From 8a0ccbe9c45ba013d06a6b5189500354a82dc7f2 Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Wed, 11 Sep 2024 14:58:35 -0700 Subject: [PATCH] chore: gateway --- crunchydb/charts/crunchy-postgres/values.yaml | 2 +- gateway/README.md | 81 +++++++++++++++++++ gateway/strdata-dev.yaml | 57 +++++++++++++ 3 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 gateway/README.md create mode 100644 gateway/strdata-dev.yaml diff --git a/crunchydb/charts/crunchy-postgres/values.yaml b/crunchydb/charts/crunchy-postgres/values.yaml index b19fe458..6a00d299 100644 --- a/crunchydb/charts/crunchy-postgres/values.yaml +++ b/crunchydb/charts/crunchy-postgres/values.yaml @@ -1,7 +1,7 @@ fullnameOverride: strdss-db # crunchyImage: # it's not necessary to specify an image as the images specified in the Crunchy Postgres Operator will be pulled by default -crunchyImage: artifacts.developer.gov.bc.ca/bcgov-docker-local/crunchy-postgres-gis:ubi8-15.2-3.3-0 # use this image for POSTGIS +crunchyImage: artifacts.developer.gov.bc.ca/bcgov-docker-local/crunchy-postgres-gis:ubi8-15.6-3.3-0 # use this image for POSTGIS postgresVersion: 15 postGISVersion: '3.3' # use this version of POSTGIS. both crunchyImage and this property needs to have valid values for POSTGIS to be enabled. imagePullPolicy: IfNotPresent diff --git a/gateway/README.md b/gateway/README.md new file mode 100644 index 00000000..04d835f5 --- /dev/null +++ b/gateway/README.md @@ -0,0 +1,81 @@ +# KONG API Service Portal Setup + +The public API is accessible at + +* DEV: https://dev.strdata.api.gov.bc.ca +* UAT: https://test.strdata.api.gov.bc.ca +* PROD: https://strdata.api.gov.bc.ca + +API access is controlled via Kong, administered via the BC Gov API Programme Services API Gateway. +**Kong configuration is not updated via Github Actions, and must be updated manually when there are changes.** + +For an overview of the API Gateway update process, see: +https://bcgov.github.io/aps-infra-platform/guides/owner-journey-v1/ + + +## Publication + +### Prerequisites +1. In the API Services Portal (https://api.gov.bc.ca/), the namespace strdata has already been created. +2. In the namespace, authorization profile has been created as follows: + * Flow: Client Credential Flow, using Client ID and Secret + * Mode: Automatic + * Client Mappers (Audience): gateway-awp + + +### Publication + + +1. Log into https://api.gov.bc.ca/ +2. Select the strdata namespace +3. Create a service account with `GatewayConfig.Publish` scope and note down the client id and client secret +4. Download the GWA CLI from https://github.com/bcgov/gwa-cli/releases +5. In command prompt run the following commands (the first command create a .env file locally, which will need to be deleted if you need to create one for the other environment): + + ```sh + gwa config set host api.gov.bc.ca + gwa config set --namespace strdata + + export SCID="<>" + export SCSC="<>" + export SURL="https://authz.apps.gov.bc.ca/auth/realms/aps/protocol/openid-connect/token" + + gwa login --client-id $SCID --client-secret $SCSC + gwa pg strdata-{env}.yaml + ``` +5. (optional for Windows GWA) In command prompt of Windows run the following commands (the first command create a .env file locally, which will need to be deleted if you need to create one for the other environment): + + ```sh + gwa config set host api.gov.bc.ca + gwa config set --namespace strdata + gwa login --client-id "<>" --client-secret "<>" + gwa pg strdata-{env}.yaml + ``` +6. Check the Gateway in the API Service Portal to make sure that the routes have been published +7. Create a dataset if it doesn't exist. + + https://bcgov.github.io/aps-infra-platform/guides/owner-journey-v1/#91-setup-your-draft-dataset + + ``` + { + "name": "strdata-dataset", + "license_title": "Open Government Licence - British Columbia", + "security_class": "PUBLIC", + "view_audience": "Public", + "download_audience": "Public", + "record_publish_date": "2024-09-11", + "notes": "Short-Term Rental Data API Services", + "title": "Short-Term Rental Data API Services", + "tags": [ + "openapi", + "standards" + ], + "organization": "ministry-of-housing", + "organizationUnit": "planning-and-land-use-management" + } + ``` + +8. Create a product if it doesn't exist. + +### Consumer Request & Approval + diff --git a/gateway/strdata-dev.yaml b/gateway/strdata-dev.yaml new file mode 100644 index 00000000..46cb14bb --- /dev/null +++ b/gateway/strdata-dev.yaml @@ -0,0 +1,57 @@ +services: +- name: strdata + host: strdss-dev-backend.b0471a-dev.svc + tags: [ns.strdata] + port: 8080 + protocol: http + retries: 0 + routes: + - name: strdata + tags: [ns.strdata] + hosts: + - dev.strdata.api.gov.bc.ca + methods: + - GET + paths: [/api/organizations/types] + strip_path: false + https_redirect_status_code: 426 + path_handling: v0 + request_buffering: true + response_buffering: true + plugins: + - name: jwt-keycloak + tags: [ns.strdata] + enabled: true + config: + allowed_iss: + - https://loginproxy.gov.bc.ca/auth/realms/apigw + allowed_aud: gateway-strdata + run_on_preflight: true + iss_key_grace_period: 10 + maximum_expiration: 0 + algorithm: RS256 + claims_to_verify: + - exp + uri_param_names: + - jwt + cookie_names: [] + scope: + roles: + realm_roles: + client_roles: + anonymous: + consumer_match: true + consumer_match_claim: azp + consumer_match_claim_custom_id: true + consumer_match_ignore_not_found: false + - name: request-transformer + tags: [ns.strdata] + enabled: true + config: + http_method: + - name: kong-upstream-jwt + enabled: true + tags: [ns.strdata] + config: + header: GW-JWT + include_credential_type: false