From d8d6ade5cdf988e2f74b1e6d30196f5b26c4dadf Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Wed, 6 May 2026 09:33:43 +0200 Subject: [PATCH 01/14] Open Discover Service --- .../Dockerfile | 20 +- .../config.yaml | 8 + .../openapi_server/__main__.py | 18 - .../openapi_server/app.py | 44 ++ .../openapi_server/config.py | 19 + .../controllers/default_controller.py | 107 ++-- .../controllers/security_controller.py | 10 + .../openapi_server/core/__init__.py | 0 .../core/open_discover_operations.py | 533 ++++++++++++++++++ .../openapi_server/core/resources.py | 9 + .../openapi_server/core/responses.py | 34 ++ .../openapi_server/db/__init__.py | 0 .../openapi_server/db/db.py | 39 ++ .../openapi_server/encoder.py | 10 +- .../openapi_server/openapi/openapi.yaml | 40 +- .../openapi_server/util.py | 46 ++ .../openapi_server/vendor_specific.py | 62 ++ .../openapi_server/wsgi.py | 4 + .../prepare_open_discover.sh | 57 ++ .../requirements.txt | 20 +- services/docker-compose-capif.yml | 25 + services/nginx/endpoints/endpoints.conf | 1 + services/nginx/maps/00-services.conf | 1 + services/nginx/maps/90-policy-dispatch.conf | 3 + services/nginx/maps/95-auth-error.conf | 1 + services/nginx/nginx.conf | 10 +- .../nginx/policies/open-discover-token.conf | 4 + 27 files changed, 1005 insertions(+), 120 deletions(-) create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/config.yaml delete mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/__main__.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/app.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/config.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/__init__.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/open_discover_operations.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/resources.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/responses.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/db/__init__.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/db/db.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/vendor_specific.py create mode 100644 services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/wsgi.py create mode 100755 services/TS29222_CAPIF_Open_Discover_Service_API/prepare_open_discover.sh create mode 100644 services/nginx/policies/open-discover-token.conf diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/Dockerfile b/services/TS29222_CAPIF_Open_Discover_Service_API/Dockerfile index 4857637..cc4c8ee 100644 --- a/services/TS29222_CAPIF_Open_Discover_Service_API/Dockerfile +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/Dockerfile @@ -1,9 +1,21 @@ -FROM python:3-alpine +FROM labs.etsi.org:5050/ocf/capif/python:3-slim-bullseye RUN mkdir -p /usr/src/app WORKDIR /usr/src/app -COPY requirements.txt /usr/src/app/ +COPY requirements.txt /usr/src/app/requirements.txt + +RUN apt-get update && apt-get install -y --no-install-recommends \ + gcc \ + build-essential \ + linux-headers-generic \ + ca-certificates \ + libffi-dev \ + libssl-dev \ + libxslt1-dev \ + jq \ + curl && \ + rm -rf /var/lib/apt/lists/* RUN pip3 install --no-cache-dir -r requirements.txt @@ -11,6 +23,4 @@ COPY . /usr/src/app EXPOSE 8080 -ENTRYPOINT ["python3"] - -CMD ["-m", "openapi_server"] \ No newline at end of file +CMD ["sh", "prepare_open_discover.sh"] diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/config.yaml b/services/TS29222_CAPIF_Open_Discover_Service_API/config.yaml new file mode 100644 index 0000000..057b3a0 --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/config.yaml @@ -0,0 +1,8 @@ +mongo: { + 'user': 'root', + 'password': 'example', + 'db': 'capif', + 'col': 'serviceapidescriptions', + 'host': 'mongo', + 'port': "27017" +} diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/__main__.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/__main__.py deleted file mode 100644 index 1b2cdd8..0000000 --- a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/__main__.py +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/env python3 - -import connexion -from openapi_server import encoder - - -def main(): - app = connexion.App(__name__, specification_dir='./openapi/') - app.app.json_encoder = encoder.JSONEncoder - app.add_api('openapi.yaml', - arguments={'title': 'CAPIF_Open_Discover_Service_API'}, - pythonic_params=True) - - app.run(port=8080) - - -if __name__ == '__main__': - main() diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/app.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/app.py new file mode 100644 index 0000000..122f22e --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/app.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python3 + +import json + +import connexion +import encoder +from connexion.decorators import parameter as connexion_parameter +from flask_jwt_extended import JWTManager + + +_original_get_val_from_param = connexion_parameter._get_val_from_param + + +def _get_val_from_content_param(value, param_defn): + if "content" not in param_defn or "schema" in param_defn: + return _original_get_val_from_param(value, param_defn) + + content = param_defn.get("content", {}) + if "application/json" not in content or not isinstance(value, str): + return value + + try: + return json.loads(value) + except json.JSONDecodeError: + return value + + +connexion_parameter._get_val_from_param = _get_val_from_content_param + +with open("/usr/src/app/openapi_server/pubkey.pem", "rb") as pub_file: + pub_data = pub_file.read() + +app = connexion.App(__name__, specification_dir="openapi/") +app.app.json_encoder = encoder.CustomJSONEncoder +app.add_api( + "openapi.yaml", + arguments={"title": "CAPIF_Open_Discover_Service_API"}, + pythonic_params=True, +) + +app.app.config["JWT_ALGORITHM"] = "RS256" +app.app.config["JWT_PUBLIC_KEY"] = pub_data + +JWTManager(app.app) diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/config.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/config.py new file mode 100644 index 0000000..213320c --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/config.py @@ -0,0 +1,19 @@ +import os + +import yaml + + +class Config: + def __init__(self): + self.cached = 0 + self.file = "../config.yaml" + self.my_config = {} + + stamp = os.stat(self.file).st_mtime + if stamp != self.cached: + self.cached = stamp + with open(self.file) as f: + self.my_config = yaml.safe_load(f) + + def get_config(self): + return self.my_config diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/controllers/default_controller.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/controllers/default_controller.py index 74f5e84..7d388dd 100644 --- a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/controllers/default_controller.py @@ -1,61 +1,60 @@ +from flask import current_app +from flask_jwt_extended import get_jwt_identity, jwt_required +from openapi_server.models.aef_location import AefLocation # noqa: F401 +from openapi_server.models.communication_type import CommunicationType # noqa: F401 +from openapi_server.models.data_format import DataFormat # noqa: F401 +from openapi_server.models.open_discovery_resp import OpenDiscoveryResp # noqa: F401 +from openapi_server.models.problem_details import ProblemDetails # noqa: F401 +from openapi_server.models.protocol import Protocol # noqa: F401 +from openapi_server.models.res_oper_info import ResOperInfo # noqa: F401 +from openapi_server.models.service_kpis import ServiceKpis # noqa: F401 -import connexion -from openapi_server.models.aef_location import AefLocation # noqa: E501 -from openapi_server.models.communication_type import \ - CommunicationType # noqa: E501 -from openapi_server.models.data_format import DataFormat # noqa: E501 -from openapi_server.models.open_discovery_resp import \ - OpenDiscoveryResp # noqa: E501 -from openapi_server.models.problem_details import ProblemDetails # noqa: E501 -from openapi_server.models.protocol import Protocol # noqa: E501 -from openapi_server.models.res_oper_info import ResOperInfo # noqa: E501 -from openapi_server.models.service_kpis import ServiceKpis # noqa: E501 +from ..core.open_discover_operations import OpenDiscoverOperations +open_discover_ops = OpenDiscoverOperations() -def service_apis_get(api_names=None, api_versions=None, comm_type=None, protocols=None, data_format=None, api_cats=None, preferred_aef_loc=None, api_prov_names=None, api_supported_features=None, api_ids=None, service_kpis=None, res_ops=None, supported_features=None): # noqa: E501 + +@jwt_required() +def service_apis_get( + api_names=None, + api_versions=None, + comm_type=None, + protocols=None, + data_format=None, + api_cats=None, + preferred_aef_loc=None, + api_prov_names=None, + api_supported_features=None, + api_ids=None, + service_kpis=None, + res_ops=None, + supported_features=None, +): # noqa: E501 """service_apis_get - Enables Open discovery of the currently registered at the CCF and satisfying a number of filter criteria. # noqa: E501 + Enables Open discovery of the currently registered at the CCF and satisfying + a number of filter criteria. + """ + identity = get_jwt_identity() + if isinstance(identity, str) and identity: + current_app.logger.debug(f"Open discover authorized identity: {identity}") + else: + current_app.logger.debug("Open discover authorized identity is empty or non-string") - :param api_names: Contains the name(s) of the target Service API(s). - :type api_names: List[str] - :param api_versions: Contains the major version(s) (e.g., v1) of the target Service API(s). - :type api_versions: Dict[str, ] - :param comm_type: Contains the communication type supported by the target Service API(s). - :type comm_type: dict | bytes - :param protocols: Contains the protocol(s) supported by the target Service API(s). - :type protocols: list | bytes - :param data_format: Contains data format(s) supported by the target Service API(s). - :type data_format: dict | bytes - :param api_cats: Contains the category(ies) of the target Service API(s). - :type api_cats: List[str] - :param preferred_aef_loc: Contains the preferred location information for AEF(s) exposing the target Service API(s). This query parameter is ignored by the CCF if there are no matching records at the CCF. - :type preferred_aef_loc: dict | bytes - :param api_prov_names: Contains the name(s) of the provider(s) of the target Service API(s). - :type api_prov_names: List[str] - :param api_supported_features: Contains the features supported by the discovered service API indicated by api-name parameter. This may only be present if api-name query parameter is present. - :type api_supported_features: Dict[str, str] - :param api_ids: Contains the identifier(s) of the targeted service APIs. - :type api_ids: List[str] - :param service_kpis: Contains iInformation about service characteristics provided by the targeted service API(s). - :type service_kpis: dict | bytes - :param res_ops: Contains the list of supported API resource(s) and service operation(s). - :type res_ops: list | bytes - :param supported_features: Contains a list of supported features among the ones defined in clause 8.1.6. This attributed shall be present only when feature negotiation needs to take place. - :type supported_features: str + query_params = { + "api_names": api_names, + "api_versions": api_versions, + "comm_type": comm_type, + "protocols": protocols, + "data_format": data_format, + "api_cats": api_cats, + "preferred_aef_loc": preferred_aef_loc, + "api_prov_names": api_prov_names, + "api_supported_features": api_supported_features, + "api_ids": api_ids, + "service_kpis": service_kpis, + "res_ops": res_ops, + "supported_features": supported_features, + } - :rtype: Union[OpenDiscoveryResp, Tuple[OpenDiscoveryResp, int], Tuple[OpenDiscoveryResp, int, Dict[str, str]] - """ - if connexion.request.is_json: - comm_type = CommunicationType.from_dict(connexion.request.get_json()) # noqa: E501 - if connexion.request.is_json: - protocols = [Protocol.from_dict(d) for d in connexion.request.get_json()] # noqa: E501 - if connexion.request.is_json: - data_format = DataFormat.from_dict(connexion.request.get_json()) # noqa: E501 - if connexion.request.is_json: - preferred_aef_loc = AefLocation.from_dict(connexion.request.get_json()) # noqa: E501 - if connexion.request.is_json: - service_kpis = ServiceKpis.from_dict(connexion.request.get_json()) # noqa: E501 - if connexion.request.is_json: - res_ops = [ResOperInfo.from_dict(d) for d in connexion.request.get_json()] # noqa: E501 - return 'do some magic!' + return open_discover_ops.get_open_discovered_apis(query_params) diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/controllers/security_controller.