From b4eaeec8849d84ab25662d86b08928280b2e8207 Mon Sep 17 00:00:00 2001
From: Nicolas MASSE <nicolas.masse@itix.fr>
Date: Thu, 25 Feb 2021 21:05:02 +0100
Subject: [PATCH] initial release

---
 .gitignore                                |   2 +
 config/application.properties             |  69 ++++++++++++
 config/features.properties                |  14 +++
 config/logback.xml                        |  71 ++++++++++++
 keycloak-realm/microcks-realm-sample.json | 128 ++++++++++++++++++++++
 microcks.yml                              |  51 +++++++++
 run-microcks.sh                           |  33 ++++++
 7 files changed, 368 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 config/application.properties
 create mode 100644 config/features.properties
 create mode 100644 config/logback.xml
 create mode 100644 keycloak-realm/microcks-realm-sample.json
 create mode 100644 microcks.yml
 create mode 100755 run-microcks.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a174d32
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+microcks-data
+keystore
diff --git a/config/application.properties b/config/application.properties
new file mode 100644
index 0000000..7ce8672
--- /dev/null
+++ b/config/application.properties
@@ -0,0 +1,69 @@
+# TLS configuration properties
+security.require-ssl=true
+
+# The format used for the keystore. It could be set to JKS in case it is a JKS file
+server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+server.ssl.key-store=/deployments/keystore/microcks.p12
+# The password used to generate the certificate
+server.ssl.key-store-password=changeit
+# The alias mapped to the certificate
+server.ssl.key-alias=1
+
+# Application configuration properties
+
+tests-callback.url=${TEST_CALLBACK_URL:http://localhost:8080}
+postman-runner.url=${POSTMAN_RUNNER_URL:http://localhost:3000}
+
+network.username=
+network.password=
+
+# Use the standard HTTP(s) port
+#server.port=80
+server.port=443
+
+#validation.resourceUrl=https://localhost:8080/api/resources/
+validation.resourceUrl=https://microcks.dns.podman/api/resources/
+services.update.interval=${SERVICES_UPDATE_INTERVAL:0 0 0/2 * * *}
+mocks.rest.enable-cors-policy=${ENABLE_CORS_POLICY:true}
+
+# Logging configuration properties
+logging.config=/deployments/config/logback.xml
+
+
+# Keycloak configuration properties
+keycloak.auth-server-url=${KEYCLOAK_URL:http://localhost:8180/auth}
+keycloak.realm=microcks
+keycloak.resource=microcks-app
+keycloak.use-resource-role-mappings=true
+keycloak.bearer-only=true
+keycloak.ssl-required=external
+keycloak.disable-trust-manager=true
+
+#keycloak.security-constraints[0].authRoles[0]=admin
+#keycloak.security-constraints[0].authRoles[1]=manager
+#keycloak.security-constraints[0].authRoles[2]=user
+#keycloak.security-constraints[0].securityCollections[0].name=Insecure stuffs
+#keycloak.security-constraints[0].securityCollections[0].patterns[0]=/api/services
+#keycloak.security-constraints[0].securityCollections[0].patterns[1]=/api/services/count
+#keycloak.security-constraints[0].securityCollections[0].patterns[2]=/api/jobs
+#keycloak.security-constraints[0].securityCollections[0].patterns[3]=/api/jobs/count
+#keycloak.security-constraints[0].securityCollections[0].patterns[4]=/api/tests
+
+#keycloak.security-constraints[1].authRoles[0]=admin
+#keycloak.security-constraints[1].securityCollections[0].name=Admin stuffs
+#keycloak.security-constraints[1].securityCollections[0].patterns[0]=/api/jobs/*/*
+#keycloak.security-constraints[1].securityCollections[0].patterns[1]=/api/import
+#keycloak.security-constraints[1].securityCollections[0].patterns[2]=/api/export
+
+#keycloak.security-constraints[2].authRoles[0]=manager
+#keycloak.security-constraints[2].securityCollections[0].patterns[0]=/api/services/*/*
+#keycloak.security-constraints[2].securityCollections[0].methods[0]=POST
+#keycloak.security-constraints[2].securityCollections[0].methods[1]=PUT
+#keycloak.security-constraints[2].securityCollections[0].methods[2]=DELETE
+
+
+# Async mocking support.
+async-api.enabled=false
+async-api.default-binding=KAFKA
+async-api.default-frequency=30
\ No newline at end of file
diff --git a/config/features.properties b/config/features.properties
new file mode 100644
index 0000000..13d536d
--- /dev/null
+++ b/config/features.properties
@@ -0,0 +1,14 @@
+# Optional and additional features configuration
+# Syntax: features.feature.<feature-name>.<feature-property>=<feature-property-value>
+features.feature.repository-filter.enabled=true
+features.feature.repository-filter.label-key=domain
+features.feature.repository-filter.label-label=Domain
+features.feature.repository-filter.label-list=domain,status
+
+features.feature.microcks-hub.enabled=false
+features.feature.microcks-hub.endpoint=https://localhost:4000/api
+features.feature.microcks-hub.allowed-roles=admin,manager
+
+features.feature.async-api.enabled=false
+features.feature.async-api.default-binding=KAFKA
+features.feature.async-api.endpoint-KAFKA=my-cluster-kafka-bootstrap.apps.try.microcks.io
diff --git a/config/logback.xml b/config/logback.xml
new file mode 100644
index 0000000..df73c9d
--- /dev/null
+++ b/config/logback.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration scan="true">
+  <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <charset>utf-8</charset>
+      <Pattern>[%p] %c - %m%n</Pattern>
+    </encoder>
+  </appender>
+
+  <!-- The FILE and ASYNC appenders are here as examples for a production configuration -->
+  <!--
+      <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+          <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+              <fileNamePattern>logFile.%d{yyyy-MM-dd}.log</fileNamePattern>
+              <maxHistory>90</maxHistory>
+          </rollingPolicy>
+          <encoder>
+              <charset>utf-8</charset>
+              <Pattern>%d %-5level [%thread] %logger{0}: %msg%n</Pattern>
+          </encoder>
+      </appender>
+
+      <appender name="ASYNC" class="ch.qos.logback.classic.AsyncAppender">
+          <queueSize>512</queueSize>
+          <appender-ref ref="FILE"/>
+      </appender>
+  -->
+
+  <logger name="io.github.microcks" level="DEBUG"/>
+  <!-- Change com.mongodb to org.mongodb so that com.mongodb.FongoDBCollection is ignored, set to debug and tests do not fail... -->
+  <logger name="org.mongodb" level="INFO"/>
+  <logger name="org.springframework.data.mongodb" level="INFO"/>
+  <logger name="org.keycloak" level="INFO"/>
+
+  <logger name="javax.activation" level="WARN"/>
+  <logger name="javax.mail" level="WARN"/>
+  <logger name="javax.xml.bind" level="WARN"/>
+  <logger name="ch.qos.logback" level="WARN"/>
+  <logger name="com.codahale.metrics" level="WARN"/>
+  <logger name="com.ryantenney" level="WARN"/>
+  <logger name="com.sun.xml.internal.bind" level="WARN"/>
+  <logger name="com.zaxxer" level="WARN"/>
+  <logger name="io.undertow" level="WARN"/>
+  <logger name="org.apache" level="WARN"/>
+  <logger name="org.apache.catalina.startup.DigesterFactory" level="OFF"/>
+  <logger name="org.bson" level="WARN"/>
+  <logger name="org.hibernate.validator" level="WARN"/>
+  <logger name="org.hibernate" level="WARN"/>
+  <logger name="org.hibernate.ejb.HibernatePersistence" level="OFF"/>
+  <logger name="org.springframework" level="WARN"/>
+  <logger name="org.springframework.aop" level="WARN"/>
+  <logger name="org.springframework.web" level="WARN"/>
+  <logger name="org.springframework.security" level="WARN"/>
+  <logger name="org.springframework.cache" level="WARN"/>
+  <logger name="org.springframework.scheduling" level="WARN"/>
+  <logger name="org.thymeleaf" level="WARN"/>
+  <logger name="org.xnio" level="WARN"/>
+  <logger name="com.mangofactory.swagger" level="WARN"/>
+  <logger name="com.wordnik.swagger" level="warn"/>
+  <logger name="sun.rmi.transport" level="warn"/>
+
+  <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
+    <resetJUL>true</resetJUL>
+  </contextListener>
+
+  <root level="${logback.loglevel}">
+    <appender-ref ref="CONSOLE"/>
+  </root>
+
+</configuration>
\ No newline at end of file
diff --git a/keycloak-realm/microcks-realm-sample.json b/keycloak-realm/microcks-realm-sample.json
new file mode 100644
index 0000000..9f63c8a
--- /dev/null
+++ b/keycloak-realm/microcks-realm-sample.json
@@ -0,0 +1,128 @@
+{
+  "id": "microcks",
+  "realm": "microcks",
+  "displayName": "Microcks",
+  "notBefore": 0,
+  "revokeRefreshToken": false,
+  "refreshTokenMaxReuse": 0,
+  "accessTokenLifespan": 300,
+  "accessTokenLifespanForImplicitFlow": 900,
+  "ssoSessionIdleTimeout": 1800,
+  "ssoSessionMaxLifespan": 36000,
+  "offlineSessionIdleTimeout": 2592000,
+  "accessCodeLifespan": 60,
+  "accessCodeLifespanUserAction": 300,
+  "accessCodeLifespanLogin": 1800,
+  "actionTokenGeneratedByAdminLifespan": 43200,
+  "actionTokenGeneratedByUserLifespan": 300,
+  "enabled": true,
+  "sslRequired": "external",
+  "registrationAllowed": false,
+  "registrationEmailAsUsername": false,
+  "rememberMe": false,
+  "verifyEmail": false,
+  "loginWithEmailAllowed": true,
+  "duplicateEmailsAllowed": false,
+  "resetPasswordAllowed": false,
+  "editUsernameAllowed": false,
+  "bruteForceProtected": false,
+  "permanentLockout": false,
+  "maxFailureWaitSeconds": 900,
+  "minimumQuickLoginWaitSeconds": 60,
+  "waitIncrementSeconds": 60,
+  "quickLoginCheckMilliSeconds": 1000,
+  "maxDeltaTimeSeconds": 43200,
+  "failureFactor": 30,
+  "users" : [
+    {
+      "username" : "admin",
+      "enabled": true,
+      "credentials" : [
+        { "type" : "password",
+          "value" : "123" }
+      ],
+      "requiredActions": [
+        "UPDATE_PASSWORD"
+      ],
+      "realmRoles": [],
+      "applicationRoles": {
+        "realm-management": [ "realm-admin" ],
+        "account": [ "manage-account" ],
+        "microcks-app": [ "admin "]
+      }
+    }
+  ],
+  "roles": {
+    "realm": [],
+    "client": {
+      "microcks-app": [
+        {
+          "name": "user",
+          "composite": false,
+          "clientRole": true,
+          "containerId": "microcks"
+        },
+        {
+          "name": "admin",
+          "composite": false,
+          "clientRole": true,
+          "containerId": "microcks"
+        },
+        {
+          "name": "manager",
+          "composite": false,
+          "clientRole": true,
+          "containerId": "microcks"
+        }
+      ]
+    }
+  },
+  "defaultRoles": [],
+  "requiredCredentials": [ "password" ],
+  "scopeMappings": [],
+  "clientScopeMappings": {
+    "microcks-app": [
+      {
+        "client": "microcks-app-js",
+        "roles": [
+          "manager",
+          "admin",
+          "user"
+        ]
+      }
+    ]
+  },
+  "applications": [
+    {
+      "name": "microcks-app",
+      "enabled": true,
+      "bearerOnly": true,
+      "defaultRoles": [
+        "user"
+      ]
+    },
+    {
+      "name": "microcks-app-js",
+      "enabled": true,
+      "publicClient": true,
+      "webOrigins": [
+        "+"
+      ],
+      "redirectUris": [
+        "https://microcks.dns.podman/*"
+      ],
+      "fullScopeAllowed": false
+    },
+    {
+      "name": "microcks-serviceaccount",
+      "enabled": true,
+      "bearerOnly": false,
+      "publicClient": false,
+      "standardFlowEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "serviceAccountsEnabled": true,
+      "clientAuthenticatorType": "client-secret"
+    }
+  ],
+  "keycloakVersion": "10.0.1"
+}
diff --git a/microcks.yml b/microcks.yml
new file mode 100644
index 0000000..67acce7
--- /dev/null
+++ b/microcks.yml
@@ -0,0 +1,51 @@
+version: '2'
+networks:
+  main:
+services:
+  mongo:
+    image: docker.io/mongo:3.4.23
+    container_name: microcks-mongo
+    volumes:
+      # Podman does not create missing folders, so we need to use an existing one
+      # Adding the "z" flag to get SELinux configured automatically
+      - "./microcks-data:/data/db:z"
+  postman:
+    image: quay.io/microcks/microcks-postman-runtime:latest
+    container_name: microcks-postman-runtime
+  keycloak:
+    image: docker.io/jboss/keycloak:10.0.1
+    command: "-b 0.0.0.0 -Dkeycloak.import=/microcks-keycloak-config/microcks-realm-sample.json -Djboss.http.port=80 -Djboss.https.port=443"
+    container_name: microcks-keycloak
+    volumes:
+      # Adding the "z" flag to get SELinux configured automatically
+      - ./keycloak-realm:/microcks-keycloak-config:z
+      - ./keystore:/opt/jboss/keycloak/standalone/configuration/keystores:z
+    cap_add:
+    - NET_BIND_SERVICE
+    environment:
+      KEYCLOAK_USER: "admin"
+      KEYCLOAK_PASSWORD: "123"
+      KEYCLOAK_HTTP_PORT: "80"
+      KEYCLOAK_HTTPS_PORT: "443"
+      KEYCLOAK_HOSTNAME: microcks-keycloak.dns.podman
+  app:
+    depends_on:
+      - mongo
+      - postman
+      - keycloak
+    image: quay.io/microcks/microcks:latest
+    cap_add:
+    - NET_BIND_SERVICE
+    container_name: microcks
+    volumes:
+      # Adding the "z" flag to get SELinux configured automatically
+      - ./config:/deployments/config:z
+      - ./keystore:/deployments/keystore:z
+    environment:
+      - SPRING_PROFILES_ACTIVE=prod
+      - SPRING_DATA_MONGODB_URI=mongodb://microcks-mongo.dns.podman:27017
+      - SPRING_DATA_MONGODB_DATABASE=microcks
+      - POSTMAN_RUNNER_URL=http://microcks-postman-runtime.dns.podman:3000
+      - TEST_CALLBACK_URL=https://microcks.dns.podman
+      - KEYCLOAK_URL=https://microcks-keycloak.dns.podman/auth
+      - SERVICES_UPDATE_INTERVAL=0 0 0/2 * * *
diff --git a/run-microcks.sh b/run-microcks.sh
new file mode 100755
index 0000000..7bdb2c7
--- /dev/null
+++ b/run-microcks.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+mkdir -p keystore || exit 1
+
+echo "Generating local keys, certs and keystore into ./keystore folder ..."
+echo
+
+podman run -v $PWD/keystore:/certs:z -e JKS_PASSWORD=server -e SERVER_HOSTNAMES="microcks.dns.podman microcks-keycloak.dns.podman" -t docker.io/nmasse/mkcert:0.1
+
+echo
+echo "Renaming stuffs to match Microcks and Keycloak constraints ..."
+echo
+
+mv keystore/server.crt keystore/tls.crt
+mv keystore/server.key keystore/tls.key
+mv keystore/server.p12 keystore/microcks.p12
+cp keystore/server.jks keystore/https-keystore.jks
+
+mkdir -p microcks-data || exit 1
+chmod -R ugo+rX config || exit 1
+
+echo
+echo "Starting Microcks using podman-compose ..."
+echo "------------------------------------------"
+echo "Stop it with: sudo podman-compose -f microcks.yml --transform_policy=identity stop"
+echo "Re-launch it with: sudo podman-compose -f microcks.yml --transform_policy=identity start"
+echo "Clean everything with: sudo podman-compose -f microcks.yml --transform_policy=identity down"
+echo "------------------------------------------"
+echo "Go to https://microcks.dns.podman - first login with admin/123"
+echo "Having issues? Check you have changed microcks.yml to your platform"
+echo
+
+podman-compose -f microcks.yml --transform_policy=identity up -d