diff --git a/.github/workflows/chart-lint-publish.yml b/.github/workflows/chart-lint-publish.yml index c8d6ba3..c8d7ee1 100644 --- a/.github/workflows/chart-lint-publish.yml +++ b/.github/workflows/chart-lint-publish.yml @@ -38,6 +38,7 @@ on: - 0.* - develop - release* + - MOSIP-35987 paths: - 'helm/**' diff --git a/Dockerfile b/Dockerfile index 2ec695c..53de704 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,8 @@ LABEL source=${SOURCE} LABEL commit_hash=${COMMIT_HASH} LABEL commit_id=${COMMIT_ID} LABEL build_time=${BUILD_TIME} -RUN npm install -g npm newman newman-reporter-htmlextra pem-jwk +RUN npm install -g npm@10.2.3 && \ + npm install -g newman newman-reporter-htmlextra pem-jwk RUN apk add curl && \ apk add openssl && \ apk add jq && \ diff --git a/README.md b/README.md index 0f21950..0a9a1f3 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,13 @@ # Partner Onboarding Utils ## Overview -This repository contains Postman collection to onboard partners on to MOSIP. - +This repository contains Postman collection to onboard partners on to MOSIP. * `run-onboard.sh`: Onboard any partner. * `default.sh`: Onboard default partners that are required to run a sandbox. - ## Docker -Docker to run `default.sh` is created to facilitate easy onboarding during installion. Refer `docker-build.sh` and `docker-run.sh`. Use this docker while installing MOSIP on Kubernetes. The docker runs an HTTP server to view the reports. Although this is a one-time job, the docker is run as Kubernetes Deployment with long sleep time set to review reports. If you restart the docker it will run the onboarding again. - -The scripts assume a Keycloak client `mosip-deployment-client` with roles `GLOBAL_ADMIN`, `ID_AUTHENTICATION`, `PARTNER_ADMIN` is already created. - -If the `ENABLE_INSECURE` environment variable is set to `true`, the script will proceed with downloading an SSL certificate and subsequently provide it for utilization in **Newman** collections and **curl** API calls during execution. This functionality is designed for scenarios where the script is required to be used on a server that possesses self-signed SSL certificates. - +* Docker to run `default.sh` is created to facilitate easy onboarding during installion. Refer `docker-build.sh` and `docker-run.sh`. Use this docker while installing MOSIP on Kubernetes. The docker runs an HTTP server to view the reports. Although this is a one-time job, the docker is run as Kubernetes Deployment with long sleep time set to review reports. If you restart the docker it will run the onboarding again. +* The scripts assume a Keycloak client `mosip-deployment-client` with roles `GLOBAL_ADMIN`, `ID_AUTHENTICATION`, `PARTNER_ADMIN` is already created. +* If the `ENABLE_INSECURE` environment variable is set to `true`, the script will proceed with downloading an SSL certificate and subsequently provide it for utilization in **Newman** collections and **curl** API calls during execution. This functionality is designed for scenarios where the script is required to be used on a server that possesses self-signed SSL certificates. ## License This project is licensed under the terms of [Mozilla Public License 2.0](LICENSE). diff --git a/default-demo-oidc-policy.json b/default-mock-rp-oidc-policy.json similarity index 100% rename from default-demo-oidc-policy.json rename to default-mock-rp-oidc-policy.json diff --git a/default.sh b/default.sh index 126423d..a98d6b2 100644 --- a/default.sh +++ b/default.sh @@ -8,6 +8,8 @@ upload_ida_root_cert() { echo "Uploading ida root cert" + reports_dir="./reports/IDA/$current_datetime" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var cert-application-id=ROOT \ @@ -20,12 +22,14 @@ upload_ida_root_cert() { --folder download-ida-certificate \ --folder upload-ca-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/ida-root.html + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/ida-root.html" } upload_ida_cert() { echo "Uploading ida cert" + reports_dir="./reports/IDA/$current_datetime" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var cert-application-id=IDA \ @@ -38,11 +42,13 @@ upload_ida_cert() { --folder download-ida-certificate \ --folder upload-ca-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/ida-ca.html + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/ida.html" } upload_ida_partner_cert () { echo "Uploading mpartner-default-auth cert" + reports_dir="./reports/IDA/$current_datetime" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -59,11 +65,13 @@ upload_ida_partner_cert () { --folder upload-leaf-certificate \ --folder upload-signed-leaf-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/ida-partner.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/ida-partner.html" --reporter-htmlextra-showEnvironmentData } upload_ida_cred_cert () { echo "Uploading ida cred cert to keymanager for zero knowledge encryption" + reports_dir="./reports/IDA/$current_datetime" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -77,11 +85,13 @@ upload_ida_cred_cert () { --folder download-ida-certificate \ --folder upload-ida-cred-cert-to-keymanager \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/ida-cred.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/ida-cred.html" --reporter-htmlextra-showEnvironmentData } upload_resident_cert() { echo "Uploading mpartner-default-resident cert" + reports_dir="./reports/RESIDENT/$current_datetime" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -100,10 +110,12 @@ upload_resident_cert() { --folder upload-leaf-certificate \ --folder upload-signed-leaf-certifcate-to-keymanager \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/resident.