diff --git a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js
index d7a295835334d43952036886378c518b60e7e965..fa1a23a3de9bb45124c096826bc11d07d1607d26 100644
--- a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js
+++ b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js
@@ -2506,7 +2506,7 @@ if(client_id.toLowerCase() === 'android'){
"telemetry": {
"pdata": {
"id": pdataId,
- "ver": "4.9.0",
+ "ver": "4.10.3",
"pid": "sunbird-portal"
}
}
diff --git a/ansible/roles/keycloak-deploy/tasks/bootstrap.yml b/ansible/roles/keycloak-deploy/tasks/bootstrap.yml
index 7df5d1e5038d84865cbf280fdfee7f9a2e83d402..dcefe36e30599ce7a8caecf5613e9d214dd52930 100644
--- a/ansible/roles/keycloak-deploy/tasks/bootstrap.yml
+++ b/ansible/roles/keycloak-deploy/tasks/bootstrap.yml
@@ -28,7 +28,6 @@
shell: "nohup {{keycloak_home}}/bin/standalone.sh -Dkeycloak.profile.feature.upload_scripts=enabled -b={{ansible_default_ipv4.address}} -bprivate={{ansible_default_ipv4.address}} --server-config standalone-ha.xml &"
become: yes
become_user: "{{ wildfly_user }}"
- run_once: true
notify: wait for keycloak to start
- meta: flush_handlers
@@ -37,7 +36,6 @@
apt:
name: ["python-setuptools"]
update_cache: true
- run_once: true
- name: Ensure python packages are installed
apt:
@@ -55,38 +53,32 @@
copy:
src: "{{ role_path }}/files/python-keycloak-0.12.0"
dest: /tmp/
- run_once: true
- name: Initialize python library to run keycloak bootstrap script
shell: cd /tmp/python-keycloak-0.12.0 && python setup.py install
- run_once: true
- name: Save keycloak vars to json
template:
src: "keycloak-bootstrap.conf.j2"
dest: "/tmp/keycloak-bootstrap.conf.json"
mode: "0644"
- run_once: true
- name: Copy realm json file to tmp location
template:
src: "keycloak-realm.j2"
dest: "/tmp/keycloak-realm.json"
mode: "0644"
- run_once: true
- name: Copy user manager roles file to tmp location
copy:
src: "files/python-keycloak-0.12.0/roles.json"
dest: "/tmp/roles.json"
mode: "0644"
- run_once: true
- name: Copy the keycloak bootstrap script
copy:
src: "{{ role_path }}/files/python-keycloak-0.12.0/keycloak"
dest: /tmp
- run_once: true
- name: Run the keycloak bootstrap script
shell: cd /tmp/keycloak/ && python keycloak_main.py /tmp/keycloak-bootstrap.conf.json
diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml
index b5406faaa9cd8f1dfdd9626162440f5ec1e4ff2d..9c9bf79a9038881b1a7947ed26ce9aa157ff2522 100755
--- a/ansible/roles/ml-analytics-service/tasks/main.yml
+++ b/ansible/roles/ml-analytics-service/tasks/main.yml
@@ -40,10 +40,23 @@
- "{{ BASEPATH }}"
- "{{ WORKDIR }}"
- "{{ WORKDIR }}/faust_as_service"
-
-- name: Change user and create working directory under opt dir and install python virtual environment
+
+- name: Delete the virtualenv DIR
+ shell: "rm -rf {{ WORKDIR }}/spark_env"
+ become: true
+
+- name: Install python virtual environment
shell: "cd {{ WORKDIR }} && virtualenv --python=python3.8 spark_venv"
become: true
+
+- name: Change the ownership of virtual env
+ become: yes
+ file:
+ path: "{{ WORKDIR }}/spark_env"
+ state: directory
+ owner: "{{ USER }}"
+ group: "{{ USER }}"
+ mode: "0755"
- name: Create necessary logs folders for pipeline
become: yes
@@ -113,4 +126,4 @@
user: "{{ USER }}"
minute: "30"
hour: "18"
- job: "{{ BASEPATH }}/ml-analytics-service/run.sh"
+ job: "{{ BASEPATH }}/ml-analytics-service/run.sh > {{ BASEPATH }}/ml-analytics-service/crontab_job.log"
diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml
index 5ded8b68133a15dd16dcf22d8f8529a3ca5aa3c9..12d98086b356893dd2e995ce0797405da1d37238 100644
--- a/ansible/roles/stack-sunbird/defaults/main.yml
+++ b/ansible/roles/stack-sunbird/defaults/main.yml
@@ -607,7 +607,7 @@ nodebb_liveness_readiness:
initialDelaySeconds: 45
periodSeconds: 15
timeoutSeconds: 5
- failureThreshold: 2
+ failureThreshold: 20
livenessProbe:
httpGet:
path: /discussions/api/category/2
@@ -615,7 +615,7 @@ nodebb_liveness_readiness:
initialDelaySeconds: 45
periodSeconds: 15
timeoutSeconds: 5
- failureThreshold: 2
+ failureThreshold: 20
player_liveness_readiness:
healthcheck: true
@@ -1051,4 +1051,4 @@ kong_desktop_device_consumer_names_for_opa: '["desktop"]'
# Audience claim check is disabled as of now
# List of keycloak clients as these can come in audience field of a JWT token
-# keycloak_allowed_aud: '"{{ keycloak_auth_server_url }}/realms/{{ keycloak_realm }}", "account", "realm-management"'
\ No newline at end of file
+# keycloak_allowed_aud: '"{{ keycloak_auth_server_url }}/realms/{{ keycloak_realm }}", "account", "realm-management"'
diff --git a/ansible/roles/stack-sunbird/templates/inbound.env b/ansible/roles/stack-sunbird/templates/inbound.env
index 7b48fe115350d60a7013b9c62d36c51dd52b68bf..c8ed1a515721a131cf1d71c717398f0bcf97fed6 100644
--- a/ansible/roles/stack-sunbird/templates/inbound.env
+++ b/ansible/roles/stack-sunbird/templates/inbound.env
@@ -12,6 +12,7 @@ KAFKA_OUTBOUND_TOPIC={{env_name}}.outbound
KAFKA_TELEMETRY_TOPIC={{env_name}}.uci.telemetry
KAFKA_ODK_TRANSFORMER_TOPIC={{env_name}}.odk.transformer
KAFKA_ODK_TRANSFORMER_TOPIC_PATTERN={{env_name}}.odk.*
+KAFKA_MESSAGE_REPORT_TOPIC={{env_name}}.message-report
#FormsDB
FORMS_DB_URL=postgresql://{{uci_postgres_host}}:5432/{{uci_forms_postgres_database}}
@@ -56,6 +57,7 @@ REDIS_DB_INDEX={{redis_db_index_uci | default('7')}}
AZURE_BLOB_STORE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}}
AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_name}}
AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_key}}
+SELECTED_FILE_CDN=azure
#Netcore
NETCORE_WHATSAPP_AUTH_TOKEN={{uci_netcore_whatsapp_token}}
diff --git a/ansible/roles/stack-sunbird/templates/orchestrator.env b/ansible/roles/stack-sunbird/templates/orchestrator.env
index bd6b974a11a346b2c8c9d092fecbc52a75358c88..4165f7dcebf68b51fbba867edae0c144365c7406 100644
--- a/ansible/roles/stack-sunbird/templates/orchestrator.env
+++ b/ansible/roles/stack-sunbird/templates/orchestrator.env
@@ -12,6 +12,9 @@ KAFKA_OUTBOUND_TOPIC={{env_name}}.outbound
KAFKA_TELEMETRY_TOPIC={{env_name}}.uci.telemetry
KAFKA_ODK_TRANSFORMER_TOPIC={{env_name}}.odk.transformer
KAFKA_ODK_TRANSFORMER_TOPIC_PATTERN={{env_name}}.odk.*
+KAFKA_PROCESS_OUTBOUND={{env_name}}.process-outbound
+KAFKA_BROADCAST_TRANSFORMER_TOPIC={{env_name}}.broadcast-transformer
+KAFKA_GENERIC_TRANSFORMER_TOPIC={{env_name}}.generic-transformer
#Dummy config: To be removed later
KAFKA_LOGS_TOPIC={{env_name}}.inbound-unprocessed
@@ -21,11 +24,14 @@ FORMS_DB_URL=postgresql://{{uci_postgres_host}}:5432/{{uci_forms_postgres_databa
FORMS_DB_USERNAME={{uci_postgres_user}}
FORMS_DB_PASSWORD={{uci_postgres_password}}
FORMS_DB_NAME={{uci_forms_postgres_database}}
+FORMS_DB_HOST={{uci_postgres_host}}
+FORMS_DB_PORT=5432
#Cassandra
CASSANDRA_URL={{sunbird_cassandra_host}}
CASSANDRA_PORT=9042
CASSANDRA_KEYSPACE={{env}}_uci_store
+CASSANDRA_MIGRATION_COUNT={{uci_cassandra_migration_count | default(1)}}
#Ports
ORCHESTRATOR_INTERNAL_PORT=8686
diff --git a/ansible/roles/stack-sunbird/templates/outbound.env b/ansible/roles/stack-sunbird/templates/outbound.env
index a76df2cce365ee4985e1bc4f933adf1b850ced46..bac1d980e82e97e68164b0bdc75ada40b1d8cb2a 100644
--- a/ansible/roles/stack-sunbird/templates/outbound.env
+++ b/ansible/roles/stack-sunbird/templates/outbound.env
@@ -18,6 +18,8 @@ FORMS_DB_URL=postgresql://{{uci_postgres_host}}:5432/{{uci_forms_postgres_databa
FORMS_DB_USERNAME={{uci_postgres_user}}
FORMS_DB_PASSWORD={{uci_postgres_password}}
FORMS_DB_NAME={{uci_forms_postgres_database}}
+FORMS_DB_HOST={{uci_postgres_host}}
+FORMS_DB_PORT=5432
#Cassandra
CASSANDRA_URL={{sunbird_cassandra_host}}
@@ -55,3 +57,4 @@ REDIS_DB_INDEX={{redis_db_index_uci | default('7')}}
AZURE_BLOB_STORE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}}
AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_name}}
AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_key}}
+SELECTED_FILE_CDN=azure
diff --git a/ansible/roles/stack-sunbird/templates/sunbird_discussions-mw-service.env b/ansible/roles/stack-sunbird/templates/sunbird_discussions-mw-service.env
index afce77b2ed09610074850bf0e3bf631d08402e4b..f972a40d802b7923b579f6c80b37bdaeb885183a 100644
--- a/ansible/roles/stack-sunbird/templates/sunbird_discussions-mw-service.env
+++ b/ansible/roles/stack-sunbird/templates/sunbird_discussions-mw-service.env
@@ -12,5 +12,5 @@ TELEMETRY_EVENTS_BATCH_SIZE={{ telemetry_events_batch_size | default(1) }}
TELEMETRY_SERVICE_API_SLUG={{ telemetry_service_api_slug | default('/v1/telemetry') }}
TELEMETRY_SERVICE_URL={{ telemetry_service_url | default('http://telemetry-service:9001') }}
API_AUTH_TOKEN={{ api_auth_token | default('') }}
-enable_audit_event={{ enable_audit_event | default(true) }}
-moderation_flag={{ moderation_flag | default(false) }}
+enable_audit_event={{ enable_audit_event | default('true') }}
+moderation_flag={{ moderation_flag | default('false') }}
diff --git a/ansible/roles/stack-sunbird/templates/transformer.env b/ansible/roles/stack-sunbird/templates/transformer.env
index 30963cb81fb89f58257457bcdb899ec486c8a325..fd2e6d00aa55242c05c8970f6e3d0fc70cf40a85 100644
--- a/ansible/roles/stack-sunbird/templates/transformer.env
+++ b/ansible/roles/stack-sunbird/templates/transformer.env
@@ -13,6 +13,8 @@ KAFKA_TELEMETRY_TOPIC={{env_name}}.uci.telemetry
KAFKA_ODK_TRANSFORMER_TOPIC={{env_name}}.odk.transformer
KAFKA_ODK_TRANSFORMER_TOPIC_PATTERN={{env_name}}.odk.*
KAFKA_LOGS_TOPIC={{env_name}}.inbound-unprocessed
+KAFKA_PROCESS_OUTBOUND={{env_name}}.process-outbound
+KAFKA_BROADCAST_TRANSFORMER_TOPIC={{env_name}}.broadcast-transformer
#FormsDB
FORMS_DB_URL=postgresql://{{uci_postgres_host}}:5432/{{uci_forms_postgres_database}}
@@ -26,6 +28,7 @@ FORMS_DB_PORT=5432
CASSANDRA_URL={{sunbird_cassandra_host}}
CASSANDRA_PORT=9042
CASSANDRA_KEYSPACE={{env}}_uci_store
+CASSANDRA_MIGRATION_COUNT=1
#Ports
TRANSFORMER_INTERNAL_PORT=9091
@@ -61,4 +64,14 @@ ENV={{env}}
REDIS_HOST={{sunbird_redis_host}}
REDIS_PASS={{sunbird_redis_pass | default('')}}
REDIS_PORT={{sunbird_redis_port | default(6379)}}
-REDIS_DB_INDEX={{redis_db_index_uci | default('7')}}
\ No newline at end of file
+REDIS_DB_INDEX={{redis_db_index_uci | default('7')}}
+
+# Events
+EXHAUST_TELEMETRY_ENABLED=TRUE
+POSTHOG_EVENT_ENABLED=FALSE
+
+#Azure Config
+AZURE_BLOB_STORE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}}
+AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_name}}
+AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_key}}
+SELECTED_FILE_CDN=azure
\ No newline at end of file
diff --git a/kubernetes/ansible/roles/kong-api/tasks/main.yml b/kubernetes/ansible/roles/kong-api/tasks/main.yml
index 82a9f774395279241d4b8edbc5dbe98c7854e403..d85575decee8350e12fc117c4612517ca27bd69d 100644
--- a/kubernetes/ansible/roles/kong-api/tasks/main.yml
+++ b/kubernetes/ansible/roles/kong-api/tasks/main.yml
@@ -21,3 +21,6 @@
- name: Run script to save apis
shell: "python /tmp/kong-api-scripts/kong_apis.py /tmp/kong_apis.json --kong-admin-api-url=http://{{ private_ingressgateway_ip }}/admin-api"
+
+- name: Reload kong
+ shell: kubectl get pod -l app=apimanager --namespace={{namespace}} -o name | xargs -I{} kubectl exec {} -- kong reload
\ No newline at end of file
diff --git a/kubernetes/ansible/roles/kong-consumer/tasks/main.yml b/kubernetes/ansible/roles/kong-consumer/tasks/main.yml
index 2300a372dae683f4863f00936fb21485b7bb7c76..edb1b4c0a4feb4906600feaca07873b394931f60 100644
--- a/kubernetes/ansible/roles/kong-consumer/tasks/main.yml
+++ b/kubernetes/ansible/roles/kong-consumer/tasks/main.yml
@@ -48,3 +48,6 @@
with_items:
- /tmp/jwt_token_output.txt
- /tmp/jwt_token.txt
+
+- name: Reload kong
+ shell: kubectl get pod -l app=apimanager --namespace={{namespace}} -o name | xargs -I{} kubectl exec {} -- kong reload
\ No newline at end of file
diff --git a/kubernetes/ansible/roles/opa-test-coverage/defaults/main.yml b/kubernetes/ansible/roles/opa-test-coverage/defaults/main.yml
index 96e556a90436ddb6e5b18fef330dc63e88891b7a..2da3a4ed45b53eece8806f26d72dc9e3bde7cc27 100644
--- a/kubernetes/ansible/roles/opa-test-coverage/defaults/main.yml
+++ b/kubernetes/ansible/roles/opa-test-coverage/defaults/main.yml
@@ -24,7 +24,7 @@ keycloak_public_key:
stdout: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTS+srpbA/n7I5fDjxcf\nH1QUSiFMP7B4yyLxir3VigKtai+YW7ZqMF853O3OiE/QTKuT0ZsR7aDtCsoZaGqq\n2NSyfbc3m339dBQ+0YgM5UdqvUHubNkgQwkRwb1lGlMWSHMYk0iIKJEIw1MCdCH0\nOBwjzlDxHb78lCKd/GvBvRLMXOJbAP72xJ/gjaNFHQ/GzskhrapDuMXaH+S7vtox\nBDG74fQwXCG+nDJ9ryV2bbWxWMINLU82x3+L6YYnWK80loucm2fzG5l1W/Wz9DIa\nGiWwP0JHlZf9GM/raydB4kDEq3jB22LfdLCdQanMkxbw7bkmvjBT2NFwqgFv3q3m\nVQIDAQAB\n-----END PUBLIC KEY-----'
keycloak_auth_server_url: "https://sunbirded.org/auth"
keycloak_realm: "sunbird"
-private_ingressgateway_ip: "1.2.3.4"
+private_ingressgateway_ip: "2.3.4.5"
# Audience claim check is disabled as of now
# keycloak_allowed_aud: '"{{ keycloak_auth_server_url }}/realms/{{ keycloak_realm }}", "account", "realm-management"'
diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml
index 6c217b18329d2fbbab4c42dad89e8318a2e13e31..f4422e608b1c0ce6ff840292624633b1fd2cc73c 100644
--- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml
+++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml
@@ -125,6 +125,7 @@ data:
set $target http://report-service.{{ .Values.namespace }}.svc.cluster.local:3030;
rewrite ^/report/(.*) /$1 break;
proxy_http_version 1.1;
+ proxy_set_header Host $server_name;
proxy_pass $target;
}
location /search/ {
diff --git a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 b/kubernetes/helm_charts/sunbird-RC/registry/values.j2
index b7b4bbbb7329c82062712275af78d1a96410d92c..e7e6e6f31c2659e0486185571a32a3dc7f81c72f 100644
--- a/kubernetes/helm_charts/sunbird-RC/registry/values.j2
+++ b/kubernetes/helm_charts/sunbird-RC/registry/values.j2
@@ -80,4 +80,4 @@ serviceMonitor:
enabled: true
labels: # labels with which the prometheus choose the serviceMonitor
app: prometheus-operator
- release: prometheus-operator
\ No newline at end of file
+ release: prometheus-operator
diff --git a/kubernetes/opa/common/common.rego b/kubernetes/opa/common/common.rego
index 9023b7250dc572602e220eff2bf1d0c689d577bd..63b315888638300294fe83496f5b51a746841091 100644
--- a/kubernetes/opa/common/common.rego
+++ b/kubernetes/opa/common/common.rego
@@ -22,11 +22,11 @@ ROLES := {
"PROGRAM_DESIGNER": ["submitDataExhaustRequest", "getDataExhaustRequest", "listDataExhaustRequest"],
- "ORG_ADMIN": ["acceptTnc", "assignRole", "submitDataExhaustRequest", "getDataExhaustRequest", "listDataExhaustRequest", "getUserProfileV5", "updateUserV2", "readUserConsent", "createTenantPreferences", "updateTenantPreferences", "getReport", "listReports", "createReport", "deleteReport", "updateReport", "publishReport", "retireReport", "getReportSummary", "listReportSummary", "createReportSummary"],
+ "ORG_ADMIN": ["acceptTnc", "assignRole", "submitDataExhaustRequest", "getDataExhaustRequest", "listDataExhaustRequest", "getUserProfileV5", "updateUserV2", "readUserConsent", "createTenantPreferences", "updateTenantPreferences", "createReport", "deleteReport", "updateReport", "publishReport", "retireReport", "getReportSummary", "listReportSummary", "createReportSummary"],
- "REPORT_VIEWER": ["acceptTnc", "getReport", "listReports", "getReportSummary", "listReportSummary"],
+ "REPORT_VIEWER": ["acceptTnc", "getReportSummary", "listReportSummary"],
- "REPORT_ADMIN": ["submitDataExhaustRequest", "getDataExhaustRequest", "listDataExhaustRequest", "acceptTnc", "getReport", "listReports", "createReport", "deleteReport", "updateReport", "publishReport", "retireReport", "getReportSummary", "listReportSummary", "createReportSummary"],
+ "REPORT_ADMIN": ["submitDataExhaustRequest", "getDataExhaustRequest", "listDataExhaustRequest", "acceptTnc", "createReport", "deleteReport", "updateReport", "publishReport", "retireReport", "getReportSummary", "listReportSummary", "createReportSummary"],
"PUBLIC": ["PUBLIC"]
}
diff --git a/kubernetes/opa/learner/policies.rego b/kubernetes/opa/learner/policies.rego
index b2413a7ea11e6800372b3c72ec61be40bc0390f9..6bdfd974411ade7adf85c1e76617072c67133e6d 100644
--- a/kubernetes/opa/learner/policies.rego
+++ b/kubernetes/opa/learner/policies.rego
@@ -141,6 +141,15 @@ assignRoleV2 {
payload_orgs == matching_orgs
}
+# https://project-sunbird.atlassian.net/browse/SB-30186
+# Allow the request to go through if the organisationId is an array type in order to receive a 400 Bad Request error from backend
+assignRoleV2 {
+ acls := ["assignRole"]
+ roles := ["ORG_ADMIN"]
+ super.acls_check(acls)
+ type_name(input.parsed_body.request.roles[_].scope[_].organisationId) == "array"
+}
+
getUserProfile {
super.public_role_check
user_id := split(http_request.path, "/")[4]
diff --git a/kubernetes/opa/learner/policies_test.rego b/kubernetes/opa/learner/policies_test.rego
index 8553352cd3cab0aa14cc977f39771fb7efb5e92d..ca2ab15ee03faf62a4b9e80d6cd79494d7353644 100644
--- a/kubernetes/opa/learner/policies_test.rego
+++ b/kubernetes/opa/learner/policies_test.rego
@@ -297,6 +297,44 @@ test_assign_role_v2 {
}
}
+test_assign_role_v2 {
+ data.main.allow.allowed
+ with data.common.current_time as current_time
+ with data.common.iss as iss
+ with input as
+ {
+ "attributes": {
+ "request": {
+ "http": {
+ "headers": {
+ "x-authenticated-user-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiQk9PS19DUkVBVE9SIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPTlRFTlRfQ1JFQVRPUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJDT05URU5UX1JFVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPVVJTRV9NRU5UT1IiLCJzY29wZSI6W3sib3JnYW5pc2F0aW9uSWQiOiIwMTM2OTg3ODc5NzUwMzY5MjgxMCJ9XX0seyJyb2xlIjoiUFJPR1JBTV9ERVNJR05FUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJSRVBPUlRfVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6Ik9SR19BRE1JTiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn0seyJvcmdhbmlzYXRpb25JZCI6IjAxNDcxOTIzNTY3ODEyMzQ1Njc4In1dfSx7InJvbGUiOiJQVUJMSUMiLCJzY29wZSI6W119XSwiaXNzIjoiaHR0cHM6Ly9zdW5iaXJkZWQub3JnL2F1dGgvcmVhbG1zL3N1bmJpcmQiLCJuYW1lIjoiZGVtbyIsInR5cCI6IkJlYXJlciIsImV4cCI6MTY0MDIzNjEwMiwiaWF0IjoxNjQwMTQ5NzA1fQ.B3-TSdYSOlawPHjFdiRjXwvRbYQ_eH_HTiLKlH7vGS0rCOJ6HQbYyWOhZ7vbZPb3virkuyfhykFcYCEHBCkHY-fwGAeU58Pmhi0dnNJkR59Fa9y_75W98JXZW68HROp62ntEAKCA1oot_U4tYi-8UNoR17Gszj9iYzFEBc6TZA4Lrom_9gqhBOYzL0ISFWSS6oG94EaaKDYHyWzCSjU2nYRB_fn-tODmnVJ12GRJAc1oM9y54o8neNYsl4T_xPyD34v-CinUJM8jzDjFqK5_O3HnAbcmXvkZjFRgfk4mF1V4s5hlsTJGyhi2JOPh90C5N-HbAY8QsPBnzgYFQU_sww"
+ },
+ "path": "/v2/user/assign/role"
+ }
+ }
+ },
+ "parsed_body": {
+ "request": {
+ "userId": "fcae65a6-8a48-11ec-8c82-c7075e84952d",
+ "roles": [{
+ "role": "COURSE_CREATOR",
+ "operation":"remove",
+ "scope": [{
+ "organisationId": "01369878797503692810"
+ }]
+ },
+ {
+ "role": "CONTENT_CREATOR",
+ "operation":"add",
+ "scope": [{
+ "organisationId": ["01471923567812345678"]
+ }]
+ }]
+ }
+ }
+ }
+}
+
test_get_user_profile {
data.main.allow.allowed
with data.common.current_time as current_time
diff --git a/kubernetes/opa/registry/policies_test.rego b/kubernetes/opa/registry/policies_test.rego
index 01bd3c7a32ba7507ed0012fb25d6f085632f6e77..1e37608805c88bae5d27a1e1d3bae2eab6c32f6f 100644
--- a/kubernetes/opa/registry/policies_test.rego
+++ b/kubernetes/opa/registry/policies_test.rego
@@ -6,11 +6,13 @@ package tests
current_time := 1640235102
iss := "https://sunbirded.org/auth/realms/sunbird"
+private_ingressgateway_ip := "1.2.3.4"
test_rc_certificate_create_internal_request {
data.main.allow.allowed
with data.common.current_time as current_time
with data.common.iss as iss
+ with data.common.private_ingressgateway_ip as private_ingressgateway_ip
with input as
{
"attributes": {
@@ -65,6 +67,7 @@ test_rc_certificate_delete_internal_request {
data.main.allow.allowed
with data.common.current_time as current_time
with data.common.iss as iss
+ with data.common.private_ingressgateway_ip as private_ingressgateway_ip
with input as
{
"attributes": {
diff --git a/kubernetes/opa/report/policies.rego b/kubernetes/opa/report/policies.rego
index 728bb245bca7052ce71b452e30a0d53735680eec..6b9a96d48bd2214114b8b5db732660abf7b31cd4 100644
--- a/kubernetes/opa/report/policies.rego
+++ b/kubernetes/opa/report/policies.rego
@@ -1,6 +1,9 @@
package policies
import data.common as super
+import input.attributes.request.http as http_request
+
+x_authenticated_user_token := http_request.headers["x-authenticated-user-token"]
urls_to_action_mapping := {
"/report/get": "getReport",
@@ -12,21 +15,28 @@ urls_to_action_mapping := {
"/report/retire": "retireReport",
"/report/summary": "getReportSummary",
"/report/summary/list": "listReportSummary",
- "/report/summary/create": "createReportSummary"
+ "/report/summary/create": "createReportSummary",
+ "/report/datasets/get": "getReportDatasets"
}
getReport {
- acls := ["getReport"]
- roles := ["REPORT_ADMIN", "REPORT_VIEWER", "ORG_ADMIN"]
- super.acls_check(acls)
- super.role_check(roles)
+ super.public_role_check
+}
+
+getReport {
+ not x_authenticated_user_token
+}
+
+getReport {
+ super.is_an_internal_request
}
listReports {
- acls := ["listReports"]
- roles := ["REPORT_ADMIN", "REPORT_VIEWER", "ORG_ADMIN"]
- super.acls_check(acls)
- super.role_check(roles)
+ super.public_role_check
+}
+
+listReports {
+ not x_authenticated_user_token
}
createReport {
@@ -37,6 +47,10 @@ createReport {
input.parsed_body.request.report.createdby == super.userid
}
+createReport {
+ super.is_an_internal_request
+}
+
deleteReport {
acls := ["deleteReport"]
roles := ["REPORT_ADMIN", "ORG_ADMIN"]
@@ -51,6 +65,10 @@ updateReport {
super.role_check(roles)
}
+updateReport {
+ super.is_an_internal_request
+}
+
publishReport {
acls := ["publishReport"]
roles := ["REPORT_ADMIN", "ORG_ADMIN"]
@@ -85,4 +103,12 @@ createReportSummary {
super.acls_check(acls)
super.role_check(roles)
input.parsed_body.request.summary.createdby == super.userid
+}
+
+getReportDatasets {
+ super.public_role_check
+}
+
+getReportDatasets {
+ not x_authenticated_user_token
}
\ No newline at end of file
diff --git a/kubernetes/opa/report/policies_test.rego b/kubernetes/opa/report/policies_test.rego
index 161c13bd7092f771a8ebf588c7405f495637fb4c..10bd59faf78e5c1c0d7f8f376a431c99f18b2f7d 100644
--- a/kubernetes/opa/report/policies_test.rego
+++ b/kubernetes/opa/report/policies_test.rego
@@ -6,6 +6,7 @@ package tests
current_time := 1640235102
iss := "https://sunbirded.org/auth/realms/sunbird"
+private_ingressgateway_ip := "1.2.3.4"
test_get_report {
data.main.allow.allowed
@@ -26,6 +27,25 @@ test_get_report {
}
}
+test_get_report_internal_request {
+ data.main.allow.allowed
+ with data.common.current_time as current_time
+ with data.common.iss as iss
+ with data.common.private_ingressgateway_ip as private_ingressgateway_ip
+ with input as
+ {
+ "attributes": {
+ "request": {
+ "http": {
+ "headers": {},
+ "path": "/report/get/1656a060-bf3a-11ec-b495-9fb99cdeb463",
+ "host": "1.2.3.4"
+ }
+ }
+ }
+ }
+}
+
test_list_reports {
data.main.allow.allowed
with data.common.current_time as current_time
@@ -50,6 +70,28 @@ test_list_reports {
}
}
+test_list_reports_without_user_token {
+ data.main.allow.allowed
+ with data.common.current_time as current_time
+ with data.common.iss as iss
+ with input as
+ {
+ "attributes": {
+ "request": {
+ "http": {
+ "headers": {},
+ "path": "/report/list"
+ }
+ }
+ },
+ "parsed_body": {
+ "request": {
+ "filters": {}
+ }
+ }
+ }
+}
+
test_create_report {
data.main.allow.allowed
with data.common.current_time as current_time
@@ -90,6 +132,46 @@ test_create_report {
}
}
+test_create_report_internal_request {
+ data.main.allow.allowed
+ with data.common.current_time as current_time
+ with data.common.iss as iss
+ with data.common.private_ingressgateway_ip as private_ingressgateway_ip
+ with input as
+ {
+ "attributes": {
+ "request": {
+ "http": {
+ "headers": {},
+ "path": "/report/create",
+ "host": "1.2.3.4"
+ }
+ }
+ },
+ "parsed_body": {
+ "request": {
+ "report": {
+ "title": "string",
+ "description": "string",
+ "authorizedroles": ["string"],
+ "status": "string",
+ "type": "string",
+ "createdby": "28b0d08f-c2ea-40d1-bcd0-8ae00fca66be",
+ "reportconfig": {
+ "id": "string",
+ "label": "string",
+ "title": "string",
+ "description": "string",
+ },
+ "slug": "string",
+ "reportgenerateddate": "string",
+ "updatefrequency": "string"
+ }
+ }
+ }
+ }
+}
+
test_delete_report {
data.main.allow.allowed
with data.common.current_time as current_time
@@ -133,6 +215,30 @@ test_update_report {
}
}
+test_update_report_internal_request {
+ data.main.allow.allowed
+ with data.common.current_time as current_time
+ with data.common.iss as iss
+ with data.common.private_ingressgateway_ip as private_ingressgateway_ip
