Merge pull request #300 from fabric-testbed/rel1.5

Rel1.5 - changes

.gitignore

@@ -146,3 +146,7 @@ pdp/
 pg_data/
 schema/
 ssl/
+fabric_cf/actor/test/*.graphml
+secrets/kafkacat2-ca1-signed.pem
+secrets/kafkacat1-ca1-signed.pem
+secrets/...

Dockerfile-auth

@@ -1,7 +1,7 @@
 FROM python:3.9.0
 MAINTAINER Komal Thareja<komal.thareja@gmail.com>
 
-ARG HANDLERS_VER=1.4.3
+ARG HANDLERS_VER=1.5.0
 
 RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app
@@ -12,13 +12,14 @@ EXPOSE 11000
 RUN apt-get update
 RUN apt-get install cron -y
 
-COPY requirements.txt /usr/src/app/
 COPY docker-entrypoint.sh /usr/src/app/
 COPY fabric_cf /usr/src/app/fabric_cf
+COPY pyproject.toml /usr/src/app/
+COPY README.md /usr/src/app/
 COPY tools/audit.py /usr/src/app/
 COPY tools/install.sh /usr/src/app/
 
-RUN pip3 install --no-cache-dir -r requirements.txt
+RUN pip3 install .
 RUN mkdir -p "/etc/fabric/message_bus/schema"
 RUN mkdir -p "/etc/fabric/actor/config"
 RUN mkdir -p "/var/log/actor"

Dockerfile-broker

@@ -10,13 +10,14 @@ EXPOSE 11000
 RUN apt-get update
 RUN apt-get install cron -y
 
-COPY requirements.txt /usr/src/app/
 COPY docker-entrypoint.sh /usr/src/app/
 COPY fabric_cf /usr/src/app/fabric_cf
+COPY pyproject.toml /usr/src/app/
+COPY README.md /usr/src/app/
 COPY tools/audit.py /usr/src/app/
 COPY tools/install.sh /usr/src/app/
 
-RUN pip3 install --no-cache-dir -r requirements.txt
+RUN pip3 install .
 RUN mkdir -p "/etc/fabric/message_bus/schema"
 RUN mkdir -p "/etc/fabric/actor/config"
 RUN mkdir -p "/var/log/actor"

Dockerfile-cf

@@ -10,12 +10,13 @@ EXPOSE 11000
 RUN apt-get update
 RUN apt-get install cron -y
 
-COPY requirements.txt /usr/src/app/
 COPY fabric_cf /usr/src/app/fabric_cf
+COPY pyproject.toml /usr/src/app/
+COPY README.md /usr/src/app/
 COPY tools/audit.py /usr/src/app/
 COPY tools/install.sh /usr/src/app/
 
-RUN pip3 install --no-cache-dir -r requirements.txt
+RUN pip3 install .
 RUN mkdir -p "/etc/fabric/message_bus/schema"
 RUN mkdir -p "/etc/fabric/actor/config"
 RUN mkdir -p "/var/log/actor"
@@ -27,4 +28,4 @@ RUN service cron reload
 RUN service cron restart
 
 ENTRYPOINT ["sh"]
-CMD ["tail", "-f", "/dev/null"]
+CMD ["tail", "-f", "/dev/null"]

Dockerfile-orchestrator

@@ -11,13 +11,14 @@ EXPOSE 8700
 RUN apt-get update
 RUN apt-get install cron -y
 
-COPY requirements.txt /usr/src/app/
 COPY docker-entrypoint.sh /usr/src/app/
 COPY fabric_cf /usr/src/app/fabric_cf
+COPY pyproject.toml /usr/src/app/
+COPY README.md /usr/src/app/
 COPY tools/audit.py /usr/src/app/
 COPY tools/install.sh /usr/src/app/
 
-RUN pip3 install --no-cache-dir -r requirements.txt
+RUN pip3 install .
 RUN mkdir -p "/etc/fabric/message_bus/schema"
 RUN mkdir -p "/etc/fabric/actor/config"
 RUN mkdir -p "/var/log/actor"

docker-compose-test.yaml

@@ -22,32 +22,20 @@ services:
     container_name: broker1
     depends_on:
       - zookeeper
-    volumes:
-      - ${KAFKA_SSL_SECRETS_DIR}:/etc/kafka/secrets
     ports:
       - 9092:9092
       - 19092:19092
     environment:
       KAFKA_BROKER_ID: 1
       KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
-      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: SSL:SSL,SSL_HOST:SSL
-      KAFKA_ADVERTISED_LISTENERS: SSL://broker1:9092,SSL_HOST://localhost:19092
+      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
+      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker1:9092,PLAINTEXT_HOST://localhost:19092
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
       KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
       KAFKA_CONFLUENT_LICENSE_TOPIC_REPLICATION_FACTOR: 1
       KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
       KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
 
