From 93eaf2596c005e1bf7865863b1a632619278a6a4 Mon Sep 17 00:00:00 2001
From: "Igor Zimovets (EPAM)" <igor_zimovets@epam.com>
Date: Fri, 15 Apr 2022 13:24:34 +0000
Subject: [PATCH] GONRG-4695 partition bootstrap job to deployment
---
.gitlab-ci.yml | 37 +++-
NOTICE | 30 +--
.../partition-bootstrap-configmap.yml | 19 ++
.../templates/partition-variables.yml | 2 +-
devops/gcp/configmap/values.yaml | 13 +-
.../partition-bootstrap-deployment.yml | 34 ++++
.../templates/service-account-bootstrap.yml | 7 +
devops/gcp/deploy/values.yaml | 11 +
provider/partition-gcp/bootstrap/Dockerfile | 9 +
.../bootstrap/bootstrap_partition.sh | 192 ++++++++++++++++++
.../bootstrap/bootstrap_partition.yml | 18 ++
11 files changed, 338 insertions(+), 34 deletions(-)
create mode 100644 devops/gcp/configmap/templates/partition-bootstrap-configmap.yml
create mode 100644 devops/gcp/deploy/templates/partition-bootstrap-deployment.yml
create mode 100644 devops/gcp/deploy/templates/service-account-bootstrap.yml
create mode 100644 provider/partition-gcp/bootstrap/Dockerfile
create mode 100644 provider/partition-gcp/bootstrap/bootstrap_partition.sh
create mode 100644 provider/partition-gcp/bootstrap/bootstrap_partition.yml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 629cd9168..928c61b93 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,9 +21,11 @@ variables:
OSDU_GCP_TEST_SUBDIR: testing/$OSDU_GCP_SERVICE-test-$OSDU_GCP_VENDOR
OSDU_GCP_HELM_PACKAGE_CHARTS: "devops/gcp/deploy devops/gcp/configmap"
OSDU_GCP_HELM_NAMESPACE: default
- OSDU_GCP_HELM_CONFIG_SERVICE_VARS: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS --set data.google_cloud_project=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY"
- OSDU_GCP_HELM_CONFIG_SERVICE_VARS_DEV2: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS_DEV2 --set data.google_cloud_project=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY"
- OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: "--set data.image=$CI_REGISTRY_IMAGE/osdu-gcp:$CI_COMMIT_SHORT_SHA --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s"
+ OSDU_GCP_HELM_CONFIG_SERVICE_VARS: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS --set data.project_id=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY --set data.data_partition_id=$OSDU_GCP_TENANT"
+ OSDU_GCP_HELM_CONFIG_SERVICE_VARS_DEV2: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS_DEV2 --set data.project_id=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY --set data.data_partition_id=$OSDU_GCP_TENANT --set conf.bootstrap_namespace=config"
+ OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: "--set data.image=$CI_REGISTRY_IMAGE/osdu-gcp:$CI_COMMIT_SHORT_SHA --set data.bootstrap_image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-partition:$CI_COMMIT_SHORT_SHA --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s --set data.bootstrapServiceAccountName=$OSDU_GCP_SERVICE-k8s"
+ # FIXME add value below to DEV2 pipeline
+ OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS_DEV2: "--set data.bootstrap_image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-partition:$CI_COMMIT_SHORT_SHA --set data.bootstrapServiceAccountName=$OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT --set conf.bootstrap_namespace=$OSDU_GCP_BOOTSTRAP_NAMESPACE"
OSDU_GCP_HELM_CONFIG_SERVICE: partition-config
OSDU_GCP_HELM_DEPLOYMENT_SERVICE: partition-deploy
@@ -58,6 +60,35 @@ include:
- project: "osdu/platform/ci-cd-pipelines"
file: "publishing/pages.yml"
+ - local: "/provider/partition-gcp/bootstrap/bootstrap_partition.yml"
+
+osdu-gcp-deploy-deployment:
+ variables:
+ OSDU_GCP_BOOTSTRAP_SERVICE: partition-bootstrap
+ needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-containerize-bootstrap-partition", "osdu-gcp-deploy-configmap"]
+ after_script:
+ - echo ----- Verify Bootstrap -----
+ - kubectl rollout status deployment.v1.apps/$OSDU_GCP_BOOTSTRAP_SERVICE -n $OSDU_GCP_HELM_NAMESPACE --timeout=900s
+ - POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_HELM_NAMESPACE | grep $OSDU_GCP_BOOTSTRAP_SERVICE | tail -1 | awk '{print $1}')
+ - STATUS=$(kubectl wait -n $OSDU_GCP_HELM_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s)
+ - echo $STATUS
+ - if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
+
+osdu-gcp-dev2-deploy-deployment:
+ variables:
+ OSDU_GCP_BOOTSTRAP_SERVICE: partition-bootstrap
+ OSDU_GCP_BOOTSTRAP_NAMESPACE: config
+ OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT: workload-gke-bootstrap-sa
+ needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-containerize-bootstrap-partition", "osdu-gcp-dev2-deploy-configmap"]
+ after_script:
+ - echo ----- Verify Bootstrap -----
+ - kubectl rollout status deployment.v1.apps/$OSDU_GCP_BOOTSTRAP_SERVICE -n $OSDU_GCP_BOOTSTRAP_NAMESPACE --timeout=900s
+ - POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_BOOTSTRAP_NAMESPACE | grep $OSDU_GCP_BOOTSTRAP_SERVICE | tail -1 | awk '{print $1}')
+ - STATUS=$(kubectl wait -n $OSDU_GCP_BOOTSTRAP_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s)
+ - echo $STATUS
+ - if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
+
+
osdu-gcp-test:
variables:
CLIENT_TENANT: osdu
diff --git a/NOTICE b/NOTICE
index 219064651..e4aab100b 100644
--- a/NOTICE
+++ b/NOTICE
@@ -13,8 +13,6 @@ The following software have components provided under the terms of this license:
========================================================================
Apache-1.1
========================================================================
-The following software have components provided under the terms of this license:
-
- Apache Commons CLI (from https://commons.apache.org/proper/commons-cli/, https://repo1.maven.org/maven2/commons-cli/commons-cli)
- Cobertura (from http://cobertura.sourceforge.net)
- Default Plexus Container (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-container-default)
@@ -291,7 +289,7 @@ The following software have components provided under the terms of this license:
- Adapter: RxJava (from https://repo1.maven.org/maven2/com/squareup/retrofit2/adapter-rxjava)
- Apache Ant + JUnit (from http://ant.apache.org/, https://ant.apache.org/)
- Apache Ant Core
-- Apache Ant Launcher (from http://ant.apache.org/)
+- Apache Ant Launcher (from http://ant.apache.org/, https://ant.apache.org/)
- Apache Commons BeanUtils (from http://commons.apache.org/proper/commons-beanutils/, https://repo1.maven.org/maven2/commons-beanutils/commons-beanutils)
- Apache Commons CLI (from https://commons.apache.org/proper/commons-cli/, https://repo1.maven.org/maven2/commons-cli/commons-cli)
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/, https://commons.apache.org/proper/commons-codec/)
@@ -671,8 +669,6 @@ The following software have components provided under the terms of this license:
========================================================================
CC-BY-2.5
========================================================================
-The following software have components provided under the terms of this license:
-
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
- MongoDB Java Driver (from http://mongodb.org/, http://www.mongodb.org)
@@ -686,15 +682,11 @@ CC-BY-4.0
========================================================================
CC0-1.0
========================================================================
-The following software have components provided under the terms of this license:
-
- reactive-streams (from http://www.reactive-streams.org/)
========================================================================
CDDL-1.0
========================================================================
-The following software have components provided under the terms of this license:
-
- Servlet Specification 2.5 API (from http://jetty.mortbay.org, https://repo1.maven.org/maven2/org/mortbay/jetty/servlet-api-2.5)
========================================================================
@@ -741,8 +733,6 @@ The following software have components provided under the terms of this license:
========================================================================
EPL-2.0
========================================================================
-The following software have components provided under the terms of this license:
-
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- JUnit Jupiter API (from http://junit.org/junit5/, https://junit.org/junit5/)
@@ -768,8 +758,6 @@ The following software have components provided under the terms of this license:
========================================================================
GPL-2.0-or-later
========================================================================
-The following software have components provided under the terms of this license:
-
- SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org)
========================================================================
@@ -788,8 +776,6 @@ The following software have components provided under the terms of this license:
========================================================================
GPL-3.0-only
========================================================================
-The following software have components provided under the terms of this license:
-
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
- Project Lombok (from http://projectlombok.org, https://projectlombok.org)
@@ -797,8 +783,6 @@ The following software have components provided under the terms of this license:
========================================================================
JSON
========================================================================
-The following software have components provided under the terms of this license:
-
- JSON in Java (from https://github.com/douglascrockford/JSON-java)
========================================================================
@@ -823,8 +807,6 @@ The following software have components provided under the terms of this license:
========================================================================
LGPL-2.1-or-later
========================================================================
-The following software have components provided under the terms of this license:
-
- Javassist (from http://www.javassist.org/)
- SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org)
@@ -894,24 +876,18 @@ The following software have components provided under the terms of this license:
========================================================================
MPL-1.1
========================================================================
-The following software have components provided under the terms of this license:
-
- Cobertura (from http://cobertura.sourceforge.net)
- Javassist (from http://www.javassist.org/)
========================================================================
MPL-2.0
========================================================================
-The following software have components provided under the terms of this license:
-
- Javassist (from http://www.javassist.org/)
- OkHttp (from https://repo1.maven.org/maven2/com/squareup/okhttp3/okhttp, https://square.github.io/okhttp/)
========================================================================
PHP-3.01
========================================================================
-The following software have components provided under the terms of this license:
-
- Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api, https://repo1.maven.org/maven2/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec)
@@ -931,8 +907,6 @@ The following software have components provided under the terms of this license:
========================================================================
SPL-1.0
========================================================================
-The following software have components provided under the terms of this license:
-
- Servlet Specification 2.5 API (from http://jetty.mortbay.org, https://repo1.maven.org/maven2/org/mortbay/jetty/servlet-api-2.5)
========================================================================
@@ -948,8 +922,6 @@ The following software have components provided under the terms of this license:
========================================================================
WTFPL
========================================================================
-The following software have components provided under the terms of this license:
-
- Reflections (from http://code.google.com/p/reflections/, http://github.com/ronmamo/reflections)
========================================================================
diff --git a/devops/gcp/configmap/templates/partition-bootstrap-configmap.yml b/devops/gcp/configmap/templates/partition-bootstrap-configmap.yml
new file mode 100644
index 000000000..957078c67
--- /dev/null
+++ b/devops/gcp/configmap/templates/partition-bootstrap-configmap.yml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ app: "{{ .Values.conf.bootstrap_name }}"
+ name: "{{ .Values.conf.bootstrap_configmap }}"
+ namespace: "{{ .Values.conf.bootstrap_namespace }}"
+data:
+ PARTITION_NAME: "{{ .Values.conf.app_name }}"
+ PROJECT_ID: "{{ .Values.data.project_id }}"
+ DATA_PARTITION_ID: "{{ .Values.data.data_partition_id }}"
+ {{- if .Values.conf.on_prem_enabled }}
+ DOMAIN: "{{ .Values.data.domain }}"
+ ENVIRONMENT: "{{ .Values.data.environment }}"
+ CLIENT_ID: "{{ .Values.data.client_id }}"
+ {{- else }}
+ AUDIENCES: "{{ .Values.data.google_audiences }}"
+ DATAFIER_SA: "{{ .Values.data.datafier_sa }}"
+ {{- end }}
diff --git a/devops/gcp/configmap/templates/partition-variables.yml b/devops/gcp/configmap/templates/partition-variables.yml
index 3d2d9ee6a..0904a5919 100644
--- a/devops/gcp/configmap/templates/partition-variables.yml
+++ b/devops/gcp/configmap/templates/partition-variables.yml
@@ -12,7 +12,7 @@ data:
PARTITION_PROPERTY_KIND: "{{ .Values.data.partition_property_kind }}"
PARTITION_NAMESPACE: "{{ .Values.data.partition_namespace }}"
{{- else }}
- GOOGLE_CLOUD_PROJECT: "{{ .Values.data.google_cloud_project }}"
+ GOOGLE_CLOUD_PROJECT: "{{ .Values.data.project_id }}"
PARTITION_ADMIN_ACCOUNTS: "{{ .Values.data.partition_admin_accounts }}"
GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}"
SERVICE_ACCOUNT_TAIL: "{{ .Values.data.service_account_tail }}"
diff --git a/devops/gcp/configmap/values.yaml b/devops/gcp/configmap/values.yaml
index 37d60cdb6..645a7f949 100644
--- a/devops/gcp/configmap/values.yaml
+++ b/devops/gcp/configmap/values.yaml
@@ -1,5 +1,5 @@
data:
- google_cloud_project: ""
+ project_id: ""
partition_admin_accounts: ""
google_audiences: ""
log_level: "INFO"
@@ -7,8 +7,19 @@ data:
partition_property_kind: ""
partition_namespace: ""
spring_profiles_active: "gcp"
+ # bootstrap common
+ data_partition_id: ""
+ datafier_sa: "datafier"
+ # bootstrap variables onprem
+ domain: ""
+ environment: ""
+ client_id: ""
conf:
configmap: "partition-config"
app_name: "partition"
+ # bootstrap common
+ bootstrap_name: "partition-bootstrap"
+ bootstrap_configmap: "partition-bootstrap-configmap"
+ bootstrap_namespace: "default"
on_prem_enabled: false
diff --git a/devops/gcp/deploy/templates/partition-bootstrap-deployment.yml b/devops/gcp/deploy/templates/partition-bootstrap-deployment.yml
new file mode 100644
index 000000000..ed08574a6
--- /dev/null
+++ b/devops/gcp/deploy/templates/partition-bootstrap-deployment.yml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ .Values.conf.bootstrap_name }}"
+ namespace: "{{ .Values.conf.bootstrap_namespace }}"
+ annotations:
+ rollme: {{ randAlphaNum 5 | quote }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: "{{ .Values.conf.bootstrap_name }}"
+ template:
+ metadata:
+ labels:
+ app: "{{ .Values.conf.bootstrap_name }}"
+ annotations:
+ rollme: {{ randAlphaNum 5 | quote }}
+ spec:
+ containers:
+ - image: "{{ .Values.data.bootstrap_image }}"
+ name: "{{ .Values.conf.bootstrap_name }}"
+ envFrom:
+ - configMapRef:
+ name: "{{ .Values.conf.bootstrap_configmap }}"
+ resources:
+ requests:
+ cpu: "{{ .Values.data.bootstrap_requests_cpu }}"
+ memory: "{{ .Values.data.bootstrap_requests_memory }}"
+ limits:
+ cpu: "{{ .Values.data.bootstrap_limits_cpu }}"
+ memory: "{{ .Values.data.bootstrap_limits_memory }}"
+ restartPolicy: Always
+ serviceAccountName: "{{ .Values.data.bootstrapServiceAccountName }}"
diff --git a/devops/gcp/deploy/templates/service-account-bootstrap.yml b/devops/gcp/deploy/templates/service-account-bootstrap.yml
new file mode 100644
index 000000000..ca7afb515
--- /dev/null
+++ b/devops/gcp/deploy/templates/service-account-bootstrap.yml
@@ -0,0 +1,7 @@
+{{- if .Values.conf.on_prem_enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: "{{ .Values.data.bootstrapServiceAccountName }}"
+ namespace: "{{ .Values.conf.bootstrap_namespace }}"
+{{- end }}
diff --git a/devops/gcp/deploy/values.yaml b/devops/gcp/deploy/values.yaml
index 1891b1454..b12ca22c3 100644
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -10,11 +10,22 @@ data:
serviceAccountName: ""
imagePullPolicy: "IfNotPresent"
image: ""
+ # bootstrap common
+ bootstrap_requests_cpu: "0.03"
+ bootstrap_requests_memory: "120M"
+ bootstrap_limits_cpu: "0.1"
+ bootstrap_limits_memory: "200M"
+ bootstrap_image: ""
+ bootstrapServiceAccountName: "partition-bootstrap"
conf:
configmap: "partition-config"
secret: "partition-postgres-secret"
app_name: "partition"
+ # bootstrap common
+ bootstrap_name: "partition-bootstrap"
+ bootstrap_configmap: "partition-bootstrap-configmap"
+ bootstrap_namespace: "default"
on_prem_enabled: false
namespacePolicy:
diff --git a/provider/partition-gcp/bootstrap/Dockerfile b/provider/partition-gcp/bootstrap/Dockerfile
new file mode 100644
index 000000000..8cc1b8cb3
--- /dev/null
+++ b/provider/partition-gcp/bootstrap/Dockerfile
@@ -0,0 +1,9 @@
+FROM google/cloud-sdk:slim
+
+COPY ./provider/partition-gcp/bootstrap/bootstrap_partition.sh ./opt
+
+ENV PREFIX=$(pwd)
+
+RUN chmod 775 /opt/bootstrap_partition.sh
+
+CMD ["/bin/bash", "-c", "source /opt/bootstrap_partition.sh && sleep 365d"]
diff --git a/provider/partition-gcp/bootstrap/bootstrap_partition.sh b/provider/partition-gcp/bootstrap/bootstrap_partition.sh
new file mode 100644
index 000000000..9e446af02
--- /dev/null
+++ b/provider/partition-gcp/bootstrap/bootstrap_partition.sh
@@ -0,0 +1,192 @@
+#!/usr/bin/env bash
+
+set -ex
+
+DATA_PARTITION_ID_UPPER=${DATA_PARTITION_ID^^}
+
+generate_post_data()
+{
+ cat <<EOF
+{
+ "properties": {
+ "projectId": {
+ "sensitive": false,
+ "value": "${PROJECT_ID}"
+ },
+ "serviceAccount": {
+ "sensitive": false,
+ "value": "${SERVICEACCOUNT}"
+ },
+ "complianceRuleSet": {
+ "sensitive": false,
+ "value": "shared"
+ },
+ "dataPartitionId": {
+ "sensitive": false,
+ "value": "${DATA_PARTITION_ID}"
+ },
+ "name": {
+ "sensitive": false,
+ "value": "${DATA_PARTITION_ID}"
+ },
+ "policy-service-enabled": {
+ "sensitive": false,
+ "value": "false"
+ },
+ "bucket": {
+ "sensitive": false,
+ "value": "${PROJECT_ID}-records"
+ },
+ "crmAccountID": {
+ "sensitive": false,
+ "value": "[${DATA_PARTITION_ID},${DATA_PARTITION_ID}]"
+ },
+ "osm.postgres.datasource.url": {
+ "sensitive": true,
+ "value": "POSTGRES_DATASOURCE_URL_${DATA_PARTITION_ID_UPPER}"
+ },
+ "osm.postgres.datasource.username": {
+ "sensitive": true,
+ "value": "POSTGRES_DB_USERNAME_${DATA_PARTITION_ID_UPPER}"
+ },
+ "osm.postgres.datasource.password": {
+ "sensitive": true,
+ "value": "POSTGRES_DB_PASSWORD_${DATA_PARTITION_ID_UPPER}"
+ },
+ "obm.minio.endpoint": {
+ "sensitive": false,
+ "value": "http://minio:9000"
+ },
+ "file.minio.endpoint": {
+ "sensitive": false,
+ "value": "https://s3.${DOMAIN}"
+ },
+ "obm.minio.accessKey": {
+ "sensitive": true,
+ "value": "MINIO_ACCESS_KEY"
+ },
+ "obm.minio.secretKey": {
+ "sensitive": true,
+ "value": "MINIO_SECRET_KEY"
+ },
+ "oqm.rabbitmq.amqp.host": {
+ "sensitive": false,
+ "value": "rabbitmq"
+ },
+ "oqm.rabbitmq.amqp.port": {
