diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
index c3a1f264..ed58250c 100644
--- a/.github/workflows/push-trigger.yml
+++ b/.github/workflows/push-trigger.yml
@@ -154,6 +154,71 @@ jobs:
GPG_SECRET: ${{ secrets.GPG_SECRET }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+ build-maven-MockMDS-local:
+ needs: build-maven-MockMDS
+ runs-on: ubuntu-latest
+ env:
+ NAMESPACE: ${{ secrets.dev_namespace_docker_hub }}
+ SERVICE_NAME: 'MockMDS'
+ SERVICE_LOCATION: 'MockMDS'
+ BUILD_ARTIFACT: 'mockmds-local'
+ steps:
+ - uses: actions/checkout@v3
+ - name: Set up JDK 21
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'temurin'
+ java-version: '21'
+ server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
+ settings-path: ${{ github.workspace }} # location for the settings.xml file
+
+ - name: Setup the settings file for ossrh server
+ run: echo " ossrh ${{secrets.ossrh_user}} ${{secrets.ossrh_secret}} ossrh true gpg2 ${{secrets.gpg_secret}} allow-snapshots true snapshots-repo https://oss.sonatype.org/content/repositories/snapshots false true releases-repo https://oss.sonatype.org/service/local/staging/deploy/maven2 true false sonar . https://sonarcloud.io false " > $GITHUB_WORKSPACE/settings.xml
+ - name: Build Mockmds with Maven
+ run: |
+ cd ${{ env.SERVICE_LOCATION}}
+ mvn clean package -s $GITHUB_WORKSPACE/settings.xml
+ - name: Ready the springboot artifacts
+ if: ${{ !contains(github.ref, 'master') || !contains(github.ref, 'main') }}
+ run: |
+ ## FIND JARS & COPY ONLY EXECUTABLE JARs STORED UNDER TARGET DIRECTORY
+ find ${{ env.SERVICE_LOCATION }} -path '*/target/*' -exec zip ${{ env.BUILD_ARTIFACT }}.zip {} +
+ - name: Upload the springboot jars
+ if: ${{ !contains(github.ref, 'master') || !contains(github.ref, 'main') }}
+ uses: actions/upload-artifact@v3
+ with:
+ name: ${{ env.BUILD_ARTIFACT }}
+ path: ${{ env.BUILD_ARTIFACT }}.zip
+ - uses: 8398a7/action-slack@v3
+ with:
+ status: ${{ job.status }}
+ fields: repo,message,author,commit,workflow,job # selectable (default: repo,message)
+ env:
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required
+ if: failure() # Pick up events even if the job fails or is canceled.
+ build-dockers_mockmds:
+ needs: build-maven-MockMDS-local
+ strategy:
+ matrix:
+ include:
+ - SERVICE_LOCATION: 'MockMDS'
+ SERVICE_NAME: 'mockmds'
+ BUILD_ARTIFACT: 'mockmds-local'
+ ONLY_DOCKER: true
+ fail-fast: false
+ name: ${{ matrix.SERVICE_NAME }}
+ uses: mosip/kattu/.github/workflows/docker-build.yml@master-java21
+ with:
+ SERVICE_LOCATION: ${{ matrix.SERVICE_LOCATION }}
+ SERVICE_NAME: ${{ matrix.SERVICE_NAME }}
+ BUILD_ARTIFACT: ${{ matrix.BUILD_ARTIFACT }}
+ ONLY_DOCKER: ${{ matrix.ONLY_DOCKER }}
+ secrets:
+ DEV_NAMESPACE_DOCKER_HUB: ${{ secrets.DEV_NAMESPACE_DOCKER_HUB }}
+ ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }}
+ RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
sonar_analysis_mock_abis:
needs: build-maven-mock-abis
if: "${{ github.event_name != 'pull_request' }}"
diff --git a/MockMDS/Dockerfile b/MockMDS/Dockerfile
new file mode 100644
index 00000000..63775eae
--- /dev/null
+++ b/MockMDS/Dockerfile
@@ -0,0 +1,77 @@
+FROM ubuntu:22.04
+
+ARG SOURCE
+ARG COMMIT_HASH
+ARG COMMIT_ID
+ARG BUILD_TIME
+LABEL source=${SOURCE}
+LABEL commit_hash=${COMMIT_HASH}
+LABEL commit_id=${COMMIT_ID}
+LABEL build_time=${BUILD_TIME}
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user=mosip
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_group=mosip
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_uid=1001
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_gid=1001
+
+# Set working directory
+WORKDIR /home/${container_user}
+
+ENV work_dir=/home/${container_user}
+
+# Copy files to the working directory
+
+COPY entrypoint.sh ${work_dir}/
+COPY ./MockMDS/target/ $work_dir/target/
+COPY ./mds-certgen/*.sh openssl.cnf ${work_dir}/
+
+# Install packages, download binaries, create user and group in a single RUN command
+RUN apt-get update && \
+ apt-get install -y curl openssl jq zip && \
+ groupadd -g ${container_user_gid} ${container_user_group} && \
+ useradd -u ${container_user_uid} -g ${container_user_group} -s /bin/sh -m ${container_user} && \
+ curl -O https://dl.min.io/client/mc/release/linux-amd64/archive/mc.RELEASE.2022-07-29T19-17-16Z && \
+ chmod +x mc.RELEASE.2022-07-29T19-17-16Z && \
+ mv mc.RELEASE.2022-07-29T19-17-16Z /usr/local/bin/mc && \
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+ install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl && \
+ rm kubectl && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/* && \
+ chmod +x ${work_dir}/*.sh && \
+ chown -R ${container_user}:${container_user} ${work_dir}
+
+# Debug step: List contents of the working directory
+RUN ls -la $work_dir
+
+# Switch to the container user
+USER ${container_user_uid}:${container_user_gid}
+
+WORKDIR ${work_dir}
+
+# Define environment variables
+ENV CA= \
+ SUBCA= \
+ CLIENT= \
+ COUNTRY= \
+ STATE= \
+ LOCATION= \
+ CERT_LOCATION=/home/mosip/certs \
+ mosip-api-internal-host= \
+ mosip_regproc_client_secret= \
+ mosip_deployment_client_secret= \
+ s3-host= \
+ s3-region= \
+ s3-user-key= \
+ s3-user-secret= \
+ s3-bucket-name=
+
+# Run the entrypoint.sh script
+ENTRYPOINT ["./entrypoint.sh"]
diff --git a/MockMDS/application.properties b/MockMDS/application.properties
index b1b38110..534e1af4 100644
--- a/MockMDS/application.properties
+++ b/MockMDS/application.properties
@@ -28,8 +28,8 @@ mosip.mock.sbi.file.face.deviceinfo.json=/Biometric Devices/Face/DeviceInfo.json
mosip.mock.sbi.file.face.devicediscovery.json=/Biometric Devices/Face/DeviceDiscovery.json
mosip.mock.sbi.file.face.streamimage=/Biometric Devices/Face/Stream Image/0.jpeg
mosip.mock.sbi.file.face.keys.keystorefilename=/Biometric Devices/Face/Keys/mosipface.p12
-mosip.mock.sbi.file.face.keys.keyalias=mosipface
-mosip.mock.sbi.file.face.keys.keystorepwd=mosipface
+mosip.mock.sbi.file.face.keys.keyalias=Device
+mosip.mock.sbi.file.face.keys.keystorepwd=$keystore_pwd
mosip.mock.sbi.file.face.keys.keystorefilename.ftm=/Biometric Devices/Face/Keys/mosipfaceftm.p12
mosip.mock.sbi.file.face.keys.keyalias.ftm=mosipfaceftm
mosip.mock.sbi.file.face.keys.keystorepwd.ftm=mosipfaceftm
@@ -41,8 +41,8 @@ mosip.mock.sbi.file.finger.slap.streamimage.left=/Biometric Devices/Finger/Slap/
mosip.mock.sbi.file.finger.slap.streamimage.right=/Biometric Devices/Finger/Slap/Stream Image/2.jpeg
mosip.mock.sbi.file.finger.slap.streamimage.thumb=/Biometric Devices/Finger/Slap/Stream Image/3.jpeg
mosip.mock.sbi.file.finger.slap.keys.keystorefilename=/Biometric Devices/Finger/Slap/Keys/mosipfingerslap.p12
-mosip.mock.sbi.file.finger.slap.keys.keyalias=mosipfingerslap
-mosip.mock.sbi.file.finger.slap.keys.keystorepwd=mosipfingerslap
+mosip.mock.sbi.file.finger.slap.keys.keyalias=Device
+mosip.mock.sbi.file.finger.slap.keys.keystorepwd=$keystore_pwd
mosip.mock.sbi.file.finger.slap.keys.keystorefilename.ftm=/Biometric Devices/Finger/Slap/Keys/mosipfingerslapftm.p12
mosip.mock.sbi.file.finger.slap.keys.keyalias.ftm=mosipfingerslapftm
mosip.mock.sbi.file.finger.slap.keys.keystorepwd.ftm=mosipfingerslapftm
@@ -51,8 +51,8 @@ mosip.mock.sbi.file.finger.single.digitalid.json=/Biometric Devices/Finger/Singl
mosip.mock.sbi.file.finger.single.deviceinfo.json=/Biometric Devices/Finger/Single/DeviceInfo.json
mosip.mock.sbi.file.finger.single.devicediscovery.json=/Biometric Devices/Finger/Single/DeviceDiscovery.json
mosip.mock.sbi.file.finger.single.keys.keystorefilename=/Biometric Devices/Finger/Single/Keys/mosipfingersingle.p12
-mosip.mock.sbi.file.finger.single.keys.keyalias=mosipfingersingle
-mosip.mock.sbi.file.finger.single.keys.keystorepwd=mosipfingersingle
+mosip.mock.sbi.file.finger.single.keys.keyalias=Device
+mosip.mock.sbi.file.finger.single.keys.keystorepwd=$keystore_pwd
mosip.mock.sbi.file.finger.single.keys.keystorefilename.ftm=/Biometric Devices/Finger/Single/Keys/mosipfingersingleftm.p12
mosip.mock.sbi.file.finger.single.keys.keyalias.ftm=mosipfingersingleftm
mosip.mock.sbi.file.finger.single.keys.keystorepwd.ftm=mosipfingersingleftm
@@ -64,8 +64,8 @@ mosip.mock.sbi.file.iris.double.streamimage.left=/Biometric Devices/Iris/Double/
mosip.mock.sbi.file.iris.double.streamimage.right=/Biometric Devices/Iris/Double/Stream Image/2.jpeg
mosip.mock.sbi.file.iris.double.streamimage.both=/Biometric Devices/Iris/Double/Stream Image/3.jpeg
mosip.mock.sbi.file.iris.double.keys.keystorefilename=/Biometric Devices/Iris/Double/Keys/mosipirisdouble.p12
-mosip.mock.sbi.file.iris.double.keys.keyalias=mosipirisdouble
-mosip.mock.sbi.file.iris.double.keys.keystorepwd=mosipirisdouble
+mosip.mock.sbi.file.iris.double.keys.keyalias=Device
+mosip.mock.sbi.file.iris.double.keys.keystorepwd=$keystore_pwd
mosip.mock.sbi.file.iris.double.keys.keystorefilename.ftm=/Biometric Devices/Iris/Double/Keys/mosipirisdoubleftm.p12
mosip.mock.sbi.file.iris.double.keys.keyalias.ftm=mosipirisdoubleftm
mosip.mock.sbi.file.iris.double.keys.keystorepwd.ftm=mosipirisdoubleftm
@@ -74,8 +74,8 @@ mosip.mock.sbi.file.iris.single.digitalid.json=/Biometric Devices/Iris/Single/Di
mosip.mock.sbi.file.iris.single.deviceinfo.json=/Biometric Devices/Iris/Single/DeviceInfo.json
mosip.mock.sbi.file.iris.single.devicediscovery.json=/Biometric Devices/Iris/Single/DeviceDiscovery.json
mosip.mock.sbi.file.iris.single.keys.keystorefilename=/Biometric Devices/Iris/Single/Keys/mosipirissingle.p12
-mosip.mock.sbi.file.iris.single.keys.keyalias=mosipirissingle
-mosip.mock.sbi.file.iris.single.keys.keystorepwd=mosipirissingle
+mosip.mock.sbi.file.iris.single.keys.keyalias=Device
+mosip.mock.sbi.file.iris.single.keys.keystorepwd=$keystore_pwd
mosip.mock.sbi.file.iris.single.keys.keystorefilename.ftm=/Biometric Devices/Iris/Single/Keys/mosipirissingleftm.p12
mosip.mock.sbi.file.iris.single.keys.keyalias.ftm=mosipirissingleftm
mosip.mock.sbi.file.iris.single.keys.keystorepwd.ftm=mosipirissingleftm
@@ -85,12 +85,12 @@ mosip.mock.sbi.file.folder.default=/Profile/Default
mosip.kernel.crypto.sign-algorithm-name=RS256
-mosip.auth.server.url=https://extint1.mosip.net/v1/authmanager/authenticate/clientidsecretkey
+mosip.auth.server.url=https://$API_INTERNAL_HOST/v1/authmanager/authenticate/clientidsecretkey
mosip.auth.appid=regproc
mosip.auth.clientid=mosip-regproc-client
-mosip.auth.secretkey=abc123
+mosip.auth.secretkey=$mosip_regproc_client_secret
-mosip.ida.server.url=https://extint1.mosip.net/idauthentication/v1/internal/getCertificate?applicationId=IDA&referenceId=IDA-FIR
+mosip.ida.server.url=https://$API_INTERNAL_HOST/idauthentication/v1/internal/getCertificate?applicationId=IDA&referenceId=IDA-FIR
mds_ERROR_0_msg_en=Success
@@ -159,5 +159,4 @@ mds_ERROR_806_msg_en=Device connected purpose should be for Auth only for Auth C
mds_ERROR_809_msg_en=Auth Capture request can not be done for Registration Devices
mds_ERROR_810_msg_en=Auth Capture unknown error
-mds_ERROR_999_msg_en=Unknown Error
-
+mds_ERROR_999_msg_en=Unknown Error
\ No newline at end of file
diff --git a/MockMDS/entrypoint.sh b/MockMDS/entrypoint.sh
new file mode 100755
index 00000000..a0ce78d0
--- /dev/null
+++ b/MockMDS/entrypoint.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/bash
+
+set -e
+
+# Execute certgen.sh to generate certificates
+echo -e "\nExecuting certgen.sh..."
+bash certgen.sh
+
+# Execute uploadcert.sh to authenticate and upload certificates
+echo -e "\nExecuting uploadcert.sh..."
+bash upload-certs.sh
+
+# Execute createp12.sh to create PKCS#12 files
+echo -e "\nExecuting createp12.sh..."
+bash createp12.sh
+
+# Execute updating-app-properties.sh
+echo -e "\nExecuting updating-app-properties.sh..."
+bash updating-app-properties.sh
+
+# Execute createp12.sh to create PKCS#12 files
+echo -e "\nExecuting upload-zip-to-s3.sh ..."
+bash upload-zip-to-s3.sh
+
+echo -e "\nAll scripts executed successfully."
diff --git a/MockMDS/mds-certgen/README.md b/MockMDS/mds-certgen/README.md
new file mode 100644
index 00000000..fa6dab31
--- /dev/null
+++ b/MockMDS/mds-certgen/README.md
@@ -0,0 +1,97 @@
+# Certificate Generation and Deployment Workflow
+
+This directory contains a set of shell scripts designed to automate the process of generating certificates, uploading them to a Partner Manager, creating PKCS#12 files, updating application properties, and packaging files for deployment. The scripts are designed to work together and are orchestrated through the `entrypoint.sh` script.
+
+## Table of Contents
+1. [Overview](#overview)
+2. [Scripts Description](#scripts-description)
+ - [certgen.sh](#certgensh)
+ - [upload-certs.sh](#upload-certssh)
+ - [createp12.sh](#createp12sh)
+ - [updating-app-properties.sh](#updating-app-propertiessh)
+ - [upload-zip-to-s3.sh](#upload-zip-to-s3sh)
+ - [entrypoint.sh](#entrypointsh)
+3. [Usage](#usage)
+
+## Overview
+
+This workflow automates the following tasks:
+1. Generating Root CA, Intermediate CA, and Client certificates.
+2. Authenticating with the Partner Manager and uploading the generated certificates.
+3. Creating PKCS#12 files for various devices.
+4. Updating the application properties file with runtime values.
+5. Packaging all necessary files into a ZIP archive and uploading it to a MinIO bucket.
+
+## Scripts Description
+
+### `certgen.sh`
+
+This script is responsible for generating certificates:
+- **Root CA Certificate**: A self-signed root certificate.
+- **Intermediate CA Certificate**: Signed by the Root CA.
+- **Client Certificate**: Signed by the Intermediate CA.
+
+**Key environment variables**:
+- `CA`, `SUBCA`, `CLIENT`, `COUNTRY`, `STATE`, `LOCATION`, `CERT_LOCATION`.
+
+**Output**:
+- Generates certificates and keys in the specified `CERT_LOCATION`.
+
+### `upload-certs.sh`
+
+This script handles the authentication with the Partner Manager and uploads the generated certificates:
+- Authenticates using `clientId` and `secretKey`.
+- Registers the partner and uploads the Root CA, Intermediate CA, and Client certificates.
+
+**Key environment variables**:
+- `mosip-api-internal-host`, `mosip_deployment_client_secret`, `CLIENT`.
+
+**Output**:
+- Uploads the certificates to the Partner Manager and saves the signed client certificate.
+
+### `createp12.sh`
+
+This script generates device-specific PKCS#12 (`.p12`) files:
+- Creates a private key and certificate for a device.
+- Exports the certificate and key into a PKCS#12 file.
+- Replaces existing `.p12` files with the newly generated one.
+
+**Key environment variables**:
+- `COUNTRY`, `STATE`, `LOCATION`, `CERT_LOCATION`.
+
+**Output**:
+- Creates and updates `.p12` files in specified directories.
+
+### `updating-app-properties.sh`
+
+This script updates the `application.properties` file with dynamic values at runtime:
+- Fetches internal host from Kubernetes ConfigMap.
+- Replaces placeholders in `application.properties` with the runtime values.
+
+**Output**:
+- Updates the `application.properties` file with the correct runtime values.
+
+### `upload-zip-to-s3.sh`
+
+This script packages all relevant files into a ZIP archive and uploads it to a MinIO bucket:
+- Zips the `target`, `.p12` certificates, `application.properties`, and `Biometric Devices` directories.
+- Configures the MinIO client (`mc`) and uploads the ZIP file.
+
+**Key environment variables**:
+- `s3-host`, `s3-region`, `s3-user-key`, `s3-user-secret`, `s3-bucket-name`.
+
+**Output**:
+- Uploads the ZIP archive to the specified MinIO bucket.
+
+### `entrypoint.sh`
+
+This is the main orchestration script that sequentially executes all the other scripts:
+1. Runs `certgen.sh` to generate certificates.
+2. Runs `upload-certs.sh` to authenticate and upload certificates.
+3. Runs `createp12.sh` to create PKCS#12 files.
+4. Runs `updating-app-properties.sh` to update the properties file.
+5. Runs `upload-zip-to-s3.sh` to package and upload the files.
+
+**Output**:
+- Executes all the scripts in sequence and provides a summary of the execution.
