[MOSIP-37447] restructured postgres

deploy/esignet-apitestrig/README.md

@@ -0,0 +1,44 @@
+# APITESTRIG
+
+## Introduction
+ApiTestRig will test the working of APIs of the MOSIP modules.
+
+## Install
+* Review `values.yaml` and, Make sure to enable required modules for apitestrig operation.
+* Install
+```sh
+./install.sh
+```
+* During the execution of the `install.sh` script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
+* If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process.
+* The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file.
+* This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.
+
+## Uninstall
+* To uninstall ApiTestRig, run `delete.sh` script.
+```sh
+./delete.sh 
+```
+
+## Run apitestrig manually
+
+#### Rancher UI
+* Run apitestrig manually via Rancher UI.
+  ![apitestrig-2.png](../../docs/apitestrig-2.png)
+* There are two modes of apitestrig `smoke` & `smokeAndRegression`.
+* By default, apitestrig will execute with `smokeAndRegression`. <br>
+  If you want to run apitestrig with only `smoke`. <br>
+  You have to update the `apitestrig` configmap and rerun the specific apitestrig job.
+
+#### CLI
+* Download Kubernetes cluster `kubeconfig` file from `rancher dashboard` to your local.
+  ![apitestrig-1.png](../../docs/apitestrig-1.png)
+* Install `kubectl` package to your local machine.
+* Run apitestrig manually via CLI by creating a new job from an existing k8s cronjob.
+  ```
+  kubectl --kubeconfig=<k8s-config-file> -n apitestrig create job --from=cronjob/<cronjob-name> <job-name>
+  ```
+  example:
+  ```
+  kubectl --kubeconfig=/home/xxx/Downloads/qa4.config -n apitestrig create job --from=cronjob/cronjob-apitestrig-masterdata cronjob-apitestrig-masterdata
+  ```

deploy/esignet-apitestrig/delete.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Uninstalls apitestrig
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function deleting_apitestrig() {
+  NS=esignet
+  while true; do
+      read -p "Are you sure you want to delete apitestrig helm charts?(Y/n) " yn
+      if [ $yn = "Y" ]
+        then
+          helm -n $NS delete esignet-apitestrig
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+deleting_apitestrig   # calling function

deploy/esignet-apitestrig/install.sh

@@ -0,0 +1,181 @@
+#!/bin/bash
+# Installs apitestrig
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=esignet
+CHART_VERSION=1.5.0-develop
+COPY_UTIL=../copy_cm_func.sh
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+function installing_apitestrig() {
+  echo Istio label
+  kubectl label ns $NS istio-injection=disabled --overwrite
+  helm repo update
+
+  echo Copy Configmaps
+  $COPY_UTIL configmap global default $NS
+  $COPY_UTIL configmap keycloak-host keycloak $NS
+  $COPY_UTIL configmap artifactory-share artifactory $NS
+  $COPY_UTIL configmap config-server-share config-server $NS
+
+  echo echo Copy Secrtes
+  $COPY_UTIL secret keycloak-client-secrets keycloak $NS
+  $COPY_UTIL secret s3 s3 $NS
+  $COPY_UTIL secret postgres-postgresql postgres $NS
+
+  echo "Delete s3, db, & apitestrig configmap if exists"
+  kubectl -n $NS delete --ignore-not-found=true configmap s3
+  kubectl -n $NS delete --ignore-not-found=true configmap db
+  kubectl -n $NS delete --ignore-not-found=true configmap apitestrig
+
+  DB_HOST=$( kubectl -n default get cm global -o json  |jq -r '.data."mosip-api-internal-host"' )
+  API_INTERNAL_HOST=$( kubectl -n default get cm global -o json  |jq -r '.data."mosip-api-internal-host"' )
+  ENV_USER=$( kubectl -n default get cm global -o json |jq -r '.data."mosip-api-internal-host"' | awk -F '.' '/api-internal/{print $1"."$2}')
+
+  read -p "Please enter the time(hr) to run the cronjob every day (time: 0-23) : " time
+  if [ -z "$time" ]; then
+     echo "ERROT: Time cannot be empty; EXITING;";
+     exit 1;
+  fi
+  if ! [ $time -eq $time ] 2>/dev/null; then
+     echo "ERROR: Time $time is not a number; EXITING;";
+     exit 1;
+  fi
+  if [ $time -gt 23 ] || [ $time -lt 0 ] ; then
+     echo "ERROR: Time should be in range ( 0-23 ); EXITING;";
+     exit 1;
+  fi
+
+  echo "Do you have public domain & valid SSL? (Y/n) "
+  echo "Y: if you have public domain & valid ssl certificate"
+  echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments."
+  read -p "" flag
+
+  if [ -z "$flag" ]; then
+    echo "'flag' was provided; EXITING;"
+    exit 1;
+  fi
+  ENABLE_INSECURE=''
+  if [ "$flag" = "n" ]; then
+    ENABLE_INSECURE='--set enable_insecure=true';
+  fi
+
+  read -p "Please provide the retention days to remove old reports ( Default: 3 )" reportExpirationInDays
+
+  if [[ -z $reportExpirationInDays ]]; then
+    reportExpirationInDays=3
+  fi
+  if ! [[ $reportExpirationInDays =~ ^[0-9]+$ ]]; then
+    echo "The variable \"reportExpirationInDays\" should contain only number; EXITING";
+    exit 1;
+  fi
+
+  read -p "Please provide slack webhook URL to notify server end issues on your slack channel : " slackWebhookUrl
+
+  if [ -z $slackWebhookUrl ]; then
+    echo "slack webhook URL not provided; EXITING;"
+    exit 1;
+  fi
+
+ valid_inputs=("yes" "no")
+ eSignetDeployed=""
+
+ while [[ ! " ${valid_inputs[@]} " =~ " ${eSignetDeployed} " ]]; do
+     read -p "Is the eSignet service deployed? (yes/no): " eSignetDeployed
+     eSignetDeployed=${eSignetDeployed,,}  # Convert input to lowercase
+ done
+
+ if [[ $eSignetDeployed == "yes" ]]; then
+     echo "eSignet service is deployed. Proceeding with installation..."
+ else
+     echo "eSignet service is not deployed. hence will be skipping esignet related test-cases..."
+ fi
+  read -p "Is values.yaml for apitestrig chart set correctly as part of pre-requisites? (Y/n) : " yn;
+  if [[ $yn = "Y" ]] || [[ $yn = "y" ]] ; then
+    NFS_OPTION=''
+    S3_OPTION=''
+    config_complete=false  # flag to check if S3 or NFS is configured
+    while [ "$config_complete" = false ]; do
+      read -p "Do you have S3 details for storing apitestrig reports? (Y/n) : " ans
+      if [[ "$ans" == "y" || "$ans" == "Y" ]]; then
+        read -p "Please provide S3 host: " s3_host
+        if [[ -z $s3_host ]]; then
+          echo "S3 host not provided; EXITING;"
+          exit 1;
+        fi
+        read -p "Please provide S3 region: " s3_region
+        if [[ $s3_region == *[' !@#$%^&*()+']* ]]; then
+          echo "S3 region should not contain spaces or special characters; EXITING;"
+          exit 1;
+        fi
+
+        read -p "Please provide S3 access key: " s3_user_key
+        if [[ -z $s3_user_key ]]; then
+          echo "S3 access key not provided; EXITING;"
+          exit 1;
+        fi
+        S3_OPTION="--set apitestrig.configmaps.s3.s3-host=$s3_host --set apitestrig.configmaps.s3.s3-user-key=$s3_user_key --set apitestrig.configmaps.s3.s3-region=$s3_region"
+        push_reports_to_s3="yes"
+        config_complete=true
+      elif [[ "$ans" == "n" || "$ans" == "N" ]]; then
+        push_reports_to_s3="no"
+        read -p "Since S3 details are not available, do you want to use NFS directory mount for storing reports? (y/n) : " answer
+        if [[ $answer == "Y" ]] || [[ $answer == "y" ]]; then
+          read -p "Please provide NFS Server IP: " nfs_server
+          if [[ -z $nfs_server ]]; then
+            echo "NFS server not provided; EXITING."
+            exit 1;
+          fi
+          read -p "Please provide NFS directory to store reports from NFS server (e.g. /srv/nfs/<sandbox>/apitestrig/), make sure permission is 777 for the folder: " nfs_path
+          if [[ -z $nfs_path ]]; then
+            echo "NFS Path not provided; EXITING."
+            exit 1;
+          fi
+          NFS_OPTION="--set apitestrig.volumes.reports.nfs.server=$nfs_server --set apitestrig.volumes.reports.nfs.path=$nfs_path"
+          config_complete=true
+        else
+          echo "Please rerun the script with either S3 or NFS server details."
+          exit 1;
+        fi
+      else
+        echo "Invalid input. Please respond with Y (yes) or N (no)."
+      fi
+    done
+    echo Installing esignet apitestrig
+    helm -n $NS install esignet-apitestrig mosip/apitestrig \
+    --set crontime="0 $time * * *" \
+    -f values.yaml  \
+    --version $CHART_VERSION \
+    $NFS_OPTION \
+    $S3_OPTION \
+    --set apitestrig.variables.push_reports_to_s3=$push_reports_to_s3 \
+    --set apitestrig.configmaps.db.db-server="$DB_HOST" \
+    --set apitestrig.configmaps.db.db-su-user="postgres" \
+    --set apitestrig.configmaps.db.db-port="5432" \
+    --set apitestrig.configmaps.apitestrig.ENV_USER="$ENV_USER" \
+    --set apitestrig.configmaps.apitestrig.ENV_ENDPOINT="https://$API_INTERNAL_HOST" \
+    --set apitestrig.configmaps.apitestrig.ENV_TESTLEVEL="smokeAndRegression" \
+    --set apitestrig.configmaps.apitestrig.reportExpirationInDays="$reportExpirationInDays" \
+    --set apitestrig.configmaps.apitestrig.slack-webhook-url="$slackWebhookUrl" \
+    --set apitestrig.configmaps.apitestrig.eSignetDeployed="$eSignetDeployed" \
+    --set apitestrig.configmaps.apitestrig.NS="$NS" \
+    $ENABLE_INSECURE
+
+    echo Installed esignet apitestrig.
+    return 0
+  fi  
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+installing_apitestrig   # calling function

deploy/esignet-apitestrig/values.yaml

@@ -0,0 +1,15 @@
+modules:
+  esignet:
+    enabled: true
+    image:
+      repository: mosipqa/apitest-esignet
+      tag: develop
+      pullPolicy: Always
+
+resources:
+  limits:
+    cpu: 300m
+    memory: 500Mi
+  requests:
+    cpu: 300m
+    memory: 500Mi

deploy/postgres/.gitignore

@@ -1,4 +1,4 @@
 db-common-secrets.yaml
-esignet-postgres-postgresql.yaml
+postgres-postgresql.yaml
 postgres-host.yaml
 .*.swp

deploy/postgres/chart/istio-addons/templates/gateway.yaml

@@ -11,4 +11,4 @@ spec:
       name: postgres
       protocol: TCP
     hosts:
-    - {{ .Values.postgresHost }}
+    - {{ .Values.postgresHost }}

deploy/postgres/chart/istio-addons/templates/vs.yaml

@@ -1,7 +1,7 @@
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
-  name: esignet-postgres
+  name: postgres
 spec:
   hosts:
     - "*"
@@ -12,8 +12,7 @@ spec:
     - port: 5432
     route:
     - destination:
-        host: esignet-postgres-postgresql
+        host: postgres-postgresql
         port:
           number: 5432
 
-

deploy/postgres/chart/istio-addons/values.yaml

@@ -1 +1 @@
-postgresHost: esignet-postgres.sandbox.xyz.net
+postgresHost: postgres.sandbox.xyz.net

deploy/postgres/delete.sh

@@ -7,16 +7,16 @@ if [ $# -ge 1 ] ; then
 fi
 
 function deleting_postgres() {
-  NS=esignet
+  NS=postgres
   while true; do
       read -p "CAUTION: PVC, PV will get deleted. If your PV is not in 'Retain' mode all Postgres data will be lost. Are you sure? (Y/n): " yn
       if [ "$yn" = "Y" ] || [ "$yn" = "y" ]; then
           echo "Deleting Postgres resources..."
-          helm -n $NS delete esignet-postgres || echo "Failed to delete esignet-postgres helm release"
+          helm -n $NS delete postgres || echo "Failed to delete postgres helm release"
           helm -n $NS delete istio-addons || echo "Failed to delete istio-addons helm release"
-          kubectl -n $NS delete pvc data-esignet-postgres-postgresql-0 || echo "Failed to delete PVC"
-          helm -n $NS delete esignet-postgres-init || echo "Failed to delete esignet-postgres-init helm release"
-          kubectl -n $NS delete secret esignet-postgres-postgresql || echo "Failed to delete esignet-postgres-init secret"
+          kubectl -n $NS delete pvc data-postgres-postgresql-0 || echo "Failed to delete PVC"
+          helm -n $NS delete postgres-init || echo "Failed to delete postgres-init helm release"
+          kubectl -n $NS delete secret postgres-postgresql || echo "Failed to delete postgres-init secret"
           kubectl -n $NS delete secret db-common-secrets || echo "Failed to delete db-common-secrets secret"
           break
       elif [ "$yn" = "N" ] || [ "$yn" = "n" ]; then

deploy/postgres/generate-secret-cm.py

@@ -73,7 +73,7 @@ def create_or_update_configmap(configmap_name, namespace, postgres_host, postgre
         os.system(f"kubectl create -f {yaml_file} --save-config")
 
 # Main script logic
-namespace = "esignet"
+namespace = "postgres"
 check_namespace(namespace)
 
 # Handle db-dbuser-password secret
@@ -91,7 +91,7 @@ def create_or_update_configmap(configmap_name, namespace, postgres_host, postgre
     create_or_update_secret(db_secret_name, namespace, "db-dbuser-password", password)
 
 # Handle postgres-password secret
-postgres_secret_name = "esignet-postgres-postgresql"
+postgres_secret_name = "postgres-postgresql"
 if secret_exists(postgres_secret_name, namespace):
     overwrite = input(f"Secret '{postgres_secret_name}' already exists in namespace '{namespace}'. Overwrite? (y/n): ")
     if overwrite.lower() == 'y':
@@ -105,7 +105,7 @@ def create_or_update_configmap(configmap_name, namespace, postgres_host, postgre
     create_or_update_secret(postgres_secret_name, namespace, "postgres-password", postgres_password)
 
 # Handle ConfigMap creation for PostgreSQL
-configmap_name = "esignet-postgres-config"
+configmap_name = "postgres-config"
 if configmap_exists(configmap_name, namespace):
     overwrite = input(f"ConfigMap '{configmap_name}' already exists in namespace '{namespace}'. Overwrite? (y/n): ")
     if overwrite.lower() == 'y':

deploy/postgres/init_values.yaml

@@ -4,12 +4,12 @@ dbUserPasswords:
 databases:
   mosip_esignet:
     enabled: true
-    host: "esignet-postgres-postgresql.esignet"
+    host: "postgres-postgresql"
     port: 5432
     su:
       user: postgres
       secret:
-        name: esignet-postgres-postgresql
+        name: postgres-postgresql
         key: postgres-password
     dml: 1
     repoUrl: https://github.com/mosip/esignet.git