From b5aff8e2d9e79a2e8a52b979c8f3004b856cd3db Mon Sep 17 00:00:00 2001 From: Parisa Date: Thu, 23 Jan 2025 16:06:30 +0100 Subject: [PATCH] add integrationtest-sda-doa and build-sda-doa to Makefile --- .github/integration/scripts/make_certs.sh | 3 + .github/integration/sda-doa-posix-outbox.yml | 132 ++++++++++++++ .github/integration/sda-doa-s3-outbox.yml | 163 ++++++++++++++++++ Makefile | 4 + sda-doa/Dockerfile | 2 +- sda-doa/docker-compose-posix-outbox.yml | 79 --------- sda-doa/docker-compose-s3-outbox.yml | 93 ---------- .../doa/LocalEGADOAApplicationTests.java | 95 +++------- sda-doa/test/mock_auth.py | 16 +- sda-doa/test/run/run_sda_doa_tests.sh | 49 ++++++ sda-doa/test/setup/make_crypt4gh_files.sh | 41 +++++ .../test/setup/make_crypt4gh_private_key.sh | 19 ++ sda-doa/test/setup/run_db_command.sh | 65 +++++++ 13 files changed, 510 insertions(+), 251 deletions(-) create mode 100644 .github/integration/sda-doa-posix-outbox.yml create mode 100644 .github/integration/sda-doa-s3-outbox.yml delete mode 100644 sda-doa/docker-compose-posix-outbox.yml delete mode 100644 sda-doa/docker-compose-s3-outbox.yml create mode 100644 sda-doa/test/run/run_sda_doa_tests.sh create mode 100644 sda-doa/test/setup/make_crypt4gh_files.sh create mode 100644 sda-doa/test/setup/make_crypt4gh_private_key.sh create mode 100644 sda-doa/test/setup/run_db_command.sh diff --git a/.github/integration/scripts/make_certs.sh b/.github/integration/scripts/make_certs.sh index bde3bd1a0..7b0d66692 100755 --- a/.github/integration/scripts/make_certs.sh +++ b/.github/integration/scripts/make_certs.sh @@ -34,6 +34,7 @@ openssl x509 -req -in "$out_dir/mq.csr" -days 1200 -CA "$out_dir/ca.crt" -CAkey # Create client certificate openssl req -config "$script_dir/ssl.cnf" -new -nodes -newkey rsa:4096 -keyout "$out_dir/client.key" -out "$out_dir/client.csr" -extensions client_cert -subj "/CN=admin" +openssl pkcs8 -topk8 -inform PEM -outform DER -in "$out_dir/client.key" -out "$out_dir/client.der" -nocrypt openssl x509 -req -in "$out_dir/client.csr" -days 1200 -CA "$out_dir/ca.crt" -CAkey "$out_dir/ca-key.pem" -set_serial 01 -out "$out_dir/client.crt" -extensions client_cert -extfile "$script_dir/ssl.cnf" if [ -n "$KEYSTORE_PASSWORD" ]; then @@ -68,7 +69,9 @@ chmod 600 /certs/*.key cp -p "$out_dir/ca.crt" /client_certs/ca.crt cp -p "$out_dir/client.crt" /client_certs/ cp -p "$out_dir/client.key" /client_certs/ +cp -p "$out_dir/client.der" /client_certs/ chmod 600 /client_certs/*.key +chmod 644 /client_certs/*.der # needed if testing locally mkdir -p /temp/certs diff --git a/.github/integration/sda-doa-posix-outbox.yml b/.github/integration/sda-doa-posix-outbox.yml new file mode 100644 index 000000000..fada2ffd6 --- /dev/null +++ b/.github/integration/sda-doa-posix-outbox.yml @@ -0,0 +1,132 @@ +services: + certfixer: + command: + - /bin/sh + - /scripts/make_certs.sh + container_name: certfixer + image: alpine:latest + volumes: + - ./scripts:/scripts + - certs:/certs + - client_certs:/client_certs + - /tmp:/temp + + postgres: + build: + context: ../../postgresql + container_name: postgres + image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-postgres + depends_on: + certfixer: + condition: service_completed_successfully + ports: + - 5432:5432 + environment: + - LEGA_IN_PASSWORD=password + - LEGA_OUT_PASSWORD=password + - POSTGRES_PASSWORD=rootpasswd + - POSTGRES_SERVER_CACERT=/certs/ca.crt + - POSTGRES_SERVER_CERT=/certs/db.crt + - POSTGRES_SERVER_KEY=/certs/db.key + + healthcheck: + test: [ "CMD", "pg_isready", "-h", "localhost", "-U", "lega_out" ] + interval: 5s + timeout: 20s + retries: 3 + volumes: + - certs:/certs + + mockauth: + container_name: mockauth + image: python:3.11-slim + ports: + - 8000:8000 + volumes: + - ../../sda-doa/test/mock_auth.py:/mock_auth.py + - client_certs:/client_certs + command: > + sh -c "pip install --upgrade pip && pip install aiohttp Authlib && python -u /mock_auth.py 0.0.0.0 8000" + + + + rabbitmq: + build: + context: ../../rabbitmq + image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-rabbitmq + container_name: rabbitmq + depends_on: + certfixer: + condition: service_completed_successfully + environment: + - RABBITMQ_SERVER_CACERT=/etc/rabbitmq/ssl/ca.crt + - RABBITMQ_SERVER_CERT=/etc/rabbitmq/ssl/mq.crt + - RABBITMQ_SERVER_KEY=/etc/rabbitmq/ssl/mq.key + - RABBITMQ_SERVER_VERIFY=verify_none + healthcheck: + test: + [ + "CMD", + "bash", + "-c", + "rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms", + ] + interval: 5s + timeout: 20s + retries: 3 + restart: always + volumes: + - certs:/etc/rabbitmq/ssl/ + - rabbitmq_data:/var/lib/rabbitmq + ports: + - 5671:5671 + - 25671:15671 + + doa: + container_name: doa + build: + context: ../../sda-doa + dockerfile: ../../sda-doa/Dockerfile + image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-sda-doa + depends_on: + postgres: + condition: service_healthy + rabbitmq: + condition: service_healthy + certfixer: + condition: service_completed_successfully + links: + - rabbitmq + - postgres + ports: + - "8080:8080" + environment: + - SSL_MODE=verify-ca + - POSTGRES_USER=postgres + - POSTGRES_DB=sda + - POSTGRES_PASSWORD=rootpasswd + - DB_INSTANCE=postgres + - SSL_ENABLED=false + - BROKER_HOST=rabbitmq + - BROKER_VALIDATE=false + - OPENID_CONFIGURATION_URL=http://mockauth:8000/openid-configuration + - USERINFO_ENDPOINT_URL=http://mockauth:8000/userinfo + - CRYPT4GH_PRIVATE_KEY_PATH=test/crypt4gh.sec.pem + - CRYPT4GH_PRIVATE_KEY_PASSWORD_PATH=test/crypt4gh.pass + - OUTBOX_TYPE=POSIX + - OUTBOX_LOCATION=/outbox/%s/files/ + - SSL_ENABLED=false + - ROOT_CERT_PATH=/certs/ca.crt + - CERT_PATH=/certs/client.crt + - CERT_KEY=/certs/client.der + - BROKER_USERNAME=guest + + volumes: + - client_certs:/certs + - ../../sda-doa/test/body.enc:/test/body.enc + - ../../sda-doa/outbox:/outbox + +volumes: + certs: + client_certs: + rabbitmq_data: diff --git a/.github/integration/sda-doa-s3-outbox.yml b/.github/integration/sda-doa-s3-outbox.yml new file mode 100644 index 000000000..437ae05f0 --- /dev/null +++ b/.github/integration/sda-doa-s3-outbox.yml @@ -0,0 +1,163 @@ +services: + certfixer: + command: + - /bin/sh + - /scripts/make_certs.sh + container_name: certfixer + image: alpine:latest + volumes: + - ./scripts:/scripts + - certs:/certs + - client_certs:/client_certs + - /tmp:/temp + + postgres: + build: + context: ../../postgresql + container_name: postgres + image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-postgres + depends_on: + certfixer: + condition: service_completed_successfully + ports: + - 5432:5432 + environment: + - LEGA_IN_PASSWORD=password + - LEGA_OUT_PASSWORD=password + - POSTGRES_PASSWORD=rootpasswd + - POSTGRES_SERVER_CACERT=/certs/ca.crt + - POSTGRES_SERVER_CERT=/certs/db.crt + - POSTGRES_SERVER_KEY=/certs/db.key + + healthcheck: + test: [ "CMD", "pg_isready", "-h", "localhost", "-U", "lega_out" ] + interval: 5s + timeout: 20s + retries: 3 + volumes: + - certs:/certs + + mockauth: + container_name: mockauth + image: python:3.11-slim + ports: + - 8000:8000 + volumes: + - ../../sda-doa/test/mock_auth.py:/mock_auth.py + - client_certs:/client_certs + command: > + sh -c "pip install --upgrade pip && pip install aiohttp Authlib && python -u /mock_auth.py 0.0.0.0 8000" + + rabbitmq: + build: + context: ../../rabbitmq + image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-rabbitmq + container_name: rabbitmq + depends_on: + certfixer: + condition: service_completed_successfully + environment: + - RABBITMQ_SERVER_CACERT=/etc/rabbitmq/ssl/ca.crt + - RABBITMQ_SERVER_CERT=/etc/rabbitmq/ssl/mq.crt + - RABBITMQ_SERVER_KEY=/etc/rabbitmq/ssl/mq.key + - RABBITMQ_SERVER_VERIFY=verify_none + healthcheck: + test: + [ + "CMD", + "bash", + "-c", + "rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms", + ] + interval: 5s + timeout: 20s + retries: 3 + restart: always + volumes: + - certs:/etc/rabbitmq/ssl/ + - rabbitmq_data:/var/lib/rabbitmq + ports: + - 5671:5671 + - 25671:15671 + + outbox: + container_name: outbox + image: minio/minio + ports: + - 9000:9000 + environment: + - MINIO_ACCESS_KEY=minio + - MINIO_SECRET_KEY=miniostorage + command: server /data + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ] + interval: 10s + timeout: 5s + retries: 5 + + init-bucket: + container_name: init-bucket + image: minio/mc + depends_on: + outbox: + condition: service_healthy + entrypoint: > + /bin/sh -c " + /usr/bin/mc config host add s3 http://outbox:9000 minio miniostorage; + /usr/bin/mc mb s3/lega; + exit 0; + " + + doa: + container_name: doa + build: + context: ../../sda-doa + dockerfile: ../../sda-doa/Dockerfile + image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-sda-doa + depends_on: + postgres: + condition: service_healthy + rabbitmq: + condition: service_healthy + certfixer: + condition: service_completed_successfully + links: + - rabbitmq + - postgres + ports: + - "8080:8080" + environment: + - SSL_MODE=verify-ca + - POSTGRES_USER=postgres + - POSTGRES_DB=sda + - POSTGRES_PASSWORD=rootpasswd + - DB_INSTANCE=postgres + - SSL_ENABLED=false + - BROKER_HOST=rabbitmq + - BROKER_VALIDATE=false + - OPENID_CONFIGURATION_URL=http://mockauth:8000/openid-configuration + - USERINFO_ENDPOINT_URL=http://mockauth:8000/userinfo + - CRYPT4GH_PRIVATE_KEY_PATH=test/crypt4gh.sec.pem + - CRYPT4GH_PRIVATE_KEY_PASSWORD_PATH=test/crypt4gh.pass + - OUTBOX_TYPE=S3 + - SSL_ENABLED=false + - ROOT_CERT_PATH=/certs/ca.crt + - CERT_PATH=/certs/client.crt + - CERT_KEY=/certs/client.der + - BROKER_USERNAME=guest + - S3_OUT_ENDPOINT=outbox + - S3_OUT_PORT=9000 + - S3_OUT_SECURE=false + + volumes: + - client_certs:/certs + - ../../sda-doa/test/body.enc:/test/body.enc + + +volumes: + postgres: + certs: + client_certs: + postgres_data: + rabbitmq_data: + shared: \ No newline at end of file diff --git a/Makefile b/Makefile index 0e0c16104..0edaa439e 100644 --- a/Makefile +++ b/Makefile @@ -36,6 +36,8 @@ build-sda-sftp-inbox: @cd sda-sftp-inbox && docker build -t ghcr.io/neicnordic/sensitive-data-archive:PR$$(date +%F)-sftp-inbox . build-sda-admin: @cd sda-admin && go build +build-sda-doa: + @cd sda-doa && docker build -t ghcr.io/neicnordic/sensitive-data-archive:PR$$(date +%F)-sda-doa . go-version-check: SHELL:=/bin/bash @@ -127,6 +129,8 @@ integrationtest-sda-sync-run: @PR_NUMBER=$$(date +%F) docker compose -f .github/integration/sda-sync-integration.yml run integration_test integrationtest-sda-sync-down: @PR_NUMBER=$$(date +%F) docker compose -f .github/integration/sda-sync-integration.yml down -v --remove-orphans +integrationtest-sda-doa: + @cd sda-doa/test/run && sh run_sda_doa_tests.sh # lint go code lint-all: lint-sda lint-sda-download lint-sda-admin diff --git a/sda-doa/Dockerfile b/sda-doa/Dockerfile index b534cd27b..10ae01974 100644 --- a/sda-doa/Dockerfile +++ b/sda-doa/Dockerfile @@ -1,4 +1,4 @@ -FROM maven:3-eclipse-temurin-21-alpine as builder +FROM maven:3-eclipse-temurin-21-alpine AS builder COPY pom.xml . diff --git a/sda-doa/docker-compose-posix-outbox.yml b/sda-doa/docker-compose-posix-outbox.yml deleted file mode 100644 index 3a593186b..000000000 --- a/sda-doa/docker-compose-posix-outbox.yml +++ /dev/null @@ -1,79 +0,0 @@ -version: '3.3' - -services: - - db: - build: - context: ../../postgresql - container_name: postgres - image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-postgres - ports: - - 5432:5432 - environment: - - LEGA_IN_PASSWORD=password - - LEGA_OUT_PASSWORD=password - - POSTGRES_SERVER_CERT=/etc/ega/pg.cert - - POSTGRES_SERVER_KEY=/etc/ega/pg.key - - POSTGRES_SERVER_CACERT=/etc/ega/CA.cert - - PG_VERIFY_PEER=1 - - POSTGRES_PASSWORD=rootpasswd - secrets: - - source: server.pem - target: /etc/ega/pg.cert - uid: '70' - gid: '70' - mode: 0600 - - source: server-key.pem - target: /etc/ega/pg.key - uid: '70' - gid: '70' - mode: 0600 - - source: rootCA.pem - target: /etc/ega/CA.cert - uid: '70' - gid: '70' - mode: 0600 - volumes: - - db:/ega - - mockauth: - image: cscfi/beacon-python - ports: - - 8000:8000 - volumes: - - ./test/mock_auth.py:/mock_auth.py - entrypoint: ["python", "/mock_auth.py", "0.0.0.0", "8000"] - - private-mq: - build: - context: ../../rabbitmq - container_name: rabbitmq - image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-rabbitmq - ports: - - 5671:5671 - - 15671:15671 - environment: - - SSL_VERIFY=verify_peer - - SSL_FAIL_IF_NO_PEER_CERT=false - - SSL_DEPTH=2 - - USER_NAME=admin - - PASSWORD_HASH=4tHURqDiZzypw0NTvoHhpn8/MMgONWonWxgRZ4NXgR8nZRBz - - VIRTUAL_HOST=sda - secrets: - - source: server.pem - target: /etc/rabbitmq/ssl.cert - - source: server-key.pem - target: /etc/rabbitmq/ssl.key - - source: rootCA.pem - target: /etc/rabbitmq/CA.cert - -volumes: - db: - -secrets: - rootCA.pem: - file: test/rootCA.pem - server.pem: - file: test/localhost.pem - server-key.pem: - file: test/localhost-key.pem diff --git a/sda-doa/docker-compose-s3-outbox.yml b/sda-doa/docker-compose-s3-outbox.yml deleted file mode 100644 index a659a4c91..000000000 --- a/sda-doa/docker-compose-s3-outbox.yml +++ /dev/null @@ -1,93 +0,0 @@ -version: '3.3' - -services: - - db: - image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER}-postgres - ports: - - 5432:5432 - environment: - - LEGA_IN_PASSWORD=password - - LEGA_OUT_PASSWORD=password - - POSTGRES_SERVER_CERT=/etc/ega/pg.cert - - POSTGRES_SERVER_KEY=/etc/ega/pg.key - - POSTGRES_SERVER_CACERT=/etc/ega/CA.cert - - PG_VERIFY_PEER=1 - - POSTGRES_PASSWORD=rootpasswd - secrets: - - source: server.pem - target: /etc/ega/pg.cert - uid: '70' - gid: '70' - mode: 0600 - - source: server-key.pem - target: /etc/ega/pg.key - uid: '70' - gid: '70' - mode: 0600 - - source: rootCA.pem - target: /etc/ega/CA.cert - uid: '70' - gid: '70' - mode: 0600 - volumes: - - db:/ega - - mockauth: - image: cscfi/beacon-python - ports: - - 8000:8000 - volumes: - - ./test/mock_auth.py:/mock_auth.py - entrypoint: ["python", "/mock_auth.py", "0.0.0.0", "8000"] - - private-mq: - image: uiobmi/localega-broker-private:latest - ports: - - 5671:5671 - - 15671:15671 - environment: - - SSL_VERIFY=verify_peer - - SSL_FAIL_IF_NO_PEER_CERT=false - - SSL_DEPTH=2 - - USER_NAME=admin - - PASSWORD_HASH=4tHURqDiZzypw0NTvoHhpn8/MMgONWonWxgRZ4NXgR8nZRBz - - VIRTUAL_HOST=sda - secrets: - - source: server.pem - target: /etc/rabbitmq/ssl.cert - - source: server-key.pem - target: /etc/rabbitmq/ssl.key - - source: rootCA.pem - target: /etc/rabbitmq/CA.cert - - outbox: - image: minio/minio - ports: - - 9000:9000 - environment: - - MINIO_ACCESS_KEY=minio - - MINIO_SECRET_KEY=miniostorage - command: server /data - - createbucket: - image: minio/mc - depends_on: - - s3 - entrypoint: > - /bin/sh -c " - /usr/bin/mc config host add s3 http://outbox:9000 minio miniostorage; - /usr/bin/mc mb s3/lega; - exit 0; - " - -volumes: - db: - -secrets: - rootCA.pem: - file: test/rootCA.pem - server.pem: - file: test/localhost.pem - server-key.pem: - file: test/localhost-key.pem diff --git a/sda-doa/src/test/java/no/uio/ifi/localega/doa/LocalEGADOAApplicationTests.java b/sda-doa/src/test/java/no/uio/ifi/localega/doa/LocalEGADOAApplicationTests.java index 2ece458ab..a84a4ef54 100644 --- a/sda-doa/src/test/java/no/uio/ifi/localega/doa/LocalEGADOAApplicationTests.java +++ b/sda-doa/src/test/java/no/uio/ifi/localega/doa/LocalEGADOAApplicationTests.java @@ -31,10 +31,6 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.security.PrivateKey; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.PreparedStatement; -import java.util.Properties; import java.util.UUID; @Slf4j @@ -47,43 +43,6 @@ class LocalEGADOAApplicationTests { @SneakyThrows @BeforeAll public static void setup() { - String url = String.format("jdbc:postgresql://%s:%s/%s", "localhost", "5432", "sda"); - Properties props = new Properties(); -// props.setProperty("user", "lega_in"); //will be used when lega_in user is set in db again - props.setProperty("user", "postgres"); - props.setProperty("password", "rootpasswd"); - props.setProperty("ssl", "true"); - props.setProperty("application_name", "LocalEGA"); - props.setProperty("sslmode", "verify-full"); - props.setProperty("sslrootcert", new File("test/rootCA.pem").getAbsolutePath()); - props.setProperty("sslcert", new File("test/localhost-client.pem").getAbsolutePath()); - props.setProperty("sslkey", new File("test/localhost-client-key.der").getAbsolutePath()); - Connection connection = DriverManager.getConnection(url, props); - PreparedStatement file = connection.prepareStatement("SELECT local_ega.insert_file('body.enc','requester@elixir-europe.org');"); - file.executeQuery(); - PreparedStatement header = connection.prepareStatement("UPDATE local_ega.files SET header = '637279707434676801000000010000006c00000000000000aa7ad1bb4f93bf5e4fb3bc28a95bc4d80bf2fd8075e69eb2ee15e0a4f08f1d78ab98c8fd9b50e675f71311936e8d0c6f73538962b836355d5d4371a12eae46addb43518b5236fb9554249710a473026f34b264a61d2ba52ed11abc1efa1d3478fa40a710' WHERE id = 1;"); - header.executeUpdate(); - PreparedStatement finalize = connection.prepareStatement("UPDATE local_ega.files SET archive_path = 'test/body.enc', status = 'READY', stable_id = 'EGAF00000000014' WHERE id = 1;"); - finalize.executeUpdate(); - connection.close(); - -// props.setProperty("user", "lega_out"); //will be used when lega_out user is set in db again - connection = DriverManager.getConnection(url, props); - PreparedStatement dataset = connection.prepareStatement("INSERT INTO local_ega_ebi.filedataset(file_id, dataset_stable_id) values(1, 'EGAD00010000919');"); - dataset.executeUpdate(); - - PreparedStatement dataset_event_registered = connection.prepareStatement(prepareInsertQueryDatasetEvent("EGAD00010000919", "registered", "mapping")); - dataset_event_registered.executeUpdate(); - - Thread.sleep(1000 * 3); - - PreparedStatement dataset_event_released = connection.prepareStatement(prepareInsertQueryDatasetEvent("EGAD00010000919", "released", "release")); - dataset_event_released.executeUpdate(); - - PreparedStatement datasetReferenceInsert = connection.prepareStatement("INSERT INTO sda.dataset_references(dataset_id, reference_id, reference_scheme) values('1', 'GDI-NO-10001','GDI');"); - datasetReferenceInsert.executeUpdate(); - connection.close(); - JSONArray tokens = Unirest.get("http://localhost:8000/tokens").asJson().getBody().getArray(); validToken = tokens.getString(0); invalidToken = tokens.getString(1); @@ -93,7 +52,7 @@ public static void setup() { @SneakyThrows @AfterEach public void tearDown() { - File exportFolder = new File("requester@elixir-europe.org"); + File exportFolder = new File("outbox/requester@elixir-europe.org"); if (exportFolder.exists() && exportFolder.isDirectory()) { FileUtils.deleteDirectory(exportFolder); } @@ -186,8 +145,8 @@ void testStreamingValidTokenValidFileRangePlain() { @SneakyThrows @Test void testStreamingValidTokenValidFileFullEncrypted() { - String publicKey = Files.readString(new File("test/crypt4gh.pub.pem").toPath()); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh.sec.pem"), "password".toCharArray()); + String publicKey = Files.readString(new File("test/crypt4gh/crypt4gh.pub.pem").toPath()); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/crypt4gh.sec.pem"), "password".toCharArray()); HttpResponse response = Unirest.get("http://localhost:8080/files/EGAF00000000014?destinationFormat=crypt4gh").header(HttpHeaders.AUTHORIZATION, "Bearer " + validToken).header("Public-Key", publicKey).asBytes(); int status = response.getStatus(); Assertions.assertEquals(HttpStatus.OK.value(), status); @@ -201,8 +160,8 @@ void testStreamingValidTokenValidFileFullEncrypted() { @SneakyThrows @Test void testStreamingValidTokenValidFileRangeEncrypted() { - String publicKey = Files.readString(new File("test/crypt4gh.pub.pem").toPath()); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh.sec.pem"), "password".toCharArray()); + String publicKey = Files.readString(new File("test/crypt4gh/crypt4gh.pub.pem").toPath()); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/crypt4gh.sec.pem"), "password".toCharArray()); HttpResponse response = Unirest.get("http://localhost:8080/files/EGAF00000000014?startCoordinate=100&endCoordinate=200&destinationFormat=crypt4gh").header(HttpHeaders.AUTHORIZATION, "Bearer " + validToken).header("Public-Key", publicKey).asBytes(); int status = response.getStatus(); Assertions.assertEquals(HttpStatus.OK.value(), status); @@ -221,8 +180,8 @@ void testPOSIXExportRequestFileValidToken() { return; } export("EGAF00000000014", false, validToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); - try (InputStream byteArrayInputStream = new FileInputStream("requester@elixir-europe.org/files/body.enc"); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); + try (InputStream byteArrayInputStream = new FileInputStream("outbox/requester@elixir-europe.org/files/body.enc"); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); Assertions.assertEquals("2aef808fb42fa7b1ba76cb16644773f9902a3fdc2569e8fdc049f38280c4577e", DigestUtils.sha256Hex(bytes)); @@ -237,8 +196,8 @@ void testPOSIXExportRequestDatasetValidToken() { return; } export("EGAD00010000919", true, validToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); - try (InputStream byteArrayInputStream = new FileInputStream("requester@elixir-europe.org/files/body.enc"); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); + try (InputStream byteArrayInputStream = new FileInputStream("outbox/requester@elixir-europe.org/files/body.enc"); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); Assertions.assertEquals("2aef808fb42fa7b1ba76cb16644773f9902a3fdc2569e8fdc049f38280c4577e", DigestUtils.sha256Hex(bytes)); @@ -253,7 +212,7 @@ void testS3ExportRequestFileValidToken() { return; } export("EGAF00000000014", false, validToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); try (InputStream byteArrayInputStream = getMinioClient().getObject(GetObjectArgs.builder().bucket("lega").object("requester@elixir-europe.org/body.enc").build()); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); @@ -269,7 +228,7 @@ void testS3ExportRequestDatasetValidToken() { return; } export("EGAD00010000919", true, validToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); try (InputStream byteArrayInputStream = getMinioClient().getObject(GetObjectArgs.builder().bucket("lega").object("requester@elixir-europe.org/body.enc").build()); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); @@ -285,7 +244,7 @@ void testS3ExportRequestReferenceValidToken() { return; } export("GDI-NO-10001", true, validToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); try (InputStream byteArrayInputStream = getMinioClient().getObject(GetObjectArgs.builder().bucket("lega").object("requester@elixir-europe.org/body.enc").build()); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); @@ -301,8 +260,8 @@ void testPOSIXExportRequestReferenceValidToken() { return; } export("GDI-NO-10001", true, validToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); - try (InputStream byteArrayInputStream = new FileInputStream("requester@elixir-europe.org/files/body.enc"); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); + try (InputStream byteArrayInputStream = new FileInputStream("outbox/requester@elixir-europe.org/files/body.enc"); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); Assertions.assertEquals("2aef808fb42fa7b1ba76cb16644773f9902a3fdc2569e8fdc049f38280c4577e", DigestUtils.sha256Hex(bytes)); @@ -317,8 +276,8 @@ void testPOSIXExportRequestFileValidVisaToken() { return; } export("EGAF00000000014", false, validVisaToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); - try (InputStream byteArrayInputStream = new FileInputStream("requester@elixir-europe.org/files/body.enc"); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); + try (InputStream byteArrayInputStream = new FileInputStream("outbox/requester@elixir-europe.org/files/body.enc"); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); Assertions.assertEquals("2aef808fb42fa7b1ba76cb16644773f9902a3fdc2569e8fdc049f38280c4577e", DigestUtils.sha256Hex(bytes)); @@ -333,8 +292,8 @@ void testPOSIXExportRequestDatasetValidVisaToken() { return; } export("EGAD00010000919", true, validVisaToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); - try (InputStream byteArrayInputStream = new FileInputStream("requester@elixir-europe.org/files/body.enc"); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); + try (InputStream byteArrayInputStream = new FileInputStream("outbox/requester@elixir-europe.org/files/body.enc"); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); Assertions.assertEquals("2aef808fb42fa7b1ba76cb16644773f9902a3fdc2569e8fdc049f38280c4577e", DigestUtils.sha256Hex(bytes)); @@ -349,7 +308,7 @@ void testS3ExportRequestFileValidVisaToken() { return; } export("EGAF00000000014", false, validVisaToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); try (InputStream byteArrayInputStream = getMinioClient().getObject(GetObjectArgs.builder().bucket("lega").object("requester@elixir-europe.org/body.enc").build()); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); @@ -365,7 +324,7 @@ void testS3ExportRequestDatasetValidVisaToken() { return; } export("EGAD00010000919", true, validVisaToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); try (InputStream byteArrayInputStream = getMinioClient().getObject(GetObjectArgs.builder().bucket("lega").object("requester@elixir-europe.org/body.enc").build()); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); @@ -381,8 +340,8 @@ void testPOSIXExportRequestReferenceValidVisaToken() { return; } export("GDI-NO-10001", true, validVisaToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); - try (InputStream byteArrayInputStream = new FileInputStream("requester@elixir-europe.org/files/body.enc"); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); + try (InputStream byteArrayInputStream = new FileInputStream("outbox/requester@elixir-europe.org/files/body.enc"); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); Assertions.assertEquals("2aef808fb42fa7b1ba76cb16644773f9902a3fdc2569e8fdc049f38280c4577e", DigestUtils.sha256Hex(bytes)); @@ -397,7 +356,7 @@ void testS3ExportRequestReferenceValidVisaToken() { return; } export("GDI-NO-10001", true, validVisaToken); - PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray()); + PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/crypt4gh/my.sec.pem"), "passw0rd".toCharArray()); try (InputStream byteArrayInputStream = getMinioClient().getObject(GetObjectArgs.builder().bucket("lega").object("requester@elixir-europe.org/body.enc").build()); Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) { byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream); @@ -406,7 +365,7 @@ void testS3ExportRequestReferenceValidVisaToken() { } @SneakyThrows void export(String id, boolean dataset, String token) { - String mqConnectionString = "amqps://admin:guest@localhost:5671/sda"; + String mqConnectionString = "amqps://guest:guest@localhost:5671/sda"; ConnectionFactory factory = new ConnectionFactory(); factory.setUri(mqConnectionString); com.rabbitmq.client.Connection connectionFactory = factory.newConnection(); @@ -427,7 +386,7 @@ void export(String id, boolean dataset, String token) { token, dataset ? "datasetId" : "fileId", id, - FileUtils.readFileToString(new File("test/my.pub.pem"), Charset.defaultCharset())); + FileUtils.readFileToString(new File("test/crypt4gh/my.pub.pem"), Charset.defaultCharset())); channel.basicPublish("", "exportRequests", properties, @@ -442,8 +401,4 @@ MinioClient getMinioClient() { return MinioClient.builder().endpoint("localhost", 9000, false).region("us-west-1").credentials("minio", "miniostorage").build(); } - - private static String prepareInsertQueryDatasetEvent(String datasetId, String event, String msgType) { - return String.format("INSERT INTO sda.dataset_event_log(dataset_id, event, message) VALUES('%s','%s','{\"type\": \"%s\"}');", datasetId, event, msgType); - } } diff --git a/sda-doa/test/mock_auth.py b/sda-doa/test/mock_auth.py index 9e90ad1aa..a1beee039 100644 --- a/sda-doa/test/mock_auth.py +++ b/sda-doa/test/mock_auth.py @@ -19,7 +19,7 @@ def generate_token(): # See available claims here: https://www.iana.org/assignments/jwt/jwt.xhtml # the important claim is the "authorities" header = { - "jku": "http://localhost:8000/jwk", + "jku": "http://mockauth:8000/jwk", "kid": "rsa1", "alg": "RS256", "typ": "JWT" @@ -29,14 +29,14 @@ def generate_token(): "aud": ["aud2", "aud3"], "azp": "azp", "scope": "openid ga4gh_passport_v1", - "iss": "http://localhost:8000/", + "iss": "http://mockauth:8000/", "exp": 9999999999, "iat": 1561621913, "jti": "6ad7aa42-3e9c-4833-bd16-765cb80c2102" } empty_payload = { "sub": "requester@elixir-europe.org", - "iss": "http://localhost:8000/", + "iss": "http://mockauth:8000/", "exp": 99999999999, "iat": 1547794655, "jti": "6ad7aa42-3e9c-4833-bd16-765cb80c2102" @@ -44,7 +44,7 @@ def generate_token(): # Craft 4 passports, 2 for bona fide status and 2 for dataset permissions # passport for bona fide: terms passport_terms = { - "iss": "http://localhost:8000/", + "iss": "http://mockauth:8000/", "sub": "requester@elixir-europe.org", "ga4gh_visa_v1": { "type": "AcceptedTermsAndPolicies", @@ -59,7 +59,7 @@ def generate_token(): } # passport for bona fide: status passport_status = { - "iss": "http://localhost:8000/", + "iss": "http://mockauth:8000/", "sub": "requester@elixir-europe.org", "ga4gh_visa_v1": { "type": "ResearcherStatus", @@ -74,7 +74,7 @@ def generate_token(): } # passport for dataset permissions 1 passport_dataset1 = { - "iss": "http://localhost:8000/", + "iss": "http://mockauth:8000/", "sub": "requester@elixir-europe.org", "ga4gh_visa_v1": { "type": "ControlledAccessGrants", @@ -89,7 +89,7 @@ def generate_token(): } # passport for dataset permissions 2 passport_dataset2 = { - "iss": "http://localhost:8000/", + "iss": "http://mockauth:8000/", "sub": "requester@elixir-europe.org", "ga4gh_visa_v1": { "type": "ControlledAccessGrants", @@ -168,7 +168,7 @@ async def userinfo(request): async def openid_configuration(request): """Mock ELIXIR AAI OpenID configuration endpoint.""" data = { - "jwks_uri": "http://localhost:8000/jwk" + "jwks_uri": "http://mockauth:8000/jwk" } return web.json_response(data) diff --git a/sda-doa/test/run/run_sda_doa_tests.sh b/sda-doa/test/run/run_sda_doa_tests.sh new file mode 100644 index 000000000..27b9fff64 --- /dev/null +++ b/sda-doa/test/run/run_sda_doa_tests.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +cd "$(dirname "$0")/../.." || exit 1 + +PR_NUMBER=$(date +%F) +export PR_NUMBER + +storage_types=("posix" "s3") + +show_spinner() { + printf "\033[33;7mStarting up services...\033[0m\n" + for ((i = 0; i < 25; i++)); do + for s in / - \\ \|; do + printf "\r\033[33m%s\033[0m" "$s" + sleep 0.1 + done + done + echo "" +} + +for storage_type in "${storage_types[@]}"; do + printf "\033[0;35mRunning test for %s \033[0m\n" "$storage_type" + docker compose -f ../.github/integration/sda-doa-"$storage_type"-outbox.yml -p sda-doa up -d + show_spinner + + + for script in "test/setup"/*.sh; do + echo "Running $script..." + bash "$script" + done + + if [[ $storage_type == "posix" ]]; then + export OUTBOX_TYPE="POSIX" + else + export OUTBOX_TYPE="S3" + fi + + if ! mvn test; then + echo "Tests failed for $storage_type. Stopping." + fi + + docker compose -f ../.github/integration/sda-doa-"$storage_type"-outbox.yml down -v + unset OUTBOX_TYPE + [[ $storage_type == "posix" ]] && rm -rf outbox + + rm -rf test/crypt4gh +done +unset PR_NUMBER + diff --git a/sda-doa/test/setup/make_crypt4gh_files.sh b/sda-doa/test/setup/make_crypt4gh_files.sh new file mode 100644 index 000000000..5797b560d --- /dev/null +++ b/sda-doa/test/setup/make_crypt4gh_files.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +mkdir -p ./test/crypt4gh + +cat << 'EOF' > ./test/crypt4gh/crypt4gh.pub.pem +-----BEGIN CRYPT4GH PUBLIC KEY----- +PQFOuEiuAOlghTGU0Z7u2EH5FwBtSlnukpiMAji/ml0= +-----END CRYPT4GH PUBLIC KEY----- +EOF + +chmod 444 ./test/crypt4gh/crypt4gh.pub.pem + +cat << 'EOF' > ./test/crypt4gh/my.pub.pem +-----BEGIN CRYPT4GH PUBLIC KEY----- +cUSN6pHzlIFgoclIfDSaDtUgAXRa+DUHBhTodeNL52w= +-----END CRYPT4GH PUBLIC KEY----- +EOF + +chmod 444 ./test/crypt4gh/my.pub.pem + +cat << 'EOF' > ./test/crypt4gh/my.sec.pem +-----BEGIN CRYPT4GH ENCRYPTED PRIVATE KEY----- +YzRnaC12MQAGc2NyeXB0ABQAAAAAOK6Q2g1KxcUELMt/RMhr9wARY2hhY2hhMjBf +cG9seTEzMDUAPL3l1Mt/LvDwD+yffT09Jog2AJO3uG0DaGAPDTPbOfTBKr/gWRik +PcF6893CkScij1pO3n9Ub8p1H4yLAQ== +-----END CRYPT4GH ENCRYPTED PRIVATE KEY----- +EOF + +chmod 444 ./test/crypt4gh/my.sec.pem + +cat << 'EOF' > ./test/crypt4gh/crypt4gh.sec.pem +-----BEGIN CRYPT4GH ENCRYPTED PRIVATE KEY----- +YzRnaC12MQAGc2NyeXB0ABQAAAAAr3MTvNgHj/z6U02GqdILFwARY2hhY2hhMjBf +cG9seTEzMDUAPNzNGWSc7hWSxjwfuQJt2haq0/eyvoFjQXsvp+RCvXSEVgqlO58J +kgjKQgpRb9qm09AGhYU4tbXg7pyCRg== +-----END CRYPT4GH ENCRYPTED PRIVATE KEY----- +EOF + +chmod 444 ./test/crypt4gh/crypt4gh.sec.pem + +echo "CRYPT4GH files created successfully" diff --git a/sda-doa/test/setup/make_crypt4gh_private_key.sh b/sda-doa/test/setup/make_crypt4gh_private_key.sh new file mode 100644 index 000000000..cf90bfd04 --- /dev/null +++ b/sda-doa/test/setup/make_crypt4gh_private_key.sh @@ -0,0 +1,19 @@ +#!/bin/sh +docker exec -it --user root doa sh -c ' +mkdir -p test && \ +cat << EOF > test/crypt4gh.sec.pem +-----BEGIN CRYPT4GH ENCRYPTED PRIVATE KEY----- +YzRnaC12MQAGc2NyeXB0ABQAAAAAr3MTvNgHj/z6U02GqdILFwARY2hhY2hhMjBf +cG9seTEzMDUAPNzNGWSc7hWSxjwfuQJt2haq0/eyvoFjQXsvp+RCvXSEVgqlO58J +kgjKQgpRb9qm09AGhYU4tbXg7pyCRg== +-----END CRYPT4GH ENCRYPTED PRIVATE KEY----- +EOF + +chmod 444 test/crypt4gh.sec.pem + +printf "password" > test/crypt4gh.pass + +chmod 444 test/crypt4gh.pass + +echo "CRYPT4GH private key created successfully" +' 2>/dev/null diff --git a/sda-doa/test/setup/run_db_command.sh b/sda-doa/test/setup/run_db_command.sh new file mode 100644 index 000000000..3fc117ef0 --- /dev/null +++ b/sda-doa/test/setup/run_db_command.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +echo "Insert File" +docker run --rm --network sda-doa_default -v "sda-doa_client_certs:/certs" \ + -e PGPASSWORD=password \ + -e PGSSLMODE=verify-ca \ + -e PGSSLCERT=/certs/client.crt \ + -e PGSSLKEY=/certs/client.key \ + -e PGSSLROOTCERT=/certs/ca.crt \ + postgres:latest \ + bash -c "psql -h postgres -U lega_in -d sda -c \"SELECT local_ega.insert_file('body.enc', 'requester@elixir-europe.org');\"" +echo "Set Header For The File" +docker run --rm --network sda-doa_default -v "sda-doa_client_certs:/certs" \ + -e PGPASSWORD=password \ + -e PGSSLMODE=verify-ca \ + -e PGSSLCERT=/certs/client.crt \ + -e PGSSLKEY=/certs/client.key \ + -e PGSSLROOTCERT=/certs/ca.crt \ + postgres:latest \ + bash -c "psql -h postgres -U lega_in -d sda -c \"UPDATE local_ega.files SET header = '637279707434676801000000010000006c00000000000000aa7ad1bb4f93bf5e4fb3bc28a95bc4d80bf2fd8075e69eb2ee15e0a4f08f1d78ab98c8fd9b50e675f71311936e8d0c6f73538962b836355d5d4371a12eae46addb43518b5236fb9554249710a473026f34b264a61d2ba52ed11abc1efa1d3478fa40a710' WHERE id = 1;\"" +echo "Set File Data" +docker run --rm --network sda-doa_default -v "sda-doa_client_certs:/certs" \ + -e PGPASSWORD=password \ + -e PGSSLMODE=verify-ca \ + -e PGSSLCERT=/certs/client.crt \ + -e PGSSLKEY=/certs/client.key \ + -e PGSSLROOTCERT=/certs/ca.crt \ + postgres:latest \ + bash -c "psql -h postgres -U lega_in -d sda -c \"UPDATE local_ega.files SET archive_path = 'test/body.enc', status = 'READY', stable_id = 'EGAF00000000014' WHERE id = 1;\"" +echo "Insert Dataset" +docker run --rm --network sda-doa_default -v "sda-doa_client_certs:/certs" \ + -e PGPASSWORD=password \ + -e PGSSLMODE=verify-ca \ + -e PGSSLCERT=/certs/client.crt \ + -e PGSSLKEY=/certs/client.key \ + -e PGSSLROOTCERT=/certs/ca.crt \ + postgres:latest \ + bash -c "psql -h postgres -U lega_out -d sda -c \"INSERT INTO local_ega_ebi.filedataset(file_id, dataset_stable_id) values(1, 'EGAD00010000919');\"" +echo "Insert Event Log REGISTERED" +docker run --rm --network sda-doa_default -v "sda-doa_client_certs:/certs" \ + -e PGPASSWORD=password \ + -e PGSSLMODE=verify-ca \ + -e PGSSLCERT=/certs/client.crt \ + -e PGSSLKEY=/certs/client.key \ + -e PGSSLROOTCERT=/certs/ca.crt \ + postgres:latest \ + bash -c "psql -h postgres -U lega_out -d sda -c \"INSERT INTO sda.dataset_event_log(dataset_id, event, message) VALUES('EGAD00010000919', 'registered', '{\\\"type\\\": \\\"mapping\\\"}')\"" +echo "Insert Event Log RELEASED" +docker run --rm --network sda-doa_default -v "sda-doa_client_certs:/certs" \ + -e PGPASSWORD=password \ + -e PGSSLMODE=verify-ca \ + -e PGSSLCERT=/certs/client.crt \ + -e PGSSLKEY=/certs/client.key \ + -e PGSSLROOTCERT=/certs/ca.crt \ + postgres:latest \ + bash -c "psql -h postgres -U lega_out -d sda -c \"INSERT INTO sda.dataset_event_log(dataset_id, event, message) VALUES('EGAD00010000919', 'released', '{\\\"type\\\": \\\"release\\\"}')\"" +echo "Insert Dataset Reference" +docker run --rm --network sda-doa_default -v "sda-doa_client_certs:/certs" \ + -e PGPASSWORD=rootpasswd \ + -e PGSSLMODE=verify-ca \ + -e PGSSLCERT=/certs/client.crt \ + -e PGSSLKEY=/certs/client.key \ + -e PGSSLROOTCERT=/certs/ca.crt \ + postgres:latest \ + bash -c "psql -h postgres -U postgres -d sda -c \"INSERT INTO sda.dataset_references(dataset_id, reference_id, reference_scheme) values('1', 'GDI-NO-10001','GDI');\""