From 3bf0cb545548a7276e1a0fb2ce5e844770ada686 Mon Sep 17 00:00:00 2001 From: Swati Goel Date: Fri, 20 Sep 2024 15:32:40 +0530 Subject: [PATCH] [MOSIP-34747] - set spring.profiles.active composite (#1571) * [MOSIP-34747] - set spring.profiles.active composite (#1553) -- Update readme with example to support different type of repositories - git, svn, native Signed-off-by: Swati Goel * Sync with develop (#1570) * fix: kernel/kernel-idobjectvalidator/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236 - https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415 - https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356 Signed-off-by: rajapandi.m * fix: kernel/kernel-bom/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379 - https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5962464 Signed-off-by: rajapandi.m * fix: kernel/kernel-pdfgenerator-itext/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMITEXTPDF-2320389 - https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1052448 - https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508 - https://snyk.io/vuln/SNYK-JAVA-COMITEXTPDF-541282 - https://snyk.io/vuln/SNYK-JAVA-COMITEXTPDF-541284 - https://snyk.io/vuln/SNYK-JAVA-COMITEXTPDF-2391484 - https://snyk.io/vuln/SNYK-JAVA-COMITEXTPDF-2391485 - https://snyk.io/vuln/SNYK-JAVA-COMITEXTPDF-2391486 Signed-off-by: rajapandi.m * Revert "fix: kernel/kernel-pdfgenerator-itext/pom.xml to reduce vulnerabilities" This reverts commit 80a480eeefe55ae0b4d64c2da017a26a0d5ee64e. Signed-off-by: rajapandi.m * fix: kernel/kernel-authcodeflowproxy-api/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6435950 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATEVALIDATOR-541187 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATEVALIDATOR-6247635 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-467268 - https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATEVALIDATOR-568163 - https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356 Signed-off-by: rajapandi.m * fix: kernel/kernel-bom/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-7430175 - https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-6457293 - https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058 Signed-off-by: rajapandi.m * Update pom.xml Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> Signed-off-by: rajapandi.m * Update pom.xml Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> Signed-off-by: rajapandi.m * Update pom.xml Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> Signed-off-by: rajapandi.m * Update pom.xml Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> * [DSD-6020] Updated nexus-staging-maven-plugin version in pom.xml Signed-off-by: techno-467 * [MOSIP-35226] Enabled config-server to pull configurations from local git repo. (#1566) * [MOSIP-35226] Updated bootstrap.properties Signed-off-by: Mohan E * Updated bootstrap.properties Signed-off-by: Mohan E * [MOSIP-35226] Updated Dockerfile Signed-off-by: Mohan E * Updated bootstrap.properties Signed-off-by: Mohan E * Updated bootstrap.properties Signed-off-by: Mohan E * Updated bootstrap.properties Signed-off-by: Mohan E * Updated Dockerfile Signed-off-by: Mohan E * Updated bootstrap.properties Signed-off-by: Mohan E * Updated Dockerfile Signed-off-by: Mohan E * [MOSIP-35226] Updated bootstrap.properties Signed-off-by: Mohan E * [MOSIP-35226] Updated bootstrap.properties Signed-off-by: Mohan E * [MOSIP-35226] Updated bootstrap.properties Signed-off-by: Mohan E --------- Signed-off-by: Mohan E * [MOSIP-35160] Updated URL from https://github.com/mosip/mosip-infra/blob/master/deployment/v3/utils/copy_cm_func.sh to https://raw.githubusercontent.com/mosip/mosip-infra/master/deployment/v3/utils/copy_cm_func.sh Signed-off-by: techno-467 --------- Signed-off-by: rajapandi.m Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> Signed-off-by: techno-467 Signed-off-by: Mohan E Co-authored-by: snyk-bot Co-authored-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> Co-authored-by: Chandra Keshav Mishra Co-authored-by: techno-467 Co-authored-by: Mohan E * [MOSIP-34747] - correct readme Signed-off-by: Swati Goel --------- Signed-off-by: Swati Goel Signed-off-by: rajapandi.m Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> Signed-off-by: techno-467 Signed-off-by: Mohan E Co-authored-by: snyk-bot Co-authored-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> Co-authored-by: Chandra Keshav Mishra Co-authored-by: techno-467 Co-authored-by: Mohan E --- kernel/kernel-config-server/README.md | 104 ++++++++++++------ .../src/main/resources/bootstrap.properties | 21 +--- 2 files changed, 75 insertions(+), 50 deletions(-) diff --git a/kernel/kernel-config-server/README.md b/kernel/kernel-config-server/README.md index f2ff0838f0a..f37d6a1f9a9 100644 --- a/kernel/kernel-config-server/README.md +++ b/kernel/kernel-config-server/README.md @@ -24,34 +24,52 @@ For more information look [here]( https://cloud.spring.io/spring-cloud-config/si **How To Run**
To run the application:
-Make sure you have configured ssh keys to connect to git, because it will take ssh keys from default location (${user.home}/.ssh) . +Make sure you have configured ssh keys to connect to git, because it will take ssh keys from default location (${user.home}/.ssh) . + +Set environment variables to support git repos for composite profile. Here 0,1 indicates list items. +If any property exists in multiple repositories then repo at 0 index will have high priority and value will be referred from that repo. +``` +export SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI= +export SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git +export SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_DEFAULT_LABEL= + +export SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_1_URI= +export SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_1_TYPE=git +export SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_1_DEFAULT_LABEL= +``` Now run the jar using the following command:

-`java -jar -Dspring.cloud.config.server.git.uri=< git-repo-ssh-url > -Dspring.cloud.config.server.git.search-paths=< config-folder-location-in-git-repo > -Dencrypt.keyStore.location=file:///< file-location-of-keystore > -Dencrypt.keyStore.password=< keystore-passowrd > -Dencrypt.keyStore.alias=< keystore-alias > -Dencrypt.keyStore.secret=< keystore-secret > < jar-name >` +`java -jar -Dencrypt.keyStore.location=file:///< file-location-of-keystore > -Dencrypt.keyStore.password=< keystore-passowrd > -Dencrypt.keyStore.alias=< keystore-alias > -Dencrypt.keyStore.secret=< keystore-secret > < jar-name >`

-To run it inside Docker container provide the follwing run time arguments: -1. git_url_env +To run it inside Docker container provide the following run time arguments: +1. SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI The URL of your Git repo -2. git_config_folder_env +2. SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE +Repo type, which is git + +3. SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_DEFAULT_LABEL +branch to refer in git repo. If not provided, it will default to `main` branch + +4. SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS The folder inside your git repo which contains the configuration -3. encrypt_keyStore_location_env +5. encrypt_keyStore_location_env The encrypt keystore location -4. encrypt_keyStore_password_env +6. encrypt_keyStore_password_env The encryption keystore password -5. encrypt_keyStore_alias_env +7. encrypt_keyStore_alias_env The encryption keystore alias -6. encrypt_keyStore_secret_env +8. encrypt_keyStore_secret_env The encryption keyStore secret The final docker run command should look like: -`docker run --name= -d -v /server.keystore:/server.keystore:z -v /home/madmin/:/.ssh:z -e git_url_env= -e git_config_folder_env= -e encrypt_keyStore_location_env=file:////server.keystore -e encrypt_keyStore_password_env= -e encrypt_keyStore_alias_env= -e encrypt_keyStore_secret_env= -p 51000:51000 ` +`docker run --name= -d -v /server.keystore:/server.keystore:z -v /home/madmin/:/.ssh:z -e SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI= -e SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git -e SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_DEFAULT_LABEL= -e encrypt_keyStore_location_env=file:////server.keystore -e encrypt_keyStore_password_env= -e encrypt_keyStore_alias_env= -e encrypt_keyStore_secret_env= -p 51000:51000 `

**To Encrypt any property:**
@@ -78,38 +96,39 @@ server.port = 51000 #adding context path server.servlet.path=/config -# Uncomment spring.cloud.config.server.git.uri and spring.cloud.config.server.git.search-paths for # connecting to git Repo for configuration. -################################################################# -#Git repository location where configuration files are stored -#spring.cloud.config.server.git.uri= +spring.profiles.active=composite -#Path inside the GIT repo where config files are stored, in our case they are inside config directory -#spring.cloud.config.server.git.search-paths= +#Server would return a HTTP 404 status, if the application is not found.By default, this flag is set to true. +spring.cloud.config.server.accept-empty=false -# Uncomment spring.profiles.active and spring.cloud.config.server.native.search-locations for # connecting to local file system for configuration. -################################################################# -# spring.profiles.active=native +## As spring.profiles.active is composite, use env variable to provide values for git configuration as below +########################## +##Git repository location where configuration files are stored +# SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI= -# spring.cloud.config.server.native.search-locations=file:/// +##Type of repository, possible types are git, svn, native +# SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git -#Server would return a HTTP 404 status, if the application is not found.By default, this flag is set to true. -spring.cloud.config.server.accept-empty=false +##Branch/label to refer for in config repository +# SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_DEFAULT_LABEL= -#Spring Cloud Config Server makes a clone of the remote git repository and if somehow the local copy gets +#Spring Cloud Config Server makes a clone of the remote git repository and if somehow the local copy gets #dirty (e.g. folder content changes by OS process) so Spring Cloud Config Server cannot update the local copy #from remote repository. For Force-pull in such case, we are setting the flag to true. -spring.cloud.config.server.git.force-pull=true +# SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_FORCE_PULL=true -# Disabling health endpoints to improve performance of config server while in development, can be commented out in production. -health.config.enabled=false - -# Setting up refresh rate to 1 minute so that config server will check for updates in Git repo after every one minute, +# Setting up refresh rate to 5 seconds so that config server will check for updates in Git repo after every 5 seconds, #can be lowered down for production. -spring.cloud.config.server.git.refreshRate=60 - +# SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_REFRESH_RATE=5 # adding provision to clone on start of server instead of first request -spring.cloud.config.server.git.cloneOnStart=true +# SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_CLONE_ON_START=true + +#Path inside the GIT repo where config files are stored, in our case they are inside config directory +#SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS= + +# Disabling health endpoints to improve performance of config server while in development, can be commented out in production. +health.config.enabled=false #For encryption of properties ########################################### @@ -148,7 +167,7 @@ spring.cloud.config.uri=http://: spring.cloud.config.label= spring.application.name= spring.cloud.config.name= -spring.profiles.active= +spring.profiles.active=composite management.endpoints.web.exposure.include=refresh #management.security.enabled=false @@ -157,3 +176,24 @@ management.endpoints.web.exposure.include=refresh spring.cloud.config.server.health.enabled=false ``` + +**cloud config supported for git type repository** + +``` +SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI= +SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git +SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_DEFAULT_LABEL= +``` + +``` +SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_1_URI= +SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_1_TYPE=git +SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_1_DEFAULT_LABEL= +``` + +**cloud config supported for native** + +``` +SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI= +SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native +``` \ No newline at end of file diff --git a/kernel/kernel-config-server/src/main/resources/bootstrap.properties b/kernel/kernel-config-server/src/main/resources/bootstrap.properties index 802980f8dba..502421f1658 100644 --- a/kernel/kernel-config-server/src/main/resources/bootstrap.properties +++ b/kernel/kernel-config-server/src/main/resources/bootstrap.properties @@ -22,31 +22,16 @@ server.servlet.context-path=${server.servlet.path} #Path inside the GIT repo where config files are stored, in our case they are inside config directory #spring.cloud.config.server.git.search-paths= -# Uncomment spring.profiles.active and spring.cloud.config.server.native.search-locations for # connecting to local file system for configuration. -################################################################# -spring.profiles.active=native - -spring.cloud.config.server.native.search-locations=file:///var/lib/config_repo +#support for composite property. +#use env variables to provide list of repos. +spring.profiles.active=composite #Server would return a HTTP 404 status, if the application is not found.By default, this flag is set to true. spring.cloud.config.server.accept-empty=false -#Spring Cloud Config Server makes a clone of the remote git repository and if somehow the local copy gets -#dirty (e.g. folder content changes by OS process) so Spring Cloud Config Server cannot update the local copy -#from remote repository. For Force-pull in such case, we are setting the flag to true. -spring.cloud.config.server.git.force-pull=true - # Disabling health endpoints to improve performance of config server while in development, can be commented out in production. health.config.enabled=false -# Setting up refresh rate to 5 seconds so that config server will check for updates in Git repo after every one minute, -#can be lowered down for production. -spring.cloud.config.server.git.refreshRate=5 - - -# adding provision to clone on start of server instead of first request -spring.cloud.config.server.git.cloneOnStart=true - #For encryption of properties ########################################### #pass at runtime