+ "sensitive": false,
+ "value": "5672"
+ },
+ "oqm.rabbitmq.amqp.path": {
+ "sensitive": false,
+ "value": ""
+ },
+ "oqm.rabbitmq.amqp.username": {
+ "sensitive": true,
+ "value": "RABBITMQ_ADMIN_USERNAME"
+ },
+ "oqm.rabbitmq.amqp.password": {
+ "sensitive": true,
+ "value": "RABBITMQ_ADMIN_PASSWORD"
+ },
+
+ "oqm.rabbitmq.admin.schema": {
+ "sensitive": false,
+ "value": "http"
+ },
+ "oqm.rabbitmq.admin.host": {
+ "sensitive": false,
+ "value": "rabbitmq"
+ },
+ "oqm.rabbitmq.admin.port": {
+ "sensitive": false,
+ "value": "15672"
+ },
+ "oqm.rabbitmq.admin.path": {
+ "sensitive": false,
+ "value": "/api"
+ },
+ "oqm.rabbitmq.admin.username": {
+ "sensitive": true,
+ "value": "RABBITMQ_ADMIN_USERNAME"
+ },
+ "oqm.rabbitmq.admin.password": {
+ "sensitive": true,
+ "value": "RABBITMQ_ADMIN_PASSWORD"
+ },
+ "elasticsearch.host": {
+ "sensitive": true,
+ "value": "ELASTIC_HOST_${DATA_PARTITION_ID_UPPER}"
+ },
+ "elasticsearch.port": {
+ "sensitive": true,
+ "value": "ELASTIC_PORT_${DATA_PARTITION_ID_UPPER}"
+ },
+ "elasticsearch.user": {
+ "sensitive": true,
+ "value": "ELASTIC_USER_${DATA_PARTITION_ID_UPPER}"
+ },
+ "elasticsearch.password": {
+ "sensitive": true,
+ "value": "ELASTIC_PASS_${DATA_PARTITION_ID_UPPER}"
+ }
+ }
+}
+EOF
+}
+
+echo "sleep to prevent 500 response from the partition service, due to timeout of creation for Workload Identity"
+sleep 20
+
+if [ "$ENVIRONMENT" == "anthos" ]
+then
+
+ SERVICEACCOUNT=$CLIENT_ID@service.local
+
+ status_code=$(curl -X POST \
+ --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+ -H "Content-Type: application/json" \
+ --data-raw "$(generate_post_data)")
+
+ if [ "$status_code" == 201 ]
+ then
+ echo "partition bootstrap was OK!"
+ elif [ "$status_code" == 409 ]
+ then
+ curl -X PATCH \
+ --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+ -H "Content-Type: application/json" \
+ --data-raw "$(generate_post_data)"
+ echo "partition was patched because datastore has already had some entities!"
+ else
+ exit 1
+ fi
+
+elif [ "$ENVIRONMENT" == "" ]
+then
+
+ IDENTITY_TOKEN=$(gcloud auth print-identity-token --audiences="${AUDIENCES}")
+
+ SERVICEACCOUNT=${DATAFIER_SA}@${PROJECT_ID}.iam.gserviceaccount.com
+
+ status_code=$(curl -X POST \
+ --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+ -H "Authorization: Bearer ${IDENTITY_TOKEN}" \
+ -H "Content-Type: application/json" \
+ --data-raw "$(generate_post_data)")
+
+ if [ "$status_code" == 201 ]
+ then
+ echo "partition bootstrap was OK!"
+ elif [ "$status_code" == 409 ]
+ then
+ curl -X PATCH \
+ --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+ -H "Authorization: Bearer ${IDENTITY_TOKEN}" \
+ -H "Content-Type: application/json" \
+ --data-raw "$(generate_post_data)"
+ echo "partition was patched because datastore has already had some entities!"
+ else
+ exit 1
+ fi
+fi
diff --git a/provider/partition-gcp/bootstrap/bootstrap_partition.yml b/provider/partition-gcp/bootstrap/bootstrap_partition.yml
new file mode 100644
index 000000000..fae6866ee
--- /dev/null
+++ b/provider/partition-gcp/bootstrap/bootstrap_partition.yml
@@ -0,0 +1,18 @@
+osdu-gcp-containerize-bootstrap-partition:
+ stage: containerize
+ needs: ["compile-and-unit-test"]
+ image: docker:19.03.15
+ tags: ["osdu-small"]
+ services:
+ - docker:20.10.7-dind
+ variables:
+ IMAGE_NAME: osdu-gcp-bootstrap-partition
+ script:
+ # Gitlab Container Registry
+ - export EXTRA_DOCKER_TAG=""; if [ "$CI_COMMIT_TAG" != "" ] ; then EXTRA_DOCKER_TAG="-t $CI_REGISTRY_IMAGE/$IMAGE_NAME:$CI_COMMIT_TAG" ; elif [ "$CI_COMMIT_REF_NAME" = "master" ] ; then EXTRA_DOCKER_TAG="-t $CI_REGISTRY_IMAGE/$IMAGE_NAME:latest" ; fi
+ - docker build -t $CI_REGISTRY_IMAGE/$IMAGE_NAME:$CI_COMMIT_SHORT_SHA $EXTRA_DOCKER_TAG --file provider/partition-gcp/bootstrap/Dockerfile .
+ - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+ - docker push $CI_REGISTRY_IMAGE/$IMAGE_NAME
+ rules:
+ - if: "$OSDU_GCP == 'true'"
+ when: on_success
--
GitLab