Merge branch 'main' into egeria4046

.github/workflows/merge.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     name: "Merge"
     env:
-      RELEASE_VERSION: 3.1-SNAPSHOT
+      RELEASE_VERSION: 3.3-SNAPSHOT
     steps:
       - uses: actions/checkout@v2
         name: Checkout source

Dockerfile

@@ -5,7 +5,7 @@
 # These may be supplied by the pipeline in future - until then they will default
 
 ARG version=latest
-ARG EGERIA_BASE_IMAGE=odpi/egeria
+ARG EGERIA_BASE_IMAGE=docker.io/odpi/egeria
 # DEFER setting this for now, using the ${version}:
 # ARG EGERIA_IMAGE_DEFAULT_TAG=latest
 
@@ -28,4 +28,4 @@ WORKDIR .
 COPY build/libs/egeria-connector-viya-4-${version}*.jar /deployments/server/lib
 
 # Mount security/trustedcerts.jks at runtime
-ENV JAVA_OPTS_APPEND -XX:MaxMetaspaceSize=1g -Djavax.net.ssl.trustStore=/security/trustedcerts.jks -Dsas.egeria.repositoryconnector.ssl.trustAll=false
+ENV JAVA_OPTS_APPEND -XX:MaxMetaspaceSize=1g -Djavax.net.ssl.trustStore=/security/trustedcerts.jks -Dsas.egeria.repositoryconnector.ssl.trustAll=false

build.gradle

@@ -12,7 +12,7 @@ if (System.getenv("CI")) {
 
 // Published artifact info, equired for maven publishing - this is the version of our artifact
 group = 'org.odpi.egeria'
-version = '3.1-SNAPSHOT'
+version = '3.3-SNAPSHOT'
 
 repositories {
     mavenCentral()
@@ -31,7 +31,7 @@ configurations {
 
 ext {
     // The version of Egeria to use
-    egeriaVersion = "3.1-SNAPSHOT"
+    egeriaVersion = "3.3-SNAPSHOT"
 }
 dependencies {
     implementation "org.odpi.egeria:open-connector-framework:${egeriaVersion}"
@@ -41,12 +41,12 @@ dependencies {
     bundledLibs 'org.slf4j:slf4j-api'
     bundledLibs 'org.apache.httpcomponents:httpclient:4.5.13'
     bundledLibs 'com.google.code.gson:gson:2.8.8'
-    bundledLibs 'com.rabbitmq:amqp-client:5.13.0'
+    bundledLibs 'com.rabbitmq:amqp-client:5.13.1'
 
-    testImplementation 'org.codehaus.groovy:groovy:3.0.8'
-    testImplementation 'org.codehaus.groovy:groovy-dateutil:3.0.8'
+    testImplementation 'org.codehaus.groovy:groovy:3.0.9'
+    testImplementation 'org.codehaus.groovy:groovy-dateutil:3.0.9'
     testImplementation 'org.spockframework:spock-core:2.1-groovy-3.0-SNAPSHOT'
-    testImplementation 'org.junit.platform:junit-platform-engine:1.7.2'
+    testImplementation 'org.junit.platform:junit-platform-engine:1.8.1'
     testImplementation "org.odpi.egeria:repository-services-implementation:${egeriaVersion}"
 }
 

deployment/kubernetes/README.md

@@ -1,10 +1,14 @@
 # Deploy to a Viya Kubernetes Cluster
-1. Create a new directory named `egeria-connector` in `<your kubernetes deployment root directory>/sas-bases/overlays` and then copy deployment.yaml to the new directory.
-
-2. Create a new file in the `egeria-connector` directory named `kustomization.yaml` with the contents:
+1. Create a new directory named `egeria-connector` in `<your kubernetes deployment root directory>/sas-bases/overlays` and then copy the following files to this new directory:
+    * deployment.yaml
+    * kustomization.yaml
+    * tls-transformer.yaml
+
+2. If your Viya deployment uses full-stack (default) or frontdoor TLS modes, you can skip this step.
+If your deployment uses the truststores-only mode, comment out the following lines in kustomization.yaml:
 ```yaml
-resources:
-  - deployment.yaml
+# transformers:
+# - tls-transformer.yaml
 ```
 
