Merge branch 'master' into angular-8

* master: (33 commits)
  Master test fixes (#3992)
  Fix npm audit error in dev dependency - handlebars used by istanbul & karma-coverage-istanbul-reporter - weird goings on in stratos (npm audit shows handlebars errors), vanilla   angular 7 app (shows no handlebars errors) and vanilla angular 8 app (no   handlabrs errors). Same istanbul and coverage dependencies in all   node_modules directories and same coverage dependency in all apps - In the end fixed via audit's recommendation to `npm update handlebars --depth 4`
  Some unit test fixes
  Update versions links in readme
  Fix v2-master references and goreportcard link
  Trivial change
  Address some todo's, make issues for others
  Remove unused route
  Fix unit test
  Reverted the app wall and removed console.log
  Fix lint & unit tests
  Fix connect to endpoint subtype
  Ensure we're passing the correct params to action builders.
  Removed console logs
  Ensure endpoint register tiles are ordered correctly
  Start with empty CustomizationsMetadata
  Convert CustomizationsMetadata inject into singleton CustomizationService
  Fix npm audit vulnerabilities (#3899)
  Remove old ingress docs and add new (#3961)
  Helm Chart: Add ingress support (#3935)
  ...

.gitignore

@@ -90,6 +90,7 @@ e2e-reports/
 src/jetstream/jetstream
 src/jetstream/console-database.db
 src/jetstream/config.properties
+src/jetstream/db/dbconf.yml
 
 # Customisations
 

CHANGELOG.md

@@ -152,7 +152,7 @@ This release contains a number of fixes and improvements:
 [Full Changelog](https://github.com/cloudfoundry-incubator/stratos/compare/2.1.2...2.2.0)
 
 This release contains a number of fixes and improvements. It introduces the first set of Extension points to allow
-users to take Stratos and extend it with new functionality. Initial documentation is available [here](https://github.com/cloudfoundry-incubator/stratos/blob/v2-master/docs/extensions.md). Additionally, when a metrics endpoint is connected, Cloud Foundry cell information is now shown in the Application Instances tab. A Cloud Foundry cells table and Cell summary pages have also been added to the Cloud Foundry section.
+users to take Stratos and extend it with new functionality. Initial documentation is available [here](https://github.com/cloudfoundry-incubator/stratos/blob/master/docs/extensions.md). Additionally, when a metrics endpoint is connected, Cloud Foundry cell information is now shown in the Application Instances tab. A Cloud Foundry cells table and Cell summary pages have also been added to the Cloud Foundry section.
 
 **Fixes:**
 

README.md

@@ -1,16 +1,17 @@
 # Stratos
 
-<a href="https://travis-ci.org/cloudfoundry-incubator/stratos/branches"><img src="https://travis-ci.org/cloudfoundry-incubator/stratos.svg?branch=v2-master"></a>&nbsp;<a style="padding-left: 4px" href="https://codeclimate.com/github/cloudfoundry-incubator/stratos/maintainability"><img src="https://api.codeclimate.com/v1/badges/61af8b605f385e894632/maintainability" /></a>
-<a href="https://goreportcard.com/github.com/cloudfoundry-incubator/stratos"><img src="https://goreportcard.com/badge/github.com/cloudfoundry-incubator/stratos"/></a>
-<a href="https://codecov.io/gh/cloudfoundry-incubator/stratos/branch/v2-master"><img src="https://codecov.io/gh/cloudfoundry-incubator/stratos/branch/v2-master/graph/badge.svg"/></a>
+<a href="https://travis-ci.org/cloudfoundry-incubator/stratos/branches"><img src="https://travis-ci.org/cloudfoundry-incubator/stratos.svg?branch=master"></a>&nbsp;<a style="padding-left: 4px" href="https://codeclimate.com/github/cloudfoundry-incubator/stratos/maintainability"><img src="https://api.codeclimate.com/v1/badges/61af8b605f385e894632/maintainability" /></a>
+<a href="https://goreportcard.com/report/github.com/cloudfoundry-incubator/stratos"><img src="https://goreportcard.com/badge/github.com/cloudfoundry-incubator/stratos"/></a>
+<a href="https://codecov.io/gh/cloudfoundry-incubator/stratos/branch/master"><img src="https://codecov.io/gh/cloudfoundry-incubator/stratos/branch/graph/badge.svg"/></a>
 [![GitHub release](https://img.shields.io/github/release/cloudfoundry-incubator/stratos.svg)](https://github.com/cloudfoundry-incubator/stratos/releases/latest)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/cloudfoundry-incubator/stratos/blob/master/LICENSE)
 [![slack.cloudfoundry.org](https://slack.cloudfoundry.org/badge.svg)](https://cloudfoundry.slack.com/messages/C80EP4Y57/)
 
