From a5489fecfdded366f72d654104bc2839e93df164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Thu, 20 Jun 2019 18:06:34 +0200 Subject: [PATCH] WiP --- README.md | 20 +++++++++----- testcase-03/Jenkinsfile | 4 +-- testcase-03/setup.yaml | 58 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 8 deletions(-) create mode 100644 testcase-03/setup.yaml diff --git a/README.md b/README.md index 67bbefb..35a661e 100644 --- a/README.md +++ b/README.md @@ -57,12 +57,10 @@ oc create route edge apicast-wildcard-production --service=apicast-production -- | # | Format | Security | Target | Policies | |--------------------|--------|----------|----------------------------------|---------------------| | [01](testcase-01/) | YAML | API Key | SaaS | - | -| [02](testcase-02/) | JSON | Open | Self-Managed, on-premises | - | -| [03](testcase-03/) | JSON | OIDC | SaaS, Self-Managed, on-premises | - | -| [04](testcase-04/) | YAML | API Key | Self-Managed, on-premises | CORS | -| [05](testcase-05/) | YAML | API Key | Self-Managed, on-premises | URL rewriting | -| [06](testcase-06/) | YAML | API Key | 3 envs on 1 tenant, Self-managed | - | -| [07](testcase-07/) | JSON | OIDC | 3 envs on 3 tenants, on-premises | CORS, URL rewriting | +| [02](testcase-02/) | JSON | Open | Self-Managed, on-premises | URL rewriting | +| [03](testcase-03/) | JSON | OIDC | Self-Managed, on-premises | URL rewriting | +| [04](testcase-04/) | YAML | API Key | 3 envs on 1 tenant, Self-managed | - | +| [05](testcase-05/) | JSON | OIDC | 3 envs on 3 tenants, on-premises | - | ### Usecase 01: Deploy a simple API on 3scale SaaS @@ -79,3 +77,13 @@ oc process -f testcase-02/setup.yaml -p DEVELOPER_ACCOUNT_ID=2445582535751 -p PR ```sh oc process -f testcase-02/setup.yaml -p DEVELOPER_ACCOUNT_ID=5 -p PRIVATE_BASE_URL=http://beer-catalog.app.itix.fr -p TARGET_INSTANCE=3scale-onprem -p PUBLIC_STAGING_WILDCARD_DOMAIN=onprem-staging.app.itix.fr -p PUBLIC_PRODUCTION_WILDCARD_DOMAIN=onprem-production.app.itix.fr -p DISABLE_TLS_VALIDATION=yes |oc create -f - ``` + +### Usecase 03: Deploy an API secured with OpenID Connect + +```sh +oc process -f testcase-03/setup.yaml -p DEVELOPER_ACCOUNT_ID=2445582535751 -p PRIVATE_BASE_URL=http://beer-catalog.app.itix.fr -p TARGET_INSTANCE=3scale-saas -p PUBLIC_STAGING_WILDCARD_DOMAIN=nmasse-redhat-staging.app.itix.fr -p PUBLIC_PRODUCTION_WILDCARD_DOMAIN=nmasse-redhat-production.app.itix.fr -p OIDC_ISSUER_ENDPOINT=https://$CLIENT_ID:$CLIENT_SECRET@$SSO_HOSTNAME/auth/realms/$REALM |oc create -f - +``` + +```sh +oc process -f testcase-03/setup.yaml -p DEVELOPER_ACCOUNT_ID=5 -p PRIVATE_BASE_URL=http://beer-catalog.app.itix.fr -p TARGET_INSTANCE=3scale-onprem -p PUBLIC_STAGING_WILDCARD_DOMAIN=onprem-staging.app.itix.fr -p PUBLIC_PRODUCTION_WILDCARD_DOMAIN=onprem-production.app.itix.fr -p DISABLE_TLS_VALIDATION=yes -p OIDC_ISSUER_ENDPOINT=https://$CLIENT_ID:$CLIENT_SECRET@$SSO_HOSTNAME/auth/realms/$REALM |oc create -f - +``` diff --git a/testcase-03/Jenkinsfile b/testcase-03/Jenkinsfile index 571363d..9b8db72 100644 --- a/testcase-03/Jenkinsfile +++ b/testcase-03/Jenkinsfile @@ -17,8 +17,8 @@ node() { openapi: [filename: "testcase-03/swagger.json"], environment: [ baseSystemName: toolbox.generateRandomBaseSystemName(), publicBasePath: "/v1", - publicStagingWildcardDomain: params.PUBLIC_STAGING_WILDCARD_DOMAIN != "" ? params.PUBLIC_STAGING_WILDCARD_DOMAIN : null, - publicProductionWildcardDomain: params.PUBLIC_PRODUCTION_WILDCARD_DOMAIN != "" ? params.PUBLIC_PRODUCTION_WILDCARD_DOMAIN : null, + publicStagingWildcardDomain: params.PUBLIC_STAGING_WILDCARD_DOMAIN, + publicProductionWildcardDomain: params.PUBLIC_PRODUCTION_WILDCARD_DOMAIN, oidcIssuerEndpoint: params.OIDC_ISSUER_ENDPOINT, privateBaseUrl: params.PRIVATE_BASE_URL ], toolbox: [ openshiftProject: params.NAMESPACE, diff --git a/testcase-03/setup.yaml b/testcase-03/setup.yaml new file mode 100644 index 0000000..a2f88d9 --- /dev/null +++ b/testcase-03/setup.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: Template +metadata: + name: testcase-02 +objects: +- kind: "BuildConfig" + apiVersion: "v1" + metadata: + name: "testcase-03-${TARGET_INSTANCE}" + namespace: ${NAMESPACE} + spec: + source: + git: + uri: ${GIT_REPO} + strategy: + type: "JenkinsPipeline" + jenkinsPipelineStrategy: + jenkinsfilePath: testcase-03/Jenkinsfile + env: + - name: SECRET_NAME + value: ${SECRET_NAME} + - name: NAMESPACE + value: ${NAMESPACE} + - name: TARGET_INSTANCE + value: ${TARGET_INSTANCE} + - name: PUBLIC_STAGING_WILDCARD_DOMAIN + value: ${PUBLIC_STAGING_WILDCARD_DOMAIN} + - name: PUBLIC_PRODUCTION_WILDCARD_DOMAIN + value: ${PUBLIC_PRODUCTION_WILDCARD_DOMAIN} + - name: DEVELOPER_ACCOUNT_ID + value: ${DEVELOPER_ACCOUNT_ID} + - name: PRIVATE_BASE_URL + value: ${PRIVATE_BASE_URL} + - name: OIDC_ISSUER_ENDPOINT + value: ${OIDC_ISSUER_ENDPOINT} + - name: DISABLE_TLS_VALIDATION + value: ${DISABLE_TLS_VALIDATION} +parameters: +- name: SECRET_NAME + value: 3scale-toolbox +- name: NAMESPACE + value: api-lifecycle +- name: TARGET_INSTANCE + required: true +- name: GIT_REPO + value: https://github.com/nmasse-itix/API-Lifecycle-Mockup.git +- name: PUBLIC_STAGING_WILDCARD_DOMAIN + required: true +- name: PUBLIC_PRODUCTION_WILDCARD_DOMAIN + required: true +- name: DEVELOPER_ACCOUNT_ID + required: true +- name: PRIVATE_BASE_URL + required: true +- name: OIDC_ISSUER_ENDPOINT + required: true +- name: DISABLE_TLS_VALIDATION + value: "no"