diff --git a/.gitignore b/.gitignore index 4785a0ee84c0ef772980a177e57eed473c4eeca7..d8df088d814c603259804ff7b011a2d2b8d7f13c 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,8 @@ target/ # generated ready schema.xsd +final/ +build/ # docs .docs/.swagger/dist/ @@ -68,7 +70,7 @@ debug.txt .DS_Store # IDE -fda-analyse-service/venv +venv/ .git.bfg-* # Docs diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 37e12b8af9eea4695e45c3b0c1c6cdfd331b89d9..2f22b6da1e7a7855cd2db630826006eedf39786f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,7 @@ variables: TRIVY_CACHE_DIR: ".trivycache/" DOCKER_HOST: "unix:///var/run/dind/docker.sock" TESTCONTAINERS_RYUK_DISABLED: "false" - VERSION: "1.4.0" + VERSION: "1.4.1" image: debian:12-slim @@ -502,6 +502,37 @@ release-1.4: - "apk add make" - "TAG=${VERSION} make release" +release-helm-latest: + stage: release + image: docker:24-dind + only: + refs: + - dev + - master + before_script: + - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL + script: + - apk add sed helm + - 'sed -i -e "s/^version:.*/version: \"${VERSION}-0.git.${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}\"/g" ./helm-charts/dbrepo/Chart.yaml' + - 'sed -i -e "s/^appVersion:.*/appVersion: \"${VERSION}-0.git.${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}\"/g" ./helm-charts/dbrepo/Chart.yaml' + - helm package ./helm-charts/dbrepo --destination ./build + - helm push "./build/dbrepo-${VERSION}-0.git.${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}.tgz" "oci://${CI_REGISTRY2_URL}/helm" + +release-helm-1.4: + stage: release + image: docker:24-dind + only: + refs: + - release-v1.4 + before_script: + - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL + script: + - apk add sed helm + - 'sed -i -e "s/^version:.*/version: \"${VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml' + - 'sed -i -e "s/^appVersion:.*/appVersion: \"${VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml' + - helm package ./helm-charts/dbrepo --destination ./build + - helm push "./build/dbrepo-${VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm" + build-api-latest: stage: build image: docker.io/alpine:3.18 diff --git a/Makefile b/Makefile index 79f8d5e1041aee04e0b0af36fe1097030cc62f07..5883ac2b049372147baecbd9f4aae522e7ab4eb3 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,6 @@ .PHONY: all TAG ?= latest -TRIVY_VERSION ?= v0.41.0 REPOSITORY_1_URL ?= docker.io/dbrepo REPOSITORY_2_URL ?= s210.dl.hpc.tuwien.ac.at/dbrepo @@ -37,6 +36,11 @@ build-frontend: build-swagger: bash ./.docs/generate.sh +build-helm-chart: + sed -i -e "s/^version:.*/version: \"${TAG}-dev\"/g" ./helm-charts/dbrepo/Chart.yaml + sed -i -e "s/^appVersion:.*/appVersion: \"${TAG}-dev\"/g" ./helm-charts/dbrepo/Chart.yaml + helm package ./helm-charts/dbrepo --destination ./build + tag: tag-analyse-service tag-authentication-service tag-metadata-db tag-ui tag-metadata-service tag-data-service tag-search-db tag-search-db-init tag-search-service tag-data-db-sidecar tag-analyse-service: @@ -129,6 +133,10 @@ release-storage-service-init: tag-storage-service-init docker push "${REPOSITORY_1_URL}/storage-service-init:${TAG}" docker push "${REPOSITORY_2_URL}/storage-service-init:${TAG}" +release-helm-chart: build-helm-chart + helm package ./helm-charts/dbrepo --destination ./build + helm push ./build/dbrepo-${TAG}-dev.tgz "oci://${REPOSITORY_2_URL}/helm" + test-backend: test-metadata-service test-analyse-service test-data-service test-data-service: build-data-service diff --git a/helm-charts/README.md b/helm-charts/README.md new file mode 100644 index 0000000000000000000000000000000000000000..02cc2b39549865a2aa012ec8b604481d54440157 --- /dev/null +++ b/helm-charts/README.md @@ -0,0 +1 @@ +# DBRepo \ No newline at end of file diff --git a/helm-charts/artifacthub-repo.yml b/helm-charts/artifacthub-repo.yml new file mode 100644 index 0000000000000000000000000000000000000000..1e94306eeb88aa7e2c63ba8762f9261c335005b7 --- /dev/null +++ b/helm-charts/artifacthub-repo.yml @@ -0,0 +1,6 @@ +repositoryID: c3dd3e89-e742-4a55-99e3-9681a521fb3e +owners: + - name: dbrepo + email: martinweiseat@gmail.com + - name: mweise + email: martin.weise@tuwien.ac.at diff --git a/helm-charts/dbrepo/.helmignore b/helm-charts/dbrepo/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm-charts/dbrepo/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm-charts/dbrepo/Chart.lock b/helm-charts/dbrepo/Chart.lock new file mode 100644 index 0000000000000000000000000000000000000000..b43e0b5c27822775766bc80de1ce275d7f9ca934 --- /dev/null +++ b/helm-charts/dbrepo/Chart.lock @@ -0,0 +1,30 @@ +dependencies: +- name: opensearch + repository: https://opensearch-project.github.io/helm-charts/ + version: 2.15.0 +- name: opensearch-dashboards + repository: https://opensearch-project.github.io/helm-charts/ + version: 2.13.0 +- name: keycloak + repository: https://charts.bitnami.com/bitnami + version: 17.3.3 +- name: mariadb-galera + repository: https://charts.bitnami.com/bitnami + version: 11.0.1 +- name: mariadb-galera + repository: https://charts.bitnami.com/bitnami + version: 11.0.1 +- name: postgresql-ha + repository: https://charts.bitnami.com/bitnami + version: 12.1.7 +- name: rabbitmq + repository: https://charts.bitnami.com/bitnami + version: 12.5.1 +- name: fluent-bit + repository: https://fluent.github.io/helm-charts + version: 0.40.0 +- name: seaweedfs + repository: https://seaweedfs.github.io/seaweedfs/helm + version: 3.59.4 +digest: sha256:408d622f6f8b819434771021ba4144bd3d58aef6b1302f323f0acba672b0e7ec +generated: "2024-01-07T22:24:18.122775309+01:00" diff --git a/helm-charts/dbrepo/Chart.yaml b/helm-charts/dbrepo/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3096cea821e7475ecc7be52bf94623543b78ef1b --- /dev/null +++ b/helm-charts/dbrepo/Chart.yaml @@ -0,0 +1,55 @@ +apiVersion: v2 +name: dbrepo +description: | + We present a database repository system that allows researchers to ingest data into a central, versioned repository + through common interfaces, provides efficient access to arbitrary subsets of data even when the underlying data store + is evolving, allows reproducing of query results and supports findable-, accessible-, interoperable- and reusable + data. +type: application +version: "1.4.0-dev.667653b51" +appVersion: "1.4.0-dev.667653b51" +keywords: + - dbrepo +maintainers: + - name: Martin Weise + email: martin.weise@tuwien.ac.at +home: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/ +icon: + https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/master/dbrepo-ui/static/favicon.png +dependencies: + - name: opensearch + alias: search-db + version: 2.15.0 # app version 2.10.0 + repository: https://opensearch-project.github.io/helm-charts/ + - name: opensearch-dashboards + alias: search-db-dashboard + version: 2.13.0 # app version 2.10.0 + repository: https://opensearch-project.github.io/helm-charts/ + - name: keycloak + alias: auth-service + version: 17.3.3 + repository: https://charts.bitnami.com/bitnami + - name: mariadb-galera + alias: data-db + version: 11.0.1 + repository: https://charts.bitnami.com/bitnami + - name: mariadb-galera + alias: metadata-db + version: 11.0.1 + repository: https://charts.bitnami.com/bitnami + - name: postgresql-ha + alias: auth-db + version: 12.1.7 + repository: https://charts.bitnami.com/bitnami + - name: rabbitmq + alias: broker-service + version: 12.5.1 + repository: https://charts.bitnami.com/bitnami + - name: fluent-bit + alias: log-service + version: 0.40.0 + repository: https://fluent.github.io/helm-charts + - name: seaweedfs + alias: storage-service + version: 3.59.4 + repository: https://seaweedfs.github.io/seaweedfs/helm diff --git a/helm-charts/dbrepo/charts/fluent-bit-0.40.0.tgz b/helm-charts/dbrepo/charts/fluent-bit-0.40.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e8057f452b586c22fa2bf9f645a74d2a64e613e2 Binary files /dev/null and b/helm-charts/dbrepo/charts/fluent-bit-0.40.0.tgz differ diff --git a/helm-charts/dbrepo/charts/keycloak-17.3.3.tgz b/helm-charts/dbrepo/charts/keycloak-17.3.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2a4298f589c5b38c7dca1c7ec3efaf011c450676 Binary files /dev/null and b/helm-charts/dbrepo/charts/keycloak-17.3.3.tgz differ diff --git a/helm-charts/dbrepo/charts/mariadb-galera-11.0.1.tgz b/helm-charts/dbrepo/charts/mariadb-galera-11.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..75966763de12ffca164d475cccac327a338857df Binary files /dev/null and b/helm-charts/dbrepo/charts/mariadb-galera-11.0.1.tgz differ diff --git a/helm-charts/dbrepo/charts/opensearch-2.15.0.tgz b/helm-charts/dbrepo/charts/opensearch-2.15.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7d2f6efb43a2d44e8dfffde4e0265d302af2b2a6 Binary files /dev/null and b/helm-charts/dbrepo/charts/opensearch-2.15.0.tgz differ diff --git a/helm-charts/dbrepo/charts/opensearch-dashboards-2.13.0.tgz b/helm-charts/dbrepo/charts/opensearch-dashboards-2.13.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4e7a499b8fcdca2600d3d2c2f69004f61d0295c5 Binary files /dev/null and b/helm-charts/dbrepo/charts/opensearch-dashboards-2.13.0.tgz differ diff --git a/helm-charts/dbrepo/charts/postgresql-ha-12.1.7.tgz b/helm-charts/dbrepo/charts/postgresql-ha-12.1.7.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a534ebb28b1138ee626c4f8fab2a483cf9ae5504 Binary files /dev/null and b/helm-charts/dbrepo/charts/postgresql-ha-12.1.7.tgz differ diff --git a/helm-charts/dbrepo/charts/rabbitmq-12.5.1.tgz b/helm-charts/dbrepo/charts/rabbitmq-12.5.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cd252174f05f13e755c8049def5561b1e2f9a3ef Binary files /dev/null and b/helm-charts/dbrepo/charts/rabbitmq-12.5.1.tgz differ diff --git a/helm-charts/dbrepo/charts/seaweedfs-3.59.4.tgz b/helm-charts/dbrepo/charts/seaweedfs-3.59.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..61cb40d6deedbf5a4cc0efabd8dee6f13f7341de Binary files /dev/null and b/helm-charts/dbrepo/charts/seaweedfs-3.59.4.tgz differ diff --git a/helm-charts/dbrepo/templates/NOTES.txt b/helm-charts/dbrepo/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..ce7c200186842631afb13f666f421a16677895b3 --- /dev/null +++ b/helm-charts/dbrepo/templates/NOTES.txt @@ -0,0 +1,10 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $ingress := .Values.ingress.data }} +{{- range $host := $ingress.hosts }} + {{- range .paths }} + http{{ if $ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/helm-charts/dbrepo/templates/_helpers.tpl b/helm-charts/dbrepo/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..b17e44d2dfa6f6e7a09c3ab58b35794c46791c71 --- /dev/null +++ b/helm-charts/dbrepo/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubernetes.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubernetes.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubernetes.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubernetes.labels" -}} +helm.sh/chart: {{ include "kubernetes.chart" . }} +{{ include "kubernetes.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubernetes.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubernetes.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubernetes.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubernetes.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm-charts/dbrepo/templates/analyse-service/deployment.yaml b/helm-charts/dbrepo/templates/analyse-service/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9063dd493cd20492cc3063ad58b74fab3a9700c4 --- /dev/null +++ b/helm-charts/dbrepo/templates/analyse-service/deployment.yaml @@ -0,0 +1,73 @@ +{{- if .Values.analyseService.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: analyse-service + namespace: {{ $.Values.namespace }} + labels: + app: analyse-service + service: analyse-service +spec: + replicas: {{ .Values.analyseService.replicaCount }} + strategy: + type: {{ $.Values.strategyType }} + selector: + matchLabels: + app: analyse-service + service: analyse-service + template: + metadata: + labels: + app: analyse-service + service: analyse-service + spec: + securityContext: + fsGroup: 0 + runAsUser: 0 + runAsGroup: 0 + containers: + - name: analyse-service + image: {{ printf "%s/%s:%s" .Values.analyseService.image.registry .Values.analyseService.image.repository .Values.analyseService.image.tag }} + imagePullPolicy: {{ .Values.analyseService.image.pullPolicy | default "IfNotPresent" }} + ports: + - containerPort: 5000 + protocol: TCP + env: + - name: LOG_LEVEL + valueFrom: + secretKeyRef: + name: analyse-service-secret + key: log-level + - name: S3_STORAGE_ENDPOINT + valueFrom: + secretKeyRef: + name: analyse-service-secret + key: s3-storage-endpoint + - name: S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: analyse-service-secret + key: s3-access-key-id + - name: S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: analyse-service-secret + key: s3-secret-access-key + livenessProbe: + exec: + command: + - /bin/bash + - -ec + - "curl -sSL localhost:5000/health | grep 'UP' || exit 1" + initialDelaySeconds: 120 + periodSeconds: 30 + readinessProbe: + exec: + command: + - /bin/bash + - -ec + - "curl -sSL localhost:5000/health | grep 'UP' || exit 1" + initialDelaySeconds: 10 + periodSeconds: 30 +{{- end }} diff --git a/helm-charts/dbrepo/templates/analyse-service/secret.yaml b/helm-charts/dbrepo/templates/analyse-service/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c7b4caf586b79e03b598ac76b63d35858f8d6379 --- /dev/null +++ b/helm-charts/dbrepo/templates/analyse-service/secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.analyseService.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: analyse-service-secret + namespace: {{ .Values.namespace }} +stringData: + log-level: "{{ ternary "DEBUG" "INFO" .Values.analyseService.image.debug }}" + s3-storage-endpoint: "http://storage-service-s3:9000" + s3-access-key-id: "seaweedfsadmin" + s3-secret-access-key: "seaweedfsadmin" +{{- end }} diff --git a/helm-charts/dbrepo/templates/analyse-service/service.yaml b/helm-charts/dbrepo/templates/analyse-service/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cee31a50eb2b8e35179518f9aabc4308712ddbe9 --- /dev/null +++ b/helm-charts/dbrepo/templates/analyse-service/service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.analyseService.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: analyse-service + namespace: {{ $.Values.namespace }} + labels: + service: analyse-service +spec: + type: ClusterIP + ports: + - name: "flask" + port: 80 + targetPort: 5000 + protocol: TCP + selector: + service: analyse-service +{{- end }} diff --git a/helm-charts/dbrepo/templates/auth-service/configmap.yaml b/helm-charts/dbrepo/templates/auth-service/configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..da7f14e0e3056fac5421b12911dd026dd782f1f7 --- /dev/null +++ b/helm-charts/dbrepo/templates/auth-service/configmap.yaml @@ -0,0 +1,2731 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: auth-service-setup + namespace: {{ $.Values.namespace }} +data: + dbrepo-realm.json: | + { + "id" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "realm" : "dbrepo", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 1, + "accessTokenLifespan" : 900, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 864000, + "ssoSessionMaxLifespan" : 2592000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 1800, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "none", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : true, + "loginWithEmailAllowed" : false, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "48f38342-1e3f-427a-995d-c436eaee65cb", + "name" : "default-user-handling", + "description" : "${default-user-handling}", + "composite" : true, + "composites" : { + "realm" : [ "modify-user-theme", "modify-user-information" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "9bb4a8dc-28e0-4645-b62f-cc94425f0cb0", + "name" : "default-maintenance-handling", + "description" : "${default-maintenance-handling}", + "composite" : true, + "composites" : { + "realm" : [ "create-maintenance-message", "find-maintenance-message", "update-maintenance-message", "delete-maintenance-message", "list-maintenance-messages" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "143ba359-5fa2-451e-8296-43ecf20bb251", + "name" : "update-semantic-concept", + "description" : "${update-semantic-concept}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "5136d7a3-e3f0-4585-bacd-15cb8a56095c", + "name" : "escalated-container-handling", + "description" : "${escalated-container-handling}", + "composite" : true, + "composites" : { + "realm" : [ "create-container", "delete-container" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "b0bc8649-7d84-4dd3-84f0-7f174425babe", + "name" : "list-tables", + "description" : "${list-tables}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "bfd85d9c-2772-4660-a8f0-cdc0cd8252b3", + "name" : "default-database-handling", + "description" : "${default-database-handling}", + "composite" : true, + "composites" : { + "realm" : [ "modify-database-owner", "update-database-access", "create-database", "list-databases", "create-database-access", "find-database", "modify-database-visibility", "import-database-data", "delete-database-access", "check-database-access" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "22492b64-c633-48a0-9678-b28669f2885b", + "name" : "execute-semantic-query", + "description" : "${execute-semantic-query}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "4ed919fa-edc5-44e5-9411-607786e4a86d", + "name" : "view-table-history", + "description" : "${view-table-history}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "d89a2881-b642-4abb-b990-196e71372f6b", + "name" : "default-table-handling", + "description" : "${default-table-handling}", + "composite" : true, + "composites" : { + "realm" : [ "modify-table-column-semantics", "list-tables", "find-table", "create-table", "delete-table" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "b0d66d3d-59b4-4aae-aa66-e3d5a49f28e3", + "name" : "view-database-view-data", + "description" : "${view-database-view-data}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "f5ea431a-9b2c-4195-bcb4-9511f38e4b44", + "name" : "create-database-view", + "description" : "${create-database-view}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "a5ffc20e-8b11-498c-9f3b-b5740aec24c7", + "name" : "default-semantics-handling", + "description" : "${default-semantics-handling}", + "composite" : true, + "composites" : { + "realm" : [ "create-semantic-unit", "create-semantic-concept", "execute-semantic-query", "table-semantic-analyse" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "fe4a01f3-6590-4df6-9ade-5a9c1fae4736", + "name" : "create-semantic-unit", + "description" : "${create-semantic-unit}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "e63e61a2-d852-4ad3-bfb5-92d9ceafef6a", + "name" : "escalated-user-handling", + "description" : "${escalated-user-handling}", + "composite" : true, + "composites" : { + "realm" : [ "find-user" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "be4e1aba-e276-4241-b6ea-01dce6c52f8b", + "name" : "find-container", + "description" : "${find-container}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "3a801b48-f3c2-4bc6-aa25-c7a91d5b32a7", + "name" : "default-researcher-roles", + "description" : "${default-researcher-roles}", + "composite" : true, + "composites" : { + "realm" : [ "default-table-handling", "default-semantics-handling", "default-container-handling", "default-query-handling", "default-user-handling", "default-database-handling", "default-identifier-handling" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "3d8104fb-8307-40f0-b4b2-c3e518957110", + "name" : "view-table-data", + "description" : "${view-table-data}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "fe71b907-7020-44ab-9964-da2b87264582", + "name" : "create-database", + "description" : "${create-database}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "e51b63c2-48dd-4bd6-95fb-d257d21b26ba", + "name" : "import-database-data", + "description" : "${import-database-data}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "a7ad038c-5c06-42fc-951c-15ac09d4df66", + "name" : "modify-database-owner", + "description" : "${modify-database-owner}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "c12c1f4e-186f-4153-a795-26e79fb623d6", + "name" : "create-ontology", + "description" : "${create-ontology}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "b60a5694-4099-4f7d-a7e9-4c433e0eb9c9", + "name" : "update-semantic-unit", + "description" : "${update-semantic-unit}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "e9854bbb-4580-4757-b1ae-305934173249", + "name" : "create-database-access", + "description" : "${create-database-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "50c604c1-7c6e-43f3-9c43-2398f5eff66e", + "name" : "list-databases", + "description" : "${list-databases}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "535f1484-4514-4d24-8d97-e3f6c11a426b", + "name" : "create-container", + "description" : "${create-container}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "f4116230-8642-4bb7-bbc8-db9c5c07b558", + "name" : "create-maintenance-message", + "description" : "${create-maintenance-message}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "973f0999-cc70-4b28-9f43-979c470bea8e", + "name" : "default-data-steward-roles", + "description" : "${default-data-steward-roles}", + "composite" : true, + "composites" : { + "realm" : [ "escalated-identifier-handling", "default-semantics-handling", "escalated-semantics-handling", "default-user-handling" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "e1383fb7-d54c-4732-9146-93030eb2ca50", + "name" : "escalated-query-handling", + "description" : "${escalated-query-handling}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "993b5c69-9eb2-42af-ac28-b4a46c6b61f2", + "name" : "find-user", + "description" : "${find-user}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "e4cfdc4d-2373-477b-a8df-161db99aba00", + "name" : "create-foreign-identifier", + "description" : "${create-foreign-identifier}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "6a5872a5-2b51-415d-ae2d-25a6db4a35df", + "name" : "escalated-semantics-handling", + "description" : "${escalated-semantics-handling}", + "composite" : true, + "composites" : { + "realm" : [ "update-semantic-unit", "create-ontology", "update-ontology", "list-ontologies", "delete-ontology", "modify-foreign-table-column-semantics", "update-semantic-concept" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "09147c48-273b-450b-8b11-7ef9b9245244", + "name" : "export-table-data", + "description" : "${export-table-data}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "d14af590-60a8-4d75-b864-40ee0165bd7f", + "name" : "delete-database-access", + "description" : "${delete-database-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "be051d45-cd74-4b13-8a45-f2d3351bd995", + "name" : "table-semantic-analyse", + "description" : "${table-semantic-analyse}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "272a79a7-e282-4261-8f7d-5d5d1364243a", + "name" : "update-maintenance-message", + "description" : "${update-maintenance-message}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "64c16bfb-2015-48ad-a23f-637ff24419cb", + "name" : "default-query-handling", + "description" : "${default-query-handling}", + "composite" : true, + "composites" : { + "realm" : [ "delete-database-view", "export-query-data", "execute-query", "delete-table-data", "export-table-data", "list-queries", "find-query", "list-database-views", "persist-query", "view-database-view-data", "view-table-data", "re-execute-query", "view-table-history", "create-database-view", "find-database-view", "insert-table-data" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "c047d521-cec3-4444-86c4-aef098489b7b", + "name" : "delete-maintenance-message", + "description" : "${delete-maintenance-message}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "e14ab76b-1c24-484d-ae2d-478b8457edea", + "name" : "list-licenses", + "description" : "${list-licenses}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "d4f29937-3ca0-41e9-9786-2b7b921b6cdd", + "name" : "modify-foreign-table-column-semantics", + "description" : "${modify-foreign-table-column-semantics}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "8eda9f5c-938c-4915-bed5-6a81a1de15a8", + "name" : "list-database-views", + "description" : "${list-database-views}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "b372f8f7-d203-4293-b991-ad93fb505917", + "name" : "escalated-database-handling", + "description" : "${escalated-database-handling}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "abd2d9ee-ebc4-4d0a-839e-6b588a6d442a", + "name" : "default-roles-dbrepo", + "description" : "${role_default-roles}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "3293799a-82b9-4f47-8f25-1aad2e0222fd", + "name" : "find-identifier", + "description" : "${find-identifier}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "aaa3f804-38a0-4474-b8e9-f1020c4b3f62", + "name" : "list-queries", + "description" : "${list-queries}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "76e38f7b-99bf-4d12-8d74-1c7d8812f443", + "name" : "update-ontology", + "description" : "${update-ontology}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "11f7973e-d1eb-42cb-a35d-c59dfc122775", + "name" : "modify-user-theme", + "description" : "${modify-user-theme}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "f392bfcb-0be5-4fad-9ce4-8ac6396f176d", + "name" : "export-query-data", + "description" : "${export-query-data}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "da493b7e-fb9b-43ca-82a5-e274ad2e6b39", + "name" : "find-query", + "description" : "${find-query}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "a4d4a788-ebcf-4d32-baed-4a85616ca037", + "name" : "escalated-identifier-handling", + "description" : "${escalated-identifier-handling}", + "composite" : true, + "composites" : { + "realm" : [ "delete-identifier", "create-foreign-identifier", "modify-identifier-metadata" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "ea38d69d-17b8-4c65-95e8-1c3501b83618", + "name" : "default-container-handling", + "description" : "${default-container-handling}", + "composite" : true, + "composites" : { + "realm" : [ "find-container", "list-containers" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "71874bde-64a5-4a69-8685-d8998303a80c", + "name" : "delete-table-data", + "description" : "${delete-table-data}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "7c0306fc-3b03-4c64-87d1-9a34f2073977", + "name" : "modify-table-column-semantics", + "description" : "${modify-table-column-semantics}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "cd0ee04c-4a5e-4035-a11b-f6a1165f7829", + "name" : "delete-container", + "description" : "${delete-container}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "67ee39c0-d601-4a67-a0fe-c4f0021d557e", + "name" : "list-containers", + "description" : "${list-containers}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "795c7bb8-3502-414a-a97b-2ba1cfd6a79c", + "name" : "persist-query", + "description" : "${persist-query}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "d05e7698-ddf5-4f20-9027-771afb2cc3c7", + "name" : "list-identifiers", + "description" : "${list-identifiers}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "e4bfaf36-9a5d-43e0-9fa3-0f4ea7bad8d0", + "name" : "default-developer-roles", + "description" : "${default-developer-roles}", + "composite" : true, + "composites" : { + "realm" : [ "escalated-query-handling", "default-table-handling", "escalated-database-handling", "default-container-handling", "default-query-handling", "default-user-handling", "default-database-handling", "default-maintenance-handling", "escalated-container-handling", "escalated-table-handling", "default-identifier-handling" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "e2cb054e-ea41-4ab0-881b-e6f576f7424e", + "name" : "create-semantic-concept", + "description" : "${create-semantic-concept}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "feb612cc-96a6-4ed2-aaa5-01f39b25beb5", + "name" : "insert-table-data", + "description" : "${insert-table-data}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "a0942e33-441b-4343-9f02-4353d03f7bbb", + "name" : "find-database", + "description" : "${find-database}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "6a0bb740-4448-49be-aee8-6dd183325be5", + "name" : "delete-foreign-table", + "description" : "${delete-foreign-table}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "7f3652c7-3073-4566-ab63-25385495ebc3", + "name" : "modify-database-visibility", + "description" : "${modify-database-visibility}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "4a5df51d-f14d-41a2-ad70-6521df5a5b4f", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "fd41c4c3-d2f8-4f49-84c7-dba84e9a5575", + "name" : "execute-query", + "description" : "${execute-query}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "2963c2bb-b129-4224-b98f-c8eeab8e72d1", + "name" : "create-table", + "description" : "${create-table}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "cf9735a9-fb70-4cc5-b5f4-75afc4e5654b", + "name" : "modify-identifier-metadata", + "description" : "${modify-identifier-metadata}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "64c2b8f2-1527-4928-81ea-b2651512d028", + "name" : "delete-ontology", + "description" : "${delete-ontology}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "d6e38368-b40f-423b-82e4-e8aa595237c9", + "name" : "find-maintenance-message", + "description" : "${find-maintenance-message}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "fd1cc463-3e67-49d9-81b8-2cd90c1daa9c", + "name" : "check-database-access", + "description" : "${check-database-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "74013867-e426-46cc-ab98-2f4a9225ad1e", + "name" : "find-table", + "description" : "${find-table}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "a2cc60df-d280-46c5-a539-92e2aa249b4a", + "name" : "modify-user-information", + "description" : "${modify-user-information}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "c367241f-b5b5-491f-84d5-07fe1bef3877", + "name" : "default-identifier-handling", + "description" : "${default-identifier-handling}", + "composite" : true, + "composites" : { + "realm" : [ "list-identifiers", "create-identifier", "find-identifier" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "ba1ad8f2-39aa-487d-987f-645e8a459559", + "name" : "delete-table", + "description" : "${delete-table}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "09f7bdb0-296f-46c8-a3a3-8f9254fb17e4", + "name" : "list-maintenance-messages", + "description" : "${list-maintenance-messages}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "fe3bc45c-61c2-4ece-bcaf-d410dc7de501", + "name" : "update-database-access", + "description" : "${update-database-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "916b1e65-f60c-42cd-96e4-5c98ffc1ba3c", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "d1afa3ed-bf4f-469a-a061-ad7325fb8d9e", + "name" : "delete-database-view", + "description" : "${delete-database-view}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "6f044bad-6651-4408-bffa-20c2d8f92eee", + "name" : "create-identifier", + "description" : "${create-identifier}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "be91195a-e30a-4d15-a8da-0aca0a68782f", + "name" : "escalated-table-handling", + "description" : "${escalated-table-handling}", + "composite" : true, + "composites" : { + "realm" : [ "delete-foreign-table" ] + }, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "98bee7d6-d78c-4e7f-b6a3-3705968b248c", + "name" : "list-ontologies", + "description" : "${list-ontologies}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "15720c6b-027d-4d53-a0ff-0124bfab7c4c", + "name" : "re-execute-query", + "description" : "${re-execute-query}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "a9b5181a-8135-41d3-9862-ef80af42211d", + "name" : "delete-identifier", + "description" : "${delete-identifier}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + }, { + "id" : "469c2e63-cda6-48d4-ab8f-eb59a2c69798", + "name" : "find-database-view", + "description" : "${find-database-view}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "4628f654-f8f3-483b-8f92-2a7fc5930b14", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "95c2cc47-12f5-4d73-8b74-67e270c45ade", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "824791f3-c345-42f8-b103-b7e6d7e40114", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "1f840202-b7e2-4195-bac9-64e64dad2037", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "3c32c096-bb13-44c9-a080-d756a48a9ea3", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "e4b85a68-7f31-4fcf-89a2-f10d7df358e9", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "7d317752-ae56-46f2-a2ce-67c64d1b35f6", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "28824208-976e-4622-b4d7-3d18efbb46fa", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-realms", "view-identity-providers", "manage-identity-providers", "manage-authorization", "query-clients", "view-authorization", "view-users", "manage-users", "view-realm", "query-users", "view-clients", "query-groups", "create-client", "manage-clients", "manage-events", "impersonation", "view-events", "manage-realm" ] + } + }, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "57e846a2-930d-4621-819d-c35086507146", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "7fad9cde-bf96-475a-9174-14a87da51f95", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "bbcac294-d78a-4ea1-a4bf-0384266d2fe1", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "480e1437-ab9e-47de-b47a-edc6b6e285de", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "b9a9a8f5-f91e-4e73-9e88-1cdf42bd49f9", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "4d1397fb-247c-436f-b26f-124cd89afb08", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "e31f522b-b283-4ae1-b875-52afcd98b1d2", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "51822d02-fa28-4a49-89da-bc534719d8a8", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "b2743ce5-0ce8-4157-ae00-f693560f0b39", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "7ea3d7e0-9bf4-438a-b773-243daf622aaa", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + }, { + "id" : "fb73f6f5-0ed5-41d0-852c-0eb3b195b15a", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "dbrepo-client" : [ ], + "admin-cli" : [ ], + "rabbitmq-client" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "de0cfd5e-c2fe-4082-ac39-e3b092139a0f", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "88694c91-753d-4c44-9740-ec9ac06bba45", + "attributes" : { } + } ], + "account" : [ { + "id" : "acd78c04-eefc-4344-a5b4-3fc83d848936", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "attributes" : { } + }, { + "id" : "939be844-8c49-45b3-9ca1-4b10a454b346", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "attributes" : { } + }, { + "id" : "e52fdf00-3e73-4c17-bc1c-643493710a6b", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "attributes" : { } + }, { + "id" : "b02a822e-a708-420a-bddc-1a315033fd7c", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "attributes" : { } + }, { + "id" : "c590e5f5-2cbf-4151-b1dc-96c454f1f654", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "attributes" : { } + }, { + "id" : "15974151-6c13-426b-8cc3-7683dd1311e1", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "attributes" : { } + }, { + "id" : "c12d8d94-c2df-498e-bbe4-2f934a83ae92", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "attributes" : { } + }, { + "id" : "55f85811-bded-4d6b-8f7b-45844b963875", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "attributes" : { } + } ] + } + }, + "groups" : [ { + "id" : "f2ce17fe-7b15-47a4-bbf8-86f415298fa9", + "name" : "data-stewards", + "path" : "/data-stewards", + "attributes" : { }, + "realmRoles" : [ "default-data-steward-roles" ], + "clientRoles" : { }, + "subGroups" : [ ] + }, { + "id" : "124d9888-0b6e-46aa-8225-077dcedaf16e", + "name" : "developers", + "path" : "/developers", + "attributes" : { }, + "realmRoles" : [ "default-developer-roles" ], + "clientRoles" : { }, + "subGroups" : [ ] + }, { + "id" : "f467c38e-9041-4faa-ae0b-39cec65ff4db", + "name" : "researchers", + "path" : "/researchers", + "attributes" : { }, + "realmRoles" : [ "default-researcher-roles" ], + "clientRoles" : { }, + "subGroups" : [ ] + } ], + "defaultRole" : { + "id" : "abd2d9ee-ebc4-4d0a-839e-6b588a6d442a", + "name" : "default-roles-dbrepo", + "description" : "${role_default-roles}", + "composite" : false, + "clientRole" : false, + "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0" + }, + "defaultGroups" : [ "/researchers" ], + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppMicrosoftAuthenticatorName", "totpAppGoogleName", "totpAppFreeOTPName" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "e767a4a6-79e9-4e08-82b7-1076e1a09142", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/dbrepo/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/dbrepo/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d3c4a04e-39ce-4549-a34a-11e25774cd96", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/dbrepo/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/dbrepo/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "22d90d9c-9881-474c-8dfd-a62c808a9f1c", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "81ef0f59-a5ca-4be4-a1d1-0c32edf1cfd6", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "88694c91-753d-4c44-9740-ec9ac06bba45", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "6b7ef364-4132-4831-b4e2-b6e9e9dc63ee", + "clientId" : "dbrepo-client", + "name" : "${dbrepo-client}", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "client.secret.creation.time" : "1680085365", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "*", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "6a8cae99-294f-4fc2-9561-5a52f3f6a1ba", + "name" : "Audience", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-hardcoded-claim-mapper", + "consentRequired" : false, + "config" : { + "claim.value" : "spring", + "userinfo.token.claim" : "false", + "id.token.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "aud", + "access.tokenResponse.claim" : "false" + } + }, { + "id" : "8ae79e43-b2b7-4bb9-a420-b498690dd8c3", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "false", + "user.attribute" : "firstName", + "id.token.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "user.firstname", + "jsonType.label" : "String" + } + }, { + "id" : "ef081a47-f023-4056-958c-4194d3878d8c", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "false", + "user.attribute" : "username", + "id.token.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "client_id", + "jsonType.label" : "String" + } + }, { + "id" : "99e3b48b-86ff-4e5b-8652-fcd2738b0ad1", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "user.lastname", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "roles", "attributes" ], + "optionalClientScopes" : [ "rabbitmq.read:*/*", "web-origins", "acr", "rabbitmq.write:*/*", "address", "phone", "offline_access", "profile", "microprofile-jwt", "email", "rabbitmq.configure:*/*" ] + }, { + "id" : "25741f6b-4867-4138-8238-6345c6ba8702", + "clientId" : "rabbitmq-client", + "name" : "${rabbitmq-client}", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "JEC2FexxrX4N65fLeDGukAl6R3Lc9y0u", + "redirectUris" : [ "*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "client.secret.creation.time" : "1680000860", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "*", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "01a937ed-f0e8-4137-80f3-3be3c447f7fb", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "false", + "user.attribute" : "username", + "id.token.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "client_id", + "jsonType.label" : "String" + } + }, { + "id" : "f1afc22d-f595-403b-ba2e-6ab19d98205e", + "name" : "Audience", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-hardcoded-claim-mapper", + "consentRequired" : false, + "config" : { + "claim.value" : "rabbitmq", + "userinfo.token.claim" : "false", + "id.token.claim" : "false", + "access.token.claim" : "true", + "claim.name" : "aud", + "access.tokenResponse.claim" : "false" + } + } ], + "defaultClientScopes" : [ "rabbitmq.read:*/*", "web-origins", "acr", "rabbitmq.write:*/*", "rabbitmq.configure:*/*" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "profile", "roles", "microprofile-jwt", "email" ] + }, { + "id" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f205c451-9524-4380-acc3-947f7ecb6b7c", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/dbrepo/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/dbrepo/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "c4d54410-3f22-4259-9571-94da2c43b752", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "7f6e9b44-e2eb-417d-b0fe-db820c9a6564", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "782819fe-ba5d-4ddb-9f95-cabb69d79c8d", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "ca613fc8-bbf2-4240-8b33-a1874f1559f3", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "b9da268f-6745-49dc-a764-3c54e385accc", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "84f0487a-1d7d-470c-9b8e-5835294ae235", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "bbdcdb36-3ec0-443d-b1af-9993d40f0567", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "9faa870b-5491-4ce9-b27d-c9ce07d6a95e", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "f0e3c012-9523-4076-83ae-e466e2d08220", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "f757d8ec-e181-429c-9287-9ad0600b061f", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "18cfbf4b-0a8e-45c7-a832-c0f72c92f3f3", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "841ea785-26ab-429a-a420-09ce3948924d", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "bfba13ff-f952-4e89-bbb1-a693fdebfae8", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "475f071d-5149-4379-b928-76482f5f519c", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "b8bebfed-b5e9-4604-a0ee-9817f7d439ac", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "445232c8-6830-476c-a6f1-8bbef167595a", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "65f2e474-6ede-4872-86e4-e49504dd0f2a", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "16cd5a27-ccf3-453c-ae1e-8621813ab73c", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "f9efedfc-3388-457c-b10a-1dff4525ff9b", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "627fa054-08eb-4206-af71-9e838e984b8b", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "e6cc53e5-5d7e-468e-88c8-0737dd3dc759", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "83b4444c-10fc-44e8-a0c0-0c1da1f9bba3", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "4122ff9e-ad3c-4142-afc6-9aefdecfc86d", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "bb0747fa-c008-4af3-93be-e7739650ebd5", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "2e76447d-fbe7-4fa7-a16c-54a381b960ae", + "name" : "rabbitmq.configure:*/*", + "description" : "", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false", + "gui.order" : "", + "consent.screen.text" : "" + } + }, { + "id" : "52aad832-c6c4-49df-8a04-6ad4a406fdfa", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "dae802fb-9138-408a-b80e-a40eb0f56814", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "feb06a8d-b0eb-4911-8464-368d93f566fa", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "f64d64e8-57ce-4eb2-b99e-9f02fdbd99f9", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "c6411e3b-6478-453d-b530-5fe175a4d786", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "55341d34-0086-4173-ae61-d9b175b179d8", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "58ea3217-0fff-4207-9d08-919f5493b629", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "a02c2c38-923c-46ec-9899-321412b388e5", + "name" : "attributes", + "description" : "User Attributes", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "gui.order" : "", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "78c461c1-f3f9-4d10-8835-097f13bdcd60", + "name" : "Theme", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "aggregate.attrs" : "false", + "multivalued" : "false", + "userinfo.token.claim" : "true", + "user.attribute" : "theme_dark", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "attributes.theme_dark" + } + } ] + }, { + "id" : "06062e22-89c0-4e1d-a25b-2483903b02d5", + "name" : "rabbitmq.write:*/*", + "description" : "", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false", + "gui.order" : "", + "consent.screen.text" : "" + } + }, { + "id" : "210cc792-6c07-45a6-a77e-827cdf3b41ba", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "425abf4a-2ee2-431d-aa92-e373a36fe556", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "8d4ffe4d-1d01-4ca1-8ff4-44eacca61b30", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "c96f0b73-ea79-4b46-93ef-d1092297f855", + "name" : "rabbitmq.read:*/*", + "description" : "", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false", + "gui.order" : "", + "consent.screen.text" : "" + } + }, { + "id" : "37f61543-dad7-4a82-8e10-77acdd1eefdc", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "3b6b6914-8ad1-4a71-88ec-444f754aaacb", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "2defedf5-9af3-4531-822c-a879dedcd29d", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "a7bd6723-e58e-47f7-95c0-2925ce99283d", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + } ], + "defaultDefaultClientScopes" : [ ], + "defaultOptionalClientScopes" : [ "rabbitmq.write:*/*", "offline_access", "rabbitmq.configure:*/*", "roles", "role_list", "address", "phone", "acr", "microprofile-jwt", "email", "attributes", "profile", "rabbitmq.read:*/*", "web-origins" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "4d3f9f14-f5d2-4b0c-8ea7-e6d078aa2191", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "f35bce67-1e75-408b-b065-52183368d4fd", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "0efa669d-1017-4b4a-82e1-c2eaf72de2c9", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "528fb423-d66e-472e-9120-1f03ba9e0f18", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] + } + }, { + "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "28ca0b6d-b2e2-4785-b04b-2391e6344e30", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "6dc4834f-a1de-4cfe-a29d-e84ac8e9b1a8" ], + "secret" : [ "HpuzG_jWYKwypLeoPEMC4A" ], + "priority" : [ "100" ] + } + }, { + "id" : "bd7945cf-6d35-4e03-9c3a-197f2dc76973", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "c8500166-5cc4-4085-ad0f-853c3b0b0233" ], + "secret" : [ "TI3xg__G2Qy8C47DracpYir2X4ItQZSrhgr5KSlwRNISDbBqZ-ky3OcAyokSXMcpweSOaCPvbivpvzJNklUBvw" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "2293ff99-3c6d-46d1-8635-5e679d5b134a", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQABAoIBADNcMt6hAHub4JTAYS6Mra0EPRBO2XhWmACBrv3+8ETClXd5475KPLDewgRVtlmtbwU8G8awUXESQgPS9lfiqvQhPreA3cHlm6oP2WMKOEtakr2s8I+frsTBLCo0Ini9RaSzjoVVgS0zofyhASKi+T970MafSj5P3XNb8YBFdXgoYDiA7FXLH6a/+m7LScL+wGcFMAAeYESxZbMQLfH3v8L+4EcTraiwjLG17ZdlF3dpybMyUSse6ZQ/PdlyvBuzzLXhN6Ce2gd9ATfS+YWTzo7Yf+GU+ex5bIpVOfHqtuM/hyq7YGKENClsXwNZIAoFnvGCbvECAfgyapVrD30IfykCgYEA0rgsSZ82pxT40NxwgBD1g9lbNVBKXphRB/3S078qusUzJjT7AldEj4imGPhAbI7bI8gAeWJsp1XJWkjM8ktaVrh+NQl7p8e9OPh0pQF/5Bdg8ajbjXESpjnaU66pVYRQy/d+jNli/YRAHX5RUfsBl+6W4+WSVMGmKBiqJsur+ecCgYEAz1YVXClcmUnyZem5B+2E9noIzjF6ROE+jIb6rawM85P3Xd0lXtECQavtxw+Qk7I32qOwrxl1UpK2foVel3pazi+4OpMfmqtYGenRP1Zk1cZwrDo0cIemTDGjj3kJ8tYn12CGolFQpJZgK6OHzvG0tOxI5VZgjIViWNPe1PGWXtUCgYEAxXGNDe8BZs1f11S2lUlOw5yGug3hoYFXbAWJ5p7Ziuf8ZXB/QlJDC7se54a11wKEk6Jzz0lKRgE8CjzszJuOqnN0zn10QGIIC7nCklo1W6QMUmPGVWH994N976tZP6gbjQL6sT+AYcvpx7j0ubxYYeRNvnz+ACzzY964kGGHY0ECgYEAumlwPPNnMN7+VEjGNm2D7UMdJZ3wi3tkjF5ThdA5uMohTsAk+FG80KSu3RmOaGyEsUwY7+VYyYvlDm4E9PZqLBVVczyR3rMNPAcwPd0EPfvzk7WlLkOX7ct3fehaXH3VRlyfz9KCSeh1wOZ/lT1VtpD2nVOC7PSDzs92+kfXZZ0CgYAnrD1y4skgXkdwolZ3unn3EFyGm2d+X5aMTHwQPdWxqoNIAl/9wdghlzihwnPhhsxq1WzlxuC3V2IMrNPtRx70Mi+FbSmR5m4Xx5RptgMtMlwno+L40PzNJgMjHGjt0wcx3Vel8wuohDtnqMyS7P5nG1/TQx0Cyzwn7QOXlNpgbQ==" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "b8378805-a082-46a0-9e28-a1e5d4db7e41", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "2652bbd9-bd49-465c-8595-690099333bf7", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "967c3248-c2e9-45a9-b770-b02e965b958a", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f78ad348-c3e1-476e-a916-fce0c383376a", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "788cf02b-5744-4ea6-940a-96bc762da4bd", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "273e61b7-9cc3-464e-a7b8-27c71aca4014", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "00f41bfc-8513-466d-8c6a-366b7f2f36ca", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "980ebf01-fe0a-4cfa-880e-dd86ce8e190e", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "5e6a7a10-4be8-4038-8fc5-0588b452328d", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "024e07f8-f975-41ef-b755-d2b089b5567c", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "324da9be-755e-4556-a1d3-58569b9df47c", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "bced47d4-5d04-4bb9-8605-94041185c0f3", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "6b301d9d-68c0-44c3-9a57-92669d08b2f3", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "9c9ddfeb-37a2-4186-a58f-cf90dca8e191", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "a9ef5094-93bf-49fc-9d0f-dcfc551cac5a", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "fae6e2e4-a071-458b-ac03-41dda3456f5a", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false + } ] + }, { + "id" : "ae5bcac5-8867-42e1-887f-fc67418b0c4b", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "72524b5d-1cfc-41b0-b29b-6f6890d2dc7f", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "834c96b8-790d-4869-8c66-d42cd35e4873", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "7f131501-e3ff-48f2-98e6-e34e4c5d6f9e", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "638341f1-94ba-4042-a3ee-41a0f41718f6", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "3c355b8c-8a51-4346-88f2-1ff81856b55c", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : false, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : false, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaAuthRequestedUserHint" : "login_hint", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "actionTokenGeneratedByUserLifespan-execute-actions" : "", + "actionTokenGeneratedByUserLifespan-verify-email" : "", + "clientOfflineSessionIdleTimeout" : "0", + "actionTokenGeneratedByUserLifespan-reset-credentials" : "", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "shortVerificationUri" : "" + }, + "keycloakVersion" : "21.0.2", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } + } \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/auth-service/env-configmap.yaml b/helm-charts/dbrepo/templates/auth-service/env-configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9de9a96419b24e91e219f5f131b14f610135a823 --- /dev/null +++ b/helm-charts/dbrepo/templates/auth-service/env-configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: auth-service-config + namespace: {{ $.Values.namespace }} +data: + KC_HOSTNAME_PATH: "/api/auth" + KC_HOSTNAME_ADMIN_URL: "https://{{ .Values.hostname }}/api/auth" \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/auth-service/secret.yaml b/helm-charts/dbrepo/templates/auth-service/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c6cc5911d9418808623fdce9608181fcecbece2a --- /dev/null +++ b/helm-charts/dbrepo/templates/auth-service/secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: auth-service-secret + namespace: {{ .Values.namespace }} +stringData: + db-host: "{{ index .Values "auth-db" "host" }}" + db-port: "{{ index .Values "auth-db" "port" }}" + db-name: "{{ index .Values "auth-db" "postgresql" "database" }}" + db-username: "{{ index .Values "auth-db" "postgresql" "username" }}" + db-password: "{{ index .Values "auth-db" "postgresql" "password" }}" diff --git a/helm-charts/dbrepo/templates/broker-service/secret.yaml b/helm-charts/dbrepo/templates/broker-service/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c1d158e5cf021e696ba28df000bf5afaa74c1985 --- /dev/null +++ b/helm-charts/dbrepo/templates/broker-service/secret.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: broker-service-secret + namespace: {{ .Values.namespace }} +stringData: + definitions.json: | + { + "bindings": [ + { + "arguments": {}, + "destination": "dbrepo", + "destination_type": "queue", + "routing_key": "dbrepo.#", + "source": "dbrepo", + "vhost": "dbrepo" + } + ], + "exchanges": [ + { + "arguments": {}, + "auto_delete": false, + "durable": true, + "name": "dbrepo", + "type": "topic", + "vhost": "dbrepo" + } + ], + "global_parameters": [], + "parameters": [], + "permissions": [ + { + "configure": ".*", + "read": ".*", + "user": "broker", + "vhost": "dbrepo", + "write": ".*" + } + ], + "policies": [], + "queues": [ + { + "arguments": { + "x-queue-type": "quorum", + "quorum_cluster_size": "2" + }, + "auto_delete": false, + "durable": true, + "name": "dbrepo", + "type": "quorum", + "vhost": "dbrepo" + } + ], + "rabbit_version": "3.10.25", + "rabbitmq_version": "3.10.25", + "topic_permissions": [], + "users": [ + { + "hashing_algorithm": "rabbit_password_hashing_sha256", + "limits": {}, + "name": "broker", + "password_hash": "Sek6WxpX2L6UhxlwRkD0cnYAH5GbtTcCFq1yY/SCc1mAa0gB", + "tags": [ + "administrator" + ] + } + ], + "vhosts": [ + { + "limits": [], + "metadata": { + "description": "Default virtual host", + "tags": [] + }, + "name": "dbrepo" + } + ] + } + cert.pem: | + -----BEGIN CERTIFICATE----- + MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk= + -----END CERTIFICATE----- + pubkey.pem: | + -----BEGIN RSA PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB + -----END RSA PUBLIC KEY----- \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/data-db/pvc.yaml b/helm-charts/dbrepo/templates/data-db/pvc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0e55aa4a0a1d9fa1f69706aadae269d985401bdd --- /dev/null +++ b/helm-charts/dbrepo/templates/data-db/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: data-db-shared +spec: + storageClassName: {{ index .Values "data-db" "persistence" "sharedStorageClass" }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/data-service/deployment.yaml b/helm-charts/dbrepo/templates/data-service/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..429a4ccf93de64908b065812b179a6c1169e3aac --- /dev/null +++ b/helm-charts/dbrepo/templates/data-service/deployment.yaml @@ -0,0 +1,165 @@ +{{- if .Values.dataService.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: data-service + namespace: {{ $.Values.namespace }} + labels: + app: data-service + service: data-service +spec: + replicas: {{ .Values.metadataService.replicaCount }} + strategy: + type: {{ $.Values.strategyType }} + selector: + matchLabels: + app: data-service + service: data-service + template: + metadata: + labels: + app: data-service + service: data-service + spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: data-service + image: {{ printf "%s/%s:%s" .Values.dataService.image.registry .Values.dataService.image.repository .Values.dataService.image.tag }} + imagePullPolicy: {{ .Values.dataService.image.pullPolicy | default "IfNotPresent" }} + ports: + - containerPort: 9093 + protocol: TCP + env: + - name: METADATA_DB + valueFrom: + secretKeyRef: + name: data-service-secret + key: metadata-db + - name: METADATA_HOST + valueFrom: + secretKeyRef: + name: data-service-secret + key: metadata-host + - name: METADATA_USERNAME + valueFrom: + secretKeyRef: + name: data-service-secret + key: metadata-username + - name: METADATA_PASSWORD + valueFrom: + secretKeyRef: + name: data-service-secret + key: metadata-password + - name: METADATA_JDBC_EXTRA_ARGS + valueFrom: + secretKeyRef: + name: data-service-secret + key: metadata-jdbc-extra-args + - name: SEARCH_USERNAME + valueFrom: + secretKeyRef: + name: data-service-secret + key: search-username + - name: SEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: data-service-secret + key: search-password + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: data-service-secret + key: jwt-issuer + - name: JWT_PUBKEY + valueFrom: + secretKeyRef: + name: data-service-secret + key: jwt-pubkey + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + name: data-service-secret + key: broker-username + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + name: data-service-secret + key: broker-password + - name: MIN_CONCURRENT_CONSUMERS + valueFrom: + secretKeyRef: + name: data-service-secret + key: min-concurrent-consumers + - name: MAX_CONCURRENT_CONSUMERS + valueFrom: + secretKeyRef: + name: data-service-secret + key: max-concurrent-consumers + - name: REQUEUE_REJECTED + valueFrom: + secretKeyRef: + name: data-service-secret + key: requeue-rejected + - name: BROKER_HOST + valueFrom: + secretKeyRef: + name: data-service-secret + key: broker-host + - name: BROKER_PORT + valueFrom: + secretKeyRef: + name: data-service-secret + key: broker-port + - name: BROKER_VIRTUALHOST + valueFrom: + secretKeyRef: + name: data-service-secret + key: broker-virtualhost + - name: QUEUE_NAME + valueFrom: + secretKeyRef: + name: data-service-secret + key: queue-name + - name: EXCHANGE_NAME + valueFrom: + secretKeyRef: + name: data-service-secret + key: exchange-name + - name: ROUTING_KEY + valueFrom: + secretKeyRef: + name: data-service-secret + key: routing-key + - name: CONNECTION_TIMEOUT + valueFrom: + secretKeyRef: + name: data-service-secret + key: connection-timeout + - name: LOG_LEVEL + valueFrom: + secretKeyRef: + name: data-service-secret + key: log-level + livenessProbe: + exec: + command: + - /bin/bash + - -ec + - "curl -sSL localhost:9093/actuator/health/readiness | grep 'UP' || exit 1" + initialDelaySeconds: 120 + periodSeconds: 30 + readinessProbe: + exec: + command: + - /bin/bash + - -ec + - "curl -sSL localhost:9093/actuator/health/liveness | grep 'UP' || exit 1" + initialDelaySeconds: 30 + periodSeconds: 30 + volumeMounts: [] + volumes: [] +{{- end }} diff --git a/helm-charts/dbrepo/templates/data-service/secret.yaml b/helm-charts/dbrepo/templates/data-service/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..52fbb2e3a9f70ab51a89be64639e8eb3c79fac94 --- /dev/null +++ b/helm-charts/dbrepo/templates/data-service/secret.yaml @@ -0,0 +1,31 @@ +{{ $pidBase := printf "https://%s/pid/" .Values.hostname }} +{{ $jwtIssuer := printf "https://%s/api/auth/realms/dbrepo" .Values.hostname }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: data-service-secret + namespace: {{ .Values.namespace }} +stringData: + metadata-db: "{{ index .Values "metadata-db" "db" "name" }}" + metadata-host: "{{ index .Values "metadata-db" "host" }}" + metadata-username: "{{ index .Values "metadata-db" "rootUser" "user" }}" + metadata-password: "{{ index .Values "metadata-db" "rootUser" "password" }}" + metadata-jdbc-extra-args: "{{ index .Values "metadata-db" "jdbcExtraArgs" }}" + search-username: "{{ index .Values "search-db" "username" }}" + search-password: "{{ index .Values "search-db" "password" }}" + jwt-issuer: "{{ $jwtIssuer }}" + jwt-pubkey: "{{ .Values.dataService.jwt.pubkey }}" + broker-username: "{{ index .Values "broker-service" "auth" "username" }}" + broker-password: "{{ index .Values "broker-service" "auth" "password" }}" + min-concurrent-consumers: "{{ .Values.dataService.consumerConcurrentMin }}" + max-concurrent-consumers: "{{ .Values.dataService.consumerConcurrentMax }}" + requeue-rejected: "{{ .Values.dataService.requeueRejected }}" + log-level: "{{ ternary "debug" "info" .Values.dataService.image.debug }}" + broker-host: "{{ index .Values "broker-service" "host" }}" + broker-port: "{{ index .Values "broker-service" "port" }}" + broker-virtualhost: "{{ index .Values "broker-service" "virtualHost" }}" + queue-name: "{{ index .Values "broker-service" "queueName" }}" + exchange-name: "{{ index .Values "broker-service" "exchangeName" }}" + routing-key: "{{ index .Values "broker-service" "routingKey" }}" + connection-timeout: "{{ index .Values "broker-service" "connectionTimeout" }}" \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/data-service/service.yaml b/helm-charts/dbrepo/templates/data-service/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..71a1f8f46fb98282fb06ae320ba645425e76bcff --- /dev/null +++ b/helm-charts/dbrepo/templates/data-service/service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.dataService.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: data-service + namespace: {{ $.Values.namespace }} + labels: + service: data-service +spec: + type: ClusterIP + ports: + - name: "data-service" + port: 80 + targetPort: 9093 + protocol: TCP + selector: + service: data-service +{{- end }} diff --git a/helm-charts/dbrepo/templates/ingress.yaml b/helm-charts/dbrepo/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..20eeb071fa6e47a331609c7d4dae9ca6a93039a0 --- /dev/null +++ b/helm-charts/dbrepo/templates/ingress.yaml @@ -0,0 +1,39 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.data }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dbrepo-{{ .name }} + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ $.Values.namespace }} +spec: + ingressClassName: nginx + {{- if .tls }} + tls: + {{- range .tls }} + - hosts: + - "{{ $.Values.hostname }}" + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .hosts }} + - host: "{{ $.Values.hostname }}" + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ .serviceName }} + port: + number: {{ .portNumber }} + {{- end}} + {{- end}} +{{- end}} +{{- end}} \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/metadata-db/configmap.yaml b/helm-charts/dbrepo/templates/metadata-db/configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f6cf02b518d6b514be5c17ab4cdadfdfdd8cd562 --- /dev/null +++ b/helm-charts/dbrepo/templates/metadata-db/configmap.yaml @@ -0,0 +1,562 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: metadata-db-setup + namespace: {{ $.Values.namespace }} +data: + 02-setup-container.sql: | + BEGIN; + INSERT INTO `mdb_containers` (name, internal_name, image_id, host, port, sidecar_host, sidecar_port, privileged_username, privileged_password) + VALUES ('MariaDB Galera 11.1.3', 'mariadb_11_1_3', 1, 'data-db', 3306, 'data-db', 3305, 'root', 'dbrepo'); + INSERT INTO `mdb_banner_messages` (type, message) + VALUES ('INFO', 'You are currently working on our test environment. Any data upload to this system may be deleted.'); + COMMIT; + 01-setup-schema.sql: | + BEGIN; + CREATE TABLE IF NOT EXISTS `mdb_users` + ( + id character varying(36) NOT NULL, + username character varying(255) NOT NULL, + firstname character varying(255), + lastname character varying(255), + email character varying(255) NOT NULL, + orcid character varying(255), + affiliation character varying(255), + mariadb_password character varying(255) NOT NULL, + theme_dark boolean, + PRIMARY KEY (id), + UNIQUE (username), + UNIQUE (email) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_images` + ( + id bigint NOT NULL AUTO_INCREMENT, + name character varying(255) NOT NULL, + version character varying(255) NOT NULL, + default_port integer NOT NULL, + dialect character varying(255) NOT NULL, + driver_class character varying(255) NOT NULL, + jdbc_method character varying(255) NOT NULL, + created timestamp NOT NULL DEFAULT NOW(), + last_modified timestamp, + PRIMARY KEY (id), + UNIQUE (name, version) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_images_date` + ( + id bigint NOT NULL AUTO_INCREMENT, + iid bigint NOT NULL, + database_format character varying(255) NOT NULL, + unix_format character varying(255) NOT NULL, + example character varying(255) NOT NULL, + has_time boolean NOT NULL, + created_at timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (id), + FOREIGN KEY (iid) REFERENCES mdb_images (id), + UNIQUE (database_format, unix_format, example) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_containers` + ( + id bigint NOT NULL AUTO_INCREMENT, + internal_name character varying(255) NOT NULL, + name character varying(255) NOT NULL, + host character varying(255) NOT NULL, + port integer NOT NULL default 3306, + ui_host character varying(255) NOT NULL default host, + ui_port integer NOT NULL default port, + ui_additional_flags text, + sidecar_host character varying(255) NOT NULL, + sidecar_port integer NOT NULL default 3305, + image_id bigint NOT NULL, + created timestamp NOT NULL DEFAULT NOW(), + last_modified timestamp, + privileged_username character varying(255) NOT NULL, + privileged_password character varying(255) NOT NULL, + PRIMARY KEY (id), + FOREIGN KEY (image_id) REFERENCES mdb_images (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_data` + ( + ID bigint NOT NULL AUTO_INCREMENT, + PROVENANCE text, + FileEncoding text, + FileType character varying(100), + Version text, + Seperator text, + PRIMARY KEY (ID) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_licenses` + ( + identifier character varying(255) NOT NULL, + uri text NOT NULL, + PRIMARY KEY (identifier), + UNIQUE (uri(200)) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_databases` + ( + id bigint NOT NULL AUTO_INCREMENT, + cid bigint NOT NULL, + name character varying(255) NOT NULL, + internal_name character varying(255) NOT NULL, + exchange_name character varying(255) NOT NULL, + description text, + engine character varying(20), + is_public boolean NOT NULL DEFAULT TRUE, + created_by character varying(36), + owned_by character varying(36), + contact_person character varying(36), + created timestamp NOT NULL DEFAULT NOW(), + last_modified timestamp, + PRIMARY KEY (id), + FOREIGN KEY (cid) REFERENCES mdb_containers (id) /* currently we only support one-to-one */, + FOREIGN KEY (created_by) REFERENCES mdb_users (id), + FOREIGN KEY (owned_by) REFERENCES mdb_users (id), + FOREIGN KEY (contact_person) REFERENCES mdb_users (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_databases_subjects` + ( + dbid BIGINT NOT NULL, + subjects character varying(255) NOT NULL, + PRIMARY KEY (dbid, subjects) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_tables` + ( + ID bigint NOT NULL AUTO_INCREMENT, + tDBID bigint NOT NULL, + internal_name character varying(255) NOT NULL, + queue_name character varying(255) NOT NULL, + routing_key character varying(255) NOT NULL, + tName VARCHAR(50), + tDescription TEXT, + num_rows BIGINT, + data_length BIGINT, + max_data_length BIGINT, + avg_row_length BIGINT, + `separator` CHAR(1), + quote CHAR(1), + element_null VARCHAR(50), + skip_lines BIGINT, + element_true VARCHAR(50), + element_false VARCHAR(50), + Version TEXT, + created timestamp NOT NULL DEFAULT NOW(), + versioned boolean not null default true, + created_by character varying(36) NOT NULL, + owned_by character varying(36) NOT NULL, + last_modified timestamp, + PRIMARY KEY (ID), + FOREIGN KEY (tDBID) REFERENCES mdb_databases (id), + FOREIGN KEY (created_by) REFERENCES mdb_users (id), + FOREIGN KEY (owned_by) REFERENCES mdb_users (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_columns` + ( + ID BIGINT NOT NULL AUTO_INCREMENT, + tID BIGINT NOT NULL, + dfID BIGINT, + cName VARCHAR(100), + internal_name VARCHAR(100) NOT NULL, + alias VARCHAR(100), + Datatype ENUM ('CHAR','VARCHAR','BINARY','VARBINARY','TINYBLOB','TINYTEXT','TEXT','BLOB','MEDIUMTEXT','MEDIUMBLOB','LONGTEXT','LONGBLOB','ENUM','SET','BIT','TINYINT','BOOL','SMALLINT','MEDIUMINT','INT','BIGINT','FLOAT','DOUBLE','DECIMAL','DATE','DATETIME','TIMESTAMP','TIME','YEAR'), + length BIGINT NULL, + ordinal_position INTEGER NOT NULL, + is_primary_key BOOLEAN NOT NULL, + index_length BIGINT NULL, + size BIGINT, + d BIGINT, + auto_generated BOOLEAN DEFAULT false, + is_null_allowed BOOLEAN NOT NULL DEFAULT true, + val_min NUMERIC NULL, + val_max NUMERIC NULL, + mean NUMERIC NULL, + median NUMERIC NULL, + std_dev Numeric NULL, + created timestamp NOT NULL DEFAULT NOW(), + last_modified timestamp, + FOREIGN KEY (tID) REFERENCES mdb_tables (ID) ON DELETE CASCADE, + PRIMARY KEY (ID) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_columns_enums` + ( + id bigint NOT NULL AUTO_INCREMENT, + column_id bigint NOT NULL, + value CHARACTER VARYING(255) NOT NULL, + FOREIGN KEY (column_id) REFERENCES mdb_columns (ID), + PRIMARY KEY (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_columns_sets` + ( + id bigint NOT NULL AUTO_INCREMENT, + column_id bigint NOT NULL, + value CHARACTER VARYING(255) NOT NULL, + FOREIGN KEY (column_id) REFERENCES mdb_columns (ID), + PRIMARY KEY (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_columns_nom` + ( + tID bigint, + cID bigint, + maxlength INTEGER, + last_modified timestamp, + created timestamp NOT NULL DEFAULT NOW(), + FOREIGN KEY (tID, cID) REFERENCES mdb_columns (tID, ID), + PRIMARY KEY (tID, cID) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_columns_cat` + ( + tID bigint, + cID bigint, + num_cat INTEGER, + -- cat_array TEXT[], + last_modified timestamp, + created timestamp NOT NULL DEFAULT NOW(), + FOREIGN KEY (tID, cID) REFERENCES mdb_columns (tID, ID), + PRIMARY KEY (tID, cID) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_constraints_foreign_key` + ( + fkid BIGINT NOT NULL AUTO_INCREMENT, + tid BIGINT NOT NULL, + rtid BIGINT NOT NULL, + on_update VARCHAR(50) NULL, + on_delete VARCHAR(50) NULL, + position INT NULL, + PRIMARY KEY (fkid), + FOREIGN KEY (tid) REFERENCES mdb_tables (id) ON DELETE CASCADE, + FOREIGN KEY (rtid) REFERENCES mdb_tables (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_constraints_foreign_key_reference` + ( + id BIGINT NOT NULL AUTO_INCREMENT, + fkid BIGINT NOT NULL, + cid BIGINT NOT NULL, + rcid BIGINT NOT NULL, + PRIMARY KEY (id), + FOREIGN KEY (fkid) REFERENCES mdb_constraints_foreign_key (fkid) ON UPDATE CASCADE, + FOREIGN KEY (cid) REFERENCES mdb_columns (id), + FOREIGN KEY (rcid) REFERENCES mdb_columns (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_constraints_unique` + ( + uid BIGINT NOT NULL AUTO_INCREMENT, + tid BIGINT NOT NULL, + position INT NULL, + PRIMARY KEY (uid), + FOREIGN KEY (tid) REFERENCES mdb_tables (id) ON DELETE CASCADE + ); + + CREATE TABLE IF NOT EXISTS `mdb_constraints_unique_columns` + ( + id BIGINT NOT NULL AUTO_INCREMENT, + uid BIGINT NOT NULL, + cid BIGINT NOT NULL, + PRIMARY KEY (id), + FOREIGN KEY (uid) REFERENCES mdb_constraints_unique (uid), + FOREIGN KEY (cid) REFERENCES mdb_columns (id) ON DELETE CASCADE + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_constraints_checks` + ( + id BIGINT NOT NULL AUTO_INCREMENT, + tid BIGINT NOT NULL, + checks VARCHAR(255) NOT NULL, + PRIMARY KEY (id), + FOREIGN KEY (tid) REFERENCES mdb_tables (id) ON DELETE CASCADE + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_concepts` + ( + id bigint NOT NULL AUTO_INCREMENT, + uri text not null, + name VARCHAR(255) null, + description TEXT null, + created timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (id), + UNIQUE (uri(200)) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_units` + ( + id bigint NOT NULL AUTO_INCREMENT, + uri text not null, + name VARCHAR(255) null, + description TEXT null, + created timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (id), + UNIQUE (uri(200)) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_columns_concepts` + ( + id bigint NOT NULL, + cID bigint NOT NULL, + created timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (id, cid), + FOREIGN KEY (cID) REFERENCES mdb_columns (ID) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_columns_units` + ( + id bigint NOT NULL, + cID bigint NOT NULL, + created timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (id, cID), + FOREIGN KEY (cID) REFERENCES mdb_columns (ID) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_view` + ( + id bigint NOT NULL AUTO_INCREMENT, + vdbid bigint NOT NULL, + vName VARCHAR(255) NOT NULL, + internal_name VARCHAR(255) NOT NULL, + Query TEXT NOT NULL, + query_hash VARCHAR(255) NOT NULL, + Public BOOLEAN NOT NULL, + InitialView BOOLEAN NOT NULL, + created timestamp NOT NULL DEFAULT NOW(), + last_modified timestamp, + created_by character varying(36) NOT NULL, + PRIMARY KEY (id), + FOREIGN KEY (vdbid) REFERENCES mdb_databases (id), + FOREIGN KEY (created_by) REFERENCES mdb_users (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_banner_messages` + ( + id bigint NOT NULL AUTO_INCREMENT, + type ENUM ('ERROR', 'WARNING', 'INFO') NOT NULL default 'INFO', + message TEXT NOT NULL, + link TEXT NULL, + link_text VARCHAR(255) NULL, + display_start timestamp NULL, + display_end timestamp NULL, + PRIMARY KEY (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_ontologies` + ( + id bigint NOT NULL AUTO_INCREMENT, + prefix VARCHAR(8) NOT NULL, + uri TEXT NOT NULL, + uri_pattern TEXT, + sparql_endpoint TEXT NULL, + rdf_path TEXT NULL, + last_modified timestamp, + created timestamp NOT NULL DEFAULT NOW(), + UNIQUE (prefix), + UNIQUE (uri(200)), + PRIMARY KEY (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_view_columns` + ( + id BIGINT NOT NULL AUTO_INCREMENT, + cid BIGINT NOT NULL, + vid BIGINT NOT NULL, + position INTEGER NULL, + PRIMARY KEY (id), + FOREIGN KEY (vid) REFERENCES mdb_view (id), + FOREIGN KEY (cid) REFERENCES mdb_columns (ID) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_identifiers` + ( + id BIGINT NOT NULL AUTO_INCREMENT, + dbid BIGINT, + qid BIGINT, + vid BIGINT, + tid BIGINT, + publisher VARCHAR(255) NOT NULL, + language VARCHAR(2), + publication_year INTEGER NOT NULL, + publication_month INTEGER, + publication_day INTEGER, + identifier_type ENUM ('DATABASE', 'SUBSET', 'VIEW', 'TABLE') NOT NULL, + query TEXT, + query_normalized TEXT, + query_hash VARCHAR(255), + execution TIMESTAMP, + result_hash VARCHAR(255), + result_number BIGINT, + doi VARCHAR(255), + created TIMESTAMP NOT NULL DEFAULT NOW(), + created_by VARCHAR(36) NOT NULL, + last_modified TIMESTAMP, + PRIMARY KEY (id), /* must be a single id from persistent identifier concept */ + FOREIGN KEY (dbid) REFERENCES mdb_databases (id), + FOREIGN KEY (created_by) REFERENCES mdb_users (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_identifier_licenses` + ( + pid bigint NOT NULL, + license_id VARCHAR(255) NOT NULL, + PRIMARY KEY (pid, license_id), + FOREIGN KEY (pid) REFERENCES mdb_identifiers (id), + FOREIGN KEY (license_id) REFERENCES mdb_licenses (identifier) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_identifier_titles` + ( + id bigint NOT NULL AUTO_INCREMENT, + pid bigint NOT NULL, + title text NOT NULL, + title_type ENUM ('ALTERNATIVE_TITLE', 'SUBTITLE', 'TRANSLATED_TITLE', 'OTHER'), + language VARCHAR(2), + PRIMARY KEY (id), + FOREIGN KEY (pid) REFERENCES mdb_identifiers (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_identifier_funders` + ( + id bigint NOT NULL AUTO_INCREMENT, + pid bigint NOT NULL, + funder_name VARCHAR(255) NOT NULL, + funder_identifier TEXT, + funder_identifier_type ENUM ('CROSSREF_FUNDER_ID', 'GRID', 'ISNI', 'ROR', 'OTHER'), + scheme_uri text, + award_number VARCHAR(255), + award_title text, + language VARCHAR(255), + PRIMARY KEY (id), + FOREIGN KEY (pid) REFERENCES mdb_identifiers (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_identifier_descriptions` + ( + id bigint NOT NULL AUTO_INCREMENT, + pid bigint NOT NULL, + description text NOT NULL, + description_type ENUM ('ABSTRACT', 'METHODS', 'SERIES_INFORMATION', 'TABLE_OF_CONTENTS', 'TECHNICAL_INFO', 'OTHER'), + language VARCHAR(2), + PRIMARY KEY (id), + FOREIGN KEY (pid) REFERENCES mdb_identifiers (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_related_identifiers` + ( + id bigint NOT NULL AUTO_INCREMENT, + pid bigint NOT NULL, + value varchar(255) NOT NULL, + type varchar(255), + relation varchar(255), + PRIMARY KEY (id), /* must be a single id from persistent identifier concept */ + FOREIGN KEY (pid) REFERENCES mdb_identifiers (id), + UNIQUE (pid, value) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_identifier_creators` + ( + id bigint NOT NULL AUTO_INCREMENT, + pid bigint NOT NULL, + given_names text, + family_name text, + creator_name VARCHAR(255) NOT NULL, + name_type ENUM ('PERSONAL', 'ORGANIZATIONAL') default 'PERSONAL', + name_identifier text, + name_identifier_scheme ENUM ('ROR', 'GRID', 'ISNI', 'ORCID'), + name_identifier_scheme_uri text, + affiliation VARCHAR(255), + affiliation_identifier text, + affiliation_identifier_scheme ENUM ('ROR', 'GRID', 'ISNI'), + affiliation_identifier_scheme_uri text, + PRIMARY KEY (id), + FOREIGN KEY (pid) REFERENCES mdb_identifiers (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_feed` + ( + fDBID bigint, + fID bigint, + fUserId character varying(36) not null, + fDataID bigint REFERENCES mdb_data (ID), + created timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (fDBID, fID, fUserId, fDataID), + FOREIGN KEY (fDBID, fID) REFERENCES mdb_tables (tDBID, ID), + FOREIGN KEY (fUserId) REFERENCES mdb_users (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_update` + ( + uUserID character varying(255) NOT NULL, + uDBID bigint NOT NULL, + created timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (uUserID, uDBID), + FOREIGN KEY (uDBID) REFERENCES mdb_databases (id) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_access` + ( + aUserID character varying(255) NOT NULL, + aDBID bigint REFERENCES mdb_databases (id), + attime TIMESTAMP, + download BOOLEAN, + created timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (aUserID, aDBID) + ) WITH SYSTEM VERSIONING; + + CREATE TABLE IF NOT EXISTS `mdb_have_access` + ( + user_id character varying(36) NOT NULL, + database_id bigint REFERENCES mdb_databases (id), + access_type ENUM ('READ', 'WRITE_OWN', 'WRITE_ALL') NOT NULL, + created timestamp NOT NULL DEFAULT NOW(), + PRIMARY KEY (user_id, database_id), + FOREIGN KEY (user_id) REFERENCES mdb_users (id) + ) WITH SYSTEM VERSIONING; + + COMMIT; + BEGIN; + + INSERT INTO `mdb_licenses` (identifier, uri) + VALUES ('MIT', 'https://opensource.org/licenses/MIT'), + ('GPL-3.0-only', 'https://www.gnu.org/licenses/gpl-3.0-standalone.html'), + ('BSD-3-Clause', 'https://opensource.org/licenses/BSD-3-Clause'), + ('BSD-4-Clause', 'http://directory.fsf.org/wiki/License:BSD_4Clause'), + ('Apache-2.0', 'https://opensource.org/licenses/Apache-2.0'), + ('CC0-1.0', 'https://creativecommons.org/publicdomain/zero/1.0/legalcode'), + ('CC-BY-4.0', 'https://creativecommons.org/licenses/by/4.0/legalcode'); + + INSERT INTO `mdb_images` (name, version, default_port, dialect, driver_class, jdbc_method) + VALUES ('mariadb', '11.1.3', 3306, 'org.hibernate.dialect.MariaDBDialect', 'org.mariadb.jdbc.Driver', 'mariadb'); + + INSERT INTO `mdb_images_date` (iid, database_format, unix_format, example, has_time) + VALUES (1, '%Y-%c-%d %H:%i:%S.%f', 'yyyy-MM-dd HH:mm:ss.SSSSSS', '2022-01-30 13:44:25.499', true), + (1, '%Y-%c-%d %H:%i:%S', 'yyyy-MM-dd HH:mm:ss', '2022-01-30 13:44:25', true), + (1, '%Y-%c-%d', 'yyyy-MM-dd', '2022-01-30', false), + (1, '%H:%i:%S', 'HH:mm:ss', '13:44:25', true); + + INSERT INTO `mdb_ontologies` (prefix, uri, uri_pattern, sparql_endpoint, rdf_path) + VALUES ('om', 'http://www.ontology-of-units-of-measure.org/resource/om-2/', + 'http://www.ontology-of-units-of-measure.org/resource/om-2/.*', null, 'rdf/om-2.0.rdf'), + ('wd', 'http://www.wikidata.org/', 'http://www.wikidata.org/entity/.*', 'https://query.wikidata.org/sparql', + null), + ('mo', 'http://purl.org/ontology/mo/', 'http://purl.org/ontology/mo/.*', null, null), + ('dc', 'http://purl.org/dc/elements/1.1/', null, null, null), + ('xsd', 'http://www.w3.org/2001/XMLSchema#', null, null, null), + ('tl', 'http://purl.org/NET/c4dm/timeline.owl#', null, null, null), + ('foaf', 'http://xmlns.com/foaf/0.1/', null, null, null), + ('schema', 'http://schema.org/', null, null, null), + ('rdf', 'http://www.w3.org/1999/02/22-rdf-syntax-ns#', null, null, null), + ('rdfs', 'http://www.w3.org/2000/01/rdf-schema#', null, null, null), + ('owl', 'http://www.w3.org/2002/07/owl#', null, null, null), + ('prov', 'http://www.w3.org/ns/prov#', null, null, null), + ('db', 'http://dbpedia.org', 'http://dbpedia.org/ontology/.*', 'http://dbpedia.org/sparql', null); + COMMIT; diff --git a/helm-charts/dbrepo/templates/metadata-service/deployment.yaml b/helm-charts/dbrepo/templates/metadata-service/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a74271436d67ec3c2e5c7c401a41fe80e606c5cf --- /dev/null +++ b/helm-charts/dbrepo/templates/metadata-service/deployment.yaml @@ -0,0 +1,277 @@ +{{- if .Values.metadataService.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-service + namespace: {{ $.Values.namespace }} + labels: + app: metadata-service + service: metadata-service +spec: + replicas: {{ .Values.metadataService.replicaCount }} + strategy: + type: {{ $.Values.strategyType }} + selector: + matchLabels: + app: metadata-service + service: metadata-service + template: + metadata: + labels: + app: metadata-service + service: metadata-service + spec: + securityContext: + fsGroup: 0 + runAsUser: 0 + runAsGroup: 0 + containers: + - name: metadata-service + image: {{ printf "%s/%s:%s" .Values.metadataService.image.registry .Values.metadataService.image.repository .Values.metadataService.image.tag }} + imagePullPolicy: {{ .Values.metadataService.image.pullPolicy | default "IfNotPresent" }} + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + ports: + - containerPort: 9099 + protocol: TCP + env: + - name: ADMIN_MAIL + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: admin-email + - name: GATEWAY_ENDPOINT + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: gateway-endpoint + - name: WEBSITE + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: website + - name: SEARCH_USERNAME + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: search-username + - name: SEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: search-password + - name: BROKER_HOST + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: broker-host + - name: BROKER_PORT + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: broker-port + - name: BROKER_ENDPOINT + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: broker-endpoint + - name: BROKER_USERNAME + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: broker-username + - name: BROKER_PASSWORD + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: broker-password + - name: SHARED_FILESYSTEM + value: /mnt/shared + - name: METADATA_DB + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: metadata-db + - name: METADATA_HOST + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: metadata-host + - name: METADATA_USERNAME + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: metadata-username + - name: METADATA_PASSWORD + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: metadata-password + - name: METADATA_JDBC_EXTRA_ARGS + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: metadata-jdbc-extra-args + - name: KEYCLOAK_HOST + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: keycloak-host + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: keycloak-admin + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: keycloak-admin-password + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: jwt-issuer + - name: DATACITE_URL + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: datacite-url + - name: DATACITE_PREFIX + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: datacite-prefix + - name: DATACITE_USERNAME + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: datacite-username + - name: DATACITE_PASSWORD + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: datacite-password + - name: REPOSITORY_NAME + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: repository-name + - name: BASE_URL + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: base-url + - name: PID_BASE + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: pid-base + - name: MIN_CONCURRENT_CONSUMERS + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: min-concurrent-consumers + - name: MAX_CONCURRENT_CONSUMERS + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: max-concurrent-consumers + - name: REQUEUE_REJECTED + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: requeue-rejected + - name: BROKER_VIRTUALHOST + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: broker-virtualhost + - name: QUEUE_NAME + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: queue-name + - name: EXCHANGE_NAME + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: exchange-name + - name: ROUTING_KEY + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: routing-key + - name: CONNECTION_TIMEOUT + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: connection-timeout + - name: LOG_LEVEL + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: log-level + - name: S3_STORAGE_ENDPOINT + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: s3-storage-endpoint + - name: S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: s3-access-key-id + - name: S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: s3-secret-access-key + - name: S3_IMPORT_BUCKET + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: s3-import-bucket + - name: S3_EXPORT_BUCKET + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: s3-export-bucket + - name: MIRROR_RATE + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: mirror-rate + - name: OBTAIN_METADATA_RATE + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: obtain-metadata-rate + - name: DELETE_STALE_QUERIES_RATE + valueFrom: + secretKeyRef: + name: metadata-service-secret + key: delete-stale-queries-rate + {{- if .Values.metadataService.datacite.enabled }} + - name: spring_profiles_active + value: doi + {{- end }} + livenessProbe: + exec: + command: + - /bin/bash + - -ec + - "curl -sSL localhost:9099/actuator/health/readiness | grep 'UP' || exit 1" + initialDelaySeconds: 120 + periodSeconds: 30 + readinessProbe: + exec: + command: + - /bin/bash + - -ec + - "curl -sSL localhost:9099/actuator/health/liveness | grep 'UP' || exit 1" + initialDelaySeconds: 30 + periodSeconds: 30 +{{- end }} diff --git a/helm-charts/dbrepo/templates/metadata-service/secret.yaml b/helm-charts/dbrepo/templates/metadata-service/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a8ebcba53df13966383988c4a2fda4c6f22746e3 --- /dev/null +++ b/helm-charts/dbrepo/templates/metadata-service/secret.yaml @@ -0,0 +1,52 @@ +{{ $pidBase := printf "https://%s/pid/" .Values.hostname }} +{{ $jwtIssuer := printf "https://%s/api/auth/realms/dbrepo" .Values.hostname }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: metadata-service-secret + namespace: {{ .Values.namespace }} +stringData: + admin-email: "{{ .Values.metadataService.adminEmail }}" + base-url: "{{ .Values.hostname }}" + broker-endpoint: "{{ index .Values "broker-service" "url" }}" + broker-host: "{{ index .Values "broker-service" "host" }}" + broker-port: "{{ index .Values "broker-service" "port" }}" + gateway-endpoint: "{{ .Values.hostname }}" + website: "{{ .Values.metadataService.website }}" + search-username: "{{ index .Values "search-db" "username" }}" + search-password: "{{ index .Values "search-db" "password" }}" + broker-username: "{{ index .Values "broker-service" "auth" "username" }}" + broker-password: "{{ index .Values "broker-service" "auth" "password" }}" + log-level: "{{ ternary "trace" "info" .Values.metadataService.image.debug }}" + metadata-db: "{{ index .Values "metadata-db" "db" "name" }}" + metadata-host: "{{ index .Values "metadata-db" "host" }}" + metadata-username: "{{ index .Values "metadata-db" "rootUser" "user" }}" + metadata-password: "{{ index .Values "metadata-db" "rootUser" "password" }}" + metadata-jdbc-extra-args: "{{ index .Values "metadata-db" "jdbcExtraArgs" }}" + keycloak-host: "{{ .Values.metadataService.authService.url }}" + keycloak-admin: "{{ index .Values "auth-service" "auth" "adminUser" }}" + keycloak-admin-password: "{{ index .Values "auth-service" "auth" "adminPassword" }}" + datacite-url: "{{ .Values.metadataService.datacite.url }}" + datacite-prefix: "{{ .Values.metadataService.datacite.prefix | toString }}" + datacite-username: "{{ .Values.metadataService.datacite.username }}" + datacite-password: "{{ .Values.metadataService.datacite.password }}" + repository-name: "{{ .Values.metadataService.repositoryName }}" + pid-base: "{{ $pidBase }}" + jwt-issuer: "{{ $jwtIssuer }}" + broker-virtualhost: "{{ index .Values "broker-service" "virtualHost" }}" + queue-name: "{{ index .Values "broker-service" "queueName" }}" + exchange-name: "{{ index .Values "broker-service" "exchangeName" }}" + routing-key: "{{ index .Values "broker-service" "routingKey" }}" + connection-timeout: "{{ index .Values "broker-service" "connectionTimeout" }}" + min-concurrent-consumers: "{{ .Values.dataService.consumerConcurrentMin }}" + max-concurrent-consumers: "{{ .Values.dataService.consumerConcurrentMax }}" + requeue-rejected: "{{ .Values.dataService.requeueRejected }}" + s3-storage-endpoint: http://storage-service-s3:9000 + s3-access-key-id: seaweedfsadmin + s3-secret-access-key: seaweedfsadmin + s3-import-bucket: dbrepo-upload + s3-export-bucket: dbrepo-download + mirror-rate: {{ .Values.metadataService.rates.mirror | quote }} + obtain-metadata-rate: {{ .Values.metadataService.rates.obtainMetadata | quote }} + delete-stale-queries-rate: {{ .Values.metadataService.rates.deleteStaleQueries | quote }} diff --git a/helm-charts/dbrepo/templates/metadata-service/service.yaml b/helm-charts/dbrepo/templates/metadata-service/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..45646d7a7143de35291530580c7b1348d0ffd7d4 --- /dev/null +++ b/helm-charts/dbrepo/templates/metadata-service/service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.metadataService.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: metadata-service + namespace: {{ $.Values.namespace }} + labels: + service: metadata-service +spec: + type: ClusterIP + ports: + - name: "metadata-service" + port: 80 + targetPort: 9099 + protocol: TCP + selector: + service: metadata-service +{{- end }} diff --git a/helm-charts/dbrepo/templates/networkpolicy.yaml b/helm-charts/dbrepo/templates/networkpolicy.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f17ac6cd0d8f2fcd058a365be92b27bca998217b --- /dev/null +++ b/helm-charts/dbrepo/templates/networkpolicy.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: public +spec: + podSelector: + matchLabels: + network: public + ingress: + - from: + - podSelector: + matchLabels: + network: public diff --git a/helm-charts/dbrepo/templates/search-db-dashboard/secret.yaml b/helm-charts/dbrepo/templates/search-db-dashboard/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c38c243c6c9b34b8aa01fc9ccf6a747e4066aa04 --- /dev/null +++ b/helm-charts/dbrepo/templates/search-db-dashboard/secret.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Secret +metadata: + name: search-db-dashboard-secret + namespace: {{ $.Values.namespace }} +stringData: + opensearch_dashboards.yml: | + server: + basePath: "/admin/dashboard" + rewriteBasePath: true + ssl: + enabled: true + certificate: /usr/share/opensearch-dashboards/tls/tls.crt + key: /usr/share/opensearch-dashboards/tls/tls.key + name: log-dashboard + host: 0.0.0.0 + opensearch: + ssl: + verificationMode: none + username: {{ index .Values "search-db" "username" }} + password: {{ index .Values "search-db" "password" }} diff --git a/helm-charts/dbrepo/templates/search-db/certificate.yaml b/helm-charts/dbrepo/templates/search-db/certificate.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0099f0afddaacddfe7fd45c7555c4a2b1cf22caa --- /dev/null +++ b/helm-charts/dbrepo/templates/search-db/certificate.yaml @@ -0,0 +1,22 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: search-db + namespace: {{ .Values.namespace }} +spec: + isCA: false + duration: 2160h # 90d + renewBefore: 360h # 15d + commonName: search-db + secretName: search-db-cert + privateKey: + algorithm: RSA + encoding: PKCS8 + size: 2048 + usages: + - server auth + - client auth + issuerRef: + name: selfsigned-cluster-issuer + kind: ClusterIssuer + group: cert-manager.io \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/search-service/deployment.yaml b/helm-charts/dbrepo/templates/search-service/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..88297b59ebdc1d4fc99c0591836987d6a51347ba --- /dev/null +++ b/helm-charts/dbrepo/templates/search-service/deployment.yaml @@ -0,0 +1,80 @@ +{{- if .Values.searchService.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: search-service + namespace: {{ $.Values.namespace }} + labels: + app: search-service + service: search-service +spec: + replicas: {{ .Values.metadataService.replicaCount }} + strategy: + type: {{ $.Values.strategyType }} + selector: + matchLabels: + app: search-service + service: search-service + template: + metadata: + labels: + app: search-service + service: search-service + spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: search-service + image: {{ printf "%s/%s:%s" .Values.searchService.image.registry .Values.searchService.image.repository .Values.searchService.image.tag }} + imagePullPolicy: {{ .Values.searchService.image.pullPolicy | default "IfNotPresent" }} + ports: + - containerPort: 4000 + protocol: TCP + env: + - name: OPENSEARCH_HOST + valueFrom: + secretKeyRef: + name: search-service-secret + key: opensearch-host + - name: OPENSEARCH_PORT + valueFrom: + secretKeyRef: + name: search-service-secret + key: opensearch-port + - name: OPENSEARCH_USERNAME + valueFrom: + secretKeyRef: + name: search-service-secret + key: opensearch-username + - name: OPENSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: search-service-secret + key: opensearch-password + - name: LOG_LEVEL + valueFrom: + secretKeyRef: + name: search-service-secret + key: log-level + livenessProbe: + exec: + command: + - /bin/bash + - -ec + - "curl -sSL localhost:4000/health | grep 'UP' || exit 1" + initialDelaySeconds: 120 + periodSeconds: 30 + readinessProbe: + exec: + command: + - /bin/bash + - -ec + - "curl -sSL localhost:4000/health | grep 'UP' || exit 1" + initialDelaySeconds: 10 + periodSeconds: 30 + volumeMounts: [] + volumes: [] +{{- end }} diff --git a/helm-charts/dbrepo/templates/search-service/secret.yaml b/helm-charts/dbrepo/templates/search-service/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ed2881fe17a0ec16c9d2875c6d3b9abab935ac0b --- /dev/null +++ b/helm-charts/dbrepo/templates/search-service/secret.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: search-service-secret + namespace: {{ .Values.namespace }} +stringData: + opensearch-host: "{{ index .Values "search-db" "host" }}" + opensearch-port: "{{ index .Values "search-db" "port" }}" + opensearch-username: "{{ index .Values "search-db" "username" }}" + opensearch-password: "{{ index .Values "search-db" "password" }}" + log-level: "{{ ternary "DEBUG" "INFO" .Values.searchService.image.debug }}" diff --git a/helm-charts/dbrepo/templates/search-service/service.yaml b/helm-charts/dbrepo/templates/search-service/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b31e0e19db70d620135d3933f18e2177740508da --- /dev/null +++ b/helm-charts/dbrepo/templates/search-service/service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.searchService.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: search-service + namespace: {{ $.Values.namespace }} + labels: + service: search-service +spec: + type: ClusterIP + ports: + - name: "search-service" + port: 80 + targetPort: 4000 + protocol: TCP + selector: + service: search-service +{{- end }} diff --git a/helm-charts/dbrepo/templates/storage-service/job.yaml b/helm-charts/dbrepo/templates/storage-service/job.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fac9e0c6be32c9c04498a6ea5f1cb21dfad34a17 --- /dev/null +++ b/helm-charts/dbrepo/templates/storage-service/job.yaml @@ -0,0 +1,51 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: storage-service-create-buckets-job + namespace: {{ .Values.namespace }} +spec: + template: + metadata: + name: storage-service-create-buckets-job + spec: + restartPolicy: OnFailure + containers: + - name: init + image: s210.dl.hpc.tuwien.ac.at/dbrepo/storage-service-init:latest + env: + - name: WEED_CLUSTER_DEFAULT + value: "sw" + - name: WEED_CLUSTER_SW_MASTER + value: "storage-service-master.{{ .Release.Name }}:9333" + - name: SEAWEEDFS_ENDPOINT + value: "storage-service-master.{{ .Release.Name }}:9333" + - name: WEED_CLUSTER_SW_FILER + value: "storage-service-filer-client.{{ .Release.Name }}:8888" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "storage-service" + volumeMounts: + - name: config-users + mountPath: /etc/sw + readOnly: true + ports: + - containerPort: 9333 + name: swfs-master + - containerPort: 19333 + #name: swfs-master-grpc + volumes: + - name: config-users + secret: + defaultMode: 420 + secretName: seaweedfs-s3-secret diff --git a/helm-charts/dbrepo/templates/storage-service/secret.yaml b/helm-charts/dbrepo/templates/storage-service/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..525323c623e127e23957b5b74b9c83f8d9980f0b --- /dev/null +++ b/helm-charts/dbrepo/templates/storage-service/secret.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Secret +metadata: + name: seaweedfs-s3-secret + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/name: seaweedfs + app.kubernetes.io/component: s3 +stringData: + seaweedfs_s3_config: | + { + "identities": [ + { + "name": "admin", + "credentials": [ + { + "accessKey": "{{ index .Values "storage-service" "s3" "auth" "username" }}", + "secretKey": "{{ index .Values "storage-service" "s3" "auth" "password" }}" + } + ], + "actions": [ + "Read", + "Write", + "List", + "Tagging", + "Admin" + ] + } + ] + } + diff --git a/helm-charts/dbrepo/templates/ui/configmap.yaml b/helm-charts/dbrepo/templates/ui/configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..932fcfac905f6921950198e6c9f0c3836d96f7bc --- /dev/null +++ b/helm-charts/dbrepo/templates/ui/configmap.yaml @@ -0,0 +1,123 @@ +{{- if .Values.ui.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ui-setup + namespace: {{ $.Values.namespace }} +data: + dbrepo.config.json: | + { + "title": "{{ .Values.ui.title }}", + "version": "{{ .Values.ui.version }}", + "ssl": { + "force": "{{ .Values.ui.forceSsl }}" + }, + "logo": { + "path": "{{ .Values.ui.logo }}" + }, + "icon": { + "path": "{{ .Values.ui.icon }}" + }, + "appleTouchIcon": { + "path": "{{ .Values.ui.appleTouchIcon }}" + }, + "api": { + "useSsl": "{{ .Values.ui.forceSsl }}" + }, + "broker": { + "connection": { + "host": "{{ .Values.ui.broker.host }}", + "ports": {{ .Values.ui.broker.ports | toJson }}, + "extraInfo": "{{ .Values.ui.broker.extraInfo}}" + } + }, + "storage": { + "endpoint": "storage-service", + "port": 9000, + "useSsl": false, + "accessKey": { + "id": "seaweedfsadmin", + "secret": "seaweedfsadmin" + } + }, + "database": { + "connection": { + "extraInfo": "128.130.0.0/15" + } + }, + "keycloak": { + "client": { + "id": "dbrepo-client", + "secret": "MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG" + } + }, + "opensearch": { + "username": "admin", + "password": "admin" + }, + "pid": { + "default": { + "publisher": "TU Wien" + } + }, + "doi": { + "url": "{{ .Values.ui.datacite.url }}" + }, + "pages": { + "login": { + "links": [ + { + "text": "OpenSearch Admin", + "blank": true, + "href": "{{ printf "https://%s/admin/dashboard" .Values.hostname }}" + }, + { + "text": "RabbitMQ Admin", + "blank": true, + "href": "{{ printf "https://%s/admin/broker/" .Values.hostname }}" + }, + { + "text": "Keycloak Admin", + "blank": true, + "href": "{{ printf "https://%s/api/auth/" .Values.hostname }}" + } + ] + }, + "information": { + "links": [ + { + "text": "Online Documentation", + "blank": true, + "href": "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/latest/" + }, + { + "text": "Sourcecode Documentation", + "blank": true, + "href": "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services" + }, + { + "text": "Docker Images", + "blank": true, + "href": "https://hub.docker.com/u/dbrepo" + }, + { + "text": "Demo Instance (Kubernetes)", + "blank": true, + "href": "https://test.dbrepo.tuwien.ac.at/" + }, + { + "text": "Demo Instance (Docker Compose)", + "blank": true, + "href": "https://dbrepo2.ec.tuwien.ac.at/" + }, + { + "text": "Paper", + "blank": true, + "href": "https://doi.org/10.2218/ijdc.v17i1.825" + } + ] + } + } + } +{{- end }} \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/ui/deployment.yaml b/helm-charts/dbrepo/templates/ui/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..295908ce65ab231d5cd546399befc57690bd6218 --- /dev/null +++ b/helm-charts/dbrepo/templates/ui/deployment.yaml @@ -0,0 +1,65 @@ +{{- if .Values.ui.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ui + namespace: {{ $.Values.namespace }} + labels: + app: ui + service: ui +spec: + replicas: {{ .Values.ui.replicaCount }} + strategy: + type: {{ $.Values.strategyType }} + selector: + matchLabels: + app: ui + service: ui + template: + metadata: + labels: + app: ui + service: ui + spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: ui + image: {{ printf "%s/%s:%s" .Values.ui.image.registry .Values.ui.image.repository .Values.ui.image.tag }} + imagePullPolicy: {{ .Values.ui.image.pullPolicy | default "IfNotPresent" }} + ports: + - containerPort: 3000 + protocol: TCP + env: + - name: API + value: "https://{{ .Values.hostname }}" + volumeMounts: + - mountPath: /app/dbrepo.config.json + subPath: dbrepo.config.json + name: config + {{- if .Values.ui.extraVolumeMounts }} + {{- .Values.ui.extraVolumeMounts | toYaml | nindent 12 }} + {{- end }} + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 120 + periodSeconds: 30 + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 30 + volumes: + - name: config + configMap: + name: ui-setup + {{- if .Values.ui.extraVolumes }} + {{- .Values.ui.extraVolumes | toYaml | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm-charts/dbrepo/templates/ui/service.yaml b/helm-charts/dbrepo/templates/ui/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..676c28992501fbb21fbdcd560ec2a9be7b47e98e --- /dev/null +++ b/helm-charts/dbrepo/templates/ui/service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.ui.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: ui + namespace: {{ $.Values.namespace }} + labels: + service: ui +spec: + type: ClusterIP + ports: + - name: "nuxt" + port: 80 + targetPort: 3000 + protocol: TCP + selector: + service: ui +{{- end }} diff --git a/helm-charts/dbrepo/templates/upload-service/deployment.yaml b/helm-charts/dbrepo/templates/upload-service/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9123ede83eefe7b7dc03e9cfbb6f1334f17afd2a --- /dev/null +++ b/helm-charts/dbrepo/templates/upload-service/deployment.yaml @@ -0,0 +1,64 @@ +{{- if .Values.uploadService.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: upload-service + namespace: {{ $.Values.namespace }} + labels: + app: upload-service + service: upload-service +spec: + replicas: {{ .Values.uploadService.replicaCount }} + strategy: + type: {{ $.Values.strategyType }} + selector: + matchLabels: + app: upload-service + service: upload-service + template: + metadata: + labels: + app: upload-service + service: upload-service + spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: upload-service + image: {{ printf "%s/%s:%s" .Values.uploadService.image.registry .Values.uploadService.image.repository .Values.uploadService.image.tag }} + imagePullPolicy: {{ .Values.uploadService.image.pullPolicy | default "IfNotPresent" }} + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: upload-service-secret + key: aws-access-key-id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: upload-service-secret + key: aws-secret-access-key + - name: AWS_REGION + valueFrom: + secretKeyRef: + name: upload-service-secret + key: aws-region + args: + - "--base-path=/api/upload/files/" + - "-s3-endpoint=http://storage-service-s3:9000" + - "-s3-bucket=dbrepo-upload" + ports: + - containerPort: 1080 + protocol: TCP + livenessProbe: + httpGet: + port: 1080 + readinessProbe: + httpGet: + port: 1080 + initialDelaySeconds: 10 + periodSeconds: 30 +{{- end }} diff --git a/helm-charts/dbrepo/templates/upload-service/secret.yaml b/helm-charts/dbrepo/templates/upload-service/secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1d94dc2ebdcc8ecfda0b934fc6fb2849ba1ba535 --- /dev/null +++ b/helm-charts/dbrepo/templates/upload-service/secret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.uploadService.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: upload-service-secret + namespace: {{ .Values.namespace }} +stringData: + aws-access-key-id: "{{ index .Values "storage-service" "s3" "auth" "username" }}" + aws-secret-access-key: "{{ index .Values "storage-service" "s3" "auth" "password" }}" + aws-region: "default" +{{- end }} \ No newline at end of file diff --git a/helm-charts/dbrepo/templates/upload-service/service.yaml b/helm-charts/dbrepo/templates/upload-service/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3c4d957002cf479ed03c2df6a4bbf305b6068d87 --- /dev/null +++ b/helm-charts/dbrepo/templates/upload-service/service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.uploadService.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: upload-service + namespace: {{ $.Values.namespace }} + labels: + service: upload-service +spec: + type: ClusterIP + ports: + - name: "http" + port: 80 + targetPort: 1080 + protocol: TCP + selector: + service: upload-service +{{- end }} diff --git a/helm-charts/dbrepo/values.yaml b/helm-charts/dbrepo/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4fb5af517db018a3facfe2b14de1f042a3f776d4 --- /dev/null +++ b/helm-charts/dbrepo/values.yaml @@ -0,0 +1,611 @@ +namespace: dbrepo + +hostname: example.com + +strategyType: RollingUpdate + +clusterDomain: cluster.local + +metadata-db: + fullnameOverride: metadata-db + image: + debug: false + host: metadata-db + rootUser: + user: root + password: dbrepo + jdbcExtraArgs: "" + db: + name: fda + metrics: + enabled: true + galera: + mariabackup: + user: mariabackup + password: mariabackup + initdbScriptsConfigMap: metadata-db-setup + service: + type: ClusterIP + annotations: { } + #loadBalancerIP: 1.2.3.4 + loadBalancerSourceRanges: [ ] + persistence: + enabled: false + size: 10Gi + storageClass: default + replicaCount: 3 # uneven 3,5,7 + +auth-service: + fullnameOverride: auth-service + image: + debug: false + auth: + adminUser: fda + adminPassword: fda + postgresql: + enabled: false # not needed + extraStartupArgs: "--import-realm" + tls: + enabled: true + existingSecret: dbrepo-ingress-tls-cert + usePem: true + metrics: + enabled: true + externalDatabase: + existingSecret: auth-service-secret + existingSecretDatabaseKey: db-name + existingSecretHostKey: db-host + existingSecretPortKey: db-port + existingSecretUserKey: db-username + existingSecretPasswordKey: db-password + client: + id: dbrepo-client + secret: MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG + extraEnvVarsCM: auth-service-config + extraVolumes: + - name: config-map + configMap: + name: auth-service-setup + extraVolumeMounts: + - name: config-map + mountPath: /opt/bitnami/keycloak/data/import + replicaCount: 2 + +auth-db: + fullnameOverride: auth-db + host: auth-db-pgpool + port: 5432 + postgresql: + postgresPassword: postgres + username: metrics # implicit requirement for metrics container + password: metrics # implicit requirement for metrics container + repmgrPassword: repmgr # implicit requirement for rolling updates + database: keycloak + pgpool: + adminUsername: admin + adminPassword: admin + metrics: + enabled: true + service: + type: ClusterIP + annotations: { } + #loadBalancerIP: 1.2.3.4 + loadBalancerSourceRanges: [ ] + persistence: + enabled: false + size: 10Gi + storageClass: default + +data-db: + fullnameOverride: data-db + image: + debug: false + extraFlags: "--character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci" + rootUser: + user: root + password: dbrepo + metrics: + enabled: true + galera: + mariabackup: + user: mariabackup + password: mariabackup + sidecars: + - name: sidecar + image: s210.dl.hpc.tuwien.ac.at/dbrepo/data-db-sidecar:latest + imagePullPolicy: Always + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + ports: + - containerPort: 3305 + protocol: TCP + env: + - name: S3_STORAGE_ENDPOINT + value: http://storage-service-s3:9000 + - name: S3_ACCESS_KEY_ID + value: seaweedfsadmin + - name: S3_SECRET_ACCESS_KEY + value: seaweedfsadmin + volumeMounts: + - name: tmp # share between sidecar and galera container + mountPath: /tmp + service: + type: ClusterIP + annotations: { } + #loadBalancerIP: 1.2.3.4 + loadBalancerSourceRanges: [ ] + extraPorts: + - name: "sidecar" + port: 3305 + targetPort: 3305 + protocol: TCP + extraVolumeMounts: + - name: tmp # share between sidecar and galera container + mountPath: /tmp + extraVolumes: + # - name: tmp + # emptyDir: {} + - name: tmp + persistentVolumeClaim: + claimName: data-db-shared + persistence: + enabled: false + size: 10Gi + storageClass: default + sharedStorageClass: default + replicaCount: 3 # uneven + +search-db: + fullnameOverride: search-db + host: search-db + port: 9200 + protocol: http + username: admin + password: admin + clusterName: search-db + masterService: search-db + image: + debug: false + sysctlInit: + enabled: true + persistence: + enabled: false + size: 10Gi + service: + type: ClusterIP + annotations: { } + loadBalancerSourceRanges: [ ] + extraEnvs: + - name: DISABLE_INSTALL_DEMO_CONFIG + value: "true" + extraVolumeMounts: + - name: node-cert + mountPath: /usr/share/opensearch/config/tls + readOnly: true + extraVolumes: + - name: node-cert + secret: + secretName: search-db-cert + config: + opensearch.yml: | + cluster.name: search-db + network.host: 0.0.0.0 + plugins: + security: + ssl: + transport: + pemcert_filepath: tls/tls.crt + pemkey_filepath: tls/tls.key + pemtrustedcas_filepath: tls/ca.crt + enforce_hostname_verification: false + http: + #enabled: true # uncomment to force ssl connections + pemcert_filepath: tls/tls.crt + pemkey_filepath: tls/tls.key + pemtrustedcas_filepath: tls/ca.crt + allow_unsafe_democertificates: false + allow_default_init_securityindex: true + authcz: + admin_dn: + - CN=search-db + nodes_dn: + - CN=search-db + audit.type: internal_opensearch + enable_snapshot_restore_privilege: true + check_snapshot_restore_write_privileges: true + restapi: + roles_enabled: [ "all_access", "security_rest_api_access" ] + system_indices: + enabled: true + indices: + [ + ".opendistro-alerting-config", + ".opendistro-alerting-alert*", + ".opendistro-anomaly-results*", + ".opendistro-anomaly-detector*", + ".opendistro-anomaly-checkpoints", + ".opendistro-anomaly-detection-state", + ".opendistro-reports-*", + ".opendistro-notifications-*", + ".opendistro-notebooks", + ".opendistro-asynchronous-search-response*", + ] + +search-db-dashboard: + fullnameOverride: search-db-dashboard + opensearchHosts: http://search-db:9200 + extraInitContainers: + - name: init + image: s210.dl.hpc.tuwien.ac.at/dbrepo/search-db-init:latest + imagePullPolicy: Always + env: + - name: OPENSEARCH_HOST + value: http://search-db:9200 + extraVolumeMounts: + - name: tls + mountPath: /usr/share/opensearch-dashboards/tls + readOnly: true + - name: config + mountPath: /usr/share/opensearch-dashboards/config/opensearch_dashboards.yml + subPath: opensearch_dashboards.yml + readOnly: true + extraVolumes: + - name: tls + secret: + secretName: dbrepo-ingress-tls-cert + - name: config + secret: + secretName: search-db-dashboard-secret + replicaCount: 2 + +uploadService: + enabled: true + image: + registry: docker.io + repository: tusproject/tusd + tag: v1.12 + replicaCount: 2 + +broker-service: + fullnameOverride: broker-service + image: + debug: true + url: http://broker-service:15672 + host: broker-service + port: 5672 + virtualHost: dbrepo + queueName: dbrepo + exchangeName: dbrepo + routingKey: dbrepo.# + connectionTimeout: 60000 + auth: + tls: + enabled: false + sslOptionsVerify: true + failIfNoPeerCert: true + existingSecret: dbrepo-ingress-tls-cert + username: broker + password: broker + extraConfiguration: |- + default_vhost = dbrepo + default_user_tags.administrator = true + default_permissions.configure = .* + default_permissions.read = .* + default_permissions.write = .* + load_definitions = /etc/rabbitmq/definitions.json + log.console = true + listeners.tcp.1 = 0.0.0.0:5672 + auth_backends.1 = rabbit_auth_backend_oauth2 + auth_backends.2 = rabbit_auth_backend_internal + auth_oauth2.resource_server_id = rabbitmq + auth_oauth2.preferred_username_claims.1 = client_id + auth_oauth2.default_key = t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM + auth_oauth2.signing_keys.t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM = /etc/rabbitmq/cert.pem + auth_oauth2.signing_keys.id2 = /etc/rabbitmq/pubkey.pem + auth_oauth2.algorithms.1 = HS256 + auth_oauth2.algorithms.2 = RS256 + loadDefinition: + enabled: true + file: /etc/rabbitmq/definitions.json + existingSecret: broker-service-secret + extraVolumeMounts: + - name: secret-map + mountPath: /etc/rabbitmq/definitions.json + subPath: definitions.json + readOnly: true + - name: secret-map + mountPath: /etc/rabbitmq/pubkey.pem + subPath: pubkey.pem + readOnly: true + - name: secret-map + mountPath: /etc/rabbitmq/cert.pem + subPath: cert.pem + readOnly: true + extraVolumes: + - name: secret-map + secret: + secretName: broker-service-secret + extraPlugins: rabbitmq_prometheus rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl + extraEnvVars: + - name: BITNAMI_DEBUG + value: "true" + persistence: + enabled: false + size: 5Gi + storageClass: default + service: + type: ClusterIP + # loadBalancerIP: + replicaCount: 3 + +analyseService: + enabled: true + image: + registry: s210.dl.hpc.tuwien.ac.at + repository: dbrepo/analyse-service + tag: "latest" + pullPolicy: Always + debug: false + replicaCount: 2 + +metadataService: + enabled: true + image: + registry: s210.dl.hpc.tuwien.ac.at + repository: dbrepo/metadata-service + tag: "latest" + pullPolicy: Always + debug: false + adminEmail: noreply@example.com + authService: + url: http://auth-service + website: http://example.com + repositoryName: Database Repository + datacite: + enabled: false + url: https://api.datacite.org + prefix: "" + username: "" + password: "" + rates: + mirror: 60 + obtainMetadata: 60 + deleteStaleQueries: 60 + replicaCount: 2 + +dataService: + enabled: true + image: + registry: s210.dl.hpc.tuwien.ac.at + repository: dbrepo/data-service + tag: "latest" + pullPolicy: Always + debug: false + jwt: + pubkey: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB" + consumerConcurrentMin: 1 + consumerConcurrentMax: 5 + requeueRejected: false + replicaCount: 2 + +searchService: + enabled: true + image: + registry: s210.dl.hpc.tuwien.ac.at + repository: dbrepo/search-service + tag: "latest" + pullPolicy: Always + debug: false + replicaCount: 2 + +storage-service: + fullnameOverride: storage-service + master: + enabled: true + filer: + enabled: true + replicas: 1 + enablePVC: false + storage: 25Gi + s3: + enabled: true + allowEmptyFolder: true + port: 9000 + enableAuth: true + skipAuthSecretCreation: true + existingConfigSecret: seaweedfs-s3-secret + volume: + enabled: true + replicas: 1 + s3: + enabled: true + replicas: 1 + port: 9000 + metricsPort: 9091 + enableAuth: true + skipAuthSecretCreation: true + existingConfigSecret: seaweedfs-s3-secret + auth: + username: seaweedfsadmin + password: seaweedfsadmin + +log-service: + fullnameOverride: log-service + config: + outputs: | + [OUTPUT] + Name opensearch + Match kube.* + Host search-db + Port 9200 + HTTP_User admin + HTTP_Passwd admin + Logstash_Format On + Replace_Dots On + Type _doc + Retry_Limit False + Suppress_Type_Name On + + [OUTPUT] + Name opensearch + Match host.* + Host search-db + Port 9200 + HTTP_User admin + HTTP_Passwd admin + Logstash_Format On + Logstash_Prefix node + Replace_Dots On + Type _doc + Retry_Limit False + Suppress_Type_Name On +# Replace_Dots On +# Suppress_Type_Name On + +ui: + enabled: true + image: + registry: s210.dl.hpc.tuwien.ac.at + repository: dbrepo/ui + tag: "latest" + pullPolicy: Always + logo: /logo.svg + icon: /favicon.ico + appleTouchIcon: /apple-touch-logo.png + version: 1.4.0 + title: Database Repository + datacite: + url: https://doi.org + keycloak: + url: /api/auth/admin/ + broker: + url: /admin/broker/ + host: broker-service + extraInfo: "" + ports: + - 5672 + forceSsl: false + replicaCount: 2 + extraVolumes: [ ] + # - name: images-map + # configMap: + # name: ui-config + extraVolumeMounts: [ ] + # - name: images-map + # mountPath: /static/logo.svg + # subPath: logo.svg + +ingress: + enabled: false + data: + - name: ingress + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + hosts: + - paths: + - path: /api/analyse + pathType: Prefix + serviceName: analyse-service + portNumber: 80 + - path: /api/search + pathType: Prefix + serviceName: search-service + portNumber: 80 + - path: /api + pathType: Prefix + serviceName: metadata-service + portNumber: 80 + - path: / + pathType: Prefix + serviceName: ui + portNumber: 80 + tls: + - secretName: dbrepo-ingress-tls-cert + - name: ingress-upload + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + nginx.ingress.kubernetes.io/proxy-body-size: 2G + hosts: + - paths: + - path: /api/upload + pathType: Prefix + serviceName: upload-service + portNumber: 80 + tls: + - secretName: dbrepo-ingress-tls-cert + - name: ingress-secure + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + hosts: + - paths: + - path: /admin/dashboard + pathType: Prefix + serviceName: search-db-dashboard + portNumber: 5601 + tls: + - secretName: dbrepo-ingress-tls-cert + - name: ingress-api + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /api/$1 + hosts: + - paths: + - path: /api/broker/(.*) + pathType: ImplementationSpecific + serviceName: broker-service + portNumber: 15672 + tls: + - secretName: dbrepo-ingress-tls-cert + - name: ingress-root + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + hosts: + - paths: + - path: /admin/broker/(.*) + pathType: ImplementationSpecific + serviceName: broker-service + portNumber: 15672 + - path: /admin/storage + pathType: ImplementationSpecific + serviceName: storage-service-s3 + portNumber: 9000 + tls: + - secretName: dbrepo-ingress-tls-cert + - name: ingress-root-secure + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + hosts: + - paths: + - path: /api/auth/(.*) + pathType: ImplementationSpecific + serviceName: auth-service + portNumber: 443 + - path: /retrieve/(.*) + pathType: ImplementationSpecific + serviceName: search-db + portNumber: 9200 + tls: + - secretName: dbrepo-ingress-tls-cert + - name: ingress-pid + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /api/pid/$1 + hosts: + - paths: + - path: /pid/(.*) + pathType: ImplementationSpecific + serviceName: metadata-service + portNumber: 80 + tls: + - secretName: dbrepo-ingress-tls-cert