diff --git a/.github/environments/values.dev.yaml b/.github/environments/values.dev.yaml index b92f9b8b..615762c5 100644 --- a/.github/environments/values.dev.yaml +++ b/.github/environments/values.dev.yaml @@ -1,6 +1,7 @@ --- features: basicAuth: true + defaultBucket: false oidcAuth: true autoscaling: @@ -18,9 +19,6 @@ config: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy7zfh2ZgpDV5mH/aXyLDTddZK81rGakJcTy4KvCNOkDDxt1KAhW02lmbCo8YhHCOzjNZBp1+Vi6QiMRgBqAe2GTPZYEiV70aXfROGZe3Nvwcjbtki6HoyRte3SpqLJEIPL2F+hjJkw1UPGnjPTWZkEx9p74b9i3BjuE8RnjJ0Sza2MWw83zoQUZEJRGiopSL0yuVej6t2LO2btVdVf7QuZfPt9ehkcQYlPKpVvJA+pfeqPAdnNt7OjEIeYxinjurZr8Z04hz8UhkRefcWlSbFzFQYmL7O7iArjW0bsSvq8yNUd5r0KCOQkFduwZy26yTzTxj8OLFT91fEmbBBl4rQIDAQAB KC_REALM: standard KC_SERVERURL: "https://dev.loginproxy.gov.bc.ca/auth" - OBJECTSTORAGE_BUCKET: egejyy - OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca" - # OBJECTSTORAGE_KEY: ~ SERVER_BODYLIMIT: 30mb # SERVER_LOGFILE: ~ SERVER_LOGLEVEL: http diff --git a/.github/environments/values.pr.yaml b/.github/environments/values.pr.yaml index 002f9a80..42447e33 100644 --- a/.github/environments/values.pr.yaml +++ b/.github/environments/values.pr.yaml @@ -2,6 +2,7 @@ features: basicAuth: true oidcAuth: true + defaultBucket: false patroni: enabled: true diff --git a/.github/environments/values.prod.yaml b/.github/environments/values.prod.yaml index 3f569f14..9a4270e9 100644 --- a/.github/environments/values.prod.yaml +++ b/.github/environments/values.prod.yaml @@ -1,6 +1,7 @@ --- features: basicAuth: true + defaultBucket: true oidcAuth: true autoscaling: @@ -18,9 +19,6 @@ config: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHiuPKOkpkq4GXN1ktr23rJtDl6Vdu/Y37ZAd3PnQ8/IDfAODvy1Y81aAUZicKe9egolv+OTRANN3yOg+TAbRhkeXLE5p/473EK0aQ0NazTCuWo6Am3oDQ7Yt8x0pw56/qcLtkTuXNyo5EnVV2Z2BzCnnaL31JOhyitolku0DNT6GDoRBmT4o2ItqEVHk5nM25cf1t2zbwI2790W6if1B2qVRkxxivS8tbH7nYC61Is3XCPockKptkH22cm2ZQJmtYd5sZKuXaGsvtyzHmn8/l0Kd1xnHmUu4JNuQ67YiNZGu3hOkrF0Js3BzAk1Qm4kvYRaxbJFCs/qokLZ4Z0W9wIDAQAB KC_REALM: standard KC_SERVERURL: "https://loginproxy.gov.bc.ca/auth" - OBJECTSTORAGE_BUCKET: egejyy - OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca" - # OBJECTSTORAGE_KEY: ~ SERVER_BODYLIMIT: 30mb # SERVER_LOGFILE: ~ SERVER_LOGLEVEL: http diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml index dbace25b..71e1386d 100644 --- a/.github/environments/values.test.yaml +++ b/.github/environments/values.test.yaml @@ -1,6 +1,7 @@ --- features: basicAuth: true + defaultBucket: false oidcAuth: true autoscaling: @@ -18,9 +19,6 @@ config: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFdv9GA83uHuy8Eu9yiZHGGF9j6J8t7FkbcpaN81GDjwbjsIJ0OJO9dKRAx6BAtTC4ubJTBJMPvQER5ikOhIeBi4o25fg61jpgsU6oRZHkCXc9gX6mrjMjbsPaf3/bjjYxP5jicBDJQeD1oRa24+tiGggoQ7k6gDEN+cRYqqNpzC/GQbkUPk8YsgroncEgu8ChMh/3ERsLV2zorchMANUq76max16mHrhtWIQxrb/STpSt4JuSlUzzBV/dcXjJe5gywZHe0jAutFhNqjHzHdgyaC4RAd3eYQo+Kl/JOgy2AZrnx+CiPmvOJKe9tAW4k4H087ng8aVE40v4HW/FEbnwIDAQAB KC_REALM: standard KC_SERVERURL: "https://test.loginproxy.gov.bc.ca/auth" - OBJECTSTORAGE_BUCKET: egejyy - OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca" - # OBJECTSTORAGE_KEY: ~ SERVER_BODYLIMIT: 30mb # SERVER_LOGFILE: ~ SERVER_LOGLEVEL: http diff --git a/app/README.md b/app/README.md index 09820715..906d1e16 100644 --- a/app/README.md +++ b/app/README.md @@ -82,6 +82,7 @@ The following variables enable and enforce the use of OIDC Bearer Authentication | Config Var | Env Var | Default | Notes | | --- | --- | --- | --- | +| `enabled` | `OBJECTSTORAGE_ENABLED` | | Whether to run COMS with a default bucket | | `accessKeyId` | `OBJECTSTORAGE_ACCESSKEYID` | | The Access Key for your S3 compatible object storage account | | `bucket` | `OBJECTSTORAGE_BUCKET` | | The object storage bucket name | | `endpoint` | `OBJECTSTORAGE_ENDPOINT` | | Object store URL. eg: `https://nrs.objectstore.gov.bc.ca` | @@ -122,6 +123,7 @@ Run COMS in **Unauthenticated mode** (replace environment values as necessary) ``` sh docker run -it --rm -p 3000:3000 \ + -e OBJECTSTORAGE_ENABLED=true \ -e OBJECTSTORAGE_ACCESSKEYID= \ -e OBJECTSTORAGE_BUCKET= \ -e OBJECTSTORAGE_ENDPOINT= \ @@ -134,6 +136,7 @@ Run COMS in **Basic Auth mode** (replace environment values as necessary) ``` sh docker run -it --rm -p 3000:3000 \ + -e OBJECTSTORAGE_ENABLED=true \ -e OBJECTSTORAGE_ACCESSKEYID= \ -e OBJECTSTORAGE_BUCKET= \ -e OBJECTSTORAGE_ENDPOINT= \ @@ -158,6 +161,7 @@ Run COMS in **OIDC Auth Mode** (replace environment values as necessary) ``` sh docker run -it --rm -p 3000:3000 \ + -e OBJECTSTORAGE_ENABLED=true \ -e OBJECTSTORAGE_ACCESSKEYID= \ -e OBJECTSTORAGE_BUCKET= \ -e OBJECTSTORAGE_ENDPOINT= \ @@ -178,6 +182,7 @@ Run COMS in **Full Auth Mode** (replace environment values as necessary) ``` sh docker run -it --rm -p 3000:3000 \ + -e OBJECTSTORAGE_ENABLED=true \ -e OBJECTSTORAGE_ACCESSKEYID= \ -e OBJECTSTORAGE_BUCKET= \ -e OBJECTSTORAGE_ENDPOINT= \ @@ -233,6 +238,7 @@ To run COMS in Full Auth mode you will want your `local.json` to have the follow "serverUrl": "" }, "objectStorage": { + "enabled": true, "secretAccessKey": "", "key": "", "accessKeyId": "", diff --git a/app/app.js b/app/app.js index 005250ce..3d11775c 100644 --- a/app/app.js +++ b/app/app.js @@ -216,7 +216,7 @@ function initializeConnections() { if (state.connections.data) { log.info('DataConnection Reachable', { function: 'initializeConnections' }); } - if (config.has('objectStorage')) { + if (config.has('objectStorage.enabled')) { readUnique(config.get('objectStorage')).then(() => { log.error('Default bucket cannot also exist in database', { function: 'initializeConnections' }); fatalErrorHandler(); diff --git a/app/config/custom-environment-variables.json b/app/config/custom-environment-variables.json index 4a0bc7b5..763b500e 100644 --- a/app/config/custom-environment-variables.json +++ b/app/config/custom-environment-variables.json @@ -25,6 +25,7 @@ "objectStorage": { "accessKeyId": "OBJECTSTORAGE_ACCESSKEYID", "bucket": "OBJECTSTORAGE_BUCKET", + "enabled": "OBJECTSTORAGE_ENABLED", "endpoint": "OBJECTSTORAGE_ENDPOINT", "key": "OBJECTSTORAGE_KEY", "secretAccessKey": "OBJECTSTORAGE_SECRETACCESSKEY" diff --git a/app/src/components/utils.js b/app/src/components/utils.js index 8b9da666..20f4f89d 100644 --- a/app/src/components/utils.js +++ b/app/src/components/utils.js @@ -73,8 +73,8 @@ const utils = { const data = { region: DEFAULTREGION }; if (bucketId) { // Function scoped import to avoid circular dependencies - const { bucketService } = require('../services'); - const bucketData = await bucketService.read(bucketId); + const { read } = require('../services/bucket'); + const bucketData = await read(bucketId); data.accessKeyId = bucketData.accessKeyId; data.bucket = bucketData.bucket; @@ -82,7 +82,7 @@ const utils = { data.key = bucketData.key; data.secretAccessKey = bucketData.secretAccessKey; if (bucketData.region) data.region = bucketData.region; - } else if (config.has('objectStorage')) { + } else if (config.has('objectStorage') && config.has('objectStorage.enabled')) { data.accessKeyId = config.get('objectStorage.accessKeyId'); data.bucket = config.get('objectStorage.bucket'); data.endpoint = config.get('objectStorage.endpoint'); diff --git a/charts/coms/Chart.yaml b/charts/coms/Chart.yaml index 9766b5bd..b839d59a 100644 --- a/charts/coms/Chart.yaml +++ b/charts/coms/Chart.yaml @@ -3,7 +3,7 @@ name: common-object-management-service # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.17 +version: 0.0.18 kubeVersion: ">= 1.13.0" description: A microservice for managing access control to S3 Objects # A chart can be either an 'application' or a 'library' chart. diff --git a/charts/coms/README.md b/charts/coms/README.md index 28e14f20..c8b5f5ce 100644 --- a/charts/coms/README.md +++ b/charts/coms/README.md @@ -1,6 +1,6 @@ # common-object-management-service -![Version: 0.0.17](https://img.shields.io/badge/Version-0.0.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) +![Version: 0.0.18](https://img.shields.io/badge/Version-0.0.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) A microservice for managing access control to S3 Objects @@ -42,6 +42,7 @@ Kubernetes: `>= 1.13.0` | dbSecretOverride.username | string | `nil` | | | failurePolicy | string | `"Retry"` | | | features.basicAuth | bool | `false` | Specifies whether basic auth is enabled | +| features.defaultBucket | bool | `false` | Specifies whether a default bucket is enabled | | features.oidcAuth | bool | `false` | Specifies whether oidc auth is enabled | | fullnameOverride | string | `nil` | String to fully override fullname | | image.pullPolicy | string | `"IfNotPresent"` | | diff --git a/charts/coms/templates/deploymentconfig.yaml b/charts/coms/templates/deploymentconfig.yaml index 209e3c43..09dd8a34 100644 --- a/charts/coms/templates/deploymentconfig.yaml +++ b/charts/coms/templates/deploymentconfig.yaml @@ -148,6 +148,7 @@ spec: key: password name: {{ include "coms.configname" . }}-keycloak {{- end }} + {{- if or .Values.features.defaultBucket .Values.config.configMap.OBJECTSTORAGE_ENABLED }} - name: OBJECTSTORAGE_ACCESSKEYID valueFrom: secretKeyRef: @@ -158,6 +159,7 @@ spec: secretKeyRef: key: password name: {{ include "coms.configname" . }}-objectstorage + {{- end }} - name: SERVER_PASSPHRASE valueFrom: secretKeyRef: diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml index 39d37e7a..d12245f6 100644 --- a/charts/coms/templates/secret.yaml +++ b/charts/coms/templates/secret.yaml @@ -62,7 +62,7 @@ data: password: {{ .Values.keycloakSecretOverride.password | b64enc | quote }} username: {{ .Values.keycloakSecretOverride.username | b64enc | quote }} {{- end }} -{{- if and (not $osSecret) (and .Values.objectStorageSecretOverride.password .Values.objectStorageSecretOverride.username) }} +{{- if and .Values.features.defaultBucket (not $osSecret) (and .Values.objectStorageSecretOverride.password .Values.objectStorageSecretOverride.username) }} --- apiVersion: v1 kind: Secret diff --git a/charts/coms/values.yaml b/charts/coms/values.yaml index fb68c77a..b0b96382 100644 --- a/charts/coms/values.yaml +++ b/charts/coms/values.yaml @@ -106,6 +106,8 @@ resources: features: # -- Specifies whether basic auth is enabled basicAuth: false + # -- Specifies whether a default bucket is enabled + defaultBucket: false # -- Specifies whether oidc auth is enabled oidcAuth: false @@ -139,6 +141,7 @@ config: KC_SERVERURL: ~ OBJECTSTORAGE_BUCKET: ~ + # OBJECTSTORAGE_ENABLED: "true" OBJECTSTORAGE_ENDPOINT: ~ OBJECTSTORAGE_KEY: ~