diff options
| author |   Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2023-04-14 11:59:32 +0000 |
|---|---|---|
| committer | Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2023-04-14 11:59:32 +0000 |
| commit | d68841d9f75636575cd778838a8ceea5fd5aada3 (patch) | |
| tree | 778c84203ed9bfa4dc1c8234e4e2cf60da6ebd8c /development | |
| parent | 42af09588f1f839b9ab36356f02f34c89559bcfa (diff) | |
Upload ui
Issue-ID: PORTAL-1084
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Change-Id: Id0c94859a775094e67b0bb9c91ca5e776a08c068
Diffstat (limited to 'development')
| -rw-r--r-- | development/.env | 52 | ||||
| -rw-r--r-- | development/config/onap-realm.json | 228 | ||||
| -rw-r--r-- | development/docker-compose.yml | 90 | ||||
| -rw-r--r-- | development/request.http | 159 | ||||
| -rwxr-xr-x | development/run.sh | 7 | ||||
| -rwxr-xr-x | development/stop.sh | 8 |
6 files changed, 544 insertions, 0 deletions
diff --git a/development/.env b/development/.env new file mode 100644 index 0000000..e3b9b54 --- /dev/null +++ b/development/.env @@ -0,0 +1,52 @@ +# General image repository +IMAGE_REPOSITORY=nexus.onap.org/content/repositories/snapshots/org/onap/ + +# Keycloak +KEYCLOAK_IMAGE=quay.io/keycloak/keycloak +KEYCLOAK_VERSION=18.0.2-legacy +KEYCLOAK_USER=admin +KEYCLOAK_PASSWORD=password +KEYCLOAK_DB=keycloak +KEYCLOAK_DB_USER=keycloak +KEYCLOAK_DB_PASSWORD=password +KEYCLOAK_URL:http://keycloak-bff:8080 +KEYCLOAK_REALM:ONAP + +# Postgres database for keycloak +POSTGRES_IMAGE=postgres +POSTGRES_VERSION=15rc1 + +# Mongo database for portal-prefs and portal-history +MONGO_IMAGE=mongo +MONGO_VERSION=latest + +# portal-service +PORTAL_SERVICE_URL=http://portal-service:9000 +PORTAL_SERVICE_IMAGE_NAME=portal-service +PORTAL_SERVICE_IMAGE_TAG=0.1.0-d486ddb4 + +# portal-prefs +PORTAL_PREFS_URL=http://portal-prefs:9001 +PORTAL_PREFS_IMAGE_NAME=portal-prefs +PORTAL_PREFS_IMAGE_TAG=0.1.0-master-faef0c0e +PORTALPREFS_USERNAME=root +PORTALPREFS_PASSWORD=password +PORTALPREFS_DATABASE=Portalprefs +PORTALPREFS_HOST=mongo-prefs +PORTALPREFS_PORT=27017 + +# portal-history +PORTAL_HISTORY_URL=http://portal-history:9002 +PORTAL_HISTORY_IMAGE_NAME=portal-history +PORTAL_HISTORY_IMAGE_TAG=0.1.1-de369ace +PORTALHISTORY_USERNAME=root +PORTALHISTORY_PASSWORD=password +PORTALHISTORY_DATABASE=Portalhist +PORTALHISTORY_HOST=mongo-history +PORTALHISTORY_PORT=27017 + +# portal-bff +PORTAL_BFF_IMAGE_NAME=portal-bff +PORTAL_BFF_IMAGE_TAG=0.1.9-389a09e1 +KEYCLOAK_CLIENT_ID=portal-bff +KEYCLOAK_CLIENT_SECRET=pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr diff --git a/development/config/onap-realm.json b/development/config/onap-realm.json new file mode 100644 index 0000000..e8000ea --- /dev/null +++ b/development/config/onap-realm.json @@ -0,0 +1,228 @@ +{ + "id": "ONAP", + "realm": "ONAP", + "enabled": true, + "clients": [ + { + "clientId": "portal-app", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "http://localhost/*" + ], + "webOrigins": [ + "*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "name": "User-Roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "roles", + "multivalued": "true", + "userinfo.token.claim": "true" + } + }, + { + "name": "SDC-User", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "sdc_user", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "sdc_user", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, { + "clientId" : "portal-bff", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : true, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "frontchannel.logout.session.required" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "require.pushed.authorization.requests" : "false", + "saml.client.signature" : "false", + "saml.allow.ecp.flow" : "false", + "id.token.as.detached.signature" : "false", + "saml.assertion.signature" : "false", + "client.secret.creation.time" : "1665048112", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml.artifact.binding" : "false", + "saml_force_name_id_format" : "false", + "acr.loa.map" : "{}", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "token.response.type.bearer.lower-case" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "name" : "Client