+ with input as
+ {
+ "attributes": {
+ "request": {
+ "http": {
+ "headers": {},
+ "path": "/report/update",
+ "host": "1.2.3.4"
+ }
+ }
+ },
+ "parsed_body": {
+ "request": {
+ "report": {}
+ }
+ }
+ }
+}
+
test_publish_report {
data.main.allow.allowed
with data.common.current_time as current_time
@@ -242,4 +348,40 @@ test_create_report_summary {
}
}
}
+}
+
+test_get_report_datasets {
+ data.main.allow.allowed
+ with data.common.current_time as current_time
+ with data.common.iss as iss
+ with input as
+ {
+ "attributes": {
+ "request": {
+ "http": {
+ "headers": {
+ "x-authenticated-user-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiQk9PS19DUkVBVE9SIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPTlRFTlRfQ1JFQVRPUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJDT05URU5UX1JFVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPVVJTRV9NRU5UT1IiLCJzY29wZSI6W3sib3JnYW5pc2F0aW9uSWQiOiIwMTM2OTg3ODc5NzUwMzY5MjgxMCJ9XX0seyJyb2xlIjoiUFJPR1JBTV9ERVNJR05FUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJSRVBPUlRfVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6Ik9SR19BRE1JTiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn0seyJvcmdhbmlzYXRpb25JZCI6IjAxNDcxOTIzNTY3ODEyMzQ1Njc4In1dfSx7InJvbGUiOiJQVUJMSUMiLCJzY29wZSI6W119XSwiaXNzIjoiaHR0cHM6Ly9zdW5iaXJkZWQub3JnL2F1dGgvcmVhbG1zL3N1bmJpcmQiLCJuYW1lIjoiZGVtbyIsInR5cCI6IkJlYXJlciIsImV4cCI6MTY0MDIzNjEwMiwiaWF0IjoxNjQwMTQ5NzA1fQ.B3-TSdYSOlawPHjFdiRjXwvRbYQ_eH_HTiLKlH7vGS0rCOJ6HQbYyWOhZ7vbZPb3virkuyfhykFcYCEHBCkHY-fwGAeU58Pmhi0dnNJkR59Fa9y_75W98JXZW68HROp62ntEAKCA1oot_U4tYi-8UNoR17Gszj9iYzFEBc6TZA4Lrom_9gqhBOYzL0ISFWSS6oG94EaaKDYHyWzCSjU2nYRB_fn-tODmnVJ12GRJAc1oM9y54o8neNYsl4T_xPyD34v-CinUJM8jzDjFqK5_O3HnAbcmXvkZjFRgfk4mF1V4s5hlsTJGyhi2JOPh90C5N-HbAY8QsPBnzgYFQU_sww"
+ },
+ "path": "/report/datasets/get/1656a060-bf3a-11ec-b495-9fb99cdeb463"
+ }
+ }
+ }
+ }
+}
+
+test_get_report_datasets_without_user_token {
+ data.main.allow.allowed
+ with data.common.current_time as current_time
+ with data.common.iss as iss
+ with input as
+ {
+ "attributes": {
+ "request": {
+ "http": {
+ "headers": {},
+ "path": "/report/datasets/get/1656a060-bf3a-11ec-b495-9fb99cdeb463"
+ }
+ }
+ }
+ }
}
\ No newline at end of file
diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml
index 3e35beb55684e6c9dc3106e2bd28106402f30859..b004ab86d2639d650ef27b4f828e1686ee15bd05 100644
--- a/private_repo/ansible/inventory/dev/Core/secrets.yml
+++ b/private_repo/ansible/inventory/dev/Core/secrets.yml
@@ -65,7 +65,6 @@ adminutil_refresh_token_public_key_kid: "" # get after keycloak deployment, go
#SELECT value FROM component_config CC INNER JOIN component C ON(CC.component_id = C.id) WHERE C.realm_id = 'sunbird' and provider_id = 'hmac-generated' AND CC.name = 'secret';
adminutil_refresh_token_secret_key: "" # get after Keycloak deployment from postgres using the above query
-
# mongodb keyfile content generated using
# 'openssl rand -base64 741'
# eg:
@@ -102,6 +101,7 @@ core_vault_sunbird_google_oauth_clientId_portal: # Google oauth client i
core_vault_sunbird_google_oauth_clientSecret_portal: # Google oauth client secret
core_vault_sunbird_google_captcha_site_key_portal: # Google recaptch site key
google_captcha_private_key: # Google recaptch private key
+learning_content_drive_apiKey: # Google drive api key
# ------------------------------------------------------------------------------------------------------------ #
# Optional variables - Can be left blank if you dont plan to use the intended features