change compose files

.github/workflows/test.yml

@@ -19,14 +19,15 @@ jobs:
       BROKER_HOST: localhost
       BROKER_VALIDATE: false
       DB_INSTANCE: localhost
-      ROOT_CERT_PATH: test/rootCA.pem
-      CERT_PATH: test/localhost-client.pem
-      CERT_KEY: test/localhost-client-key.der
+      ROOT_CERT_PATH: ./test/client_certs/ca.crt
+      CERT_PATH: ./test/client_certs/client.crt
+      CERT_KEY: ./test/client_certs/client.der
       POSTGRES_PASSWORD: rootpasswd
       OPENID_CONFIGURATION_URL: http://localhost:8000/openid-configuration
       USERINFO_ENDPOINT_URL: http://localhost:8000/userinfo
-      CRYPT4GH_PRIVATE_KEY_PATH: test/crypt4gh.sec.pem
-      CRYPT4GH_PRIVATE_KEY_PASSWORD_PATH: test/crypt4gh.pass
+      CRYPT4GH_PRIVATE_KEY_PATH: test/crypt4gh/crypt4gh.sec.pem
+      CRYPT4GH_PRIVATE_KEY_PASSWORD_PATH: test/crypt4gh/crypt4gh.pass
+      BROKER_USERNAME: admin
 
     steps:
 
@@ -48,8 +49,16 @@ jobs:
 
       - name: Docker Stack Deploy for ${{ matrix.storagetype }} storage
         run: |
-          docker swarm init
-          docker stack deploy DOA --compose-file docker-compose-${{ matrix.storagetype }}-outbox.yml
+          docker compose -f docker-compose-${{ matrix.storagetype }}-outbox.yml
+
+
+      - name: Make encryption files
+        run: |
+          /bin/sh ./test/make_crypt4gh_files.sh
+
+      - name: Transform Client Private Key to DER
+        run: |
+          openssl pkcs8 -topk8 -inform PEM -outform DER -in ./test/client_certs/client.key -out ./test/client_certs/client.der -nocrypt
 
       - name: Set up JDK
         uses: actions/[email protected]
@@ -102,5 +111,4 @@ jobs:
       - name: Docker Service Logs
         if: failure()
         run: |
-          docker service logs DOA_db
-          docker service logs DOA_mockauth
+          docker ps

docker-compose-posix-outbox.yml

@@ -1,73 +1,90 @@
-version: '3.3'
-
 services:
+  certfixer:
+    command:
+      - /bin/sh
+      - /scripts/make_certs.sh
+    container_name: certfixer
+    environment:
+      - KEYSTORE_PASSWORD=testingthis
+    image: alpine:latest
+    volumes:
+      - ./scripts:/scripts
+      - certs:/certs
+      - client_certs:/client_certs
+      - /tmp:/temp
+      - ./test/client_certs:/client_certs
 
-  db:
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.23-postgres
+  postgres:
+    container_name: postgres
+    image: ghcr.io/neicnordic/sensitive-data-archive:PR988-postgres
+    depends_on:
+      certfixer:
+        condition: service_completed_successfully
     ports:
       - 5432:5432
     environment:
-      - DB_LEGA_IN_PASSWORD=password
-      - DB_LEGA_OUT_PASSWORD=password
-      - POSTGRES_SERVER_CERT=/etc/ega/pg.cert
-      - POSTGRES_SERVER_KEY=/etc/ega/pg.key
-      - POSTGRES_SERVER_CACERT=/etc/ega/CA.cert
-      - PG_VERIFY_PEER=1
+      - LEGA_IN_PASSWORD=password
+      - LEGA_OUT_PASSWORD=password
       - POSTGRES_PASSWORD=rootpasswd
-    secrets:
-      - source: server.pem
-        target: /etc/ega/pg.cert
-        uid: '70'
-        gid: '70'
-        mode: 0600
-      - source: server-key.pem
-        target: /etc/ega/pg.key
-        uid: '70'
-        gid: '70'
-        mode: 0600
-      - source: rootCA.pem
-        target: /etc/ega/CA.cert
-        uid: '70'
-        gid: '70'
-        mode: 0600
+      - POSTGRES_SERVER_CACERT=/certs/ca.crt
+      - POSTGRES_SERVER_CERT=/certs/db.crt
+      - POSTGRES_SERVER_KEY=/certs/db.key
+
+    healthcheck:
+      test: [ "CMD", "pg_isready", "-h", "localhost", "-U", "lega_out" ]
+      interval: 5s
+      timeout: 20s
+      retries: 3
     volumes:
-      - db:/ega
+      - certs:/certs
 