Host", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientHost", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientHost", + "jsonType.label" : "String" + } + }, { + "name" : "Client IP Address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientAddress", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientAddress", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }], + "users": [ + { + "createdTimestamp" : 1664965113698, + "username" : "onap-admin", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "attributes" : { + "sdc_user" : [ "cs0008" ] + }, + "credentials" : [ { + "type" : "password", + "createdDate" : 1664965134586, + "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-onap", "onap_admin" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "createdTimestamp" : 1665048354760, + "username" : "onap-designer", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "attributes" : { + "sec_user" : [ "cs0008" ] + }, + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-onap", "onap_designer" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "createdTimestamp" : 1665048547054, + "username" : "onap-operator", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "attributes" : { + "sdc_user" : [ "cs0008" ] + }, + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-onap", "onap_operator" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "createdTimestamp" : 1665048112458, + "username" : "service-account-portal-bff", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "serviceAccountClientId" : "portal-bff", + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-onap" ], + "clientRoles" : { + "realm-management" : [ "manage-realm", "manage-users" ] + }, + "notBefore" : 0, + "groups" : [ ] + } + ], + "attributes": { + "frontendUrl": "http://localhost:8080/auth/" + } +} diff --git a/development/docker-compose.yml b/development/docker-compose.yml new file mode 100644 index 0000000..6c6a0ad --- /dev/null +++ b/development/docker-compose.yml @@ -0,0 +1,90 @@ +version: '3' + +volumes: + postgres_data: + driver: local + +services: + postgres: + container_name: postgres-keycloak + image: "${POSTGRES_IMAGE}:${POSTGRES_VERSION}" + volumes: + - postgres_data:/var/lib/postgresql/data + environment: + POSTGRES_DB: ${KEYCLOAK_DB} + POSTGRES_USER: ${KEYCLOAK_DB_USER} + POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD} + keycloak: + container_name: keycloak-bff + image: "${KEYCLOAK_IMAGE}:${KEYCLOAK_VERSION}" + environment: + DB_VENDOR: POSTGRES + DB_ADDR: postgres-keycloak + DB_DATABASE: ${KEYCLOAK_DB} + DB_USER: ${KEYCLOAK_DB_USER} + DB_SCHEMA: public + DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD} + KEYCLOAK_USER: ${KEYCLOAK_USER} + KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD} + KEYCLOAK_IMPORT: /config/onap-realm.json + ports: + - 8080:8080 + volumes: + - ./config:/config + depends_on: + - postgres + mongo-history: + container_name: mongo-history + image: "${MONGO_IMAGE}:${MONGO_VERSION}" + environment: + MONGO_INITDB_ROOT_USERNAME: ${PORTALHISTORY_USERNAME} + MONGO_INITDB_ROOT_PASSWORD: ${PORTALHISTORY_PASSWORD} + portal-history: + container_name: portal-history + image: "${IMAGE_REPOSITORY}/${PORTAL_HISTORY_IMAGE_NAME}:${PORTAL_HISTORY_IMAGE_TAG}" + ports: + - 9002:9002 + environment: + PORTALHISTORY_USERNAME: ${PORTALHISTORY_USERNAME} + PORTALHISTORY_PASSWORD: ${PORTALHISTORY_PASSWORD} + PORTALHISTORY_DATABASE: ${PORTALHISTORY_DATABASE} + KEYCLOAK_URL: ${KEYCLOAK_URL} + KEYCLOAK_REALM: ${KEYCLOAK_REALM} + PORTALHISTORY_HOST: ${PORTALHISTORY_HOST} + PORTALHISTORY_PORT: ${PORTALHISTORY_PORT} + depends_on: + - mongo-history + mongo-prefs: + container_name: mongo-prefs + image: "${MONGO_IMAGE}:${MONGO_VERSION}" + environment: + MONGO_INITDB_ROOT_USERNAME: ${PORTALPREFS_USERNAME} + MONGO_INITDB_ROOT_PASSWORD: ${PORTALPREFS_PASSWORD} + portal-prefs: + container_name: portal-prefs + image: "${IMAGE_REPOSITORY}/${PORTAL_PREFS_IMAGE_NAME}:${PORTAL_PREFS_IMAGE_TAG}" + ports: + - 9001:9001 + environment: + PORTALPREFS_USERNAME: ${PORTALPREFS_USERNAME} + PORTALPREFS_PASSWORD: ${PORTALPREFS_PASSWORD} + PORTALPREFS_DATABASE: ${PORTALPREFS_DATABASE} + KEYCLOAK_URL: ${KEYCLOAK_URL} + KEYCLOAK_REALM: ${KEYCLOAK_REALM} + PORTALPREFS_HOST: ${PORTALPREFS_HOST} + PORTALPREFS_PORT: ${PORTALPREFS_PORT} + depends_on: + - mongo-prefs + portal-bff: + container_name: portal-bff + image: "${IMAGE_REPOSITORY}/${PORTAL_BFF_IMAGE_NAME}:${PORTAL_BFF_IMAGE_TAG}" + ports: + - 9080:9080 + environment: + KEYCLOAK_URL: ${KEYCLOAK_URL} + KEYCLOAK_REALM: ${KEYCLOAK_REALM} + KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID} + KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET} + PORTAL_SERVICE_URL: ${PORTAL_SERVICE_URL} + PORTAL_PREFS_URL: ${PORTAL_PREFS_URL} + PORTAL_HISTORY_URL: ${PORTAL_HISTORY_URL} diff --git a/development/request.http b/development/request.http new file mode 100644 index 0000000..8c2a695 --- /dev/null +++ b/development/request.http @@ -0,0 +1,159 @@ + +POST http://localhost:8080/auth/realms/ONAP/protocol/openid-connect/token +Content-Type: application/x-www-form-urlencoded + +client_id=portal-app&client_secret=&scope=openid&grant_type=password&username=onap-admin&password=password +> {% + client.global.set("access_token", response.body.access_token); + client.global.set("id_token", response.body.id_token); + %} + +### + +GET http://localhost:8080/auth/realms/ONAP/protocol/openid-connect/userinfo +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +> {% + client.global.set("user_id", response.body.sub); + client.global.set("user_name", response.body.preferred_username); + %} + +### + +POST http://localhost:9080/preferences +X-Request-Id: {{$uuid}} +Accept: application/json +Content-Type: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + + +{ + "properties": { + "dashboard": { + "apps": { + "availableTiles": [ + { + "type": "USER_LAST_ACTION_TILE", + "displayed": false + } + ], + "lastUserAction": { + "interval": "1H", + "filterType": "ALL" + } + } + } + } +} + +### + +GET http://localhost:9080/preferences +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} +X-Request-Id: {{$uuid}} + +### + +POST http://localhost:9080/actions/{{user_id}} +X-Request-Id: {{$uuid}} +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} +Content-Type: application/json + +{ + "userId": "{{user_id}}", + "actionCreatedAt": "{{$timestamp}}", + "action": { + "type": "DELETE", + "entity": "USERADMINISTRATION", + "entityParams": { + "userName": "uli", + "userId": "{{$randomInt}}" + } + } +} + +### + +GET http://localhost:9080/actions/{{user_id}}?page=1&pageSize=10&showLastHours=1 +X-Request-Id: {{$uuid}} +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### + +GET http://localhost:9080/actions?page=1&pageSize=10&showLastHours=1 +X-Request-Id: {{$uuid}} +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### request agains portal-service + +GET http://localhost:9080/key +X-Request-Id: {{$uuid}} +Accept: text/plain +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### + +GET http://localhost:9080/key/{{user_name}} +X-Request-Id: {{$uuid}} +Accept: text/plain +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### + +GET http://localhost:9080/tiles +X-Request-Id: {{$uuid}} +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### + +GET http://localhost:9080/tiles/1 +X-Request-Id: {{$uuid}} +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### request against keycloak + +GET http://localhost:9080/users +X-Request-Id: {{$uuid}} +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### + +GET http://localhost:9080/users/{{user_id}} +X-Request-Id: {{$uuid}} +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### + +GET http://localhost:9080/users/{{user_id}}/roles +X-Request-Id: {{$uuid}} +Accept: application/json +Authorization: Bearer {{access_token}} +X-Auth-Identity: Bearer {{id_token}} + +### + + + + + + diff --git a/development/run.sh b/development/run.sh new file mode 100755 index 0000000..72d8acf --- /dev/null +++ b/development/run.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +docker compose -f "$SCRIPT_DIR/docker-compose.yml" up -d + +cd $SCRIPT_DIR/.. +./local.sh diff --git a/development/stop.sh b/development/stop.sh new file mode 100755 index 0000000..4ef4493 --- /dev/null +++ b/development/stop.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +# shutdown all docker container +docker compose -f "$SCRIPT_DIR/docker-compose.yml" down -v + +# kill the npm process which server on port 80 +kill `lsof -t -i:80` |