ID-4197: Legge inn og konfigurere redis-lib i eu-eidas-proxy (#4)

felleslosninger · May 7, 2024 · 18b4e3d · 18b4e3d
1 parent d4fde8a
commit 18b4e3d
Show file tree

Hide file tree

Showing 13 changed files with 204 additions and 335 deletions.
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -2,12 +2,20 @@
 # NB for images to systest/test/prod use creiddev ACR: az acr login -n creiddev  --subscription 0d8a0177-44ad-4a25-a38f-9489f3874db0
 # https://portal.azure.com/#@Nasjonalfelleslosning.onmicrosoft.com/resource/subscriptions/9c0d7873-b8aa-4042-96f8-b8ce5c9888d0/resourceGroups/rg-eid-systest-cr/providers/Microsoft.ContainerRegistry/registries/crutvikling/overview
 
-name: eu-eidas-proxy
+name: eidas
 networks:
   eidas:
     name: eidas
 
 services:
+  redis:
+    image: redis:alpine
+    restart: always
+    ports:
+      - "6400:6379"
+    networks:
+      - eidas
+    command: redis-server --maxmemory-policy allkeys-lru
 
   eu-eidas-proxy:
     build:
@@ -19,7 +27,7 @@ services:
     ports:
       - "8082:8082"
     healthcheck:
-      test: wget --no-verbose --tries=1 --spider http://eu-eidas-proxy:8082/EidasNodeProxy/ServiceMetadata || exit 1
+      test: wget --no-verbose --tries=1 http://eu-eidas-proxy:8082/ServiceMetadata || exit 1
       interval: 5s
       start_period: 8s
       timeout: 5s

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -2,11 +2,25 @@ FROM maven:3.9-eclipse-temurin-11 as builder
 
 WORKDIR /data
 
-# Download EU-eidas software
+ARG GIT_PACKAGE_TOKEN
+
+# Download our redis-lib
+ARG REDIS_LIB_VERSION=0.0.6
+RUN curl -H "Authorization: token ${GIT_PACKAGE_TOKEN}" -L -O \
+  https://maven.pkg.github.com/felleslosninger/eidas-redis-lib/no/idporten/eidas/eidas-redis/${REDIS_LIB_VERSION}/eidas-redis-${REDIS_LIB_VERSION}.jar
+RUN curl -H "Authorization: token ${GIT_PACKAGE_TOKEN}" -L -O \
+  https://maven.pkg.github.com/felleslosninger/eidas-redis-lib/no/idporten/eidas/eidas-redis-node/${REDIS_LIB_VERSION}/eidas-redis-node-${REDIS_LIB_VERSION}.jar
+RUN curl -H "Authorization: token ${GIT_PACKAGE_TOKEN}" -L -O \
+  https://maven.pkg.github.com/felleslosninger/eidas-redis-lib/no/idporten/eidas/eidas-redis-specific-communication/${REDIS_LIB_VERSION}/eidas-redis-specific-communication-${REDIS_LIB_VERSION}.jar
+
+
+# Download & build EU-eidas software
 ARG EIDAS_NODE_VERSION=2.7.1
 RUN git clone --depth 1 --branch eidasnode-${EIDAS_NODE_VERSION} https://ec.europa.eu/digital-building-blocks/code/scm/eid/eidasnode-pub.git
 
-RUN cd eidasnode-pub && mvn clean install --file EIDAS-Parent/pom.xml -P NodeOnly -P nodeJcacheIgnite -P specificCommunicationJcacheIgnite
+RUN mkdir -p eidasnode-pub/EIDAS-Node-Proxy/src/main/webapp/WEB-INF/lib && cp /data/eidas-redis-*${REDIS_LIB_VERSION}.jar eidasnode-pub/EIDAS-Node-Proxy/src/main/webapp/WEB-INF/lib/
+COPY docker/proxy/config/proxySpecificCommunicationCaches.xml eidasnode-pub/EIDAS-SpecificCommunicationDefinition/src/main/resources/
+RUN cd eidasnode-pub && mvn clean install --file EIDAS-Parent/pom.xml -P NodeOnly -P-specificCommunicationJcacheIgnite -DskipTests
 
 RUN mkdir -p eidas-proxy-config/
 COPY docker/proxy/config/ eidas-proxy-config
@@ -18,7 +32,6 @@ RUN sed -i 's/DEMOLAND-CA-URL/https:\/\/eidas-demo-ca.idporten.dev/g' eidas-prox
 RUN sed -i 's/NO-EU-EIDAS-CONNECTOR-URL/https:\/\/eu-eidas-connector.idporten.dev/g' eidas-proxy-config/metadata/MetadataFetcher_Service.properties
 
 
-
 FROM tomcat:9.0-jre11-temurin-jammy
 
 COPY docker/bouncycastle/java_bc.security /opt/java/openjdk/conf/security/java_bc.security
@@ -33,9 +46,6 @@ COPY --from=builder /data/eidas-proxy-config/ $CATALINA_HOME/eidas-proxy-config
 COPY --from=builder /data/eidasnode-pub/EIDAS-Node-Proxy/target/EidasNodeProxy.war ${CATALINA_HOME}/webapps/ROOT.war
 RUN chmod -R 770 ${CATALINA_HOME}/webapps
 
-# Add Cache Ignite work folder. TODO: Remove when switch to Redis.
-RUN mkdir -p ${CATALINA_HOME}/ignite && chgrp -R 0 ${CATALINA_HOME}/ignite && chmod 770 ${CATALINA_HOME}/ignite
-
 # eIDAS audit log folder
 RUN mkdir -p ${CATALINA_HOME}/eidas/logs && chmod 774 ${CATALINA_HOME}/eidas/logs
 

diff --git a/docker/dev.Dockerfile b/docker/dev.Dockerfile
@@ -2,24 +2,39 @@ FROM maven:3.9-eclipse-temurin-11 as builder
 
 WORKDIR /data
 
-# Download EU-eidas software
+ARG GIT_PACKAGE_TOKEN
+
+# Download our redis-lib
+ARG REDIS_LIB_VERSION=0.0.6
+RUN curl -H "Authorization: token ${GIT_PACKAGE_TOKEN}" -L -O \
+  https://maven.pkg.github.com/felleslosninger/eidas-redis-lib/no/idporten/eidas/eidas-redis/${REDIS_LIB_VERSION}/eidas-redis-${REDIS_LIB_VERSION}.jar
+RUN curl -H "Authorization: token ${GIT_PACKAGE_TOKEN}" -L -O \
+  https://maven.pkg.github.com/felleslosninger/eidas-redis-lib/no/idporten/eidas/eidas-redis-node/${REDIS_LIB_VERSION}/eidas-redis-node-${REDIS_LIB_VERSION}.jar
+RUN curl -H "Authorization: token ${GIT_PACKAGE_TOKEN}" -L -O \
+  https://maven.pkg.github.com/felleslosninger/eidas-redis-lib/no/idporten/eidas/eidas-redis-specific-communication/${REDIS_LIB_VERSION}/eidas-redis-specific-communication-${REDIS_LIB_VERSION}.jar
+
+
+# Download & build EU-eidas software
 ARG EIDAS_NODE_VERSION=2.7.1
 RUN git clone --depth 1 --branch eidasnode-${EIDAS_NODE_VERSION} https://ec.europa.eu/digital-building-blocks/code/scm/eid/eidasnode-pub.git
 
-RUN cd eidasnode-pub && mvn clean install --file EIDAS-Parent/pom.xml -P NodeOnly -P nodeJcacheIgnite -P specificCommunicationJcacheIgnite
+RUN mkdir -p eidasnode-pub/EIDAS-Node-Proxy/src/main/webapp/WEB-INF/lib && cp /data/eidas-redis-*${REDIS_LIB_VERSION}.jar eidasnode-pub/EIDAS-Node-Proxy/src/main/webapp/WEB-INF/lib/
+COPY docker/proxy/config/proxySpecificCommunicationCaches.xml eidasnode-pub/EIDAS-SpecificCommunicationDefinition/src/main/resources/
+RUN cd eidasnode-pub && mvn clean install --file EIDAS-Parent/pom.xml -P NodeOnly -P-specificCommunicationJcacheIgnite -DskipTests
 
 RUN mkdir -p eidas-proxy-config/
 COPY docker/proxy/config/ eidas-proxy-config
 
 # Replace base URLs in eidas.xml and metadata (whitelist).
 RUN sed -i 's/EU-PROXY-URL/http:\/\/eu-eidas-proxy:8082/g' eidas-proxy-config/eidas.xml
-RUN sed -i 's/EIDAS-PROXY-URL/http:\/\/eidas-proxy:8081/g' eidas-proxy-config/eidas.xml
+RUN sed -i 's/EIDAS-PROXY-URL/http:\/\/eidas-proxy:8077/g' eidas-proxy-config/eidas.xml
 RUN sed -i 's/DEMOLAND-CA-URL/http:\/\/eidas-demo-ca:8080/g' eidas-proxy-config/metadata/MetadataFetcher_Service.properties
 RUN sed -i 's/NO-EU-EIDAS-CONNECTOR-URL/http:\/\/eu-eidas-connector:8083/g' eidas-proxy-config/metadata/MetadataFetcher_Service.properties
 
 # Only for local development
 RUN sed -i 's/metadata.restrict.http">true/metadata.restrict.http">false/g' eidas-proxy-config/eidas.xml
 
+
 FROM tomcat:9.0-jre11-temurin-jammy
 
 COPY docker/bouncycastle/java_bc.security /opt/java/openjdk/conf/security/java_bc.security

diff --git a/docker/proxy/config/eidas.xml b/docker/proxy/config/eidas.xml
@@ -58,4 +58,5 @@
     <!--URL for specific-proxyService requests receiver only needed when specific  -->
     <entry key="specific.proxyservice.request.receiver">EIDAS-PROXY-URL/ProxyServiceRequest</entry>
 
+    <entry key="node.metadata.not.signed.descriptors">https://dummy.no</entry>
 </properties>
diff --git a/docker/proxy/config/ignite/KeyStore/server.p12 b/docker/proxy/config/ignite/KeyStore/server.p12
diff --git a/docker/proxy/config/ignite/KeyStore/trust.p12 b/docker/proxy/config/ignite/KeyStore/trust.p12
diff --git a/docker/proxy/config/ignite/igniteNode.xml b/docker/proxy/config/ignite/igniteNode.xml