-
-      KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker1.keystore.jks
-      KAFKA_SSL_KEYSTORE_CREDENTIALS: broker1_keystore_creds
-      KAFKA_SSL_KEY_CREDENTIALS: broker1_sslkey_creds
-      KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker1.truststore.jks
-      KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker1_truststore_creds
-      KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: " "
-      KAFKA_SSL_CLIENT_AUTH: requested
-      KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SSL
-
   schemaregistry:
     image: confluentinc/cp-schema-registry:latest
     container_name: schemaregistry
@@ -64,18 +52,6 @@ services:
       SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: zookeeper:2181
       SCHEMA_REGISTRY_HOST_NAME: schemaregistry
       SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8081
-      SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: SSL
-
-      SCHEMA_REGISTRY_KAFKASTORE_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/kafka.schemaregistry.truststore.jks
-      SCHEMA_REGISTRY_KAFKASTORE_SSL_TRUSTSTORE_PASSWORD: fabric
-      SCHEMA_REGISTRY_KAFKASTORE_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/kafka.schemaregistry.keystore.jks
-      SCHEMA_REGISTRY_KAFKASTORE_SSL_KEYSTORE_PASSWORD: fabric
-      SCHEMA_REGISTRY_KAFKASTORE_SSL_KEY_PASSWORD: fabric
-      SCHEMA_REGISTRY_KAFKASTORE_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: " "
-
-      SCHEMA_REGISTRY_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/kafka.schemaregistry.keystore.jks
-      SCHEMA_REGISTRY_SSL_KEYSTORE_PASSWORD: fabric
-      SCHEMA_REGISTRY_SSL_KEY_PASSWORD: fabric
       SCHEMA_REGISTRY_DEBUG: 'true'
   database:
     image: fabrictestbed/postgres:12.3
@@ -94,7 +70,7 @@ services:
        - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-fabric}
        - PGDATA=${PGDATA:-/var/lib/postgresql/data}
   neo4j1:
-    image: fabrictestbed/neo4j-apoc:4.0.3
+    image: fabrictestbed/neo4j-apoc:5.3.0
     container_name: neo4j1
     user: ${NEO4J_UID:-1000}:${NEO4J_GID:-1000}
     restart: always
@@ -110,14 +86,14 @@ services:
       - ./neo4j/certs/privkey.pem:/ssl/neo4j.key:ro     # SSL development key
     environment:
       - NEO4J_AUTH=${NEO4J_USER:-neo4j}/${NEO4J_PASS:-password}
-      - NEO4J_dbms_connector_bolt_advertised__address=0.0.0.0:7687
-      - NEO4J_dbms_connector_bolt_listen__address=0.0.0.0:7687
-      - NEO4J_dbms_connector_http_advertised__address=0.0.0.0:7474
-      - NEO4J_dbms_connector_http_listen__address=0.0.0.0:7474
-      - NEO4J_dbms_connector_https_advertised__address=0.0.0.0:7473
-      - NEO4J_dbms_connector_https_listen__address=0.0.0.0:7473
+      - NEO4J_server_bolt_advertised__address=:7687
+      - NEO4J_server_bolt_listen__address=:7687
+      - NEO4J_server_http_advertised__address=:7474
+      - NEO4J_server_http_listen__address=:7474
+      - NEO4J_server_https_advertised__address=:7473
+      - NEO4J_server_https_listen__address=:7473
   neo4j2:
-    image: fabrictestbed/neo4j-apoc:4.0.3
+    image: fabrictestbed/neo4j-apoc:5.3.0
     container_name: neo4j2
     user: ${NEO4J_UID:-1000}:${NEO4J_GID:-1000}
     restart: always
@@ -133,14 +109,14 @@ services:
       - ./neo4j/certs/privkey.pem:/ssl/neo4j.key:ro     # SSL development key
     environment:
       - NEO4J_AUTH=${NEO4J_USER:-neo4j}/${NEO4J_PASS:-password}
-      - NEO4J_dbms_connector_bolt_advertised__address=0.0.0.0:8687
-      - NEO4J_dbms_connector_bolt_listen__address=0.0.0.0:8687
-      - NEO4J_dbms_connector_http_advertised__address=0.0.0.0:8474
-      - NEO4J_dbms_connector_http_listen__address=0.0.0.0:8474
-      - NEO4J_dbms_connector_https_advertised__address=0.0.0.0:8473
-      - NEO4J_dbms_connector_https_listen__address=0.0.0.0:8473
+      - NEO4J_server_bolt_advertised__address=:8687
+      - NEO4J_server_bolt_listen__address=:8687
+      - NEO4J_server_http_advertised__address=:8474
+      - NEO4J_server_http_listen__address=:8474
+      - NEO4J_server_https_advertised__address=:8473
+      - NEO4J_server_https_listen__address=:8473
   neo4j3:
-    image: fabrictestbed/neo4j-apoc:4.0.3
+    image: fabrictestbed/neo4j-apoc:5.3.0
     container_name: neo4j3
     user: ${NEO4J_UID:-1000}:${NEO4J_GID:-1000}
     restart: always
@@ -156,14 +132,14 @@ services:
       - ./neo4j/certs/privkey.pem:/ssl/neo4j.key:ro     # SSL development key
     environment:
       - NEO4J_AUTH=${NEO4J_USER:-neo4j}/${NEO4J_PASS:-password}
-      - NEO4J_dbms_connector_bolt_advertised__address=0.0.0.0:9687
-      - NEO4J_dbms_connector_bolt_listen__address=0.0.0.0:9687
-      - NEO4J_dbms_connector_http_advertised__address=0.0.0.0:9474
-      - NEO4J_dbms_connector_http_listen__address=0.0.0.0:9474
-      - NEO4J_dbms_connector_https_advertised__address=0.0.0.0:9473
-      - NEO4J_dbms_connector_https_listen__address=0.0.0.0:9473
+      - NEO4J_server_bolt_advertised__address=:9687
+      - NEO4J_server_bolt_listen__address=:9687
+      - NEO4J_server_http_advertised__address=:9474
+      - NEO4J_server_http_listen__address=:9474
+      - NEO4J_server_https_advertised__address=:9473
+      - NEO4J_server_https_listen__address=:9473
   neo4j4:
-    image: fabrictestbed/neo4j-apoc:4.0.3
+    image: fabrictestbed/neo4j-apoc:5.3.0
     container_name: neo4j4
     user: ${NEO4J_UID:-1000}:${NEO4J_GID:-1000}
     restart: always
@@ -179,14 +155,14 @@ services:
       - ./neo4j/certs/privkey.pem:/ssl/neo4j.key:ro     # SSL development key
     environment:
       - NEO4J_AUTH=${NEO4J_USER:-neo4j}/${NEO4J_PASS:-password}
-      - NEO4J_dbms_connector_bolt_advertised__address=0.0.0.0:6687
-      - NEO4J_dbms_connector_bolt_listen__address=0.0.0.0:6687
-      - NEO4J_dbms_connector_http_advertised__address=0.0.0.0:6474
-      - NEO4J_dbms_connector_http_listen__address=0.0.0.0:6474
-      - NEO4J_dbms_connector_https_advertised__address=0.0.0.0:6473
-      - NEO4J_dbms_connector_https_listen__address=0.0.0.0:6473
+      - NEO4J_server_bolt_advertised__address=:6687
+      - NEO4J_server_bolt_listen__address=:6687
+      - NEO4J_server_http_advertised__address=:6474
+      - NEO4J_server_http_listen__address=:6474
+      - NEO4J_server_https_advertised__address=:6473
+      - NEO4J_server_https_listen__address=:6473
   neo4j5:
-    image: fabrictestbed/neo4j-apoc:4.0.3
+    image: fabrictestbed/neo4j-apoc:5.3.0
     container_name: neo4j5
     user: ${NEO4J_UID:-1000}:${NEO4J_GID:-1000}
     restart: always
@@ -202,12 +178,12 @@ services:
       - ./neo45/certs/privkey.pem:/ssl/neo4j.key:ro     # SSL development key
     environment:
       - NEO4J_AUTH=${NEO4J_USER:-neo4j}/${NEO4J_PASS:-password}
-      - NEO4J_dbms_connector_bolt_advertised__address=0.0.0.0:10687
-      - NEO4J_dbms_connector_bolt_listen__address=0.0.0.0:10687
-      - NEO4J_dbms_connector_http_advertised__address=0.0.0.0:10474
-      - NEO4J_dbms_connector_http_listen__address=0.0.0.0:10474
-      - NEO4J_dbms_connector_https_advertised__address=0.0.0.0:10473
-      - NEO4J_dbms_connector_https_listen__address=0.0.0.0:10473
+      - NEO4J_server_bolt_advertised__address=:10687
+      - NEO4J_server_bolt_listen__address=:10687
+      - NEO4J_server_http_advertised__address=:10474
+      - NEO4J_server_http_listen__address=:10474
+      - NEO4J_server_https_advertised__address=:10473
+      - NEO4J_server_https_listen__address=:10473
   cf-base:
     build:
       context: .

env.template.test

@@ -32,3 +32,5 @@ PGDATA_HOST=/var/tmp
 
 KAFKA_SSL_SECRETS_DIR=./secrets
 AITS_LOG_DIR=/var/tmp
+
+SSL_CIPHER_SUITES=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

fabric_cf/__init__.py

@@ -1 +1,2 @@
-__VERSION__ = "1.4.7"
+__version__ = "1.5.0"
+__VERSION__ = __version__