Merge branch 'master' into master-dev-merge

6a872bb3 · Marc Burnie [AWS] · a7503b8c · 766153c3 · 6a872bb3 · 6a872bb3
Commit 6a872bb3 authored 2 years ago by Marc Burnie [AWS]
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,6 +14,7 @@ variables:
  IBM_INT_TEST_SUBDIR: testing/partition-test-ibm

  # --- osdu gcp specific variables ---
+  OSDU_GCP_ENABLE_BOOTSTRAP: "true"
  OSDU_GCP_SERVICE: partition
  OSDU_GCP_VENDOR: gcp
  OSDU_GCP_APPLICATION_NAME: os-partition
@@ -21,9 +22,11 @@ variables:
  OSDU_GCP_TEST_SUBDIR: testing/$OSDU_GCP_SERVICE-test-$OSDU_GCP_VENDOR
  OSDU_GCP_HELM_PACKAGE_CHARTS: "devops/gcp/deploy devops/gcp/configmap"
  OSDU_GCP_HELM_NAMESPACE: default
-  OSDU_GCP_HELM_CONFIG_SERVICE_VARS: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS --set data.google_cloud_project=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY"
-  OSDU_GCP_HELM_CONFIG_SERVICE_VARS_DEV2: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS_DEV2 --set data.google_cloud_project=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY"
-  OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: "--set data.image=$CI_REGISTRY_IMAGE/osdu-gcp:$CI_COMMIT_SHORT_SHA --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s"
+  OSDU_GCP_HELM_CONFIG_SERVICE_VARS: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS --set data.project_id=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY --set data.data_partition_id=$OSDU_GCP_TENANT"
+  OSDU_GCP_HELM_CONFIG_SERVICE_VARS_DEV2: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS_DEV2 --set data.project_id=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY --set data.data_partition_id=$OSDU_GCP_TENANT"
+  OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: "--set data.image=$CI_REGISTRY_IMAGE/osdu-gcp:$CI_COMMIT_SHORT_SHA --set data.bootstrap_image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-partition:$CI_COMMIT_SHORT_SHA --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s --set data.bootstrapServiceAccountName=$OSDU_GCP_SERVICE-k8s"
+  # FIXME add value below to DEV2 pipeline
+  OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS_DEV2: "--set data.bootstrap_image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-partition:$CI_COMMIT_SHORT_SHA --set data.bootstrapServiceAccountName=$OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT"
  OSDU_GCP_HELM_CONFIG_SERVICE: partition-config
  OSDU_GCP_HELM_DEPLOYMENT_SERVICE: partition-deploy

@@ -58,6 +61,32 @@ include:
  - project: "osdu/platform/ci-cd-pipelines"
    file: "publishing/pages.yml"

+osdu-gcp-deploy-deployment:
+  variables:
+    OSDU_GCP_BOOTSTRAP_SERVICE: partition-bootstrap
+  needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-containerize-bootstrap-gitlab", "osdu-gcp-deploy-configmap"]
+  after_script:
+    - echo ----- Verify Bootstrap -----
+    - kubectl rollout status deployment.v1.apps/$OSDU_GCP_BOOTSTRAP_SERVICE -n $OSDU_GCP_HELM_NAMESPACE --timeout=900s
+    - POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_HELM_NAMESPACE | grep $OSDU_GCP_BOOTSTRAP_SERVICE | tail -1 | awk '{print $1}')
+    - STATUS=$(kubectl wait -n $OSDU_GCP_HELM_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s)
+    - echo $STATUS
+    - if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
+
+osdu-gcp-dev2-deploy-deployment:
+  variables:
+    OSDU_GCP_BOOTSTRAP_SERVICE: partition-bootstrap
+    OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT: workload-gke-bootstrap-sa
+  needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-containerize-bootstrap-gitlab", "osdu-gcp-dev2-deploy-configmap"]
+  after_script:
+    - echo ----- Verify Bootstrap -----
+    - kubectl rollout status deployment.v1.apps/$OSDU_GCP_BOOTSTRAP_SERVICE -n $OSDU_GCP_HELM_NAMESPACE --timeout=900s
+    - POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_HELM_NAMESPACE | grep $OSDU_GCP_BOOTSTRAP_SERVICE | tail -1 | awk '{print $1}')
+    - STATUS=$(kubectl wait -n $OSDU_GCP_HELM_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s)
+    - echo $STATUS
+    - if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
+
+
 osdu-gcp-test:
  variables:
    CLIENT_TENANT: osdu

