Merge pull request #393 from bcgov/dev

Release PR Login and Regenerate Credentials
bcgov · May 18, 2022 · 8eea619 · 8eea619
2 parents e8e8a59 + d9dea79
commit 8eea619
Show file tree

Hide file tree

Showing 91 changed files with 2,618 additions and 376 deletions.
diff --git a/.github/workflows/ci-build-deploy.yaml b/.github/workflows/ci-build-deploy.yaml
@@ -132,7 +132,7 @@ jobs:
               runAsUser: ${{ secrets.RUNNING_UID_GID }}
           ' > values.yaml
           helm repo add bitnami https://charts.bitnami.com/bitnami
-          helm upgrade --install proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db -f values.yaml bitnami/mongodb
+          helm upgrade --install proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db --version 10.31.5 -f values.yaml bitnami/mongodb
 
       - name: 'Deploy Backend'
         run: |
@@ -167,14 +167,17 @@ jobs:
           oauthProxy:
             enabled: true
             image:
-              tag: v7.2.0
+              repository: ${{ env.REGISTRY }}/bcgov-dss/api-serv-infra/oauth2-proxy
+              tag: 7.2.1-8c743f0c
+              pullPolicy: IfNotPresent
+
             config:
               upstream: http://127.0.0.1:3000
               client-id: ${{ secrets.OIDC_CLIENT_ID }}
               client-secret: ${{ secrets.OIDC_CLIENT_SECRET }}
               oidc-issuer-url: ${{ secrets.OIDC_ISSUER }}
               redirect-url: https://api-services-portal-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}.apps.silver.devops.gov.bc.ca/oauth2/callback
-              skip-auth-regex: '/health|/public|/docs|/redirect|/_next|/images|/devportal|/manager|/about|/maintenance|/admin/session|/ds/api|/feed/|/signout|^[/]$'
+              skip-auth-regex: '/login|/health|/public|/docs|/redirect|/_next|/images|/devportal|/manager|/about|/maintenance|/admin/session|/ds/api|/feed/|/signout|^[/]$'
               whitelist-domain: authz-apps-gov-bc-ca.dev.api.gov.bc.ca
               skip-provider-button: 'true'
               profile-url: ${{ secrets.OIDC_ISSUER }}/protocol/openid-connect/userinfo

diff --git a/.github/workflows/scripts/feeder-init/dataset-test.yaml b/.github/workflows/scripts/feeder-init/dataset-test.yaml
@@ -0,0 +1,13 @@
+entity: Dataset
+record:
+  id: 'B234567890000000'
+  name: 'test-feature-product'
+  title: 'Test Feature Product'
+  notes: 'Product Notes'
+  tags: ['gateway', 'feature']
+  sector: 'Service'
+  license_title: 'Access Only'
+  view_audience: 'Government'
+  security_class: 'LOW-PUBLIC'
+  org: '7a66db63-26f4-4052-9cd5-3272b63910f8'
+  sub_org: '319b3297-846d-4b97-8095-ceb3ec505fb8'
diff --git a/.github/workflows/scripts/feeder-init/organization-unit.yaml b/.github/workflows/scripts/feeder-init/organization-unit.yaml
@@ -0,0 +1,20 @@
+entity: Organization
+record:
+  id: 7a66db63-26f4-4052-9cd5-3272b63910f8
+  type: organization
+  name: ministry-of-citizens-services
+  sector: ''
+  title: 'Ministry of Citizens Services'
+  tags: []
+  description: ''
+  extSource: ''
+  extRecordHash: ''
+  orgUnits:
+    - id: 319b3297-846d-4b97-8095-ceb3ec505fb8
+      name: databc
+      sector: ''
+      title: 'DataBC'
+      tags: []
+      description: ''
+      extSource: ''
+      extRecordHash: ''
diff --git a/.github/workflows/scripts/init.sh b/.github/workflows/scripts/init.sh
@@ -18,6 +18,8 @@ while true; do
         curl --fail -v http://localhost:8080/push -F yaml=@platform-authz-profile.yaml
         curl --fail -v http://localhost:8080/push -F yaml=@platform-dataset.yaml
         curl --fail -v http://localhost:8080/push -F yaml=@platform-gwa-api.yaml
+        curl --fail -v http://localhost:8080/push -F yaml=@scripts/feeder-init/organization-unit.yaml
+        curl --fail -v http://localhost:8080/push -F yaml=@scripts/feeder-init/dataset-test.yaml
         kill $FWD_PID
         break
     else

