,7 +664,8 @@ "exec": [ "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1353,9 +1369,12 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -1369,7 +1388,8 @@ " })\r", "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1516,16 +1536,20 @@ " pm.expect(responseText).to.include.oneOf([\"Certificate already exists in store\", \"Upload Success.\",\"BEGIN CERTIFICATE\"])\r", " });" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1828,6 +1852,20 @@ }, { "name": "activate-partner", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}" + ], + "type": "text/javascript", + "packages": {} + } + } + ], "request": { "auth": { "type": "apikey", @@ -2020,16 +2058,20 @@ "})\r", "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -2210,9 +2252,12 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"withmosip\") == 0 ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -2221,7 +2266,8 @@ "exec": [ "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -2477,7 +2523,18 @@ "//console.log (\"Take the above values and base64 encode it and use it in the deployment\");\r", "//pm.environment.set (\"jwkkeypair\",keypair.jwk);" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript", + "packages": {} } } ], From 42e7d3cfce6116d9292eaa062275b321117c72c9 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Wed, 16 Oct 2024 21:10:34 +0530 Subject: [PATCH 22/30] Update default.sh Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.sh b/default.sh index 3e4dcc8..98f31e3 100644 --- a/default.sh +++ b/default.sh @@ -633,7 +633,7 @@ elif [ "$MODULE" = "mock-rp-oidc" ]; then if [ "$choice" = "n" ] || [ "$choice" = "N" ]; then with_mosip=0 elif [ "$choice" = "y" ] || [ "$choice" = "Y" ]; then - exit 0 + with_mosip=1 else echo "Invalid input! Please enter 'y' or 'n'." exit 0 From e3a931efb93c1a1018c15e049c195eaadb2c1a0f Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Thu, 17 Oct 2024 19:19:22 +0530 Subject: [PATCH 23/30] [MOSIP-35987] added option to use mock-rp with or without mosip Signed-off-by: Mahesh.Binayak --- default.sh | 15 +-------------- onboarding.postman_collection.json | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 24 deletions(-) diff --git a/default.sh b/default.sh index 3e4dcc8..d704afc 100644 --- a/default.sh +++ b/default.sh @@ -287,7 +287,7 @@ onboard_mock_relying_party_with_mock_rp_oidc_client(){ --env-var logo-uri=$LOGO_URI \ --env-var redirect-uris=$REDIRECT_URIS\ --env-var keycloak-url=$KEYCLOAK_URL \ - --env-var withmosip="$with_mosip" \ + --env-var mosip-id="$mosipid" \ --env-var keycloak-admin-password=$KEYCLOAK_ADMIN_PASSWORD \ --env-var keycloak-admin-username=$KEYCLOAK_ADMIN_USERNAME \ --env-var cert-manager-username="$KEYCLOAK_CLIENT" \ @@ -626,19 +626,6 @@ elif [ "$MODULE" = "esignet" ]; then onboard_esignet_partner kubectl create secret generic esignet-misp-onboarder-key -n $ns_esignet --from-literal=mosip-esignet-misp-key=$MISP_LICENSE_KEY --dry-run=client -o yaml | kubectl apply -f - elif [ "$MODULE" = "mock-rp-oidc" ]; then - - read -p "Do you want to use mock-replying-party with mosip ? (y/n): " choice - - - if [ "$choice" = "n" ] || [ "$choice" = "N" ]; then - with_mosip=0 - elif [ "$choice" = "y" ] || [ "$choice" = "Y" ]; then - exit 0 - else - echo "Invalid input! Please enter 'y' or 'n'." - exit 0 - fi - APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client MODULE_SECRETKEY=$mosip_pms_client_secret diff --git a/onboarding.postman_collection.json b/onboarding.postman_collection.json index 28abdc5..62fef45 100644 --- a/onboarding.postman_collection.json +++ b/onboarding.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "75999666-39ef-4287-bc61-d3c8a991e429", + "_postman_id": "2ea11a70-816b-4631-8929-6ec2d4b5fdb0", "name": "onboarding Copy", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "12620596" @@ -387,7 +387,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -454,7 +454,7 @@ "const policydata = pm.iterationData.toObject();\r", "console.log(JSON.stringify(policydata));\r", "pm.environment.set('policy-data', JSON.stringify(policydata));\r", - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}\r", "" @@ -534,7 +534,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -650,7 +650,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -1369,7 +1369,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -1544,7 +1544,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -1857,7 +1857,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -2066,7 +2066,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -2252,7 +2252,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"withmosip\") == 0 ){\r", + "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", " pm.execution.skipRequest()\r", "}" ], From ef572876f42170fb05aa7424962e1d99ff7fce2a Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Wed, 13 Nov 2024 15:39:23 +0530 Subject: [PATCH 24/30] Create trivy-check.yml Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- .github/workflows/trivy-check.yml | 54 +++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/trivy-check.yml diff --git a/.github/workflows/trivy-check.yml b/.github/workflows/trivy-check.yml new file mode 100644 index 0000000..f1f15a4 --- /dev/null +++ b/.github/workflows/trivy-check.yml @@ -0,0 +1,54 @@ +name: Trivy Scan + +on: + push: + branches: + - main + - 'release-1*' + - develop + - '1.2.*' + - master + - test + - MOSIP-35889 + pull_request: + branches: + - main + - 'release-1*' + - develop + - '1.2.*' + - master + - test + - MOSIP-35889 + +jobs: + trivy-scan: + runs-on: ubuntu-latest + env: + SERVICE_NAME: partner-onboarder + VERSION: ${{ github.event.number || 'latest' }} + SERVICE_LOCATION: '.' # Adjust if needed + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Build Docker image + run: | + cd "${{ env.SERVICE_LOCATION }}" + docker build . --file Dockerfile --tag ${{ env.SERVICE_NAME }}:${{ env.VERSION }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: '${{ env.SERVICE_NAME }}:${{ env.VERSION }}' + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'HIGH,CRITICAL' + ignore-unfixed: true + exit-code: 1 # Fail the job if vulnerabilities found + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + if: always() # Ensure this step runs even if the previous step fails From 4897268dc53b320530684450ab3c553c593cf2bd Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Wed, 13 Nov 2024 15:43:41 +0530 Subject: [PATCH 25/30] Update trivy-check.yml Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- .github/workflows/trivy-check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/trivy-check.yml b/.github/workflows/trivy-check.yml index f1f15a4..eeb7045 100644 --- a/.github/workflows/trivy-check.yml +++ b/.github/workflows/trivy-check.yml @@ -19,6 +19,7 @@ on: - master - test - MOSIP-35889 + - MOSIP-35987 jobs: trivy-scan: From 420c8c62f9ef4e9a5d1a50ade1ae2928ba51e333 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Mon, 18 Nov 2024 13:54:44 +0530 Subject: [PATCH 26/30] Updated onboarding.postman_collection.json to change the boolean value from true to false. Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- onboarding.postman_collection.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/onboarding.postman_collection.json b/onboarding.postman_collection.json index 62fef45..50d1a0e 100644 --- a/onboarding.postman_collection.json +++ b/onboarding.postman_collection.json @@ -387,7 +387,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -454,7 +454,7 @@ "const policydata = pm.iterationData.toObject();\r", "console.log(JSON.stringify(policydata));\r", "pm.environment.set('policy-data', JSON.stringify(policydata));\r", - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}\r", "" @@ -534,7 +534,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -650,7 +650,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -1369,7 +1369,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -1544,7 +1544,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -1857,7 +1857,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -2066,7 +2066,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -2252,7 +2252,7 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'true' ){\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", " pm.execution.skipRequest()\r", "}" ], @@ -3092,4 +3092,4 @@ } } ] -} \ No newline at end of file +} From 32fd7a27ff0ca549bda4828e033987c486fead32 Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Mon, 18 Nov 2024 15:52:24 +0530 Subject: [PATCH 27/30] [MOSIP-35987]added new request and fixed some older issues. Signed-off-by: Mahesh.Binayak --- default.sh | 5 +- onboarding.postman_collection.json | 113 ++++++++++++++++++++++++++--- 2 files changed, 105 insertions(+), 13 deletions(-) diff --git a/default.sh b/default.sh index d704afc..5131d37 100644 --- a/default.sh +++ b/default.sh @@ -296,6 +296,7 @@ onboard_mock_relying_party_with_mock_rp_oidc_client(){ --env-var ca-certificate="$root_ca_cert" \ --env-var leaf-certificate="$partner_cert" \ --env-var oidc-client-name="$OIDC_CLIENT_NAME" \ + --env-var oidc-clientid="$OIDC_CLIENTID" \ --folder 'create_keycloak_user' \ --folder 'create/publish_policy_group_and_policy' \ --folder partner-self-registration \ @@ -307,6 +308,7 @@ onboard_mock_relying_party_with_mock_rp_oidc_client(){ --folder approve-partner-mapping-to-policy \ --folder get-jwks \ --folder create-oidc-client \ + --folder create-oidc-client-through-esignet \ --folder delete-user \ $ADD_SSL_NEWMAN \ --export-environment ./config-secrets.json -d ./default-mock-rp-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mock-rp-oidc.html" --reporter-htmlextra-showEnvironmentData @@ -517,7 +519,7 @@ onboard_esignet_signup_oidc_partner(){ --env-var oidc-clientid="$OIDC_CLIENTID" \ --folder 'create_keycloak_user' \ --folder authenticate-to-upload-certs \ - --folder create-oidc-client-through-esignet \ + --folder create-oidc-client-through-esignet-signup \ --folder delete-user \ $ADD_SSL_NEWMAN \ --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/signup-oidc.html" --reporter-htmlextra-showEnvironmentData @@ -635,6 +637,7 @@ elif [ "$MODULE" = "mock-rp-oidc" ]; then PARTNER_ORGANIZATION_NAME=IITB PARTNER_TYPE=Auth_Partner OIDC_CLIENT_NAME='Health service OIDC Client' + OIDC_CLIENTID='default-non-mosipid-oidc-client' LOGO_URI=https://healthservices.$( printenv installation-domain)/logo.png REDIRECT_URIS=https://healthservices.$( printenv installation-domain)/userprofile root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" diff --git a/onboarding.postman_collection.json b/onboarding.postman_collection.json index 50d1a0e..674db6f 100644 --- a/onboarding.postman_collection.json +++ b/onboarding.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "2ea11a70-816b-4631-8929-6ec2d4b5fdb0", + "_postman_id": "34cbd0af-238b-49a8-b10f-dcfd373b5042", "name": "onboarding Copy", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "12620596" @@ -319,9 +319,12 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -333,7 +336,8 @@ "//console.log(data);\r", "pm.environment.set(\"authtoken\",data);" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -596,9 +600,12 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", + " pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -610,7 +617,8 @@ "//console.log(data);\r", "pm.environment.set(\"authtoken\",data);" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1321,16 +1329,18 @@ "//console.log(data);\r", "pm.environment.set(\"authtoken\",data);" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "pm.environment.set('request-time', (new Date()).toISOString())" + "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -2591,6 +2601,9 @@ " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", "}\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", + " pm.execution.skipRequest()\r", + "}\r", "" ], "type": "text/javascript", @@ -2676,7 +2689,7 @@ "response": [] }, { - "name": "create-oidc-client-through-esignet", + "name": "create-oidc-client-through-esignet-signup", "event": [ { "listen": "prerequest", @@ -2751,6 +2764,82 @@ }, "response": [] }, + { + "name": "create-oidc-client-through-esignet", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "// Pre-request script in Postman\r", + "let redirectUris = pm.environment.get(\"redirect-uris\");\r", + "\r", + "if (redirectUris) {\r", + " redirectUris = redirectUris.split(',').map(uri => uri.trim());\r", + " pm.environment.set(\"redirect_uris_array\", JSON.stringify(redirectUris));\r", + "} else {\r", + " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", + " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", + "}\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + }, + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"validating clientid\", function () {\r", + " pm.expect(pm.response.text()).to.include(\"clientId\");\r", + "});\r", + "pm.test(\"validating clientid status\", function () {\r", + " pm.expect(pm.response.text()).to.include(\"ACTIVE\");\r", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{authtoken}}", + "type": "string" + } + ] + }, + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"requestTime\": \"{{$isoTimestamp}}\",\r\n \"request\": {\r\n \"clientId\": \"{{oidc-clientid}}\",\r\n \"clientName\": \"{{oidc-client-name}}\",\r\n \"publicKey\":\r\n {\r\n \"kty\": \"RSA\",\r\n \"e\": \"AQAB\",\r\n \"use\": \"sig\",\r\n \"kid\": \"{{keyid}}\",\r\n \"alg\": \"RS256\",\r\n \"n\": \"{{key}}\"\r\n},\r\n \"relyingPartyId\": \"{{oidc-client-name}}\",\r\n \"userClaims\": [\r\n \"birthdate\",\r\n \"address\",\r\n \"gender\",\r\n \"name\",\r\n \"phone_number\",\r\n \"picture\",\r\n \"email\",\r\n \"individual_id\"\r\n ],\r\n \"authContextRefs\": [\r\n \"mosip:idp:acr:linked-wallet\",\r\n \"mosip:idp:acr:biometrics\",\r\n \"mosip:idp:acr:generated-code\"\r\n ],\r\n \"logoUri\": \"{{logo-uri}}\",\r\n \"redirectUris\":{{redirect_uris_array}},\r\n \"grantTypes\": [\r\n \"authorization_code\"\r\n ],\r\n \"clientAuthMethods\": [\r\n \"private_key_jwt\"\r\n ]\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{external-url}}/v1/esignet/client-mgmt/oidc-client", + "host": [ + "{{external-url}}" + ], + "path": [ + "v1", + "esignet", + "client-mgmt", + "oidc-client" + ] + } + }, + "response": [] + }, { "name": "create-oidc-client-through-esignet-sunbird", "event": [ @@ -3092,4 +3181,4 @@ } } ] -} +} \ No newline at end of file From 2b9959f7ce4cbebfb2aa71068b1d63abd30f4600 Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Tue, 19 Nov 2024 10:55:53 +0530 Subject: [PATCH 28/30] [MOSIP-37447] add mosipid env to helm charts Signed-off-by: bhumi46 --- helm/partner-onboarder/templates/jobs.yaml | 2 ++ helm/partner-onboarder/values.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/helm/partner-onboarder/templates/jobs.yaml b/helm/partner-onboarder/templates/jobs.yaml index d076237..2292607 100644 --- a/helm/partner-onboarder/templates/jobs.yaml +++ b/helm/partner-onboarder/templates/jobs.yaml @@ -40,6 +40,8 @@ spec: value: {{ $module.name }} - name: push_reports_to_s3 value: {{ quote $.Values.onboarding.variables.push_reports_to_s3 }} + - name: mosipid + value: {{ quote $.Values.onboarding.variables.mosipid }} envFrom: {{- if $.Values.onboarding.configmaps }} {{- range $cm_name, $cm_value := $.Values.onboarding.configmaps }} diff --git a/helm/partner-onboarder/values.yaml b/helm/partner-onboarder/values.yaml index 8fdc6d2..45274c7 100644 --- a/helm/partner-onboarder/values.yaml +++ b/helm/partner-onboarder/values.yaml @@ -477,3 +477,4 @@ onboarding: server: "nfs-server" # Ip address of nfs server. variables: push_reports_to_s3: true + mosipid: false From cba5394c5a380b6d87b26ae8d02200712633eac8 Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Wed, 20 Nov 2024 11:58:18 +0530 Subject: [PATCH 29/30] [MOSIP_35987] removed older un-required sections of script and added custom msg for skipped requests. Signed-off-by: Mahesh.Binayak --- onboarding.postman_collection.json | 78 ++++++++++++++++++------------ 1 file changed, 47 insertions(+), 31 deletions(-) diff --git a/onboarding.postman_collection.json b/onboarding.postman_collection.json index 674db6f..a001526 100644 --- a/onboarding.postman_collection.json +++ b/onboarding.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "34cbd0af-238b-49a8-b10f-dcfd373b5042", + "_postman_id": "863ca8cb-6596-4c39-b0b2-e2ae80d5301d", "name": "onboarding Copy", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "12620596" @@ -319,8 +319,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -391,8 +392,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -458,8 +460,9 @@ "const policydata = pm.iterationData.toObject();\r", "console.log(JSON.stringify(policydata));\r", "pm.environment.set('policy-data', JSON.stringify(policydata));\r", - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}\r", "" ], @@ -538,8 +541,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -600,8 +604,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -658,8 +663,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -759,16 +765,18 @@ " pm.expect(pm.response.text()).to.include(\"Clientid and Token combination had been validated successfully\");\r", "});" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "pm.environment.set('request-time', (new Date()).toISOString())" + "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -810,16 +818,18 @@ " pm.expect(pm.response.text()).to.include(\"Clientid and Token combination had been validated successfully\");\r", "});" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "pm.environment.set('request-time', (new Date()).toISOString())" + "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1379,8 +1389,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -1554,8 +1565,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -1867,8 +1879,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -2076,8 +2089,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -2262,8 +2276,9 @@ "listen": "prerequest", "script": { "exec": [ - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}" ], "type": "text/javascript", @@ -2601,8 +2616,9 @@ " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", "}\r", - "if (pm.environment.get(\"mosip-id\") == 'false' ){\r", - " pm.execution.skipRequest()\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", "}\r", "" ], From a58617dab3ce9c95e89d0bde82a4c2ccec71cee9 Mon Sep 17 00:00:00 2001 From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Date: Wed, 20 Nov 2024 12:11:32 +0530 Subject: [PATCH 30/30] Delete .github/workflows/trivy-check.yml Signed-off-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> --- .github/workflows/trivy-check.yml | 55 ------------------------------- 1 file changed, 55 deletions(-) delete mode 100644 .github/workflows/trivy-check.yml diff --git a/.github/workflows/trivy-check.yml b/.github/workflows/trivy-check.yml deleted file mode 100644 index eeb7045..0000000 --- a/.github/workflows/trivy-check.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: Trivy Scan - -on: - push: - branches: - - main - - 'release-1*' - - develop - - '1.2.*' - - master - - test - - MOSIP-35889 - pull_request: - branches: - - main - - 'release-1*' - - develop - - '1.2.*' - - master - - test - - MOSIP-35889 - - MOSIP-35987 - -jobs: - trivy-scan: - runs-on: ubuntu-latest - env: - SERVICE_NAME: partner-onboarder - VERSION: ${{ github.event.number || 'latest' }} - SERVICE_LOCATION: '.' # Adjust if needed - - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Build Docker image - run: | - cd "${{ env.SERVICE_LOCATION }}" - docker build . --file Dockerfile --tag ${{ env.SERVICE_NAME }}:${{ env.VERSION }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 - with: - image-ref: '${{ env.SERVICE_NAME }}:${{ env.VERSION }}' - format: 'sarif' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - ignore-unfixed: true - exit-code: 1 # Fail the job if vulnerabilities found - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' - if: always() # Ensure this step runs even if the previous step fails