Merge pull request #143 from WadeBarnes/hard-reset

Tooling Updates

Author: WadeBarnes

.devcontainer/Dockerfile

@@ -0,0 +1,21 @@
+FROM mcr.microsoft.com/devcontainers/base:noble
+
+# Install oc cli
+RUN curl -s -L https://downloads-openshift-console.apps.silver.devops.gov.bc.ca/arm64/linux/oc.tar | \
+    tar -xv -C /usr/local/bin
+
+# Install openshift-developer-tools scripts
+RUN curl -L -O https://github.com/BCDevOps/openshift-developer-tools/archive/refs/heads/master.zip && \
+    unzip master.zip && \
+    mv ./openshift-developer-tools-master/bin /usr/local/bin/openshift-developer-tools && \
+    rm -rf ./openshift-developer-tools-master master.zip
+
+# Install dev-tools (for docker scripts)
+RUN curl -L -O https://github.com/WadeBarnes/dev-tools/archive/refs/heads/main.zip && \
+    unzip main.zip && \
+    mv ./dev-tools-main /usr/local/bin/dev-tools && \
+    find /usr/local/bin/dev-tools/ -name *.sh -exec chmod +x {} \; && \
+    rm -rf ./dev-tools-main main.zip
+
+# Update Path
+ENV PATH="$PATH:/usr/local/bin/openshift-developer-tools:/usr/local/bin/dev-tools/docker/scripts"

.devcontainer/devcontainer.json

@@ -0,0 +1,29 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
+{
+	"name": "DITP-DevOps",
+	// Reference https://containers.dev/guide/dockerfile
+	"build": {
+		"dockerfile": "Dockerfile",
+		"context": "."
+	},
+	// Features to add to the dev container. More info: https://containers.dev/features.
+	"features": {
+		"ghcr.io/devcontainers/features/docker-from-docker:1.6.0": {}
+	},
+	// Allows the local folder to be redirected to the workspace folder
+	// in situations where you're mounting volumes into containers
+	// such as when using docker-compose
+	// example; "${LOCAL_WORKSPACE_FOLDER-..}/web/package.json:/opt/app-root/src/package.json"
+	"containerEnv": {
+		"LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
+	}
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "uname -a",
+	// Configure tool-specific properties.
+	// "customizations": {},
+	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+	// "remoteUser": "root"
+}

.github/dependabot.yml

@@ -0,0 +1,13 @@
+# For details on how this file works refer to:
+#   - https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+version: 2
+updates:
+  - package-ecosystem: "devcontainers"
+    directory: "/"
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: "docker"
+    directory: "/.devcontainer"
+    schedule:
+      interval: weekly

openshift/manage

@@ -28,12 +28,12 @@ usage () {
       - Reset the environment.
       - All data will be lost.
         The following operations will be performed:
-          - The process pauses at the beginning to ensure the related ICIA reset process has started.
-          - The wallet is reset, by restoring initial copy of ICOB Wallet.
+          - The process pauses at the beginning to ensure the related BC Registries Agent reset process has started.
+          - The wallet is reset, by restoring initial copy of OrgBook Wallet.
           - The 'db' is reset and reinitialized.
           - The search indexes are reset.
-          - The process pauses to ensure the related ICIA registration process has had time to complete.
-          - The ICIA registration is verified.\n
+          - The process pauses to ensure the related BC Registries Agent registration process has had time to complete.
+          - The BC Registries Agent registration is verified.\n
 
     resetDatabase
       - Drop and recreate the database.
@@ -357,6 +357,20 @@ offlineIndexerResourceSuffix=${offlineIndexerResourceSuffix:--oli}
 # Process the local command line arguments and pass everything else along.
 # - The 'getopts' options string must start with ':' for this to work.
 # -----------------------------------------------------------------------------------------------------------------
+for arg in "$@"; do
+  # Remove recognized arguments from the list after processing.
+  shift
+  case "$arg" in
+    --hard-reset)
+      HARD_RESET=1
+      ;;
+    *)
+      # If not recognized, save it for later processing ...
+      set -- "$@" "$arg"
+      ;;
+  esac
+done
+
 while [ ${OPTIND} -le $# ]; do
   if getopts :s: FLAG; then
     case ${FLAG} in
@@ -457,6 +471,14 @@ function deleteDatabase() {
   echoWarning "\nThe databases on ${_dbPodName}${resourceSuffix} have been deleted."
 }
 
+function hardReset() {
+  if [ ! -z ${HARD_RESET} ]; then
+    return 0
+  else
+    return 1
+  fi
+}
+
 function reset() {
   (
     agentPod=${1}
@@ -479,7 +501,7 @@ function reset() {
 
     # Explain what is about to happen and wait for confirmation ...
 txtMsg=$(cat <<-EOF
-The [${targetNamespace}] ICOB environment will be reset using the following settings:
+The [${targetNamespace}] OrgBook environment will be reset using the following settings:
   - agentPod: ${agentPod}${resourceSuffix}
   - apiPod: ${apiPod}${resourceSuffix}
   - msgQueuePod: ${msgQueuePod}${resourceSuffix}
@@ -491,93 +513,123 @@ The [${targetNamespace}] ICOB environment will be reset using the following sett
   - walletDbBackupFileFilter: ${walletDbBackupFileFilter}
   - walletDbAdminPasswordKey: ${walletDbAdminPasswordKey}
   - dbPod: ${dbPod}${resourceSuffix}
+EOF
+)
 
+    if hardReset; then
+txtMsg+=$(cat <<-EOF
+\n
+\033[0;31mYou have requested a Hard Reset.  The following operations will be performed (ALL DATA WILL BE LOST):
+  \033[1;33m- The process will pause at the beginning to ensure the related BC Registries Agent reset process has started.
+  - The wallet will be deleted and recreated.
+  - The 'db' will be reset and reinitialized.
+  - The search indexes will be reset.
+  - The process will pause to ensure the related BC Registries Agent registration process has had time to complete.
+  - The BC Registries Agent registration will be verified.\n
+EOF
+)
+    else
+txtMsg+=$(cat <<-EOF
+\n
 The following operations will be performed (ALL DATA WILL BE LOST):
-  - The process will pause at the beginning to ensure the related ICIA reset process has started.
-  - The wallet will be reset, by restoring initial copy of ICOB Wallet.
+  - The process will pause at the beginning to ensure the related BC Registries Agent reset process has started.
+  - The wallet will be reset, by restoring initial copy of OrgBook Wallet.
   - The 'db' will be reset and reinitialized.
   - The search indexes will be reset.
-  - The process will pause to ensure the related ICIA registration process has had time to complete.
-  - The ICIA registration will be verified.\n
+  - The process will pause to ensure the related BC Registries Agent registration process has had time to complete.
+  - The BC Registries Agent registration will be verified.\n
 EOF
 )
+    fi
 
-    printAndAskToContinue "${txtMsg}"
+    if ! printAndWaitForYes "${txtMsg}"; then
+      echoWarning "Exiting ..."
+      exit 1
+    fi
 
-    # - scaledown ICIA controller and agent
-    printAndWait "Please ensure the reset process in the corresponding ICIA environment has been started and it has indicated it is safe to process before continuing ..."
+    # - scaledown BC Registries Agent controller and agent
+    printAndWait "Please ensure the reset process in the corresponding BC Registries Agent environment has been started and it has indicated it is safe to process before continuing ..."
 
-    # - scaledown ICOB agent, api, msg-queue, and msg-queue-worker
+    # - scaledown OrgBook agent, api, msg-queue, and msg-queue-worker
     echo "Scaling down ${agentPod}${resourceSuffix}, ${apiPod}${resourceSuffix}, ${msgQueuePod}${resourceSuffix} and ${msgQueueWorkerPod}${resourceSuffix} ..."
     scaleDown -w "${apiPod}${resourceSuffix}" "${msgQueueWorkerPod}${resourceSuffix}" "${agentPod}${resourceSuffix}" "${msgQueuePod}${resourceSuffix}"
     exitOnError
 
-    # - reset ICOB Wallet Database, by restoring initial copy of ICOB Wallet.
-    echo "Resetting ${walletDbPod}${resourceSuffix} ..."
-    if isScaledUp ${backupPod}${resourceSuffix}; then
-      local backupStarted=1
+    if hardReset; then
+      # - Delete Wallet Database
+      echoError "Deleting ${walletDbPod}${resourceSuffix} ..."
+      deleteDatabase "${walletDbPod}"
+      exitOnError
     else
-      local unset backupStarted
-      scaleUp -w "${backupPod}${resourceSuffix}"
+      # - reset OrgBook Wallet Database, by restoring initial copy of OrgBook Wallet.
+      echo "Resetting ${walletDbPod}${resourceSuffix} ..."
+      if isScaledUp ${backupPod}${resourceSuffix}; then
+        local backupStarted=1
+      else
+        local unset backupStarted
+        scaleUp -w "${backupPod}${resourceSuffix}"
+        exitOnError
+      fi
+
+      runInContainer -i \
+        ${backupPod}${resourceSuffix} \
+        "./backup.sh -s -a $(getSecret ${walletDbPod}${resourceSuffix} ${walletDbAdminPasswordKey}) -r ${walletDbBackupSpec} -f ${walletDbBackupFileFilter}"
       exitOnError
-    fi
 
-    runInContainer -i \
-      ${backupPod}${resourceSuffix} \
-      "./backup.sh -s -a $(getSecret ${walletDbPod}${resourceSuffix} ${walletDbAdminPasswordKey}) -r ${walletDbBackupSpec} -f ${walletDbBackupFileFilter}"
-    exitOnError
+      if [ -z ${backupStarted} ]; then
+        # Leave the backup container in the same state we found it.
+        scaleDown "${backupPod}${resourceSuffix}"
+        exitOnError
+      fi
 
-    if [ -z ${backupStarted} ]; then
-      # Leave the backup container in the same state we found it.
-      scaleDown "${backupPod}${resourceSuffix}"
+      # - verify OrgBook  Wallet - There should only be 4 items.
+      recordCounts=$(getRecordCounts "${walletDbPod}" "${walletDbName}")
+      numItems=$(echo "${recordCounts}" | grep items | awk '{print $5}')
+      if (( ${numItems} == 4 )); then
+        echo "Wallet 'items' count verified; ${numItems} items found."
+      else
+        echoError "Wallet 'items' count verification failed; ${numItems} items found.  Please fix the issue and try again."
+        exit 1
+      fi
       exitOnError
     fi
 
-    # - verify ICOB  Wallet - There should only be 4 items.
-    recordCounts=$(getRecordCounts "${walletDbPod}" "${walletDbName}")
-    numItems=$(echo "${recordCounts}" | grep items | awk '{print $5}')
-    if (( ${numItems} == 4 )); then
-      echo "Wallet 'items' count verified; ${numItems} items found."
-    else
-      echoError "Wallet 'items' count verification failed; ${numItems} items found.  Please fix the issue and try again."
-      exit 1
-    fi
-    exitOnError
-
-    # - scaleup ICOB agent
+    # - scaleup OrgBook agent
     echo "Scaling up ${agentPod}${resourceSuffix} ..."
     scaleUp -w "${agentPod}${resourceSuffix}"
     exitOnError
 
-    # - reset ICOB database
+    # - reset OrgBook database
+    echo "Resetting ${dbPod}${resourceSuffix} ..."
     resetDatabase "${apiPod}" "${dbPod}"
     exitOnError
 
-    # - scaleup ICOB msg-queue and msg-queue-worker
-    echo "Scaling up ${agentPod}${resourceSuffix}, ${apiPod}${resourceSuffix}, ${msgQueuePod}${resourceSuffix} and ${msgQueueWorkerPod}${resourceSuffix} ..."
+    # - scaleup OrgBook msg-queue and msg-queue-worker
+    echo "Scaling up ${apiPod}${resourceSuffix}, ${msgQueuePod}${resourceSuffix} and ${msgQueueWorkerPod}${resourceSuffix} ..."
     scaleUp -w "${msgQueuePod}${resourceSuffix}" "${msgQueueWorkerPod}${resourceSuffix}"
     exitOnError
-    printAndWait "The ICOB reset process is complete.  Please wait here for the associated ICIA instance to finish it's registration process before continuing ..."
+    printAndWait "The OrgBook reset process is complete.  Please wait here for the associated BC Registries Agent instance to finish it's registration process before continuing ..."
 
-    # - verify ICIA registered with ICOB
+    # - verify BC Registries Agent registered with OrgBook
     #   - >= 3 credential_type records
     #   - >= 3 schema records
     #   - >= 1 issuer record
+    echo "Verifying BC Registries Agent registered with OrgBook ..."
     recordCounts=$(getRecordCounts "${dbPod}")
     recordCounts=$(echo "${recordCounts}" | tail -n +4)
     numCredentialTypes=$(echo "${recordCounts}" | grep credential_type | awk '{print $5}')
     numSchemas=$(echo "${recordCounts}" | grep schema | awk '{print $5}')
     numIssuers=$(echo "${recordCounts}" | grep issuer | awk '{print $5}')
     if (( ${numCredentialTypes} >= 3 )) && (( ${numSchemas} >= 3 )) && (( ${numIssuers} >= 1 )); then
-      echo "ICIA registration verified; credential_type:${numCredentialTypes}, schema:${numSchemas}, and issuer:${numIssuers} records found."
+      echo "BC Registries Agent registration verified; credential_type:${numCredentialTypes}, schema:${numSchemas}, and issuer:${numIssuers} records found."
     else
-      echoError "ICIA registration verification failed;  credential_type:${numCredentialTypes}, schema:${numSchemas}, and issuer:${numIssuers} records found.  Please fix the issue and try again."
+      echoError "BC Registries Agent registration verification failed;  credential_type:${numCredentialTypes}, schema:${numSchemas}, and issuer:${numIssuers} records found.  Please fix the issue and try again."
       exit 1
     fi
     exitOnError
 
     # - Test posting a few credentials using the pipelines
-    echo "Provided ICIA has successfully registered with ICOB you can now test things by issuing a few credentials."
+    echo "Provided BC Registries Agent has successfully registered with OrgBook you can now test things by issuing a few credentials."
   )
 }
 
@@ -693,7 +745,7 @@ function updateSearchIndex() {
 }
 
 function indexSynced() {
-  _quickLoadUrl=${1:-https://orgbook.gov.bc.ca/api/quickload}
+  _quickLoadUrl=${1:-https://orgbook.gov.bc.ca/api/v2/quickload}
   _apiPodName=${2}
   _dbPodName=${3}
 
@@ -705,6 +757,7 @@ function indexSynced() {
   indexInfo=$(curl -s ${_quickLoadUrl})
   actualCount=$(echo ${indexInfo} | jq -r '.counts.actual_item_count')
   indexCount=$(echo ${indexInfo} | jq -r '.credential_counts.total_indexed_items')
+
   indexDiff=$(( ${actualCount} - ${indexCount} ))
 
   if (( ${indexCount} == ${actualCount} )); then
@@ -960,7 +1013,9 @@ function swapIndexStorage() {
     # echoWarning "\nofflineSearchEngineVolume:\n${offlineSearchEngineVolume}\n"
     # echoWarning "\nofflineSearchEnginePvc:\n${offlineSearchEnginePvc}\n"
 
-    printAndAskToContinue "If you contiune the following PVC swap will be performed:\n  - PVC[${onlineSearchEnginePvc}] from DC[${_onlineSearchEngine}] to DC[${_offlineSearchEngine}]\n  - PVC[${offlineSearchEnginePvc}] from DC[${_offlineSearchEngine}] to DC[${_onlineSearchEngine}]"
+    if ( ! printAndWaitForYes "If you contiune the following PVC swap will be performed:\n  - PVC[${onlineSearchEnginePvc}] from DC[${_onlineSearchEngine}] to DC[${_offlineSearchEngine}]\n  - PVC[${offlineSearchEnginePvc}] from DC[${_offlineSearchEngine}] to DC[${_onlineSearchEngine}]\n" ); then
+      exit 1
+    fi
 
     # Prep patches needed to swap the PVCs
     onlineVolumePatch=$(getVolumePatch "${onlineSearchEngineVolume}" "${offlineSearchEnginePvc}")
@@ -1479,4 +1534,4 @@ case "${_cmd}" in
     ;;
 esac
 
-popd >/dev/null
+popd >/dev/null

openshift/settings.offline-wallet.sh

@@ -0,0 +1,9 @@
+# Description: A profile to create an offline wallet instance.
+# Setting for the OrgBook-BC environments.
+# Uses the existing `8ad0ea-tools` environment for builds and images
+export TOOLS="8ad0ea-tools"
+export PROJECT_NAMESPACE="8ad0ea"
+export SKIP_PIPELINE_PROCESSING=1
+
+export ignore_templates=""
+export include_templates="wallet-deploy"

openshift/templates/wallet/wallet-deploy.bc.dev.param

@@ -8,11 +8,14 @@
 # AGENT_ROLE=agent
 # BACKUP_ROLE=backup
 # BACKUP_APP_NAME=Backup
+# BACKUP_SUFFIX=-bc
 # SUFFIX=-bc
+# CREDENTIAL_SUFFIX=-bc
 # APP_NAME=orgbook
 # APP_GROUP=aries-vcr
 # IMAGE_NAMESPACE=8ad0ea-tools
 # SOURCE_IMAGE_NAME=db
+IMAGE_TAG_NAME=dev
 TAG_NAME=dev
 # POSTGRESQL_DATABASE_NAME=default_wallet
 # POSTGRESQL_USER=[a-zA-Z_][a-zA-Z0-9_]{10}

openshift/templates/wallet/wallet-deploy.bc.param

@@ -8,11 +8,14 @@ ROLE=wallet
 AGENT_ROLE=agent
 BACKUP_ROLE=backup
 BACKUP_APP_NAME=Backup
+BACKUP_SUFFIX=-bc
 SUFFIX=-bc
+CREDENTIAL_SUFFIX=-bc
 APP_NAME=orgbook
 APP_GROUP=aries-vcr
 IMAGE_NAMESPACE=8ad0ea-tools
 SOURCE_IMAGE_NAME=db
+IMAGE_TAG_NAME=dev
 TAG_NAME=dev
 POSTGRESQL_DATABASE_NAME=default_wallet
 # POSTGRESQL_USER=[a-zA-Z_][a-zA-Z0-9_]{10}

openshift/templates/wallet/wallet-deploy.bc.prod.param

@@ -8,11 +8,14 @@
 # AGENT_ROLE=agent
 # BACKUP_ROLE=backup
 # BACKUP_APP_NAME=Backup
+# BACKUP_SUFFIX=-bc
 # SUFFIX=-bc
+# CREDENTIAL_SUFFIX=-bc
 # APP_NAME=orgbook
 # APP_GROUP=aries-vcr
 # IMAGE_NAMESPACE=8ad0ea-tools
 # SOURCE_IMAGE_NAME=db
+IMAGE_TAG_NAME=prod
 TAG_NAME=prod
 # POSTGRESQL_DATABASE_NAME=default_wallet
 # POSTGRESQL_USER=[a-zA-Z_][a-zA-Z0-9_]{10}

openshift/templates/wallet/wallet-deploy.bc.test.param

@@ -8,11 +8,14 @@
 # AGENT_ROLE=agent
 # BACKUP_ROLE=backup
 # BACKUP_APP_NAME=Backup
+# BACKUP_SUFFIX=-bc
 # SUFFIX=-bc
+# CREDENTIAL_SUFFIX=-bc
 # APP_NAME=orgbook
 # APP_GROUP=aries-vcr
 # IMAGE_NAMESPACE=8ad0ea-tools
 # SOURCE_IMAGE_NAME=db
+IMAGE_TAG_NAME=test
 TAG_NAME=test
 # POSTGRESQL_DATABASE_NAME=default_wallet
 # POSTGRESQL_USER=[a-zA-Z_][a-zA-Z0-9_]{10}