--- a/NOTICE
+++ b/NOTICE
@@ -13,8 +13,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 Apache-1.1
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Apache Commons CLI (from https://commons.apache.org/proper/commons-cli/, https://repo1.maven.org/maven2/commons-cli/commons-cli)
 - Cobertura (from http://cobertura.sourceforge.net)
 - Default Plexus Container (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-container-default)
@@ -291,7 +289,7 @@ The following software have components provided under the terms of this license:
 - Adapter: RxJava (from https://repo1.maven.org/maven2/com/squareup/retrofit2/adapter-rxjava)
 - Apache Ant + JUnit (from http://ant.apache.org/, https://ant.apache.org/)
 - Apache Ant Core
- Apache Ant Launcher (from http://ant.apache.org/)
+- Apache Ant Launcher (from http://ant.apache.org/, https://ant.apache.org/)
 - Apache Commons BeanUtils (from http://commons.apache.org/proper/commons-beanutils/, https://repo1.maven.org/maven2/commons-beanutils/commons-beanutils)
 - Apache Commons CLI (from https://commons.apache.org/proper/commons-cli/, https://repo1.maven.org/maven2/commons-cli/commons-cli)
 - Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/, https://commons.apache.org/proper/commons-codec/)
@@ -671,8 +669,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 CC-BY-2.5
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
 - MongoDB Java Driver (from http://mongodb.org/, http://www.mongodb.org)

@@ -686,15 +682,11 @@ CC-BY-4.0
 ========================================================================
 CC0-1.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - reactive-streams (from http://www.reactive-streams.org/)

 ========================================================================
 CDDL-1.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Servlet Specification 2.5 API (from http://jetty.mortbay.org, https://repo1.maven.org/maven2/org/mortbay/jetty/servlet-api-2.5)

 ========================================================================
@@ -741,8 +733,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 EPL-2.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
 - JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
 - JUnit Jupiter API (from http://junit.org/junit5/, https://junit.org/junit5/)
@@ -768,8 +758,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 GPL-2.0-or-later
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org)

 ========================================================================
@@ -788,8 +776,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 GPL-3.0-only
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
 - Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
 - Project Lombok (from http://projectlombok.org, https://projectlombok.org)
@@ -797,8 +783,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 JSON
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - JSON in Java (from https://github.com/douglascrockford/JSON-java)

 ========================================================================
@@ -823,8 +807,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 LGPL-2.1-or-later
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Javassist (from http://www.javassist.org/)
 - SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org)

@@ -894,24 +876,18 @@ The following software have components provided under the terms of this license:
 ========================================================================
 MPL-1.1
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Cobertura (from http://cobertura.sourceforge.net)
 - Javassist (from http://www.javassist.org/)

 ========================================================================
 MPL-2.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Javassist (from http://www.javassist.org/)
 - OkHttp (from https://repo1.maven.org/maven2/com/squareup/okhttp3/okhttp, https://square.github.io/okhttp/)

 ========================================================================
 PHP-3.01
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
 - Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api, https://repo1.maven.org/maven2/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec)

@@ -931,8 +907,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 SPL-1.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Servlet Specification 2.5 API (from http://jetty.mortbay.org, https://repo1.maven.org/maven2/org/mortbay/jetty/servlet-api-2.5)

 ========================================================================
@@ -948,8 +922,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 WTFPL
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Reflections (from http://code.google.com/p/reflections/, http://github.com/ronmamo/reflections)

 ========================================================================

--- a/devops/gcp/configmap/templates/partition-bootstrap-configmap.yml
+++ b/devops/gcp/configmap/templates/partition-bootstrap-configmap.yml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: "{{ .Values.conf.bootstrap_name }}"
+  name: "{{ .Values.conf.bootstrap_configmap }}"
+  namespace: "{{ .Release.Namespace }}"
+data:
+  PARTITION_NAME: "{{ .Values.data.partition_name }}.{{ .Release.Namespace }}.svc.cluster.local"
+  PROJECT_ID: "{{ .Values.data.project_id }}"
+  DATA_PARTITION_ID: "{{ .Values.data.data_partition_id }}"
+  {{- if .Values.conf.on_prem_enabled }}
+  DOMAIN: "{{ .Values.data.domain }}"
+  ENVIRONMENT: "{{ .Values.data.environment }}"
+  CLIENT_ID: "{{ .Values.data.client_id }}"
+  {{- else }}
+  AUDIENCES: "{{ .Values.data.google_audiences }}"
+  DATAFIER_SA: "{{ .Values.data.datafier_sa }}"
+  {{- end }}
--- a/devops/gcp/configmap/templates/partition-variables.yml
+++ b/devops/gcp/configmap/templates/partition-variables.yml
@@ -12,7 +12,7 @@ data:
  PARTITION_PROPERTY_KIND: "{{ .Values.data.partition_property_kind }}"
  PARTITION_NAMESPACE: "{{ .Values.data.partition_namespace }}"
  {{- else }}
-  GOOGLE_CLOUD_PROJECT: "{{ .Values.data.google_cloud_project }}"
+  GOOGLE_CLOUD_PROJECT: "{{ .Values.data.project_id }}"
  PARTITION_ADMIN_ACCOUNTS: "{{ .Values.data.partition_admin_accounts }}"
  GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}"
  SERVICE_ACCOUNT_TAIL: "{{ .Values.data.service_account_tail }}"

--- a/devops/gcp/configmap/values.yaml
+++ b/devops/gcp/configmap/values.yaml
 data:
-  google_cloud_project: ""
+  project_id: ""
  partition_admin_accounts: ""
  google_audiences: ""
  log_level: "INFO"
@@ -7,8 +7,18 @@ data:
  partition_property_kind: ""
  partition_namespace: ""
  spring_profiles_active: "gcp"
-
+  # bootstrap common
+  partition_name: "partition"
+  data_partition_id: ""
+  datafier_sa: "datafier"
+  # bootstrap variables onprem
+  domain: ""
+  environment: ""
+  client_id: ""
 conf:
  configmap: "partition-config"
  app_name: "partition"
+  # bootstrap common
+  bootstrap_name: "partition-bootstrap"
+  bootstrap_configmap: "partition-bootstrap-configmap"
  on_prem_enabled: false
--- a/devops/gcp/deploy/templates/partition-authorization-policy.yml
+++ b/devops/gcp/deploy/templates/partition-authorization-policy.yml
@@ -14,22 +14,27 @@ spec:
 {{- toYaml $spec.matchLabels | nindent 6 }}
  action: ALLOW
  rules:
-  {{- range $rule := $spec.rules }}
  - from:
    - source:
-        principals: 
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/entitlements-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/search-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/storage-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/register-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/notification-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-queue-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/schema-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/file-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/dataset-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal-k8s
+        principals:
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/crs-catalog
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/crs-conversion
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/dataset
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/entitlements
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/file
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-queue
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/notification
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/register
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/schema
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/search
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/seismic-store
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/storage
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/unit
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/well-delivery
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/wks
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/workflow
    to:
    - operation:
        methods:
@@ -39,14 +44,15 @@ spec:
  - from:
    - source:
        principals: 
-         - cluster.local/ns/{{ $rule.bootstrap_namespace }}/sa/workload-gke-bootstrap-sa
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/bootstrap-sa
    to:
    - operation:
        methods:
        - POST
+        - PUT
        - PATCH
+        - GET
        paths:
        - /api/partition/v1/*
 {{- end }}
 {{- end }}
-{{- end }}
--- a/devops/gcp/deploy/templates/partition-bootstrap-deployment.yml
+++ b/devops/gcp/deploy/templates/partition-bootstrap-deployment.yml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Values.conf.bootstrap_name }}"
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ .Values.conf.bootstrap_name }}"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Values.conf.bootstrap_name }}"
+      annotations:
+        rollme: {{ randAlphaNum 5 | quote }}
+    spec:
+      containers:
+        - image: "{{ .Values.data.bootstrap_image }}"
+          name: "{{ .Values.conf.bootstrap_name }}"
+          readinessProbe:
+            exec:
+              command:
+              - cat
+              - /tmp/bootstrap_ready
+          envFrom:
+            - configMapRef:
+                name: "{{ .Values.conf.bootstrap_configmap }}"
+          resources:
+            limits:
+              cpu: "{{ .Values.data.bootstrap_limits_cpu }}"
+              memory: "{{ .Values.data.bootstrap_limits_memory }}"
+      restartPolicy: Always
+      serviceAccountName: "{{ .Values.data.bootstrapServiceAccountName }}"
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
-# Default values for partition-deploy.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
 data:
  requests_cpu: "0.1"
-  requests_memory: "256M"
+  requests_memory: "260M"
  limits_cpu: "1"
  limits_memory: "1G"
-  serviceAccountName: ""
+  serviceAccountName: "partition"
  imagePullPolicy: "IfNotPresent"
  image: ""
-
+  # bootstrap common
+  bootstrap_limits_cpu: "0.1"
+  bootstrap_limits_memory: "200M"
+  bootstrap_image: ""
+  bootstrapServiceAccountName: ""
 conf:
  configmap: "partition-config"
  secret: "partition-postgres-secret"
  app_name: "partition"
+  # bootstrap common
+  bootstrap_name: "partition-bootstrap"
+  bootstrap_configmap: "partition-bootstrap-configmap"
  on_prem_enabled: false
-
 namespacePolicy:
  mtlsMode: STRICT
-
 authorizations:
  partitionPolicy:
    matchLabels:
      app: partition
-    rules:
-    - bootstrap_namespace: config
--- a/provider/partition-gcp/bootstrap/Dockerfile
+++ b/provider/partition-gcp/bootstrap/Dockerfile
+FROM google/cloud-sdk:slim
+
+COPY ./provider/partition-gcp/bootstrap/bootstrap_partition.sh ./opt
+
+ENV PREFIX=$(pwd)
+
+RUN chmod 775 /opt/bootstrap_partition.sh
+
+CMD ["/bin/bash", "-c", "source /opt/bootstrap_partition.sh && sleep 365d"]