+
diff --git a/MockMDS/mds-certgen/certgen.sh b/MockMDS/mds-certgen/certgen.sh
new file mode 100755
index 00000000..dfc724ac
--- /dev/null
+++ b/MockMDS/mds-certgen/certgen.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+set -e
+
+## The script starts from here
+echo -e "\nUSAGE: bash create-certs.sh"
+echo "This script will create new rootCA, IntermediateCA & Partner certificates"
+
+# Check if any environment variable is empty
+: "${CA:?Need to set CA}"
+: "${SUBCA:?Need to set SUBCA}"
+: "${CLIENT:?Need to set CLIENT}"
+: "${COUNTRY:?Need to set COUNTRY}"
+: "${STATE:?Need to set STATE}"
+: "${LOCATION:?Need to set LOCATION}"
+: "${CERT_LOCATION:?Need to set CERT_LOCATION}"
+
+# Print key-value
+echo -e "\n========== Listing properties from environment variables =========="
+echo "CA = $CA"
+echo "SUBCA = $SUBCA"
+echo "CLIENT = $CLIENT"
+echo "COUNTRY = $COUNTRY"
+echo "STATE = $STATE"
+echo "LOCATION = $LOCATION"
+echo "CERT_LOCATION = $CERT_LOCATION"
+
+# Create certs directory
+mkdir -p "$CERT_LOCATION"
+
+# Certificate authority
+echo -e "\n========== Creating CA certificate =========="
+
+### Generating CA certs
+openssl genrsa -out "$CERT_LOCATION/RootCA.key" 4096
+openssl req -new -x509 -days 1826 -extensions v3_ca -key "$CERT_LOCATION/RootCA.key" -out "$CERT_LOCATION/RootCA.crt" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$CA/OU=$CA/CN=$CA/"
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_LOCATION/RootCA.key" -out "$CERT_LOCATION/RootCA.key.pkcs8"
+
+# Intermediate CA
+echo -e "\n========== Creating SUBCA certificate =========="
+
+### Generating SUBCA certs
+openssl genrsa -out "$CERT_LOCATION/IntermediateCA.key" 4096
+openssl req -new -key "$CERT_LOCATION/IntermediateCA.key" -out "$CERT_LOCATION/IntermediateCA.csr" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$SUBCA/OU=$SUBCA/CN=$SUBCA/"
+openssl x509 -req -days 1000 -extfile ./openssl.cnf -extensions v3_intermediate_ca -in "$CERT_LOCATION/IntermediateCA.csr" -CA "$CERT_LOCATION/RootCA.crt" -CAkey "$CERT_LOCATION/RootCA.key" -out "$CERT_LOCATION/IntermediateCA.crt" -set_serial 01
+openssl verify -CAfile "$CERT_LOCATION/RootCA.crt" "$CERT_LOCATION/IntermediateCA.crt"
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_LOCATION/IntermediateCA.key" -out "$CERT_LOCATION/IntermediateCA.key.pkcs8"
+
+# Client certificate from IntermediateCA
+echo -e "\n========== Creating CLIENT certificate =========="
+
+### Generating CLIENT certs
+openssl genrsa -out "$CERT_LOCATION/Client.key" 4096
+openssl req -new -key "$CERT_LOCATION/Client.key" -out "$CERT_LOCATION/Client.csr" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$CLIENT/OU=$CLIENT/CN=$CLIENT/"
+openssl x509 -req -extensions usr_cert -extfile ./openssl.cnf -days 1000 -in "$CERT_LOCATION/Client.csr" -CA "$CERT_LOCATION/IntermediateCA.crt" -CAkey "$CERT_LOCATION/IntermediateCA.key" -set_serial 04 -out "$CERT_LOCATION/Client.crt"
+openssl verify -CAfile "$CERT_LOCATION/RootCA.crt" -untrusted "$CERT_LOCATION/IntermediateCA.crt" "$CERT_LOCATION/Client.crt"
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_LOCATION/Client.key" -out "$CERT_LOCATION/Client.key.pkcs8"
diff --git a/MockMDS/mds-certgen/createp12.sh b/MockMDS/mds-certgen/createp12.sh
new file mode 100755
index 00000000..395b74fa
--- /dev/null
+++ b/MockMDS/mds-certgen/createp12.sh
@@ -0,0 +1,32 @@
+# Now generating different p12 certificates for device
+echo -e "\n========== Creating Device keys and export to keystore =========="
+
+# KEYSTORE_PWD=${KEYSTORE_PWD}
+# export KEYSTORE_PWD
+# echo "$KEYSTORE_PWD" > key.pwd
+keystore_pwd=mosip123
+
+openssl genrsa -out "$CERT_LOCATION/Device.key" 4096
+openssl req -new -key "$CERT_LOCATION/Device.key" -out "$CERT_LOCATION/Device.csr" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=Device/OU=Device/CN=Device/"
+openssl x509 -req -extensions usr_cert -extfile ./openssl.cnf -days 180 -in "$CERT_LOCATION/Device.csr" -CA "$CERT_LOCATION/mosip-signed-client.crt" -CAkey "$CERT_LOCATION/Client.key" -set_serial 05 -out "$CERT_LOCATION/signed-Device.crt"
+openssl pkcs12 -export -in "$CERT_LOCATION/signed-Device.crt" -inkey "$CERT_LOCATION/Device.key" -out "$CERT_LOCATION/Device.p12" -name "Device" -password pass:$keystore_pwd
+echo "Device certificate created and exported to Device.p12"
+
+echo -e "\n========== Replacing old .p12 files with new Device.p12 =========="
+
+# Define the target file paths
+declare -a TARGET_FILES=(
+ "$work_dir/target/Biometric Devices/Finger/Single/Keys/mosipfingersingle.p12"
+ "$work_dir/target/Biometric Devices/Finger/Slap/Keys/mosipfingerslap.p12"
+ "$work_dir/target/Biometric Devices/Iris/Double/Keys/mosipirisdouble.p12"
+ "$work_dir/target/Biometric Devices/Iris/Single/Keys/mosipirissingle.p12"
+ "$work_dir/target/Biometric Devices/Face/Keys/mosipface.p12"
+)
+
+# Loop through each target file and copy the new Device.p12
+for TARGET_FILE in "${TARGET_FILES[@]}"; do
+ echo "Replacing $TARGET_FILE with Device.p12"
+ cp "$CERT_LOCATION/Device.p12" "$TARGET_FILE"
+done
+
+echo -e "Replacement complete."
\ No newline at end of file
diff --git a/MockMDS/mds-certgen/openssl.cnf b/MockMDS/mds-certgen/openssl.cnf
new file mode 100644
index 00000000..d537177c
--- /dev/null
+++ b/MockMDS/mds-certgen/openssl.cnf
@@ -0,0 +1,29 @@
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
diff --git a/MockMDS/mds-certgen/updating-app-properties.sh b/MockMDS/mds-certgen/updating-app-properties.sh
new file mode 100755
index 00000000..28cec68f
--- /dev/null
+++ b/MockMDS/mds-certgen/updating-app-properties.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Define the placeholders and their respective runtime values from environment variables
+keystore_pwd=mosip123
+echo "keystore_pwd: $keystore_pwd"
+
+# Fetch API_INTERNAL_HOST from Kubernetes ConfigMap
+API_INTERNAL_HOST=$(kubectl get cm global -o jsonpath='{.data.mosip-api-internal-host}')
+
+# Print the fetched API_INTERNAL_HOST for verification
+echo "API_INTERNAL_HOST: $API_INTERNAL_HOST"
+
+# Path to your application.properties file
+PROPERTIES_FILE="target/application.properties"
+
+# Update the placeholders in the application.properties file
+sed -i "s|\$API_INTERNAL_HOST|$API_INTERNAL_HOST|g" $PROPERTIES_FILE
+sed -i "s|\$mosip_regproc_client_secret|$mosip_regproc_client_secret|g" $PROPERTIES_FILE
+sed -i "s|\$keystore_pwd|$keystore_pwd|g" $PROPERTIES_FILE
+
+echo "application.properties updated successfully."
+
+# Optionally, print out the updated application.properties for verification
+cat $PROPERTIES_FILE
diff --git a/MockMDS/mds-certgen/upload-certs.sh b/MockMDS/mds-certgen/upload-certs.sh
new file mode 100755
index 00000000..7615a531
--- /dev/null
+++ b/MockMDS/mds-certgen/upload-certs.sh
@@ -0,0 +1,177 @@
+# Authentication
+auth_url_env=https://$( printenv mosip-api-internal-host )
+client=mosip-deployment-client
+secret=${mosip_deployment_client_secret}
+date=$(date --utc +%FT%T.%3NZ)
+
+echo -e "\n========== Authenticating with partnermanager =========="
+
+# Make the request
+response=$(curl -s -D - -o /dev/null -X 'POST' \
+ "$auth_url_env/v1/authmanager/authenticate/clientidsecretkey" \
+ -H 'accept: */*' \
+ -H 'Content-Type: application/json' \
+ -d '{
+ "id": "string",
+ "version": "string",
+ "requesttime": "'$date'",
+ "metadata": {},
+ "request": {
+ "clientId": "'$client'",
+ "secretKey": "'$secret'",
+ "appId": "partner"
+ }
+}') > "$CERT_LOCATION/temp.txt"
+
+# Extract the TOKEN
+TOKEN=$(echo "$response" | grep -i 'Authorization:' | awk '{print $2}' | tr -d '\r')
+
+if [[ -z $TOKEN ]]; then
+ echo "Authentication Failed / TOKEN not found"
+ exit 1
+fi
+
+echo "TOKEN: $TOKEN"
+
+partnermanagerUrl=https://$( printenv mosip-api-internal-host )
+RAND_MOBILE_NO=$(tr -cd '[:digit:]' < /dev/urandom | fold -w 10 | head -n 1)
+RAND_EMAIL_ID=$( echo "$(openssl rand -hex 10)@gmail.com" )
+echo "RAND_EMAIL_ID: $RAND_EMAIL_ID"
+
+echo -e "\n========== Adding Device Partner =========="
+
+# Upload partner self registration
+partner_status=$(curl -X 'POST' \
+ "$partnermanagerUrl/v1/partnermanager/partners" \
+ -H 'accept: */*' \
+ -H 'Content-Type: application/json' \
+ --cookie "Authorization=$TOKEN" \
+ -d '{
+ "id": "string",
+ "metadata": {},
+ "request": {
+ "address": "bangalore",
+ "contactNumber": "'"$RAND_MOBILE_NO"'",
+ "emailId": "'"$RAND_EMAIL_ID"'",
+ "organizationName": "'"$CLIENT"'",
+ "partnerId": "'"$CLIENT"'",
+ "partnerType": "Device_Provider",
+ "policyGroup": "mosip policy group",
+ "langCode": "eng"
+ },
+ "requesttime": "'$date'",
+ "version": "string"
+ }') > "$CERT_LOCATION/CA.txt"
+
+# Debugging Response
+echo "partner_status response: $partner_status"
+
+response=$(echo $partner_status | jq .response)
+if [[ $response == null ]]; then
+ echo $partner_status | jq .errors[0].message
+else
+ echo $partner_status | jq .response.status
+fi
+
+# Extract and upload Root CA
+rootCA=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' "$CERT_LOCATION/RootCA.crt" | sed 's/\\n$//')
+intermediateCA=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' "$CERT_LOCATION/IntermediateCA.crt" | sed 's/\\n$//')
+clientCRT=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' "$CERT_LOCATION/Client.crt" | sed 's/\\n$//')
+
+echo -e "\n========== Uploading Root CA Certificate to Partner Manager =========="
+
+# Upload Root CA Certificate
+upload_CA_Certificate_status=$(curl -X 'POST' \
+ "$partnermanagerUrl/v1/partnermanager/partners/certificate/ca/upload" \
+ -H 'accept: */*' \
+ -H 'Content-Type: application/json' \
+ --cookie "Authorization=$TOKEN" \
+ -d '{ "id": "string",
+ "metadata": {},
+ "request": {
+ "certificateData": "'"$rootCA"'",
+ "partnerDomain": "DEVICE"
+ },
+ "requesttime": "'"$date"'",
+ "version": "string"
+ }') > "$CERT_LOCATION/CA.txt"
+
+# Debugging Response
+echo "upload_CA_Certificate_status response: $upload_CA_Certificate_status"
+
+response=$(echo $upload_CA_Certificate_status | jq .response)
+if [[ $response == null ]]; then
+ echo $upload_CA_Certificate_status | jq .errors[0].message
+else
+ echo $upload_CA_Certificate_status | jq .response.status
+fi
+
+echo -e "\n========== Uploading Intermediate CA Certificate to Partner Manager =========="
+
+# Upload Intermediate CA Certificate
+upload_IntermediateCA_status=$(curl -X 'POST' \
+ "$partnermanagerUrl/v1/partnermanager/partners/certificate/ca/upload" \
+ -H 'accept: */*' \
+ -H 'Content-Type: application/json' \
+ --cookie "Authorization=$TOKEN" \
+ -d '{ "id": "string",
+ "metadata": {},
+ "request": {
+ "certificateData": "'"$intermediateCA"'",
+ "partnerDomain": "DEVICE"
+ },
+ "requesttime": "'"$date"'",
+ "version": "string"
+ }') > "$CERT_LOCATION/CA.txt"
+
+# Debugging Response
+echo "upload_IntermediateCA_status response: $upload_IntermediateCA_status"
+
+response=$(echo $upload_IntermediateCA_status | jq .response)
+if [[ $response == null ]]; then
+ echo $upload_IntermediateCA_status | jq .errors[0].message
+else
+ echo $upload_IntermediateCA_status | jq .response.status
+fi
+
+echo -e "\n========== Uploading Client Certificate to Partner Manager =========="
+
+# Upload Client Certificate
+upload_Client_Certificate_status=$(curl -X 'POST' \
+ "$partnermanagerUrl/v1/partnermanager/partners/certificate/upload" \
+ -H 'accept: */*' \
+ -H 'Content-Type: application/json' \
+ --cookie "Authorization=$TOKEN" \
+ -d '{ "id": "string",
+ "metadata": {},
+ "request": {
+ "certificateData": "'"$clientCRT"'",
+ "partnerDomain": "DEVICE",
+ "partnerId": "'"$CLIENT"'"
+ },
+ "requesttime": "'"$date"'",
+ "version": "string"
+ }') > "$CERT_LOCATION/CA.txt"
+
+# Debugging Response
+echo "upload_Client_Certificate_status response: $upload_Client_Certificate_status"
+
+response=$(echo $upload_Client_Certificate_status | jq .response)
+if [[ $response == null ]]; then
+ echo $upload_Client_Certificate_status | jq .errors[0].message
+else
+ echo $upload_Client_Certificate_status | jq .response.status
+fi
+
+# Extract the signedCertificateData
+certificate=$(echo "$upload_Client_Certificate_status" | jq -r '.response.signedCertificateData')
+
+if [[ -z $certificate ]]; then
+ echo "Certificate not found"
+ exit 1
+fi
+
+# Save the certificate to the file
+echo -e "$certificate" > "$CERT_LOCATION/mosip-signed-client.crt"
+
+echo "Certificate saved to $CERT_LOCATION/mosip-signed-client.crt"
\ No newline at end of file
diff --git a/MockMDS/mds-certgen/upload-zip-to-s3.sh b/MockMDS/mds-certgen/upload-zip-to-s3.sh
new file mode 100755
index 00000000..500a81f4
--- /dev/null
+++ b/MockMDS/mds-certgen/upload-zip-to-s3.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Extract environment variables
+S3_HOST=$(printenv s3-host)
+S3_REGION=$(printenv s3-region)
+S3_USER_KEY=$(printenv s3-user-key)
+S3_USER_SECRET=$(printenv s3-user-secret)
+S3_BUCKET_NAME=$(printenv s3-bucket-name)
+
+# Set region option if defined
+if [ ! -z "$S3_REGION" ]; then
+ S3_REGION="--region $S3_REGION"
+else
+ S3_REGION=''
+fi
+
+echo -e "\n\n=========================== PACKAGING AND UPLOADING ================================================\n"
+
+# Zip the target, p12 certificates, and application.properties
+echo -e "\nPackaging files into mockmds.zip..."
+zip -r $work_dir/mockmds.zip $work_dir/target $work_dir/MockMDS/* $work_dir/certs/ $work_dir/application.properties $work_dir/'Biometric Devices'
+
+echo -e "\n\n=========================== CONFIGURING MINIO CLIENT ================================================\n"
+# Configure mc client
+
+mc alias set s3 "$S3_HOST" "$S3_USER_KEY" "$S3_USER_SECRET" --api=S3v2
+
+# Create bucket if it does not exist
+mc mb s3/"$S3_BUCKET_NAME" --ignore-existing $S3_REGION
+
+# Upload the zip to MinIO
+echo -e "\nUploading mockmds.zip to MinIO..."
+mc cp $work_dir/mockmds.zip "s3/$S3_BUCKET_NAME/"
+
+echo -e "\n\nmockmds.zip uploaded to MinIO bucket $S3_BUCKET_NAME"
\ No newline at end of file
diff --git a/MockMDS/openssl.cnf b/MockMDS/openssl.cnf
new file mode 100644
index 00000000..d537177c
--- /dev/null
+++ b/MockMDS/openssl.cnf
@@ -0,0 +1,29 @@
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
diff --git a/deploy/copy_cm.sh b/deploy/copy_cm.sh
index f7aa805b..d62488ae 100755
--- a/deploy/copy_cm.sh
+++ b/deploy/copy_cm.sh
@@ -3,15 +3,27 @@
# DST_NS: Destination namespace
function copying_cm() {
- UTIL_URL=https://github.com/mosip/mosip-infra/blob/master/deployment/v3/utils/copy_cm_func.sh
+ UTIL_URL=https://raw.githubusercontent.com/mosip/mosip-infra/master/deployment/v3/utils/copy_cm_func.sh
COPY_UTIL=./copy_cm_func.sh
- DST_NS=abis
- UTIL_URL=https://github.com/mosip/mosip-infra/blob/master/deployment/v3/utils/copy_cm_func.sh
+ # Check if copy_cm_func.sh exists, download if not
+ if [ ! -f "$COPY_UTIL" ]; then
+ echo "Downloading copy_cm_func.sh from $UTIL_URL"
+ wget -q "$UTIL_URL" -O "$COPY_UTIL"
+ chmod +x "$COPY_UTIL"
+ fi
+ # Copy configmaps for $NS which is abis
+ DST_NS=abis
+ echo "Copying configmaps to namespace $DST_NS"
$COPY_UTIL configmap global default $DST_NS
- $COPY_UTIL configmap config-server-share config-server $DST_NS
$COPY_UTIL configmap artifactory-share artifactory $DST_NS
+ $COPY_UTIL configmap config-server-share config-server $DST_NS
+
+ # Copy configmaps for $MDSNS which is mds
+ DST_NS=mds
+ echo "Copying configmaps to namespace $DST_NS"
+ $COPY_UTIL configmap global default $DST_NS
return 0
}
diff --git a/deploy/copy_secrets.sh b/deploy/copy_secrets.sh
new file mode 100755
index 00000000..9fe8eae0
--- /dev/null
+++ b/deploy/copy_secrets.sh
@@ -0,0 +1,30 @@
+##!/bin/bash
+# Copy secrets from other namespaces
+# DST_NS: Destination namespace
+
+function copying_secrets() {
+ UTIL_URL=https://raw.githubusercontent.com/mosip/mosip-infra/master/deployment/v3/utils/copy_cm_func.sh
+ COPY_UTIL=./copy_cm_func.sh
+ DST_NS=mds
+
+ # Check if copy_cm_func.sh exists, download if not
+ if [ ! -f "$COPY_UTIL" ]; then
+ echo "Downloading copy_cm_func.sh from $UTIL_URL"
+ wget -q "$UTIL_URL" -O "$COPY_UTIL"
+ chmod +x "$COPY_UTIL"
+ fi
+ echo "Copying configmaps to namespace $DST_NS"
+ $COPY_UTIL secret s3 s3 $DST_NS
+ $COPY_UTIL secret keycloak keycloak $DST_NS
+ $COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS
+
+ return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace # trace ERR through 'time command' and other functions
+set -o pipefail # trace ERR through pipes
+copying_secrets # calling function
diff --git a/deploy/delete.sh b/deploy/delete.sh
index b0f3c9ee..4eaf61a9 100755
--- a/deploy/delete.sh
+++ b/deploy/delete.sh
@@ -2,14 +2,15 @@
# Uninstalls mocks
function mock() {
- NS=mock-smtp
- ABISNS=abis
+ NS=abis
+ MDSNS=mds
while true; do
- read -p "Are you sure you want to delete mock smtp helm chart?(Y/n) " yn
+ read -p "Are you sure you want to delete mock helm chart?(Y/n) " yn
if [ $yn = "Y" ]
then
- helm -n $ABISNS delete mock-abis
- helm -n $ABISNS delete mock-mv
+ helm -n $NS delete mock-abis
+ helm -n $NS delete mock-mv
+ helm -n $MDSNS delete mock-mds
break
else
break
diff --git a/deploy/install.sh b/deploy/install.sh
index 63665258..248aee4a 100755
--- a/deploy/install.sh
+++ b/deploy/install.sh
@@ -7,33 +7,74 @@ if [ $# -ge 1 ] ; then
fi
NS=abis
+MDSNS=mds
CHART_VERSION=0.0.1-develop
-echo Create $NS namespace
+echo "Create $NS namespace"
kubectl create ns $NS
+echo "Create $MDSNS namespace"
+kubectl create ns $MDSNS
+
function mock() {
- echo Istio label
+ echo "Istio label for $NS"
kubectl label ns $NS istio-injection=enabled --overwrite
+
helm repo update
echo "Copy configmaps"
sed -i 's/\r$//' copy_cm.sh
./copy_cm.sh
- echo Istio label
- kubectl label ns $NS istio-injection=enabled --overwrite
- helm repo update
+ echo "Configuring mock-mds"
+
+ # Additional configuration for mock-mds
+ echo "Copy secrets"
+ sed -i 's/\r$//' copy_secrets.sh
+ ./copy_secrets.sh
+
+ read -p "Provide mockmds bucket name: " s3_bucket
+ if [[ -z $s3_bucket ]]; then
+ echo "s3_bucket not provided; EXITING;"
+ exit 1
+ fi
+ if [[ $s3_bucket == *[' !@#$%^&*()+']* ]]; then
+ echo "s3_bucket should not contain spaces / any special character; EXITING"
+ exit 1
+ fi
- echo Installing mock-mv
+ read -p "Provide mockmds s3 bucket region: " s3_region
+ if [[ $s3_region == *[' !@#$%^&*()+']* ]]; then
+ echo "s3_region should not contain spaces / any special character; EXITING"
+ exit 1
+ fi
+
+ read -p "Provide S3 URL: " s3_url
+ if [[ -z $s3_url ]]; then
+ echo "s3_url not provided; EXITING;"
+ exit 1
+ fi
+
+ s3_user_key=$(kubectl -n s3 get cm s3 -o json | jq -r '.data."s3-user-key"')
+
+
+ echo "Installing mock-mv in $NS"
helm -n $NS install mock-mv mosip/mock-mv --version $CHART_VERSION
- echo Installing mock-abis
+ echo "Installing mock-abis in $NS"
helm -n $NS install mock-abis mosip/mock-abis --version $CHART_VERSION
- kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status
+ echo "Installing mock-mds with provided configuration"
+ helm -n $MDSNS install mock-mds mosip/mock-mds \
+ --set mockmds.configmaps.s3.s3-host="$s3_url" \
+ --set mockmds.configmaps.s3.s3-user-key="$s3_user_key" \
+ --set mockmds.configmaps.s3.s3-region="$s3_region" \
+ --set mockmds.configmaps.s3.s3-bucket-name="$s3_bucket" \
+ -f values.yaml \
+ --wait-for-jobs \
+ --version $CHART_VERSION
- echo Installed mock services
+ echo "Reports are moved to S3 under mockmds bucket"
return 0
}
@@ -43,4 +84,5 @@ set -o errexit ## set -e : exit the script if any statement returns a non-true
set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
set -o errtrace # trace ERR through 'time command' and other functions
set -o pipefail # trace ERR through pipes
+
mock # calling function
diff --git a/deploy/values.yaml b/deploy/values.yaml
new file mode 100644
index 00000000..a40a524f
--- /dev/null
+++ b/deploy/values.yaml
@@ -0,0 +1,9 @@
+mockmds:
+ configmaps:
+ certs:
+ CA: ca
+ SUBCA: subca
+ CLIENT: mds
+ COUNTRY: IN
+ STATE: KAR
+ LOCATION: Bangalore
diff --git a/helm/mock-mds/.gitignore b/helm/mock-mds/.gitignore
new file mode 100644
index 00000000..b3c94bf6
--- /dev/null
+++ b/helm/mock-mds/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Charts.lock
diff --git a/helm/mock-mds/.helmignore b/helm/mock-mds/.helmignore
new file mode 100644
index 00000000..f0c13194
--- /dev/null
+++ b/helm/mock-mds/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/mock-mds/Chart.yaml b/helm/mock-mds/Chart.yaml
new file mode 100644
index 00000000..56bc8717
--- /dev/null
+++ b/helm/mock-mds/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: mock-mds
+description: A Helm chart for mock-mds default partners for MOSIP sandbox.
+type: application
+version: 0.0.1-develop
+appVersion: ""
+dependencies:
+ - name: common
+ repository: https://charts.bitnami.com/bitnami
+ tags:
+ - bitnami-common
+ version: 1.x.x
+home: https://mosip.io
+keywords:
+ - mosip
+ - mock-mds
+maintainers:
+ - email: info@mosip.io
+ name: MOSIP
diff --git a/helm/mock-mds/templates/_helpers.tpl b/helm/mock-mds/templates/_helpers.tpl
new file mode 100644
index 00000000..120b133a
--- /dev/null
+++ b/helm/mock-mds/templates/_helpers.tpl
@@ -0,0 +1,58 @@
+{{/*
+Return the proper image name
+*/}}
+{{- define "mock-mds.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "mock-mds.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "mock-mds.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "mock-mds.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "mock-mds.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "mock-mds.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "mock-mds.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "mock-mds.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/mock-mds/templates/configmap.yaml b/helm/mock-mds/templates/configmap.yaml
new file mode 100644
index 00000000..ab378219
--- /dev/null
+++ b/helm/mock-mds/templates/configmap.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.mockmds.configmaps }}
+{{- range $cm_name, $cm_value := .Values.mockmds.configmaps | default (dict) }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ $cm_name }}
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "common.labels.standard" $ | nindent 4 }}
+ {{- if $.Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ annotations:
+ {{- if $.Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ {{- range $key, $value := $cm_value }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/helm/mock-mds/templates/job.yaml b/helm/mock-mds/templates/job.yaml
new file mode 100644
index 00000000..546a5dd9
--- /dev/null
+++ b/helm/mock-mds/templates/job.yaml
@@ -0,0 +1,62 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "common.names.fullname" $ }}
+ labels: {{- include "common.labels.standard" $ | nindent 4 }}
+ {{- if $.Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ annotations:
+ {{- if $.Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ backoffLimit: {{ $.Values.backoffLimit }}
+ template:
+ metadata:
+ labels: {{- include "common.labels.standard" $ | nindent 10 }}
+ {{- if $.Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 10 }}
+ {{- end }}
+ annotations:
+ {{- if $.Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 10 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "mock-mds.serviceAccountName" $ }}
+ securityContext:
+ {{- toYaml $.Values.jobSecurityContext | nindent 8 }}
+ restartPolicy: Never # This is one time job
+ containers:
+ - name: {{ template "common.names.fullname" $ }}
+ securityContext: {{- toYaml $.Values.securityContext | nindent 12 }}
+ image: {{ template "mock-mds.image" $ }}
+ imagePullPolicy: {{ $.Values.image.pullPolicy }}
+ envFrom:
+ {{- if $.Values.mockmds.configmaps }}
+ {{- range $cm_name, $cm_value := $.Values.mockmds.configmaps }}
+ - configMapRef:
+ name: {{ $cm_name }}
+ {{- end }}
+ {{- end }}
+ {{- if $.Values.mockmds.secrets }}
+ {{- range $secret_name, $secret_value := $.Values.mockmds.secrets }}
+ - secretRef:
+ name: {{ $secret_name }}
+ {{- end }}
+ {{- end }}
+ {{- if $.Values.extraEnvVarsSecret }}
+ {{- range $.Values.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- if $.Values.extraEnvVarsCM }}
+ {{- range $.Values.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- if $.Values.resources }}
+ resources: {{- toYaml $.Values.resources | nindent 12 }}
+ {{- end }}
\ No newline at end of file
diff --git a/helm/mock-mds/templates/role.yaml b/helm/mock-mds/templates/role.yaml
new file mode 100644
index 00000000..bc8490e2
--- /dev/null
+++ b/helm/mock-mds/templates/role.yaml
@@ -0,0 +1,9 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ namespace: {{ .Release.Namespace }}
+ name: "{{ .Values.job.rolename }}-{{ .Release.Namespace }}"
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get"]
diff --git a/helm/mock-mds/templates/rolebinding.yaml b/helm/mock-mds/templates/rolebinding.yaml
new file mode 100644
index 00000000..7c161b66
--- /dev/null
+++ b/helm/mock-mds/templates/rolebinding.yaml
@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: "{{ .Values.job.rolebindingname }}-{{ .Release.Namespace }}"
+ namespace: {{ .Release.Namespace }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "mock-mds.serviceAccountName" $ }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: "{{ .Values.job.rolename }}-{{ .Release.Namespace }}"
+ apiGroup: rbac.authorization.k8s.io
diff --git a/helm/mock-mds/templates/secret.yaml b/helm/mock-mds/templates/secret.yaml
new file mode 100644
index 00000000..2dc938a1
--- /dev/null
+++ b/helm/mock-mds/templates/secret.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.mockmds.secrets }}
+{{- range $secret_name, $secret_value := .Values.mockmds.secrets | default (dict) }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secret_name }}
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "common.labels.standard" $ | nindent 4 }}
+ {{- if $.Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ annotations:
+ {{- if $.Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: Opaque
+data:
+ {{- range $key, $value := $secret_value }}
+ {{ $key }}: {{ $value | b64enc | quote }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/helm/mock-mds/templates/serviceaccount.yaml b/helm/mock-mds/templates/serviceaccount.yaml
new file mode 100644
index 00000000..37526f12
--- /dev/null
+++ b/helm/mock-mds/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "mock-mds.serviceAccountName" . }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/helm/mock-mds/values.yaml b/helm/mock-mds/values.yaml
new file mode 100644
index 00000000..384cc26d
--- /dev/null
+++ b/helm/mock-mds/values.yaml
@@ -0,0 +1,350 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+# imageRegistry: myRegistryName
+# imagePullSecrets:
+# - myRegistryKeySecretName
+# storageClass: myStorageClass
+
+## Add labels to all the deployed resources
+##
+commonLabels:
+ app.kubernetes.io/component: mosip
+
+## Add annotations to all the deployed resources
+##
+commonAnnotations:
+ sidecar.istio.io/inject: "false"
+
+## Kubernetes Cluster Domain
+##
+clusterDomain: cluster.local
+
+## Extra objects to deploy (value evaluated as a template)
+##
+extraDeploy: []
+
+## Number of nodes
+##
+replicaCount: 1
+
+service:
+ type: ClusterIP
+ port: 80
+ ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+ ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+ ##
+ ## loadBalancerIP:
+ ##
+ ## nodePorts:
+ ## http:
+ ## https:
+ ##
+
+ nodePorts:
+ http: ""
+ https: ""
+ ## Enable client source IP preservation
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+
+image:
+ registry: docker.io
+ repository: mosip/mockmds
+ tag: develop
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+## Port on which this particular spring service module is running.
+# springServicePort: 8080
+
+## Configure extra options for liveness and readiness probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+##
+
+##
+# existingConfigmap:
+
+## Command and args for running the container (set to default if not set). Use array form
+##
+command: []
+args: []
+
+## Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits:
+ cpu: 3500m
+ memory: 3500Mi
+ requests:
+ cpu: 1000m
+ memory: 1500Mi
+
+additionalResources:
+ ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
+ ## Example: java_opts: "-Xms500M -Xmx500M"
+ javaOpts: ""
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## Clamav container already runs as 'mosip' user, so we may not need to enable this
+containerSecurityContext:
+ enabled: false
+ runAsUser: mosip
+ runAsNonRoot: true
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+##
+podSecurityContext:
+ enabled: false
+ fsGroup: 1001
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+ ## Node affinity type
+ ## Allowed values: soft, hard
+ ##
+ type: ""
+ ## Node label key to match
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## Node label values to match
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Pod extra labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+
+## Annotations for server pods.
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+## pods' priority.
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+# priorityClassName: ""
+
+## lifecycleHooks for the container to automate configuration before or after startup.
+##
+lifecycleHooks: {}
+
+## Custom Liveness probes for
+##
+customLivenessProbe: {}
+
+## Custom Rediness probes
+##
+customReadinessProbe: {}
+
+## "backoff" strategy - It is used when dealing with resources that are retrying or recovering from failures.
+##
+backoffLimit: 0
+
+## Update strategy - only really applicable for deployments with RWO PVs attached
+## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+## terminate the single previous pod, so that the new, incoming pod can attach to the PV
+##
+updateStrategy:
+ type: RollingUpdate
+
+## Additional environment variables to set
+## Example:
+## extraEnvVars:
+## - name: FOO
+## value: "bar"
+##
+extraEnvVars: []
+
+## ConfigMap with extra environment variables that used
+##
+extraEnvVarsCM:
+ - global
+
+## Secret with extra environment variables
+##
+extraEnvVarsSecret:
+ - s3
+ - keycloak-client-secrets
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
+## Extra volume mounts to add to the container
+##
+extraVolumeMounts: []
+
+## Add init containers to the pods.
+## Example:
+## initContainers:
+## - name: your-image-name
+## image: your-image
+## imagePullPolicy: Always
+## ports:
+## - name: portname
+## containerPort: 1234
+##
+initContainers: {}
+
+## Add sidecars to the pods.
+## Example:
+## sidecars:
+## - name: your-image-name
+## image: your-image
+## imagePullPolicy: Always
+## ports:
+## - name: portname
+## containerPort: 1234
+##
+sidecars: {}
+
+persistence:
+ enabled: false
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack).
+ ##
+ # storageClass: "-"
+ ##
+ ## If you want to reuse an existing claim, you can pass the name of the PVC using
+ ## the existingClaim variable
+ # existingClaim: your-claim
+ ## ReadWriteMany not supported by AWS gp2
+ storageClass:
+ accessModes:
+ - ReadWriteOnce
+ size: 10M
+ existingClaim:
+ # Dir where config and keys are written inside container
+ mountDir:
+
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: bitnami/bitnami-shell
+ tag: "10"
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ pullSecrets: []
+ ## - myRegistryKeySecretName
+ ## Init containers' resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ##
+ limits: {}
+ ## cpu: 100m
+ ## memory: 128Mi
+ ##
+ requests: {}
+ ## cpu: 100m
+ ## memory: 128Mi
+ ##
+
+## Specifies whether RBAC resources should be created
+##
+rbac:
+ create: true
+
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+ create: true
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ name:
+
+job:
+ rolename: mockmds
+ rolebindingname: mockmds
+
+
+mockmds:
+ configmaps:
+ s3:
+ s3-host: 'http://minio.minio:9000'
+ s3-user-key: 'admin'
+ s3-region: ''
+ s3-bucket-name: mockmds
+ certs:
+ CA:
+ SUBCA:
+ CLIENT:
+ COUNTRY:
+ STATE:
+ LOCATION:
+ secrets: