This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch baremetal
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/baremetal by this push:
new 0913943a6 entire custos backend stack runs on docker
new 7d5ee43e1 Merge pull request #364 from isururanawaka/ide-integration
0913943a6 is described below
commit 0913943a6f42e0e59b8f0b807dc4a3add96d5706
Author: Isuru Ranawaka <[email protected]>
AuthorDate: Tue Mar 14 14:00:00 2023 -0400
entire custos backend stack runs on docker
---
.../apache/custos/clients/core/AbstractClient.java | 6 ++
.../client/SuperAdminOperationsClient.java | 19 ++++-
.../manamgement/client/TenantManagementClient.java | 7 ++
.../custos-core-services-server/Dockerfile | 2 +-
.../src/main/resources/application.properties | 4 +-
.../src/main/resources/bootstrap.properties | 2 +-
.../src/main/resources/certificate.p12 | Bin 0 -> 2501 bytes
.../src/main/resources/keystore.pkcs12 | Bin 2349 -> 0 bytes
.../store/service/CredentialStoreService.java | 7 +-
.../src/main/proto/CredentialStoreService.proto | 1 +
.../services/clients/keycloak/KeycloakClient.java | 2 -
.../clients/keycloak/auth/KeycloakAuthClient.java | 1 +
.../src/main/resources/application.properties | 8 +--
...rTenantRestrictedOperationsInterceptorImpl.java | 15 +++-
.../service/TenantManagementService.java | 25 +++++--
.../management/tasks/TenantActivationTask.java | 48 +++++++------
custos-utilities/custos-bootstrap-service/pom.xml | 77 +++++++++++++++++++++
.../src/main/java/CustosBootstrapService.java | 56 +++++++++++++++
.../ide-integration/src/main/containers/Dockerfile | 5 ++
.../src/main/containers/certificate.p12 | Bin 0 -> 2501 bytes
.../src/main/containers/certificate.pem | 21 ++++++
.../src/main/containers/docker-compose.yml | 19 +++--
.../ide-integration/src/main/containers/key.pem | 28 ++++++++
.../src/main/containers/keycloak/keystore.pkcs12 | Bin 2349 -> 0 bytes
.../src/main/containers/keycloak/localhostcert.pem | 18 -----
.../src/main/containers/keycloak/localhostkey.pem | 28 --------
.../ide-integration/src/main/containers/nginx.conf | 32 +++++++++
pom.xml | 1 +
28 files changed, 337 insertions(+), 95 deletions(-)
diff --git
a/custos-client-sdks/custos-java-clients/custos-clients-core/src/main/java/org/apache/custos/clients/core/AbstractClient.java
b/custos-client-sdks/custos-java-clients/custos-clients-core/src/main/java/org/apache/custos/clients/core/AbstractClient.java
index cdb40182b..f56d5239c 100644
---
a/custos-client-sdks/custos-java-clients/custos-clients-core/src/main/java/org/apache/custos/clients/core/AbstractClient.java
+++
b/custos-client-sdks/custos-java-clients/custos-clients-core/src/main/java/org/apache/custos/clients/core/AbstractClient.java
@@ -20,6 +20,7 @@
package org.apache.custos.clients.core;
import io.grpc.ManagedChannel;
+import io.grpc.ManagedChannelBuilder;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder;
import org.slf4j.Logger;
@@ -47,6 +48,11 @@ public abstract class AbstractClient implements Closeable {
.build();
}
+ public AbstractClient(String serviceHost, int servicePort) throws
IOException {
+ managedChannel =
ManagedChannelBuilder.forAddress(serviceHost,servicePort)
+ .usePlaintext().build();
+ }
+
@Override
public void close() throws IOException {
if (managedChannel != null){
diff --git
a/custos-client-sdks/custos-java-clients/tenant-management-client/src/main/java/org/apache/custos/tenant/manamgement/client/SuperAdminOperationsClient.java
b/custos-client-sdks/custos-java-clients/tenant-management-client/src/main/java/org/apache/custos/tenant/manamgement/client/SuperAdminOperationsClient.java
index 054c4f337..6a6d4256e 100644
---
a/custos-client-sdks/custos-java-clients/tenant-management-client/src/main/java/org/apache/custos/tenant/manamgement/client/SuperAdminOperationsClient.java
+++
b/custos-client-sdks/custos-java-clients/tenant-management-client/src/main/java/org/apache/custos/tenant/manamgement/client/SuperAdminOperationsClient.java
@@ -20,6 +20,7 @@
package org.apache.custos.tenant.manamgement.client;
import io.grpc.ManagedChannel;
+import io.grpc.ManagedChannelBuilder;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder;
import io.grpc.stub.MetadataUtils;
@@ -59,6 +60,11 @@ public class SuperAdminOperationsClient {
ClientUtils.getAuthorizationHeader(clientId, clientSecret));
}
+ public SuperAdminOperationsClient(String serviceHost, int servicePort)
throws IOException {
+ managedChannel = ManagedChannelBuilder.forAddress(serviceHost,
servicePort).usePlaintext().build();
+ blockingStub =
TenantManagementServiceGrpc.newBlockingStub(managedChannel);
+ }
+
/**
* Register admin tenant
@@ -149,11 +155,20 @@ public class SuperAdminOperationsClient {
TenantManagementServiceGrpc.TenantManagementServiceBlockingStub
blockingStub =
MetadataUtils.attachHeaders(this.blockingStub,
ClientUtils.getAuthorizationHeader(adminUserToken));
return blockingStub.updateTenantStatus(request);
-
-
}
+ public UpdateStatusResponse updateTenantStatus(String clientId,
TenantStatus tenantStatus, boolean superTenant,
+ String updatedBy) {
+ UpdateStatusRequest request = UpdateStatusRequest
+ .newBuilder()
+ .setClientId(clientId)
+ .setStatus(tenantStatus)
+ .setSuperTenant(superTenant)
+ .setUpdatedBy(updatedBy)
+ .build();
+ return blockingStub.updateTenantStatus(request);
+ }
}
diff --git
a/custos-client-sdks/custos-java-clients/tenant-management-client/src/main/java/org/apache/custos/tenant/manamgement/client/TenantManagementClient.java
b/custos-client-sdks/custos-java-clients/tenant-management-client/src/main/java/org/apache/custos/tenant/manamgement/client/TenantManagementClient.java
index 499831746..d628877b6 100644
---
a/custos-client-sdks/custos-java-clients/tenant-management-client/src/main/java/org/apache/custos/tenant/manamgement/client/TenantManagementClient.java
+++
b/custos-client-sdks/custos-java-clients/tenant-management-client/src/main/java/org/apache/custos/tenant/manamgement/client/TenantManagementClient.java
@@ -58,6 +58,13 @@ public class TenantManagementClient extends AbstractClient {
}
+ public TenantManagementClient(String serviceHost, int servicePort) throws
IOException {
+
+ super(serviceHost,servicePort);
+
+ blockingStub =
TenantManagementServiceGrpc.newBlockingStub(managedChannel);
+ }
+
/**
* Register child tenant
diff --git a/custos-services/custos-core-services-server/Dockerfile
b/custos-services/custos-core-services-server/Dockerfile
index 941e5d84b..190961820 100644
--- a/custos-services/custos-core-services-server/Dockerfile
+++ b/custos-services/custos-core-services-server/Dockerfile
@@ -1,5 +1,5 @@
FROM openjdk:11.0.5-jdk-slim
-COPY src/main/resources/keystore.pkcs12
/home/ubuntu/keystore/keycloak-client-truststore.pkcs12
+COPY src/main/resources/certificate.p12
/home/ubuntu/keystore/keycloak-client-truststore.pkcs12
VOLUME /tmp
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
diff --git
a/custos-services/custos-core-services-server/src/main/resources/application.properties
b/custos-services/custos-core-services-server/src/main/resources/application.properties
index d1ad37892..bcdf48251 100644
---
a/custos-services/custos-core-services-server/src/main/resources/application.properties
+++
b/custos-services/custos-core-services-server/src/main/resources/application.properties
@@ -40,13 +40,13 @@ spring.datasource.username = root
spring.datasource.password = root
spring.datasource.url =
jdbc:mysql://host.docker.internal:3306/core_services_db?allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC&useLegacyDatetimeCode=false&createDatabaseIfNotExist=true
-spring.profiles.active=dev
+spring.profiles.active=local
#Keycloak properties
iam.server.admin.username=admin
iam.server.admin.password=admin
iam.server.truststore.password=keycloak
-iam.server.url=https://host.docker.internal:8443/auth/
+iam.server.url=https://host.docker.internal/auth/
mail.sender.password=test
diff --git
a/custos-services/custos-core-services-server/src/main/resources/bootstrap.properties
b/custos-services/custos-core-services-server/src/main/resources/bootstrap.properties
index 80e35fd7c..1f3b360b7 100644
---
a/custos-services/custos-core-services-server/src/main/resources/bootstrap.properties
+++
b/custos-services/custos-core-services-server/src/main/resources/bootstrap.properties
@@ -20,7 +20,7 @@ spring.cloud.vault.token=00000000-0000-0000-0000-000000000000
spring.cloud.vault.scheme=http
spring.cloud.vault.host=localhost
spring.cloud.vault.port=8200
-spring.cloud.vault.uri=http://0.0.0.0:8201
+spring.cloud.vault.uri=http://host.docker.internal:8201
spring.cloud.vault.authentication=token
#spring.cloud.vault.ssl.trust-store=file:home/ubuntu/vault-client-truststore.pkcs12
#spring.cloud.vault.ssl.trust-store-password=vaultpass
\ No newline at end of file
diff --git
a/custos-services/custos-core-services-server/src/main/resources/certificate.p12
b/custos-services/custos-core-services-server/src/main/resources/certificate.p12
new file mode 100644
index 000000000..018465773
Binary files /dev/null and
b/custos-services/custos-core-services-server/src/main/resources/certificate.p12
differ
diff --git
a/custos-services/custos-core-services-server/src/main/resources/keystore.pkcs12
b/custos-services/custos-core-services-server/src/main/resources/keystore.pkcs12
deleted file mode 100644
index ca8c7966e..000000000
Binary files
a/custos-services/custos-core-services-server/src/main/resources/keystore.pkcs12
and /dev/null differ
diff --git
a/custos-services/custos-core-services/credential-store-core-service/src/main/java/org/apache/custos/credential/store/service/CredentialStoreService.java
b/custos-services/custos-core-services/credential-store-core-service/src/main/java/org/apache/custos/credential/store/service/CredentialStoreService.java
index df03e022d..7de55af12 100644
---
a/custos-services/custos-core-services/credential-store-core-service/src/main/java/org/apache/custos/credential/store/service/CredentialStoreService.java
+++
b/custos-services/custos-core-services/credential-store-core-service/src/main/java/org/apache/custos/credential/store/service/CredentialStoreService.java
@@ -76,6 +76,7 @@ public class CredentialStoreService extends
CredentialStoreServiceImplBase {
+ request.getId() + " Secret " + request.getSecret());
String path = BASE_PATH + request.getOwnerId() + "/" +
request.getType().name();
Credential credential = new Credential(request.getId(),
request.getSecret());
+ credential.setSuperTenant(request.getSuperTenant());
vaultTemplate.write(path, credential);
VaultResponseSupport<Credential> response =
vaultTemplate.read(path, Credential.class);
if (response != null && response.getData() != null &&
response.getData().getId() != null) {
@@ -328,9 +329,9 @@ public class CredentialStoreService extends
CredentialStoreServiceImplBase {
} catch (Exception ex) {
- String msg = " operation failed for " + request.getOwnerId();
- LOGGER.error(msg);
-
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ String msg = " Credential generation failed for tenant " +
request.getOwnerId();
+ LOGGER.error(msg,ex);
+
responseObserver.onError(Status.INTERNAL.withDescription(msg).withCause(ex).asRuntimeException());
}
}
diff --git
a/custos-services/custos-core-services/credential-store-core-service/src/main/proto/CredentialStoreService.proto
b/custos-services/custos-core-services/credential-store-core-service/src/main/proto/CredentialStoreService.proto
index 691df794a..1aa4397dd 100644
---
a/custos-services/custos-core-services/credential-store-core-service/src/main/proto/CredentialStoreService.proto
+++
b/custos-services/custos-core-services/credential-store-core-service/src/main/proto/CredentialStoreService.proto
@@ -87,6 +87,7 @@ message GetOperationsMetadataResponse {
message GetNewCustosCredentialRequest {
int64 owner_id = 1;
string performed_by = 2;
+ bool is_super_tenant=3;
}
message GetNewCustosCredentialResponse {
diff --git
a/custos-services/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
b/custos-services/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
index 7fa07ab93..53d71ea3e 100644
---
a/custos-services/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
+++
b/custos-services/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
@@ -91,8 +91,6 @@ public class KeycloakClient {
@Value("${iam.federated.cilogon.jwksUri:https://cilogon.org/oauth2/certs}";)
private String jwksUri;
- @Value("${spring.profiles.active}")
- private String activeProfile;
public void createRealm(String realmId, String displayName) {
Keycloak client = null;
diff --git
a/custos-services/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/auth/KeycloakAuthClient.java
b/custos-services/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/auth/KeycloakAuthClient.java
index 6f8472905..209320e1c 100644
---
a/custos-services/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/auth/KeycloakAuthClient.java
+++
b/custos-services/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/auth/KeycloakAuthClient.java
@@ -167,6 +167,7 @@ public class KeycloakAuthClient {
String realmId) {
try {
String tokenURL = getTokenEndpoint(realmId);
+ LOGGER.info("token url:"+ tokenURL);
JSONObject clientCredentials = getClientCredentials(tokenURL,
clientId, clientSecret);
return clientCredentials.getString("access_token");
} catch (Exception e) {
diff --git
a/custos-services/custos-integration-services-server/src/main/resources/application.properties
b/custos-services/custos-integration-services-server/src/main/resources/application.properties
index d10dbbc70..96502189d 100644
---
a/custos-services/custos-integration-services-server/src/main/resources/application.properties
+++
b/custos-services/custos-integration-services-server/src/main/resources/application.properties
@@ -28,12 +28,12 @@ spring.application.name=custos-integrations-services-server
#management.endpoint.metrics.enabled=true
#spring.jmx.enabled=true
-spring.profiles.active=dev
+spring.profiles.active=local
logging.level.root=INFO
scim.user.schema.location=/home/ubuntu/custos_user_schema_extention.json
core.services.server.port=7001
-core.services.server.hostname=host.internal.docker
-iam.server.url=https://host.internal.docker:8443/auth/
-tenant.base.uri=http://host.internal.docker/apiserver/tenant-management/v1.0.0/oauth2/tenant
+core.services.server.hostname=host.docker.internal
+iam.server.url=https://host.docker.internal/auth/
+tenant.base.uri=http://host.docker.internal/apiserver/tenant-management/v1.0.0/oauth2/tenant
diff --git
a/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/interceptors/TenantManagementSuperTenantRestrictedOperationsInterceptorImpl.java
b/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/interceptors/TenantManagementSuperTenantRestrictedOperationsInterceptorImpl.java
index 25f01263c..f495369b6 100644
---
a/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/interceptors/TenantManagementSuperTenantRestrictedOperationsInterceptorImpl.java
+++
b/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/interceptors/TenantManagementSuperTenantRestrictedOperationsInterceptorImpl.java
@@ -27,6 +27,8 @@ import
org.apache.custos.integration.services.commons.interceptors.AuthIntercept
import org.apache.custos.integration.services.commons.model.AuthClaim;
import org.apache.custos.tenant.management.service.Credentials;
import org.apache.custos.tenant.profile.client.async.TenantProfileClient;
+import org.apache.custos.tenant.profile.service.GetAllTenantsResponse;
+import org.apache.custos.tenant.profile.service.GetTenantsRequest;
import org.apache.custos.tenant.profile.service.UpdateStatusRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -40,19 +42,28 @@ public class
TenantManagementSuperTenantRestrictedOperationsInterceptorImpl exte
private static final Logger LOGGER =
LoggerFactory.getLogger(TenantManagementSuperTenantRestrictedOperationsInterceptorImpl.class);
private CredentialStoreServiceClient credentialStoreServiceClient;
+ TenantProfileClient tenantProfileClient;
public
TenantManagementSuperTenantRestrictedOperationsInterceptorImpl(CredentialStoreServiceClient
credentialStoreServiceClient,
TenantProfileClient tenantProfileClient, IdentityClient identityClient) {
super(credentialStoreServiceClient, tenantProfileClient,
identityClient);
this.credentialStoreServiceClient = credentialStoreServiceClient;
+ this.tenantProfileClient = tenantProfileClient;
}
@Override
public <ReqT> ReqT intercept(String method, Metadata headers, ReqT msg) {
if (method.equals("updateTenantStatus")) {
- if (!((UpdateStatusRequest) msg).getSuperTenant()) {
+ if (((UpdateStatusRequest) msg).getSuperTenant()) {
+ GetTenantsRequest allTenants =
GetTenantsRequest.newBuilder().setOffset(0).setLimit(2).build();
+ GetAllTenantsResponse tenantsResponse =
tenantProfileClient.getAllTenants(allTenants);
+ if (tenantsResponse.getTenantList().size() > 1) {
+ throw new UnAuthorizedException("Request is not
authorized, You have more than one tenant registered with the system " +
+ " and super tenant should be the first tenant,
please clean up the databases", null);
+ }
+ } else {
Optional<AuthClaim> claim = null;
String token = getToken(headers);
try {
@@ -90,7 +101,7 @@ public class
TenantManagementSuperTenantRestrictedOperationsInterceptorImpl exte
LOGGER.error(" Authorizing error " + ex.getMessage());
throw new UnAuthorizedException("Request is not authorized",
ex);
}
- if (claim == null || claim.isEmpty()||
!claim.get().isSuperTenant()) {
+ if (claim == null || claim.isEmpty() ||
!claim.get().isSuperTenant()) {
throw new UnAuthorizedException("Request is not authorized",
null);
}
diff --git
a/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/service/TenantManagementService.java
b/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/service/TenantManagementService.java
index 39ba845d5..08f30fdf5 100644
---
a/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/service/TenantManagementService.java
+++
b/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/service/TenantManagementService.java
@@ -92,6 +92,8 @@ public class TenantManagementService extends
TenantManagementServiceImplBase {
private MessagingClient messagingClient;
+
+
@Override
public void createTenant(Tenant request,
StreamObserver<CreateTenantResponse> responseObserver) {
try {
@@ -101,7 +103,9 @@ public class TenantManagementService extends
TenantManagementServiceImplBase {
long tenantId = response.getTenantId();
- GetNewCustosCredentialRequest req =
GetNewCustosCredentialRequest.newBuilder().setOwnerId(tenantId).build();
+ GetNewCustosCredentialRequest req =
GetNewCustosCredentialRequest.newBuilder()
+ .setOwnerId(tenantId)
+ .build();
CredentialMetadata resp =
credentialStoreServiceClient.getNewCustosCredentials(req);
@@ -636,6 +640,12 @@ public class TenantManagementService extends
TenantManagementServiceImplBase {
CredentialMetadata metadata =
credentialStoreServiceClient.getCustosCredentialFromClientId(credentialRequest);
if (metadata != null) {
+
+ if (request.getSuperTenant()) {
+ metadata =
metadata.toBuilder().setSuperTenant(true).build();
+ credentialStoreServiceClient.putCredential(metadata);
+ }
+
request =
request.toBuilder().setTenantId(metadata.getOwnerId()).build();
UpdateStatusResponse response =
profileClient.updateTenantStatus(request);
@@ -644,6 +654,7 @@ public class TenantManagementService extends
TenantManagementServiceImplBase {
Context ctx = Context.current().fork();
// Set ctx as the current context within the Runnable
UpdateStatusRequest finalRequest = request;
+ CredentialMetadata finalMetadata = metadata;
ctx.run(() -> {
ServiceCallback callback = new ServiceCallback() {
@Override
@@ -651,7 +662,7 @@ public class TenantManagementService extends
TenantManagementServiceImplBase {
org.apache.custos.tenant.profile.service.GetTenantRequest tenantRequest =
org.apache.custos.tenant.profile.service.GetTenantRequest
.newBuilder()
-
.setTenantId(metadata.getOwnerId())
+
.setTenantId(finalMetadata.getOwnerId())
.build();
org.apache.custos.tenant.profile.service.GetTenantResponse tenantResponse =
@@ -659,7 +670,7 @@ public class TenantManagementService extends
TenantManagementServiceImplBase {
Tenant savedTenant =
tenantResponse.getTenant();
GetCredentialRequest credentialRequest =
GetCredentialRequest.newBuilder()
- .setOwnerId(metadata.getOwnerId())
+ .setOwnerId(finalMetadata.getOwnerId())
.setType(Type.IAM)
.build();
@@ -669,7 +680,7 @@ public class TenantManagementService extends
TenantManagementServiceImplBase {
.newBuilder()
.setClientId(iamMeta.getId())
.setClientSecret(iamMeta.getSecret())
- .setTenantId(metadata.getOwnerId())
+
.setTenantId(finalMetadata.getOwnerId())
.build();
AuthToken token =
identityClient.getUserManagementSATokenRequest(userManagementSATokenRequest);
@@ -748,9 +759,9 @@ public class TenantManagementService extends
TenantManagementServiceImplBase {
}
} catch (Exception ex) {
- String msg = "Tenant update task failed for tenant " +
request.getTenantId() + ex.getMessage();
- LOGGER.error(msg);
-
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ String msg = "Tenant update task failed for tenant " +
request.getTenantId();
+ LOGGER.error(msg,ex);
+
responseObserver.onError(Status.INTERNAL.withDescription(msg).withCause(ex).asRuntimeException());
}
}
diff --git
a/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java
b/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java
index 04486d6ca..356d1887e 100644
---
a/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java
+++
b/custos-services/custos-integration-services/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java
@@ -44,6 +44,7 @@ import org.apache.custos.tenant.profile.service.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
@@ -71,6 +72,9 @@ public class TenantActivationTask<T, U> extends
ServiceTaskImpl<T, U> {
@Autowired
private SharingClient sharingClient;
+ @Value("${spring.profiles.active}")
+ private String activeProfile;
+
@Override
public void invokeService(T data) {
@@ -153,6 +157,7 @@ public class TenantActivationTask<T, U> extends
ServiceTaskImpl<T, U> {
CredentialMetadata metadata =
credentialStoreServiceClient.getCredential(getCreRe);
+
SetUpTenantRequest setUpTenantRequest = SetUpTenantRequest
.newBuilder()
.setTenantId(tenant.getTenantId())
@@ -222,31 +227,34 @@ public class TenantActivationTask<T, U> extends
ServiceTaskImpl<T, U> {
if (!update) {
- RegisterClientResponse registerClientResponse =
federatedAuthenticationClient
- .addClient(clientMetadataBuilder.build());
+ // skip CILOGON client creation for local development
+ if (!activeProfile.equalsIgnoreCase("local")) {
+ RegisterClientResponse registerClientResponse =
federatedAuthenticationClient
+ .addClient(clientMetadataBuilder.build());
- CredentialMetadata credentialMetadataCILogon = CredentialMetadata
- .newBuilder()
- .setId(registerClientResponse.getClientId())
- .setSecret(registerClientResponse.getClientSecret())
- .setOwnerId(tenant.getTenantId())
- .setType(Type.CILOGON)
- .build();
+ CredentialMetadata credentialMetadataCILogon =
CredentialMetadata
+ .newBuilder()
+ .setId(registerClientResponse.getClientId())
+ .setSecret(registerClientResponse.getClientSecret())
+ .setOwnerId(tenant.getTenantId())
+ .setType(Type.CILOGON)
+ .build();
-
credentialStoreServiceClient.putCredential(credentialMetadataCILogon);
+
credentialStoreServiceClient.putCredential(credentialMetadataCILogon);
- ConfigureFederateIDPRequest request = ConfigureFederateIDPRequest
- .newBuilder()
- .setTenantId(tenant.getTenantId())
- .setClientID(registerClientResponse.getClientId())
- .setClientSec(registerClientResponse.getClientSecret())
- .setScope(tenant.getScope())
- .setRequesterEmail(tenant.getRequesterEmail())
- .setType(FederatedIDPs.CILOGON)
- .build();
- iamAdminServiceClient.configureFederatedIDP(request);
+ ConfigureFederateIDPRequest request =
ConfigureFederateIDPRequest
+ .newBuilder()
+ .setTenantId(tenant.getTenantId())
+ .setClientID(registerClientResponse.getClientId())
+ .setClientSec(registerClientResponse.getClientSecret())
+ .setScope(tenant.getScope())
+ .setRequesterEmail(tenant.getRequesterEmail())
+ .setType(FederatedIDPs.CILOGON)
+ .build();
+ iamAdminServiceClient.configureFederatedIDP(request);
+ }
PermissionType permissionType = PermissionType
.newBuilder()
diff --git a/custos-utilities/custos-bootstrap-service/pom.xml
b/custos-utilities/custos-bootstrap-service/pom.xml
new file mode 100644
index 000000000..46237a042
--- /dev/null
+++ b/custos-utilities/custos-bootstrap-service/pom.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+ <parent>
+ <artifactId>custos</artifactId>
+ <groupId>org.apache.custos</groupId>
+ <version>1.1-SNAPSHOT</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>custos-bootstrap-service</artifactId>
+
+ <properties>
+ <maven.compiler.source>11</maven.compiler.source>
+ <maven.compiler.target>11</maven.compiler.target>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.custos</groupId>
+ <artifactId>custos-java-sdk</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.custos</groupId>
+ <artifactId>tenant-management-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-web</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-actuator</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-maven-plugin</artifactId>
+ <version>${spring.boot.version}</version>
+ <executions>
+ <execution>
+ <id>container</id>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
\ No newline at end of file
diff --git
a/custos-utilities/custos-bootstrap-service/src/main/java/CustosBootstrapService.java
b/custos-utilities/custos-bootstrap-service/src/main/java/CustosBootstrapService.java
new file mode 100644
index 000000000..591531a3d
--- /dev/null
+++
b/custos-utilities/custos-bootstrap-service/src/main/java/CustosBootstrapService.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.custos.integration.core.utils.Constants;
+import org.apache.custos.tenant.management.service.CreateTenantResponse;
+import org.apache.custos.tenant.manamgement.client.SuperAdminOperationsClient;
+import org.apache.custos.tenant.manamgement.client.TenantManagementClient;
+import org.apache.custos.tenant.profile.service.TenantStatus;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+import java.io.IOException;
+
+@SpringBootApplication
+public class CustosBootstrapService {
+ public static void main(String[] args) throws IOException {
+
+ TenantManagementClient tenantManagementClient = new
TenantManagementClient("localhost", 7000);
+ CreateTenantResponse response =
tenantManagementClient.registerTenant("Custos Super Tenant",
+ "[email protected]",
+ "Custos",
+ "Admin",
+ "[email protected]",
+ "custosAdmin",
+ "1234",
+ new String[]{"[email protected]"},
+ new String[]{"http://localhost:8080/callback"},
+ "http://localhost:8080/";,
+ "openid email profile cilogon",
+ "localhost",
+ "http://localhost:8080/";,
+ "This is custos bootstrapping client");
+
+ SuperAdminOperationsClient adminOperationsClient = new
SuperAdminOperationsClient("localhost", 7000);
+ adminOperationsClient.updateTenantStatus(response.getClientId(),
TenantStatus.ACTIVE, true,
+ Constants.SYSTEM);
+ System.out.println("Super Tenant Activate Successfully");
+ System.out.println("Client Id :" + response.getClientId() + " Client
Secret :" + response.getClientSecret());
+
+ }
+}
diff --git a/custos-utilities/ide-integration/src/main/containers/Dockerfile
b/custos-utilities/ide-integration/src/main/containers/Dockerfile
new file mode 100644
index 000000000..97fc3de84
--- /dev/null
+++ b/custos-utilities/ide-integration/src/main/containers/Dockerfile
@@ -0,0 +1,5 @@
+FROM nginx:stable-alpine
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY certificate.pem /etc/nginx/certificate.pem
+COPY key.pem /etc/nginx/key.pem
+EXPOSE 443
\ No newline at end of file
diff --git
a/custos-utilities/ide-integration/src/main/containers/certificate.p12
b/custos-utilities/ide-integration/src/main/containers/certificate.p12
new file mode 100644
index 000000000..018465773
Binary files /dev/null and
b/custos-utilities/ide-integration/src/main/containers/certificate.p12 differ
diff --git
a/custos-utilities/ide-integration/src/main/containers/certificate.pem
b/custos-utilities/ide-integration/src/main/containers/certificate.pem
new file mode 100644
index 000000000..b2bbc377f
--- /dev/null
+++ b/custos-utilities/ide-integration/src/main/containers/certificate.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmoCCQDSOJh+6TvLyDANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgMAklOMQswCQYDVQQHDAJCTDELMAkGA1UECgwCSVUxDTALBgNV
+BAsMBENJUkMxHTAbBgNVBAMMFGhvc3QuZG9ja2VyLmludGVybmFsMR4wHAYJKoZI
+hvcNAQkBFg9pc2phcmFuYUBpdS5lZHUwHhcNMjMwMzE0MTYyNzQ5WhcNMjQwMzEz
+MTYyNzQ5WjCBgjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAklOMQswCQYDVQQHDAJC
+TDELMAkGA1UECgwCSVUxDTALBgNVBAsMBENJUkMxHTAbBgNVBAMMFGhvc3QuZG9j
+a2VyLmludGVybmFsMR4wHAYJKoZIhvcNAQkBFg9pc2phcmFuYUBpdS5lZHUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNDaDmq84IDozaaHPbM/9oJaSt
+sN62GpvvLgfZEZJRZczcEuzf4UUkacmVC/DQfideMyo+gtQRGGhXjDUduD4Wt3Oo
+8PeYsJCzH3IhWABZZZMcI1gCZvP7F401VhzRN3QuOaCnz+Yt4ukJj8vT1Hdt/BpN
+UnCUOZBOg6RifAuSEcI7r/cPCY+Zp4tsqN2gpOiI928XPh43UnjzURwYIg6KWYVc
+7z2fmbBeDjNmqcKKKm2UXXdehVjDuQ4coNstDTTM3InhcA3RB0xlYfE4uhzP4Q3J
+93I9erwEterhn8Ad/QznDhLFKVD6hlZa5Xx2W4SDXm/hWAC/4WIuDjEz0ekNAgMB
+AAEwDQYJKoZIhvcNAQELBQADggEBAGueGbU925PbqZeYXu4Q9aGvNvYrx5mv7NRo
++yDoroEP6qcrTUl4lBjzTvscfSATHGE0tTI0h0drKCK9xb5uwS4refhTdzhOj/tL
+MSnAPGiFgOc/mFBhQDSdYWQ2UzO2sXmke4MqqTb0BUP0vCAxu9We2Mn7s52B2Vhl
+AK9oZ02cC+zERHkRnTpEqhKOHbDhBtpKSzE35V5yzX4Y1tli30DkpRJytQJ9x9XH
+PA3gwBT8QCPYyD6rkJLwLWwUK6ar0Bf1UAeTxRA/LW1gi/54q0T+8AynvSCL7U53
+ESELBJVuHGolu5f+K+cOEpPiGenFy9qFkLVYRli/CE7OCYL31bg=
+-----END CERTIFICATE-----
diff --git
a/custos-utilities/ide-integration/src/main/containers/docker-compose.yml
b/custos-utilities/ide-integration/src/main/containers/docker-compose.yml
index 4b607ba24..6ba7126e9 100644
--- a/custos-utilities/ide-integration/src/main/containers/docker-compose.yml
+++ b/custos-utilities/ide-integration/src/main/containers/docker-compose.yml
@@ -3,14 +3,15 @@ services:
keycloak:
image: quay.io/keycloak/keycloak:9.0.2
ports:
- - "8443:8443"
+ - "8080:8080"
environment:
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
- KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/test/certs/localhostcert.pem
- KC_HTTPS_CERTIFICATE_KEY_FILE:
/opt/keycloak/test/certs/localhostkey.pem
- volumes:
- - ./keycloak:/opt/keycloak/test/certs
+ PROXY_ADDRESS_FORWARDING: 'true'
+ nginx:
+ image: apachecustos/keycloak-nginx:latest
+ ports:
+ - "443:443"
vault:
image: vault:1.7.0
container_name: vault
@@ -36,6 +37,8 @@ services:
image: apachecustos/custos-rest-proxy:latest
container_name: rest-proxy
restart: on-failure:10
+ depends_on:
+ - custos_integration_services_server
ports:
- "10000:50000"
my_sql_local:
@@ -59,6 +62,10 @@ services:
container_name: custos_core_server
image: apachecustos/custos-core-services-server:1.1-SNAPSHOT
restart: always
+ depends_on:
+ - keycloak
+ - vault
+ - my_sql_local
ports:
- "7001:7001"
- "9001:9001"
@@ -67,6 +74,8 @@ services:
container_name: custos_integration_server
image: apachecustos/custos-integration-services-server:1.1-SNAPSHOT
restart: always
+ depends_on:
+ - custos_core_services_server
ports:
- "7000:7000"
- "9000:9000"
diff --git a/custos-utilities/ide-integration/src/main/containers/key.pem
b/custos-utilities/ide-integration/src/main/containers/key.pem
new file mode 100644
index 000000000..2bf156a6a
--- /dev/null
+++ b/custos-utilities/ide-integration/src/main/containers/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNDaDmq84IDoza
+aHPbM/9oJaStsN62GpvvLgfZEZJRZczcEuzf4UUkacmVC/DQfideMyo+gtQRGGhX
+jDUduD4Wt3Oo8PeYsJCzH3IhWABZZZMcI1gCZvP7F401VhzRN3QuOaCnz+Yt4ukJ
+j8vT1Hdt/BpNUnCUOZBOg6RifAuSEcI7r/cPCY+Zp4tsqN2gpOiI928XPh43Unjz
+URwYIg6KWYVc7z2fmbBeDjNmqcKKKm2UXXdehVjDuQ4coNstDTTM3InhcA3RB0xl
+YfE4uhzP4Q3J93I9erwEterhn8Ad/QznDhLFKVD6hlZa5Xx2W4SDXm/hWAC/4WIu
+DjEz0ekNAgMBAAECggEAEtxKDG2JCdysv/oTjfn+aAnuV7uJAJ758Mn/Fswy9SGz
+8hobh4wk2/CPBhKPF95CqLt0C0PlVZ01G7hduloT++rrzII9g+HZrWAbE04Q2igp
+m9D0a2Qk1NeZuWouRGAhY48RY94PgfD5FlQPn3BPe+JQWQRYLooM5+vb1uMp/UlS
+sy6PzGwKfjyw+oHhquguJ+EewV22/EjCkx0QpCduFb8LzZsI6nUwmuSavN2wGzMP
+vS8mUMWonBM4jqXTQfOjy1acYb2RMQHwSzu6JQUpc6So4/tlO/UnrXRlx3rkqpi/
+3PCmSEN2QYVBM9cAa2a4acdGuJUZx73enqkG8LS7gQKBgQDto59zInHj8K1q0sCO
+7NDPpYhahI/cYGRMNHi1c0IhOLt/kzr+s+twdsW0VmSifeKPiL0Y62XSk16oT5zM
+YNLl3a6gPRTIxMhNaz9UnYQ/1Ge6uCzOfcnrAfBz9LsO0h6dD/gI+8B6s3OdmBZ9
+2oxjlFZ3yskG/vdlVqGYCWjxhQKBgQDc5XkzcnW96OJg2PqleXu3t86bhGQtXquh
+9r/HlxyllQJaMAR9M3Kp5rjiNR1VWcdRYR7GwW+lXz7Z6k2IRGAdttlTzF0vBlZi
+Ijl8d+f0uwCFfqspTBMwXoAExnkn+Zb8QRDOH0qpjx7WRcXPc5Xjloo9vg/PP9Mf
+0CJ3HgXr6QKBgEbS2RarUV4pwMVxgkoWcjUwlG7Fy0pWwA2mJcOOUkssaVUgQBjg
+7m5aN5oDlYKIGhnFGvZuUa5slW18LLMMuE4hv4WqLqOXYksQh5NkTqHnX/LaKSBx
+hNgxf8RPT+Ce5tjQhY/H2Bm5md+CEFH57JVRBGQ3X6piGsFtDEQPqeMxAoGAYgeE
+TgyRrAHZ1Nj2AtFy0glEK0gJnQjSakIywcSR9fm23YdJtrZKQJQfoGOp7OK2zaqo
+GdRmU6F9JwAQAFU3wngO4l1jTScm1s4RbOdZjQYgKR4Zn24fZevKLFRYGCFvm+rU
+JmVEoRLewICeVH4bGrEIEHZ0VakhbJDVer9cKWECgYAcg49642dXeIHBc70gnifr
++b7SrTCKfAPPMz5RvL8DEUBlpinRrui/K8BjQVdR1EmEGJLToTFVR1MALbPU3xro
+DBQowM5znkAU8yCrkuQhhnfhnf5dWPeV9zo6N6dmuYVSmPc2CNpY4BZgK1QE2Mwo
+Pc6lacT8N//gQsLXQtnYPA==
+-----END PRIVATE KEY-----
diff --git
a/custos-utilities/ide-integration/src/main/containers/keycloak/keystore.pkcs12
b/custos-utilities/ide-integration/src/main/containers/keycloak/keystore.pkcs12
deleted file mode 100644
index ca8c7966e..000000000
Binary files
a/custos-utilities/ide-integration/src/main/containers/keycloak/keystore.pkcs12
and /dev/null differ
diff --git
a/custos-utilities/ide-integration/src/main/containers/keycloak/localhostcert.pem
b/custos-utilities/ide-integration/src/main/containers/keycloak/localhostcert.pem
deleted file mode 100644
index 2a4a3559e..000000000
---
a/custos-utilities/ide-integration/src/main/containers/keycloak/localhostcert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5TCCAc2gAwIBAgIJAN8y4RY2vX9uMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
-BAMMCWxvY2FsaG9zdDAeFw0yMzAxMTAyMDE1MzlaFw0yMzAyMDkyMDE1MzlaMBQx
-EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAM9ghL5qGSgoG/w+KaP5VM5B7vXjyT1f0V0FcletwIYwSNwuEvdRve63i6OE
-hrUnjA5iNDhnaJMcNfQGUPsMSfXAtz20FGTTkf3oToMWQVFuas67QhgaN037z2jq
-Bo2TKyTgL7Ek0uspVvRdp4rBY/pIizzFmFeHaT2wKjGlHy/wAbEYXP+M3u6AGOD2
-r4VOPf84f8At6n9fKcHTXtTOdx3c/XXunV/AqFQnsHkiqJ+qCzdtHSgzbrPJXp92
-wDrfyNKvD+VTOZGvvyeuGRNGxYGgkjJunGIlCgwUP5KpnpUwhAZu6K08C/0fWEEg
-I/vqIAY2kcyd5b5U1o80e9oKYlcCAwEAAaM6MDgwFAYDVR0RBA0wC4IJbG9jYWxo
-b3N0MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B
-AQsFAAOCAQEARa+1Z536iIddY45wVWi7rFgODi4oy6N99aOga6L3Oq4f77b93+IX
-G+sxCoODMOip6NAkhPSKNDOT61SOIf7PtMBYbhkLTMjhfo91Ascl7zYGW7/vV8gi
-18z8SzjgfqcEzuPHPaCQThcE36ONDWfS4QuWaswpSc6Yo0nzMySG01p8985prThV
-Rcx0W446WjYTgtdclVu79cM8+Y2821ALYaAdbnMDP3xz6OxrhQQAMvwA1WMG3EfA
-tPRIN4NCXG2UqMeC8U/gOYdgj8UUlIpkbUGFKL2B76sQA9YZTWWsC8hiyaH7Tj/U
-e8Vc1czyN1fQq9IhUKpnEyWPVIDxoAkmZA==
------END CERTIFICATE-----
diff --git
a/custos-utilities/ide-integration/src/main/containers/keycloak/localhostkey.pem
b/custos-utilities/ide-integration/src/main/containers/keycloak/localhostkey.pem
deleted file mode 100644
index 9e385a083..000000000
---
a/custos-utilities/ide-integration/src/main/containers/keycloak/localhostkey.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDPYIS+ahkoKBv8
-Pimj+VTOQe7148k9X9FdBXJXrcCGMEjcLhL3Ub3ut4ujhIa1J4wOYjQ4Z2iTHDX0
-BlD7DEn1wLc9tBRk05H96E6DFkFRbmrOu0IYGjdN+89o6gaNkysk4C+xJNLrKVb0
-XaeKwWP6SIs8xZhXh2k9sCoxpR8v8AGxGFz/jN7ugBjg9q+FTj3/OH/ALep/XynB
-017Uzncd3P117p1fwKhUJ7B5Iqifqgs3bR0oM26zyV6fdsA638jSrw/lUzmRr78n
-rhkTRsWBoJIybpxiJQoMFD+SqZ6VMIQGbuitPAv9H1hBICP76iAGNpHMneW+VNaP
-NHvaCmJXAgMBAAECggEBAL0xIynNBfJ61T1FQRwVxmb+BBJUpC3YEtu4sl6HaBOE
-TZSCfE8iRhNZZI3jxDnVQJOGyHmE7gT4QcjFUnAXAAqyrPogJlLuKkzo+Wfij+jI
-waylbmEq2bXNu6XNi/jxgPT9isUkAUEF0AzUvJt8X8fhExZ4dsm0AjGDXJs6N7+0
-pD6Pc/cZTy2H4gOvd+bVmPlifHsuhfIgBjfP9WWE6ETDEYo3o64C6GoPXSSgCBD/
-Ucp1ZAvDriOz9FRwbC6qUKhSowRhESa2YmrkPfI5mlWUPtFSsa8JaZHIaufQ7aD7
-SpBBZBwqN3a6aSpErzvAJvAJUPwSP75kG1P0CsbOC3ECgYEA71IvEpjuXXwc96oW
-yTyfH0qHtVtHMPyF7Tdve7dihJ3MQbpZ7vD+LA72ug8zfgToox3brebi+NKIo4qS
-RVxolXAerX3qdIxl7IDmSwFnVDIFhtJe11nAsJpYUXOKS/bQSUa1B2AgYlpzq8Ky
-QhDD7butmZS/MRNmgEAFMcKbarsCgYEA3dRo4bHpLS4oqVR2idVLsTYROyptPaPg
-m6dm40ERxJxlRw1dJhbWdjhu0Zd11qvQ9Eg5eFyOKwWp41YFkxByj/OcvnsWXe/A
-7v/Grfj5AG7Xk6UcD+/p0rIPy9VF63/t7a5eVAaUS6YsbG3Kl0mYteiJFco6ihaU
-uS5UfDwQUxUCgYEA4ZRnxnHcjMXGUDRFEh5QJqCL1ohZTHVaj8TnEohDFpnexD2x
-M6Z5DnJ0YeCeOrTJy6cDQKIXY06fePfO9A4sjl+GqyW672y/TfQaHq0OBrC3wONe
-fkKdfFmf0fbEbuIQZmF9lZwoKkz0Jvx4JgnDhLyY3+DzboDI5y5xNvwmnq0CgYBT
-pSyHLhbGuokKkJbCEnOgNsr4jF70xz6CcvUQ7BBPGsn1qMxe+G2V1mGzFnGQqOj5
-s+I3yG6zOkd9OYqQkbshHLMWAEPG2AjgFgJMx3zc9O7E9ZVHTSfWEt5x9dGPo4WM
-Ahv/gxuYCujlWeDyewXiUfSfCspYF3us+BNTZTKioQKBgAeD+wSQi7TC81So53gx
-RTfzBAgzpXRlYdY0yFtsxZspW5gwoZKPLnRqjJAzFYbb3117+baxCB8V3vTjc+NA
-zdQQqbWvgiwMwLSBZOGPM8Ifl9H5m1vUjbJu8+d8AMkXrt3mOBccRaSLpOPM5m7x
-jpHwHbGRbReRWqdZFszE37GU
------END PRIVATE KEY-----
diff --git a/custos-utilities/ide-integration/src/main/containers/nginx.conf
b/custos-utilities/ide-integration/src/main/containers/nginx.conf
new file mode 100644
index 000000000..4747e5ed6
--- /dev/null
+++ b/custos-utilities/ide-integration/src/main/containers/nginx.conf
@@ -0,0 +1,32 @@
+upstream keycloak {
+ server host.docker.internal:8080;
+}
+
+server {
+ listen 443 ssl;
+
+ # The host name to respond to
+ server_name host.docker.internal;
+ ssl_certificate /etc/nginx/certificate.pem;
+ ssl_certificate_key /etc/nginx/key.pem;
+ ssl_prefer_server_ciphers on;
+
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Allow_Credentials' 'true';
+ add_header 'Access-Control-Allow-Headers' 'Authorization,authorization,
Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,user-token';
+ add_header 'Access-Control-Allow-Methods'
'GET,POST,OPTIONS,PUT,DELETE,PATCH';
+ rewrite_log on;
+ error_log /var/log/nginx/error.log;
+
+ location /auth {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Forwarded-Host $server_name;
+ proxy_pass http://keycloak;
+ add_header Strict-Transport-Security "max-age=31536000" always;
+ add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
+}
+
+}
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 529f89f1a..f5d6cb477 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,6 +41,7 @@
<module>custos-services</module>
<module>custos-core</module>
<module>custos-utilities/ide-integration</module>
+ <module>custos-utilities/custos-bootstrap-service</module>
</modules>
<dependencyManagement>
