Merge branch 'release/0.9' into 'master'

Release/0.9

See merge request !326

CHANGELOG.md

@@ -2,9 +2,21 @@
 
 # Current Master
 
+# v0.9 (2021-6-7)
+
+__Service Onboarded__
+- [Issue 95 - Policy Service](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/95)
+
+__Feature Changes__
+- [Feature 142 - Added support for array of object search](https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/142)
+- [Feature 121 - Added support for nested search](https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/121)
+
 __Infra Changes__
+- [Feature 277 - Alerts framework for Monitoring](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/merge_requests/277)
+- [Feature 169 - Container hardening for Java based services](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/169)
 - [Feature 159 - Added default JVM Parameters](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/159)
 
+
 # v0.8 (2021-4-9)
 
 __Infra Changes__

README.md

@@ -285,6 +285,8 @@ Milestone 5(v0.8.0) introduced a breaking changed for Entitlements, which requir
 [here](https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/tree/master/data-migration).
 The script should be run whenever you update OSDU installation from less than Milestone 5(v0.8.0) to equivalent or higher.
 
+## How to enable Policy based authorization (optional)
+Follow the steps in the [link](https://community.opengroup.org/osdu/platform/system/search-service/-/blob/master/docs/tutorial/PolicyService-Integration.md) to enbale policy based authoorization.
 
 ## Developer Activities
 

docs/service-data.md

@@ -10,7 +10,8 @@ Schema Service has standard shared schemas that have to be loaded.
 UNIQUE="<your_osdu_unique>"         # ie: demo
 AZURE_DNS_NAME="<your_osdu_fqdn>"   # ie: osdu-$UNIQUE.contoso.com
 DATA_PARTITION="<your_partition>"   # ie:opendes
-TAG="<app_version>"                 # ie: 0.8.0
+ACR_REGISTRY="<repository>"         # ie: msosdu.azurecr.io
+TAG="<app_version>"                 # ie: 0.9.0
 
 # This logs your local Azure CLI in using the configured service principal.
 az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
@@ -28,7 +29,38 @@ AZURE_CLIENT_SECRET=$(az keyvault secret show --id https://${ENV_VAULT}.vault.az
 EOF
 
 # Execute container to load the schema's
-docker run --env-file .env msosdu.azurecr.io/schema-load:$TAG
+docker run --env-file .env $ACR_REGISTRY/schema-load:$TAG
+```
+## Policy Data Loading
+
+Policy Service has standard shared policies that have to be loaded.
+
+
+```bash
+# Setup Variables
+UNIQUE="<your_osdu_unique>"         # ie: demo
+AZURE_DNS_NAME="<your_osdu_fqdn>"   # ie: osdu-$UNIQUE.contoso.com
+DATA_PARTITION="<your_partition>"   # ie:opendes
+ACR_REGISTRY="<repository>"         # ie: msosdu.azurecr.io
+TAG="<app_version>"                 # ie: 0.9.0
+
+# This logs your local Azure CLI in using the configured service principal.
+az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
+
+GROUP=$(az group list --query "[?contains(name, 'cr${UNIQUE}')].name" -otsv)
+ENV_VAULT=$(az keyvault list --resource-group $GROUP --query [].name -otsv)
+
+cat > .env << EOF
+DATA_PARTITION=$DATA_PARTITION
+AZURE_TENANT_ID=$ARM_TENANT_ID
+AZURE_DNS_NAME=$AZURE_DNS_NAME
+AZURE_AD_APP_RESOURCE_ID=$(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/aad-client-id --query value -otsv)
+AZURE_CLIENT_ID=$(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/app-dev-sp-username --query value -otsv)
+AZURE_CLIENT_SECRET=$(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/app-dev-sp-password --query value -otsv)
+EOF
+
+# Execute container to load the policies
+docker run --env-file .env $ACR_REGISTRY/policy-data:$TAG
 ```
 
 ## CSV Parser DAG Loading
@@ -42,7 +74,7 @@ UNIQUE="<your_osdu_unique>"         # ie: demo
 DNS_HOST="<your_osdu_fqdn>"         # ie: osdu-$UNIQUE.contoso.com
 DATA_PARTITION="<your_partition>"   # ie:opendes
 ACR_REGISTRY="<repository>"         # ie: msosdu.azurecr.io
-TAG="<app_version>"                 # ie: 0.8.0
+TAG="<app_version>"                 # ie: 0.9.0
 
 # This logs your local Azure CLI in using the configured service principal.
 az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
@@ -52,7 +84,7 @@ ENV_VAULT=$(az keyvault list --resource-group $GROUP --query [].name -otsv)
 
 cat > .env << EOF
 CSV_PARSER_IMAGE=${ACR_REGISTRY}/csv-parser:${TAG}
-SHARED_TENANT=$DATA_PARTITION
+DATA_PARTITION=$DATA_PARTITION
 AZURE_TENANT_ID=$ARM_TENANT_ID
 AZURE_DNS_NAME=$DNS_HOST
 AZURE_AD_APP_RESOURCE_ID=$(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/aad-client-id --query value -otsv)

infra/templates/osdu-r3-mvp/service_resources/terraform.tfvars

@@ -39,7 +39,7 @@ resource_tags = {
 }
 
 # Kubernetes Settings
-kubernetes_version = "1.18.14"
+kubernetes_version = "1.18.17"
 aks_agent_vm_size  = "Standard_E4s_v3"
 aks_agent_vm_count = "5"
 aks_agent_vm_disk  = 128