 3. Navigate back to the Kubernetes install root directory, and add the following line to `kustomization.yaml` under the `resources` section

deployment/kubernetes/configure.sh

@@ -1,23 +1,24 @@
-# The IP/Hostname for the Kubernetes cluster
-CLUSTER_IP=""
+# The IP/Hostname for the Viya deployment
+CLUSTER_HOST=""
+
+# The scheme used for external traffic to the Viya deployment.  This should be "http" if your
+# deployment has TLS disabled (truststores-only), or "https" otherwise.
+CLUSTER_SCHEME="https"
 
 # The user to use for Egeria
 EGERIA_USER=""
 
 # The name of the Egeria server you're starting
 EGERIA_SERVER=""
 
-# The IP/Hostname to connect to for Catalog
-CATALOG_IP=""
-
 # Catalog Username/pw credentials
 CATALOG_USER=""
 CATALOG_PASS=""
 
 set -e
 
 # Configure Catalog connection
-curl --location --request POST -k "https://${CLUSTER_IP}:30000/open-metadata/admin-services/users/${EGERIA_USER}/servers/${EGERIA_SERVER}/local-repository/mode/repository-proxy/connection" \
+curl --location --request POST -k "${CLUSTER_SCHEME}://${CLUSTER_HOST}/open-metadata/admin-services/users/${EGERIA_USER}/servers/${EGERIA_SERVER}/local-repository/mode/repository-proxy/connection" \
 --header 'Content-Type: application/json' \
 --data-raw "{
   \"class\": \"Connection\",
@@ -27,8 +28,8 @@ curl --location --request POST -k "https://${CLUSTER_IP}:30000/open-metadata/adm
   },
   \"endpoint\": {
     \"class\": \"Endpoint\",
-    \"address\": \"${CATALOG_IP}\",
-    \"protocol\": \"https\"
+    \"address\": \"${CLUSTER_HOST}\",
+    \"protocol\": \"${CLUSTER_SCHEME}\"
   },
   \"securedProperties\": {
     \"userId\": \"${CATALOG_USER}\",
@@ -37,7 +38,7 @@ curl --location --request POST -k "https://${CLUSTER_IP}:30000/open-metadata/adm
 }"
 
 # Configure RabbitMQ connection
-curl --location --request POST -k "https://${CLUSTER_IP}:30000/open-metadata/admin-services/users/${EGERIA_USER}/servers/${EGERIA_SERVER}/event-bus?connectorProvider=org.odpi.openmetadata.adapters.eventbus.topic.kafka.KafkaOpenMetadataTopicProvider&topicURLRoot=OMRSTopic" \
+curl --location --request POST -k "${CLUSTER_SCHEME}://${CLUSTER_HOST}/open-metadata/admin-services/users/${EGERIA_USER}/servers/${EGERIA_SERVER}/event-bus?connectorProvider=org.odpi.openmetadata.adapters.eventbus.topic.kafka.KafkaOpenMetadataTopicProvider&topicURLRoot=OMRSTopic" \
 --header "Content-Type: application/json" \
 --data-raw "{
   \"producer\": {
@@ -47,11 +48,11 @@ curl --location --request POST -k "https://${CLUSTER_IP}:30000/open-metadata/adm
     \"bootstrap.servers\":\"kafkahost:9092\"
   }
 }"
-curl --location --request POST -k "https://${CLUSTER_IP}:30000/open-metadata/admin-services/users/${EGERIA_USER}/servers/${EGERIA_SERVER}/local-repository/event-mapper-details?connectorProvider=org.odpi.openmetadata.connector.sas.event.mapper.RepositoryEventMapperProvider&eventSource=sas-rabbitmq-server:5672" \
+curl --location --request POST -k "${CLUSTER_SCHEME}://${CLUSTER_HOST}/open-metadata/admin-services/users/${EGERIA_USER}/servers/${EGERIA_SERVER}/local-repository/event-mapper-details?connectorProvider=org.odpi.openmetadata.connector.sas.event.mapper.RepositoryEventMapperProvider&eventSource=sas-rabbitmq-server:5672" \
 --header "Content-Type: application/json" \
 --data-raw "{\"username\":\"$(kubectl get secret sas-rabbitmq-server-secret -o go-template='{{(index .data.RABBITMQ_DEFAULT_USER)}}' | base64 -d)\",
 \"password\":\"$(kubectl get secret sas-rabbitmq-server-secret -o go-template='{{(index .data.RABBITMQ_DEFAULT_PASS)}}' | base64 -d)\"}"
 
 # Start Egeria Server
-curl --location --request POST -k "https://${CLUSTER_IP}:30000/open-metadata/admin-services/users/${EGERIA_USER}/servers/${EGERIA_SERVER}/instance" \
+curl --location --request POST -k "${CLUSTER_SCHEME}://${CLUSTER_HOST}/open-metadata/admin-services/users/${EGERIA_USER}/servers/${EGERIA_SERVER}/instance" \
 --header "Content-Type: application/json"

deployment/kubernetes/deployment.yaml

@@ -8,26 +8,26 @@ metadata:
     app.kubernetes.io/name: egeria-connector
   name: egeria-connector-service
 spec:
-  type: NodePort
   ports:
-    - port: 9443
-      name: egeria
-      targetPort: 9443
-      nodePort: 30000
-      protocol: TCP
-    - name: debug
-      port: 5005
-      targetPort: 5005
-      nodePort: 30001
+  - name: egeria
+    port: 9443
+    protocol: TCP
+    targetPort: egeria-port
+  - name: debug
+    port: 5005
+    protocol: TCP
+    targetPort: debug-port
   selector:
     app.kubernetes.io/name: egeria-connector
+    sas.com/deployment: sas-viya
+  sessionAffinity: None
+  type: ClusterIP
 ---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations:
     sas.com/certificate-file-format: jks
-  creationTimestamp: null
   name: egeria-connector-ss
   labels:
     app.kubernetes.io/name: egeria-connectors
@@ -41,7 +41,6 @@ spec:
     metadata:
       annotations:
         sas.com/certificate-file-format: jks
-      creationTimestamp: null
       labels:
         app.kubernetes.io/name: egeria-connector
     spec:
@@ -60,100 +59,117 @@ spec:
                 secretKeyRef:
                   name: sas-rabbitmq-server-secret
                   key: RABBITMQ_DEFAULT_PASS
-          envFrom:
-            - configMapRef:
-                name: sas-certframe-config
           ports:
-            - containerPort: 9443
-            - containerPort: 5005
+            - name: egeria-port
+              containerPort: 9443
+            - name: debug-port
+              containerPort: 5005
           # No other checks until this passes
           startupProbe:
             tcpSocket:
-              port: 9443
+              port: egeria-port
             initialDelaySeconds: 30
             periodSeconds: 10
             failureThreshold: 25
           # Is pod ready to service network requests - it will pause (for replicas, others will take the load)
           readinessProbe:
-            httpGet:
-              path: /open-metadata/platform-services/users/garygeeke/server-platform/origin
-              port: 9443
-              scheme: HTTPS
+            tcpSocket:
+              port: egeria-port
             periodSeconds: 10
-            failureThreshold: 6
+            failureThreshold: 3
           # Is pod doing useful work - if not we will restart it
           livenessProbe:
-            httpGet:
-              path: /open-metadata/platform-services/users/garygeekes/server-platform/origin
-              port: 9443
-              scheme: HTTPS
+            tcpSocket:
+              port: egeria-port
             periodSeconds: 10
             failureThreshold: 6
           resources: {}
           volumeMounts:
             - mountPath: /tmp
               name: tmp
-            - mountPath: /security
-              name: security
-            - mountPath: /opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts
-              name: security
-              subPath: cacerts
-            - mountPath: /opt/sas/viya/config/etc/SASSecurityCertificateFramework/private
-              name: security
-              subPath: private
-      initContainers:
-        - env:
-            - name: KUBE_POD_NAME
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.name
-            - name: SAS_CERTFRAME_TOKEN_DIR
-              value: /certframe-token
-            - name: SAS_ADDITIONAL_CA_CERTIFICATES_DIR
-              value: /customer-provided-ca-certificates
-          envFrom:
-            - configMapRef:
-                name: sas-certframe-java-config
-            - configMapRef:
-                name: sas-certframe-ingress-certificate-config
-            - configMapRef:
-                name: sas-certframe-user-config
-          image: sas-certframe
-          imagePullPolicy: IfNotPresent
-          name: sas-certframe
-          resources:
-            limits:
-              cpu: 500m
-              memory: 500Mi
-            requests:
-              cpu: 50m
-              memory: 50Mi
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            privileged: false
-            readOnlyRootFilesystem: true
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-          volumeMounts:
-            - mountPath: /certframe-token
-              name: certframe-token
-            - mountPath: /security
-              name: security
-            - mountPath: /customer-provided-ca-certificates
-              name: customer-provided-ca-certificates
       restartPolicy: Always
       volumes:
-        - emptyDir: { }
-          name: security
-        - name: certframe-token
-          secret:
-            defaultMode: 420
-            secretName: sas-certframe-token
-        - emptyDir: { }
-          name: customer-provided-ca-certificates
-        - emptyDir: { }
-          name: tmp
+        - emptyDir: {}
+          name: tmp
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/affinity: cookie
+    nginx.ingress.kubernetes.io/affinity-mode: persistent
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+    nginx.ingress.kubernetes.io/proxy-body-size: 2048m
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/rewrite-target: /open-metadata/$2
+    nginx.ingress.kubernetes.io/session-cookie-name: sas-ingress-nginx
+    nginx.ingress.kubernetes.io/session-cookie-path: /open-metadata/
+    nginx.ingress.kubernetes.io/session-cookie-samesite: Lax
+    sas.com/kustomize-base: base
+  labels:
+    app.kubernetes.io/name: egeria-connector-ingress-open-metadata
+    sas.com/admin: namespace
+  name: egeria-connector-ingress-open-metadata
+spec:
+  rules:
+  - host: $(INGRESS_HOST)
+    http:
+      paths:
+      - backend:
+          service:
+            name: egeria-connector-service
+            port:
+              number: 9443
+        path: /open-metadata(/|$)(.*)
+        pathType: ImplementationSpecific
+  - host: '*.$(INGRESS_HOST)'
+    http:
+      paths:
+      - backend:
+          service:
+            name: egeria-connector-service
+            port:
+              number: 9443
+        path: /open-metadata(/|$)(.*)
+        pathType: ImplementationSpecific
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/affinity: cookie
+    nginx.ingress.kubernetes.io/affinity-mode: persistent
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+    nginx.ingress.kubernetes.io/proxy-body-size: 2048m
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/rewrite-target: /servers/$2
+    nginx.ingress.kubernetes.io/session-cookie-name: sas-ingress-nginx
+    nginx.ingress.kubernetes.io/session-cookie-path: /servers/
+    nginx.ingress.kubernetes.io/session-cookie-samesite: Lax
+    sas.com/kustomize-base: base
+  labels:
+    app.kubernetes.io/name: egeria-connector-ingress-servers
+    sas.com/admin: namespace
+  name: egeria-connector-ingress-servers
+spec:
+  rules:
+  - host: $(INGRESS_HOST)
+    http:
+      paths:
+      - backend:
+          service:
+            name: egeria-connector-service
+            port:
+              number: 9443
+        path: /servers(/|$)(.*)
+        pathType: ImplementationSpecific
+  - host: '*.$(INGRESS_HOST)'
+    http:
+      paths:
+      - backend:
+          service:
+            name: egeria-connector-service
+            port:
+              number: 9443
+        path: /servers(/|$)(.*)
+        pathType: ImplementationSpecific

deployment/kubernetes/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- deployment.yaml
+
+# The following is required if your Viya deployment uses the full-stack or frontdoor TLS modes.
+# If your Viya deployment uses the truststores-only mode, please comment out the following two lines.
+transformers:
+- tls-transformer.yaml