diff --git a/e2e/cypress.json b/e2e/cypress.json
@@ -23,5 +23,9 @@
     "JWKS_URL": "http://cypress-jwks-url.localtest.me:3500",
     "KONG_CONFIG_URL": "http://kong.localtest.me:8001",
     "BASE_URL": "http://oauth2proxy.localtest.me:4180"
+  },
+  "retries": {
+    "runMode": 2,
+    "openMode": 0
   }
 }
diff --git a/e2e/cypress/fixtures/access-manager.json b/e2e/cypress/fixtures/access-manager.json
@@ -5,7 +5,7 @@
       "password": "mark"
     }
   },
-  "namespace": "platform",
+  "namespace": "newplatform",
   "clientCredentials": {
     "namespace": "ccplatform"
   },

diff --git a/e2e/cypress/fixtures/api.json b/e2e/cypress/fixtures/api.json
@@ -3,6 +3,74 @@
     "headers": {
       "accept": "application/json"
     },
-    "endPoint": "ds/api/v2/organizations"
+    "endPoint": "ds/api/v2/organizations",
+    "orgExpectedList":
+      {
+        "name": "planning-and-innovation-division",
+        "title": "Planning and Innovation Division"
+      },
+    "orgName": "ministry-of-health"
+  },
+  "documentation": {
+    "endPoint": "ds/api/v2/namespaces/apiplatform/contents",
+    "headers": {
+      "accept": "application/json",
+      "content-type": "application/json"
+    },
+    "body": {
+      "externalLink": "https://externalsite/my_content",
+      "title": "my_content",
+      "description": "Summary of Test content",
+      "content": "Markdown content",
+      "order": 0,
+      "isPublic": true,
+      "isComplete": true,
+      "tags": ["tag1", "tag2"]
+    }
+  },
+  "authorizationProfiles": {
+    "body": {
+      "name": "my-auth-profile",
+      "description": "Auth connection to my IdP",
+      "flow": "client-credentials",
+      "clientAuthenticator": "client-secret",
+      "mode": "auto",
+      "environmentDetails": [
+        {
+          "environment": "dev",
+          "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master",
+          "clientRegistration": "managed",
+          "clientId": "cypress-auth-profile",
+          "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac"
+        }
+      ],
+      "owner": "janis@idir"
+    },
+    "endPoint": "ds/api/v2/namespaces/apiplatform/issuers",
+    "headers": {
+      "accept": "application/json",
+      "content-type": "application/json"
+    }
+  },
+  "products": {
+    "headers": {
+      "accept": "application/json",
+      "content-type": "application/json"
+    },
+    "endPoint": "ds/api/v2/namespaces/apiplatform/products",
+    "deleteEnvironmentEndPoint": "ds/api/v2/namespaces/apiplatform/environments",
+    "body": {
+      "name": "my-new-product",
+      "appId": "DRE123456",
+      "environments": [
+        {
+          "name": "test",
+          "active": false,
+          "approval": false,
+          "flow": "public",
+          "appId": "6754"
+        }
+      ]
+    }
   }
-}
+}
diff --git a/e2e/cypress/fixtures/apiowner.json b/e2e/cypress/fixtures/apiowner.json
@@ -5,12 +5,24 @@
       "password": "awsummer"
     }
   },
-  "namespace": "platform",
+  "namespace": "newplatform",
   "serviceAccount": {
     "scopes": ["GatewayConfig.Publish", "Namespace.Manage", "Content.Publish"]
   },
   "deleteResources": {
-    "namespace": "platform1"
+    "namespace": "deleteplatform",
+    "product": {
+      "name": "Delete-Auto Test Product",
+      "environment": {
+        "name": "dev",
+        "config": {
+          "terms": "Terms of Use for API Gateway",
+          "authorization": "Kong API Key with ACL Flow",
+          "optionalInstructions": "This is a automation test",
+          "serviceName": "a-service-for-deleteplatform"
+        }
+      }
+    }
   },
   "namespaceAccessPermissions": ["CredentialIssuer.Admin"],
   "product": {
@@ -23,7 +35,7 @@
         "terms": "Terms of Use for API Gateway",
         "authorization": "Kong API Key with ACL Flow",
         "optionalInstructions": "This is a automation test",
-        "serviceName": "a-service-for-platform"
+        "serviceName": "a-service-for-newplatform"
       }
     }
   },
@@ -33,6 +45,7 @@
       "authProfile": {
         "name": "cy-jwt-kp-auth",
         "flow": "Client Credential Flow",
+        "element":"cc-jwt-key",
         "clientAuthenticator": "Signed JWT - Generated Key Pair",
         "environmentConfig": {
           "environment": "Development",
@@ -58,6 +71,7 @@
       "authProfile": {
         "name": "cy-jwks-url-auth",
         "flow": "Client Credential Flow",
+        "element":"cc-jwt-jwks",
         "clientAuthenticator": "Signed JWT with JWKS URL",
         "environmentConfig": {
           "environment": "Sandbox",
@@ -96,6 +110,7 @@
       "authProfile": {
         "name": "cy-client-id-secret-auth",
         "flow": "Client Credential Flow",
+        "element":"cc-id-secret",
         "clientAuthenticator": "Client ID and Secret",
         "environmentConfig": {
           "environment": "Test",
@@ -172,5 +187,8 @@
       "userName" :"mark",
       "accessRole" :["Access.Manage","Namespace.View"]
     } 
+  },
+  "apiTest": {
+    "namespace": "apiplatform"
   }
 }
diff --git a/e2e/cypress/fixtures/credential-issuer.json b/e2e/cypress/fixtures/credential-issuer.json
@@ -10,14 +10,15 @@
   },
   "clientCredentials": {
       "authProfile": {
-        "name": "cy-jwt-kp-auth",
+        "name": "cc-jwt-key-123",
         "flow": "Client Credential Flow",
+        "element":"cc-jwt-key",
         "clientAuthenticator": "Signed JWT - Generated Key Pair",
         "environmentConfig": {
           "environment": "Development",
           "clientRegistration": "Managed",
           "idpIssuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master",
-          "clientId": "cypress-auth-profile",
+          "clientId": "cc-auth-profile",
           "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac"
         }
     }

diff --git a/e2e/cypress/fixtures/developer.json b/e2e/cypress/fixtures/developer.json
@@ -5,7 +5,7 @@
       "password": "local"
     }
   },
-  "namespace": "platform",
+  "namespace": "newplatform",
   "product": {
     "name": "Auto Test Product",
     "environment": "dev"

diff --git a/e2e/cypress/fixtures/manage-control/kong-plugin-config.json b/e2e/cypress/fixtures/manage-control/kong-plugin-config.json
@@ -17,6 +17,6 @@
     "username": "consumer1"
   },
   "keyAuth": {
-    "config.anonymous": "5f1c6410-be1c-468c-864b-10d7da7a0552"
+    "config.anonymous": "e63c9474-efd0-4e27-bb6f-f649f9661262"
   }
 }
diff --git a/e2e/cypress/fixtures/service-clear-resources.yml b/e2e/cypress/fixtures/service-clear-resources.yml
@@ -0,0 +1,19 @@
+services:
+- name: service-for-deleteplatform
+  host: httpbin.org
+  tags: [ns.deleteplatform]
+  port: 443
+  protocol: https
+  retries: 0
+  routes:
+  - name: service-for-deleteplatform-route
+    tags: [ns.deleteplatform]
+    hosts:
+      - service-for-deleteplatform.api.gov.bc.ca
+    paths:
+      - /
+    methods:
+      - GET
+    strip_path: false
+    https_redirect_status_code: 426
+    path_handling: v0
diff --git a/e2e/cypress/fixtures/service-plugin-key-auth-only.yml b/e2e/cypress/fixtures/service-plugin-key-auth-only.yml
@@ -1,15 +1,15 @@
 services:
-- name: a-service-for-platform
+- name: a-service-for-newplatform
   host: httpbin.org
-  tags: [ns.platform]
+  tags: [ns.newplatform]
   port: 443
   protocol: https
   retries: 0
   routes:
-  - name: a-service-for-platform-route
-    tags: [ns.platform]
+  - name: a-service-for-newplatform-route
+    tags: [ns.newplatform]
     hosts:
-      - a-service-for-platform.api.gov.bc.ca
+      - a-service-for-newplatform.api.gov.bc.ca
     paths:
       - /
     methods:
@@ -21,7 +21,7 @@ services:
 
   plugins:
   - name: key-auth
-    tags: [ ns.platform ]
+    tags: [ ns.newplatform ]
     protocols: [ http, https ]
     config:
       key_names: ["X-API-KEY"]

diff --git a/e2e/cypress/fixtures/service.yml b/e2e/cypress/fixtures/service.yml
@@ -1,15 +1,15 @@
 services:
-- name: a-service-for-platform
+- name: a-service-for-newplatform
   host: httpbin.org
-  tags: [ns.platform]
+  tags: [ns.newplatform]
   port: 443
   protocol: https
   retries: 0
   routes:
-  - name: a-service-for-platform-route
-    tags: [ns.platform]
+  - name: a-service-for-newplatform-route
+    tags: [ns.newplatform]
     hosts:
-      - a-service-for-platform.api.gov.bc.ca
+      - a-service-for-newplatform.api.gov.bc.ca
     paths:
       - /
     methods: