From 7b662c92852aa23b915a539e800e9cc72da4f642 Mon Sep 17 00:00:00 2001 From: Darrel Siegle Date: Tue, 26 Nov 2024 13:09:53 -0800 Subject: [PATCH 1/3] ci: added test/prod urls to zap-scan --- .github/workflows/zap-scan.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/zap-scan.yml b/.github/workflows/zap-scan.yml index d760a99..888b6eb 100644 --- a/.github/workflows/zap-scan.yml +++ b/.github/workflows/zap-scan.yml @@ -8,7 +8,8 @@ on: description: The Target URL options: - https://bc-emli-pin-mgmt-be-c82b4c-dev.apps.silver.devops.gov.bc.ca/ - - https://bc-emli-pin-mgmt-fe-c82b4c-dev.apps.silver.devops.gov.bc.ca/home + - https://bc-emli-pin-mgmt-be-c82b4c-test.apps.silver.devops.gov.bc.ca/ + - https://bc-emli-pin-mgmt-prod-be.apps.silver.devops.gov.bc.ca/ jobs: zap-scan: From 6ea4311661d5cd2dde6f99a309a96ad6e922fe9b Mon Sep 17 00:00:00 2001 From: Darrel Siegle Date: Wed, 4 Dec 2024 11:16:54 -0800 Subject: [PATCH 2/3] chore: added old deploy-configs and new deployments for tools --- openshift/tools/clamav-dc.yaml | 113 +++++++++++++++++ openshift/tools/clamav-deployment.yml | 59 +++++++++ openshift/tools/metabase-dc.yaml | 147 ++++++++++++++++++++++ openshift/tools/metabase-deployment.yml | 88 +++++++++++++ openshift/tools/vhers-scan-dc.yaml | 146 +++++++++++++++++++++ openshift/tools/vhers-scan-deployment.yml | 86 +++++++++++++ 6 files changed, 639 insertions(+) create mode 100644 openshift/tools/clamav-dc.yaml create mode 100644 openshift/tools/clamav-deployment.yml create mode 100644 openshift/tools/metabase-dc.yaml create mode 100644 openshift/tools/metabase-deployment.yml create mode 100644 openshift/tools/vhers-scan-dc.yaml create mode 100644 openshift/tools/vhers-scan-deployment.yml diff --git a/openshift/tools/clamav-dc.yaml b/openshift/tools/clamav-dc.yaml new file mode 100644 index 0000000..cfeb3da --- /dev/null +++ b/openshift/tools/clamav-dc.yaml @@ -0,0 +1,113 @@ +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"apps.openshift.io/v1","kind":"DeploymentConfig","metadata":{"annotations":{},"generation":1,"labels":{"app":"clamav"},"name":"clamav","namespace":"c82b4c-tools"},"spec":{"replicas":1,"selector":{"app":"clamav","deploymentconfig":"clamav"},"strategy":{"activeDeadlineSeconds":21600,"type":"Rolling"},"template":{"metadata":{"annotations":{"openshift.io/generated-by":"OpenShiftWebConsole"},"labels":{"app":"clamav","deploymentconfig":"clamav"}},"spec":{"containers":[{"image":"clamav-prod:dev","imagePullPolicy":"Always","livenessProbe":{"failureThreshold":3,"initialDelaySeconds":240,"periodSeconds":10,"successThreshold":1,"tcpSocket":{"port":3310},"timeoutSeconds":3},"name":"clamav","ports":[{"containerPort":3310,"protocol":"TCP"}],"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":240,"periodSeconds":10,"successThreshold":1,"tcpSocket":{"port":3310},"timeoutSeconds":3},"resources":{"limits":{"cpu":"1100m","memory":"2G"},"requests":{"cpu":"100m","memory":"500M"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}},"test":false,"triggers":[{"imageChangeParams":{"automatic":true,"containerNames":["clamav"],"from":{"kind":"ImageStreamTag","name":"clamav-prod:dev"}},"type":"ImageChange"},{"type":"ConfigChange"}]}} + creationTimestamp: "2023-12-05T03:58:20Z" + generation: 5 + labels: + app: clamav + name: clamav + namespace: c82b4c-tools + resourceVersion: "12445541918" + uid: 00cb6ab0-9418-4292-9e2d-0f8ab0633de0 +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + app: clamav + deploymentconfig: clamav + strategy: + activeDeadlineSeconds: 21600 + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + annotations: + openshift.io/generated-by: OpenShiftWebConsole + creationTimestamp: null + labels: + app: clamav + deploymentconfig: clamav + spec: + containers: + - image: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/clamav-prod@sha256:d6bf226eb34f7095c022e66d2882229f2eada38d515bc4c12a218253a2af920c + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 240 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3310 + timeoutSeconds: 3 + name: clamav + ports: + - containerPort: 3310 + protocol: TCP + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 240 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3310 + timeoutSeconds: 3 + resources: + limits: + cpu: 1100m + memory: 2G + requests: + cpu: 100m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + test: false + triggers: + - imageChangeParams: + automatic: true + containerNames: + - clamav + from: + kind: ImageStreamTag + name: clamav-prod:dev + namespace: c82b4c-tools + lastTriggeredImage: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/clamav-prod@sha256:d6bf226eb34f7095c022e66d2882229f2eada38d515bc4c12a218253a2af920c + type: ImageChange + - type: ConfigChange +status: + availableReplicas: 1 + conditions: + - lastTransitionTime: "2023-12-05T23:48:19Z" + lastUpdateTime: "2023-12-05T23:48:19Z" + message: replication controller "clamav-1" successfully rolled out + reason: NewReplicationControllerAvailable + status: "True" + type: Progressing + - lastTransitionTime: "2024-12-03T21:03:04Z" + lastUpdateTime: "2024-12-03T21:03:04Z" + message: Deployment config has minimum availability. + status: "True" + type: Available + details: + causes: + - type: ConfigChange + message: config change + latestVersion: 1 + observedGeneration: 5 + readyReplicas: 1 + replicas: 1 + unavailableReplicas: 0 + updatedReplicas: 1 diff --git a/openshift/tools/clamav-deployment.yml b/openshift/tools/clamav-deployment.yml new file mode 100644 index 0000000..05f48a9 --- /dev/null +++ b/openshift/tools/clamav-deployment.yml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: clamav + namespace: c82b4c-tools + labels: + app: clamav + annotations: + openshift.io/generated-by: OpenShiftWebConsole +spec: + replicas: 1 + selector: + matchLabels: + app: clamav + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + template: + metadata: + labels: + app: clamav + spec: + containers: + - name: clamav + image: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/clamav-prod@sha256:d6bf226eb34f7095c022e66d2882229f2eada38d515bc4c12a218253a2af920c + imagePullPolicy: Always + ports: + - containerPort: 3310 + protocol: TCP + livenessProbe: + tcpSocket: + port: 3310 + initialDelaySeconds: 240 + periodSeconds: 10 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + tcpSocket: + port: 3310 + initialDelaySeconds: 240 + periodSeconds: 10 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + cpu: 1100m + memory: 2G + requests: + cpu: 100m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/openshift/tools/metabase-dc.yaml b/openshift/tools/metabase-dc.yaml new file mode 100644 index 0000000..97a30e1 --- /dev/null +++ b/openshift/tools/metabase-dc.yaml @@ -0,0 +1,147 @@ +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"apps.openshift.io/v1","kind":"DeploymentConfig","metadata":{"annotations":{},"labels":{"app":"metabase","app.kubernetes.io/component":"metabase","app.kubernetes.io/instance":"metabase","app.kubernetes.io/managed-by":"template","app.kubernetes.io/name":"java","app.kubernetes.io/part-of":"metabase","template":"metabase-dc-template"},"name":"metabase","namespace":"c82b4c-tools"},"spec":{"replicas":1,"revisionHistoryLimit":10,"selector":{"app":"metabase","deploymentconfig":"metabase"},"strategy":{"resources":{},"type":"Recreate"},"template":{"metadata":{"labels":{"app":"metabase","deploymentconfig":"metabase"},"name":"metabase"},"spec":{"containers":[{"env":[{"name":"MB_DB_FILE","value":"/app/data/metabase.db"},{"name":"MB_DB_TYPE","value":"h2"},{"name":"MB_ENCRYPTION_SECRET_KEY","valueFrom":{"secretKeyRef":{"key":"database-password","name":"metabase-secret"}}},{"name":"MB_JETTY_HOST","value":"0.0.0.0"},{"name":"MB_PASSWORD_COMPLEXITY","value":"strong"}],"image":"image-registry.openshift-image-registry.svc:5000/c82b4c-tools/metabase:latest","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"tcpSocket":{"port":3000},"timeoutSeconds":1},"name":"metabase","ports":[{"containerPort":3000,"protocol":"TCP"}],"readinessProbe":{"failureThreshold":3,"httpGet":{"path":"/","port":3000},"initialDelaySeconds":10,"timeoutSeconds":1},"resources":{"limits":{"cpu":"500m","memory":"1.5Gi"},"requests":{"cpu":"50m","memory":"768Mi"}},"startupProbe":{"failureThreshold":12,"tcpSocket":{"port":3000},"timeoutSeconds":1},"volumeMounts":[{"mountPath":"/app/data","name":"data"}]}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","volumes":[{"name":"data","persistentVolumeClaim":{"claimName":"metabase"}}]}},"test":false,"triggers":[{"type":"ConfigChange"},{"imageChangeParams":{"automatic":true,"containerNames":["metabase"],"from":{"kind":"ImageStreamTag","name":"metabase:latest","namespace":"c82b4c-tools"}},"type":"ImageChange"}]}} + creationTimestamp: "2023-12-01T17:09:26Z" + generation: 6 + labels: + app: metabase + app.kubernetes.io/component: metabase + app.kubernetes.io/instance: metabase + app.kubernetes.io/managed-by: template + app.kubernetes.io/name: java + app.kubernetes.io/part-of: metabase + template: metabase-dc-template + name: metabase + namespace: c82b4c-tools + resourceVersion: "12455589376" + uid: 431b4be1-fe05-404c-8ef6-baa4ac41c5cd +spec: + replicas: 0 + revisionHistoryLimit: 10 + selector: + app: metabase + deploymentconfig: metabase + strategy: + activeDeadlineSeconds: 21600 + recreateParams: + timeoutSeconds: 600 + resources: {} + type: Recreate + template: + metadata: + creationTimestamp: null + labels: + app: metabase + deploymentconfig: metabase + name: metabase + spec: + containers: + - env: + - name: MB_DB_FILE + value: /app/data/metabase.db + - name: MB_DB_TYPE + value: h2 + - name: MB_ENCRYPTION_SECRET_KEY + valueFrom: + secretKeyRef: + key: database-password + name: metabase-secret + - name: MB_JETTY_HOST + value: 0.0.0.0 + - name: MB_PASSWORD_COMPLEXITY + value: strong + image: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/metabase@sha256:20872f1178bd03bdf7aff90e742b6e524467cd9bf95d834a2fa944c7ebc21eae + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3000 + timeoutSeconds: 1 + name: metabase + ports: + - containerPort: 3000 + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 500m + memory: 1536Mi + requests: + cpu: 50m + memory: 768Mi + startupProbe: + failureThreshold: 12 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3000 + timeoutSeconds: 1 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /app/data + name: data + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: metabase + test: false + triggers: + - type: ConfigChange + - imageChangeParams: + automatic: true + containerNames: + - metabase + from: + kind: ImageStreamTag + name: metabase:latest + namespace: c82b4c-tools + lastTriggeredImage: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/metabase@sha256:20872f1178bd03bdf7aff90e742b6e524467cd9bf95d834a2fa944c7ebc21eae + type: ImageChange +status: + availableReplicas: 0 + conditions: + - lastTransitionTime: "2023-12-01T22:05:24Z" + lastUpdateTime: "2023-12-01T22:06:31Z" + message: replication controller "metabase-2" successfully rolled out + reason: NewReplicationControllerAvailable + status: "True" + type: Progressing + - lastTransitionTime: "2024-12-04T18:22:08Z" + lastUpdateTime: "2024-12-04T18:22:08Z" + message: Deployment config does not have minimum availability. + status: "False" + type: Available + details: + causes: + - imageTrigger: + from: + kind: DockerImage + name: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/metabase@sha256:20872f1178bd03bdf7aff90e742b6e524467cd9bf95d834a2fa944c7ebc21eae + type: ImageChange + message: image change + latestVersion: 2 + observedGeneration: 6 + replicas: 0 + unavailableReplicas: 0 + updatedReplicas: 0 diff --git a/openshift/tools/metabase-deployment.yml b/openshift/tools/metabase-deployment.yml new file mode 100644 index 0000000..1eafe7c --- /dev/null +++ b/openshift/tools/metabase-deployment.yml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metabase + namespace: c82b4c-tools + labels: + app: metabase + app.kubernetes.io/component: metabase + app.kubernetes.io/instance: metabase + app.kubernetes.io/managed-by: template + app.kubernetes.io/name: java + app.kubernetes.io/part-of: metabase + template: metabase-dc-template +spec: + replicas: 1 + selector: + matchLabels: + app: metabase + strategy: + type: Recreate + template: + metadata: + labels: + app: metabase + spec: + containers: + - name: metabase + image: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/metabase@sha256:20872f1178bd03bdf7aff90e742b6e524467cd9bf95d834a2fa944c7ebc21eae + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3000 + protocol: TCP + env: + - name: MB_DB_FILE + value: /app/data/metabase.db + - name: MB_DB_TYPE + value: h2 + - name: MB_ENCRYPTION_SECRET_KEY + valueFrom: + secretKeyRef: + key: database-password + name: metabase-secret + - name: MB_JETTY_HOST + value: 0.0.0.0 + - name: MB_PASSWORD_COMPLEXITY + value: strong + livenessProbe: + tcpSocket: + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + startupProbe: + tcpSocket: + port: 3000 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 12 + resources: + limits: + cpu: 500m + memory: 1536Mi + requests: + cpu: 50m + memory: 768Mi + volumeMounts: + - mountPath: /app/data + name: data + volumes: + - name: data + persistentVolumeClaim: + claimName: metabase + dnsPolicy: ClusterFirst + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/openshift/tools/vhers-scan-dc.yaml b/openshift/tools/vhers-scan-dc.yaml new file mode 100644 index 0000000..9f0f0a8 --- /dev/null +++ b/openshift/tools/vhers-scan-dc.yaml @@ -0,0 +1,146 @@ +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"apps.openshift.io/v1","kind":"DeploymentConfig","metadata":{"annotations":{},"generation":1,"labels":{"app":"vhers-virus-scan"},"name":"vhers-virus-scan","namespace":"c82b4c-tools"},"spec":{"replicas":1,"selector":{"app":"vhers-virus-scan","deploymentconfig":"vhers-virus-scan"},"strategy":{"activeDeadlineSeconds":21600,"type":"Rolling"},"template":{"metadata":{"annotations":{"openshift.io/generated-by":"OpenShiftWebConsole"},"labels":{"app":"vhers-virus-scan","deploymentconfig":"vhers-virus-scan"}},"spec":{"containers":[{"env":[{"name":"DB_HOST","valueFrom":{"secretKeyRef":{"key":"app-db-hostname-prod","name":"patroni-ha-postgres-instance"}}},{"name":"DB_PORT","valueFrom":{"secretKeyRef":{"key":"app-db-port-prod","name":"patroni-ha-postgres-instance"}}},{"name":"DB_NAME","valueFrom":{"secretKeyRef":{"key":"app-db-name-prod","name":"patroni-ha-postgres-instance"}}},{"name":"DB_USERNAME","valueFrom":{"secretKeyRef":{"key":"app-db-username-prod","name":"patroni-ha-postgres-instance"}}},{"name":"DB_PASSWORD","valueFrom":{"secretKeyRef":{"key":"app-db-password-prod","name":"patroni-ha-postgres-instance"}}}],"image":"vhers-virus-scan-tools:latest","imagePullPolicy":"Always","livenessProbe":{"failureThreshold":3,"initialDelaySeconds":240,"periodSeconds":10,"successThreshold":1,"tcpSocket":{"port":3500},"timeoutSeconds":3},"name":"vhers-virus-scan","ports":[{"containerPort":3500,"protocol":"TCP"}],"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":240,"periodSeconds":10,"successThreshold":1,"tcpSocket":{"port":3500},"timeoutSeconds":3},"resources":{"limits":{"cpu":"500m","memory":"2G"},"requests":{"cpu":"100m","memory":"500M"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}},"test":false,"triggers":[{"imageChangeParams":{"automatic":true,"containerNames":["vhers-virus-scan"],"from":{"from":null,"kind":"ImageStreamTag","name":"vhers-virus-scan-tools:latest"}},"type":"ImageChange"},{"type":"ConfigChange"}]}} + creationTimestamp: "2023-12-06T18:59:56Z" + generation: 40 + labels: + app: vhers-virus-scan + name: vhers-virus-scan + namespace: c82b4c-tools + resourceVersion: "12445889798" + uid: b9d1eb2b-1c55-49b0-ae9a-892976df908b +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + app: vhers-virus-scan + deploymentconfig: vhers-virus-scan + strategy: + activeDeadlineSeconds: 21600 + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + annotations: + openshift.io/generated-by: OpenShiftWebConsole + creationTimestamp: null + labels: + app: vhers-virus-scan + deploymentconfig: vhers-virus-scan + spec: + containers: + - env: + - name: DB_HOST + valueFrom: + secretKeyRef: + key: app-db-hostname-prod + name: patroni-ha-postgres-instance + - name: DB_PORT + valueFrom: + secretKeyRef: + key: app-db-port-prod + name: patroni-ha-postgres-instance + - name: DB_NAME + valueFrom: + secretKeyRef: + key: app-db-name-prod + name: patroni-ha-postgres-instance + - name: DB_USERNAME + valueFrom: + secretKeyRef: + key: app-db-username-prod + name: patroni-ha-postgres-instance + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: app-db-password-prod + name: patroni-ha-postgres-instance + envFrom: + - secretRef: + name: vhers-virus-scan + image: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/vhers-virus-scan-tools@sha256:c86f55ecec7ec9f78c87235aac35b23fcae41ab240004ba0fda9ab44a9382f2e + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 240 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3500 + timeoutSeconds: 3 + name: vhers-virus-scan + ports: + - containerPort: 3500 + protocol: TCP + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 240 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3500 + timeoutSeconds: 3 + resources: + limits: + cpu: 500m + memory: 2G + requests: + cpu: 100m + memory: 500M + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + test: false + triggers: + - imageChangeParams: + automatic: true + containerNames: + - vhers-virus-scan + from: + kind: ImageStreamTag + name: vhers-virus-scan-tools:latest + namespace: c82b4c-tools + lastTriggeredImage: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/vhers-virus-scan-tools@sha256:c86f55ecec7ec9f78c87235aac35b23fcae41ab240004ba0fda9ab44a9382f2e + type: ImageChange + - type: ConfigChange +status: + availableReplicas: 1 + conditions: + - lastTransitionTime: "2024-02-02T20:52:00Z" + lastUpdateTime: "2024-02-02T20:52:04Z" + message: replication controller "vhers-virus-scan-22" successfully rolled out + reason: NewReplicationControllerAvailable + status: "True" + type: Progressing + - lastTransitionTime: "2024-12-03T21:39:56Z" + lastUpdateTime: "2024-12-03T21:39:56Z" + message: Deployment config has minimum availability. + status: "True" + type: Available + details: + causes: + - imageTrigger: + from: + kind: DockerImage + name: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/vhers-virus-scan-tools@sha256:c86f55ecec7ec9f78c87235aac35b23fcae41ab240004ba0fda9ab44a9382f2e + type: ImageChange + message: image change + latestVersion: 22 + observedGeneration: 40 + readyReplicas: 1 + replicas: 1 + unavailableReplicas: 0 + updatedReplicas: 1 diff --git a/openshift/tools/vhers-scan-deployment.yml b/openshift/tools/vhers-scan-deployment.yml new file mode 100644 index 0000000..3651540 --- /dev/null +++ b/openshift/tools/vhers-scan-deployment.yml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vhers-virus-scan + namespace: c82b4c-tools + labels: + app: vhers-virus-scan +spec: + replicas: 1 + selector: + matchLabels: + app: vhers-virus-scan + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + template: + metadata: + labels: + app: vhers-virus-scan + spec: + containers: + - name: vhers-virus-scan + image: image-registry.openshift-image-registry.svc:5000/c82b4c-tools/vhers-virus-scan-tools@sha256:c86f55ecec7ec9f78c87235aac35b23fcae41ab240004ba0fda9ab44a9382f2e + imagePullPolicy: Always + ports: + - containerPort: 3500 + protocol: TCP + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + key: app-db-hostname-prod + name: patroni-ha-postgres-instance + - name: DB_PORT + valueFrom: + secretKeyRef: + key: app-db-port-prod + name: patroni-ha-postgres-instance + - name: DB_NAME + valueFrom: + secretKeyRef: + key: app-db-name-prod + name: patroni-ha-postgres-instance + - name: DB_USERNAME + valueFrom: + secretKeyRef: + key: app-db-username-prod + name: patroni-ha-postgres-instance + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: app-db-password-prod + name: patroni-ha-postgres-instance + envFrom: + - secretRef: + name: vhers-virus-scan + livenessProbe: + tcpSocket: + port: 3500 + initialDelaySeconds: 240 + periodSeconds: 10 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + tcpSocket: + port: 3500 + initialDelaySeconds: 240 + periodSeconds: 10 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 100m + memory: 500Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + terminationGracePeriodSeconds: 30 From aa946f68caebda4785959f8f55b7604646a11d42 Mon Sep 17 00:00:00 2001 From: Darrel Siegle Date: Fri, 6 Dec 2024 10:19:36 -0800 Subject: [PATCH 3/3] refactor: changed bcsc flow to account for 3rd party fe --- src/build/routes.ts | 37 +++++++++-- src/build/swagger.json | 101 ++++++++++++++++++++++++++---- src/controllers/bcscController.ts | 78 +++++++++++++++++------ src/helpers/auth.ts | 7 ++- src/helpers/types.ts | 2 +- src/routes/bcsc.ts | 27 ++++++-- 6 files changed, 209 insertions(+), 43 deletions(-) diff --git a/src/build/routes.ts b/src/build/routes.ts index 1cf711b..95393f9 100644 --- a/src/build/routes.ts +++ b/src/build/routes.ts @@ -345,12 +345,11 @@ const models: TsoaRoute.Models = { "additionalProperties": false, }, // WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa - "userInfoSuccessResponse": { + "validateUserResponse": { "dataType": "refObject", "properties": { "success": {"dataType":"boolean","required":true}, - "pids": {"dataType":"string","required":true}, - "livePinId": {"dataType":"string","required":true}, + "message": {"dataType":"string","required":true}, }, "additionalProperties": false, }, @@ -939,6 +938,7 @@ export function RegisterRoutes(app: Router) { redirectResponse: {"in":"res","name":"307","required":true,"dataType":"void"}, serverErrorResponse: {"in":"res","name":"500","required":true,"dataType":"nestedObjectLiteral","nestedProperties":{"error":{"dataType":"string","required":true},"success":{"dataType":"boolean","required":true}}}, siteid: {"in":"query","name":"siteid","required":true,"dataType":"string"}, + redirect: {"in":"query","name":"redirect","required":true,"dataType":"string"}, }; // WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa @@ -957,6 +957,35 @@ export function RegisterRoutes(app: Router) { } }); // WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa + app.get('/bcsc/validate', + ...(fetchMiddlewares(BscsController)), + ...(fetchMiddlewares(BscsController.prototype.validateUserData)), + + function BscsController_validateUserData(request: any, response: any, next: any) { + const args = { + successResponse: {"in":"res","name":"200","required":true,"ref":"validateUserResponse"}, + badRequestErrorResponse: {"in":"res","name":"400","required":true,"ref":"validateUserResponse"}, + serverErrorResponse: {"in":"res","name":"500","required":true,"dataType":"nestedObjectLiteral","nestedProperties":{"error":{"dataType":"string","required":true},"success":{"dataType":"boolean","required":true}}}, + livePinId: {"in":"query","name":"livePinId","required":true,"dataType":"string"}, + pids: {"in":"query","name":"pids","required":true,"dataType":"array","array":{"dataType":"string"}}, + }; + + // WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa + + let validatedArgs: any[] = []; + try { + validatedArgs = getValidatedArgs(args, request, response); + + const controller = new BscsController(); + + + const promise = controller.validateUserData.apply(controller, validatedArgs as any); + promiseHandler(controller, promise, response, undefined, next); + } catch (err) { + return next(err); + } + }); + // WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa app.get('/bcsc/userinfo', ...(fetchMiddlewares(BscsController)), ...(fetchMiddlewares(BscsController.prototype.handleCallback)), @@ -964,7 +993,7 @@ export function RegisterRoutes(app: Router) { function BscsController_handleCallback(request: any, response: any, next: any) { const args = { typeORMErrorResponse: {"in":"res","name":"422","required":true,"ref":"GenericTypeORMErrorType"}, - successResponse: {"in":"res","name":"200","required":true,"ref":"userInfoSuccessResponse"}, + redirectResponse: {"in":"res","name":"302","required":true,"dataType":"any"}, badRequestErrorResponse: {"in":"res","name":"400","required":true,"ref":"badRequestError"}, serverErrorResponse: {"in":"res","name":"500","required":true,"ref":"serverErrorType"}, code: {"in":"query","name":"code","required":true,"dataType":"string"}, diff --git a/src/build/swagger.json b/src/build/swagger.json index 8e0a943..c765f5a 100644 --- a/src/build/swagger.json +++ b/src/build/swagger.json @@ -851,22 +851,18 @@ "pids": "12345678|11234567" } }, - "userInfoSuccessResponse": { + "validateUserResponse": { "properties": { "success": { "type": "boolean" }, - "pids": { - "type": "string" - }, - "livePinId": { + "message": { "type": "string" } }, "required": [ "success", - "pids", - "livePinId" + "message" ], "type": "object", "additionalProperties": false @@ -2365,27 +2361,110 @@ "schema": { "type": "string" } + }, + { + "in": "query", + "name": "redirect", + "required": true, + "schema": { + "type": "string" + } } ] } }, - "/bcsc/userinfo": { + "/bcsc/validate": { "get": { - "operationId": "HandleCallback", + "operationId": "ValidateUserData", "responses": { "200": { - "description": "- TSOA response object for successful user info retrieval (200).", + "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/userInfoSuccessResponse" + "$ref": "#/components/schemas/validateUserResponse" + } + } + } + }, + "204": { + "description": "No content" + }, + "400": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/validateUserResponse" + } + } + } + }, + "500": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "error": { + "type": "string" + }, + "success": { + "type": "boolean" + } + }, + "required": [ + "error", + "success" + ], + "type": "object" } } } + } + }, + "tags": [ + "BCSC" + ], + "security": [], + "parameters": [ + { + "in": "query", + "name": "livePinId", + "required": true, + "schema": { + "type": "string" + } }, + { + "in": "query", + "name": "pids", + "required": true, + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + } + ] + } + }, + "/bcsc/userinfo": { + "get": { + "operationId": "HandleCallback", + "responses": { "204": { "description": "No content" }, + "302": { + "description": "", + "content": { + "application/json": { + "schema": {} + } + } + }, "400": { "description": "- TSOA response for handling bad requests (400).", "content": { diff --git a/src/controllers/bcscController.ts b/src/controllers/bcscController.ts index fe4b860..d4ec03d 100644 --- a/src/controllers/bcscController.ts +++ b/src/controllers/bcscController.ts @@ -7,9 +7,9 @@ import { getAddressResults, badRequestError, serverErrorType, - userInfoSuccessResponse, + validateUserResponse, GenericTypeORMErrorType, - ApiError, + // ApiError, } from '../helpers/types'; import GeocodeAPICaller from '../helpers/geocodeAPICaller'; import { compareNames } from '../helpers/nameMatching'; @@ -37,12 +37,14 @@ export class BscsController extends Controller { { success: boolean; error: string } >, @Query() siteid: string, + @Query() redirect: string, ): Promise { try { // Get the authorization URL with the 'bcsc' identity provider const authUrl = await getAuthorizationUrl({ identity_provider: 'bcsc', siteId: siteid, + redirect: redirect, }); // Redirect with TsoaResponse @@ -59,6 +61,37 @@ export class BscsController extends Controller { } } + @Get('/validate') + public async validateUserData( + @Res() successResponse: TsoaResponse<200, validateUserResponse>, + @Res() badRequestErrorResponse: TsoaResponse<400, validateUserResponse>, + @Res() + serverErrorResponse: TsoaResponse< + 500, + { success: boolean; error: string } + >, + @Query() livePinId: string, + @Query() pids: string[], + ): Promise { + const ownerResults = await findPropertyDetails(pids, ['VIEW_PIN']); + + const matchingOwner = ownerResults.find( + (f: any) => f.livePinId === livePinId, + ); + + if (matchingOwner) { + return successResponse(200, { + success: true, + message: 'successful', + }); + } else { + return badRequestErrorResponse(400, { + success: false, + message: 'failure', + }); + } + } + /** * Handles the callback after the user authenticates with BCSC. * @param typeORMErrorResponse - TSOA response for handling TypeORM errors (422). @@ -72,7 +105,7 @@ export class BscsController extends Controller { @Get('/userinfo') public async handleCallback( @Res() typeORMErrorResponse: TsoaResponse<422, GenericTypeORMErrorType>, - @Res() successResponse: TsoaResponse<200, userInfoSuccessResponse>, + @Res() redirectResponse: TsoaResponse<302, any>, @Res() badRequestErrorResponse: TsoaResponse<400, badRequestError>, @Res() serverErrorResponse: TsoaResponse<500, serverErrorType>, // @Res() failureResponse: TsoaResponse<204, ApiError>, @@ -86,7 +119,8 @@ export class BscsController extends Controller { throw new Error('Authorization code is missing or invalid'); // Check for a valid authorization code const parsedState = JSON.parse(decodeURIComponent(state)); - console.log(parsedState); + // console.log(parsedState); + let redirectURI = `${parsedState.redirect}`; // Step 1: Exchange the authorization code for a token const tokenResponse = await fetch( @@ -184,24 +218,28 @@ export class BscsController extends Controller { ); // Respond with success, including relevant user information - return successResponse(200, { - success: true, - pids: matchingOwner.pids, - livePinId: matchingOwner.livePinId, - }); + // return successResponse(200, userInfo); + redirectURI = `${redirectURI}?status=0&livePinId=${matchingOwner.livePinId}&pids=${matchingOwner.pids}`; + redirectResponse(302, undefined, { Location: redirectURI }); } else { - const exception: ApiError = { - message: `Unable to match owner name of property`, - code: 400, - }; - throw exception; + redirectURI = `${redirectURI}?status=1`; + redirectResponse(302, undefined, { Location: redirectURI }); + + // const exception: ApiError = { + // message: `Unable to match owner name of property`, + // code: 400, + // }; + // throw exception; } } else { - const exception: ApiError = { - message: `BCSC User Address does not match SiteID Address`, - code: 400, - }; - throw exception; + redirectURI = `${redirectURI}?status=2`; + redirectResponse(302, undefined, { Location: redirectURI }); + + // const exception: ApiError = { + // message: `BCSC User Address does not match SiteID Address`, + // code: 400, + // }; + // throw exception; } } catch (err: any) { if (err instanceof TypeORMError) { @@ -220,7 +258,7 @@ export class BscsController extends Controller { }); } else { logger.warn( - `Encountered 500 unknown Internal Server Error in getPropertyDetails: ${err.message}`, + `Encountered 500 unknown Internal Server Error in BCSC login: ${err.message}`, ); return serverErrorResponse(500, { message: err.message }); } diff --git a/src/helpers/auth.ts b/src/helpers/auth.ts index 43bdc00..104ebd7 100644 --- a/src/helpers/auth.ts +++ b/src/helpers/auth.ts @@ -85,7 +85,8 @@ export const prepareTokenInfo = async (tokenPayload: any) => { export const getAuthorizationUrl = async ({ identity_provider, siteId, -}: { identity_provider?: any; siteId?: string } = {}) => { + redirect, +}: { identity_provider?: any; siteId?: string; redirect?: string } = {}) => { // Define params with an optional kc_idp_hint property let params: { client_id: string | undefined; @@ -112,7 +113,9 @@ export const getAuthorizationUrl = async ({ params.redirect_uri = OIDC_BCSC_REDIRECT_URL; // redirect to a different user to get the userinfo params.client_id = process.env.BCSC_OIDC_CLIENT_ID; params.kc_idp_hint = process.env.BCSC_OIDC_CLIENT_ID; // kc_idp_hint is our CLIENT_ID - params.state = encodeURIComponent(JSON.stringify({ siteId })); + params.state = encodeURIComponent( + JSON.stringify({ siteId, redirect }), + ); } } else { params = { diff --git a/src/helpers/types.ts b/src/helpers/types.ts index 7c22850..8e710ee 100644 --- a/src/helpers/types.ts +++ b/src/helpers/types.ts @@ -808,7 +808,7 @@ export interface userInfoSuccessResponse { livePinId: string; } -export interface userInfoFailureResponse { +export interface validateUserResponse { success: boolean; message: string; } diff --git a/src/routes/bcsc.ts b/src/routes/bcsc.ts index bfc408e..413c833 100644 --- a/src/routes/bcsc.ts +++ b/src/routes/bcsc.ts @@ -7,9 +7,9 @@ const bcscRouter = express.Router(); const controller = new BscsController(); bcscRouter.get('/', async (req: Request, res: Response) => { - const { siteId } = req.query; + const { siteId, redirect } = req.query; - // Set a secure, HTTP-only cookie with the `siteID` + // // Set a secure, HTTP-only cookie with the `siteID` res.cookie('siteId', siteId, { httpOnly: true, // The cookie cannot be accessed via client-side JavaScript secure: process.env.NODE_ENV === 'production', // Ensures the cookie is only sent over HTTPS @@ -20,13 +20,26 @@ bcscRouter.get('/', async (req: Request, res: Response) => { () => {}, () => {}, siteId as string, + redirect as string, ); }); -bcscRouter.get('/userinfo', async (req: Request, res: Response) => { +bcscRouter.get('/validate', async (req: Request) => { + const { livePinId, pid } = req.query; + + await controller.validateUserData( + () => {}, + () => {}, + () => {}, + livePinId as string, + pid as string[], + ); +}); + +bcscRouter.get('/userinfo', async (req: Request) => { const { code, state } = req.query; - const response = await controller.handleCallback( + await controller.handleCallback( () => {}, () => {}, () => {}, @@ -36,7 +49,11 @@ bcscRouter.get('/userinfo', async (req: Request, res: Response) => { state as string, ); - return res.send(response); + // req.session.user = response; + + // const redirection = `${response.redirect}?livePinId=${response.livePinId}&pids=${response.pids}` + + // return res.redirect(redirection); }); export default bcscRouter;