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/controllers/security_controller.py index 8b13789..6545381 100644 --- a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/controllers/security_controller.py +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/controllers/security_controller.py @@ -1 +1,11 @@ +def info_from_o_auth2_client_credentials(token): + """Compatibility hook for OpenAPI security schemes. + Authentication enforcement is performed with flask_jwt_extended decorators. + """ + return {"scopes": [], "uid": token} + + +def validate_scope_o_auth2_client_credentials(required_scopes, token_scopes): + """Compatibility hook for OpenAPI security schemes.""" + return set(required_scopes).issubset(set(token_scopes)) diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/__init__.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/open_discover_operations.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/open_discover_operations.py new file mode 100644 index 0000000..29fe6e9 --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/open_discover_operations.py @@ -0,0 +1,533 @@ +import json +import re + +from flask import current_app, request + +from ..util import clean_empty, dict_to_camel_case +from ..vendor_specific import (filter_apis_with_vendor_specific_params, + find_attribute_in_body, + remove_vendor_specific_fields) +from .resources import Resource +from .responses import (bad_request_error, internal_server_error, + make_response, not_found_error) + +TOTAL_FEATURES = 4 +SUPPORTED_FEATURES_HEX = "2" + + +CAMEL_TO_SNAKE_RE = re.compile(r"(? 1 else values[0] + cls._insert_nested_query_value(extracted, path, value) + + return extracted or None + + @classmethod + def _extract_json_content_query_param(cls, query_name): + if query_name not in request.args: + return None + return cls._normalise_query_value(request.args[query_name]) + + @classmethod + def _extract_array_object_query_param(cls, query_name): + if query_name in request.args: + value = cls._normalise_query_value(request.args[query_name]) + return value if isinstance(value, list) else [value] + + extracted = [] + prefix = f"{query_name}[" + for key in request.args: + if not key.startswith(prefix): + continue + path = QUERY_BRACKETS_RE.findall(key) + if not path: + continue + + if path[0].isdecimal(): + index = int(path[0]) + while len(extracted) <= index: + extracted.append({}) + target = extracted[index] + path = path[1:] + else: + if not extracted: + extracted.append({}) + target = extracted[0] + + if not path: + continue + values = request.args.getlist(key) + value = values if len(values) > 1 else values[0] + cls._insert_nested_query_value(target, path, value) + + return [entry for entry in extracted if entry] or None + + @classmethod + def _split_form_values(cls, values): + split_values = [] + for value in cls._ensure_list(values): + if isinstance(value, str): + split_values.extend(entry for entry in value.split(",") if entry) + else: + split_values.append(value) + return split_values + + @classmethod + def _extract_requested_api_names(cls, query_params): + api_names = [] + raw_api_names = query_params.get("api_names") + + if raw_api_names is None and "api-names" in request.args: + raw_api_names = request.args.getlist("api-names") + + for value in cls._ensure_list(raw_api_names): + api_names.extend(cls._split_form_values(value)) + + return [str(api_name) for api_name in api_names if api_name] + + @classmethod + def _extract_form_exploded_api_filters(cls, api_names): + api_versions = {} + api_supported_features = {} + + for api_name in api_names: + if api_name not in request.args: + continue + + for value in cls._split_form_values(request.args.getlist(api_name)): + if not isinstance(value, str): + value = str(value) + + if value.lower().startswith("v") or not SUPPORTED_FEATURES_RE.fullmatch(value): + api_versions.setdefault(api_name, []).append(value) + else: + api_supported_features[api_name] = value + + return api_versions or None, api_supported_features or None + + @classmethod + def _extract_form_exploded_service_kpis(cls): + service_kpis = {} + + for query_name, field_name in SERVICE_KPIS_QUERY_KEYS.items(): + if query_name not in request.args: + continue + + values = request.args.getlist(query_name) + if not values: + continue + + service_kpis[field_name] = cls._coerce_query_scalar(values[-1]) + + return service_kpis or None + + @classmethod + def _populate_complex_query_params_from_request(cls, query_params): + api_names = cls._extract_requested_api_names(query_params) + api_versions = query_params.get("api_versions") + api_supported_features = query_params.get("api_supported_features") + form_api_versions, form_api_supported_features = cls._extract_form_exploded_api_filters(api_names) + + if not api_versions and form_api_versions: + query_params["api_versions"] = form_api_versions + if not api_supported_features and form_api_supported_features: + query_params["api_supported_features"] = form_api_supported_features + + preferred_aef_loc = cls._normalise_query_value( + query_params.get("preferred_aef_loc") + ) + if not preferred_aef_loc: + preferred_aef_loc = cls._extract_json_content_query_param( + "preferred-aef-loc" + ) + query_params["preferred_aef_loc"] = preferred_aef_loc + + service_kpis = cls._normalise_query_value(query_params.get("service_kpis")) + if not service_kpis: + service_kpis = cls._extract_form_exploded_service_kpis() + if not service_kpis: + service_kpis = cls._extract_object_query_param("service-kpis") + query_params["service_kpis"] = service_kpis + + res_ops = cls._normalise_query_value(query_params.get("res_ops")) + if not res_ops: + res_ops = cls._extract_array_object_query_param("res-ops") + query_params["res_ops"] = res_ops + + @classmethod + def _object_elem_match(cls, prefix, value): + value = cls._normalise_query_value(value) + if not isinstance(value, dict): + return {prefix: value} + + match = {} + + def add_fields(path, current): + if isinstance(current, dict): + for key, entry in current.items(): + add_fields(f"{path}.{cls._to_snake_case(key)}", entry) + elif isinstance(current, list): + match[path] = {"$all": current} + else: + match[path] = current + + add_fields(prefix, value) + return match + + @classmethod + def _aef_profile_object_query(cls, field_name, value): + return { + "aef_profiles": { + "$elemMatch": cls._object_elem_match(field_name, value) + } + } + + @classmethod + def _resource_operations_query(cls, res_oper_info): + res_oper_info = cls._normalise_query_value(res_oper_info) + if not isinstance(res_oper_info, dict): + return None + + resource_match = {} + custom_operations = cls._ensure_list(res_oper_info.get("custom_serv_opers")) + operations = cls._ensure_list(res_oper_info.get("operations")) + + if res_oper_info.get("resource") is not None: + resource_match["uri"] = res_oper_info["resource"] + if operations: + resource_match["operations"] = {"$all": operations} + if custom_operations: + resource_match["cust_operations"] = { + "$elemMatch": {"cust_op_name": {"$in": custom_operations}} + } + + if not resource_match: + return None + + return { + "aef_profiles": { + "$elemMatch": { + "versions": { + "$elemMatch": { + "resources": { + "$elemMatch": resource_match + } + } + } + } + } + } + + @staticmethod + def _ensure_list(value): + if value is None: + return [] + if isinstance(value, list): + return value + if isinstance(value, tuple): + return list(value) + return [value] + + @staticmethod + def _to_open_discovery_shape(service_api_doc): + open_doc = {} + + key_filter = [ + "api_name", + "api_id", + "api_status", + "description", + "service_api_category", + "api_supp_feats", + "api_prov_name", + "aef_profiles", + ] + + for key in service_api_doc.keys(): + if key in key_filter or "vendorSpecific" in key: + open_doc[key] = service_api_doc[key] + + if "aef_profiles" in open_doc: + for idx, aef_profile in enumerate(open_doc["aef_profiles"]): + if not isinstance(aef_profile, dict): + continue + filtered_profile = {} + for key in [ + "aef_id", + "versions", + "protocol", + "data_format", + "aef_location", + "service_kpis", + ]: + if key in aef_profile: + filtered_profile[key] = aef_profile[key] + open_doc["aef_profiles"][idx] = filtered_profile + + return clean_empty(open_doc) + + def get_open_discovered_apis(self, query_params): + services = self.db.get_col_by_name(self.db.service_api_descriptions) + + current_app.logger.debug("Open discovering services apis") + + try: + my_params = [] + my_query = {} + + query_params_name = { + "api_names": "api_name", + "api_versions": '{"aef_profiles": {"$elemMatch": {"versions": {"$elemMatch": {"api_version": "QPV"}}}}}', + "comm_type": '{"aef_profiles": {"$elemMatch": {"versions": {"$elemMatch": {"resources": {"$elemMatch": {"comm_type": "QPV"}}}}}}}', + "protocols": '{"aef_profiles": {"$elemMatch": {"protocol": "QPV"}}}', + "data_format": '{"aef_profiles": {"$elemMatch": {"data_format": "QPV"}}}', + "api_cats": "service_api_category", + "api_supported_features": "api_supp_feats", + "api_ids": "api_id", + "api_prov_names": "api_prov_name", + "preferred_aef_loc": "aef_location", + "service_kpis": "service_kpis", + "res_ops": "resources", + } + nested_query_params = ["api_versions", "comm_type", "protocols", "data_format"] + + vend_spec_query_params_n_values = {} + + supp_feat = query_params["supported_features"] + del query_params["supported_features"] + + if self._has_bracketed_query_param("preferred-aef-loc"): + return bad_request_error( + detail="Invalid query parameter format", + cause="preferred-aef-loc must be sent as an application/json query parameter", + invalid_params=[ + { + "param": "preferred-aef-loc", + "reason": 'Use preferred-aef-loc={"dcId":"..."}', + } + ], + ) + + self._populate_complex_query_params_from_request(query_params) + + if supp_feat is not None: + supp_feat_dict = return_negotiated_supp_feat_dict(supp_feat) + if supp_feat_dict["VendSpecQueryParams"]: + for q_param in request.args: + if "vend-spec" in q_param: + query_params[q_param] = json.loads(request.args[q_param]) + + for param in query_params: + if query_params[param] is None: + continue + + if "vend-spec" in param: + vend_param = param.split("vend-spec-")[1] + attribute_path = query_params[param]["target"].split("/") + vend_spec_query_params_n_values[".".join(attribute_path[1:]) + "." + vend_param] = query_params[param][ + "value" + ] + continue + + if param not in query_params_name: + continue + + if param == "preferred_aef_loc": + my_params.append( + self._aef_profile_object_query( + query_params_name[param], query_params[param] + ) + ) + continue + + if param == "service_kpis": + my_params.append( + self._aef_profile_object_query( + query_params_name[param], query_params[param] + ) + ) + continue + + if param == "res_ops": + for res_oper_info in self._ensure_list(query_params[param]): + res_ops_query = self._resource_operations_query(res_oper_info) + if res_ops_query is not None: + my_params.append(res_ops_query) + continue + + if param in nested_query_params: + if param == "api_versions" and isinstance(query_params[param], dict): + for _, versions in query_params[param].items(): + for version in self._ensure_list(versions): + my_params.append( + json.loads(query_params_name[param].replace("QPV", str(version))) + ) + else: + for entry in self._ensure_list(query_params[param]): + my_params.append( + json.loads(query_params_name[param].replace("QPV", str(entry))) + ) + continue + + if param == "api_supported_features": + if isinstance(query_params[param], dict): + for api_name, api_supp_feat in query_params[param].items(): + my_params.append({"$and": [{"api_name": api_name}, {"api_supp_feats": api_supp_feat}]}) + else: + my_params.append({query_params_name[param]: query_params[param]}) + continue + + for entry in self._ensure_list(query_params[param]): + my_params.append({query_params_name[param]: entry}) + + if my_params: + my_query = {"$and": my_params} + + discovered_apis = services.find(my_query, {"_id": 0}) + + json_docs = [] + if supp_feat is None: + for discovered_api in discovered_apis: + vendor_specific_fields_path = find_attribute_in_body(discovered_api, "") + json_docs.append( + self._to_open_discovery_shape( + remove_vendor_specific_fields(discovered_api, vendor_specific_fields_path) + ) + ) + else: + supported_features = return_negotiated_supp_feat_dict(supp_feat) + if supported_features["VendSpecQueryParams"]: + for discovered_api in discovered_apis: + vendor_specific_fields_path = find_attribute_in_body(discovered_api, "") + if vendor_specific_fields_path: + if vend_spec_query_params_n_values: + pass_filter = filter_apis_with_vendor_specific_params( + discovered_api, vend_spec_query_params_n_values + ) + if pass_filter: + json_docs.append(self._to_open_discovery_shape(discovered_api)) + else: + json_docs.append(self._to_open_discovery_shape(discovered_api)) + else: + for discovered_api in discovered_apis: + vendor_specific_fields_path = find_attribute_in_body(discovered_api, "") + if not vendor_specific_fields_path: + json_docs.append(self._to_open_discovery_shape(discovered_api)) + + if len(json_docs) == 0: + return not_found_error( + detail="No API Published accomplish filter conditions", + cause="No API Published accomplish filter conditions", + ) + + open_docs = [dict_to_camel_case(doc) for doc in json_docs] + response_body = {"discApis": open_docs} + if supp_feat is not None: + response_body["suppFeat"] = supp_feat + + return make_response(clean_empty(response_body), 200) + + except (ValueError, KeyError) as exc: + current_app.logger.error(f"Open discover bad request: {str(exc)}") + return bad_request_error( + detail="Invalid query parameter format", + cause=str(exc), + invalid_params=[], + ) + except Exception as exc: + exception = "An exception occurred in open discover services" + current_app.logger.error(exception + "::" + str(exc)) + return internal_server_error(detail=exception, cause=str(exc)) diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/resources.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/resources.py new file mode 100644 index 0000000..0673524 --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/resources.py @@ -0,0 +1,9 @@ +from abc import ABC + +from db.db import MongoDatabse + + +class Resource(ABC): + + def __init__(self): + self.db = MongoDatabse() diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/responses.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/responses.py new file mode 100644 index 0000000..8b047dc --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/core/responses.py @@ -0,0 +1,34 @@ +import json + +from flask import Response + +from ..encoder import CustomJSONEncoder +from ..models.problem_details import ProblemDetails +from ..util import serialize_clean_camel_case + +mimetype = "application/json" + + +def make_response(obj, status): + return Response(json.dumps(obj, cls=CustomJSONEncoder), status=status, mimetype=mimetype) + + +def internal_server_error(detail, cause): + prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + return make_response(serialize_clean_camel_case(prob), 500) + + +def bad_request_error(detail, cause, invalid_params): + prob = ProblemDetails( + title="Bad Request", + status=400, + detail=detail, + cause=cause, + invalid_params=invalid_params, + ) + return make_response(serialize_clean_camel_case(prob), 400) + + +def not_found_error(detail, cause): + prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + return make_response(serialize_clean_camel_case(prob), 404) diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/db/__init__.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/db/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/db/db.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/db/db.py new file mode 100644 index 0000000..d0be84d --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/db/db.py @@ -0,0 +1,39 @@ +import time + +from bson.codec_options import CodecOptions +from config import Config +from pymongo import MongoClient +from pymongo.errors import AutoReconnect + + +class MongoDatabse: + + def __init__(self): + self.config = Config().get_config() + self.db = self.__connect() + self.service_api_descriptions = self.config["mongo"]["col"] + + def get_col_by_name(self, name): + return self.db[name].with_options(codec_options=CodecOptions(tz_aware=True)) + + def __connect(self, max_retries=3, retry_delay=1): + retries = 0 + while retries < max_retries: + try: + uri = ( + f"mongodb://{self.config['mongo']['user']}:{self.config['mongo']['password']}@" + f"{self.config['mongo']['host']}:{self.config['mongo']['port']}" + ) + client = MongoClient(uri) + mydb = client[self.config["mongo"]["db"]] + mydb.command("ping") + return mydb + except AutoReconnect: + retries += 1 + print(f"Reconnecting... Retry {retries} of {max_retries}") + time.sleep(retry_delay) + return None + + def close_connection(self): + if self.db and self.db.client: + self.db.client.close() diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/encoder.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/encoder.py index 8eac4f3..658a53f 100644 --- a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/encoder.py +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/encoder.py @@ -1,8 +1,8 @@ -from connexion.apps.flask_app import FlaskJSONEncoder +from connexion.jsonifier import JSONEncoder as ConnexionJSONEncoder from openapi_server.models.base_model import Model -class JSONEncoder(FlaskJSONEncoder): +class CustomJSONEncoder(ConnexionJSONEncoder): include_nulls = False def default(self, o): @@ -15,4 +15,8 @@ class JSONEncoder(FlaskJSONEncoder): attr = o.attribute_map[attr] dikt[attr] = value return dikt - return FlaskJSONEncoder.default(self, o) + return ConnexionJSONEncoder.default(self, o) + + +# Backward-compatible alias for test scaffolding that still imports JSONEncoder. +JSONEncoder = CustomJSONEncoder diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/openapi/openapi.yaml b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/openapi/openapi.yaml index fba66de..755eae8 100644 --- a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/openapi/openapi.yaml +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/openapi/openapi.yaml @@ -64,7 +64,7 @@ paths: required: false schema: items: - $ref: '#/components/schemas/Protocol' + type: string minItems: 1 type: array style: form @@ -1636,30 +1636,22 @@ components: title: OpenAefProfile type: object CommunicationType: - anyOf: - - enum: + enum: - REQUEST_RESPONSE - SUBSCRIBE_NOTIFY - type: string - - description: | - This string provides forward-compatibility with future extensions to the enumeration but is not used to encode content defined in the present version of this API. - type: string + type: string description: "Indicates a communication type of the resource or the custom operation.\ \ \nPossible values are:\n- REQUEST_RESPONSE: The communication is of the\ \ type request-response.\n- SUBSCRIBE_NOTIFY: The communication is of the\ \ type subscribe-notify.\n" title: CommunicationType Protocol: - anyOf: - - enum: + enum: - HTTP_1_1 - HTTP_2 - MQTT - WEBSOCKET - type: string - - description: | - This string provides forward-compatibility with future extensions to the enumeration but is not used to encode content defined in the present version of this API. - type: string + type: string description: "Indicates a protocol and protocol version used by the API. \n\ Possible values are:\n- HTTP_1_1: Indicates that the protocol is HTTP version\ \ 1.1.\n- HTTP_2: Indicates that the protocol is HTTP version 2.\n- MQTT:\ @@ -1667,15 +1659,11 @@ components: \ Indicates that the protocol is Websocket.\n" title: Protocol DataFormat: - anyOf: - - enum: + enum: - JSON - XML - PROTOBUF3 - type: string - - description: | - This string provides forward-compatibility with future extensions to the enumeration but is not used to encode content defined in the present version of this API. - type: string + type: string description: "Indicates a data format. \nPossible values are:\n- JSON: Indicates\ \ that the data format is JSON.\n- XML: Indicates that the data format is\ \ Extensible Markup Language.\n- PROTOBUF3: Indicates that the data format\ @@ -2106,17 +2094,13 @@ components: title: CustomOperation type: object Operation: - anyOf: - - enum: + enum: - GET - POST - PUT - PATCH - DELETE - type: string - - description: | - This string provides forward-compatibility with future extensions to the enumeration but is not used to encode content defined in the present version of this API. - type: string + type: string description: "Indicates an HTTP method. \nPossible values are:\n- GET: HTTP\ \ GET method.\n- POST: HTTP POST method.\n- PUT: HTTP PUT method.\n- PATCH:\ \ HTTP PATCH method.\n- DELETE: HTTP DELETE method.\n" @@ -2312,8 +2296,7 @@ components: title: GADShape type: object SupportedGADShapes: - anyOf: - - enum: + enum: - POINT - POINT_UNCERTAINTY_CIRCLE - POINT_UNCERTAINTY_ELLIPSE @@ -2326,8 +2309,7 @@ components: - DISTANCE_DIRECTION - RELATIVE_2D_LOCATION_UNCERTAINTY_ELLIPSE - RELATIVE_3D_LOCATION_UNCERTAINTY_ELLIPSOID - type: string - - type: string + type: string description: Indicates supported GAD shapes. title: SupportedGADShapes PointUncertaintyCircle: diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/util.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/util.py index eed6187..f7dd6fb 100644 --- a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/util.py +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/util.py @@ -3,6 +3,52 @@ import datetime from openapi_server import typing_utils +def serialize_clean_camel_case(obj): + res = obj.to_dict() + res = clean_empty(res) + res = dict_to_camel_case(res) + return res + + +def clean_empty(d): + if isinstance(d, dict): + return { + k: v + for k, v in ((k, clean_empty(v)) for k, v in d.items()) + if v is not None or (isinstance(v, list) and len(v) == 0) + } + if isinstance(d, list): + return [v for v in map(clean_empty, d) if v is not None] + return d + + +def dict_to_camel_case(my_dict): + result = {} + + for attr, value in my_dict.items(): + if len(attr.split('_')) != 1: + my_key = ''.join(word.title() for word in attr.split('_')) + my_key = ''.join([my_key[0].lower(), my_key[1:]]) + else: + my_key = attr + + if my_key == "serviceApiCategory": + my_key = "serviceAPICategory" + + if isinstance(value, list): + result[my_key] = list( + map(lambda x: dict_to_camel_case(x) if isinstance(x, dict) else x, value) + ) + elif hasattr(value, "to_dict"): + result[my_key] = dict_to_camel_case(value) + elif isinstance(value, dict): + result[my_key] = dict_to_camel_case(value) + else: + result[my_key] = value + + return result + + def _deserialize(data, klass): """Deserializes dict, list, str into an object. diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/vendor_specific.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/vendor_specific.py new file mode 100644 index 0000000..57d7336 --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/vendor_specific.py @@ -0,0 +1,62 @@ +import re + + +def find_attribute_in_body(test, path): + f_key = [] + if type(test) == dict: + for k, v in test.items(): + if 'vendorSpecific' in k: + if path == '': + temp_path = k + else: + temp_path = path + "." + k + f_key.append(temp_path) + elif type(v) == dict: + if path == '': + temp_path = k + else: + temp_path = path + "." + k + f_key += find_attribute_in_body(v, temp_path) + elif type(v) == list: + if path == '': + temp_path = k + else: + temp_path = path + "." + k + for i, val in enumerate(v): + f_key += find_attribute_in_body(val, temp_path + "." + str(i)) + return f_key + + +def remove_vendor_specific_fields(discoved_api, vendor_specific_fields_path): + for path in vendor_specific_fields_path: + tmp_body = discoved_api + parts = path.split('.') + vs_field = parts[-1] + for path_piece in parts[:-1]: + if path_piece.isnumeric(): + path_piece = int(path_piece) + tmp_body = tmp_body[path_piece] + del tmp_body[vs_field] + return discoved_api + + +def nested_key_exists(dictionary, keys): + _dict = dictionary + for key in keys: + if isinstance(_dict, dict) and key in _dict: + _dict = _dict[key] + else: + return False, -1 + return True, _dict + + +def filter_apis_with_vendor_specific_params(discoved_api, vend_spec_query_params_n_values): + pass_filter = True + for k, v in vend_spec_query_params_n_values.items(): + parts = k.split('.') + exists, value = nested_key_exists(discoved_api, parts) + if exists: + if v != value: + pass_filter = False + break + return pass_filter diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/wsgi.py b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/wsgi.py new file mode 100644 index 0000000..6026b0f --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/openapi_server/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/prepare_open_discover.sh b/services/TS29222_CAPIF_Open_Discover_Service_API/prepare_open_discover.sh new file mode 100755 index 0000000..eeb0563 --- /dev/null +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/prepare_open_discover.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +VAULT_ADDR="http://$VAULT_HOSTNAME:$VAULT_PORT" +VAULT_TOKEN=$VAULT_ACCESS_TOKEN + +MAX_RETRIES=30 +RETRY_DELAY=10 +ATTEMPT=0 + +HELPER_URL="http://helper:8080/helper/api/getCcfId" +ATTEMPT_CCFID=0 +CCF_ID="" + +while [ $ATTEMPT -lt $MAX_RETRIES ]; do + eval "ATTEMPT=\$((ATTEMPT + 1))" + echo "Attempt $ATTEMPT of $MAX_RETRIES" + + echo "[STEP] Fetching CCF_ID from Helper: $HELPER_URL" + while [ $ATTEMPT_CCFID -lt $MAX_RETRIES ]; do + ATTEMPT_CCFID=$((ATTEMPT_CCFID + 1)) + echo "[INFO] Attempt $ATTEMPT_CCFID/$MAX_RETRIES – GET $HELPER_URL" + + RAW=$(curl -sS --fail --connect-timeout 5 --max-time 10 "$HELPER_URL" || true) + CCF_ID=$(echo "$RAW" | jq -r '.ccf_id // empty' 2>/dev/null) + + if [ -n "$CCF_ID" ]; then + echo "[INFO] Got CCF_ID=$CCF_ID" + break + fi + + echo "[WARN] Helper not ready or invalid response. Retrying in ${RETRY_DELAY}s..." + sleep $RETRY_DELAY + done + + if [ -z "$CCF_ID" ]; then + echo "[ERROR] Unable to retrieve CCF_ID from Helper after $MAX_RETRIES attempts" + exit 1 + fi + + RESPONSE=$(curl -s -k --connect-timeout 5 --max-time 10 \ + --header "X-Vault-Token: $VAULT_TOKEN" \ + --request GET "$VAULT_ADDR/v1/secret/data/capif/${CCF_ID}/nginx" | jq -r '.data.data.server_pub') + + if [ -n "$RESPONSE" ] && [ "$RESPONSE" != "null" ]; then + echo "$RESPONSE" > /usr/src/app/openapi_server/pubkey.pem + echo "Public key successfully saved." + gunicorn -k uvicorn.workers.UvicornH11Worker --bind 0.0.0.0:8080 \ + --chdir /usr/src/app/openapi_server wsgi:app + exit 0 + else + echo "Invalid response ('null' or empty), retrying in $RETRY_DELAY seconds..." + sleep $RETRY_DELAY + fi +done + +echo "Error: Failed to retrieve a valid response after $MAX_RETRIES attempts." +exit 1 diff --git a/services/TS29222_CAPIF_Open_Discover_Service_API/requirements.txt b/services/TS29222_CAPIF_Open_Discover_Service_API/requirements.txt index bad8612..8e0a185 100644 --- a/services/TS29222_CAPIF_Open_Discover_Service_API/requirements.txt +++ b/services/TS29222_CAPIF_Open_Discover_Service_API/requirements.txt @@ -1,13 +1,13 @@ -connexion[swagger-ui] >= 2.6.0; python_version>="3.6" -# 2.3 is the last version that supports python 3.4-3.5 -connexion[swagger-ui] <= 2.3.0; python_version=="3.5" or python_version=="3.4" -# prevent breaking dependencies from advent of connexion>=3.0 -connexion[swagger-ui] <= 2.14.2; python_version>"3.4" -# connexion requires werkzeug but connexion < 2.4.0 does not install werkzeug -# we must peg werkzeug versions below to fix connexion -# https://github.com/zalando/connexion/pull/1044 -werkzeug == 0.16.1; python_version=="3.5" or python_version=="3.4" +connexion[flask, swagger-ui, uvicorn] == 3.1.0; python_version>="3.6" swagger-ui-bundle >= 0.0.2 python_dateutil >= 2.6.0 setuptools == 80.9.0 -Flask == 2.1.1 +Flask == 3.0.3 +pymongo == 4.7.3 +flask_jwt_extended == 4.6.0 +cryptography == 46.0.1 +rfc3987 == 1.3.8 +werkzeug == 3.1.3 +gunicorn == 23.0.0 +packaging == 24.0 +PyYAML == 6.0.2 diff --git a/services/docker-compose-capif.yml b/services/docker-compose-capif.yml index 2c0add1..374cbef 100644 --- a/services/docker-compose-capif.yml +++ b/services/docker-compose-capif.yml @@ -152,6 +152,30 @@ services: depends_on: - mongo + open-api-disc: + build: + context: ${SERVICES_DIR}/TS29222_CAPIF_Open_Discover_Service_API + expose: + - "8080" + volumes: + - ${SERVICES_DIR}/TS29222_CAPIF_Open_Discover_Service_API/config.yaml:/usr/src/app/config.yaml + - ${SERVICES_DIR}/TS29222_CAPIF_Open_Discover_Service_API/prepare_open_discover.sh:/usr/src/app/prepare_open_discover.sh + restart: unless-stopped + extra_hosts: + - host.docker.internal:host-gateway + - vault:host-gateway + image: ${REGISTRY_BASE_URL}/ocf-open-discover-service-api:${OCF_VERSION} + environment: + - CAPIF_HOSTNAME=${CAPIF_HOSTNAME} + - CONTAINER_NAME=open-api-disc + - VAULT_HOSTNAME=vault + - VAULT_ACCESS_TOKEN=dev-only-token + - VAULT_PORT=8200 + - LOG_LEVEL=${LOG_LEVEL} + depends_on: + - mongo + - helper + capif-events: build: context: ${SERVICES_DIR}/TS29222_CAPIF_Events_API @@ -325,6 +349,7 @@ services: depends_on: - redis - service-apis + - open-api-disc - api-invocation-logs - published-apis - capif-events diff --git a/services/nginx/endpoints/endpoints.conf b/services/nginx/endpoints/endpoints.conf index 76448f7..227004e 100644 --- a/services/nginx/endpoints/endpoints.conf +++ b/services/nginx/endpoints/endpoints.conf @@ -5,6 +5,7 @@ map $uri $endpoint { /api-invoker-management/v1/onboardedInvokers invoker_onboarding_exact; /api-provider-management/v1/registrations provider_registrations_exact; /service-apis/v1/allServiceAPIs discover_service_exact; + /open-api-disc/v1/service-apis open_discover_exact; # Regex matches for endpoints that can be grouped by common patterns # Helper related endpoints diff --git a/services/nginx/maps/00-services.conf b/services/nginx/maps/00-services.conf index 44ec473..80c56e6 100644 --- a/services/nginx/maps/00-services.conf +++ b/services/nginx/maps/00-services.conf @@ -4,6 +4,7 @@ map $uri $service { ~^/api-invoker-management(/|$) invoker-management; ~^/api-provider-management(/|$) provider-management; ~^/service-apis(/|$) discover-service; + ~^/open-api-disc(/|$) open-discover-service; ~^/published-apis(/|$) publish-service; ~^/api-invocation-logs(/|$) logging-service; ~^/logs(/|$) auditing-service; diff --git a/services/nginx/maps/90-policy-dispatch.conf b/services/nginx/maps/90-policy-dispatch.conf index 6c85657..510c763 100644 --- a/services/nginx/maps/90-policy-dispatch.conf +++ b/services/nginx/maps/90-policy-dispatch.conf @@ -17,6 +17,9 @@ map "$service:$has_token:$has_cert" $active_policy { # Discover Service discover-service:0:1 $discover_service_mtls_policy; + # Open-Discover Service + open-discover-service:1:0 $open_discover_token_policy; + # Published APIs Service publish-service:0:1 $publish_service_mtls_policy; diff --git a/services/nginx/maps/95-auth-error.conf b/services/nginx/maps/95-auth-error.conf index 9b0b713..c18fc86 100644 --- a/services/nginx/maps/95-auth-error.conf +++ b/services/nginx/maps/95-auth-error.conf @@ -1,5 +1,6 @@ map "$service:$endpoint:$method:$has_token:$has_cert:$role" $auth_error { default '{"status":401,"title":"Unauthorized","detail":"Operation not allowed","cause":"Access denied by policy"}'; + ~^open-discover-service:.*:.*:0:0:.*$ '{"status":401, "title":"Unauthorized" ,"detail":"Access token not present", "cause":"Bearer token is required for this API route"}'; ~^.*:.*:.*:0:0:.*$ '{"status":401, "title":"Unauthorized" ,"detail":"Certifcate not present", "cause":"Certificate is required for this API route"}'; ~^helper:.*:.*:0:1:(invoker|apf|aef)$ '{"status":401, "title":"Unauthorized" ,"detail":"Role not authorized for this API route", "cause":"User role must be superadmin"}'; ~^invoker-management:.*:.*:0:1:(amf|apf|aef|ccf)$ '{"status":401, "title":"Unauthorized" ,"detail":"Role not authorized for this API route", "cause":"User role must be invoker"}'; diff --git a/services/nginx/nginx.conf b/services/nginx/nginx.conf index 3cd6fe8..6a98449 100644 --- a/services/nginx/nginx.conf +++ b/services/nginx/nginx.conf @@ -82,6 +82,14 @@ http { proxy_pass http://service-apis:8080; } + location /open-api-disc { + if ($auth_allowed = 0) { + add_header Content-Type 'application/problem+json'; + return 401 $auth_error; + } + proxy_pass http://open-api-disc:8080; + } + location /published-apis { if ($ssl_client_verify != SUCCESS) { return 403; @@ -171,4 +179,4 @@ http { } } -daemon off; \ No newline at end of file +daemon off; diff --git a/services/nginx/policies/open-discover-token.conf b/services/nginx/policies/open-discover-token.conf new file mode 100644 index 0000000..668e460 --- /dev/null +++ b/services/nginx/policies/open-discover-token.conf @@ -0,0 +1,4 @@ +map "$endpoint:$method" $open_discover_token_policy { + default DENY; + open_discover_exact:GET ALLOW; +} -- GitLab From 30e31d5e1a9ba501b7006ee9697f51a87989cc47 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 10:43:54 +0200 Subject: [PATCH 02/14] Added ocf-open-discover-service-api to helm --- helm/00_capif_monitoring/README.md | 21 --- helm/01_capif_db/README.md | 32 ----- helm/02_capif_db_express/README.md | 30 ----- helm/03_capif_commons/README.md | 33 +---- helm/04_capif_services/README.md | 23 +--- .../ocf-open-discover-service-api/.helmignore | 23 ++++ .../ocf-open-discover-service-api/Chart.yaml | 24 ++++ .../ocf-open-discover-service-api/README.md | 63 +++++++++ .../templates/NOTES.txt | 22 ++++ .../templates/_helpers.tpl | 62 +++++++++ .../templates/configmap.yaml | 28 ++++ .../templates/deployment.yaml | 80 ++++++++++++ .../templates/hpa.yaml | 32 +++++ .../templates/ingress.yaml | 61 +++++++++ .../templates/service.yaml | 15 +++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 +++ .../ocf-open-discover-service-api/values.yaml | 122 ++++++++++++++++++ helm/05_capif_register/README.md | 34 +---- helm/scripts/04_install_capif_services.sh | 10 +- 20 files changed, 573 insertions(+), 170 deletions(-) create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/.helmignore create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/Chart.yaml create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/README.md create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/NOTES.txt create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/_helpers.tpl create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/configmap.yaml create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/deployment.yaml create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/hpa.yaml create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/ingress.yaml create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/service.yaml create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/serviceaccount.yaml create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/templates/tests/test-connection.yaml create mode 100644 helm/04_capif_services/charts/ocf-open-discover-service-api/values.yaml diff --git a/helm/00_capif_monitoring/README.md b/helm/00_capif_monitoring/README.md index 04814b5..4b0d293 100644 --- a/helm/00_capif_monitoring/README.md +++ b/helm/00_capif_monitoring/README.md @@ -11,26 +11,8 @@ A Helm chart to CAPIF in Kubernetes | | fluentbit | * | | | grafana | * | | | loki | * | -| | mock-server | * | -| | mongo | * | -| | mongo-express | * | -| | mongo-register | * | -| | mongo-register-express | * | | | nginx | * | -| | ocf-access-control-policy | * | -| | ocf-api-invocation-logs | * | -| | ocf-api-invoker-management | * | -| | ocf-api-provider-management | * | -| | ocf-auditing-api-logs | * | -| | ocf-discover-service-api | * | -| | ocf-events | * | -| | ocf-helper | * | -| | ocf-publish-service-api | * | -| | ocf-register | * | -| | ocf-routing-info | * | -| | ocf-security | * | | | otelcollector | * | -| | redis | * | | | renderer | * | | https://grafana.github.io/helm-charts | tempo | ^1.3.1 | @@ -41,9 +23,6 @@ A Helm chart to CAPIF in Kubernetes | fluentbit | object | `{"enabled":false}` | With fluentbit.enabled: false. It won't be deployed | | grafana | object | `{"enabled":false}` | With grafana.enabled: false. It won't be deployed | | loki | object | `{"enabled":false}` | With loki.enabled: false. It won't be deployed | -| mock-server | object | `{"enabled":false}` | With mock-server.enabled: false. It won't be deployed | -| mongo-express | object | `{"enabled":false}` | With mongo-express.enabled: false. It won't be deployed | -| mongo-register-express | object | `{"enabled":false}` | With mongo-register-express.enabled: false. It won't be deployed | | otelcollector | object | `{"enabled":false}` | With otelcollector.enabled: false. It won't be deployed | | renderer | object | `{"enabled":false}` | With renderer.enabled: false. It won't be deployed | | tempo | object | `{"enabled":true,"persistence":{"enabled":true,"size":"3Gi"},"tempo":{"metricsGenerator":{"enabled":true,"remoteWriteUrl":"http://prometheus.mon.svc.cluster.local:9090/api/v1/write"}}}` | With tempo.enabled: false. It won't be deployed | diff --git a/helm/01_capif_db/README.md b/helm/01_capif_db/README.md index 04814b5..224578d 100644 --- a/helm/01_capif_db/README.md +++ b/helm/01_capif_db/README.md @@ -8,45 +8,13 @@ A Helm chart to CAPIF in Kubernetes | Repository | Name | Version | |------------|------|---------| -| | fluentbit | * | -| | grafana | * | -| | loki | * | -| | mock-server | * | | | mongo | * | -| | mongo-express | * | | | mongo-register | * | -| | mongo-register-express | * | -| | nginx | * | -| | ocf-access-control-policy | * | -| | ocf-api-invocation-logs | * | -| | ocf-api-invoker-management | * | -| | ocf-api-provider-management | * | -| | ocf-auditing-api-logs | * | -| | ocf-discover-service-api | * | -| | ocf-events | * | -| | ocf-helper | * | -| | ocf-publish-service-api | * | -| | ocf-register | * | -| | ocf-routing-info | * | -| | ocf-security | * | -| | otelcollector | * | -| | redis | * | -| | renderer | * | -| https://grafana.github.io/helm-charts | tempo | ^1.3.1 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| fluentbit | object | `{"enabled":false}` | With fluentbit.enabled: false. It won't be deployed | -| grafana | object | `{"enabled":false}` | With grafana.enabled: false. It won't be deployed | -| loki | object | `{"enabled":false}` | With loki.enabled: false. It won't be deployed | -| mock-server | object | `{"enabled":false}` | With mock-server.enabled: false. It won't be deployed | -| mongo-express | object | `{"enabled":false}` | With mongo-express.enabled: false. It won't be deployed | -| mongo-register-express | object | `{"enabled":false}` | With mongo-register-express.enabled: false. It won't be deployed | -| otelcollector | object | `{"enabled":false}` | With otelcollector.enabled: false. It won't be deployed | -| renderer | object | `{"enabled":false}` | With renderer.enabled: false. It won't be deployed | -| tempo | object | `{"enabled":true,"persistence":{"enabled":true,"size":"3Gi"},"tempo":{"metricsGenerator":{"enabled":true,"remoteWriteUrl":"http://prometheus.mon.svc.cluster.local:9090/api/v1/write"}}}` | With tempo.enabled: false. It won't be deployed | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/helm/02_capif_db_express/README.md b/helm/02_capif_db_express/README.md index 04814b5..d87ced2 100644 --- a/helm/02_capif_db_express/README.md +++ b/helm/02_capif_db_express/README.md @@ -8,45 +8,15 @@ A Helm chart to CAPIF in Kubernetes | Repository | Name | Version | |------------|------|---------| -| | fluentbit | * | -| | grafana | * | -| | loki | * | -| | mock-server | * | -| | mongo | * | | | mongo-express | * | -| | mongo-register | * | | | mongo-register-express | * | -| | nginx | * | -| | ocf-access-control-policy | * | -| | ocf-api-invocation-logs | * | -| | ocf-api-invoker-management | * | -| | ocf-api-provider-management | * | -| | ocf-auditing-api-logs | * | -| | ocf-discover-service-api | * | -| | ocf-events | * | -| | ocf-helper | * | -| | ocf-publish-service-api | * | -| | ocf-register | * | -| | ocf-routing-info | * | -| | ocf-security | * | -| | otelcollector | * | -| | redis | * | -| | renderer | * | -| https://grafana.github.io/helm-charts | tempo | ^1.3.1 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| fluentbit | object | `{"enabled":false}` | With fluentbit.enabled: false. It won't be deployed | -| grafana | object | `{"enabled":false}` | With grafana.enabled: false. It won't be deployed | -| loki | object | `{"enabled":false}` | With loki.enabled: false. It won't be deployed | -| mock-server | object | `{"enabled":false}` | With mock-server.enabled: false. It won't be deployed | | mongo-express | object | `{"enabled":false}` | With mongo-express.enabled: false. It won't be deployed | | mongo-register-express | object | `{"enabled":false}` | With mongo-register-express.enabled: false. It won't be deployed | -| otelcollector | object | `{"enabled":false}` | With otelcollector.enabled: false. It won't be deployed | -| renderer | object | `{"enabled":false}` | With renderer.enabled: false. It won't be deployed | -| tempo | object | `{"enabled":true,"persistence":{"enabled":true,"size":"3Gi"},"tempo":{"metricsGenerator":{"enabled":true,"remoteWriteUrl":"http://prometheus.mon.svc.cluster.local:9090/api/v1/write"}}}` | With tempo.enabled: false. It won't be deployed | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/helm/03_capif_commons/README.md b/helm/03_capif_commons/README.md index 04814b5..85514dd 100644 --- a/helm/03_capif_commons/README.md +++ b/helm/03_capif_commons/README.md @@ -8,45 +8,16 @@ A Helm chart to CAPIF in Kubernetes | Repository | Name | Version | |------------|------|---------| -| | fluentbit | * | -| | grafana | * | -| | loki | * | +| | celery-beat | * | +| | celery-worker | * | | | mock-server | * | -| | mongo | * | -| | mongo-express | * | -| | mongo-register | * | -| | mongo-register-express | * | -| | nginx | * | -| | ocf-access-control-policy | * | -| | ocf-api-invocation-logs | * | -| | ocf-api-invoker-management | * | -| | ocf-api-provider-management | * | -| | ocf-auditing-api-logs | * | -| | ocf-discover-service-api | * | -| | ocf-events | * | -| | ocf-helper | * | -| | ocf-publish-service-api | * | -| | ocf-register | * | -| | ocf-routing-info | * | -| | ocf-security | * | -| | otelcollector | * | | | redis | * | -| | renderer | * | -| https://grafana.github.io/helm-charts | tempo | ^1.3.1 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| fluentbit | object | `{"enabled":false}` | With fluentbit.enabled: false. It won't be deployed | -| grafana | object | `{"enabled":false}` | With grafana.enabled: false. It won't be deployed | -| loki | object | `{"enabled":false}` | With loki.enabled: false. It won't be deployed | | mock-server | object | `{"enabled":false}` | With mock-server.enabled: false. It won't be deployed | -| mongo-express | object | `{"enabled":false}` | With mongo-express.enabled: false. It won't be deployed | -| mongo-register-express | object | `{"enabled":false}` | With mongo-register-express.enabled: false. It won't be deployed | -| otelcollector | object | `{"enabled":false}` | With otelcollector.enabled: false. It won't be deployed | -| renderer | object | `{"enabled":false}` | With renderer.enabled: false. It won't be deployed | -| tempo | object | `{"enabled":true,"persistence":{"enabled":true,"size":"3Gi"},"tempo":{"metricsGenerator":{"enabled":true,"remoteWriteUrl":"http://prometheus.mon.svc.cluster.local:9090/api/v1/write"}}}` | With tempo.enabled: false. It won't be deployed | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/helm/04_capif_services/README.md b/helm/04_capif_services/README.md index 04814b5..b6172cb 100644 --- a/helm/04_capif_services/README.md +++ b/helm/04_capif_services/README.md @@ -8,14 +8,6 @@ A Helm chart to CAPIF in Kubernetes | Repository | Name | Version | |------------|------|---------| -| | fluentbit | * | -| | grafana | * | -| | loki | * | -| | mock-server | * | -| | mongo | * | -| | mongo-express | * | -| | mongo-register | * | -| | mongo-register-express | * | | | nginx | * | | | ocf-access-control-policy | * | | | ocf-api-invocation-logs | * | @@ -23,30 +15,17 @@ A Helm chart to CAPIF in Kubernetes | | ocf-api-provider-management | * | | | ocf-auditing-api-logs | * | | | ocf-discover-service-api | * | +| | ocf-open-discover-service-api | * | | | ocf-events | * | | | ocf-helper | * | | | ocf-publish-service-api | * | -| | ocf-register | * | | | ocf-routing-info | * | | | ocf-security | * | -| | otelcollector | * | -| | redis | * | -| | renderer | * | -| https://grafana.github.io/helm-charts | tempo | ^1.3.1 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| fluentbit | object | `{"enabled":false}` | With fluentbit.enabled: false. It won't be deployed | -| grafana | object | `{"enabled":false}` | With grafana.enabled: false. It won't be deployed | -| loki | object | `{"enabled":false}` | With loki.enabled: false. It won't be deployed | -| mock-server | object | `{"enabled":false}` | With mock-server.enabled: false. It won't be deployed | -| mongo-express | object | `{"enabled":false}` | With mongo-express.enabled: false. It won't be deployed | -| mongo-register-express | object | `{"enabled":false}` | With mongo-register-express.enabled: false. It won't be deployed | -| otelcollector | object | `{"enabled":false}` | With otelcollector.enabled: false. It won't be deployed | -| renderer | object | `{"enabled":false}` | With renderer.enabled: false. It won't be deployed | -| tempo | object | `{"enabled":true,"persistence":{"enabled":true,"size":"3Gi"},"tempo":{"metricsGenerator":{"enabled":true,"remoteWriteUrl":"http://prometheus.mon.svc.cluster.local:9090/api/v1/write"}}}` | With tempo.enabled: false. It won't be deployed | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/.helmignore b/helm/04_capif_services/charts/ocf-open-discover-service-api/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/Chart.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/Chart.yaml new file mode 100644 index 0000000..3d42681 --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-open-discover-service-api +description: A Helm chart for Kubernetes of ocf-open-discover-service-api + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/README.md b/helm/04_capif_services/charts/ocf-open-discover-service-api/README.md new file mode 100644 index 0000000..edef689 --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/README.md @@ -0,0 +1,63 @@ +# ocf-open-discover-service-api + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +A Helm chart for Kubernetes of ocf-open-discover-service-api + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| env.logLevel | string | `"INFO"` | | +| env.mongoInitdbRootPassword | string | `"example"` | | +| env.mongoInitdbRootUsername | string | `"root"` | | +| env.monitoring | string | `"true"` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"Always"` | | +| image.repository | string | `"ocf-open-discover-service-api"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| livenessProbe | string | `nil` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| readinessProbe.initialDelaySeconds | int | `5` | | +| readinessProbe.periodSeconds | int | `5` | | +| readinessProbe.tcpSocket.port | int | `8080` | | +| replicaCount | int | `1` | | +| resources.limits.cpu | string | `"100m"` | | +| resources.limits.memory | string | `"128Mi"` | | +| resources.requests.cpu | string | `"100m"` | | +| resources.requests.memory | string | `"128Mi"` | | +| securityContext | object | `{}` | | +| service.port | int | `8080` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automount | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | +| volumeMounts[0].mountPath | string | `"/usr/src/app/config.yaml"` | | +| volumeMounts[0].name | string | `"capif-opendiscover-service-config"` | | +| volumeMounts[0].subPath | string | `"config.yaml"` | | +| volumes[0].configMap.items[0].key | string | `"config.yaml"` | | +| volumes[0].configMap.items[0].path | string | `"config.yaml"` | | +| volumes[0].configMap.name | string | `"capif-opendiscover-service-configmap"` | | +| volumes[0].name | string | `"capif-opendiscover-service-config"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/NOTES.txt b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/NOTES.txt new file mode 100644 index 0000000..c14d572 --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-open-discover-service-api.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-open-discover-service-api.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-open-discover-service-api.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-open-discover-service-api.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/_helpers.tpl b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/_helpers.tpl new file mode 100644 index 0000000..08b567f --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-open-discover-service-api.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-open-discover-service-api.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-open-discover-service-api.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-open-discover-service-api.labels" -}} +helm.sh/chart: {{ include "ocf-open-discover-service-api.chart" . }} +{{ include "ocf-open-discover-service-api.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-open-discover-service-api.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-open-discover-service-api.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-open-discover-service-api.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-open-discover-service-api.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/configmap.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/configmap.yaml new file mode 100644 index 0000000..a68e053 --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/configmap.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: capif-opendiscover-service-configmap +data: + config.yaml: | + mongo: { + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', + 'db': 'capif', + 'col': 'serviceapidescriptions', + 'invokers_col': 'invokerdetails', + 'capif_users_col': 'user', + 'certs_col': 'certs', + 'host': 'mongo', + 'port': "27017" + } + + monitoring: { + "fluent_bit_host": fluent-bit, + "fluent_bit_port": 24224, + "opentelemetry_url": "otel-collector", + "opentelemetry_port": "55680", + "opentelemetry_max_queue_size": 8192, + "opentelemetry_schedule_delay_millis": 20000, + "opentelemetry_max_export_batch_size": 2048, + "opentelemetry_export_timeout_millis": 60000 + } \ No newline at end of file diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/deployment.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/deployment.yaml new file mode 100644 index 0000000..22b810d --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-open-discover-service-api.fullname" . }} + labels: + {{- include "ocf-open-discover-service-api.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-open-discover-service-api.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-open-discover-service-api.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-open-discover-service-api.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: CAPIF_HOSTNAME + value: {{ quote .Values.env.capifHostname }} + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + - name: VAULT_HOSTNAME + value: {{ quote .Values.env.vaultHostname }} + - name: VAULT_PORT + value: {{ quote .Values.env.vaultPort }} + - name: VAULT_ACCESS_TOKEN + value: {{ quote .Values.env.vaultAccessToken }} + - name: LOG_LEVEL + value: {{ quote .Values.env.logLevel }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/hpa.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/hpa.yaml new file mode 100644 index 0000000..ea87ab2 --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-open-discover-service-api.fullname" . }} + labels: + {{- include "ocf-open-discover-service-api.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-open-discover-service-api.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/ingress.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/ingress.yaml new file mode 100644 index 0000000..1715fcf --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-open-discover-service-api.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-open-discover-service-api.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/service.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/service.yaml new file mode 100644 index 0000000..9d98ea7 --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: open-discover-service-apis + labels: + {{- include "ocf-open-discover-service-api.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-open-discover-service-api.selectorLabels" . | nindent 4 }} diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/serviceaccount.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/serviceaccount.yaml new file mode 100644 index 0000000..7afa97c --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-open-discover-service-api.serviceAccountName" . }} + labels: + {{- include "ocf-open-discover-service-api.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/tests/test-connection.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/tests/test-connection.yaml new file mode 100644 index 0000000..c76a8c3 --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-open-discover-service-api.fullname" . }}-test-connection" + labels: + {{- include "ocf-open-discover-service-api.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['open-discover-service-apis:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/values.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/values.yaml new file mode 100644 index 0000000..e479015 --- /dev/null +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/values.yaml @@ -0,0 +1,122 @@ +# Default values for ocf-open-discover-service-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ocf-open-discover-service-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + capifHostname: capif + vaultHostname: vault + vaultPort: 8200 + vaultAccessToken: dev-only-token + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + logLevel: "INFO" + + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 1m + memory: 1Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-opendiscover-service-config + configMap: + name: capif-opendiscover-service-configmap + items: + - key: "config.yaml" + path: "config.yaml" + + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-opendiscover-service-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/05_capif_register/README.md b/helm/05_capif_register/README.md index 04814b5..af3a192 100644 --- a/helm/05_capif_register/README.md +++ b/helm/05_capif_register/README.md @@ -8,45 +8,13 @@ A Helm chart to CAPIF in Kubernetes | Repository | Name | Version | |------------|------|---------| -| | fluentbit | * | -| | grafana | * | -| | loki | * | -| | mock-server | * | -| | mongo | * | -| | mongo-express | * | -| | mongo-register | * | -| | mongo-register-express | * | -| | nginx | * | -| | ocf-access-control-policy | * | -| | ocf-api-invocation-logs | * | -| | ocf-api-invoker-management | * | -| | ocf-api-provider-management | * | -| | ocf-auditing-api-logs | * | -| | ocf-discover-service-api | * | -| | ocf-events | * | -| | ocf-helper | * | -| | ocf-publish-service-api | * | | | ocf-register | * | -| | ocf-routing-info | * | -| | ocf-security | * | -| | otelcollector | * | -| | redis | * | -| | renderer | * | -| https://grafana.github.io/helm-charts | tempo | ^1.3.1 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| fluentbit | object | `{"enabled":false}` | With fluentbit.enabled: false. It won't be deployed | -| grafana | object | `{"enabled":false}` | With grafana.enabled: false. It won't be deployed | -| loki | object | `{"enabled":false}` | With loki.enabled: false. It won't be deployed | -| mock-server | object | `{"enabled":false}` | With mock-server.enabled: false. It won't be deployed | -| mongo-express | object | `{"enabled":false}` | With mongo-express.enabled: false. It won't be deployed | -| mongo-register-express | object | `{"enabled":false}` | With mongo-register-express.enabled: false. It won't be deployed | -| otelcollector | object | `{"enabled":false}` | With otelcollector.enabled: false. It won't be deployed | -| renderer | object | `{"enabled":false}` | With renderer.enabled: false. It won't be deployed | -| tempo | object | `{"enabled":true,"persistence":{"enabled":true,"size":"3Gi"},"tempo":{"metricsGenerator":{"enabled":true,"remoteWriteUrl":"http://prometheus.mon.svc.cluster.local:9090/api/v1/write"}}}` | With tempo.enabled: false. It won't be deployed | + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/helm/scripts/04_install_capif_services.sh b/helm/scripts/04_install_capif_services.sh index b9bf4c2..2f53e5e 100755 --- a/helm/scripts/04_install_capif_services.sh +++ b/helm/scripts/04_install_capif_services.sh @@ -18,7 +18,7 @@ HELM_STEP_DIR="$HELM_DIR/04_capif_services" cat "$HELM_STEP_DIR/Chart.yaml" yq e -i ".appVersion = \"$CAPIF_IMAGE_TAG\"" "$HELM_STEP_DIR/Chart.yaml" cat "$HELM_STEP_DIR/Chart.yaml" -charts_04=("nginx" "ocf-access-control-policy" "ocf-api-invocation-logs" "ocf-api-invoker-management" "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-routing-info" "ocf-security") +charts_04=("nginx" "ocf-access-control-policy" "ocf-api-invocation-logs" "ocf-api-invoker-management" "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-routing-info" "ocf-security" "ocf-open-discover-service-api") for chart in "${charts_04[@]}"; do yq e -i ".appVersion = \"$CAPIF_IMAGE_TAG\"" "$HELM_STEP_DIR/charts/$chart/Chart.yaml" done @@ -93,6 +93,14 @@ install_capif_helm() { --set ocf-discover-service-api.image.tag=$CAPIF_IMAGE_TAG \ --set ocf-discover-service-api.env.monitoring="true" \ --set ocf-discover-service-api.env.logLevel="$LOG_LEVEL" \ + --set ocf-open-discover-service-api.image.repository=$CAPIF_DOCKER_REGISTRY/ocf-open-discover-service-api \ + --set ocf-open-discover-service-api.image.tag=$CAPIF_IMAGE_TAG \ + --set ocf-open-discover-service-api.env.monitoring="true" \ + --set ocf-open-discover-service-api.env.capifHostname=$CAPIF_HOSTNAME \ + --set ocf-open-discover-service-api.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \ + --set ocf-open-discover-service-api.env.vaultPort=$VAULT_PORT \ + --set ocf-open-discover-service-api.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-open-discover-service-api.env.logLevel="$LOG_LEVEL" \ --set ocf-helper.image.repository=$CAPIF_DOCKER_REGISTRY/helper \ --set ocf-helper.image.tag=$CAPIF_IMAGE_TAG \ --set ocf-helper.env.vaultHostname=$VAULT_INTERNAL_HOSTNAME \ -- GitLab From abaebf106c84f2be9327ae31cba2cd3a4183d0ad Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 11:04:19 +0200 Subject: [PATCH 03/14] pushed minor change --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 8043aca..0c432af 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ - [FAQ Documentation](#faq-documentation) - # 3GPP Common API Framework OpenCAPIF implementation This repository includes all services developed using Python Flask servers, created with openapi-generator with swagger definitions on [Open API Descriptions of 3GPP 5G APIs] for release 18 of Technical Specifications. -- GitLab From 7ef85691a368271a437b8845fcf58755f3a0376a Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 11:42:34 +0200 Subject: [PATCH 04/14] No change --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 0c432af..8d4445b 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ - [Install and Run](#install-and-run) - [FAQ Documentation](#faq-documentation) - # 3GPP Common API Framework OpenCAPIF implementation This repository includes all services developed using Python Flask servers, created with openapi-generator with swagger definitions on [Open API Descriptions of 3GPP 5G APIs] for release 18 of Technical Specifications. -- GitLab From fa3b41c7648b4d82e37f96b99cd21b852adc1d7f Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 12:11:49 +0200 Subject: [PATCH 05/14] No change --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8d4445b..0c432af 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ - [Install and Run](#install-and-run) - [FAQ Documentation](#faq-documentation) + # 3GPP Common API Framework OpenCAPIF implementation This repository includes all services developed using Python Flask servers, created with openapi-generator with swagger definitions on [Open API Descriptions of 3GPP 5G APIs] for release 18 of Technical Specifications. -- GitLab From cadabb42639a3264e2484437772be1c924e96094 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 13:00:12 +0200 Subject: [PATCH 06/14] Setup complete cluster name for mongodb url --- helm/scripts/02_install_capif_db_express.sh | 6 ++++++ helm/scripts/variables.sh | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/helm/scripts/02_install_capif_db_express.sh b/helm/scripts/02_install_capif_db_express.sh index a11a4ad..792e026 100755 --- a/helm/scripts/02_install_capif_db_express.sh +++ b/helm/scripts/02_install_capif_db_express.sh @@ -39,11 +39,17 @@ install_capif_helm() { --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CAPIF_CI_ENV_ENDPOINT.$CAPIF_DOMAIN" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.meConfigMongodbAdminusername="$MONGO_DB_REGISTER_USER" \ + --set mongo-register-express.meConfigMongodbAdminpassword="$MONGO_DB_REGISTER_PASSWORD" \ + --set mongo-register-express.meConfigMongodbUrl="$MONGO_DB_REGISTER_INTERNAL_URL" \ --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-$CAPIF_CI_ENV_ENDPOINT.$CAPIF_DOMAIN" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.meConfigMongodbAdminusername="$MONGO_DB_ADMIN_USER" \ + --set mongo-express.meConfigMongodbAdminpassword="$MONGO_DB_ADMIN_PASSWORD" \ + --set mongo-express.meConfigMongodbUrl="$MONGO_DB_INTERNAL_URL" \ --wait --timeout=10m --create-namespace --atomic $CAPIF_RESOURCES_RESERVE $CAPIF_STORAGE_ACCESS_MODE $CAPIF_RUN_AS_USER_CONFIG "${extra_args[@]}" } diff --git a/helm/scripts/variables.sh b/helm/scripts/variables.sh index 746719d..b0f137c 100755 --- a/helm/scripts/variables.sh +++ b/helm/scripts/variables.sh @@ -136,6 +136,14 @@ export CAPIF_OTELCOLLECTOR_ENABLED=true # special configuration for capif deployment +## Mongo DBs +export MONGO_DB_ADMIN_USER="root" +export MONGO_DB_ADMIN_PASSWORD="example" +export MONGO_DB_INTERNAL_URL="mongodb://$MONGO_DB_ADMIN_USER:$MONGO_DB_ADMIN_PASSWORD@mongo.$CAPIF_NAMESPACE.svc.cluster.local:27017/" +export MONGO_DB_REGISTER_ADMIN_USER="root" +export MONGO_DB_REGISTER_ADMIN_PASSWORD="example" +export MONGO_DB_REGISTER_INTERNAL_URL="mongodb://$MONGO_DB_REGISTER_ADMIN_USER:$MONGO_DB_REGISTER_ADMIN_PASSWORD@mongo-register.$CAPIF_NAMESPACE.svc.cluster.local:27017/" + ## Setup KUBECONFIG export KUBECONFIG=$CUSTOM_KUBECONFIG -- GitLab From 0ba38c874d28353393264f515943177b94351fc6 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 13:08:02 +0200 Subject: [PATCH 07/14] Setup complete cluster name for mongodb url --- helm/scripts/02_install_capif_db_express.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/scripts/02_install_capif_db_express.sh b/helm/scripts/02_install_capif_db_express.sh index 792e026..6063beb 100755 --- a/helm/scripts/02_install_capif_db_express.sh +++ b/helm/scripts/02_install_capif_db_express.sh @@ -39,17 +39,17 @@ install_capif_helm() { --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CAPIF_CI_ENV_ENDPOINT.$CAPIF_DOMAIN" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set mongo-register-express.meConfigMongodbAdminusername="$MONGO_DB_REGISTER_USER" \ - --set mongo-register-express.meConfigMongodbAdminpassword="$MONGO_DB_REGISTER_PASSWORD" \ - --set mongo-register-express.meConfigMongodbUrl="$MONGO_DB_REGISTER_INTERNAL_URL" \ + --set mongo-register-express.env.meConfigMongodbAdminusername="$MONGO_DB_REGISTER_ADMIN_USER" \ + --set mongo-register-express.env.meConfigMongodbAdminpassword="$MONGO_DB_REGISTER_ADMIN_PASSWORD" \ + --set mongo-register-express.env.meConfigMongodbUrl="$MONGO_DB_REGISTER_INTERNAL_URL" \ --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-$CAPIF_CI_ENV_ENDPOINT.$CAPIF_DOMAIN" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set mongo-express.meConfigMongodbAdminusername="$MONGO_DB_ADMIN_USER" \ - --set mongo-express.meConfigMongodbAdminpassword="$MONGO_DB_ADMIN_PASSWORD" \ - --set mongo-express.meConfigMongodbUrl="$MONGO_DB_INTERNAL_URL" \ + --set mongo-express.env.meConfigMongodbAdminusername="$MONGO_DB_ADMIN_USER" \ + --set mongo-express.env.meConfigMongodbAdminpassword="$MONGO_DB_ADMIN_PASSWORD" \ + --set mongo-express.env.meConfigMongodbUrl="$MONGO_DB_INTERNAL_URL" \ --wait --timeout=10m --create-namespace --atomic $CAPIF_RESOURCES_RESERVE $CAPIF_STORAGE_ACCESS_MODE $CAPIF_RUN_AS_USER_CONFIG "${extra_args[@]}" } -- GitLab From 65c539d04b6f15471268ec303441d02ff341896d Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 16:53:44 +0200 Subject: [PATCH 08/14] Setup post process db variables for mongo express --- helm/scripts/variables.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/helm/scripts/variables.sh b/helm/scripts/variables.sh index b0f137c..1fa3bfb 100755 --- a/helm/scripts/variables.sh +++ b/helm/scripts/variables.sh @@ -139,10 +139,8 @@ export CAPIF_OTELCOLLECTOR_ENABLED=true ## Mongo DBs export MONGO_DB_ADMIN_USER="root" export MONGO_DB_ADMIN_PASSWORD="example" -export MONGO_DB_INTERNAL_URL="mongodb://$MONGO_DB_ADMIN_USER:$MONGO_DB_ADMIN_PASSWORD@mongo.$CAPIF_NAMESPACE.svc.cluster.local:27017/" export MONGO_DB_REGISTER_ADMIN_USER="root" export MONGO_DB_REGISTER_ADMIN_PASSWORD="example" -export MONGO_DB_REGISTER_INTERNAL_URL="mongodb://$MONGO_DB_REGISTER_ADMIN_USER:$MONGO_DB_REGISTER_ADMIN_PASSWORD@mongo-register.$CAPIF_NAMESPACE.svc.cluster.local:27017/" ## Setup KUBECONFIG export KUBECONFIG=$CUSTOM_KUBECONFIG @@ -276,4 +274,8 @@ wait_chart() { echo " → Waiting rollout of $deploy ..." kubectl rollout status deployment/"$deploy" -n "$NAMESPACE" --timeout=300s done -} \ No newline at end of file +} + +# DB URLs +export MONGO_DB_REGISTER_INTERNAL_URL="mongodb://$MONGO_DB_REGISTER_ADMIN_USER:$MONGO_DB_REGISTER_ADMIN_PASSWORD@mongo-register.$CAPIF_NAMESPACE.svc.cluster.local:27017/" +export MONGO_DB_INTERNAL_URL="mongodb://$MONGO_DB_ADMIN_USER:$MONGO_DB_ADMIN_PASSWORD@mongo.$CAPIF_NAMESPACE.svc.cluster.local:27017/" -- GitLab From 95a8648e657cc3ce5ef300f1067a14362cb66dd8 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 17:29:09 +0200 Subject: [PATCH 09/14] Improve helm scripts related with mongo and mongo-express --- .../charts/mongo-register/templates/deployment.yaml | 7 ++++++- helm/01_capif_db/charts/mongo-register/values.yaml | 2 ++ helm/01_capif_db/charts/mongo/templates/deployment.yaml | 7 ++++++- helm/01_capif_db/charts/mongo/values.yaml | 2 +- .../charts/mongo-express/templates/deployment.yaml | 4 ++++ .../mongo-register-express/templates/deployment.yaml | 4 ++++ helm/scripts/01_install_capif_db.sh | 4 ++++ helm/scripts/variables.sh | 6 ++++-- 8 files changed, 31 insertions(+), 5 deletions(-) diff --git a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml index 442eee6..03fca38 100644 --- a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - name: http + - name: mongo containerPort: {{ .Values.service.port }} protocol: TCP env: @@ -45,6 +45,11 @@ spec: value: {{ quote .Values.env.mongoInitdbRootPassword }} - name: MONGO_INITDB_ROOT_USERNAME value: {{ quote .Values.env.mongoInitdbRootUsername }} + command: ["mongod"] + args: + - "--bind_ip_all" + - "--auth" + - "--fork=false" livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/helm/01_capif_db/charts/mongo-register/values.yaml b/helm/01_capif_db/charts/mongo-register/values.yaml index d52301d..f331cdd 100644 --- a/helm/01_capif_db/charts/mongo-register/values.yaml +++ b/helm/01_capif_db/charts/mongo-register/values.yaml @@ -79,9 +79,11 @@ livenessProbe: # httpGet: # path: / # port: http + readinessProbe: tcpSocket: port: 27017 + initialDelaySeconds: 20 periodSeconds: 5 autoscaling: diff --git a/helm/01_capif_db/charts/mongo/templates/deployment.yaml b/helm/01_capif_db/charts/mongo/templates/deployment.yaml index 244693c..7e04939 100644 --- a/helm/01_capif_db/charts/mongo/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - name: http + - name: mongo containerPort: {{ .Values.service.port }} protocol: TCP env: @@ -45,6 +45,11 @@ spec: value: {{ quote .Values.env.mongoInitdbRootPassword }} - name: MONGO_INITDB_ROOT_USERNAME value: {{ quote .Values.env.mongoInitdbRootUsername }} + command: ["mongod"] + args: + - "--bind_ip_all" + - "--auth" + - "--fork=false" livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/helm/01_capif_db/charts/mongo/values.yaml b/helm/01_capif_db/charts/mongo/values.yaml index 0ba34e9..bf8da3a 100644 --- a/helm/01_capif_db/charts/mongo/values.yaml +++ b/helm/01_capif_db/charts/mongo/values.yaml @@ -90,7 +90,7 @@ livenessProbe: readinessProbe: tcpSocket: port: 27017 -# initialDelaySeconds: 5 + initialDelaySeconds: 20 periodSeconds: 5 autoscaling: diff --git a/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml b/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml index 32bda44..ad1e700 100644 --- a/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml +++ b/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml @@ -46,6 +46,10 @@ spec: value: {{ quote .Values.env.meConfigMongodbAdminpassword }} - name: ME_CONFIG_MONGODB_URL value: {{ quote .Values.env.meConfigMongodbUrl }} + - name: ME_CONFIG_CONNECT_RETRIES + value: "10" + - name: ME_CONFIG_CONNECT_RETRY_INTERVAL + value: "5000" livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml b/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml index d77c8bc..c743dd3 100644 --- a/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml +++ b/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml @@ -46,6 +46,10 @@ spec: value: {{ quote .Values.env.meConfigMongodbAdminusername }} - name: ME_CONFIG_MONGODB_URL value: {{ quote .Values.env.meConfigMongodbUrl }} + - name: ME_CONFIG_CONNECT_RETRIES + value: "10" + - name: ME_CONFIG_CONNECT_RETRY_INTERVAL + value: "5000" livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/helm/scripts/01_install_capif_db.sh b/helm/scripts/01_install_capif_db.sh index addeee5..4b1aa66 100755 --- a/helm/scripts/01_install_capif_db.sh +++ b/helm/scripts/01_install_capif_db.sh @@ -39,6 +39,8 @@ install_capif_helm() { --set mongo-register.persistence.storageClass=$CAPIF_STORAGE_CLASS \ --set mongo-register.persistence.storage=$CAPIF_MONGO_REGISTER_STORAGE_SIZE \ --set mongo-register.extraFlags[0]="--repair" \ + --set mongo-register.env.mongoInitdbRootPassword="$MONGO_DB_REGISTER_ADMIN_PASSWORD" \ + --set mongo-register.env.mongoInitdbRootUsername="$MONGO_DB_REGISTER_ADMIN_USER" \ --set mongo.persistence.storageClass=$CAPIF_STORAGE_CLASS \ --set mongo.persistence.storage=$CAPIF_MONGO_STORAGE_SIZE \ --set mongo.extraFlags[0]="--repair" \ @@ -46,6 +48,8 @@ install_capif_helm() { --set mongo.image.tag=6.0.2 \ --set mongo.busybox.repository=$BASE_DOCKER_REGISTRY/busybox \ --set mongo.busybox.tag=1.37.0 \ + --set mongo.env.mongoInitdbRootPassword="$MONGO_DB_ADMIN_PASSWORD" \ + --set mongo.env.mongoInitdbRootUsername="$MONGO_DB_ADMIN_USER" \ --wait --timeout=10m --create-namespace --atomic $CAPIF_RESOURCES_RESERVE $CAPIF_STORAGE_ACCESS_MODE $CAPIF_RUN_AS_USER_CONFIG "${extra_args[@]}" } diff --git a/helm/scripts/variables.sh b/helm/scripts/variables.sh index 1fa3bfb..f87c6af 100755 --- a/helm/scripts/variables.sh +++ b/helm/scripts/variables.sh @@ -277,5 +277,7 @@ wait_chart() { } # DB URLs -export MONGO_DB_REGISTER_INTERNAL_URL="mongodb://$MONGO_DB_REGISTER_ADMIN_USER:$MONGO_DB_REGISTER_ADMIN_PASSWORD@mongo-register.$CAPIF_NAMESPACE.svc.cluster.local:27017/" -export MONGO_DB_INTERNAL_URL="mongodb://$MONGO_DB_ADMIN_USER:$MONGO_DB_ADMIN_PASSWORD@mongo.$CAPIF_NAMESPACE.svc.cluster.local:27017/" +# export MONGO_DB_REGISTER_INTERNAL_URL="mongodb://$MONGO_DB_REGISTER_ADMIN_USER:$MONGO_DB_REGISTER_ADMIN_PASSWORD@mongo-register.$CAPIF_NAMESPACE.svc.cluster.local:27017/" +# export MONGO_DB_INTERNAL_URL="mongodb://$MONGO_DB_ADMIN_USER:$MONGO_DB_ADMIN_PASSWORD@mongo.$CAPIF_NAMESPACE.svc.cluster.local:27017/" +export MONGO_DB_REGISTER_INTERNAL_URL="mongodb://$MONGO_DB_REGISTER_ADMIN_USER:$MONGO_DB_REGISTER_ADMIN_PASSWORD@mongo-register:27017/" +export MONGO_DB_INTERNAL_URL="mongodb://$MONGO_DB_ADMIN_USER:$MONGO_DB_ADMIN_PASSWORD@mongo:27017/" -- GitLab From c1684fe5599a246d17f8fd2efbfb6fc019be5b73 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 17:40:08 +0200 Subject: [PATCH 10/14] Add new args on deployment for mongo --- .../charts/mongo-register/templates/deployment.yaml | 10 +++++----- .../01_capif_db/charts/mongo/templates/deployment.yaml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml index 03fca38..7aeece5 100644 --- a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml @@ -45,11 +45,11 @@ spec: value: {{ quote .Values.env.mongoInitdbRootPassword }} - name: MONGO_INITDB_ROOT_USERNAME value: {{ quote .Values.env.mongoInitdbRootUsername }} - command: ["mongod"] - args: - - "--bind_ip_all" - - "--auth" - - "--fork=false" + command: + - mongod + args: + - --bind_ip_all + - --auth livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/helm/01_capif_db/charts/mongo/templates/deployment.yaml b/helm/01_capif_db/charts/mongo/templates/deployment.yaml index 7e04939..5da0d76 100644 --- a/helm/01_capif_db/charts/mongo/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo/templates/deployment.yaml @@ -45,11 +45,11 @@ spec: value: {{ quote .Values.env.mongoInitdbRootPassword }} - name: MONGO_INITDB_ROOT_USERNAME value: {{ quote .Values.env.mongoInitdbRootUsername }} - command: ["mongod"] - args: - - "--bind_ip_all" - - "--auth" - - "--fork=false" + command: + - mongod + args: + - --bind_ip_all + - --auth livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: -- GitLab From 8e2e6fdc848aaf1bf24334cc90f14e10bc14d1ea Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Mon, 11 May 2026 18:37:16 +0200 Subject: [PATCH 11/14] added new variables --- .../charts/mongo-register/templates/deployment.yaml | 8 ++++---- helm/01_capif_db/charts/mongo/templates/deployment.yaml | 8 ++++---- .../charts/mongo-express/templates/deployment.yaml | 6 ++++++ .../02_capif_db_express/charts/mongo-express/values.yaml | 4 ++++ .../mongo-register-express/templates/deployment.yaml | 6 ++++++ .../charts/mongo-register-express/values.yaml | 9 ++++++--- 6 files changed, 30 insertions(+), 11 deletions(-) diff --git a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml index 7aeece5..6e8403e 100644 --- a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml @@ -41,10 +41,10 @@ spec: containerPort: {{ .Values.service.port }} protocol: TCP env: - - name: MONGO_INITDB_ROOT_PASSWORD - value: {{ quote .Values.env.mongoInitdbRootPassword }} - - name: MONGO_INITDB_ROOT_USERNAME - value: {{ quote .Values.env.mongoInitdbRootUsername }} + - name: MONGO_INITDB_ROOT_PASSWORD + value: {{ quote .Values.env.mongoInitdbRootPassword }} + - name: MONGO_INITDB_ROOT_USERNAME + value: {{ quote .Values.env.mongoInitdbRootUsername }} command: - mongod args: diff --git a/helm/01_capif_db/charts/mongo/templates/deployment.yaml b/helm/01_capif_db/charts/mongo/templates/deployment.yaml index 5da0d76..cc27bc5 100644 --- a/helm/01_capif_db/charts/mongo/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo/templates/deployment.yaml @@ -41,10 +41,10 @@ spec: containerPort: {{ .Values.service.port }} protocol: TCP env: - - name: MONGO_INITDB_ROOT_PASSWORD - value: {{ quote .Values.env.mongoInitdbRootPassword }} - - name: MONGO_INITDB_ROOT_USERNAME - value: {{ quote .Values.env.mongoInitdbRootUsername }} + - name: MONGO_INITDB_ROOT_PASSWORD + value: {{ quote .Values.env.mongoInitdbRootPassword }} + - name: MONGO_INITDB_ROOT_USERNAME + value: {{ quote .Values.env.mongoInitdbRootUsername }} command: - mongod args: diff --git a/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml b/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml index ad1e700..82a1a4b 100644 --- a/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml +++ b/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml @@ -40,6 +40,12 @@ spec: containerPort: {{ .Values.service.targetPort }} protocol: TCP env: + - name: ME_CONFIG_MONGODB_ENABLE_ADMIN + value: {{ .Values.env.meConfigMongodbEnableAdmin }} + - name: ME_CONFIG_BASICAUTH_USERNAME + value: {{ quote .Values.env.meConfigBasicauthUsername }} + - name: ME_CONFIG_BASICAUTH_PASSWORD + value: {{ quote .Values.env.meConfigBasicauthPassword }} - name: ME_CONFIG_MONGODB_ADMINUSERNAME value: {{ quote .Values.env.meConfigMongodbAdminusername }} - name: ME_CONFIG_MONGODB_ADMINPASSWORD diff --git a/helm/02_capif_db_express/charts/mongo-express/values.yaml b/helm/02_capif_db_express/charts/mongo-express/values.yaml index 76ce47e..a6a6f45 100644 --- a/helm/02_capif_db_express/charts/mongo-express/values.yaml +++ b/helm/02_capif_db_express/charts/mongo-express/values.yaml @@ -17,9 +17,13 @@ nameOverride: "" fullnameOverride: "" env: + meConfigMongodbEnableAdmin: true + meConfigBasicauthUsername: admin + meConfigBasicauthPassword: admin meConfigMongodbAdminusername: root meConfigMongodbAdminpassword: example meConfigMongodbUrl: mongodb://root:example@mongo:27017/ + serviceAccount: # Specifies whether a service account should be created create: true diff --git a/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml b/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml index c743dd3..2cd65e3 100644 --- a/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml +++ b/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml @@ -40,6 +40,12 @@ spec: containerPort: {{ .Values.service.targetPort }} protocol: TCP env: + - name: ME_CONFIG_MONGODB_ENABLE_ADMIN + value: {{ .Values.env.meConfigMongodbEnableAdmin }} + - name: ME_CONFIG_BASICAUTH_USERNAME + value: {{ quote .Values.env.meConfigBasicauthUsername }} + - name: ME_CONFIG_BASICAUTH_PASSWORD + value: {{ quote .Values.env.meConfigBasicauthPassword }} - name: ME_CONFIG_MONGODB_ADMINPASSWORD value: {{ quote .Values.env.meConfigMongodbAdminpassword }} - name: ME_CONFIG_MONGODB_ADMINUSERNAME diff --git a/helm/02_capif_db_express/charts/mongo-register-express/values.yaml b/helm/02_capif_db_express/charts/mongo-register-express/values.yaml index f174fbd..3178063 100644 --- a/helm/02_capif_db_express/charts/mongo-register-express/values.yaml +++ b/helm/02_capif_db_express/charts/mongo-register-express/values.yaml @@ -17,9 +17,12 @@ nameOverride: "" fullnameOverride: "" env: - meConfigMongodbAdminusername: root - meConfigMongodbAdminpassword: example - meConfigMongodbUrl: mongodb://root:example@mongo-register:27017/ + meConfigMongodbEnableAdmin: true + meConfigBasicauthUsername: admin + meConfigBasicauthPassword: admin + meConfigMongodbAdminusername: root + meConfigMongodbAdminpassword: example + meConfigMongodbUrl: mongodb://root:example@mongo-register:27017/ serviceAccount: # Specifies whether a service account should be created -- GitLab From febd598496f19449c9df950ce7e75cc8e1ba4c65 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Wed, 13 May 2026 10:59:49 +0200 Subject: [PATCH 12/14] Minor fixes --- .../mongo-register/templates/deployment.yaml | 15 +++++---------- .../01_capif_db/charts/mongo-register/values.yaml | 1 - .../charts/mongo/templates/deployment.yaml | 15 +++++---------- helm/01_capif_db/charts/mongo/values.yaml | 1 - .../mongo-express/templates/deployment.yaml | 2 +- .../templates/deployment.yaml | 2 +- 6 files changed, 12 insertions(+), 24 deletions(-) diff --git a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml index 6e8403e..442eee6 100644 --- a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml @@ -37,19 +37,14 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - name: mongo + - name: http containerPort: {{ .Values.service.port }} protocol: TCP env: - - name: MONGO_INITDB_ROOT_PASSWORD - value: {{ quote .Values.env.mongoInitdbRootPassword }} - - name: MONGO_INITDB_ROOT_USERNAME - value: {{ quote .Values.env.mongoInitdbRootUsername }} - command: - - mongod - args: - - --bind_ip_all - - --auth + - name: MONGO_INITDB_ROOT_PASSWORD + value: {{ quote .Values.env.mongoInitdbRootPassword }} + - name: MONGO_INITDB_ROOT_USERNAME + value: {{ quote .Values.env.mongoInitdbRootUsername }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/helm/01_capif_db/charts/mongo-register/values.yaml b/helm/01_capif_db/charts/mongo-register/values.yaml index f331cdd..02a9181 100644 --- a/helm/01_capif_db/charts/mongo-register/values.yaml +++ b/helm/01_capif_db/charts/mongo-register/values.yaml @@ -83,7 +83,6 @@ livenessProbe: readinessProbe: tcpSocket: port: 27017 - initialDelaySeconds: 20 periodSeconds: 5 autoscaling: diff --git a/helm/01_capif_db/charts/mongo/templates/deployment.yaml b/helm/01_capif_db/charts/mongo/templates/deployment.yaml index cc27bc5..244693c 100644 --- a/helm/01_capif_db/charts/mongo/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo/templates/deployment.yaml @@ -37,19 +37,14 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - name: mongo + - name: http containerPort: {{ .Values.service.port }} protocol: TCP env: - - name: MONGO_INITDB_ROOT_PASSWORD - value: {{ quote .Values.env.mongoInitdbRootPassword }} - - name: MONGO_INITDB_ROOT_USERNAME - value: {{ quote .Values.env.mongoInitdbRootUsername }} - command: - - mongod - args: - - --bind_ip_all - - --auth + - name: MONGO_INITDB_ROOT_PASSWORD + value: {{ quote .Values.env.mongoInitdbRootPassword }} + - name: MONGO_INITDB_ROOT_USERNAME + value: {{ quote .Values.env.mongoInitdbRootUsername }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/helm/01_capif_db/charts/mongo/values.yaml b/helm/01_capif_db/charts/mongo/values.yaml index bf8da3a..c170b1e 100644 --- a/helm/01_capif_db/charts/mongo/values.yaml +++ b/helm/01_capif_db/charts/mongo/values.yaml @@ -90,7 +90,6 @@ livenessProbe: readinessProbe: tcpSocket: port: 27017 - initialDelaySeconds: 20 periodSeconds: 5 autoscaling: diff --git a/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml b/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml index 82a1a4b..13bba03 100644 --- a/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml +++ b/helm/02_capif_db_express/charts/mongo-express/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: protocol: TCP env: - name: ME_CONFIG_MONGODB_ENABLE_ADMIN - value: {{ .Values.env.meConfigMongodbEnableAdmin }} + value: {{ quote .Values.env.meConfigMongodbEnableAdmin }} - name: ME_CONFIG_BASICAUTH_USERNAME value: {{ quote .Values.env.meConfigBasicauthUsername }} - name: ME_CONFIG_BASICAUTH_PASSWORD diff --git a/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml b/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml index 2cd65e3..2e93bca 100644 --- a/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml +++ b/helm/02_capif_db_express/charts/mongo-register-express/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: protocol: TCP env: - name: ME_CONFIG_MONGODB_ENABLE_ADMIN - value: {{ .Values.env.meConfigMongodbEnableAdmin }} + value: {{ quote .Values.env.meConfigMongodbEnableAdmin }} - name: ME_CONFIG_BASICAUTH_USERNAME value: {{ quote .Values.env.meConfigBasicauthUsername }} - name: ME_CONFIG_BASICAUTH_PASSWORD -- GitLab From e853270c51b5318821615e80520620863f5bf0da Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Wed, 13 May 2026 11:13:17 +0200 Subject: [PATCH 13/14] Minor fixes --- .../charts/mongo-register/templates/deployment.yaml | 8 ++++---- helm/01_capif_db/charts/mongo/templates/deployment.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml index 442eee6..d2432c1 100644 --- a/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo-register/templates/deployment.yaml @@ -41,10 +41,10 @@ spec: containerPort: {{ .Values.service.port }} protocol: TCP env: - - name: MONGO_INITDB_ROOT_PASSWORD - value: {{ quote .Values.env.mongoInitdbRootPassword }} - - name: MONGO_INITDB_ROOT_USERNAME - value: {{ quote .Values.env.mongoInitdbRootUsername }} + - name: MONGO_INITDB_ROOT_PASSWORD + value: {{ quote .Values.env.mongoInitdbRootPassword }} + - name: MONGO_INITDB_ROOT_USERNAME + value: {{ quote .Values.env.mongoInitdbRootUsername }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/helm/01_capif_db/charts/mongo/templates/deployment.yaml b/helm/01_capif_db/charts/mongo/templates/deployment.yaml index 244693c..bf43c77 100644 --- a/helm/01_capif_db/charts/mongo/templates/deployment.yaml +++ b/helm/01_capif_db/charts/mongo/templates/deployment.yaml @@ -41,10 +41,10 @@ spec: containerPort: {{ .Values.service.port }} protocol: TCP env: - - name: MONGO_INITDB_ROOT_PASSWORD - value: {{ quote .Values.env.mongoInitdbRootPassword }} - - name: MONGO_INITDB_ROOT_USERNAME - value: {{ quote .Values.env.mongoInitdbRootUsername }} + - name: MONGO_INITDB_ROOT_PASSWORD + value: {{ quote .Values.env.mongoInitdbRootPassword }} + - name: MONGO_INITDB_ROOT_USERNAME + value: {{ quote .Values.env.mongoInitdbRootUsername }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: -- GitLab From 00b8d32edf86246a6b4309a58deb1d1af275e22e Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Wed, 13 May 2026 11:24:47 +0200 Subject: [PATCH 14/14] Minor fixes --- .../charts/ocf-open-discover-service-api/templates/service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/service.yaml b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/service.yaml index 9d98ea7..c36f55b 100644 --- a/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/service.yaml +++ b/helm/04_capif_services/charts/ocf-open-discover-service-api/templates/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: open-discover-service-apis + name: open-api-disc labels: {{- include "ocf-open-discover-service-api.labels" . | nindent 4 }} spec: -- GitLab