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/resident.html" --reporter-htmlextra-showEnvironmentData } upload_print_cert() { echo "Uploading mpartner-default-print cert" + reports_dir="./reports/PRINT/$current_datetime" + mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/print/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/print/client-inline.pem" root_ca_cert=`awk '{ print $0 }' $root_cert_path` @@ -122,11 +134,13 @@ upload_print_cert() { --folder upload-ca-certificate \ --folder upload-leaf-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/print.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/print.html" --reporter-htmlextra-showEnvironmentData } upload_abis_cert () { echo "Uploading mpartner-default-abis cert" + reports_dir="./reports/ABIS/$current_datetime" + mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/abis/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/abis/client-inline.pem" root_ca_cert=`awk '{ print $0 }' $root_cert_path` @@ -145,10 +159,12 @@ upload_abis_cert () { --folder upload-ca-certificate \ --folder upload-leaf-certificate \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/abis.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/abis.html" --reporter-htmlextra-showEnvironmentData } upload_mpartner_default_mobile_cert() { echo "Uploading mpartner-default-mobile cert" + reports_dir="./reports/MOBILEID/$current_datetime" + mkdir -p "$reports_dir" root_cert_path="$MYDIR/certs/mpartner-default-mobile/root-ca-inline.pem" partner_cert_path="$MYDIR/certs/mpartner-default-mobile/client-inline.pem" root_ca_cert=`awk '{ print $0 }' $root_cert_path` @@ -170,10 +186,12 @@ upload_mpartner_default_mobile_cert() { --folder upload-leaf-certificate \ --folder mapping-partner-to-policy-credential-type \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/mpartner-default-mobile.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mpartner-default-mobile.html" --reporter-htmlextra-showEnvironmentData } upload_mpartner_default_digitalcard_cert() { echo "Uploading mpartner-default-digitalcard cert" + reports_dir="./reports/DIGITALCARD/$current_datetime" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -192,11 +210,13 @@ upload_mpartner_default_digitalcard_cert() { --folder upload-leaf-certificate \ --folder upload-signed-leaf-certifcate-to-keymanager \ $ADD_SSL_NEWMAN \ - -r cli,htmlextra --reporter-htmlextra-export ./reports/digitalcard.html --reporter-htmlextra-showEnvironmentData + -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mpartner-default-digitalcard.html" --reporter-htmlextra-showEnvironmentData } onboard_esignet_partner() { echo "Onboarding esignet-partner" + reports_dir="./reports/ESIGNET/$current_datetime" + mkdir -p "$reports_dir" newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ @@ -233,7 +253,7 @@ onboard_esignet_partner() { --folder login-to-keycloak-as-admin \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-esignet-misp-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/e-signet.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-esignet-misp-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/esignet.html" --reporter-htmlextra-showEnvironmentData MISP_LICENSE_KEY=$(jq -r '.values[] | select(.key == "mpartner-default-esignet-misp-license-key") | .value' config-secrets.json) if [ -z "$MISP_LICENSE_KEY" ]; then @@ -241,8 +261,10 @@ if [ -z "$MISP_LICENSE_KEY" ]; then fi } -onboard_relying_party_with_demo_oidc_client(){ - echo "Onboarding demo-oidc-client" +onboard_mock_relying_party_with_mock_rp_oidc_client(){ + echo "Onboarding mock-rp-oidc-client" + reports_dir="./reports/MOCK_RP_OIDC/$current_datetime" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -251,8 +273,8 @@ onboard_relying_party_with_demo_oidc_client(){ newman run onboarding.postman_collection.json --delay-request 2000 -e onboarding.postman_environment.json --bail \ --env-var url="$URL" \ --env-var request-time="$DATE" \ - --env-var partner-manager-username=demooidc-kc-mockusername \ - --env-var partner-manager-password=demooidc-kc-mockuserpassword \ + --env-var partner-manager-username=mock-rp-oidc-kc-mockusername \ + --env-var partner-manager-password=mock-rp-oidc-kc-mockuserpassword \ --env-var application-id=$APPLICATION_ID \ --env-var module-clientid=$MODULE_CLIENTID \ --env-var module-secretkey=$MODULE_SECRETKEY \ @@ -265,6 +287,7 @@ onboard_relying_party_with_demo_oidc_client(){ --env-var logo-uri=$LOGO_URI \ --env-var redirect-uris=$REDIRECT_URIS\ --env-var keycloak-url=$KEYCLOAK_URL \ + --env-var mosip-id="$mosipid" \ --env-var keycloak-admin-password=$KEYCLOAK_ADMIN_PASSWORD \ --env-var keycloak-admin-username=$KEYCLOAK_ADMIN_USERNAME \ --env-var cert-manager-username="$KEYCLOAK_CLIENT" \ @@ -273,10 +296,12 @@ onboard_relying_party_with_demo_oidc_client(){ --env-var ca-certificate="$root_ca_cert" \ --env-var leaf-certificate="$partner_cert" \ --env-var oidc-client-name="$OIDC_CLIENT_NAME" \ + --env-var oidc-clientid="$OIDC_CLIENTID" \ --folder 'create_keycloak_user' \ --folder 'create/publish_policy_group_and_policy' \ --folder partner-self-registration \ --folder authenticate-to-upload-certs \ + --folder authenticate-to-onboard-non-mosipid-client \ --folder upload-ca-certificate \ --folder upload-leaf-certificate \ --folder activate-partner \ @@ -284,15 +309,18 @@ onboard_relying_party_with_demo_oidc_client(){ --folder approve-partner-mapping-to-policy \ --folder get-jwks \ --folder create-oidc-client \ + --folder create-oidc-client-through-esignet \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-demo-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/demo-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-mock-rp-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mock-rp-oidc.html" --reporter-htmlextra-showEnvironmentData privateandpublickeypair=$(jq -r '.values[] | select(.key == "privateandpublickeypair") | .value' config-secrets.json) privateandpublickeypair=$(echo -n "$privateandpublickeypair" | base64) mpartnerdefaultdemooidcclientID=$(jq -r '.values[] | select(.key == "mpartner-default-demo-oidc-clientID") | .value' "config-secrets.json") } onboard_resident_oidc_client() { echo "Onboarding resident oidc client" +reports_dir="./reports/RESIDENT_OIDC/$current_datetime" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-jwks.sh if [ $? -gt 0 ]; then echo "JWK Key generation failed; EXITING"; @@ -344,11 +372,13 @@ echo "Onboarding resident oidc client" --folder create-oidc-client \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-resident-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/resident-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-resident-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/resident-oidc.html" --reporter-htmlextra-showEnvironmentData mpartnerdefaultresidentoidcclientID=$(jq -r '.values[] | select(.key == "mpartner-default-resident-oidc-clientID") | .value' "config-secrets.json") } onboard_mimoto_keybinding_partner(){ echo "Onboarding Mimoto Keybinding partner" + reports_dir="./reports/MIMOTO_KEYBINDING/$current_datetime" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -388,11 +418,13 @@ onboard_mimoto_keybinding_partner(){ --folder request-for-partner-apikey \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-mimoto-keybinding-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/mimoto-keybinding.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-mimoto-keybinding-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mimoto-keybinding.html" --reporter-htmlextra-showEnvironmentData mpartnerdefaultmimotokeybindingapikey=$(jq -r '.values[] | select(.key == "mpartner-default-mimotokeybinding-apikey") | .value' "config-secrets.json") } onboard_mimoto_oidc_partner(){ echo "Onboarding Mimoto OIDC partner" + reports_dir="./reports/MIMOTO_OIDC/$current_datetime" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -446,17 +478,19 @@ onboard_mimoto_oidc_partner(){ --folder create-oidc-client \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -d ./default-mimoto-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export ./reports/mimoto-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -d ./default-mimoto-oidc-policy.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/mimoto-oidc.html" --reporter-htmlextra-showEnvironmentData mpartnerdefaultmimotooidcclientID=$(jq -r '.values[] | select(.key == "mpartner-default-mimotooidc-clientID") | .value' "config-secrets.json") } onboard_esignet_signup_oidc_partner(){ echo "Onboarding Esignet-signup OIDC partner" + reports_dir="./reports/SIGNUP_OIDC/$current_datetime" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) sh $MYDIR/certs/convert.sh $MYDIR mv $MYDIR/certs/$PARTNER_KC_USERNAME/keystore.p12 $MYDIR/certs/$PARTNER_KC_USERNAME/oidckeystore.p12 - kubectl -n $ns_signup create secret generic signupoidc --from-file=$MYDIR/certs/$PARTNER_KC_USERNAME/oidckeystore.p12 --dry-run=client -o yaml | kubectl apply -f - + kubectl -n $ns_signup create secret generic signup-keystore --from-file=$MYDIR/certs/$PARTNER_KC_USERNAME/oidckeystore.p12 --dry-run=client -o yaml | kubectl apply -f - if [ $? -gt 0 ]; then echo "JWK Key generation failed; EXITING"; @@ -486,13 +520,15 @@ onboard_esignet_signup_oidc_partner(){ --env-var oidc-clientid="$OIDC_CLIENTID" \ --folder 'create_keycloak_user' \ --folder authenticate-to-upload-certs \ - --folder create-oidc-client-through-esignet \ + --folder create-oidc-client-through-esignet-signup \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export ./reports/signup-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/signup-oidc.html" --reporter-htmlextra-showEnvironmentData } onboard_esignet_sunbird_partner(){ echo "Onboarding Sunbird partner" + reports_dir="./reports/SUNBIRD/$current_datetime" + mkdir -p "$reports_dir" sh $MYDIR/certs/create-signing-certs.sh $MYDIR root_ca_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $root_cert_path) partner_cert=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' $client_cert_path) @@ -531,11 +567,12 @@ onboard_esignet_sunbird_partner(){ --folder create-oidc-client-through-esignet-sunbird \ --folder delete-user \ $ADD_SSL_NEWMAN \ - --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export ./reports/sunbird-oidc.html --reporter-htmlextra-showEnvironmentData + --export-environment ./config-secrets.json -r cli,htmlextra --reporter-htmlextra-export "$reports_dir/sunbird-oidc.html" --reporter-htmlextra-showEnvironmentData } ## Script starts from here export MYDIR=$(pwd) DATE=$(date -u +%FT%T.%3NZ) +current_datetime=$(date -u +"%d-%m-%y-%H-%M"-UTC) KEYCLOAK_URL=$(printenv keycloak-external-url) KEYCLOAK_CLIENT="mosip-deployment-client" KEYCLOAK_CLIENT_SECRET="$mosip_deployment_client_secret" @@ -590,29 +627,26 @@ elif [ "$MODULE" = "esignet" ]; then PARTNER_ORGANIZATION_NAME=IITB PARTNER_TYPE=Misp_Partner onboard_esignet_partner - echo "Updating esignet MISP_LICENSE_KEY" kubectl create secret generic esignet-misp-onboarder-key -n $ns_esignet --from-literal=mosip-esignet-misp-key=$MISP_LICENSE_KEY --dry-run=client -o yaml | kubectl apply -f - - echo "MISP Key Updated successfully" -elif [ "$MODULE" = "demo-oidc" ]; then +elif [ "$MODULE" = "mock-rp-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client MODULE_SECRETKEY=$mosip_pms_client_secret - POLICY_NAME=mpolicy-default-demo-oidc - POLICY_GROUP_NAME=mpolicygroup-default-demo-oidc - export PARTNER_KC_USERNAME=mpartner-default-demo-oidc + POLICY_NAME=mpolicy-default-mock-rp-oidc + POLICY_GROUP_NAME=mpolicygroup-default-mock-rp-oidc + export PARTNER_KC_USERNAME=mpartner-default-mock-rp-oidc PARTNER_ORGANIZATION_NAME=IITB PARTNER_TYPE=Auth_Partner OIDC_CLIENT_NAME='Health service OIDC Client' + OIDC_CLIENTID='default-non-mosipid-oidc-client' LOGO_URI=https://healthservices.$( printenv installation-domain)/logo.png REDIRECT_URIS=https://healthservices.$( printenv installation-domain)/userprofile root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" client_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/Client.pem" - onboard_relying_party_with_demo_oidc_client - echo "Updating jwk privateandpublickeypair and Mpartner Default Demo Oidc Client ID" - kubectl patch secret mock-relying-party-service-secrets -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' + onboard_mock_relying_party_with_mock_rp_oidc_client + kubectl patch secret mock-relying-party-private-key-jwk -n $ns_esignet -p '{"data":{"client-private-key":"'$(echo -n "$privateandpublickeypair" | base64 | tr -d '\n')'"}}' kubectl rollout restart deployment -n $ns_esignet mock-relying-party-service kubectl -n $ns_esignet set env deployment/mock-relying-party-ui CLIENT_ID=$mpartnerdefaultdemooidcclientID - echo "JWK PrivatePublic Key Pair and Mpartner Default Demo Oidc Client ID updated successfully" elif [ "$MODULE" = "resident-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -626,9 +660,7 @@ elif [ "$MODULE" = "resident-oidc" ]; then LOGO_URI="https://$( printenv mosip-resident-host )/assets/MOSIP%20Vertical%20Black.png" REDIRECT_URIS="https://$( printenv mosip-api-internal-host )/resident/v1/login-redirect/**" onboard_resident_oidc_client - echo "Updating Resident OIDC Client Id" kubectl create secret generic resident-oidc-onboarder-key -n $ns_esignet --from-literal=resident-oidc-clientid=$mpartnerdefaultresidentoidcclientID --dry-run=client -o yaml | kubectl apply -f - - echo "Resident OIDC client id updated successfully" elif [ "$MODULE" = "mimoto-keybinding" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -642,9 +674,7 @@ elif [ "$MODULE" = "resident-oidc" ]; then root_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/RootCA.pem" client_cert_path="$MYDIR/certs/$PARTNER_KC_USERNAME/Client.pem" onboard_mimoto_keybinding_partner - echo "Updating Mimoto Wallet Binding Partner API Key" kubectl create secret generic mimoto-wallet-binding-partner-api-key -n $ns_mimoto --from-literal=mimoto-wallet-binding-partner-api-key=$mpartnerdefaultmimotokeybindingapikey --dry-run=client -o yaml | kubectl apply -f - - echo "Mimoto Wallet Binding Partner API Key updated successfully" elif [ "$MODULE" = "mimoto-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -661,9 +691,7 @@ elif [ "$MODULE" = "resident-oidc" ]; then LOGO_URI="https://$( printenv mosip-api-host )/inji/inji-home-logo.png" REDIRECT_URIS="io.mosip.residentapp.inji:\/\/oauthredirect,https://inji.$( printenv installation-domain).mosip.net/redirect" onboard_mimoto_oidc_partner - echo "Updating Mimoto OIDC Partner Client ID" kubectl create secret generic mimoto-oidc-partner-clientid -n $ns_mimoto --from-literal=mimoto-oidc-partner-clientid=$mpartnerdefaultmimotooidcclientID --dry-run=client -o yaml | kubectl apply -f - - echo "Mimoto OIDC Partner Client ID updated successfully" elif [ "$MODULE" = "signup-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -676,7 +704,6 @@ elif [ "$MODULE" = "resident-oidc" ]; then LOGO_URI="https://healthservices.$( printenv installation-domain)/images/brand_logo.png" REDIRECT_URIS="https://signup.$( printenv installation-domain)/identity-verification" onboard_esignet_signup_oidc_partner - echo "Esignet signup oidc client onboarding completed" elif [ "$MODULE" = "sunbird-oidc" ]; then APPLICATION_ID=partner MODULE_CLIENTID=mosip-pms-client @@ -689,7 +716,5 @@ elif [ "$MODULE" = "resident-oidc" ]; then LOGO_URI="https://sunbird.org/images/sunbird-logo-new.png" REDIRECT_URIS="io.mosip.residentapp.inji:\/\/oauthredirect,https://inji.$( printenv installation-domain)/redirect" onboard_esignet_sunbird_partner - echo "Updating Sunbird-OIDC Partner Client ID" kubectl create secret generic sunbird-oidc-partner-clientid -n $ns_mimoto --from-literal=sunbird-oidc-partner-clientid=$mpartnerdefaultsunbirdoidcclientID --dry-run=client -o yaml | kubectl apply -f - - echo "Esignet Sunbird Partner onboarding completed" fi diff --git a/helm/partner-onboarder/.gitignore b/helm/partner-onboarder/.gitignore index 5df6a14..f791801 100644 --- a/helm/partner-onboarder/.gitignore +++ b/helm/partner-onboarder/.gitignore @@ -1,2 +1,2 @@ charts/ -Charts.yaml +Chart.lock diff --git a/helm/partner-onboarder/Chart.yaml b/helm/partner-onboarder/Chart.yaml index cabe82f..bbadd18 100644 --- a/helm/partner-onboarder/Chart.yaml +++ b/helm/partner-onboarder/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: partner-onboarder description: A Helm chart for onboarding default partners for MOSIP sandbox. type: application -version: 0.0.1-develop +version: 1.5.0-es-develop appVersion: "" dependencies: - name: common diff --git a/helm/partner-onboarder/README.md b/helm/partner-onboarder/README.md index b7169ca..fd50657 100644 --- a/helm/partner-onboarder/README.md +++ b/helm/partner-onboarder/README.md @@ -1,40 +1,24 @@ -# OTPManager - -Helm chart for installing Kernel module OTPManager. - +# Partner Onboarder +Helm chart for installing MOSIP Partner onboarder. ## TL;DR - ```console $ helm repo add mosip https://mosip.github.io $ helm install my-release mosip/partner-onboarder ``` - -## Introduction - -OTPManager is part of the kernel modules, but has a separate Helm chart so as to install and manage it in a completely indepedent namespace. - ## Prerequisites - Kubernetes 1.12+ - Helm 3.1.0 - PV provisioner support in the underlying infrastructure - ReadWriteMany volumes for deployment scaling - ## Installing the Chart - To install the chart with the release name `partner-onboarder`. - ```console helm install my-release mosip/partner-onboarder ``` - -> **Tip**: List all releases using `helm list` - +**Tip**: List all releases using `helm list` ## Uninstalling the Chart - To uninstall/delete the `my-release` deployment: - ```console helm delete my-release ``` - diff --git a/helm/partner-onboarder/templates/configmap.yaml b/helm/partner-onboarder/templates/configmap.yaml index 2fa6e24..ea337c6 100644 --- a/helm/partner-onboarder/templates/configmap.yaml +++ b/helm/partner-onboarder/templates/configmap.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ $cm_name }} + name: {{ $cm_name }}-{{ $.Release.Name }} namespace: {{ $.Release.Namespace }} labels: {{- include "common.labels.standard" $ | nindent 8 }} {{- if $.Values.commonLabels }} @@ -18,4 +18,4 @@ data: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/partner-onboarder/templates/jobs.yaml b/helm/partner-onboarder/templates/jobs.yaml index dc02639..2292607 100644 --- a/helm/partner-onboarder/templates/jobs.yaml +++ b/helm/partner-onboarder/templates/jobs.yaml @@ -38,17 +38,21 @@ spec: env: - name: MODULE value: {{ $module.name }} + - name: push_reports_to_s3 + value: {{ quote $.Values.onboarding.variables.push_reports_to_s3 }} + - name: mosipid + value: {{ quote $.Values.onboarding.variables.mosipid }} envFrom: {{- if $.Values.onboarding.configmaps }} {{- range $cm_name, $cm_value := $.Values.onboarding.configmaps }} - configMapRef: - name: {{ $cm_name }} + name: {{ $cm_name }}-{{ $.Release.Name }} {{- end }} {{- end }} {{- if $.Values.onboarding.secrets }} {{- range $secret_name, $secret_value := $.Values.onboarding.secrets }} - secretRef: - name: {{ $secret_name }} + name: {{ $secret_name }}-{{ $.Release.Name }} {{- end }} {{- end }} {{- if $.Values.extraEnvVarsSecret }} @@ -66,5 +70,16 @@ spec: {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} {{- end }} + volumeMounts: + {{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} + - name: {{ $.Values.onboarding.volumes.reports.name }} + mountPath: /home/mosip/reports/ + {{- end }} + volumes: + {{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} + - name: {{ $.Values.onboarding.volumes.reports.name }} + persistentVolumeClaim: + claimName: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc + {{- end }} +{{- end }} {{- end }} -{{- end }} \ No newline at end of file diff --git a/helm/partner-onboarder/templates/pv.yaml b/helm/partner-onboarder/templates/pv.yaml new file mode 100644 index 0000000..7d4f38b --- /dev/null +++ b/helm/partner-onboarder/templates/pv.yaml @@ -0,0 +1,25 @@ +{{- range $module := $.Values.onboarding.modules }} +{{- if $module.enabled }} +{{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc + labels: + name: {{ $.Values.onboarding.volumes.reports.name }} +spec: + storageClassName: {{ $.Values.onboarding.volumes.reports.storageClass }} + capacity: + storage: {{ $.Values.onboarding.volumes.reports.size }} + accessModes: + {{- range $.Values.onboarding.volumes.reports.accessModes }} + - {{ . }} + {{- end }} + nfs: + server: {{ $.Values.onboarding.volumes.reports.nfs.server }} + path: {{ $.Values.onboarding.volumes.reports.nfs.path }} +# mountOptions: +# - nolock +{{- end }} +{{- end }} +{{- end }} diff --git a/helm/partner-onboarder/templates/pvc.yaml b/helm/partner-onboarder/templates/pvc.yaml new file mode 100644 index 0000000..5913bd2 --- /dev/null +++ b/helm/partner-onboarder/templates/pvc.yaml @@ -0,0 +1,23 @@ +{{- range $module := $.Values.onboarding.modules }} +{{- if $module.enabled }} +{{- if eq $.Values.onboarding.variables.push_reports_to_s3 false }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $.Values.onboarding.volumes.reports.name }}-{{ $.Release.Namespace }}-{{ $module.name }}-pvc + namespace: {{ $.Release.Namespace | quote }} +spec: + storageClassName: {{ $.Values.onboarding.volumes.reports.storageClass }} + accessModes: + {{- range $.Values.onboarding.volumes.reports.accessModes }} + - {{ . }} + {{- end }} + resources: + requests: + storage: {{ $.Values.onboarding.volumes.reports.size }} + selector: + matchLabels: + name: {{ $.Values.onboarding.volumes.reports.name }} +{{- end }} +{{- end }} +{{- end }} diff --git a/helm/partner-onboarder/templates/rolebinding.yaml b/helm/partner-onboarder/templates/rolebinding.yaml index 4c8513a..94ebe35 100644 --- a/helm/partner-onboarder/templates/rolebinding.yaml +++ b/helm/partner-onboarder/templates/rolebinding.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} subjects: - kind: ServiceAccount - name: {{ .Release.Name }} + name: {{ template "partner-onboarder.serviceAccountName" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role @@ -19,11 +19,11 @@ metadata: namespace: {{ .Release.Namespace }} subjects: - kind: ServiceAccount - name: {{ .Release.Name }} + name: {{ template "partner-onboarder.serviceAccountName" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role name: {{ .Release.Name }}-secrets-pods-role apiGroup: rbac.authorization.k8s.io ---- \ No newline at end of file +--- diff --git a/helm/partner-onboarder/templates/secrets.yaml b/helm/partner-onboarder/templates/secrets.yaml index 006af14..78ff130 100644 --- a/helm/partner-onboarder/templates/secrets.yaml +++ b/helm/partner-onboarder/templates/secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ $secret_name }} + name: {{ $secret_name }}-{{ $.Release.Name }} namespace: {{ $.Release.Namespace }} labels: {{- include "common.labels.standard" $ | nindent 8 }} {{- if $.Values.commonLabels }} @@ -19,4 +19,4 @@ data: {{ $key }}: {{ $value | b64enc | quote }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/partner-onboarder/values.yaml b/helm/partner-onboarder/values.yaml index 36c7e97..45274c7 100644 --- a/helm/partner-onboarder/values.yaml +++ b/helm/partner-onboarder/values.yaml @@ -53,8 +53,8 @@ service: image: registry: docker.io - repository: mosipqa/partner-onboarder - tag: develop + repository: mosipdev/partner-onboarder + tag: MOSIP-35987 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -262,7 +262,6 @@ extraEnvVarsCM: ## Secret with extra environment variables ## extraEnvVarsSecret: - - s3 - keycloak - keycloak-client-secrets @@ -428,30 +427,29 @@ metrics: onboarding: modules: - name: ida - enabled: true + enabled: false - name: print - enabled: true + enabled: false - name: abis - enabled: true + enabled: false - name: resident - enabled: true + enabled: false - name: mimoto - enabled: true + enabled: false - name: digitalcard - enabled: true + enabled: false - name: esignet enabled: false - - name: demo-oidc + - name: mock-rp-oidc enabled: false - name: resident-oidc enabled: false - name: mimoto-keybinding - enabled: true + enabled: false - name: mimoto-oidc enabled: false - name: signup-oidc enabled: false - configmaps: s3: s3-host: 'http://minio.minio:9000' @@ -462,3 +460,21 @@ onboarding: ns_esignet: esignet ns_signup: signup secrets: + s3: + s3-user-secret: 'password' + volumes: + reports: + name: onboarder-reports + storageClass: nfs-client + accessModes: + - ReadWriteMany + size: 10Mi + existingClaim: + # Dir where config and keys are written inside container + mountDir: /home/mosip/reports + nfs: + path: "/srv/nfs/sandbox/onboarding" # Dir within the nfs server where config repo is cloned/maintained locally. + server: "nfs-server" # Ip address of nfs server. + variables: + push_reports_to_s3: true + mosipid: false diff --git a/onboarding.postman_collection.json b/onboarding.postman_collection.json index ae1d71b..dad716d 100644 --- a/onboarding.postman_collection.json +++ b/onboarding.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "88397269-8200-4407-a8cc-7b48c0f91cc3", + "_postman_id": "db876b6f-3b70-4a09-abf8-e4a42dd64e17", "name": "onboarding Copy", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "12620596" @@ -307,6 +307,31 @@ }, "response": [] } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "packages": {}, + "exec": [ + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "packages": {}, + "exec": [ + "" + ] + } + } ] }, { @@ -321,7 +346,8 @@ "exec": [ "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -333,7 +359,8 @@ "//console.log(data);\r", "pm.environment.set(\"authtoken\",data);" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -379,7 +406,8 @@ "})\r", "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -388,7 +416,8 @@ "exec": [ "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -449,10 +478,10 @@ "exec": [ "const policydata = pm.iterationData.toObject();\r", "console.log(JSON.stringify(policydata));\r", - "pm.environment.set('policy-data', JSON.stringify(policydata));\r", - "" + "pm.environment.set('policy-data', JSON.stringify(policydata));" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -468,7 +497,8 @@ " pm.environment.set('policy-name',response.name);\r", "})" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -527,7 +557,8 @@ "exec": [ "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -572,6 +603,31 @@ }, "response": [] } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "packages": {}, + "exec": [ + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "packages": {}, + "exec": [ + "" + ] + } + } ] }, { @@ -584,9 +640,13 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -598,7 +658,8 @@ "//console.log(data);\r", "pm.environment.set(\"authtoken\",data);" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -638,9 +699,13 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -649,7 +714,8 @@ "exec": [ "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -735,16 +801,18 @@ " pm.expect(pm.response.text()).to.include(\"Clientid and Token combination had been validated successfully\");\r", "});" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "pm.environment.set('request-time', (new Date()).toISOString())" + "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -786,16 +854,18 @@ " pm.expect(pm.response.text()).to.include(\"Clientid and Token combination had been validated successfully\");\r", "});" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "pm.environment.set('request-time', (new Date()).toISOString())" + "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1305,16 +1375,21 @@ "//console.log(data);\r", "pm.environment.set(\"authtoken\",data);" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "pm.environment.set('request-time', (new Date()).toISOString())" + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1347,15 +1422,86 @@ "response": [] }, { - "name": "upload-ca-certificate", + "name": "authenticate-to-onboard-non-mosipid-client", "event": [ + { + "listen": "test", + "script": { + "exec": [ + "var jsonData = JSON.parse(responseBody);\r", + "//var data = JSON.stringify(jsonData);\r", + "console.log(jsonData.access_token);\r", + "pm.environment.set(\"non-mosipid-token\", jsonData.access_token);" + ], + "type": "text/javascript", + "packages": {} + } + }, { "listen": "prerequest", "script": { "exec": [ "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "client_id", + "value": "{{module-clientid}}", + "type": "text" + }, + { + "key": "client_secret", + "value": "{{module-secretkey}}", + "type": "text" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "text" + } + ] + }, + "url": { + "raw": "{{keycloak-url}}/auth/realms/mosip/protocol/openid-connect/token", + "host": [ + "{{keycloak-url}}" + ], + "path": [ + "auth", + "realms", + "mosip", + "protocol", + "openid-connect", + "token" + ] + } + }, + "response": [] + }, + { + "name": "upload-ca-certificate", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" + ], + "type": "text/javascript", + "packages": {} } }, { @@ -1369,7 +1515,8 @@ " })\r", "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1516,16 +1663,21 @@ " pm.expect(responseText).to.include.oneOf([\"Certificate already exists in store\", \"Upload Success.\",\"BEGIN CERTIFICATE\"])\r", " });" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -1828,6 +1980,21 @@ }, { "name": "activate-partner", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" + ], + "type": "text/javascript", + "packages": {} + } + } + ], "request": { "auth": { "type": "apikey", @@ -2020,16 +2187,21 @@ "})\r", "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -2210,9 +2382,13 @@ "listen": "prerequest", "script": { "exec": [ - "" + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } }, { @@ -2221,7 +2397,8 @@ "exec": [ "" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} } } ], @@ -2477,7 +2654,18 @@ "//console.log (\"Take the above values and base64 encode it and use it in the deployment\");\r", "//pm.environment.set (\"jwkkeypair\",keypair.jwk);" ], - "type": "text/javascript" + "type": "text/javascript", + "packages": {} + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript", + "packages": {} } } ], @@ -2534,6 +2722,10 @@ " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", "}\r", + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}\r", "" ], "type": "text/javascript", @@ -2547,13 +2739,13 @@ "pm.test(\"validating clientid\", function () {", " pm.expect(pm.response.text()).to.include(\"clientId\");", "});", - "pm.test(\"validating clientid status\", function () {", + "pm.test(\"validating client status\", function () {", " pm.expect(pm.response.text()).to.include(\"ACTIVE\");", "});", "var responseJson = pm.response.json();", "var partnerKcUsername = pm.variables.get(\"partner-kc-username\");", "", - "if (partnerKcUsername === \"mpartner-default-demo-oidc\") {", + "if (partnerKcUsername === \"mpartner-default-mock-rp-oidc\") {", " pm.environment.set(\"mpartner-default-demo-oidc-clientID\", responseJson.response.clientId);", "} else if (partnerKcUsername === \"mpartner-default-resident-oidc\") {", " pm.environment.set(\"mpartner-default-resident-oidc-clientID\", responseJson.response.clientId);", @@ -2561,9 +2753,7 @@ " pm.environment.set(\"mpartner-default-mimotooidc-clientID\", responseJson.response.clientId);", "} else if (partnerKcUsername === \"esignet-sunbird-partner\") {", " pm.environment.set(\"mpartner-default-sunbirdoidc-clientID\", responseJson.response.clientId);", - "} ", - "", - "" + "} " ], "type": "text/javascript", "packages": {} @@ -2619,7 +2809,7 @@ "response": [] }, { - "name": "create-oidc-client-through-esignet", + "name": "create-oidc-client-through-esignet-signup", "event": [ { "listen": "prerequest", @@ -2648,9 +2838,10 @@ "pm.test(\"validating clientid\", function () {\r", " pm.expect(pm.response.text()).to.include(\"clientId\");\r", "});\r", - "pm.test(\"validating clientid status\", function () {\r", + "pm.test(\"validating client status\", function () {\r", " pm.expect(pm.response.text()).to.include(\"ACTIVE\");\r", - "});" + "});\r", + "" ], "type": "text/javascript", "packages": {} @@ -2694,6 +2885,88 @@ }, "response": [] }, + { + "name": "create-oidc-client-through-esignet", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "// Pre-request script in Postman\r", + "let redirectUris = pm.environment.get(\"redirect-uris\");\r", + "\r", + "if (redirectUris) {\r", + " redirectUris = redirectUris.split(',').map(uri => uri.trim());\r", + " pm.environment.set(\"redirect_uris_array\", JSON.stringify(redirectUris));\r", + "} else {\r", + " console.error(\"Environment variable 'redirect-uris' is not defined.\");\r", + " pm.environment.set(\"redirect_uris_array\", \"[]\");\r", + "}\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + }, + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"validating clientid\", function () {\r", + " pm.expect(pm.response.text()).to.include(\"clientId\");\r", + "});\r", + "pm.test(\"validating client status\", function () {\r", + " pm.expect(pm.response.text()).to.include(\"ACTIVE\");\r", + "});\r", + "var responseJson = pm.response.json();\r", + "var partnerKcUsername = pm.variables.get(\"partner-kc-username\");\r", + "\r", + "if (partnerKcUsername === \"mpartner-default-mock-rp-oidc\") {\r", + " pm.environment.set(\"mpartner-default-demo-oidc-clientID\", responseJson.response.clientId);\r", + "}" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{non-mosipid-token}}", + "type": "string" + } + ] + }, + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"requestTime\": \"{{$isoTimestamp}}\",\r\n \"request\": {\r\n \"clientId\": \"{{oidc-clientid}}\",\r\n \"clientName\": \"{{oidc-client-name}}\",\r\n \"publicKey\":\r\n {\r\n \"kty\": \"RSA\",\r\n \"e\": \"AQAB\",\r\n \"use\": \"sig\",\r\n \"kid\": \"{{keyid}}\",\r\n \"alg\": \"RS256\",\r\n \"n\": \"{{key}}\"\r\n},\r\n \"relyingPartyId\": \"{{oidc-clientid}}}\",\r\n \"userClaims\": [\r\n \"birthdate\",\r\n \"address\",\r\n \"gender\",\r\n \"name\",\r\n \"phone_number\",\r\n \"picture\",\r\n \"email\",\r\n \"individual_id\"\r\n ],\r\n \"authContextRefs\": [\r\n \"mosip:idp:acr:linked-wallet\",\r\n \"mosip:idp:acr:biometrics\",\r\n \"mosip:idp:acr:generated-code\",\r\n \"mosip:idp:acr:password\"\r\n ],\r\n \"logoUri\": \"{{logo-uri}}\",\r\n \"redirectUris\":{{redirect_uris_array}},\r\n \"grantTypes\": [\r\n \"authorization_code\"\r\n ],\r\n \"clientAuthMethods\": [\r\n \"private_key_jwt\"\r\n ]\r\n }\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{external-url}}/v1/esignet/client-mgmt/oidc-client", + "host": [ + "{{external-url}}" + ], + "path": [ + "v1", + "esignet", + "client-mgmt", + "oidc-client" + ] + } + }, + "response": [] + }, { "name": "create-oidc-client-through-esignet-sunbird", "event": [ @@ -2724,9 +2997,14 @@ "pm.test(\"validating clientid\", function () {\r", " pm.expect(pm.response.text()).to.include(\"clientId\");\r", "});\r", - "pm.test(\"validating clientid status\", function () {\r", + "pm.test(\"validating client status\", function () {\r", " pm.expect(pm.response.text()).to.include(\"ACTIVE\");\r", - "});" + "});\r", + "var responseJson = pm.response.json();\r", + "var partnerKcUsername = pm.variables.get(\"partner-kc-username\");\r", + " if (partnerKcUsername === \"esignet-sunbird-partner\") {\r", + " pm.environment.set(\"mpartner-default-sunbirdoidc-clientID\", responseJson.response.clientId);\r", + "} " ], "type": "text/javascript", "packages": {} @@ -2982,6 +3260,21 @@ }, { "name": "delete-user", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "if (pm.environment.get(\"mosip-id\") == 'false' ){console.log(\"This request is skipped as eSignet is not deployed against MosipID\");\r", + "\r", + "    pm.execution.skipRequest()\r", + "}" + ], + "type": "text/javascript", + "packages": {} + } + } + ], "request": { "auth": { "type": "bearer", @@ -3035,4 +3328,4 @@ } } ] -} \ No newline at end of file +} diff --git a/upload-reports.sh b/upload-reports.sh index 3806183..75cae53 100755 --- a/upload-reports.sh +++ b/upload-reports.sh @@ -1,28 +1,36 @@ #!/bin/sh -S3_HOST=$( printenv s3-host ) -S3_REGION=$( printenv s3-region ) -S3_USER_KEY=$( printenv s3-user-key ) -S3_USER_SECRET=$( printenv s3-user-secret ) -S3_BUCKET_NAME=$( printenv s3-bucket-name ) - -if [ ! -z "$S3_REGION" ]; then - S3_REGION="--region $S3_REGION" -else - S3_REGION='' -fi +PUSH_REPORTS_TO_S3=$( printenv push_reports_to_s3 ) + + +if [ "$PUSH_REPORTS_TO_S3" = "true" ]; then -echo -e "\n\n=========================== PUSHING REPORTS TO S3 ================================================\n" -echo -e "S3_HOST: $S3_HOST\n" -echo -e "S3_REGION: $S3_REGION\n" -echo -e "S3_USER_KEY: $S3_USER_KEY\n" -echo -e "S3_USER_SECRET: $S3_USER_SECRET\n" -echo -e "S3_BUCKET_NAME: $S3_BUCKET_NAME\n" + S3_HOST=$( printenv s3-host ) + S3_REGION=$( printenv s3-region ) + S3_USER_KEY=$( printenv s3-user-key ) + S3_USER_SECRET=$( printenv s3-user-secret ) + S3_BUCKET_NAME=$( printenv s3-bucket-name ) -mc alias set s3 "$S3_HOST" "$S3_USER_KEY" "$S3_USER_SECRET" + if [ ! -z "$S3_REGION" ]; then + S3_REGION="--region $S3_REGION" + else + S3_REGION='' + fi -mc mb s3/"$S3_BUCKET_NAME" --ignore-existing $S3_REGION + echo -e "\n\n=========================== PUSHING REPORTS TO S3 ================================================\n" + echo -e "S3_HOST: $S3_HOST\n" + echo -e "S3_REGION: $S3_REGION\n" + echo -e "S3_USER_KEY: $S3_USER_KEY\n" + echo -e "S3_USER_SECRET: $S3_USER_SECRET\n" + echo -e "S3_BUCKET_NAME: $S3_BUCKET_NAME\n" -mc cp --recursive reports "s3/$S3_BUCKET_NAME/" + mc alias set s3 "$S3_HOST" "$S3_USER_KEY" "$S3_USER_SECRET" -echo -e "\n\nReports pushed to minio" \ No newline at end of file + mc mb s3/"$S3_BUCKET_NAME" --ignore-existing $S3_REGION + + mc cp --recursive reports "s3/$S3_BUCKET_NAME/" + + echo -e "\n\nReports pushed to MinIO" +else + echo -e "\n\nFlag 'push_reports_to_s3' is set to false. Skipping report push to s3 bucket.\n" +fi