diff --git a/bootstrap_infra_on_prem/autostart.sh b/bootstrap_infra_on_prem/autostart.sh index b680589cd196e2a5cea6fb00b3d7a30f57ba5ec0..605752f7bac8aa00eec317a8a926e76fdf9b1aae 100644 --- a/bootstrap_infra_on_prem/autostart.sh +++ b/bootstrap_infra_on_prem/autostart.sh @@ -27,6 +27,7 @@ source ./validate-env.sh "KEYCLOAK_CONVERSION_CLIENT_SECRET" source ./validate-env.sh "KEYCLOAK_SCHEMA_CLIENT_SECRET" source ./validate-env.sh "KEYCLOAK_LEGAL_CLIENT_SECRET" source ./validate-env.sh "KEYCLOAK_ENTITLEMENTS_CLIENT_SECRET" +source ./validate-env.sh "KEYCLOAK_REGISTER_CLIENT_SECRET" ./keycloak/keycloak_bootstrap.sh ./minio.sh diff --git a/bootstrap_infra_on_prem/keycloak/keycloak_bootstrap.sh b/bootstrap_infra_on_prem/keycloak/keycloak_bootstrap.sh index 35063b1a57c7e69f2a27396884bee4f9f9305ee5..59419589fe084df814691e656d9cccc566186d35 100755 --- a/bootstrap_infra_on_prem/keycloak/keycloak_bootstrap.sh +++ b/bootstrap_infra_on_prem/keycloak/keycloak_bootstrap.sh @@ -11,7 +11,8 @@ cat << EOF > /tmp/ServiceAccounts.json "conversion": "${KEYCLOAK_CONVERSION_CLIENT_SECRET}", "schema": "${KEYCLOAK_SCHEMA_CLIENT_SECRET}", "legal": "${KEYCLOAK_LEGAL_CLIENT_SECRET}", -"entitlements": "${KEYCLOAK_ENTITLEMENTS_CLIENT_SECRET}" +"entitlements": "${KEYCLOAK_ENTITLEMENTS_CLIENT_SECRET}", +"register": "${KEYCLOAK_REGISTER_CLIENT_SECRET}" } EOF diff --git a/bootstrap_infra_on_prem/postgresql/db.sql b/bootstrap_infra_on_prem/postgresql/db.sql index d6f672bae840d60bf894f7c5b1b2e5d76882375d..0af8ff58b587b0b3f07d6b27564eb2fdef9d1944 100644 --- a/bootstrap_infra_on_prem/postgresql/db.sql +++ b/bootstrap_infra_on_prem/postgresql/db.sql @@ -1,3 +1,12 @@ +CREATE SCHEMA DE; +CREATE TABLE IF NOT EXISTS DE."SUBSCRIPTION"( + id text COLLATE pg_catalog."default" NOT NULL, + pk bigint NOT NULL GENERATED ALWAYS AS IDENTITY PRIMARY KEY, + data jsonb NOT NULL, + CONSTRAINT SUBSCRIPTION_id UNIQUE (id) +); +CREATE INDEX IF NOT EXISTS SUBSCRIPTION_datagin ON DE."SUBSCRIPTION" USING GIN (data); +----------------- CREATE SCHEMA ""; CREATE TABLE IF NOT EXISTS ."StorageRecord"( id text COLLATE pg_catalog."default" NOT NULL, diff --git a/helm/osdu-infra-onprem/Chart.yaml b/helm/osdu-infra-onprem/Chart.yaml index d6410751e724af0387bf38d91463e3c89c2e4700..3af157b92553e1df6218ba01813f4a31cebca134 100644 --- a/helm/osdu-infra-onprem/Chart.yaml +++ b/helm/osdu-infra-onprem/Chart.yaml @@ -121,3 +121,13 @@ dependencies: version: 0.1.0 repository: https://community.opengroup.org/api/v4/projects/5/packages/helm/stable condition: gcp-unit-deploy.enabled + - name: gcp-register-configmap + version: 0.1.0 + repository: https://community.opengroup.org/api/v4/projects/157/packages/helm/stable + condition: gcp_register_configmap.enabled + alias: gcp_register_configmap + - name: gcp-register-deploy + version: 0.1.0 + repository: https://community.opengroup.org/api/v4/projects/157/packages/helm/stable + condition: gcp_register_deploy.enabled + alias: gcp_register_deploy diff --git a/helm/osdu-infra-onprem/templates/infra-job.yaml b/helm/osdu-infra-onprem/templates/infra-job.yaml index 663ab88cb05fe512fefb5bd159a1eb9b5ac2399a..678344a265d293c9886577c99d9d34370e604e1f 100644 --- a/helm/osdu-infra-onprem/templates/infra-job.yaml +++ b/helm/osdu-infra-onprem/templates/infra-job.yaml @@ -18,5 +18,11 @@ spec: envFrom: - secretRef: name: "{{ .Release.Name }}-infra-job-secret" + env: + - name: KEYCLOAK_REGISTER_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Values.gcp_register_deploy.conf.register_keycloak_secret_name }}" + key: OPENID_PROVIDER_CLIENT_SECRET restartPolicy: Never backoffLimit: 3 diff --git a/helm/osdu-infra-onprem/templates/rabbitmq-secret.yaml b/helm/osdu-infra-onprem/templates/rabbitmq-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3e730ce6d91a3a7998809f208292064f2f4e6ac0 --- /dev/null +++ b/helm/osdu-infra-onprem/templates/rabbitmq-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "rabbitmq-secret" +type: Opaque +data: + RABBITMQ_ADMIN_USERNAME: "{{ .Values.rabbitmq.auth.username | b64enc }}" + RABBITMQ_ADMIN_PASSWORD: "{{ .Values.rabbitmq.auth.password | b64enc }}" diff --git a/helm/osdu-infra-onprem/templates/register-infra-secret.yaml b/helm/osdu-infra-onprem/templates/register-infra-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c2f9b454b8be30703b0b76876545be90e28726d3 --- /dev/null +++ b/helm/osdu-infra-onprem/templates/register-infra-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Values.gcp_register_deploy.conf.register_postgres_secret_name }}" +type: Opaque +data: + POSTGRES_DATASOURCE_URL_{{ upper .Values.bootstrap.infra.secret.dataPartitionId }}: "{{ .Values.register_infra_secret.secret.postgres_datasource_url | b64enc }}" + POSTGRES_DB_USERNAME_{{ upper .Values.bootstrap.infra.secret.dataPartitionId }}: "{{ .Values.postgresql.global.postgresql.auth.username | b64enc }}" + POSTGRES_DB_PASSWORD_{{ upper .Values.bootstrap.infra.secret.dataPartitionId }}: "{{ .Values.postgresql.global.postgresql.auth.password | b64enc }}" + +--- +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Values.gcp_register_deploy.conf.register_keycloak_secret_name }}" +type: Opaque +data: + OPENID_PROVIDER_URL: {{ printf "http://keycloak/auth/realms/%s" .Values.bootstrap.infra.secret.keycloakRealmName | b64enc | quote }} + OPENID_PROVIDER_CLIENT_ID: {{ printf "%s-register" .Values.bootstrap.infra.secret.keycloakRealmName | b64enc | quote }} + OPENID_PROVIDER_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Values.gcp_register_deploy.conf.register_kms_secret_name }}" +type: Opaque +data: + KMS_PASSWORD: {{ randAlphaNum 16 | b64enc | quote }} + KMS_SALT: "{{ .Values.register_infra_secret.secret.kms_salt | b64enc }}" diff --git a/helm/osdu-infra-onprem/values.yaml b/helm/osdu-infra-onprem/values.yaml index d09f34245c2c259129ba6939f1e6d376f371249b..298a6211fac2804f3bd4d9946c542441a7cbfb89 100644 --- a/helm/osdu-infra-onprem/values.yaml +++ b/helm/osdu-infra-onprem/values.yaml @@ -66,6 +66,7 @@ minio: rabbitmq: enabled: true + fullnameOverride: "rabbitmq" auth: username: "" password: "" @@ -325,6 +326,7 @@ gcp-crs-conversion-deploy: on_prem_enabled: true # --- End of Crs-conversion values --- # + # --- Partition values --- # gcp-partition-deploy: enabled: true @@ -416,3 +418,43 @@ gcp-unit-deploy: on_prem_enabled: true # --- End of Unit values --- # + +# --- Register values --- # +register_infra_secret: + secret: + postgres_datasource_url: "jdbc:postgresql://postgresql-db:5432/postgres" + kms_password: "" + kms_salt: "" #The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length + +gcp_register_configmap: + enabled: true + data: + log_level: "INFO" + spring_profiles_active: "anthos" + + conf: + configmap: "register-config" + app_name: "register" + on_prem_enabled: true + +gcp_register_deploy: + enabled: true + data: + requests_cpu: "0.1" + requests_memory: "384M" + limits_cpu: "1" + limits_memory: "1G" + serviceAccountName: "register" + imagePullPolicy: "IfNotPresent" + image: "community.opengroup.org:5555/osdu/platform/system/register/osdu-gcp:latest" + + conf: + configmap: "register-config" + rabbitmq_secret_name: "rabbitmq-secret" + register_postgres_secret_name: "register-postgres-secret" + register_keycloak_secret_name: "register-keycloak-secret" + register_kms_secret_name: "register-kms-secret" + app_name: "register" + on_prem_enabled: true + +# --- End of Register values --- #