From e56f12777c43885696a98f07e01c040f95ca7015 Mon Sep 17 00:00:00 2001
From: danielhanrahan <daniel.hanrahan@est.tech>
Date: Fri, 28 Jan 2022 11:41:38 +0000
Subject: Run policy GUIs in a single JAR

Create gui-server module serving clamp and apex GUIs using Spring
Add Spring filter to pass client SSL cert to clamp backend
Remove nginx from docker image
Add logback.xml to docker image
Add helper scripts for running gui-server jar and docker

Issue-ID: POLICY-3638
Signed-off-by: danielhanrahan <daniel.hanrahan@est.tech>
Change-Id: Ie857f5755015c522b8cf781de255f7a1d567e263
---
 gui-server/extra/bin-for-dev/README.md             |  10 ++
 .../extra/bin-for-dev/config/dev/application.yml   |  27 +++++
 .../extra/bin-for-dev/config/dev/logback.xml       | 130 +++++++++++++++++++++
 .../extra/bin-for-dev/demo-clamp-keystore.p12      | Bin 0 -> 4139 bytes
 .../extra/bin-for-dev/demo-clamp-truststore.jks    | Bin 0 -> 1413 bytes
 .../extra/bin-for-dev/start-gui-server-docker.sh   |  39 +++++++
 .../extra/bin-for-dev/start-gui-server-jar.sh      |  26 +++++
 7 files changed, 232 insertions(+)
 create mode 100644 gui-server/extra/bin-for-dev/README.md
 create mode 100644 gui-server/extra/bin-for-dev/config/dev/application.yml
 create mode 100644 gui-server/extra/bin-for-dev/config/dev/logback.xml
 create mode 100644 gui-server/extra/bin-for-dev/demo-clamp-keystore.p12
 create mode 100644 gui-server/extra/bin-for-dev/demo-clamp-truststore.jks
 create mode 100755 gui-server/extra/bin-for-dev/start-gui-server-docker.sh
 create mode 100755 gui-server/extra/bin-for-dev/start-gui-server-jar.sh

(limited to 'gui-server/extra')

diff --git a/gui-server/extra/bin-for-dev/README.md b/gui-server/extra/bin-for-dev/README.md
new file mode 100644
index 0000000..b12bcff
--- /dev/null
+++ b/gui-server/extra/bin-for-dev/README.md
@@ -0,0 +1,10 @@
+# gui-server helper scripts
+This directory contains helper scripts for running gui-server.
+
+- start-gui-server-jar.sh starts the JAR.
+
+- start-gui-server-docker.sh starts the docker image.
+To ensure the latest development snapshot is run, first build the run `mvn clean install -P docker` from the gui repo.
+
+If you wish to test client cert authentication, you may import the certificate demo-clamp.keystore.p12 into your browser
+(password is 'changeit').
diff --git a/gui-server/extra/bin-for-dev/config/dev/application.yml b/gui-server/extra/bin-for-dev/config/dev/application.yml
new file mode 100644
index 0000000..efc2dcd
--- /dev/null
+++ b/gui-server/extra/bin-for-dev/config/dev/application.yml
@@ -0,0 +1,27 @@
+server:
+  port: 2443
+  ssl:
+    enabled: true
+    client-auth: want
+    key-store: file:demo-clamp-keystore.p12
+    key-store-password: changeit
+    trust-store: file:demo-clamp-truststore.jks
+    trust-store-password: changeit
+
+clamp:
+  # URL to the clamp backend
+  url: https://localhost:8443/
+  # Disabling SSL validation is useful for local testing, but should not be disabled in production.
+  disable-ssl-validation: true
+  # Disabling SSL hostname check is needed if cert name does not match hostname.
+  disable-ssl-hostname-check: true
+
+apex-editor:
+  upload-url:
+  upload-userid:
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health, metrics, prometheus
diff --git a/gui-server/extra/bin-for-dev/config/dev/logback.xml b/gui-server/extra/bin-for-dev/config/dev/logback.xml
new file mode 100644
index 0000000..a8f8357
--- /dev/null
+++ b/gui-server/extra/bin-for-dev/config/dev/logback.xml
@@ -0,0 +1,130 @@
+<!--
+  ============LICENSE_START=======================================================
+  policy-gui
+  ================================================================================
+  Copyright (C) 2021-2022 Nordix Foundation.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  ============LICENSE_END=========================================================
+  -->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <property name="logDir" value="${POLICY_LOGS}" />
+
+    <property name="errorLog" value="error" />
+    <property name="debugLog" value="debug" />
+    <property name="networkLog" value="network" />
+
+    <property name="debugPattern"
+              value="[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n" />
+    <property name="errorPattern" value="${debugPattern}" />
+    <property name="networkPattern" value="[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n" />
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>INFO</level>
+        </filter>
+        <encoder>
+            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${logDir}/${errorLog}.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>${logDir}/${errorLog}.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>${errorPattern}</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ERROR" />
+    </appender>
+
+    <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${logDir}/${debugLog}.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>${logDir}/${debugLog}.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>${debugPattern}</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DEBUG" />
+    </appender>
+
+    <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${logDir}/${networkLog}.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>${logDir}/${networkLog}.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>${networkPattern}</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NETWORK" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="asyncNetwork" />
+    </logger>
+
+    <logger name="org.apache" level="INFO">
+        <appender-ref ref="DEBUG" />
+    </logger>
+
+    <!-- Spring related loggers -->
+    <logger name="org.springframework" level="INFO">
+        <appender-ref ref="DEBUG" />
+    </logger>
+
+    <!-- GUI related loggers -->
+    <logger name="org.onap.policy.gui" level="DEBUG">
+        <appender-ref ref="ERROR" />
+        <appender-ref ref="DEBUG" />
+    </logger>
+
+    <!-- logback internals logging -->
+    <logger name="ch.qos.logback.classic" level="INFO" />
+    <logger name="ch.qos.logback.core" level="INFO" />
+
+    <root level="DEBUG">
+        <appender-ref ref="asyncDebug" />
+        <appender-ref ref="asyncError" />
+        <appender-ref ref="asyncNetwork" />
+        <appender-ref ref="STDOUT" />
+    </root>
+</configuration>
diff --git a/gui-server/extra/bin-for-dev/demo-clamp-keystore.p12 b/gui-server/extra/bin-for-dev/demo-clamp-keystore.p12
new file mode 100644
index 0000000..e034eeb
Binary files /dev/null and b/gui-server/extra/bin-for-dev/demo-clamp-keystore.p12 differ
diff --git a/gui-server/extra/bin-for-dev/demo-clamp-truststore.jks b/gui-server/extra/bin-for-dev/demo-clamp-truststore.jks
new file mode 100644
index 0000000..2af1adc
Binary files /dev/null and b/gui-server/extra/bin-for-dev/demo-clamp-truststore.jks differ
diff --git a/gui-server/extra/bin-for-dev/start-gui-server-docker.sh b/gui-server/extra/bin-for-dev/start-gui-server-docker.sh
new file mode 100755
index 0000000..78748cd
--- /dev/null
+++ b/gui-server/extra/bin-for-dev/start-gui-server-docker.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]}")
+KEYSTORE_PATH=$(realpath "$SCRIPT_DIR/demo-clamp-keystore.p12")
+TRUSTSTORE_PATH=$(realpath "$SCRIPT_DIR/demo-clamp-truststore.jks")
+LOGBACK_PATH=$(realpath "$SCRIPT_DIR/config/dev/logback.xml")
+
+# Note hostname 'policy-clamp-be' is mapped to host-gateway (i.e. host's localhost)
+docker run \
+  --publish 2443:2443 \
+  --add-host policy-clamp-be:host-gateway \
+  --env "CLAMP_URL=https://policy-clamp-be:8443" \
+  --env "CLAMP_DISABLE_SSL_VALIDATION=true" \
+  --env "SERVER_SSL_CLIENT_AUTH=want" \
+  --env "KEYSTORE_PASSWD=changeit" \
+  --env "TRUSTSTORE_PASSWD=changeit" \
+  --volume "$KEYSTORE_PATH:/opt/app/policy/gui/etc/mounted/policy-keystore" \
+  --volume "$TRUSTSTORE_PATH:/opt/app/policy/gui/etc/mounted/policy-truststore" \
+  --volume "$LOGBACK_PATH:/opt/app/policy/gui/etc/mounted/logback.xml" \
+  --rm \
+  onap/policy-gui:latest
diff --git a/gui-server/extra/bin-for-dev/start-gui-server-jar.sh b/gui-server/extra/bin-for-dev/start-gui-server-jar.sh
new file mode 100755
index 0000000..5484356
--- /dev/null
+++ b/gui-server/extra/bin-for-dev/start-gui-server-jar.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+# This script changes directory so that application.yml, keystore,
+# and truststore will be in current directory before running jar.
+SCRIPTDIR=$(dirname ${BASH_SOURCE[0]})
+pushd "$SCRIPTDIR" || exit
+java -Dspring.profiles.active=dev -jar ../../target/gui-server-*.jar
+popd || exit
-- 
cgit 1.2.3-korg