-
 Stratos is an Open Source Web-based UI (Console) for managing Cloud Foundry. It allows users and administrators to both manage applications running in the Cloud Foundry cluster and perform cluster management tasks.
 
-If you are looking for the V1 version of Stratos, you can find it in the [master](https://github.com/cloudfoundry-incubator/stratos/tree/master) branch.
+If you are looking for a version of Stratos, you can find ..
+- V1 in the [v1-master](https://github.com/cloudfoundry-incubator/stratos/tree/v1-master) branch.
+- V2 in the [v2-master](https://github.com/cloudfoundry-incubator/stratos/tree/v2-master) branch.
 
 ![Stratos Application view](docs/images/screenshots/app-summary.png)
 

build/tools/mysqldb-dev.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+echo "Starting MariaDB database for development"
+
+STRATOS_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && cd ../.. && pwd)"
+echo $STRATOS_PATH
+
+docker stop stratos-db
+docker rm stratos-db
+
+ID=$(docker run --name stratos-db -d -e MYSQL_ROOT_PASSWORD=dbroot -p 3306:3306 splatform/stratos-mariadb)
+echo $ID
+
+rm -f dbsetup.sql init.sh
+cat <<EOF > dbsetup.sql
+CREATE DATABASE stratosdb;
+CREATE USER stratos IDENTIFIED BY 'strat0s';
+GRANT ALL PRIVILEGES ON stratosdb.* to 'stratos'@'%';
+EOF
+
+cat <<EOF > init.sh
+#!/usr/bin/env bash
+mysql -uroot -pdbroot < /dbsetup.sql
+EOF
+
+chmod +x init.sh
+docker cp ./dbsetup.sql ${ID}:/dbsetup.sql
+docker cp ./init.sh ${ID}:/init.sh
+rm dbsetup.sql init.sh
+
+#Fetch dockerize tool
+wget https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-linux-amd64-v0.6.1.tar.gz
+tar -xzvf dockerize-linux-amd64-v0.6.1.tar.gz
+rm dockerize-linux-amd64-v0.6.1.tar.gz
+
+chmod +x ./dockerize
+docker cp ./dockerize ${ID}:/dockerize
+rm dockerize
+
+#We us wait for the internal socket to come up before running init script
+echo "Just waiting a few seconds for the DB to come online ..."
+docker exec -t ${ID} /dockerize -wait file:///var/run/mysql/mysql.sock -timeout 1m
+
+echo "Database ready"
+docker exec -t ${ID} /init.sh
+
+mkdir -p ${STRATOS_PATH}/src/jetstream/db
+cp ${STRATOS_PATH}/deploy/db/dbconf.yml ${STRATOS_PATH}/src/jetstream/db
+
+if [ -f ${STRATOS_PATH}/src/jetstream/jetstream ]; then
+  ${STRATOS_PATH}/src/jetstream/jetstream --env=mariadb-dev up
+else
+  echo "Build the Stratos backend and run db migrations with:"
+  echo "  ./jetstream --env=mariadb-local up"
+fi

build/tools/postgres-dev.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+echo "Startind Postgres database for development"
+
+STRATOS_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && cd ../.. && pwd)"
+echo $STRATOS_PATH
+
+docker stop stratos-db
+docker rm stratos-db
+
+ID=$(docker run --name stratos-db -d -e POSTGRES_DB=stratosdb -e POSTGRES_USER=stratos -e POSTGRES_PASSWORD=strat0s -p 5432:5432 postgres)
+echo $ID
+
+echo "Just waiting a few seconds for the DB to come online ..."
+sleep 5
+
+echo "Database ready"
+
+mkdir -p ${STRATOS_PATH}/src/jetstream/db
+cp ${STRATOS_PATH}/deploy/db/dbconf.yml ${STRATOS_PATH}/src/jetstream/db
+
+if [ -f ${STRATOS_PATH}/src/jetstream/jetstream ]; then
+  ${STRATOS_PATH}/src/jetstream/jetstream --env=postgres-dev up
+else
+  echo "Build the Stratos backend and run db migrations with:"
+  echo "  ./jetstream --env=postgres-local up"
+fi

deploy/db/dbconf.yml

@@ -10,3 +10,9 @@ mariadb-development:
 mariadb-k8s:
     driver: mysql
     open: $DB_USER:$DB_PASSWORD@tcp($DB_HOST:$DB_PORT)/$DB_DATABASE_NAME?parseTime=true
+mariadb-dev:
+    driver: mysql
+    open: stratos:strat0s@tcp(127.0.0.1:3306)/stratosdb?parseTime=true
+postgres-dev:
+    driver: postgres
+    open: host='127.0.0.1' port=5432 user='stratos' password='strat0s' dbname='stratosdb' sslmode='disable'

deploy/kubernetes/README.md

@@ -14,6 +14,7 @@ The following guide details how to deploy Stratos in Kubernetes.
 - [Accessing the Console](#accessing-the-console)
 - [Advanced Topics](#advanced-topics)
   * [Using a Load Balancer](#using-a-load-balancer)
+  * [Using an Ingress Controller](#ingress)
   * [Specifying an External IP](#specifying-an-external-ip)
   * [Upgrading your deployment](#upgrading-your-deployment)
   * [Specifying UAA configuration](#specifying-uaa-configuration)
@@ -23,7 +24,6 @@ The following guide details how to deploy Stratos in Kubernetes.
   * [Deploying Stratos with your own TLS certificates](#deploying-stratos-with-your-own-tls-certificates)
   * [Using with a Secure Image Repostiory](#using-with-a-secure-image-repository)
   * [Installing Nightly Release](#installing-a-nightly-release)
-  * [Configuring Stratos to use an Ingress controller](./ingress)
 <!-- /TOC -->
 
 ## Requirements
@@ -178,6 +178,26 @@ If your Kubernetes deployment supports automatic configuration of a load balance
 helm install stratos/console --namespace=console --name my-console --set console.service.type=LoadBalancer
 ```
 
+### Using an Ingress Controller
+
+If your Kubernetes Cluster supports Ingress, you can expose Stratos through Ingress by supplying the appropriate ingress configuration when installing.
+
+This configuration is described below:
+
+|Parameter|Description|Default|
+|----|---|---|
+|console.service.ingress.enabled|Enables ingress|false|
+|console.service.ingress.annotations|Annotations to be added to the ingress resource.|{}|
+|console.service.ingress.extraLabels|Additional labels to be added to the ingress resource.|{}|
+|console.service.ingress.host|The host name that will be used for the Stratos service.||
+|console.service.ingress.secretName|The existing TLS secret that contains the certificate for ingress.||
+
+You must provide `console.service.ingress.host` when enabling ingress.
+
+By default a certificate will be generated for TLS. You can provide your own certificate by creating a secret and specifying this with `console.service.ingress.secretName`.
+
+> Note: If you do not supply `console.service.ingress.host` but do supply `env.DOMAIN` then the host `console.[env.DOMAIN]` will be used.
+
 ### Specifying an External IP
 
 If the kubernetes cluster supports external IPs for services (see [ Service External IPs](https://kubernetes.io/docs/concepts/services-networking/service/#external-ips)), then the following arguments can be provided. In this following example the dashboard will be available at `https://192.168.100.100:5000`.
@@ -351,3 +371,4 @@ Install
 ```
 helm install stratos/console --namespace=console --name my-console --version 2.0.0-dev-9a5611dc
 ```
+

deploy/kubernetes/console/templates/__helpers.tpl

@@ -104,4 +104,32 @@ Generate self-signed certificate
 {{- $cert := genSignedCert ( include "console.certName" . ) nil $altNames 365 $ca -}}
 tls.crt: {{ $cert.Cert | b64enc }}
 tls.key: {{ $cert.Key | b64enc }}
-{{- end -}}
+{{- end -}}
+
+
+{{/*
+Ingress Host from .Values.console.service
+*/}}
+{{- define "ingress.host.value" -}}
+{{- if .Values.console.service -}}
+{{- if .Values.console.service.ingress -}}
+{{- if .Values.console.service.ingress.host -}}
+{{ .Values.console.service.ingress.host }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Ingress Host:
+*/}}
+{{- define "ingress.host" -}}
+{{ $host := (include "ingress.host.value" .) }}
+{{- if $host -}}
+{{ $host | quote }}
+{{- else if .Values.env.DOMAIN -}}
+{{ print "console." .Values.env.DOMAIN }}
+{{- else -}}
+{{ required "Host name is required" $host | quote }}
+{{- end -}}
+{{- end -}}

deploy/kubernetes/console/templates/deployment.yaml

@@ -247,6 +247,8 @@ spec:
           value: {{default "false" .Values.console.ssoLogin | quote}}
         - name: SSO_OPTIONS
           value: {{default "" .Values.console.ssoOptions | quote}}
+        - name: SSO_WHITELIST
+          value: {{ default "" .Values.console.ssoWhiteList | quote }}
         {{- if .Values.console.templatesConfigMapName }}
         - name: TEMPLATE_DIR
           value: /etc/templates

deploy/kubernetes/console/templates/ingress.yaml

@@ -0,0 +1,76 @@
+{{- if .Values.console.service -}}
+{{- if .Values.console.service.ingress -}}
+{{- if .Values.console.service.ingress.enabled -}}
+
+{{- if not .Values.console.service.ingress.secretName -}}
+---
+# The certificate and key for the TLS secret are passed through ingress.tls.crt and ingress.tls.key
+# respectively. If the operator does not provide these values at installation time, the TLS secret
+# will contain empty values. The standard behaviour for NGINX ingress controller is to provide a
+# fake certificate instead. It is useful only for testing and development. It is expected that for
+# production use the operator will provide these values.
+apiVersion: "v1"
+kind: "Secret"
+type: kubernetes.io/tls
+metadata:
+  name: "{{ .Release.Name }}-ingress-tls"
+  labels:
+    app.kubernetes.io/name: "stratos"
+    app.kubernetes.io/instance: "{{ .Release.Name }}"
+    app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+    app.kubernetes.io/component: "console-ingress-tls"
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+data:
+  tls.crt: {{ .Values.console.service.ingress.tls.crt | default "" | b64enc | quote }}
+  tls.key: {{ .Values.console.service.ingress.tls.key | default "" | b64enc | quote }}
+{{- end }}
+
+---
+# Ingress for the Console UI service
+apiVersion: "extensions/v1beta1"
+kind: "Ingress"
+metadata:
+  name: "{{ .Release.Name }}-ingress"
+  annotations:
+    {{- if hasKey .Values.console.service.ingress.annotations "kubernetes.io/ingress.class" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "kubernetes.io/ingress.class" "nginx" }}
+    {{- end }}
+    {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/secure-backends" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/secure-backends" "true" }}
+    {{- end }}
+    {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/backend-protocol" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/backend-protocol" "HTTPS" }}
+    {{- end }}
+    {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/ssl-redirect" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/ssl-redirect" "false" }}
+    {{- end }}
+    {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/proxy-body-size" | not -}}
+      {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/proxy-body-size" "200m" }}
+    {{- end }}
+    {{ $_ := set .Values.console.service.ingress.annotations "nginx.org/websocket-services" (print .Release.Name "-ui-ext") }}
+{{ toYaml .Values.console.service.ingress.annotations | indent 4 }}
+  labels:
+    app.kubernetes.io/name: "stratos"
+    app.kubernetes.io/component: "console-ingress"
+    app.kubernetes.io/instance: "{{ .Release.Name }}"
+    app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+{{- range $key, $value := .Values.console.service.ingress.extraLabels }}
+    {{ $key }}: {{ $value }}
+{{- end }}    
+spec:
+  tls:
+  - secretName: {{ default "{{ .Release.Name }}-ingress-tls" .Values.console.service.ingress.secretName | quote }}
+    hosts:
+    - {{ template "ingress.host" . }}
+  rules:
+    - host: {{ template "ingress.host" . }}
+      http:
+        paths:
+          - path: "/"
+            backend:
+              serviceName: "{{ .Release.Name }}-ui-ext"
+              servicePort: 443
+{{- end }}
+{{- end }}
+{{- end }}