Merge pull request #1462 from Prafulrakhade/release-1.2.0.2

[MOSIP-33380] added helm and deploy script in mosip-functional-tests

deploy/authdemo/.gitignore

@@ -0,0 +1 @@
+hosts.ini

deploy/authdemo/README.md

@@ -0,0 +1,20 @@
+# Authdemo
+
+## Introduction
+Authdemo is used to execute IDA APIs used by Apitestrig & DSLrig.
+
+## Install
+* Install
+```sh
+./install.sh
+```
+
+## Uninstall
+* To uninstall Authdemo, run `delete.sh` script.
+```sh
+./delete.sh 
+```
+* During the execution of the `install.sh` script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
+* If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process.
+* The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file.
+* This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.

deploy/authdemo/copy_cm.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+# Copy configmaps from other namespaces
+# DST_NS: Destination namespace
+
+function copying_cm() {
+  COPY_UTIL=./copy_cm_func.sh
+  DST_NS=authdemo
+  $COPY_UTIL configmap config-server-share config-server $DST_NS
+  $COPY_UTIL configmap global default $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_cm   # calling function

deploy/authdemo/copy_cm_func.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# Copy configmap and secret from one namespace to another.
+# ./copy_cm_func.sh <resource> <configmap_name> <source_namespace> <destination_namespace> [name]
+# Parameters:
+#   resource: configmap|secret
+#   name: Optional new name of the configmap or secret in destination namespace.  This may be needed if there is
+#         clash of names
+
+if [ $1 = "configmap" ]
+then
+  RESOURCE=configmap
+elif [ $1 = "secret" ]
+then
+  RESOURCE=secret
+else
+  echo "Incorrect resource $1. Exiting.."
+  exit 1
+fi
+
+
+if [ $# -ge 5 ]
+then
+   kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5
+   kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f -  
+else
+   kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2
+   kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" |  kubectl -n $4 create -f -  
+fi 
+
+
+
+
+

deploy/authdemo/copy_secrets.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+# Copy secrets from other namespaces
+# DST_NS: Destination namespace
+
+function copying_secrets() {
+  COPY_UTIL=./copy_cm_func.sh
+  DST_NS=authdemo
+  $COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_secrets   # calling function

deploy/authdemo/delete.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Uninstalls authdemo
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function deleting_authdemo() {
+  NS=authdemo
+  while true; do
+      read -p "Are you sure you want to delete authdemo helm charts?(Y/n) " yn
+      if [ $yn = "Y" ]
+        then
+          helm -n $NS delete authdemo
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+deleting_authdemo   # calling function

deploy/authdemo/install.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# Installs authdemo
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=authdemo
+CHART_VERSION=12.1.0
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+
+function installing_authdemo() {
+  echo Istio label
+  kubectl label ns $NS istio-injection=enabled --overwrite
+  helm repo update
+
+  echo Copy configmaps
+  ./copy_cm.sh
+
+  echo Copy secrets
+  ./copy_secrets.sh
+
+  echo "Do you have public domain & valid SSL? (Y/n) "
+  echo "Y: if you have public domain & valid ssl certificate"
+  echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments."
+  read -p "" flag
+
+  if [ -z "$flag" ]; then
+    echo "'flag' was provided; EXITING;"
+    exit 1;
+  fi
+  ENABLE_INSECURE=''
+  if [ "$flag" = "n" ]; then
+    ENABLE_INSECURE='--set enable_insecure=true';
+  fi
+
+  read -p "Please provide NFS host : " NFS_HOST
+  read -p "Please provide NFS pem file for SSH login : " NFS_PEM_FILE
+  read -p "Please provide user for SSH login : " NFS_USER
+  echo -e "[nfs_server]\nnfsserver ansible_user=$NFS_USER ansible_host=$NFS_HOST ansible_ssh_private_key_file=$NFS_PEM_FILE" > hosts.ini
+  ansible-playbook -i hosts.ini nfs-server.yaml
+
+
+  echo Installing authdemo
+  helm -n $NS install authdemo mosip/authdemo $ENABLE_INSECURE \
+  --set persistence.nfs.server="$NFS_HOST" \
+  --version $CHART_VERSION --wait
+
+  echo Installed authdemo.
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+installing_authdemo   # calling function

deploy/authdemo/nfs-server.yaml

@@ -0,0 +1,64 @@
+---
+- name: Install NFS server setup for authdemo
+  hosts: "nfs_server"
+  become: yes
+  become_method: sudo
+  vars:
+    nfs_directories:
+      - name: /srv/nfs/mosip/packetcreator-authdemo-authcerts
+    nfs_exports:
+      "*(rw,sync,no_root_squash,no_all_squash,insecure,subtree_check)"
+
+  tasks:
+    - name: Install NFS server
+      apt:
+        name: nfs-kernel-server
+        state: present
+
+    - name: Enable necessary TCP ports for NFS
+      ufw:
+        rule: allow
+        port: "{{ item }}"
+        proto: tcp
+        state: enabled
+      with_items:
+        - '111'
+        - '2049'
+
+    - name: Enable necessary UDP ports for NFS
+      ufw:
+        rule: allow
+        port: "{{ item }}"
+        proto: udp
+        state: enabled
+      with_items:
+        - '111'
+        - '2049'
+
+    - name: Enable nfs server
+      command: 'systemctl enable nfs-server'
+
+    - name: Start nfs server
+      command: 'systemctl start nfs-server'
+
+    - name: Add user mosip
+      user:
+        name: mosip
+
+    - name: Create nfs mount folder
+      file:
+        path: '{{ item.name }}'
+        state: directory
+        owner: mosip
+        group: mosip
+      with_items: "{{ nfs_directories }}"
+
+    - name: Export NFS directories
+      lineinfile:
+        path: /etc/exports
+        line: "{{ item.name }} {{ nfs_exports }}"
+        state: present
+      with_items: "{{ nfs_directories }}"
+
+    - name: exportfs
+      command: 'exportfs -rav'

helm/authdemo/.gitignore

@@ -0,0 +1 @@
+charts/

helm/authdemo/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

helm/authdemo/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: authdemo
+description: A Helm chart to deploy authdemo for MOSIP modules
+type: application
+version: 12.1.0
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - authdemo
+maintainers:
+  - email: [email protected]
+    name: MOSIP

helm/authdemo/README.md

@@ -0,0 +1,10 @@
+# authdemo
+
+Helm chart to deploy authdemo for `MOSIP` modules
+
+## TL;DR
+
+```console
+$ helm repo add mosip https://mosip.github.io
+$ helm install my-release mosip/authdemo
+```

helm/authdemo/templates/NOTES.txt

@@ -0,0 +1 @@
+

helm/authdemo/templates/_helpers.tpl

@@ -0,0 +1,59 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "authdemo.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "authdemo.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "authdemo.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "authdemo.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "authdemo.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "authdemo.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "authdemo.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "authdemo.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}