Commit 643b6796 authored by Bill Wang's avatar Bill Wang
Browse files

Merge branch 'dev' into elasticcache

parents ec9e19bb e3295139
......@@ -15,9 +15,10 @@ variables:
OSDU_GCP_SERVICE: partition
OSDU_GCP_VENDOR: gcp
OSDU_GCP_APPLICATION_NAME: os-partition
OSDU_GCP_ENV_VARS: AUTHORIZE_API=$OSDU_GCP_AUTHORIZE_API,GOOGLE_CLOUD_PROJECT=$OSDU_GCP_PROJECT,GOOGLE_AUDIENCES=$GOOGLE_AUDIENCE,PARTITION_ADMIN_ACCOUNT=$OSDU_GCP_SERVICE_ACCOUNT
OSDU_GCP_ENV_VARS: AUTHORIZE_API=$OSDU_GCP_ENTITLEMENTS_V2_URL,GOOGLE_CLOUD_PROJECT=$OSDU_GCP_PROJECT,GOOGLE_AUDIENCES=$GOOGLE_AUDIENCE,PARTITION_ADMIN_ACCOUNT=$OSDU_GCP_SERVICE_ACCOUNT
MAVEN_PROJECTS: "-pl partition-core,provider/partition-gcp"
OSDU_GCP_TEST_SUBDIR: testing/$OSDU_GCP_SERVICE-test-$OSDU_GCP_VENDOR
OSDU_GCP_HELM_PACKAGE_CHARTS: "devops/gcp/deploy devops/gcp/configmap"
include:
- project: "osdu/platform/ci-cd-pipelines"
......@@ -44,6 +45,9 @@ include:
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/osdu-gcp-cloudrun.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "publishing/pages.yml"
osdu-gcp-test:
variables:
CLIENT_TENANT: osdu
This diff is collapsed.
......@@ -41,15 +41,16 @@ spec:
imagePullPolicy: Always
ports:
- containerPort: 80
resources:
requests:
cpu: "100m"
limits:
cpu: "300m"
readinessProbe:
httpGet:
path: /api/partition/v1/swagger-ui.html
port: 80
path: /actuator/health
port: 8081
livenessProbe:
httpGet:
path: /actuator/health
port: 8081
initialDelaySeconds: 250
periodSeconds: 10
volumeMounts:
- name: azure-keyvault
mountPath: "/mnt/azure-keyvault"
......
......@@ -74,8 +74,14 @@ spec:
- containerPort: 80
readinessProbe:
httpGet:
path: /api/partition/v1/swagger-ui.html
port: 80
path: /actuator/health
port: 8081
livenessProbe:
httpGet:
path: /actuator/health
port: 8081
initialDelaySeconds: 250
periodSeconds: 10
volumeMounts:
- name: azure-keyvault
mountPath: "/mnt/azure-keyvault"
......
apiVersion: v2
name: gcp-partition-configmap
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 1.16.0
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: "{{ .Values.conf.app_name }}"
name: "{{ .Values.conf.configmap }}"
namespace: "{{ .Release.Namespace }}"
data:
GOOGLE_CLOUD_PROJECT: "{{ .Values.data.google_cloud_project }}"
PARTITION_ADMIN_ACCOUNT: "{{ .Values.data.partition_admin_account }}"
GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}"
KEY_RING: "{{ .Values.data.key_ring }}"
KMS_KEY: "{{ .Values.data.kms_key }}"
LOG_LEVEL: "{{ .Values.data.log_level }}"
data:
google_cloud_project: ""
partition_admin_account: ""
google_audiences: ""
key_ring: ""
kms_key: ""
log_level: ""
conf:
configmap: "partition-config"
app_name: "partition"
apiVersion: v2
name: gcp-partition-deploy
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 1.16.0
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ .Values.conf.app_name }}"
namespace: "{{ .Release.Namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: "{{ .Values.conf.app_name }}"
template:
metadata:
labels:
app: "{{ .Values.conf.app_name }}"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
spec:
containers:
- image: "{{ .Values.data.image }}"
imagePullPolicy: Always
name: "{{ .Values.conf.app_name }}"
env:
- name: "ACCEPT_HTTP"
value: "true"
envFrom:
- configMapRef:
name: "{{ .Values.conf.configmap }}"
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
ports:
- containerPort: 8080
resources:
requests:
cpu: "{{ .Values.data.requests_cpu }}"
memory: "{{ .Values.data.requests_memory }}"
limits:
cpu: "{{ .Values.data.limits_cpu }}"
memory: "{{ .Values.data.limits_memory }}"
serviceAccountName: "{{ .Values.data.serviceAccountName }}"
apiVersion: v1
kind: Service
metadata:
name: "{{ .Values.conf.app_name }}"
namespace: "{{ .Release.Namespace }}"
annotations:
cloud.google.com/neg: '{"ingress": true}'
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app: "{{ .Values.conf.app_name }}"
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "{{ .Values.conf.app_name }}"
namespace: "{{ .Release.Namespace }}"
spec:
hosts:
- "*"
gateways:
- service-gateway
http:
- match:
- uri:
prefix: "/api/partition"
route:
- destination:
port:
number: 80
host: "{{ .Values.conf.app_name }}.{{ .Release.Namespace }}.svc.cluster.local"
# Default values for partition-deploy.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
data:
requests_cpu: "0.25"
requests_memory: "128M"
limits_cpu: "1"
limits_memory: "1G"
serviceAccountName: ""
image: ""
conf:
configmap: "partition-config"
app_name: "partition"
......@@ -16,7 +16,7 @@ tags:
- name: health-check
description: Health Check
paths:
/_ah/liveness_check:
/actuator/health:
get:
tags:
- health-check
......@@ -40,7 +40,7 @@ paths:
security:
- JWT:
- global
/_ah/readiness_check:
/actuator/health:
get:
tags:
- health-check
......
......@@ -18,13 +18,13 @@ Partition service is responsible for creating and retrieving the partition speci
## Health Check <a name="checking-service-health"></a>
An endpoint to check if service is up and running.
```
GET api/partition/v1/_ah/liveness_check
GET api/partition/v1/actuator/health
```
<details><summary>curl</summary>
```
curl --request GET \
--url 'https://<base_url>/api/partition/v1/_ah/liveness_check'
--url 'https://<base_url>/api/partition/v1/actuator/health'
```
</details>
......
## Partition Service
## Table of Contents <a name="TOC"></a>
* [Introduction](#introduction)
* [Checking Service Health](#checking-service-health)
* [Partition API access](#partition-api-access)
* [APIs](#apis)
* [Get partition details](#get-partition)
* [Create a new partition](#create-partition)
* [Update an existing partition](#update-partition)
* [Delete an existing partition](#delete-partition)
* [List of partitions](#list-partition)
## Introduction <a name="introduction"></a>
Partition service is responsible for creating and retrieving the partition specific properties (secret and non-secret) on behalf of other services.
## Health Check <a name="checking-service-health"></a>
An endpoint to check if service is up and running.
```
GET api/partition/v1/_ah/liveness_check
```
<details><summary>curl</summary>
```
curl --request GET \
--url 'https://<base_url>/api/partition/v1/_ah/liveness_check'
```
</details>
## Partition API access <a name="partition-api-access"></a>
As Partition service APIs are mostly consumed by other services, API access is limited to service accounts only.
## APIs <a name="apis"></a>
### Get partition details<a name="get-partition"></a>
Consuming services can use this API to get details of a partition. Partition details consists of a set of key-value pairs of properties.
```
GET api/partition/v1/partitions/{partitionId}
```
<details><summary>curl</summary>
```
curl --request GET \
--url 'https://<base_url>/api/partition/v1/partitions/osdu' \
--header 'Authorization: Bearer <JWT>' \
--header 'Content-Type: application/json'
```
</details>
A sample output is shown below.
<details><summary>Sample response</summary>
```
{
"projectId": {
"sensitive": false,
"value": "osdu"
},
"serviceAccount": {
"sensitive": false,
"value": ".iam.gserviceaccount.com"
},
"complianceRuleSet": {
"sensitive": false,
"value": "shared"
},
"dataPartitionId": {
"sensitive": false,
"value": "osdu"
},
"name": {
"sensitive": false,
"value": "osdu"
},
"policy-service-enabled": {
"sensitive": false,
"value": "false"
},
"bucket": {
"sensitive": false,
"value": "bucketName"
},
"crmAccountID": {
"sensitive": false,
"value": ["osdu","osdu"]
}
}
```
</details>
[Back to Table of Contents](#TOC)
### Create a new partition<a name="create-partition"></a>
This api can be used to create a new partition. A plausible use case would be partition provisioning infrastructure script.
The default namespace value of Cloud Datastore is `partition`.
```
POST api/partition/v1/partitions/{partitionId}
```
<details><summary>curl</summary>
```
curl --request POST \
--url 'https://<base_url>/api/partition/v1/partitions/mypartition' \
--header 'Authorization: Bearer <JWT>' \
--header 'Content-Type: application/json' \
--data-raw '{
"properties": {
"projectId": {
"sensitive": false,
"value": "mypartition"
},
"serviceAccount": {
"sensitive": false,
"value": ".iam.gserviceaccount.com"
},
"complianceRuleSet": {
"sensitive": false,
"value": "shared"
},
"dataPartitionId": {
"sensitive": false,
"value": "mypartition"
},
"name": {
"sensitive": false,
"value": "mypartition"
},
"policy-service-enabled": {
"sensitive": false,
"value": "false"
},
"bucket": {
"sensitive": false,
"value": "bucketName"
},
"crmAccountID": {
"sensitive": false,
"value": ["mypartition","mypartition"]
}
}
}'
```
</details>
[Back to Table of Contents](#TOC)
### Update an existing partition<a name="update-partition"></a>
This api is used to update the properties of an existing partition. With this api, we can modify existing properties or add new ones. Deletion of properties can not be achieved, we'll have to delete the partition and re-create it for the same effect.
```
PATCH api/partition/v1/partitions/{partitionId}
```
<details><summary>curl</summary>
```
curl --request PATCH \
--url 'https://<base_url>/api/partition/v1/partitions/mypartition' \
--header 'Authorization: Bearer <JWT>' \
--header 'Content-Type: application/json' \
--data-raw '{
"properties": {
"bucket": {
"value": "bucket-update-value"
},
"new-key": {
"sensitive": true,
"value": "new-value"
}
}
}'
```
</details>
### Delete an existing partition<a name="delete-partition"></a>
This api is used to delete an existing partition. A plausible use case would be partition teardown infrastructure script.
```
DELETE api/partition/v1/partitions/{partitionId}
```
<details><summary>curl</summary>
```
curl --request DELETE \
--url 'https://<base_url>/api/partition/v1/partitions/mypartition' \
--header 'Authorization: Bearer <JWT>' \
--header 'Content-Type: application/json'
```
</details>
### List partitions <a name="list-partition"></a>
Consuming services can use this API to list all partitions Id.
```
GET api/partition/v1/partitions
```
<details><summary>curl</summary>
```
curl --request GET \
--url 'https://<base_url>/api/partition/v1/partitions' \
--header 'Authorization: Bearer <JWT>' \
--header 'Content-Type: application/json'
```
</details>
A sample output is shown below.
<details><summary>Sample response</summary>
```
[
"default-dev",
"opendes",
"osdu",
"mypartition"
]
```
</details>
[Back to Table of Contents](#TOC)
\ No newline at end of file
......@@ -23,7 +23,7 @@
<parent>
<groupId>org.opengroup.osdu</groupId>
<artifactId>partition</artifactId>
<version>0.9.0-SNAPSHOT</version>
<version>0.11.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
......@@ -56,6 +56,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
......
// Copyright 2017-2020, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.partition.api;
import java.util.Collections;
import org.opengroup.osdu.partition.logging.AuditLogger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping(path= "/_ah", produces = "application/json")
public class HealthCheck {
@Autowired
private AuditLogger auditLogger;
@GetMapping("/liveness_check")
public ResponseEntity<String> livenessCheck() {
ResponseEntity responseEntity = new ResponseEntity<>("Partition service is alive", HttpStatus.OK);
this.auditLogger.readServiceLivenessSuccess(Collections.singletonList(responseEntity.toString()));
return responseEntity;
}
@GetMapping("/readiness_check")
public ResponseEntity<String> readinessCheck() {
return new ResponseEntity<>("Partition service is ready", HttpStatus.OK);
}
}
// Copyright 2017-2020, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.partition.api;
import static org.junit.jupiter.api.Assertions.assertEquals;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.opengroup.osdu.partition.logging.AuditLogger;
import org.springframework.http.HttpStatus;
@RunWith(MockitoJUnitRunner.class)
public class HealthCheckTest {
@Mock
private AuditLogger auditLogger;
@InjectMocks
private HealthCheck sut;
@Test
public void should_returnHttp200_when_checkLiveness() {
assertEquals(HttpStatus.OK, this.sut.livenessCheck().getStatusCode());
}
@Test
public void should_returnHttp200_when_checkReadiness() {
assertEquals(HttpStatus.OK, this.sut.readinessCheck().getStatusCode());
}
}
\ No newline at end of file
......@@ -18,7 +18,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.opengroup.osdu</groupId>
<artifactId>partition</artifactId>
<version>0.9.0-SNAPSHOT</version>
<version>0.11.0-SNAPSHOT</version>
<description>Partition Service</description>
<properties>
......@@ -26,7 +26,7 @@
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.source>1.8</maven.compiler.source>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>