--- a/provider/partition-gcp/bootstrap/bootstrap_partition.sh
+++ b/provider/partition-gcp/bootstrap/bootstrap_partition.sh
+#!/usr/bin/env bash
+
+set -ex
+
+DATA_PARTITION_ID_UPPER=${DATA_PARTITION_ID^^}
+
+generate_post_data()
+{
+  cat <<EOF
+{
+  "properties": {
+    "projectId": {
+        "sensitive": false,
+        "value": "${PROJECT_ID}"
+    },
+    "serviceAccount": {
+        "sensitive": false,
+        "value": "${SERVICEACCOUNT}"
+    },
+    "complianceRuleSet": {
+        "sensitive": false,
+        "value": "shared"
+    },
+    "dataPartitionId": {
+        "sensitive": false,
+        "value": "${DATA_PARTITION_ID}"
+    },
+    "name": {
+        "sensitive": false,
+        "value": "${DATA_PARTITION_ID}"
+    },
+    "policy-service-enabled": {
+        "sensitive": false,
+        "value": "false"
+    },
+    "bucket": {
+        "sensitive": false,
+        "value": "${PROJECT_ID}-records"
+    },
+    "crmAccountID": {
+        "sensitive": false,
+        "value": "[${DATA_PARTITION_ID},${DATA_PARTITION_ID}]"
+    },
+    "osm.postgres.datasource.url": {
+      "sensitive": true,
+      "value": "POSTGRES_DATASOURCE_URL_${DATA_PARTITION_ID_UPPER}"
+    },
+    "osm.postgres.datasource.username": {
+      "sensitive": true,
+      "value": "POSTGRES_DB_USERNAME_${DATA_PARTITION_ID_UPPER}"
+    },
+    "osm.postgres.datasource.password": {
+      "sensitive": true,
+      "value": "POSTGRES_DB_PASSWORD_${DATA_PARTITION_ID_UPPER}"
+    },
+    "obm.minio.endpoint": {
+      "sensitive": false,
+      "value": "http://minio:9000"
+    },
+    "file.minio.endpoint": {
+      "sensitive": false,
+      "value": "https://s3.${DOMAIN}"
+    },
+    "obm.minio.accessKey": {
+      "sensitive": true,
+      "value": "MINIO_ACCESS_KEY"
+    },
+    "obm.minio.secretKey": {
+      "sensitive": true,
+      "value": "MINIO_SECRET_KEY"
+    },
+    "oqm.rabbitmq.amqp.host": {
+      "sensitive": false,
+      "value": "rabbitmq"
+    },
+    "oqm.rabbitmq.amqp.port": {
+      "sensitive": false,
+      "value": "5672"
+    },
+    "oqm.rabbitmq.amqp.path": {
+      "sensitive": false,
+      "value": ""
+    },
+    "oqm.rabbitmq.amqp.username": {
+      "sensitive": true,
+      "value": "RABBITMQ_ADMIN_USERNAME"
+    },
+    "oqm.rabbitmq.amqp.password": {
+      "sensitive": true,
+      "value": "RABBITMQ_ADMIN_PASSWORD"
+    },
+
+     "oqm.rabbitmq.admin.schema": {
+      "sensitive": false,
+      "value": "http"
+    },
+     "oqm.rabbitmq.admin.host": {
+      "sensitive": false,
+      "value": "rabbitmq"
+    },
+    "oqm.rabbitmq.admin.port": {
+      "sensitive": false,
+      "value": "15672"
+    },
+    "oqm.rabbitmq.admin.path": {
+      "sensitive": false,
+      "value": "/api"
+    },
+    "oqm.rabbitmq.admin.username": {
+      "sensitive": true,
+      "value": "RABBITMQ_ADMIN_USERNAME"
+    },
+    "oqm.rabbitmq.admin.password": {
+      "sensitive": true,
+      "value": "RABBITMQ_ADMIN_PASSWORD"
+    },
+    "elasticsearch.host": {
+      "sensitive": true,
+      "value": "ELASTIC_HOST_${DATA_PARTITION_ID_UPPER}"
+    },
+    "elasticsearch.port": {
+      "sensitive": true,
+      "value": "ELASTIC_PORT_${DATA_PARTITION_ID_UPPER}"
+    },
+    "elasticsearch.user": {
+      "sensitive": true,
+      "value": "ELASTIC_USER_${DATA_PARTITION_ID_UPPER}"
+    },
+    "elasticsearch.password": {
+      "sensitive": true,
+      "value": "ELASTIC_PASS_${DATA_PARTITION_ID_UPPER}"
+    }
+  }
+}
+EOF
+}
+
+echo "sleep to prevent 500 response from the partition service, due to timeout of creation for Workload Identity"
+sleep 20
+
+if [ "$ENVIRONMENT" == "anthos" ]
+then
+
+  SERVICEACCOUNT=$CLIENT_ID@service.local
+
+  status_code=$(curl -X POST \
+    --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+    -H "Content-Type: application/json" \
+    --data-raw "$(generate_post_data)")
+
+  if [ "$status_code" == 201 ]
+  then
+    echo "partition bootstrap was OK!"
+  elif [ "$status_code" == 409 ]
+  then
+    curl -X PATCH \
+    --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+    -H "Content-Type: application/json" \
+    --data-raw "$(generate_post_data)"
+    echo "partition was patched because datastore has already had some entities!"
+  else
+    exit 1
+  fi
+
+elif [ "$ENVIRONMENT" == "" ]
+then
+
+  IDENTITY_TOKEN=$(gcloud auth print-identity-token --audiences="${AUDIENCES}")
+
+  SERVICEACCOUNT=${DATAFIER_SA}@${PROJECT_ID}.iam.gserviceaccount.com
+
+  status_code=$(curl -X POST \
+     --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+     -H "Authorization: Bearer ${IDENTITY_TOKEN}" \
+     -H "Content-Type: application/json" \
+     --data-raw "$(generate_post_data)")
+
+  if [ "$status_code" == 201 ]
+  then
+    echo "partition bootstrap was OK!"
+  elif [ "$status_code" == 409 ]
+  then
+    curl -X PATCH \
+    --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+    -H "Authorization: Bearer ${IDENTITY_TOKEN}" \
+    -H "Content-Type: application/json" \
+    --data-raw "$(generate_post_data)"
+    echo "partition was patched because datastore has already had some entities!"
+  else
+    exit 1
+  fi
+fi
+
+touch /tmp/bootstrap_ready
--- a/provider/partition-gcp/pom.xml
+++ b/provider/partition-gcp/pom.xml
@@ -28,7 +28,7 @@
    <dependency>
      <groupId>org.opengroup.osdu</groupId>
      <artifactId>core-lib-gcp</artifactId>
-      <version>0.14.0</version>
+      <version>0.15.0-rc3</version>
    </dependency>

    <dependency>

--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/cache/CredentialsCache.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/cache/CredentialsCache.java
-/*
-  Copyright 2002-2021 Google LLC
-  Copyright 2002-2021 EPAM Systems, Inc
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
- */
-
-package org.opengroup.osdu.partition.provider.gcp.cache;
-
-import org.opengroup.osdu.core.common.cache.VmCache;
-import org.opengroup.osdu.core.gcp.multitenancy.credentials.GcsCredential;
-import org.springframework.stereotype.Component;
-
-@Component
-public class CredentialsCache extends VmCache<String, GcsCredential> {
-
-  public CredentialsCache() {
-    super(30, 1000);
-  }
-}
--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/middleware/GcpExceptionMapper.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/middleware/GcpExceptionMapper.java
+/*
+ * Copyright 2020-2021 Google LLC
+ * Copyright 2020-2021 EPAM Systems, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opengroup.osdu.partition.provider.gcp.middleware;
+
+import java.util.Arrays;
+import org.opengroup.osdu.core.common.model.http.AppException;
+import org.opengroup.osdu.partition.middleware.GlobalExceptionMapper;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.validation.ObjectError;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.WebRequest;
+
+@ControllerAdvice
+@RestController
+public class GcpExceptionMapper extends GlobalExceptionMapper {
+  private static final String NOT_VALID_REQUEST_BODY = "Passed arguments were not valid. Reasons: %s";
+
+  @Override
+  protected ResponseEntity<Object> handleMethodArgumentNotValid(
+      MethodArgumentNotValidException ex, HttpHeaders headers, HttpStatus status, WebRequest request) {
+
+    StringBuilder errors = new StringBuilder();
+
+    for (ObjectError error : ex.getAllErrors()) {
+      errors
+          .append('[')
+          .append("arguments: ")
+          .append(Arrays.toString(error.getArguments()))
+          .append(", message: ")
+          .append(error.getDefaultMessage())
+          .append("]");
+    }
+
+    return super.getErrorResponse(
+        new AppException(
+            status.value(),
+            "Validation error.",
+            String.format(NOT_VALID_REQUEST_BODY, errors)));
+  }
+}