diff --git a/.github/openshift/deploy.caseflow-web.yml b/.github/openshift/deploy.caseflow-web.yml index 65d422309..3282a5819 100644 --- a/.github/openshift/deploy.caseflow-web.yml +++ b/.github/openshift/deploy.caseflow-web.yml @@ -56,19 +56,25 @@ objects: config.js: |- // runtime-config.js vars window["_env_"] = { - "REACT_APP_NODE_ENV": "production", - "REACT_APP_AUTH_AUTHORITY": "https://epd-keycloak-${ENV}.apps.silver.devops.gov.bc.ca/auth/realms/forms-flow-ai/", - "REACT_APP_AUTH_CLIENT_ID": "${REACT_APP_AUTH_CLIENT_ID}", - "REACT_APP_AUTH_REDIRECT_URI": "https://forms-flow-web-root-config-${ENV}.apps.silver.devops.gov.bc.ca/", - "REACT_APP_AUTH_LOGOUT_REDIRECT_URI": "https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://epd-keycloak-${ENV}.apps.silver.devops.gov.bc.ca/auth/realms/forms-flow-ai/protocol/openid-connect/logout?post_logout_redirect_uri=https://epd-frontend-${ENV}.apps.silver.devops.gov.bc.ca", - "REACT_APP_AUTH_RESPONSE_TYPE": "code", - "REACT_APP_AUTH_SCOPE": "openid profile", - "REACT_APP_BACKEND_API": "https://epd-backend-gateway-${ENV}.apps.silver.devops.gov.bc.ca", - "REACT_APP_AUTH_FILTER_PROTOCOL_CLAIMS": "true", - "REACT_APP_AUTH_LOAD_USER_INFO": "true", - "REACT_APP_AUTH_REVOKE_TOKENS_ON_SIGNOUT": "true", - "REACT_APP_FORMSFLOW_WEB_URL": "https://forms-flow-web-root-config-${ENV}.apps.silver.devops.gov.bc.ca/", - "REACT_APP_CUSTOM_MAP_URL": "https://epd-frontend-${ENV}.apps.silver.devops.gov.bc.ca/map" + "REACT_APP_KEYCLOAK_WEB_CLIENTID": "case-flow-web", + "REACT_APP_KEYCLOAK_URL_REALM": "forms-flow-ai", + # "REACT_APP_AUTH_CLIENT_ID": "${REACT_APP_AUTH_CLIENT_ID}", + "REACT_APP_KEYCLOAK_URL": "https://forms-flow-idm-caseflow.aot-technologies.com", + "REACT_APP_CASEFLOW_API_URL": "https://caseflow-core.aot-technologies.com", + "REACT_APP_CASEFLOW_GRAPHQL_API_URL": "https://caseflow-gateway.aot-technologies.com", + "REACT_APP_CASEFLOW_DMS": "1", + "APPLICATION_NAME": "caseflow.ai", + "REACT_APP_CASEFLOW_LOB_GRAPHQL_API_URL": "https://caseflow-lob.aot-technologies.com", + "REACT_APP_PAGINATION_TAKE": "10", + "REACT_APP_FORMSFLOW_URL": "true", + "REACT_APP_FORMSFLOW_WEB_URL": "https://forms-flow-bpm-caseflow.aot-technologies.com", + "REACT_APP_FORMSFLOW_APP_URL": "https://forms-flow-forms-caseflow.aot-technologies.com", + "REACT_APP_CASEFLOW_DMS_API_URL": "https://caseflow-dms.aot-technologies.com", + "REACT_APP_FORMSFLOW_FORM_URL": "https://forms-flow-api-caseflow.aot-technologies.com", + "REACT_APP_FORMSFLOW_WEB_URL": "https://forms-flow-web-caseflow.aot-technologies.com", + "REACT_APP_GENERIC_NAME": "Case" + + } - apiVersion: v1 kind: ImageStream diff --git a/.github/openshift/deploy.microservice-dms.yml b/.github/openshift/deploy.microservice-dms.yml index f2c02cfd9..d598d5416 100644 --- a/.github/openshift/deploy.microservice-dms.yml +++ b/.github/openshift/deploy.microservice-dms.yml @@ -4,7 +4,7 @@ metadata: name: ${NAME} annotations: description: "Caseflow-dms" - tags: "caseflow-backend" + tags: "caseflow" iconClass: icon-js labels: app: ${NAME}-${COMPONENT} @@ -15,7 +15,7 @@ parameters: value: caseflow - name: COMPONENT description: Component name - value: backend-dms + value: microservices-dms - name: IMAGE_TAG description: Image tag to use value: latest diff --git a/.github/openshift/deploy.microservice-gateway.yml b/.github/openshift/deploy.microservice-gateway.yml index 995873938..ff59aebaa 100644 --- a/.github/openshift/deploy.microservice-gateway.yml +++ b/.github/openshift/deploy.microservice-gateway.yml @@ -4,7 +4,7 @@ metadata: name: ${NAME} annotations: description: "Caseflow-gateway" - tags: "caseflow-backend" + tags: "caseflow" iconClass: icon-js labels: app: ${NAME}-${COMPONENT} @@ -15,7 +15,7 @@ parameters: value: caseflow - name: COMPONENT description: Component name - value: backend-gateway + value: microservices-gateway - name: IMAGE_TAG description: Image tag to use value: latest diff --git a/.github/openshift/deploy.microservice-lob.yml b/.github/openshift/deploy.microservice-lob.yml index 2d74fb7ac..b6c9e4b5e 100644 --- a/.github/openshift/deploy.microservice-lob.yml +++ b/.github/openshift/deploy.microservice-lob.yml @@ -4,7 +4,7 @@ metadata: name: ${NAME} annotations: description: "Caseflow-lob" - tags: "caseflow-backend" + tags: "caseflow" iconClass: icon-js labels: app: ${NAME}-${COMPONENT} @@ -15,7 +15,7 @@ parameters: value: caseflow - name: COMPONENT description: Component name - value: backend-lob + value: microservices-lob - name: IMAGE_TAG description: Image tag to use value: latest diff --git a/.github/openshift/deploy.microservice-server.yml b/.github/openshift/deploy.microservice-server.yml index e471aff2a..a1dcd1f20 100644 --- a/.github/openshift/deploy.microservice-server.yml +++ b/.github/openshift/deploy.microservice-server.yml @@ -4,7 +4,7 @@ metadata: name: ${NAME} annotations: description: "Caseflow -server" - tags: "caseflow-backend" + tags: "caseflow" iconClass: icon-js labels: app: ${NAME}-${COMPONENT} @@ -15,7 +15,7 @@ parameters: value: caseflow - name: COMPONENT description: Component name - value: backend-gateway + value: microservices-gateway - name: IMAGE_TAG description: Image tag to use value: latest diff --git a/.github/openshift/networkpolicy.yml b/.github/openshift/networkpolicy.yml new file mode 100644 index 000000000..7da3d43c0 --- /dev/null +++ b/.github/openshift/networkpolicy.yml @@ -0,0 +1,52 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: quickstart-network-security-policy +metadata: + name: quickstart-network-security-policy +objects: + - kind: NetworkPolicy + apiVersion: networking.k8s.io/v1 + metadata: + name: deny-by-default + spec: + # The default posture for a security first namespace is to + # deny all traffic. If not added this rule will be added + # by Platform Services during environment cut-over. + podSelector: {} + ingress: [] + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + spec: + # This policy allows any pod with a route & service combination + # to accept traffic from the OpenShift router pods. This is + # required for things outside of OpenShift (like the Internet) + # to reach your pods. + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - kind: NetworkPolicy + apiVersion: networking.k8s.io/v1 + metadata: + name: allow-same-namespace + spec: + # Allow all pods within the current namespace to communicate + # to one another. + podSelector: + ingress: + - from: + - podSelector: {} +parameters: + - name: NAMESPACE + displayName: Namespace + description: | + The namespace this policy is being deployed to; + required: true \ No newline at end of file diff --git a/.github/workflows/ci-cd-caseflow-dev.yml b/.github/workflows/ci-cd-caseflow-dev.yml index b07ecdba7..145969703 100644 --- a/.github/workflows/ci-cd-caseflow-dev.yml +++ b/.github/workflows/ci-cd-caseflow-dev.yml @@ -94,7 +94,7 @@ jobs: - component: app/caseflow_web overwrite: true template_file: .github/openshift/deploy.caseflow-web.yml - template_vars: -p PROMOTE=${{ github.repository }}/app/caseflow_web -p CONTAINER_PORT=4006 -p ENV=dev -p IMAGE_TAG=dev + template_vars: -p PROMOTE=${{ github.repository }}/app/caseflow_web -p CONTAINER_PORT=8080 -p ENV=dev -p IMAGE_TAG=dev - component: app/caseflow_core/microservices/dms overwrite: true template_file: .github/openshift/deploy.microservice-dms.yml