diff --git a/DemoStack/.env b/DemoStack/.env index 438a00a..f42c830 100644 --- a/DemoStack/.env +++ b/DemoStack/.env @@ -1,4 +1,4 @@ -DEPLOYMENT_VERSION=1.6.0 +DEPLOYMENT_VERSION=1.7.2 # ----- Postgres env var ------ @@ -22,6 +22,25 @@ TRE_DATA_DATABASE=tredata TRE_DATA_USER=admin TRE_DATA_PASSWORD=admin +TreApiPublicUrl=http://localhost:8072 +# Keycloak Host name +KeycloakHostName=localhost +# TRE KeyCloak URL +TRE_KEYCLOAK_URL=http://keycloak:8080 +# Submission KeyCloak URL +SUBMISSION_KEYCLOAK_URL=http://keycloak:8080 +# Minio TRE UI URL +MINIO_TRE_UI_URL=http://localhost:9003 +# Submision API URL +SubmissionAPIAddressURL=http://submissionAPI:8080 +# Encryption settings (Base-64 String) - Defaulted for development/demo purposes only - NEVER USE IN PRODUCTION +EncryptionSettingsKey=9pDUei4zHnuXrC0Hb0KSG0g1U4GsV6ajZf+/kYKtrI8= +# New TRE UI env vars +# Secret for Better Auth - Defaulted for development/demo purposes only - NEVER USE IN PRODUCTION +BETTER_AUTH_SECRET=r6oTUwEUlvoa4Fdh3XIBviHRVpCudrt3 +BETTER_AUTH_URL=http://localhost:3000 +NEXT_PUBLIC_KEYCLOAK_URL=http://localhost:8085 +NEXT_PUBLIC_HELPDESK_URL=https://ukserp.atlassian.net/servicedesk/customer/portal/3 DemoMode=true # Set to true if you'd like to simulate execution, otherwise default to false: KeyCloakDemoMode=true # Allows Keycloak to not require https: @@ -106,7 +125,7 @@ SubmissionAPIKeyCloakSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 SubmissionUIAccountManagementURL=http://keycloak:8080/realms/Dare-Control/account SubmissionUIKeyCloakBaseUrl=http://keycloak:8080/realms/Dare-Control KeyCloakUseRedirect=false -KeyCloakClientUIRedirectURL=http://localhost:8888/ +SubmissionKeyCloakClientUIRedirectURL=http://localhost:8888/ KeyCloakTokenExpiredAddressUI=http://localhost:8888/Account/LoginAfterTokenExpired SubmissionUIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 SubmissionUIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration @@ -138,7 +157,7 @@ TreAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/o TreAPIAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account TreAPIValidAudiences=Dare-TRE-API,Dare-TRE-UI -URLSettingsFrontEndQueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 +URLSettingsFrontEndQueryImageSQL=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 # ----- Submission Server Settings ----- @@ -146,7 +165,7 @@ SuppressAntiforgery=false SubmissionSignedOutRedirectUri=/ SubmissionTokenRefreshSeconds=3600 SubmissionValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio -SubmissionServer=keycloak:8080 +SubmissionKeyCloakServer=keycloak:8080 SubmissionServerProtocol=http SubmissionRealm=Dare-Control SubmissionAutoTrustKeycloakCert=false @@ -156,10 +175,4 @@ SubmissionValidAudience= # ------ Config path for infrastructure services ------ # ------ (Keycloak, Ldap, Ldap Init, Postgres, Realm Configuration) ------ -CONFIG_PATH=../../../DemoStack/config - -# ------ Encryption strings for TRE API ----- -# Encryption settings (16 bytes Base-64 String) -EncryptionSettingsKey=E9gzanEsEfK32w6slO20xg== -EncryptionSettingsBase=uQV9bsRydGnkGjgz7wMQpA== - +CONFIG_PATH=../../../DemoStack/config \ No newline at end of file diff --git a/DemoStack/config/realm-config/tre-layer.json b/DemoStack/config/realm-config/tre-layer.json index ce612ea..0237e21 100644 --- a/DemoStack/config/realm-config/tre-layer.json +++ b/DemoStack/config/realm-config/tre-layer.json @@ -90,9 +90,15 @@ "description": "${role_default-roles}", "composite": true, "composites": { - "realm": ["offline_access", "uma_authorization"], + "realm": [ + "offline_access", + "uma_authorization" + ], "client": { - "account": ["view-profile", "manage-account"] + "account": [ + "view-profile", + "manage-account" + ] } }, "clientRole": false, @@ -182,7 +188,9 @@ "composite": true, "composites": { "client": { - "realm-management": ["query-clients"] + "realm-management": [ + "query-clients" + ] } }, "clientRole": true, @@ -214,7 +222,10 @@ "composite": true, "composites": { "client": { - "realm-management": ["query-groups", "query-users"] + "realm-management": [ + "query-groups", + "query-users" + ] } }, "clientRole": true, @@ -387,7 +398,9 @@ "composite": true, "composites": { "client": { - "account": ["view-consent"] + "account": [ + "view-consent" + ] } }, "clientRole": true, @@ -401,7 +414,9 @@ "composite": true, "composites": { "client": { - "account": ["manage-account-links"] + "account": [ + "manage-account-links" + ] } }, "clientRole": true, @@ -454,11 +469,15 @@ "path": "/dare-tre-admin", "subGroups": [], "attributes": { - "policy": ["consoleAdmin"] + "policy": [ + "consoleAdmin" + ] }, "realmRoles": [], "clientRoles": { - "realm-management": ["manage-users"] + "realm-management": [ + "manage-users" + ] } }, { @@ -488,7 +507,9 @@ "clientRole": false, "containerId": "c3092379-b6ae-4543-86f7-b684433bdf79" }, - "requiredCredentials": ["password"], + "requiredCredentials": [ + "password" + ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, @@ -503,7 +524,9 @@ ], "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", @@ -514,7 +537,9 @@ "webAuthnPolicyAcceptableAaguids": [], "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", @@ -535,7 +560,9 @@ "serviceAccountClientId": "Dare-TRE-API", "disableableCredentialTypes": [], "requiredActions": [], - "realmRoles": ["default-roles-dare-tre"], + "realmRoles": [ + "default-roles-dare-tre" + ], "notBefore": 0, "groups": [] }, @@ -548,8 +575,12 @@ "totp": false, "serviceAccountClientId": "Dare-TRE-Minio", "disableableCredentialTypes": [], - "requiredActions": ["CONFIGURE_TOTP"], - "realmRoles": ["default-roles-dare-tre"], + "requiredActions": [ + "CONFIGURE_TOTP" + ], + "realmRoles": [ + "default-roles-dare-tre" + ], "notBefore": 0, "groups": [] }, @@ -563,7 +594,9 @@ "serviceAccountClientId": "Dare-TRE-UI", "disableableCredentialTypes": [], "requiredActions": [], - "realmRoles": ["default-roles-dare-tre"], + "realmRoles": [ + "default-roles-dare-tre" + ], "notBefore": 0, "groups": [] }, @@ -580,8 +613,13 @@ "temporary": false } ], - "realmRoles": ["dare-tre-admin", "default-roles-dare-control"], - "groups": ["/dare-tre-admin"] + "realmRoles": [ + "dare-tre-admin", + "default-roles-dare-control" + ], + "groups": [ + "/dare-tre-admin" + ] }, { "username": "accessfromegresstotre", @@ -602,7 +640,9 @@ "data-egress-admin", "default-roles-dare-control" ], - "groups": ["/dare-tre-admin"] + "groups": [ + "/dare-tre-admin" + ] }, { "username": "accessfromqueryenginetotre", @@ -617,24 +657,34 @@ "temporary": false } ], - "realmRoles": ["dare-results-admin", "default-roles-dare-control"] + "realmRoles": [ + "dare-results-admin", + "default-roles-dare-control" + ] } ], "scopeMappings": [ { "clientScope": "offline_access", - "roles": ["offline_access"] + "roles": [ + "offline_access" + ] }, { "clientScope": "minio-authorization", - "roles": ["uma_authorization"] + "roles": [ + "uma_authorization" + ] } ], "clientScopeMappings": { "account": [ { "client": "account-console", - "roles": ["manage-account", "view-groups"] + "roles": [ + "manage-account", + "view-groups" + ] } ] }, @@ -649,7 +699,9 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/Dare-TRE/account/*"], + "redirectUris": [ + "/realms/Dare-TRE/account/*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -693,7 +745,9 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/Dare-TRE/account/*"], + "redirectUris": [ + "/realms/Dare-TRE/account/*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -835,8 +889,12 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "e9021a57-3f4f-4254-ba27-2cdbb99a2cb5", - "redirectUris": ["http://localhost:5034/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost:5034/*" + ], + "webOrigins": [ + "+" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -937,7 +995,9 @@ "alwaysDisplayInConsole": true, "clientAuthenticatorType": "client-secret", "secret": "71ee3de3-0e0c-49c8-a0b2-c0e490c90591", - "redirectUris": ["http://localhost:9003/*"], + "redirectUris": [ + "http://localhost:9003/*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -1046,8 +1106,13 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "2de114bc-3599-45f1-9b61-5090c6859dfe", - "redirectUris": ["http://localhost:8989/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost:8989/*", + "http://localhost:3000/*" + ], + "webOrigins": [ + "+" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1186,8 +1251,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/Dare-TRE/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "/admin/Dare-TRE/console/*" + ], + "webOrigins": [ + "+" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1918,7 +1987,9 @@ }, "smtpServer": {}, "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": [ + "jboss-logging" + ], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1941,7 +2012,9 @@ "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": ["true"] + "allow-default-scopes": [ + "true" + ] } }, { @@ -1951,8 +2024,12 @@ "subType": "anonymous", "subComponents": {}, "config": { - "host-sending-registration-request-must-match": ["true"], - "client-uris-must-match": ["true"] + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] } }, { @@ -2000,7 +2077,9 @@ "subType": "anonymous", "subComponents": {}, "config": { - "max-clients": ["200"] + "max-clients": [ + "200" + ] } }, { @@ -2010,7 +2089,9 @@ "subType": "authenticated", "subComponents": {}, "config": { - "allow-default-scopes": ["true"] + "allow-default-scopes": [ + "true" + ] } }, { @@ -2041,8 +2122,12 @@ "providerId": "rsa-enc-generated", "subComponents": {}, "config": { - "priority": ["100"], - "algorithm": ["RSA-OAEP"] + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] } }, { @@ -2051,7 +2136,9 @@ "providerId": "rsa-generated", "subComponents": {}, "config": { - "priority": ["100"] + "priority": [ + "100" + ] } }, { @@ -2060,8 +2147,12 @@ "providerId": "hmac-generated", "subComponents": {}, "config": { - "priority": ["100"], - "algorithm": ["HS256"] + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] } }, { @@ -2070,7 +2161,9 @@ "providerId": "aes-generated", "subComponents": {}, "config": { - "priority": ["100"] + "priority": [ + "100" + ] } }, { @@ -2079,8 +2172,12 @@ "providerId": "hmac-generated", "subComponents": {}, "config": { - "priority": ["100"], - "algorithm": ["HS512"] + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] } } ] @@ -2868,4 +2965,4 @@ "clientPolicies": { "policies": [] } -} +} \ No newline at end of file diff --git a/DeploymentStack/Submission/.env b/DeploymentStack/Submission/.env index 2c7e0d8..a913ebf 100644 --- a/DeploymentStack/Submission/.env +++ b/DeploymentStack/Submission/.env @@ -1,73 +1,60 @@ -DEPLOYMENT_VERSION=1.6.0 - +DEPLOYMENT_VERSION=1.7.2 +# Internal Postgres Superuser creds PGLOGIN=admin PGPASSWORD=admin -# Set to true if you'd like to simulate execution, otherwise default to false: -DemoMode = false -# Allows Keycloak to not require https: -KeyCloakDemoMode=true - -# Keycloak Host name +# Keycloak Host name (if using a local Keycloak instance) KeycloakHostName=localhost -#If having issues with keycloak set this to false. -sslcookies=false -#If http only site set this to false -httpsRedirect=false +# Submission KeyCloak URL (KEEP THE SAME - if using a LOCAL Keycloak instance; CHANGE - if using a REMOTE Keycloak instance) +SUBMISSION_KEYCLOAK_URL=http://keycloak:8080 # MinIO Settings: - # Client ID, Secret Key, URL: -MinioIdentityID=Dare-Control-Minio MinioOpenidSecret=8a11bbcd-693a-4549-bda4-3e978fcf4de1 -MinioIdentityConfigURL=http://keycloak:8080//realms/Dare-Control/.well-known/openid-configuration # Root User: MinioRootUser=minio MinioRootPass=minio123 +# Point to Submission Minio API +submissionMinioUrl=http://minioSubmission:9000 +# Point to Submission Minio Console +submissionMinioAdminConsole=http://localhost:9001 + +# Keycloak Settings for Submission API and UI +SubmissionAPIKeyCloakSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 +SubmissionUIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 +# Redirect URL for Submission UI +SubmissionKeyCloakClientUIRedirectURL=http://localhost:7220 +# Server URL for Submission Keycloak +SubmissionKeyCloakServer=keycloak:8080 +# Protocol for Submission Keycloak +SubmissionServerProtocol=http -# MinIO Host name -MinioBrowserHost=localhost -MinioSubmissionUrl=http://minio:9000 -#This is the console url port:9001 -MinioSubmissionAdminConsoleUrl=http://minio:9001 +# Default SQL Query Image to run in the SQL wizard +URLSettingsFrontEndQueryImageSQL=harbor.federated-analytics.ac.uk/5s-tes-analysis-tools/5s-tes-analysis-tools-tre-sqlpg:1.0.0 -# Proxy Settings: +# Note: Env vars below are unlikely to be changed +# Path to the config folder of Submission Layer +CONFIG_PATH=../../../DeploymentStack/submission/config +# Always keep this as false in real deployments: +DemoMode=false +# Allows Keycloak to not require https: +KeyCloakDemoMode=true +#If having issues with keycloak set this to false. +sslcookies=false +#If http only site set this to false +httpsRedirect=false +# Proxy Settings (to be reviewed and removed if not needed): no_proxy=192.168.*.*,172.17.*.*,localhost,0.0.0.0,127.0.0.1,minio http_proxy=http://192.168.10.15:8080 https_proxy=http://192.168.10.15:8080 ProxyAddressURLForExternalFetch=http://192.168.10.15:8080 useproxy=false proxyurl=http://192.168.10.15:8080 - -SubmissionAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-Control -SubmissionAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionAPIKeyCloakSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 - -SubmissionUIAccountManagementURL=http://keycloak:8080/realms/Dare-Control/account -SubmissionUIKeyCloakBaseUrl=http://keycloak:8080/realms/Dare-Control -KeyCloakUseRedirect=false -KeyCloakClientUIRedirectURL=http://localhost:8888/ -KeyCloakTokenExpiredAddressUI=http://localhost:8888/Account/LoginAfterTokenExpired -SubmissionUIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 -SubmissionUIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionUIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/ -KeyCloakTokenExpiredAddressUI=http://localhost:8888/Account/LoginAfterTokenExpired -KeyCloakClientUIRedirectURL=http://localhost:8989/ - -URLSettingsFrontEndQueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 - -SuppressAntiforgery=false -SubmissionSignedOutRedirectUri=/ +# Submission Keycloak settings (to be reviewed and removed if not needed): SubmissionTokenRefreshSeconds=3600 -SubmissionValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio -SubmissionServer=keycloak:8080 -SubmissionServerProtocol=http -SubmissionRealm=Dare-Control +SubmissionSignedOutRedirectUri=/ SubmissionAutoTrustKeycloakCert=false SubmissionValidIssuer= -SubmissionValidAudience= - -CONFIG_PATH=../../../DeploymentStack/Submission/config \ No newline at end of file +SuppressAntiforgery=false diff --git a/DeploymentStack/Submission/docker-compose.yml b/DeploymentStack/Submission/docker-compose.yml index e139cd2..5b922d3 100644 --- a/DeploymentStack/Submission/docker-compose.yml +++ b/DeploymentStack/Submission/docker-compose.yml @@ -3,17 +3,14 @@ name: SubmissionLayer # ----- Services ----- include: - # ----- Application Services ----- # - (Submission Layer) - - ../../ServiceStack/compose-manifests/applications/submission-layer.yml # ----- Shared Services ----- # - Platform Service: (PostgreSQL, Adminer, Serilog, RabbitMQ) - # - Auth Service: (Keycloak) - - ../../ServiceStack/compose-manifests/shared/platform.yml + # - Auth Service: (Keycloak - Optional) - ../../ServiceStack/compose-manifests/shared/auth.yml # ----- Storage Services ----- @@ -44,4 +41,4 @@ volumes: networks: sub-net: - driver: bridge \ No newline at end of file + driver: bridge diff --git a/DeploymentStack/TRE/.env b/DeploymentStack/TRE/.env index bf6f204..73c48a6 100644 --- a/DeploymentStack/TRE/.env +++ b/DeploymentStack/TRE/.env @@ -1,138 +1,106 @@ -DEPLOYMENT_VERSION=1.6.0 +DEPLOYMENT_VERSION=1.7.2 +# Internal Postgres Superuser creds PGLOGIN=admin PGPASSWORD=admin -# Encryption settings (16 bytes Base-64 String) +# Encryption settings (Base-64 String, generate by running: openssl rand -base64 32) EncryptionSettingsKey= -EncryptionSettingsBase= # TRE Data DB Credentials -# Used for the TRE Agent to create temporary credentials against a postgres database: +# Used for the TRE Agent to create temporary credentials against any Postgres database: TRE_DATA_SERVER=postgres TRE_DATA_PORT=5432 TRE_DATA_DATABASE=tredata TRE_DATA_USER=admin TRE_DATA_PASSWORD=admin -# Set to true if you'd like to simulate execution, otherwise default to false: -DemoMode = false +# Name of the deployed TRE TreName=DEMO -# Allows Keycloak to not require https: -KeyCloakDemoMode=true -# Ephemeral Credentials: -EphemeralCredentials = true -# Keycloak Host name +# Keycloak Host name (if using a local Keycloak instance) KeycloakHostName=localhost -# To execute with a TES implementation -UseTESK=true +# TRE KEYCLOAK URL (KEEP THE SAME - if using a LOCAL Keycloak instance; CHANGE - if using a REMOTE Keycloak instance) +TRE_KEYCLOAK_URL=http://keycloak:8080 -UseRabbit=false +# SUBMISSION KEYCLOAK URL (KEEP THE SAME - in DEMO; CHANGE - in PRODUCTION) +SUBMISSION_KEYCLOAK_URL=http://keycloak:8080 # Where TESK or Funnel API is hosted: TesAPIUrl=http://localhost:8000/v1/tasks -# Output bucket prefix for the TES executing agent to write results to -TesOutputBucketPrefix=s3:// -# Minio Settings -# Client ID, Secret Key, URL: -MinioTreIdentityID=Dare-TRE-Minio +# Minio TRE Settings +# UI URL +MINIO_TRE_UI_URL=http://localhost:9003 +# KeyCloak Client Secret MinioTreOpenidSecret=71ee3de3-0e0c-49c8-a0b2-c0e490c90591 -MinioTreIdentityConfigURL=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration - -MinioRootUser=minio -MinioRootPass=minio123 - +# Minio TRE Creds TreMinioAdminUser=minio TreMinioAdminPassword=minio123 -MinioBrowserHost=localhost +# Minio Submission Creds +MinioRootUser=minio +MinioRootPass=minio123 # For the TRE API & UI to talk to each other: -TreUiPublicUrl=http://localhost:8989 TreApiPublicUrl=http://localhost:8072 -# CAMUNDA env var -CAMUNDA_VERSION=8.8.0 -CAMUNDA_BUNDLE_VERSION=8.8.1 -ELASTIC_VERSION=8.17.5 - -CredentialAPISettingsStartWebhookUrl=http://connectors:8080/inbound/StartCredentials -CredentialAPISettingsRevokeWebhookUrl=http://connectors:8080/inbound/RevokeCredentials - -# Proxy Settings: -useproxy=false -proxyurl=http://192.168.10.15:8080 -#If having issues with keycloak set this to false. -sslcookies=false -#If http only site set this to false -httpsRedirect=false - +# Sync Settings: # Sync Projects & Users between TRE & Submission Layer - default every 10 minutes syncSchedule=10 # Scan Submission Layer for available submissions - default every 1 minute scanSchedule=1 - # Sync to Submission Layer - The Submission API: SubmissionAPIAddressURL=http://localhost:5034 -# Point to submission minio +# Point to Submission Minio API submissionMinioUrl=http://localhost:9000 -#This is the 9001 url +# Point to Submission Minio Console submissionMinioAdminConsole=http://localhost:9001 -IgnoreHutchSSL=true -HutchMinioURLOverride= -HutchAPIAddress=https://localhost:7239 -HutchDbName=theDb -HutchDbPort=24 -HutchDbServer=theserver - - -EnableExternalHangfire=false # Egress Keycloak Settings: -EgressKeyCloakUseRedirect=false -EgressKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Data-Egress -EgressKeyCloakAuthority=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration -EgressKeyCloakMetadataAddress=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration -EgressValidAudiences=Data-Egress-UI,Data-Egress-API -EgressKeyCloakClientUIRedirectURL=https//localhost:8100/ -EgressKeyCloakTokenExpiredAddressUI=http://localhost:8100/Account/LoginAfterTokenExpired +EgressKeyCloakClientUIRedirectURL=http://localhost:8100 EgressKeyCloakSecret=81c1f071-8c45-49ef-a966-84ca8f420b7e -EgressKeyCloakClientID=Data-Egress-API # Submission Keycloak Settings - used to authorise TRE API against Submission API: -SubmissionAPIKeyCloakUseRedirect=false -SubmissionAPIKeyCloakClientId=Dare-Control-API -SubmissionAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-Control -SubmissionAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionAPIValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio -SubmissionAPIKeyCloakClientUIRedirectURL=http://localhost:8989/ -SubmissionAPIKeyCloakTokenExpiredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired +SubmissionAPIKeyCloakClientUIRedirectURL=http://localhost:8989 SubmissionAPIKeyCloakSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 -TreKeyCloakUseRedirect=false -TreKeyCloakClientUIRedirectURL=http://localhost:8989/ -TreKeyCloakTokenExpiredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired +# TRE UI Keycloak Settings: +TreKeyCloakClientUIRedirectURL=http://localhost:8989 TreKeyCloakSecret=2de114bc-3599-45f1-9b61-5090c6859dfe -TreKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-TRE -TreKeyCloakAuthority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -TreKeyCloakClientId=Dare-TRE-UI -TreKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -TreAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account -TreValidAudiences=Dare-TRE-API,Dare-TRE-UI - -TreAPIKeyCloakUseRedirect=false -TreAPIKeyCloakClientUIRedirectURL=http://localhost:8989/ -TreAPIKeyCloakTokenExpiredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired + +# TRE API Keycloak Settings: +TreAPIKeyCloakClientUIRedirectURL=http://localhost:8989 TreAPIKeyCloakSecret=e9021a57-3f4f-4254-ba27-2cdbb99a2cb5 -TreAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-TRE -TreAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -TreAPIKeyCloakClientId=Dare-TRE-API -TreAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -TreAPIAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account -TreAPIValidAudiences=Dare-TRE-API,Dare-TRE-UI - -CONFIG_PATH=../../../DeploymentStack/TRE/config \ No newline at end of file + +# New TRE UI env vars +# BETTER_AUTH_SECRET (Base-64 String, generate by running: openssl rand -base64 32) +BETTER_AUTH_SECRET= +# BETTER_AUTH_URL (URL of the Better Auth server) +BETTER_AUTH_URL=http://localhost:3000 +# NEXT_PUBLIC_HELPDESK_URL (URL of the Helpdesk) +NEXT_PUBLIC_HELPDESK_URL=https://ukserp.atlassian.net/servicedesk/customer/portal/3 +# NEXT_PUBLIC_KEYCLOAK_URL (URL of the TRE Keycloak instance for client access) +NEXT_PUBLIC_KEYCLOAK_URL=http://localhost:8085 + +# Note: Env vars below are unlikely to be changed +# Path to the config folder of TRE +CONFIG_PATH=../../../DeploymentStack/TRE/config +# Always keep this as false in real deployments: +DemoMode=false +# Always keep this as true in real deployments +UseTESK=true +# Allows Keycloak to not require https: +KeyCloakDemoMode=true +# Output bucket prefix for the TES executing agent to write results to +TesOutputBucketPrefix=s3:// +# Proxy Settings (to be reviewed and removed): +useproxy=false +proxyurl=http://192.168.10.15:8080 +#If having issues with keycloak set this to false. +sslcookies=false +#If http only site set this to false +httpsRedirect=false +# Hangfire setting +EnableExternalHangfire=false \ No newline at end of file diff --git a/DeploymentStack/TRE/config/realm-config/tre-layer.json b/DeploymentStack/TRE/config/realm-config/tre-layer.json index c478baf..71e21e8 100644 --- a/DeploymentStack/TRE/config/realm-config/tre-layer.json +++ b/DeploymentStack/TRE/config/realm-config/tre-layer.json @@ -90,9 +90,15 @@ "description": "${role_default-roles}", "composite": true, "composites": { - "realm": ["offline_access", "uma_authorization"], + "realm": [ + "offline_access", + "uma_authorization" + ], "client": { - "account": ["view-profile", "manage-account"] + "account": [ + "view-profile", + "manage-account" + ] } }, "clientRole": false, @@ -182,7 +188,9 @@ "composite": true, "composites": { "client": { - "realm-management": ["query-clients"] + "realm-management": [ + "query-clients" + ] } }, "clientRole": true, @@ -214,7 +222,10 @@ "composite": true, "composites": { "client": { - "realm-management": ["query-groups", "query-users"] + "realm-management": [ + "query-groups", + "query-users" + ] } }, "clientRole": true, @@ -387,7 +398,9 @@ "composite": true, "composites": { "client": { - "account": ["view-consent"] + "account": [ + "view-consent" + ] } }, "clientRole": true, @@ -401,7 +414,9 @@ "composite": true, "composites": { "client": { - "account": ["manage-account-links"] + "account": [ + "manage-account-links" + ] } }, "clientRole": true, @@ -454,11 +469,15 @@ "path": "/dare-tre-admin", "subGroups": [], "attributes": { - "policy": ["consoleAdmin"] + "policy": [ + "consoleAdmin" + ] }, "realmRoles": [], "clientRoles": { - "realm-management": ["manage-users"] + "realm-management": [ + "manage-users" + ] } }, { @@ -488,7 +507,9 @@ "clientRole": false, "containerId": "c3092379-b6ae-4543-86f7-b684433bdf79" }, - "requiredCredentials": ["password"], + "requiredCredentials": [ + "password" + ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, @@ -503,7 +524,9 @@ ], "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", @@ -514,7 +537,9 @@ "webAuthnPolicyAcceptableAaguids": [], "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", @@ -535,7 +560,9 @@ "serviceAccountClientId": "Dare-TRE-API", "disableableCredentialTypes": [], "requiredActions": [], - "realmRoles": ["default-roles-dare-tre"], + "realmRoles": [ + "default-roles-dare-tre" + ], "notBefore": 0, "groups": [] }, @@ -548,8 +575,12 @@ "totp": false, "serviceAccountClientId": "Dare-TRE-Minio", "disableableCredentialTypes": [], - "requiredActions": ["CONFIGURE_TOTP"], - "realmRoles": ["default-roles-dare-tre"], + "requiredActions": [ + "CONFIGURE_TOTP" + ], + "realmRoles": [ + "default-roles-dare-tre" + ], "notBefore": 0, "groups": [] }, @@ -563,7 +594,9 @@ "serviceAccountClientId": "Dare-TRE-UI", "disableableCredentialTypes": [], "requiredActions": [], - "realmRoles": ["default-roles-dare-tre"], + "realmRoles": [ + "default-roles-dare-tre" + ], "notBefore": 0, "groups": [] }, @@ -580,8 +613,13 @@ "temporary": false } ], - "realmRoles": ["dare-tre-admin", "default-roles-dare-control"], - "groups": ["/dare-tre-admin"] + "realmRoles": [ + "dare-tre-admin", + "default-roles-dare-control" + ], + "groups": [ + "/dare-tre-admin" + ] }, { "username": "accessfromegresstotre", @@ -602,7 +640,9 @@ "data-egress-admin", "default-roles-dare-control" ], - "groups": ["/dare-tre-admin"] + "groups": [ + "/dare-tre-admin" + ] }, { "username": "accessfromqueryenginetotre", @@ -617,24 +657,34 @@ "temporary": false } ], - "realmRoles": ["dare-results-admin", "default-roles-dare-control"] + "realmRoles": [ + "dare-results-admin", + "default-roles-dare-control" + ] } ], "scopeMappings": [ { "clientScope": "offline_access", - "roles": ["offline_access"] + "roles": [ + "offline_access" + ] }, { "clientScope": "minio-authorization", - "roles": ["uma_authorization"] + "roles": [ + "uma_authorization" + ] } ], "clientScopeMappings": { "account": [ { "client": "account-console", - "roles": ["manage-account", "view-groups"] + "roles": [ + "manage-account", + "view-groups" + ] } ] }, @@ -649,7 +699,9 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/Dare-TRE/account/*"], + "redirectUris": [ + "/realms/Dare-TRE/account/*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -693,7 +745,9 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/Dare-TRE/account/*"], + "redirectUris": [ + "/realms/Dare-TRE/account/*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -835,8 +889,12 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "e9021a57-3f4f-4254-ba27-2cdbb99a2cb5", - "redirectUris": ["http://localhost:5034/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost:5034/*" + ], + "webOrigins": [ + "+" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -937,7 +995,9 @@ "alwaysDisplayInConsole": true, "clientAuthenticatorType": "client-secret", "secret": "71ee3de3-0e0c-49c8-a0b2-c0e490c90591", - "redirectUris": ["http://localhost:9003/*"], + "redirectUris": [ + "http://localhost:9003/*" + ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -1046,8 +1106,13 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "2de114bc-3599-45f1-9b61-5090c6859dfe", - "redirectUris": ["http://localhost:8989/*"], - "webOrigins": ["+"], + "redirectUris": [ + "http://localhost:8989/*", + "http://localhost:3000/*" + ], + "webOrigins": [ + "+" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1186,8 +1251,12 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/Dare-TRE/console/*"], - "webOrigins": ["+"], + "redirectUris": [ + "/admin/Dare-TRE/console/*" + ], + "webOrigins": [ + "+" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1918,7 +1987,9 @@ }, "smtpServer": {}, "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], + "eventsListeners": [ + "jboss-logging" + ], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1941,7 +2012,9 @@ "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": ["true"] + "allow-default-scopes": [ + "true" + ] } }, { @@ -1951,8 +2024,12 @@ "subType": "anonymous", "subComponents": {}, "config": { - "host-sending-registration-request-must-match": ["true"], - "client-uris-must-match": ["true"] + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] } }, { @@ -2000,7 +2077,9 @@ "subType": "anonymous", "subComponents": {}, "config": { - "max-clients": ["200"] + "max-clients": [ + "200" + ] } }, { @@ -2010,7 +2089,9 @@ "subType": "authenticated", "subComponents": {}, "config": { - "allow-default-scopes": ["true"] + "allow-default-scopes": [ + "true" + ] } }, { @@ -2041,8 +2122,12 @@ "providerId": "rsa-enc-generated", "subComponents": {}, "config": { - "priority": ["100"], - "algorithm": ["RSA-OAEP"] + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] } }, { @@ -2051,7 +2136,9 @@ "providerId": "rsa-generated", "subComponents": {}, "config": { - "priority": ["100"] + "priority": [ + "100" + ] } }, { @@ -2060,8 +2147,12 @@ "providerId": "hmac-generated", "subComponents": {}, "config": { - "priority": ["100"], - "algorithm": ["HS256"] + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] } }, { @@ -2070,7 +2161,9 @@ "providerId": "aes-generated", "subComponents": {}, "config": { - "priority": ["100"] + "priority": [ + "100" + ] } }, { @@ -2079,8 +2172,12 @@ "providerId": "hmac-generated", "subComponents": {}, "config": { - "priority": ["100"], - "algorithm": ["HS512"] + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] } } ] @@ -2868,4 +2965,4 @@ "clientPolicies": { "policies": [] } -} +} \ No newline at end of file diff --git a/DeploymentStack/TRE/docker-compose.yml b/DeploymentStack/TRE/docker-compose.yml index ebc4046..d56de8d 100644 --- a/DeploymentStack/TRE/docker-compose.yml +++ b/DeploymentStack/TRE/docker-compose.yml @@ -2,21 +2,20 @@ name: TRE # ----- Services ----- include: - # ----- Application Services ----- # - (TRE Layer, Egress Layer) - - ../../ServiceStack/compose-manifests/applications/tre-layer.yml - ../../ServiceStack/compose-manifests/applications/egress-layer.yml # ----- Shared Services ----- # - Platform Service: (PostgreSQL, Adminer, Serilog, RabbitMQ) - # - Credential Service: (Camunda, Connectors, Vault, OpenLDAP, LDAP Init, phpLDAPadmin, Elastic Search) - # - Auth Service: (Keycloak) - - ../../ServiceStack/compose-manifests/shared/platform.yml + # - Credential Service: (Camunda, Connectors, Vault, OpenLDAP, LDAP Init, phpLDAPadmin, Elastic Search) - ../../ServiceStack/compose-manifests/shared/credentials.yml + # - Auth Service: (Keycloak - Optional) - ../../ServiceStack/compose-manifests/shared/auth.yml + # - OMOP Lite Service: (OMOP Lite - Optional - Uncomment to enable) + # - ../../ServiceStack/compose-manifests/shared/omop-lite.yml # ----- Storage Services ----- # - (MinIO - TRE) @@ -56,7 +55,6 @@ volumes: tre_process_models: driver: local - # ----- Shared Network & Configs ----- networks: @@ -99,4 +97,4 @@ configs: type: elasticsearch elasticsearch: cluster-name: elasticsearch - url: "http://elasticsearch:9200" \ No newline at end of file + url: "http://elasticsearch:9200" diff --git a/ServiceStack/compose-manifests/applications/egress-layer.yml b/ServiceStack/compose-manifests/applications/egress-layer.yml index 6025920..4902f70 100644 --- a/ServiceStack/compose-manifests/applications/egress-layer.yml +++ b/ServiceStack/compose-manifests/applications/egress-layer.yml @@ -1,5 +1,4 @@ services: - # ----- Data Egress - UI ----- # ------------------------------------- @@ -17,20 +16,21 @@ services: - DemoMode=${DemoMode} - KeyCloakDemoMode=${KeyCloakDemoMode} - Serilog__SeqServerUrl=http://seq:5341 - - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} - - DataEgressKeyCloakSettings__ClientId=${EgressKeyCloakClientID} + # Data Egress Keycloak settings + - DataEgressKeyCloakSettings__Authority=${TRE_KEYCLOAK_URL}/realms/Data-Egress/.well-known/openid-configuration + - DataEgressKeyCloakSettings__MetadataAddress=${TRE_KEYCLOAK_URL}/realms/Data-Egress/.well-known/openid-configuration + - DataEgressKeyCloakSettings__BaseUrl=${TRE_KEYCLOAK_URL}/realms/Data-Egress + - DataEgressKeyCloakSettings__ClientId=Data-Egress-API - DataEgressKeyCloakSettings__ClientSecret=${EgressKeyCloakSecret} - - DataEgressKeyCloakSettings__ValidAudiences=${EgressValidAudiences} + - DataEgressKeyCloakSettings__ValidAudiences=Data-Egress-UI,Data-Egress-API + - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRedirectURL} + - DataEgressKeyCloakSettings__UseRedirectURL=false - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - DataEgressKeyCloakSettings__BypassProxy=treAPI,seq-tre - - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakTokenExpiredAddressUI} - - DataEgressKeyCloakSettings__UseRedirectURL=${EgressKeyCloakUseRedirect} - - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRedirectURL} + - DataEgressKeyCloakSettings__BypassProxy="DataEgressUI,treAPI,seq-tre" - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - - MinioSettings__Url=http://localhost:9003 + - MinioSettings__Url=${MINIO_TRE_UI_URL} - sslcookies=${sslcookies} - httpsRedirect=${httpsRedirect} @@ -38,52 +38,54 @@ services: # ------------------------------------- DataEgressAPI: - image: harbor.ukserp.ac.uk:443/dare-trefx/control-egress-api:3.0.3 - container_name: DataEgressAPI - restart: always - networks: - - sub-net - ports: - - 8101:8080 - depends_on: - postgresql: - condition: service_healthy - minioTRE: - condition: service_healthy - environment: - - DemoMode=${DemoMode} - - KeyCloakDemoMode=${KeyCloakDemoMode} - - DemoModeDefaultP=password123 - - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - RabbitMQ__HostAddress=rabbitmq-tre - - Serilog__SeqServerUrl=http://seq:5341 - - TreKeyCloakSettings__Authority=${TreAPIKeyCloakAuthority} - - TreKeyCloakSettings__MetadataAddress=${TreAPIKeyCloakMetadataAddress} - - TreKeyCloakSettings__BaseUrl=${TreAPIKeyCloakBaseRealmAddress} - - TreKeyCloakSettings__ClientId=${TreAPIKeyCloakClientId} - - TreKeyCloakSettings__ClientSecret=${TreAPIKeyCloakSecret} - - TreKeyCloakSettings__ValidAudiences=${TreAPIValidAudiences} - - TreKeyCloakSettings__Proxy=${useproxy} - - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - - TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" - - TreKeyCloakSettings__TokenExpiredAddress=${TreAPIKeyCloakTokenExpiredAddressUI} - - TreKeyCloakSettings__UseRedirectURL=${TreKeyCloakUseRedirect} - - TreKeyCloakSettings__RedirectURL=${TreKeyCloakClientUIRedirectURL} - - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} - - DataEgressKeyCloakSettings__ClientId=${EgressKeyCloakClientID} - - DataEgressKeyCloakSettings__ClientSecret=${EgressKeyCloakSecret} - - DataEgressKeyCloakSettings__ValidAudiences=${EgressKeyCloakClientID} - - DataEgressKeyCloakSettings__Proxy=${useproxy} - - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - DataEgressKeyCloakSettings__BypassProxy="treAPI,seq-tre" - - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakTokenExpiredAddressUI} - - DataEgressKeyCloakSettings__UseRedirectURL=${EgressKeyCloakUseRedirect} - - MinioSettings__Url=http://minioTRE:9000 - - MinioSettings__AccessKey=${TreMinioAdminUser} - - MinioSettings__SecretKey=${TreMinioAdminPassword} - - MinioSettings__BucketName=testbucket - - MinioSettings__AdminConsole=http://minioIn:9001 - - TreAPISettings__Address=http://treapi:8080 - - DataEgressAPISettings__Address=http://DataEgressAPI:8100 \ No newline at end of file + image: harbor.ukserp.ac.uk:443/dare-trefx/control-egress-api:3.0.3 + container_name: DataEgressAPI + restart: always + networks: + - sub-net + ports: + - 8101:8080 + depends_on: + postgresql: + condition: service_healthy + minioTRE: + condition: service_healthy + environment: + - DemoMode=${DemoMode} + - KeyCloakDemoMode=${KeyCloakDemoMode} + - DemoModeDefaultP=password123 + - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; + - RabbitMQ__HostAddress=rabbitmq-tre + - Serilog__SeqServerUrl=http://seq:5341 + - TreKeyCloakSettings__Authority=${TRE_KEYCLOAK_URL}/realms/Dare-TRE/.well-known/openid-configuration + - TreKeyCloakSettings__MetadataAddress=${TRE_KEYCLOAK_URL}/realms/Dare-TRE/.well-known/openid-configuration + - TreKeyCloakSettings__BaseUrl=${TRE_KEYCLOAK_URL}/realms/Dare-TRE + - TreKeyCloakSettings__ClientId=Dare-TRE-API + - TreKeyCloakSettings__ClientSecret=${TreAPIKeyCloakSecret} + - TreKeyCloakSettings__ValidAudiences=Dare-TRE-API,Dare-TRE-UI + - TreKeyCloakSettings__TokenExpiredAddress=${TreAPIKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - TreKeyCloakSettings__RedirectURL=${TreAPIKeyCloakClientUIRedirectURL} + - TreKeyCloakSettings__UseRedirectURL=false + - TreKeyCloakSettings__Proxy=${useproxy} + - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} + - TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" + # Data Egress Keycloak settings? + - DataEgressKeyCloakSettings__Authority=${TRE_KEYCLOAK_URL}/realms/Data-Egress/.well-known/openid-configuration + - DataEgressKeyCloakSettings__MetadataAddress=${TRE_KEYCLOAK_URL}/realms/Data-Egress/.well-known/openid-configuration + - DataEgressKeyCloakSettings__BaseUrl=${TRE_KEYCLOAK_URL}/realms/Data-Egress + - DataEgressKeyCloakSettings__ClientId=Data-Egress-API + - DataEgressKeyCloakSettings__ClientSecret=${EgressKeyCloakSecret} + - DataEgressKeyCloakSettings__ValidAudiences=Data-Egress-UI,Data-Egress-API + - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRedirectURL} + - DataEgressKeyCloakSettings__UseRedirectURL=false + - DataEgressKeyCloakSettings__Proxy=${useproxy} + - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} + - DataEgressKeyCloakSettings__BypassProxy="DataEgressUI,treAPI,seq-tre" + - MinioSettings__Url=http://minioTRE:9000 + - MinioSettings__AccessKey=${TreMinioAdminUser} + - MinioSettings__SecretKey=${TreMinioAdminPassword} + - MinioSettings__BucketName=testbucket + - MinioSettings__AdminConsole=http://minioIn:9001 + - TreAPISettings__Address=http://treapi:8080 + - DataEgressAPISettings__Address=http://DataEgressAPI:8100 diff --git a/ServiceStack/compose-manifests/applications/submission-layer.yml b/ServiceStack/compose-manifests/applications/submission-layer.yml index 0d898b4..5e21c17 100644 --- a/ServiceStack/compose-manifests/applications/submission-layer.yml +++ b/ServiceStack/compose-manifests/applications/submission-layer.yml @@ -1,5 +1,4 @@ services: - # ----- Submission UI ----- # ----------------------------------------- submissionUI: @@ -23,23 +22,23 @@ services: - DareAPISettings__Address=http://submissionAPI:8080 - DareAPISettings_HelpAddress=http://submissionAPI:8080 - FormIOSettings__UseInternal=true + - sslcookies=${sslcookies} + - httpsRedirect=${httpsRedirect} + - SuppressAntiforgery=${SuppressAntiforgery} + - URLSettingsFrontEnd__QueryImageSQL=${URLSettingsFrontEndQueryImageSQL} + - URLSettingsFrontEnd__MinioUrl=${submissionMinioAdminConsole} + # Submission Keycloak settings - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - SubmissionKeyCloakSettings__BypassProxy="submissionAPI,seq" - - SubmissionKeyCloakSettings__TokenExpiredAddress=${KeyCloakTokenExpiredAddressUI} - - SubmissionKeyCloakSettings__UseRedirectURL=${KeyCloakUseRedirect} - - SubmissionKeyCloakSettings__RedirectURL=${KeyCloakClientUIRedirectURL} + - SubmissionKeyCloakSettings__TokenExpiredAddress=${SubmissionKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - SubmissionKeyCloakSettings__UseRedirectURL=false + - SubmissionKeyCloakSettings__RedirectURL=${SubmissionKeyCloakClientUIRedirectURL} - SubmissionKeyCloakSettings__ClientSecret=${SubmissionUIClientSecret} - - SubmissionKeyCloakSettings__AccountManagementURL=${SubmissionUIAccountManagementURL} - - SubmissionKeyCloakSettings__BaseUrl=${SubmissionUIKeyCloakBaseUrl} - - SuppressAntiforgery=${SuppressAntiforgery} - - SubmissionKeyCloakSettings__MetadataAddress=${SubmissionUIKeyCloakMetadataAddress} - - SubmissionKeyCloakSettings__Authority=${SubmissionUIKeyCloakAuthority} - - URLSettingsFrontEnd__QueryImage=${URLSettingsFrontEndQueryImage} - - URLSettingsFrontEnd__MinioUrl=${MinioBrowserHost}:9001 - - sslcookies=${sslcookies} - - httpsRedirect=${httpsRedirect} - + - SubmissionKeyCloakSettings__AccountManagementURL=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control/account + - SubmissionKeyCloakSettings__BaseUrl=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control + - SubmissionKeyCloakSettings__MetadataAddress=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control/.well-known/openid-configuration + - SubmissionKeyCloakSettings__Authority=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control/ # ----- Submission API ----- # ---------------------------------- @@ -74,29 +73,29 @@ services: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq - Serilog__SeqServerUrl=http://seq:5341 + - SuppressAntiforgery=${SuppressAntiforgery} + # Minio settings - MinioSettings__Url=http://minioSubmission:9000 + - MinioSettings__AdminConsole=http://minioSubmission:9001 - MinioSettings__AccessKey=${MinioRootUser} - MinioSettings__SecretKey=${MinioRootPass} - MinioSettings__BucketName=testbucket - - SuppressAntiforgery=${SuppressAntiforgery} - - MinioSettings__AdminConsole=http://minioSubmission:9001 + # Submission Keycloak settings - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - SubmissionKeyCloakSettings__BypassProxy=minioSubmission,seq - - SubmissionKeyCloakSettings__TokenExpiredAddress=${KeyCloakTokenExpiredAddressUI} - - SubmissionKeyCloakSettings__UseRedirectURL=${KeyCloakUseRedirect} - - SubmissionKeyCloakSettings__RedirectURL=${KeyCloakClientUIRedirectURL} - - SubmissionKeyCloakSettings__BaseUrl=${SubmissionAPIKeyCloakBaseRealmAddress} - - SubmissionKeyCloakSettings__MetadataAddress=${SubmissionAPIKeyCloakMetadataAddress} - - SubmissionKeyCloakSettings__Authority=${SubmissionAPIKeyCloakAuthority} + - SubmissionKeyCloakSettings__TokenExpiredAddress=${SubmissionKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - SubmissionKeyCloakSettings__UseRedirectURL=false + - SubmissionKeyCloakSettings__RedirectURL=${SubmissionKeyCloakClientUIRedirectURL} + - SubmissionKeyCloakSettings__BaseUrl=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control + - SubmissionKeyCloakSettings__MetadataAddress=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control/.well-known/openid-configuration + - SubmissionKeyCloakSettings__Authority=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control/ - SubmissionKeyCloakSettings__ClientSecret=${SubmissionAPIKeyCloakSecret} - #- SubmissionKeyCloakSettings__RemoteSignOutPath=${SubmissionRemoteSignOutPath} - SubmissionKeyCloakSettings__SignedOutRedirectUri=${SubmissionSignedOutRedirectUri} - SubmissionKeyCloakSettings__TokenRefreshSeconds=${SubmissionTokenRefreshSeconds} - - SubmissionKeyCloakSettings__ValidAudiences=${SubmissionValidAudiences} - - SubmissionKeyCloakSettings__Server=${SubmissionServer} + - SubmissionKeyCloakSettings__ValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio + - SubmissionKeyCloakSettings__Server=${SubmissionKeyCloakServer} - SubmissionKeyCloakSettings__Protocol=${SubmissionServerProtocol} - - SubmissionKeyCloakSettings__Realm=${SubmissionRealm} + - SubmissionKeyCloakSettings__Realm=Dare-Control - SubmissionKeyCloakSettings__AutoTrustKeycloakCert=${SubmissionAutoTrustKeycloakCert} - SubmissionKeyCloakSettings__ValidIssuer=${SubmissionValidIssuer} - - SubmissionKeyCloakSettings__ValidAudience=${SubmissionValidAudience} \ No newline at end of file diff --git a/ServiceStack/compose-manifests/applications/tre-layer.yml b/ServiceStack/compose-manifests/applications/tre-layer.yml index c3e5c78..8ffea99 100644 --- a/ServiceStack/compose-manifests/applications/tre-layer.yml +++ b/ServiceStack/compose-manifests/applications/tre-layer.yml @@ -1,5 +1,4 @@ services: - # ------ TRE Agent - UI ------- # ----------------------------------- @@ -15,28 +14,51 @@ services: - tre-api environment: - TreAPISettings__InternalApiBaseUrl=http://treAPI:8080 - - TreAPISettings__PublicApiBaseUrl=http://localhost:8072 + - TreAPISettings__PublicApiBaseUrl=${TreApiPublicUrl} - Serilog__SeqServerUrl=http://seq:5341 - DemoMode=${DemoMode} - KeyCloakDemoMode=${KeyCloakDemoMode} - - TreKeyCloakSettings__Authority=${TreKeyCloakAuthority} - - TreKeyCloakSettings__MetadataAddress=${TreKeyCloakMetadataAddress} - - TreKeyCloakSettings__BaseUrl=${TreKeyCloakBaseRealmAddress} - - TreKeyCloakSettings__ClientId=${TreKeyCloakClientId} + - sslcookies=${sslcookies} + - httpsRedirect=${httpsRedirect} + - TreKeyCloakSettings__AccountManagementURL=${TRE_KEYCLOAK_URL}/realms/Dare-TRE/account + - TreKeyCloakSettings__Authority=${TRE_KEYCLOAK_URL}/realms/Dare-TRE/.well-known/openid-configuration + - TreKeyCloakSettings__MetadataAddress=${TRE_KEYCLOAK_URL}/realms/Dare-TRE/.well-known/openid-configuration + - TreKeyCloakSettings__BaseUrl=${TRE_KEYCLOAK_URL}/realms/Dare-TRE + - TreKeyCloakSettings__ClientId=Dare-TRE-UI - TreKeyCloakSettings__ClientSecret=${TreKeyCloakSecret} - - TreKeyCloakSettings__ValidAudiences=${TreValidAudiences} + - TreKeyCloakSettings__ValidAudiences=Dare-TRE-API,Dare-TRE-UI + - TreKeyCloakSettings__TokenExpiredAddress=${TreKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - TreKeyCloakSettings__RedirectURL=${TreKeyCloakClientUIRedirectURL} + - TreKeyCloakSettings__UseRedirectURL=false - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - - sslcookies=${sslcookies} - - httpsRedirect=${httpsRedirect} - - TreKeyCloakSettings__AccountManagementURL=${TreAccountManagementURLUI} - TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" - - TreKeyCloakSettings__TokenExpiredAddress=${TreKeyCloakTokenExpiredAddressUI} - - TreKeyCloakSettings__UseRedirectURL=${TreKeyCloakUseRedirect} - - TreKeyCloakSettings__RedirectURL=${TreKeyCloakClientUIRedirectURL} -# ------ TRE Agent - API ------- -# ----------------------------------- + # ------ TRE Agent - Web (NextJS app) ------- + # ----------------------------------- + agent-web: + image: harbor.federated-analytics.ac.uk/5s-tes/agent-web:${DEPLOYMENT_VERSION} + container_name: agent-web + restart: always + networks: + - sub-net + ports: + - 3000:3000 + depends_on: + - tre-api + environment: + - BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET} + - BETTER_AUTH_URL=${BETTER_AUTH_URL} + - KEYCLOAK_URL=${TRE_KEYCLOAK_URL} + - KEYCLOAK_CLIENT_ID=Dare-TRE-UI + - KEYCLOAK_CLIENT_SECRET=${TreKeyCloakSecret} + - NEXT_PUBLIC_KEYCLOAK_URL=${NEXT_PUBLIC_KEYCLOAK_URL} + - NEXT_PUBLIC_KEYCLOAK_REALM=Dare-TRE + - NEXT_PUBLIC_HELPDESK_URL=${NEXT_PUBLIC_HELPDESK_URL} + - AGENT_API_URL=http://treapi:8080 + + # ------ TRE Agent - API ------- + # ----------------------------------- tre-api: image: harbor.federated-analytics.ac.uk/5s-tes/agent-api:${DEPLOYMENT_VERSION} container_name: treapi @@ -60,6 +82,7 @@ services: orchestration: condition: service_healthy environment: + # General settings - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - KeyCloakDemoMode=${KeyCloakDemoMode} @@ -68,81 +91,79 @@ services: - ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq - Serilog__SeqServerUrl=http://seq:5341 - - DareAPISettings__Address=http://submissionAPI:8080 - - DataEgressAPISettings__Address=https://egressAPI:8080 + - DareAPISettings__Address=${SubmissionAPIAddressURL} + - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - EnableExternalHangfire=${EnableExternalHangfire} - - IgnoreHutchSSL=${IgnoreHutchSSL} - - TreKeyCloakSettings__Authority=${TreKeyCloakAuthority} - - TreKeyCloakSettings__MetadataAddress=${TreKeyCloakMetadataAddress} - - TreKeyCloakSettings__BaseUrl=${TreKeyCloakBaseRealmAddress} - - TreKeyCloakSettings__ClientId=${TreKeyCloakClientId} + - AgentSettings__UseTESK=${UseTESK} + - JobSettings__scanSchedule=${scanSchedule} + - JobSettings__syncSchedule=${syncSchedule} + - AgentSettings__TESKAPIURL=${TesAPIUrl} + - AgentSettings__TESKOutputBucketPrefix=${TesOutputBucketPrefix} + - TreName=${TreName} + # TRE UI Keycloak settings + - TreKeyCloakSettings__Authority=${TRE_KEYCLOAK_URL}/realms/Dare-TRE/.well-known/openid-configuration + - TreKeyCloakSettings__MetadataAddress=${TRE_KEYCLOAK_URL}/realms/Dare-TRE/.well-known/openid-configuration + - TreKeyCloakSettings__BaseUrl=${TRE_KEYCLOAK_URL}/realms/Dare-TRE + - TreKeyCloakSettings__ClientId=Dare-TRE-UI - TreKeyCloakSettings__ClientSecret=${TreKeyCloakSecret} - - TreKeyCloakSettings__ValidAudiences=${TreValidAudiences} + - TreKeyCloakSettings__ValidAudiences=Dare-TRE-API,Dare-TRE-UI + - TreKeyCloakSettings__TokenExpiredAddress=${TreKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - TreKeyCloakSettings__RedirectURL=${TreKeyCloakClientUIRedirectURL} + - TreKeyCloakSettings__UseRedirectURL=false - TreKeyCloakSettings__Proxy=${useproxy} - - EnableExternalHangfire=true - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" - - TreKeyCloakSettings__TokenExpiredAddress=${TreKeyCloakTokenExpiredAddressUI} - - TreKeyCloakSettings__UseRedirectURL=${TreKeyCloakUseRedirect} - - TreKeyCloakSettings__RedirectURL=${TreKeyCloakClientUIRedirectURL} - - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} - - DataEgressKeyCloakSettings__ClientId=${EgressKeyCloakClientID} + # Data Egress Keycloak settings + - DataEgressKeyCloakSettings__Authority=${TRE_KEYCLOAK_URL}/realms/Data-Egress/.well-known/openid-configuration + - DataEgressKeyCloakSettings__MetadataAddress=${TRE_KEYCLOAK_URL}/realms/Data-Egress/.well-known/openid-configuration + - DataEgressKeyCloakSettings__BaseUrl=${TRE_KEYCLOAK_URL}/realms/Data-Egress + - DataEgressKeyCloakSettings__ClientId=Data-Egress-API - DataEgressKeyCloakSettings__ClientSecret=${EgressKeyCloakSecret} - - DataEgressKeyCloakSettings__ValidAudiences=${EgressValidAudiences} + - DataEgressKeyCloakSettings__ValidAudiences=Data-Egress-UI,Data-Egress-API + - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRedirectURL} + - DataEgressKeyCloakSettings__UseRedirectURL=false - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - DataEgressKeyCloakSettings__BypassProxy="DataEgressUI,treAPI,seq-tre" - - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakTokenExpiredAddressUI} - - DataEgressKeyCloakSettings__UseRedirectURL=${EgressKeyCloakUseRedirect} - - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRedirectURL} - - SubmissionKeyCloakSettings__Authority=${SubmissionAPIKeyCloakAuthority} - - SubmissionKeyCloakSettings__MetadataAddress=${SubmissionAPIKeyCloakMetadataAddress} - - SubmissionKeyCloakSettings__BaseUrl=${SubmissionAPIKeyCloakBaseRealmAddress} - - SubmissionKeyCloakSettings__ClientId=${SubmissionAPIKeyCloakClientId} + # Submission API Keycloak settings + - SubmissionKeyCloakSettings__Authority=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control/.well-known/openid-configuration + - SubmissionKeyCloakSettings__MetadataAddress=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control/.well-known/openid-configuration + - SubmissionKeyCloakSettings__BaseUrl=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control + - SubmissionKeyCloakSettings__ClientId=Dare-Control-API - SubmissionKeyCloakSettings__ClientSecret=${SubmissionAPIKeyCloakSecret} - - SubmissionKeyCloakSettings__ValidAudiences=${SubmissionAPIValidAudiences} + - SubmissionKeyCloakSettings__ValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio + - SubmissionKeyCloakSettings__TokenExpiredAddress=${SubmissionAPIKeyCloakClientUIRedirectURL}/Account/LoginAfterTokenExpired + - SubmissionKeyCloakSettings__RedirectURL=${SubmissionAPIKeyCloakClientUIRedirectURL} + - SubmissionKeyCloakSettings__UseRedirectURL=false - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - - SubmissionKeyCloakSettings__BypassProxy="treAPI,seq-tre" - - SubmissionKeyCloakSettings__TokenExpiredAddress=${SubmissionAPIKeyCloakTokenExpiredAddressUI} - - SubmissionKeyCloakSettings__UseRedirectURL=${SubmissionAPIKeyCloakUseRedirect} - - SubmissionKeyCloakSettings__RedirectURL=${SubmissionAPIKeyCloakClientUIRedirectURL} - - AgentSettings__UseTESK=${UseTESK} - - AgentSettings__UseRabbit=${UseRabbit} - - JobSettings__scanSchedule=${scanSchedule} - - JobSettings__syncSchedule=${syncSchedule} - - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - - AgentSettings__TESKAPIURL=${TesAPIUrl} - - AgentSettings__TESKOutputBucketPrefix=${TesOutputBucketPrefix} - - TreName=${TreName} + - SubmissionKeyCloakSettings__BypassProxy="treAPI,seq-tre,minioSubmission" + # MINIO TRE settings - MinioTRESettings__Url=http://minioTRE:9000 - - MinioTRESettings__HutchURLOverride=${HutchMinioURLOverride} - MinioTRESettings__AccessKey=${TreMinioAdminUser} - MinioTRESettings__SecretKey=${TreMinioAdminPassword} - MinioTRESettings__AdminConsole=http://minioTRE:9001 + - MinioTRESettings__AWSRegion=us-east-1 + # MINIO SUBMISSION settings - MinioSubSettings__Url=${submissionMinioUrl} - MinioSubSettings__AccessKey=${MinioRootUser} - MinioSubSettings__SecretKey=${MinioRootPass} - MinioSubSettings__AdminConsole=${submissionMinioAdminConsole} - MinioSubSettings__BucketName=testbucket - MinioSubSettings__AWSRegion=us-east-1 - - MinioTRESettings__AWSRegion=us-east-1 - - Hutch__APIAddress=${HutchAPIAddress} - - Hutch__DbServer=${HutchDbServer} - - Hutch__DbName=${HutchDbName} - - Hutch__DbPort=${HutchDbPort} - - CredentialAPISettings__StartWebhookUrl=${CredentialAPISettingsStartWebhookUrl} - - CredentialAPISettings__RevokeWebhookUrl=${CredentialAPISettingsRevokeWebhookUrl} + # Credentials and DMN settings + - CredentialAPISettings__StartWebhookUrl=http://connectors:8080/inbound/StartCredentials + - CredentialAPISettings__RevokeWebhookUrl=http://connectors:8080/inbound/RevokeCredentials + - DmnPath__Path=/app/ProcessModels + - TreAPISettings__Address=${TreApiPublicUrl} + # Vault settings - VaultSettings__BaseUrl=http://vault:8200 - VaultSettings__Token=dev-only-token - VaultSettings__TimeoutSeconds=30 - VaultSettings__SecretEngine=secret - VaultSettings__EnableRetry=true - VaultSettings__MaxRetryAttempts=3 - - DmnPath__Path=/app/ProcessModels - - TreAPISettings__Address=http://localhost:8072 # Zeebe settings - ZeebeBootstrap__Client__GatewayAddress=orchestration:26500 - ZeebeBootstrap__Worker__MaxJobsActive=5 @@ -152,11 +173,9 @@ services: - ZeebeBootstrap__Worker__RetryTimeoutInMilliseconds=1000 # Encryption settings - EncryptionSettings__Key=${EncryptionSettingsKey} - - EncryptionSettings__Base=${EncryptionSettingsBase} - -# ----- TRE Agent - Camunda Worker ------- -# -------------------------------------------- + # ----- TRE Agent - Camunda Worker ------- + # -------------------------------------------- TRE-Camunda: image: harbor.federated-analytics.ac.uk/5s-tes/credentials-camunda:${DEPLOYMENT_VERSION} diff --git a/ServiceStack/compose-manifests/shared/auth.yml b/ServiceStack/compose-manifests/shared/auth.yml index ec6e895..1eb01b9 100644 --- a/ServiceStack/compose-manifests/shared/auth.yml +++ b/ServiceStack/compose-manifests/shared/auth.yml @@ -11,12 +11,10 @@ services: KC_DB_URL: jdbc:postgresql://postgres/keycloak KC_DB_USERNAME: ${PGLOGIN} KC_DB_PASSWORD: ${PGPASSWORD} - KC_HOSTNAME: http://localhost:8085 + KC_HOSTNAME: http://${KeycloakHostName}:8085 KC_HOSTNAME_PORT: 8085 KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true - #KC_HOSTNAME_STRICT: false - #KC_HOSTNAME_STRICT_HTTPS: false - KEYCLOAK_FRONTEND_URL: http://localhost:8085/auth + KEYCLOAK_FRONTEND_URL: http://${KeycloakHostName}:8085/auth KC_LOG_LEVEL: info KC_METRICS_ENABLED: true KC_HEALTH_ENABLED: true diff --git a/ServiceStack/compose-manifests/shared/credentials.yml b/ServiceStack/compose-manifests/shared/credentials.yml index 61d4155..121b613 100644 --- a/ServiceStack/compose-manifests/shared/credentials.yml +++ b/ServiceStack/compose-manifests/shared/credentials.yml @@ -4,7 +4,7 @@ services: # ----------------------------------------- orchestration: # Consolidated Zeebe + Operate + Tasklist - https://docs.camunda.io/docs/self-managed/setup/deploy/other/docker/#zeebe - image: camunda/camunda:${CAMUNDA_VERSION} + image: camunda/camunda:8.8.0 container_name: orchestration ports: - "26500:26500" @@ -38,7 +38,7 @@ services: # ----------------------------------------- connectors: - image: camunda/connectors-bundle:${CAMUNDA_BUNDLE_VERSION} + image: camunda/connectors-bundle:8.8.1 container_name: connectors ports: - "8086:8080" @@ -176,7 +176,7 @@ services: # ----------------------------------- elasticsearch: # https://hub.docker.com/_/elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} + image: docker.elastic.co/elasticsearch/elasticsearch:8.17.5 container_name: elasticsearch ports: - "9200:9200" diff --git a/ServiceStack/compose-manifests/shared/omop-lite.yml b/ServiceStack/compose-manifests/shared/omop-lite.yml new file mode 100644 index 0000000..b654fb1 --- /dev/null +++ b/ServiceStack/compose-manifests/shared/omop-lite.yml @@ -0,0 +1,17 @@ +services: + # ------ OMOP Lite ------ + # --------------------------------------------- + omop-lite: + image: ghcr.io/health-informatics-uon/omop-lite + container_name: omop-lite + depends_on: + - postgresql + environment: + - DB_PASSWORD=${PGPASSWORD} + - DB_USER=${PGLOGIN} + - DB_HOST=postgres + - DB_NAME=tredata + - SYNTHETIC=true + - SYNTHETIC_NUMBER=1000 + networks: + - sub-net \ No newline at end of file diff --git a/ServiceStack/compose-manifests/storage/minio-submission.yml b/ServiceStack/compose-manifests/storage/minio-submission.yml index 7914df1..ff33897 100644 --- a/ServiceStack/compose-manifests/storage/minio-submission.yml +++ b/ServiceStack/compose-manifests/storage/minio-submission.yml @@ -1,5 +1,4 @@ services: - # ----- Minio Submission ------ # ------------------------------------ @@ -11,12 +10,12 @@ services: environment: - MINIO_ROOT_USER=${MinioRootUser} - MINIO_ROOT_PASSWORD=${MinioRootPass} - - MINIO_BROWSER_REDIRECT_URL=http://localhost:9001 - - MINIO_SERVER_URL=http://localhost:9000 - - MINIO_IDENTITY_OPENID_CONFIG_URL=${MinioIdentityConfigURL} - - MINIO_IDENTITY_OPENID_CLIENT_ID=${MinioIdentityID} + - MINIO_BROWSER_REDIRECT_URL=${submissionMinioAdminConsole} + - MINIO_SERVER_URL=${submissionMinioUrl} + - MINIO_IDENTITY_OPENID_CONFIG_URL=${SUBMISSION_KEYCLOAK_URL}/realms/Dare-Control/.well-known/openid-configuration + - MINIO_IDENTITY_OPENID_CLIENT_ID=Dare-Control-Minio - MINIO_IDENTITY_OPENID_CLIENT_SECRET=${MinioOpenidSecret} - - MINIO_IDENTITY_OPENID_DISPLAY_NAME=SSO_IDENTIFIER + - MINIO_IDENTITY_OPENID_DISPLAY_NAME=Login with KeyCloak - MINIO_IDENTITY_OPENID_SCOPES=openid - MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC=off networks: @@ -35,4 +34,4 @@ services: interval: 30s timeout: 10s retries: 5 - start_period: 30s \ No newline at end of file + start_period: 30s diff --git a/ServiceStack/compose-manifests/storage/minio-tre.yml b/ServiceStack/compose-manifests/storage/minio-tre.yml index c748475..215db00 100644 --- a/ServiceStack/compose-manifests/storage/minio-tre.yml +++ b/ServiceStack/compose-manifests/storage/minio-tre.yml @@ -1,5 +1,4 @@ services: - # ----- Minio TRE ------ # ----------------------------- @@ -12,15 +11,15 @@ services: restart: always command: server /data --console-address ":9001" environment: - - MINIO_ROOT_USER=${MinioRootUser} - - MINIO_ROOT_PASSWORD=${MinioRootPass} - - MINIO_BROWSER_REDIRECT_URL=http://localhost:9003 - - MINIO_IDENTITY_OPENID_CONFIG_URL=${MinioTreIdentityConfigURL} - - MINIO_IDENTITY_OPENID_CLIENT_ID=${MinioTreIdentityID} + - MINIO_ROOT_USER=${TreMinioAdminUser} + - MINIO_ROOT_PASSWORD=${TreMinioAdminPassword} + - MINIO_BROWSER_REDIRECT_URL=${MINIO_TRE_UI_URL} + - MINIO_IDENTITY_OPENID_CONFIG_URL=${TRE_KEYCLOAK_URL}/realms/Dare-TRE/.well-known/openid-configuration + - MINIO_IDENTITY_OPENID_CLIENT_ID=Dare-TRE-Minio - MINIO_IDENTITY_OPENID_CLIENT_SECRET=${MinioTreOpenidSecret} - - MINIO_IDENTITY_OPENID_DISPLAY_NAME=SSO_IDENTIFIER + - MINIO_IDENTITY_OPENID_DISPLAY_NAME=Login with KeyCloak - MINIO_IDENTITY_OPENID_SCOPES=openid - - MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC=on + - MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC=off networks: - sub-net volumes: