Changes due to IFN upgrade

application-templates/django-fastapi/backend/django_baseapp/settings.py

@@ -20,7 +20,7 @@
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret! TODO change this
+# SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = "django-insecure-81kv$0=07xac7r(pgz6ndb5t0at4-z@ae6&f@u6_3jo&9d#4kl"
 
 # SECURITY WARNING: don't run with debug turned on in production!
@@ -164,4 +164,3 @@
 ]
 
 KC_DEFAULT_USER_ROLE = None  # don't add the user role to the realm default role
-SESSION_COOKIE_AGE = 3600

application-templates/django-ninja/backend/django_baseapp/settings.py

@@ -20,7 +20,7 @@
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret! TODO change this
+# SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = "django-insecure-81kv$0=07xac7r(pgz6ndb5t0at4-z@ae6&f@u6_3jo&9d#4kl"
 
 # SECURITY WARNING: don't run with debug turned on in production!
@@ -165,4 +165,3 @@
 ]
 
 KC_DEFAULT_USER_ROLE = None  # don't add the user role to the realm default role
-SESSION_COOKIE_AGE = 3600

application-templates/flask-server/backend/requirements.txt

@@ -1,6 +1,7 @@
-connexion[swagger-ui,flask,gunicorn]>=3.0.0,<4.0.0
-swagger-ui-bundle>=1.1.0
-python_dateutil >= 2.9.0
+connexion[swagger-ui]==2.14.2
+Flask == 2.2.5
+swagger-ui-bundle==0.0.9
+python_dateutil >= 2.6.0
 setuptools >= 21.0.0
-gunicorn
+
 

applications/accounts/Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/keycloak/keycloak:26.4
+FROM quay.io/keycloak/keycloak:26.4.0
 
 EXPOSE 9000
 EXPOSE 8080
@@ -12,7 +12,7 @@ USER keycloak
 COPY themes/custom /opt/keycloak/themes/custom
 
 # # keycloak kafka listener plugin
-COPY plugins/* /opt/keycloak/providers/
+COPY plugins/metacell-admin-event-listener-module-1.0.0.jar /opt/keycloak/providers/
 
 ENTRYPOINT [ "/opt/keycloak/bin/kc-entrypoint.sh" ]
-CMD [ "start", "--import-realm" ]
+CMD [ "start-dev", "--import-realm", "--health-enabled=true", "--metrics-enabled=true" ]

applications/accounts/admin-event-listener/README.md

@@ -3,7 +3,7 @@
 ## Building
 ```
 mvn clean install
-cp ./ear-module/target/metacell-admin-event-listener-bundle-0.1.0.ear ../plugins/
+cp ./jar-module/target/metacell-admin-event-listener-module-1.0.0.jar ../plugins/
 ```
 
 ## Install

applications/accounts/deploy/templates/_components.tpl

@@ -6,7 +6,7 @@
             "subComponents": {},
             "config": {
                 "kc.user.profile.config": [
-                    "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
+                    "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"stripe_uid\",\"displayName\":\"Stripe UID\",\"validations\":{},\"annotations\":{},\"permissions\":{\"view\":[\"admin\"],\"edit\":[\"admin\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
                 ]
             }
         }
@@ -72,4 +72,4 @@
         {{template "deploy_accounts_utils.user_profile_provider_component" }},
         {{template "deploy_accounts_utils.key_provider_component" }}
     },
-{{- end -}}
+{{- end -}}

applications/accounts/deploy/templates/_identity_providers.tpl

@@ -52,4 +52,4 @@
         {{- end -}}
         ],
     {{- end }}
-{{- end -}}
+{{- end -}}

applications/accounts/deploy/values.yaml

@@ -70,14 +70,25 @@ admin:
   user: admin
   role: administrator
 editUsernameAllowed: true
+<<<<<<< HEAD
+useEvents: false
+identityProviders:
+- github
+- google
+=======
 useEvents: true
 identityProviders:
   - github
   - google
+>>>>>>> 9f4f35931c012c1aeb753c466f0b5c1164a4ff10
 theme:
   login: "keycloak"
   account: "keycloak"
   admin: "keycloak"
+<<<<<<< HEAD
+  email: "keycloak"
+=======
   email: "keycloak"
 realm:
   organizationsEnabled: false
+>>>>>>> 9f4f35931c012c1aeb753c466f0b5c1164a4ff10

applications/accounts/dev/disable-theme-cache.cli

@@ -0,0 +1,5 @@
+embed-server --std-out=echo --server-config=standalone-ha.xml
+/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)
+/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)
+/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)
+stop-embedded-server

applications/accounts/dev/docker-compose.yaml

@@ -1,43 +1,45 @@
-name: keycloak-dev
+version: '3.2'
+
 services:
   postgres:
-    image: postgres
-    environment:
-      POSTGRES_DB: keycloak
-      POSTGRES_USER: keycloak
-      POSTGRES_PASSWORD: password
-      PGDATA: /var/lib/postgresql/data/pgdata
-    volumes:
-      - pg_data:/var/lib/postgresql/data/pgdata
+      image: postgres
+      environment:
+        POSTGRES_DB: keycloak
+        POSTGRES_USER: keycloak
+        POSTGRES_PASSWORD: password
+        PGDATA: /var/lib/postgresql/data/pgdata
+      volumes:
+        - pg_data:/var/lib/postgresql/data/pgdata
+
   keycloak:
-    image: quay.io/keycloak/keycloak:26.3.4
-    command: ["start-dev",
-              "--spi-theme-static-max-age=1",
-              "--spi-theme-cache-themes=false",
-              "--spi-theme-cache-templates=false",
-              "--hostname", "http://localhost:8080",
-              "--hostname-backchannel-dynamic", "true"]
-    environment:
-      KC_DB_VENDOR: POSTGRES
-      KC_DB_URL_HOST: postgres
-      KC_DB: postgres
-      KC_DB_URL_DATABASE: "postgres"
-      KC_DB_USERNAME: keycloak
-      KC_DB_PASSWORD: password
-      KC_BOOTSTRAP_ADMIN_USERNAME: admin
-      KC_BOOTSTRAP_ADMIN_PASSWORD: Pa55w0rd
-      KC_HEALTH_ENABLED: "true"
-      KC_METRICS_ENABLED: "true"
-      KC_HTTP_ENABLED: "true"
-      KC_HOSTNAME_STRICT: "false"
-      KC_HOSTNAME_STRICT_HTTPS: "false"
-    ports:
-      - "8080:8080"
-    depends_on:
-      - postgres
-    volumes:
-      - type: bind
-        source: ../themes/custom
-        target: /opt/keycloak/themes/custom
+      image: quay.io/keycloak/keycloak:16.1.1
+      environment:
+        DB_VENDOR: POSTGRES
+        DB_ADDR: postgres
+        DB_DATABASE: keycloak
+        DB_USER: keycloak
+        DB_SCHEMA: public
+        DB_PASSWORD: password
+        KEYCLOAK_USER: admin
+        KEYCLOAK_PASSWORD: Pa55w0rd
+
+      ports:
+        - 8080:8080
+      depends_on:
+        - postgres
+      volumes:
+        - type: bind
+          source: ../themes/custom
+          target: /opt/jboss/keycloak/themes/custom
+        # disable cache
+        - type: bind
+          source: ./disable-theme-cache.cli
+          target: /opt/jboss/startup-scripts/disable-theme-cache.cli
+        - type: bind
+          source: ../scripts/create_api_user.sh
+          target: /opt/jboss/startup-scripts/create_api_user.sh
+        - type: bind
+          source: ../plugins/metacell-admin-event-listener-bundle-1.0.0.ear
+          target: /opt/jboss/keycloak/standalone/deployments/metacell-admin-event-listener-bundle-1.0.0.ear
 volumes:
-  pg_data:
+  pg_data:

applications/accounts/scripts/kc-entrypoint.sh

@@ -14,4 +14,4 @@ for script in /opt/keycloak/startup-scripts/*.sh;
     fi
 done
 
-wait
+wait

applications/common/api/openapi.yaml

@@ -10,6 +10,46 @@ servers:
         url: /api
         description: SwaggerHub API Auto Mocking
 paths:
+    '/sentry/getdsn/{appname}':
+        get:
+            tags:
+                - Sentry
+            responses:
+                '200':
+                    content:
+                        application/json:
+                            schema:
+                                type: object
+                    description: Sentry DSN for the given application
+                '400':
+                    content:
+                        application/json:
+                            schema:
+                                type: object
+                        text/html:
+                            schema:
+                                type: string
+                    description: Sentry not configured for the given application
+                '404':
+                    content:
+                        application/problem+json:
+                            schema:
+                                type: object
+                        text/html:
+                            schema:
+                                type: string
+                    description: Sentry not configured for the given application
+            operationId: getdsn
+            summary: Gets the Sentry DSN for a given application
+            description: Gets the Sentry DSN for a given application
+            x-openapi-router-controller: common.controllers.sentry_controller
+        parameters:
+            -
+                name: appname
+                schema:
+                    type: string
+                in: path
+                required: true
     /accounts/config:
         get:
             tags:

applications/common/deploy/values.yaml

@@ -5,9 +5,6 @@ harness:
     auto: true
     port: 8080
     name: common
-  proxy:
-    gatekeeper:
-      replicas: 1
   deployment:
     auto: true
     name: common

applications/common/server/.openapi-generator-ignore

@@ -27,5 +27,4 @@ Dockerfile
 */__main__.py
 */test/*
 test-requirements.txt
-.dockerignore
-*/requirements.txt
+.dockerignore

applications/common/server/Dockerfile

@@ -17,3 +17,4 @@ COPY . /usr/src/app
 ENV FLASK_ENV=production
 ENV APP_SETTINGS=common.config.ProductionConfig
 RUN pip3 install -e /usr/src/app
+ENTRYPOINT gunicorn --workers=$WORKERS --bind=0.0.0.0:$PORT $MODULE_NAME.__main__:app

applications/common/server/common/__main__.py

@@ -2,9 +2,19 @@
 
 from cloudharness.utils.server import init_flask, main
 from cloudharness import log
+from flask_cors import CORS
+from common.repository.db import open_db
+from common.controllers.sentry_controller import global_dsn
 
 
-app = init_flask()
+def init_fn(app):
+    log.info("initializing database from app")
+    cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
+    if not global_dsn:
+        open_db(app)
+
+
+app = init_flask(init_app_fn=init_fn)
 
 if __name__ == '__main__':
     main()

applications/common/server/common/controllers/sentry_controller.py

@@ -0,0 +1,53 @@
+import os
+import requests
+
+from cloudharness import applications, log
+from cloudharness.utils.env import get_sentry_service_cluster_address
+from common.repository.sentry import get_token, get_dsn, SentryProjectNotFound
+
+
+try:
+    global_dsn = os.environ.get("SENTRY_DSN", "")
+    if len(global_dsn) < 1:
+        global_dsn = None
+except:
+    global_dsn = None
+
+
+def getdsn(appname):  # noqa: E501
+    """
+    Gets the Sentry DSN for a given application or returns the global dsn when set
+    global dsn can be set using the kubectl command
+        kubectl create secret generic -n mnp mnp-sentry --from-literal=dsn=<dsn>
+    :param appname:
+    :type appname: str
+    :rtype: str
+    """
+    try:
+        ch_app = applications.get_configuration(appname)
+    except applications.ConfigurationCallException as e:
+        return {"error": f"Application `{appname}` does not exist"}, 400
+    if ch_app.is_sentry_enabled():
+        if global_dsn:
+            # if a global dsn env var is set and not empty then use this
+            dsn = global_dsn
+        else:
+            try:
+                dsn = get_dsn(appname)
+            except SentryProjectNotFound as e:
+                # if project not found, create one
+                try:
+                    sentry_api_token = get_token()
+                    headers = {'Authorization': 'Bearer ' + sentry_api_token}
+                    url = get_sentry_service_cluster_address() + f'/api/0/teams/sentry/sentry/projects/'
+                    data = {'name': appname}
+                    response = requests.post(
+                        url, data, headers=headers, verify=False)
+                    dsn = get_dsn(appname)
+                except:
+                    log.error("Error on Sentry initialization", exc_info=True)
+                    # FIXME temporary fix
+                    return {"error": "Sentry not initialized"}, 400
+    else:
+        dsn = ''
+    return {'dsn': dsn}

applications/common/server/common/encoder.py

@@ -1,6 +1,7 @@
 from connexion.apps.flask_app import FlaskJSONEncoder
+import six
 
-from common.models.base_model import Model
+from common.models.base_model_ import Model
 
 
 class JSONEncoder(FlaskJSONEncoder):
@@ -9,7 +10,7 @@ class JSONEncoder(FlaskJSONEncoder):
     def default(self, o):
         if isinstance(o, Model):
             dikt = {}
-            for attr in o.openapi_types:
+            for attr, _ in six.iteritems(o.openapi_types):
                 value = getattr(o, attr)
                 if value is None and not self.include_nulls:
                     continue

applications/common/server/common/models/__init__.py

@@ -1,4 +1,7 @@
+# coding: utf-8
+
 # flake8: noqa
+from __future__ import absolute_import
 # import models into model package
 from common.models.app_version import AppVersion
 from common.models.get_config200_response import GetConfig200Response