   mockauth:
-    image: cscfi/beacon-python
+    container_name: mockauth
+    image: python:3.11-slim
     ports:
       - 8000:8000
     volumes:
       - ./test/mock_auth.py:/mock_auth.py
-    entrypoint: ["python", "/mock_auth.py", "0.0.0.0", "8000"]
+      - client_certs:/client_certs
+    command: >
+      sh -c "pip install --upgrade pip && pip install aiohttp Authlib && python -u /mock_auth.py 0.0.0.0 8000"
+  
+
 
-  private-mq:
-    image: uiobmi/localega-broker-private:latest
+  rabbitmq:
+    image: ghcr.io/neicnordic/sensitive-data-archive:PR988-rabbitmq
+    container_name: rabbitmq
+    depends_on:
+      certfixer:
+        condition: service_completed_successfully
+    environment:
+      - RABBITMQ_SERVER_CACERT=/etc/rabbitmq/ssl/ca.crt
+      - RABBITMQ_SERVER_CERT=/etc/rabbitmq/ssl/mq.crt
+      - RABBITMQ_SERVER_KEY=/etc/rabbitmq/ssl/mq.key
+      - RABBITMQ_SERVER_VERIFY=verify_none
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "bash",
+          "-c",
+          "rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms",
+        ]
+      interval: 5s
+      timeout: 20s
+      retries: 3
+    restart: always
+    volumes:
+      - certs:/etc/rabbitmq/ssl/
+      - rabbitmq_data:/var/lib/rabbitmq
     ports:
       - 5671:5671
-      - 15671:15671
-    environment:
-      - SSL_VERIFY=verify_peer
-      - SSL_FAIL_IF_NO_PEER_CERT=false
-      - SSL_DEPTH=2
-      - USER_NAME=admin
-      - PASSWORD_HASH=4tHURqDiZzypw0NTvoHhpn8/MMgONWonWxgRZ4NXgR8nZRBz
-      - VIRTUAL_HOST=sda
-    secrets:
-      - source: server.pem
-        target: /etc/rabbitmq/ssl.cert
-      - source: server-key.pem
-        target: /etc/rabbitmq/ssl.key
-      - source: rootCA.pem
-        target: /etc/rabbitmq/CA.cert
+      - 25671:15671
 
 volumes:
-  db:
-
-secrets:
-  rootCA.pem:
-    file: test/rootCA.pem
-  server.pem:
-    file: test/localhost.pem
-  server-key.pem:
-    file: test/localhost-key.pem
+  postgres:
+  certs:
+  client_certs:
+  postgres_data:
+  rabbitmq_data:
+  shared:

docker-compose-s3-outbox.yml

@@ -1,65 +1,85 @@
-version: '3.3'
-
 services:
 
-  db:
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.47-postgres
+  certfixer:
+    command:
+      - /bin/sh
+      - /scripts/make_certs.sh
+    container_name: certfixer
+    environment:
+      - KEYSTORE_PASSWORD=testingthis
+    image: alpine:latest
+    volumes:
+      - ./scripts:/scripts
+      - certs:/certs
+      - client_certs:/client_certs
+      - /tmp:/temp
+      - ./test/client_certs:/client_certs
+
+  postgres:
+    container_name: postgres
+    image: ghcr.io/neicnordic/sensitive-data-archive:PR988-postgres
+    depends_on:
+      certfixer:
+        condition: service_completed_successfully
     ports:
       - 5432:5432
     environment:
-      - DB_LEGA_IN_PASSWORD=password
-      - DB_LEGA_OUT_PASSWORD=password
-      - POSTGRES_SERVER_CERT=/etc/ega/pg.cert
-      - POSTGRES_SERVER_KEY=/etc/ega/pg.key
-      - POSTGRES_SERVER_CACERT=/etc/ega/CA.cert
-      - PG_VERIFY_PEER=1
+      - LEGA_IN_PASSWORD=password
+      - LEGA_OUT_PASSWORD=password
       - POSTGRES_PASSWORD=rootpasswd
-    secrets:
-      - source: server.pem
-        target: /etc/ega/pg.cert
-        uid: '70'
-        gid: '70'
-        mode: 0600
-      - source: server-key.pem
-        target: /etc/ega/pg.key
-        uid: '70'
-        gid: '70'
-        mode: 0600
-      - source: rootCA.pem
-        target: /etc/ega/CA.cert
-        uid: '70'
-        gid: '70'
-        mode: 0600
+      - POSTGRES_SERVER_CACERT=/certs/ca.crt
+      - POSTGRES_SERVER_CERT=/certs/db.crt
+      - POSTGRES_SERVER_KEY=/certs/db.key
+
+    healthcheck:
+      test: [ "CMD", "pg_isready", "-h", "localhost", "-U", "lega_out" ]
+      interval: 5s
+      timeout: 20s
+      retries: 3
     volumes:
-      - db:/ega
+      - certs:/certs
 
   mockauth:
-    image: cscfi/beacon-python
+    container_name: mockauth
+    image: python:3.11-slim
     ports:
       - 8000:8000
     volumes:
       - ./test/mock_auth.py:/mock_auth.py
-    entrypoint: ["python", "/mock_auth.py", "0.0.0.0", "8000"]
+      - client_certs:/client_certs
+    command: >
+      sh -c "pip install --upgrade pip && pip install aiohttp Authlib && python -u /mock_auth.py 0.0.0.0 8000"
+  
 
-  private-mq:
-    image: uiobmi/localega-broker-private:latest
+  rabbitmq:
+    image: ghcr.io/neicnordic/sensitive-data-archive:PR988-rabbitmq
+    container_name: rabbitmq
+    depends_on:
+      certfixer:
+        condition: service_completed_successfully
+    environment:
+      - RABBITMQ_SERVER_CACERT=/etc/rabbitmq/ssl/ca.crt
+      - RABBITMQ_SERVER_CERT=/etc/rabbitmq/ssl/mq.crt
+      - RABBITMQ_SERVER_KEY=/etc/rabbitmq/ssl/mq.key
+      - RABBITMQ_SERVER_VERIFY=verify_none
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "bash",
+          "-c",
+          "rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms",
+        ]
+      interval: 5s
+      timeout: 20s
+      retries: 3
+    restart: always
+    volumes:
+      - certs:/etc/rabbitmq/ssl/
+      - rabbitmq_data:/var/lib/rabbitmq
     ports:
       - 5671:5671
-      - 15671:15671
-    environment:
-      - SSL_VERIFY=verify_peer
-      - SSL_FAIL_IF_NO_PEER_CERT=false
-      - SSL_DEPTH=2
-      - USER_NAME=admin
-      - PASSWORD_HASH=4tHURqDiZzypw0NTvoHhpn8/MMgONWonWxgRZ4NXgR8nZRBz
-      - VIRTUAL_HOST=sda
-    secrets:
-      - source: server.pem
-        target: /etc/rabbitmq/ssl.cert
-      - source: server-key.pem
-        target: /etc/rabbitmq/ssl.key
-      - source: rootCA.pem
-        target: /etc/rabbitmq/CA.cert
+      - 25671:15671
 
   outbox:
     image: minio/minio
@@ -72,22 +92,18 @@ services:
 
   createbucket:
     image: minio/mc
-    depends_on:
-      - s3
     entrypoint: >
       /bin/sh -c "
       /usr/bin/mc config host add s3 http://outbox:9000 minio miniostorage;
       /usr/bin/mc mb s3/lega;
       exit 0;
       "
 
-volumes:
-  db:
 
-secrets:
-  rootCA.pem:
-    file: test/rootCA.pem
-  server.pem:
-    file: test/localhost.pem
-  server-key.pem:
-    file: test/localhost-key.pem
+volumes:
+  postgres:
+  certs:
+  client_certs:
+  postgres_data:
+  rabbitmq_data:
+  shared: