Skip to content

Commit 74d8711

Browse files
MZC-CSCMZC-CSC
authored
Merge pull request #73 from MZC-CSC/mc-iam-manager-health
Mc iam manager health check modified
2 parents d1f8357 + 55d62ac commit 74d8711

30 files changed

Lines changed: 8148 additions & 603 deletions

.env

Lines changed: 87 additions & 85 deletions
Original file line numberDiff line numberDiff line change
@@ -1,101 +1,103 @@
1-
## M-CMP IAM Manager Environment Configuration
2-
# =============================================
1+
# Common Use case
2+
HEALTH_CHECK_INTERVAL=1m
3+
HEALTH_CHECK_TIMEOUT=5s
4+
HEALTH_CHECK_RETIES="3"
5+
HEALTH_CHECK_START_PERIOD=60s
36

4-
## GLOBAL SETTINGS
5-
# =============================================
7+
UID=1000
8+
GID=1000
9+
10+
# Network Configuration (필수)
11+
MC_INFRA_CONNECTOR_PORT=1024
12+
MC_INFRA_MANAGER_PORT=1323
13+
MC_IAM_MANAGER_PORT=5005
14+
MC_IAM_MANAGER_KEYCLOAK_PORT=8080
15+
MC_WEB_CONSOLE_API_PORT=3000
16+
MC_WEB_CONSOLE_FRONT_PORT=3001
17+
MC_INFRA_MANAGER_POSTGRES_PORT=5432
18+
MC_INFRA_MANAGER_ETCD_PORT=2379
19+
20+
# MC-WEB-CONSOLE
21+
CONSOLE_POSTGRES_DB=mcwebconsoledbdev
22+
CONSOLE_POSTGRES_USER=mcwebadmin
23+
CONSOLE_POSTGRES_PASSWORD=mcwebadminpassword!
24+
25+
26+
## MCIAMMANAGER ENV SETUP
27+
MC_IAM_MANAGER_DOMAIN=mc-iam-manager
28+
MC_IAM_MANAGER_PORT=5005
29+
MC_IAM_MANAGER_HOST=http://${MC_IAM_MANAGER_DOMAIN}:${MC_IAM_MANAGER_PORT}
30+
MC_IAM_MANAGER_HOST_FOR_INIT=http://${MC_IAM_MANAGER_DOMAIN}:${MC_IAM_MANAGER_PORT}
31+
MC_IAM_MANAGER_CERT_EMAIL=mcmp@cloud-barista.org
632

7-
# Domain Configuration
8-
DOMAIN_NAME=localhost
9-
MCIAMDOMAIN_NAME=localhost
10-
EMAIL=abc@abc.com
1133

12-
# Application Port Configuration
13-
PORT=5002
14-
MCIAMMANAGER_PORT=5002
15-
MCIAMMANAGER_HOST=http://${MCIAMDOMAIN_NAME}:${MCIAMMANAGER_PORT}
1634

17-
# Language and Mode Settings
1835
DEFAULT_LANGUAGE=ko # [ko|en] Default is ko if not set
36+
37+
## DB MODE
1938
MODE=standalone # [standalone|docker] both are same.
20-
USE_TICKET_VALID=true # [true|false]
21-
22-
# Default Workspace
23-
DEFAULT_WORKSPACE_NAME=default
24-
25-
## KEYCLOAK CONFIGURATION
26-
# =============================================
27-
28-
# Keycloak Domain and Host
29-
KEYCLOAK_DOMAIN=mciambase.onecloudcon.com
30-
#KEYCLOAK_HOST=http://mc-iam-manager-kc:8000
31-
KEYCLOAK_HOST=https://mciambase.onecloudcon.com
32-
KEYCLOAK_REALM=mciam-demo
33-
KEYCLOAK_CLIENT_PATH=${KEYCLOAK_DOMAIN}/realms/${KEYCLOAK_REALM}
34-
35-
# Keycloak Admin Credentials
36-
KEYCLOAK_ADMIN=admin
37-
KEYCLOAK_ADMIN_PASSWORD=admin_password
38-
39-
# Keycloak Client Configuration
40-
KEYCLOAK_CLIENT_NAME=mciamClient
41-
KEYCLOAK_CLIENT_SECRET=IfAxVg0LjUL4SUftfxAUIqk58JHwxBc0
42-
KEYCLOAK_OIDC_CLIENT_NAME=mciam-oidc-Client
43-
KEYCLOAK_OIDC_CLIENT_ID=<keycloak_oidc_client_id>
44-
KEYCLOAK_OIDC_CLIENT_SECRET=<keycloak_oidc_client_secret>
45-
46-
## DATABASE CONFIGURATION
47-
# =============================================
48-
49-
# PostgreSQL Database Settings
50-
IAM_DB_USER=iammanager
51-
IAM_DB_PASSWORD=1q2w3e4r!
52-
IAM_DB_DATABASE_HOST=mciambase.onecloudcon.com
53-
IAM_DB_DATABASE_NAME=iammanagerdb
54-
IAM_DB_PORT=5432
55-
IAM_DB_RECREATE=false
56-
57-
# Database Connection URL (dev mode = ssl disabled)
58-
IAM_DATABASE_URL=postgres://${IAM_DB_USER}:${IAM_DB_PASSWORD}@${IAM_DB_DATABASE_HOST}:${IAM_DB_PORT}/${IAM_DB_DATABASE_NAME}?sslmode=disable
59-
60-
## PLATFORM ADMIN CONFIGURATION
61-
# =============================================
62-
63-
# Platform Administrator Account
64-
MCIAMMANAGER_PLATFORMADMIN_ID=mzc
65-
MCIAMMANAGER_PLATFORMADMIN_PASSWORD=mzc-cpl
66-
MCIAMMANAGER_PLATFORMADMIN_FIRSTNAME=megazone
67-
MCIAMMANAGER_PLATFORMADMIN_LASTNAME=cloud
68-
MCIAMMANAGER_PLATFORMADMIN_EMAIL=mzc@mz.co.kr
69-
70-
## ROLE CONFIGURATION
71-
# =============================================
72-
73-
# Predefined Roles
39+
40+
## Resources Permission MODE
41+
USE_TICKET_VALID=true # [true|false]
42+
43+
MCADMINCLI_APIYAML=https://raw.githubusercontent.com/m-cmp/mc-admin-cli/refs/heads/main/conf/api.yaml
44+
MCWEBCONSOLE_MENUYAML=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_resources.yaml
45+
MCWEBCONSOLE_MENU_PERMISSIONS=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_permissions.csv
46+
47+
48+
MC_IAM_MANAGER_PLATFORMADMIN_ID=mcmp
49+
MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD=mcmp_password
50+
MC_IAM_MANAGER_PLATFORMADMIN_FIRSTNAME=mcmp
51+
MC_IAM_MANAGER_PLATFORMADMIN_LASTNAME=iammanager
52+
MC_IAM_MANAGER_PLATFORMADMIN_EMAIL=iammanager@cloud-barista.org
53+
7454
PREDEFINED_ROLE=admin,operator,viewer,billadmin,billviewer
7555
PREDEFINED_PLATFORM_ROLE=admin,operator,viewer,billadmin,billviewer
7656
PREDEFINED_WORKSPACE_ROLE=admin,operator,viewer,billadmin,billviewer
7757

78-
## EXTERNAL SERVICE CONFIGURATION
79-
# =============================================
80-
81-
# MC-Infra Manager
82-
MCINFRAMANAGER=http://cb-tumblebug:1323/tumblebug
58+
MC_IAM_MANAGER_KEYCLOAK_CLIENT_NAME=mciamClient
59+
MC_IAM_MANAGER_KEYCLOAK_CLIENT_SECRET=mciamClientSecret
60+
61+
MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_NAME=mciam-oidc-Client
62+
MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_ID=notyet
63+
MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_SECRET=mciamOidcClientSecret
64+
65+
66+
## docker postgres setup
67+
MC_IAM_MANAGER_DATABASE_USER=mciamdbadmin
68+
MC_IAM_MANAGER_DATABASE_PASSWORD=mciamdbpassword
69+
MC_IAM_MANAGER_DATABASE_HOST=mc-iam-manager-db
70+
MC_IAM_MANAGER_DATABASE_NAME=mc_iam_manager_db
71+
MC_IAM_MANAGER_DATABASE_PORT=5432
72+
MC_IAM_MANAGER_DATABASE_RECREATE=false
73+
MC_IAM_MANAGER_DATABASE_SSLMODE=disable
74+
MC_IAM_MANAGER_DATABASE_URL=postgres://${MC_IAM_MANAGER_DATABASE_USER}:${MC_IAM_MANAGER_DATABASE_PASSWORD}@${MC_IAM_MANAGER_DATABASE_HOST}:${MC_IAM_MANAGER_DATABASE_PORT}/${MC_IAM_MANAGER_DATABASE_NAME}?sslmode=disable
75+
#IAM_DB_RECREATE=true
76+
77+
78+
# dev mode = ssl disabled
79+
80+
MC_IAM_MANAGER_KEYCLOAK_DOMAIN=mc-iam-manager-kc
81+
MC_IAM_MANAGER_KEYCLOAK_PORT=8080
82+
MC_IAM_MANAGER_KEYCLOAK_HOST=http://${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}:${MC_IAM_MANAGER_KEYCLOAK_PORT}
83+
MC_IAM_MANAGER_KEYCLOAK_DATABASE_NAME=mc_iam_keycloak_db
84+
MC_IAM_MANAGER_KEYCLOAK_REALM=mciam
85+
MC_IAM_MANAGER_KEYCLOAK_CLIENT_PATH=${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}/realms/${MC_IAM_MANAGER_KEYCLOAK_REALM}
86+
MC_IAM_MANAGER_KEYCLOAK_ADMIN=admin
87+
MC_IAM_MANAGER_KEYCLOAK_ADMIN_PASSWORD=admin_password
88+
89+
## mc-infra-manager
90+
MCINFRAMANAGER=http://mc-infra-manager:1323/tumblebug
8391
MCINFRAMANAGER_APIUSERNAME=default
8492
MCINFRAMANAGER_APIPASSWORD=default
8593

86-
# External Resource URLs
87-
MCADMINCLI_APIYAML=https://raw.githubusercontent.com/m-cmp/mc-admin-cli/refs/heads/main/conf/api.yaml
88-
MCWEBCONSOLE_MENUYAML=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_resources.yaml
89-
MCWEBCONSOLE_MENU_PERMISSIONS=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_permissions.csv
94+
## Default Workspace
95+
DEFAULT_WORKSPACE_NAME=ws01
9096

91-
## AWS CONFIGURATION
92-
# =============================================
93-
94-
# AWS Security Credentials
9597
TEMPORARY_SECURITY_CREDENTIALS_ENDPOINT_AWS=https://sts.amazonaws.com
96-
AWS_ACCOUNT_ID=<aws_account_id>
97-
IDENTITY_PROVIDER_ARN_AWS=<aws_identity_provider_arn>
98-
IDENTITY_ROLE_ARN_AWS=<aws_role_arn_for_temporary_security_credentials>
98+
AWS_ACCOUNT_ID=notyet
99+
IDENTITY_PROVIDER_ARN_AWS=arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}/realms/${MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_NAME}
100+
IDENTITY_ROLE_ARN_AWS=arn:aws:iam::${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}:role/mciam-platformadmin
101+
99102

100-
# Cloud Service Provider Settings
101-
CSP_ROLE_PREFIX=mciam
103+
CSP_ROLE_PREFIX=mciam

.env.setup

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
# Common Use case
2+
HEALTH_CHECK_INTERVAL=1m
3+
HEALTH_CHECK_TIMEOUT=5s
4+
HEALTH_CHECK_RETIES="3"
5+
HEALTH_CHECK_START_PERIOD=60s
6+
7+
8+
# Network Configuration (필수)
9+
MC_INFRA_CONNECTOR_PORT=1024
10+
MC_INFRA_MANAGER_PORT=1323
11+
MC_IAM_MANAGER_PORT=5005
12+
MC_IAM_MANAGER_KEYCLOAK_PORT=8080
13+
MC_WEB_CONSOLE_API_PORT=3000
14+
MC_WEB_CONSOLE_FRONT_PORT=3001
15+
MC_INFRA_MANAGER_POSTGRES_PORT=5432
16+
MC_INFRA_MANAGER_ETCD_PORT=2379
17+
18+
# MC-WEB-CONSOLE
19+
CONSOLE_POSTGRES_DB=mcwebconsoledbdev
20+
CONSOLE_POSTGRES_USER=mcwebadmin
21+
CONSOLE_POSTGRES_PASSWORD=mcwebadminpassword!
22+
23+
24+
## MCIAMMANAGER ENV SETUP
25+
MC_IAM_MANAGER_DOMAIN=mc-iam-manager
26+
MC_IAM_MANAGER_PORT=5005
27+
MC_IAM_MANAGER_HOST=http://${MC_IAM_MANAGER_DOMAIN}:${MC_IAM_MANAGER_PORT}
28+
MC_IAM_MANAGER_HOST_FOR_INIT=http://${MC_IAM_MANAGER_DOMAIN}:${MC_IAM_MANAGER_PORT}
29+
MC_IAM_MANAGER_CERT_EMAIL=mcmp@cloud-barista.org
30+
31+
32+
33+
DEFAULT_LANGUAGE=ko # [ko|en] Default is ko if not set
34+
35+
## DB MODE
36+
MODE=standalone # [standalone|docker] both are same.
37+
38+
## Resources Permission MODE
39+
USE_TICKET_VALID=true # [true|false]
40+
41+
MCADMINCLI_APIYAML=https://raw.githubusercontent.com/m-cmp/mc-admin-cli/refs/heads/main/conf/api.yaml
42+
MCWEBCONSOLE_MENUYAML=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_resources.yaml
43+
MCWEBCONSOLE_MENU_PERMISSIONS=https://raw.githubusercontent.com/m-cmp/mc-web-console/refs/heads/main/conf/webconsole_menu_permissions.csv
44+
45+
46+
MC_IAM_MANAGER_PLATFORMADMIN_ID=mcmp
47+
MC_IAM_MANAGER_PLATFORMADMIN_PASSWORD=mcmp_password
48+
MC_IAM_MANAGER_PLATFORMADMIN_FIRSTNAME=mcmp
49+
MC_IAM_MANAGER_PLATFORMADMIN_LASTNAME=iammanager
50+
MC_IAM_MANAGER_PLATFORMADMIN_EMAIL=iammanager@cloud-barista.org
51+
52+
PREDEFINED_ROLE=admin,operator,viewer,billadmin,billviewer
53+
PREDEFINED_PLATFORM_ROLE=admin,operator,viewer,billadmin,billviewer
54+
PREDEFINED_WORKSPACE_ROLE=admin,operator,viewer,billadmin,billviewer
55+
56+
MC_IAM_MANAGER_KEYCLOAK_CLIENT_NAME=mciamClient
57+
MC_IAM_MANAGER_KEYCLOAK_CLIENT_SECRET=mciamClientSecret
58+
59+
MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_NAME=mciam-oidc-Client
60+
MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_ID=notyet
61+
MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_SECRET=mciamOidcClientSecret
62+
63+
64+
## docker postgres setup
65+
MC_IAM_MANAGER_DATABASE_USER=mciamdbadmin
66+
MC_IAM_MANAGER_DATABASE_PASSWORD=mciamdbpassword
67+
MC_IAM_MANAGER_DATABASE_HOST=mc-iam-manager-db
68+
MC_IAM_MANAGER_DATABASE_NAME=mc_iam_manager_db
69+
MC_IAM_MANAGER_DATABASE_PORT=5432
70+
MC_IAM_MANAGER_DATABASE_RECREATE=false
71+
MC_IAM_MANAGER_DATABASE_SSLMODE=disable
72+
MC_IAM_MANAGER_DATABASE_URL=postgres://${MC_IAM_MANAGER_DATABASE_USER}:${MC_IAM_MANAGER_DATABASE_PASSWORD}@${MC_IAM_MANAGER_DATABASE_HOST}:${MC_IAM_MANAGER_DATABASE_PORT}/${MC_IAM_MANAGER_DATABASE_NAME}?sslmode=disable
73+
#IAM_DB_RECREATE=true
74+
75+
76+
# dev mode = ssl disabled
77+
78+
MC_IAM_MANAGER_KEYCLOAK_DOMAIN=mc-iam-manager-kc
79+
MC_IAM_MANAGER_KEYCLOAK_PORT=8080
80+
MC_IAM_MANAGER_KEYCLOAK_HOST=http://${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}:${MC_IAM_MANAGER_KEYCLOAK_PORT}
81+
MC_IAM_MANAGER_KEYCLOAK_DATABASE_NAME=mc_iam_keycloak_db
82+
MC_IAM_MANAGER_KEYCLOAK_REALM=mciam
83+
MC_IAM_MANAGER_KEYCLOAK_CLIENT_PATH=${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}/realms/${MC_IAM_MANAGER_KEYCLOAK_REALM}
84+
MC_IAM_MANAGER_KEYCLOAK_ADMIN=admin
85+
MC_IAM_MANAGER_KEYCLOAK_ADMIN_PASSWORD=admin_password
86+
87+
## mc-infra-manager
88+
MCINFRAMANAGER=http://mc-infra-manager:1323/tumblebug
89+
MCINFRAMANAGER_APIUSERNAME=default
90+
MCINFRAMANAGER_APIPASSWORD=default
91+
92+
## Default Workspace
93+
DEFAULT_WORKSPACE_NAME=ws01
94+
95+
TEMPORARY_SECURITY_CREDENTIALS_ENDPOINT_AWS=https://sts.amazonaws.com
96+
AWS_ACCOUNT_ID=notyet
97+
IDENTITY_PROVIDER_ARN_AWS=arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}/realms/${MC_IAM_MANAGER_KEYCLOAK_OIDC_CLIENT_NAME}
98+
IDENTITY_ROLE_ARN_AWS=arn:aws:iam::${MC_IAM_MANAGER_KEYCLOAK_DOMAIN}:role/mciam-platformadmin
99+
100+
101+
CSP_ROLE_PREFIX=mciam
102+
MC_IAM_MANAGER_HOST=http://localhost:5005

0 commit comments

Comments
 (0)