diff --git a/.gitignore b/.gitignore index a70cae14b5..413128240b 100644 --- a/.gitignore +++ b/.gitignore @@ -60,8 +60,8 @@ integration-aws.yaml DOCKER_ID* swagger-ui !charts/nginz/static/swagger-ui -deploy/services-demo/resources/templates/* -deploy/services-demo/conf/nginz/zwagger-ui/* + +services/nginz/integration-test/conf/nginz/zwagger-ui/* deploy/dockerephemeral/build/airdock_base-all/ deploy/dockerephemeral/build/airdock_base/ @@ -72,13 +72,6 @@ deploy/dockerephemeral/build/airdock_rvm/ deploy/dockerephemeral/build/dynamodb_local/ deploy/dockerephemeral/build/smtp/ -# Avoid storing generated keys -/deploy/services-demo/resources/turn/secret.txt - -# Avoid storing generated keys (privkeys.txt and pubkeys.txt are generated by demo.sh) -/deploy/services-demo/resources/zauth/privkeys.txt -/deploy/services-demo/resources/zauth/pubkeys.txt - /libs/libzauth/bzauth-c/deb/usr # Generated by "make hie.yaml" diff --git a/README.md b/README.md index 3f021b6f35..b462dc806a 100644 --- a/README.md +++ b/README.md @@ -94,4 +94,5 @@ This is suitable only for local development and testing. See [build instructions You have two options: * Option 1. (recommended) Install wire-server on kubernetes using the configuration and instructions provided in [wire-server-deploy](https://github.com/wireapp/wire-server-deploy). This is the best option to run it on a server and recommended if you want to self-host wire-server. -* Option 2. Compile everything in this repo, then you can use the [docker-compose based demo](deploy/services-demo/README.md). This option is intended as a way to try out wire-server on your local development machine and is less suited when you want to install wire-server on a server. + +* Option 2. Compile everything in this repo, then you can use the `services/start-services-only.sh`. This option is intended as a way to try out wire-server on your local development machine and not suited for production. diff --git a/changelog.d/5-internal/pr-2789 b/changelog.d/5-internal/pr-2789 new file mode 100644 index 0000000000..0c45908219 --- /dev/null +++ b/changelog.d/5-internal/pr-2789 @@ -0,0 +1 @@ +Delete `deploy/services-demo` directory diff --git a/deploy/services-demo/README.md b/deploy/services-demo/README.md deleted file mode 100644 index 16654b2a8d..0000000000 --- a/deploy/services-demo/README.md +++ /dev/null @@ -1,100 +0,0 @@ -# How to run `wire-server` with "fake" AWS dependencies in demo mode - -This document assumes that you have already compiled all services (i.e., you read all of the `README.md` from the top level folder and ran `make services` there) and now you want to see how it all fits together. - -Use 2 different terminals and run: - -``` -# On terminal 1, start the dependencies. Note that you should turn up the max memory -# limit of docker. More on https://github.com/wireapp/wire-server/issues/326 -deploy/dockerephemeral/run.sh -``` - -``` -# On terminal 2, start the services -deploy/services-demo/demo.sh # if all services have been compiled natively -deploy/services-demo/demo.sh docker # in case Docker images were built instead -``` - -### Structure of the services-demo folder - -``` -conf <- folder with configuration for all services - └── nginz - ├── nginx.conf <- main nginx configuration - ├── ... <- other nginx config files - ├── upstreams <- nginx upstream configuration - ├── .demo.yaml <- service configuration file (brig, cannon, cargohold, galley, gundeck, proxy) -resources <- folder which contains secrets or other resources used by services - ├── templates <- email/sms/call templates used by brig - ├── turn <- list of TURN servers available and a secret (autogenerated by demo.sh, used by brig and TURN server) - ├── zauth <- public/private keys used for authentication (autogenerated by demo.sh, used by brig and nginz) - ├── nexmo-credentials.yaml <- dummy credentials for the nexmo API (used by brig) - ├── proxy.config <- dummy credentials for multiple proxied services (used by proxy) - ├── twilio-credentials.yaml <- dummy credentials for the twilio API (used by brig) -├── create_test_user.sh <- bash script that creates a user and prints the credentials created -├── demo.sh <- bash script that generates needed secrets and starts all services -└── README.md <- this file -``` - -### Why do you describe this as a _demo_? - -* **no optimal performance; not highly-available**: The way that the data stores used are set up is done in a simple way that is not advisable for a production environment (e.g., cassandra uses a single node and Docker will manage the storage of your database data by writing the database files to disk on the host system using its own internal volume management). -* **missing functionality**: Some other dependencies (such as the "fake" AWS services) do not provide the full functionality of the real AWS services (for instance, the fake SES doesn't actually send emails) nor do they have the same reliability and availability. -* :warning: **insecure by default** :warning: : - * **no private network**: Not only is `nginz` reachable on port 8080 from the outside world, but all other services and databases are also reachable from localhost, which, if you run this from e.g. your laptop, allows any other concurrently running process (or exploits thereof) to - * query any user's information, - * make use of internal endpoints not requiring additional authorization, - * impersonate other users by making HTTP requests directly to services (such as brig) using a Z-User: header, - * talk directly to the databases and modifying information there, giving arbitrary control over accounts, conversation membership, allows deleting messages for recipients that are offline, etc. - * **no HTTPS by default**: The demo setup exposes nginz on plain http, so if you don't have your own ssl termination server in front or configure nginz with an SSL certificate, that allows all kinds of metadata (who, with which device/browser accessed which endpoint with which content at what time) to be read by all routers and people in the networks in between a user and the server. - * **inadequate process isolation**: Running different services on the same physical or virtual machine is NOT recommended for security. Example: Even in a modified demo setup (in which only nginz is reachable from outside; and SSL/HTTPS in enforced), a temporary bug in nginz could allow an attacker to gain access to that machine, therefore also to the disk and RAM in use by other services (allowing to steal e.g. the private key used by the brig service to sign access tokens; allowing user impersonation even after the nginx bug is fixed (if keys are not rotated)). - * **dependence on insecurely-downloaded docker images** - -It is however very straightforward to setup all the necessary dependencies to run `wire-server` and it is what we use in our integration tests as well (as can be seen in our [integration bash script](../../services/integration.sh)). - -### Common problems - -> nginx: [alert] could not open error log file: open() "/var/log/nginz/error.log" failed (2: No such file or directory) - -This is not really an issue and `nginz` is fine. `nginz` has a `LOG_PATH`[check the Makefile](../../services/nginz/Makefile) defined which it always tries to write to during startup, even if you have defined a different path on your `nginx.conf`. You can safely ignore this warning or recompile `nginz` with a `LOG_PATH` which is writable on your system. - -### Is there a way to look at some API endpoints? - -Yes. If all has been set up correctly, you should be able to navigate to http://127.0.0.1:8080/swagger-ui where you should be faced with a login screen that looks like - -login screen - -In order to view the API, you need to create a regular user. For that purpose, you can then run the script `./create_test_user.sh` and use the credentials that you see on the screen to log in. - -### This is fantastic, all services up & running... what now, can I run some kind of smoketests? - -Yes. You need to specify an email address that the smoketests can log in to via IMAP for it to read and act upon registration/activation emails. Have a look at what the configuration for the [api-smoketest](../../tools/api-simulations/README.md) should be. Once you have the correct `mailboxes.json`, this should just work from the top level directory (note the `sender-email` must match brig's [sender-email](https://github.com/wireapp/wire-server/blob/develop/services/brig/brig.integration.yaml#L35)). - -If you wish to send verification SMS/calls (to support registration using phone numbers), you need to create an account and configure Twilio: you need to specify the sid and token from the Twilio account in the "wire-server/blob/develop/deploy/services-demo/resources/twilio-credentials.yaml". And specify your Twilio number in smsSender in file "wire-server/deploy/services-demo/conf/brig.demo.yaml" at `emailSMS.general.smsSender`. - -Note: This demo setup comes bundled with a postfix email sending docker image; however due to the minimal setup, emails will likely land in the Spam/Junk folder of the target email address, if you configure a common email provider. To get the smoketester to check the Spam folder as well, use e.g. (in the case of gmail) `--mailbox-folder INBOX --mailbox-folder '[Gmail]/Spam'`. - -Configure an email inbox for the smoketester: - -``` -# from the root of wire-server directory -cp tools/api-simulations/mailboxes.example.json mailboxes.json -``` - -Now adjust `mailboxes.json` and use credentials for an email account you own. - -Next, from the wire-server directory, after having compiled everything with 'make install': - -```bash -./dist/api-smoketest \ - --api-host=127.0.0.1 \ - --api-port=8080 \ - --api-websocket-host=127.0.0.1 \ - --api-websocket-port=8081 \ - --mailbox-config=mailboxes.json \ - --sender-email=backend-demo@mail.wiredemo.example.com \ - --mailbox-folder INBOX \ - --mailbox-folder '[Gmail]/Spam' \ - --enable-asserts -``` diff --git a/deploy/services-demo/conf/brig.demo-docker.yaml b/deploy/services-demo/conf/brig.demo-docker.yaml deleted file mode 100644 index bed2160b0c..0000000000 --- a/deploy/services-demo/conf/brig.demo-docker.yaml +++ /dev/null @@ -1,123 +0,0 @@ -brig: - host: brig - port: 8082 - -cassandra: - endpoint: - host: cassandra - port: 9042 - keyspace: brig_test - -elasticsearch: - url: http://elasticsearch:9200 - index: directory_test - -cargohold: - host: cargohold - port: 8084 - -galley: - host: galley - port: 8085 - -gundeck: - host: gundeck - port: 8086 - -aws: - prekeyTable: integration-brig-prekeys - sqsEndpoint: http://sqs:4568 # https://sqs.eu-west-1.amazonaws.com - dynamoDBEndpoint: http://dynamodb:8000 # https://dynamodb.eu-west-1.amazonaws.com - -internalEvents: - queueType: sqs - queueName: integration-brig-events-internal - -emailSMS: - email: - smtpEndpoint: - host: smtp - port: 25 - smtpConnType: plain - general: - templateDir: resources/templates - emailSender: backend-demo@mail.wiredemo.example.com - smsSender: "" - templateBranding: - brand: Wire - brandUrl: https://wire.com - brandLabelUrl: wire.com # This is the text in the label for the above URL - brandLogoUrl: https://wire.com/p/img/email/logo-email-black.png - brandService: Wire Service Provider - copyright: © WIRE SWISS GmbH - misuse: misuse@wire.com - legal: https://wire.com/legal/ - forgot: https://wire.com/forgot/ - support: https://support.wire.com/ - - user: - activationUrl: http://brig:8080/activate?key=${key}&code=${code} - smsActivationUrl: http://brig:8080/v/${code} - passwordResetUrl: http://brig:8080/password-reset/${key}?code=${code} - invitationUrl: http://brig:8080/register?invitation_code=${code} - deletionUrl: http://brig:8080/users/delete?key=${key}&code=${code} - - provider: - homeUrl: https://provider.localhost/ - providerActivationUrl: http://brig:8080/provider/activate?key=${key}&code=${code} - approvalUrl: http://brig:8080/provider/approve?key=${key}&code=${code} - approvalTo: success@simulator.amazonses.com - providerPwResetUrl: http://brig:8080/provider/password-reset?key=${key}&code=${code} - - team: - tInvitationUrl: http://brig:8080/register?team=${team}&team_code=${code} - tActivationUrl: http://brig:8080/register?team=${team}&team_code=${code} - tCreatorWelcomeUrl: http://brig:8080/creator-welcome-website - tMemberWelcomeUrl: http://brig:8080/member-welcome-website - -zauth: - privateKeys: resources/zauth/privkeys.txt - publicKeys: resources/zauth/pubkeys.txt - authSettings: - keyIndex: 1 - userTokenTimeout: 4838400 # 56 days - sessionTokenTimeout: 604800 # 7 days - accessTokenTimeout: 900 # 15 minutes - providerTokenTimeout: 604800 # 7 days - legalHoldUserTokenTimeout: 4838400 # 56 days - legalHoldSessionTokenTimeout: 604800 # 7 days - legalHoldAccessTokenTimeout: 900 # 15 minutes - -turn: - serversV2: resources/turn/servers-v2.txt - servers: resources/turn/servers.txt - secret: resources/turn/secret.txt - # ^ TODO: This secret should be the same used by the TURN servers - configTTL: 3600 - tokenTTL: 21600 - -optSettings: - setTwilio: resources/twilio-credentials.yaml - setNexmo: resources/nexmo-credentials.yaml - setActivationTimeout: 1209600 # 1 day - setTeamInvitationTimeout: 1814400 # 21 days - setUserMaxConnections: 1000 - setCookieInsecure: false - setUserCookieRenewAge: 1209600 # 14 days - setUserCookieLimit: 32 - setUserCookieThrottle: - stdDev: 3000 # 50 minutes - retryAfter: 86400 # 1 day - setRichInfoLimit: 5000 # should be in sync with Spar - setDefaultTemplateLocale: en - setDefaultUserLocale: en - setMaxTeamSize: 128 - setMaxConvSize: 128 - setEmailVisibility: visible_to_self - setFederationDomain: example.com - setNonceTtlSecs: 300 # 5 minutes - setDpopMaxSkewSecs: 1 - setDpopTokenExpirationTimeSecs: 300 # 5 minutes - -logLevel: Debug -logNetStrings: false diff --git a/deploy/services-demo/conf/brig.demo.yaml b/deploy/services-demo/conf/brig.demo.yaml deleted file mode 100644 index b914240114..0000000000 --- a/deploy/services-demo/conf/brig.demo.yaml +++ /dev/null @@ -1,125 +0,0 @@ -brig: - host: 127.0.0.1 - port: 8082 - -cassandra: - endpoint: - host: 127.0.0.1 - port: 9042 - keyspace: brig_test - -elasticsearch: - url: http://127.0.0.1:9200 - index: directory_test - -cargohold: - host: 127.0.0.1 - port: 8084 - -galley: - host: 127.0.0.1 - port: 8085 - -gundeck: - host: 127.0.0.1 - port: 8086 - -aws: - prekeyTable: integration-brig-prekeys - sqsEndpoint: http://localhost:4568 # https://sqs.eu-west-1.amazonaws.com - dynamoDBEndpoint: http://localhost:4567 # https://dynamodb.eu-west-1.amazonaws.com - -internalEvents: - queueType: sqs - queueName: integration-brig-events-internal - -emailSMS: - email: - smtpEndpoint: - host: 127.0.0.1 - port: 2500 - smtpConnType: plain - general: - templateDir: resources/templates - emailSender: backend-demo@mail.wiredemo.example.com - smsSender: "" - templateBranding: - brand: Wire - brandUrl: https://wire.com - brandLabelUrl: wire.com # This is the text in the label for the above URL - brandLogoUrl: https://wire.com/p/img/email/logo-email-black.png - brandService: Wire Service Provider - copyright: © WIRE SWISS GmbH - misuse: misuse@wire.com - legal: https://wire.com/legal/ - forgot: https://wire.com/forgot/ - support: https://support.wire.com/ - - user: - activationUrl: http://127.0.0.1:8080/activate?key=${key}&code=${code} - smsActivationUrl: http://127.0.0.1:8080/v/${code} - passwordResetUrl: http://127.0.0.1:8080/password-reset/${key}?code=${code} - invitationUrl: http://127.0.0.1:8080/register?invitation_code=${code} - deletionUrl: http://127.0.0.1:8080/users/delete?key=${key}&code=${code} - - provider: - homeUrl: https://provider.localhost/ - providerActivationUrl: http://127.0.0.1:8080/provider/activate?key=${key}&code=${code} - approvalUrl: http://127.0.0.1:8080/provider/approve?key=${key}&code=${code} - approvalTo: success@simulator.amazonses.com - providerPwResetUrl: http://127.0.0.1:8080/provider/password-reset?key=${key}&code=${code} - - team: - tInvitationUrl: http://127.0.0.1:8080/register?team=${team}&team_code=${code} - tActivationUrl: http://127.0.0.1:8080/register?team=${team}&team_code=${code} - tCreatorWelcomeUrl: http://127.0.0.1:8080/creator-welcome-website - tMemberWelcomeUrl: http://127.0.0.1:8080/member-welcome-website - -zauth: - privateKeys: resources/zauth/privkeys.txt - publicKeys: resources/zauth/pubkeys.txt - authSettings: - keyIndex: 1 - userTokenTimeout: 4838400 # 56 days - sessionTokenTimeout: 604800 # 7 days - accessTokenTimeout: 900 # 15 minutes - providerTokenTimeout: 604800 # 7 days - legalHoldUserTokenTimeout: 4838400 # 56 days - legalHoldSessionTokenTimeout: 604800 # 7 days - legalHoldAccessTokenTimeout: 900 # 15 minutes - -turn: - serversSource: files # files | dns - serversV2: resources/turn/servers-v2.txt - servers: resources/turn/servers.txt - secret: resources/turn/secret.txt - # ^ TODO: This secret should be the same used by the TURN servers - configTTL: 3600 - tokenTTL: 21600 - -optSettings: - setTwilio: resources/twilio-credentials.yaml - setNexmo: resources/nexmo-credentials.yaml - setActivationTimeout: 1209600 # 1 day - setTeamInvitationTimeout: 1814400 # 21 days - setUserMaxConnections: 1000 - setCookieInsecure: false - setUserCookieRenewAge: 1209600 # 14 days - setUserCookieLimit: 32 - setUserCookieThrottle: - stdDev: 3000 # 50 minutes - retryAfter: 86400 # 1 day - setRichInfoLimit: 5000 # should be in sync with Spar - setDefaultTemplateLocale: en - setDefaultUserLocale: en - setMaxTeamSize: 128 - setMaxConvSize: 128 - setEmailVisibility: visible_to_self - setFederationDomain: example.com - setNonceTtlSecs: 300 # 5 minutes - setDpopMaxSkewSecs: 1 - setDpopTokenExpirationTimeSecs: 300 # 5 minutes - setPublicKeyBundle: conf/jwt/ed25519_bundle.pem - -logLevel: Debug -logNetStrings: false diff --git a/deploy/services-demo/conf/cannon.demo-docker.yaml b/deploy/services-demo/conf/cannon.demo-docker.yaml deleted file mode 100644 index 2d63eec9cf..0000000000 --- a/deploy/services-demo/conf/cannon.demo-docker.yaml +++ /dev/null @@ -1,16 +0,0 @@ -cannon: - host: cannon - port: 8083 - externalHost: cannon - -gundeck: - host: gundeck - port: 8086 - -drainOpts: - gracePeriodSeconds: 1 - millisecondsBetweenBatches: 5 - minBatchSize: 100 - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/cannon.demo.yaml b/deploy/services-demo/conf/cannon.demo.yaml deleted file mode 100644 index 999988bafb..0000000000 --- a/deploy/services-demo/conf/cannon.demo.yaml +++ /dev/null @@ -1,16 +0,0 @@ -cannon: - host: 127.0.0.1 - port: 8083 - externalHost: 127.0.0.1 - -gundeck: - host: 127.0.0.1 - port: 8086 - -drainOpts: - gracePeriodSeconds: 1 - millisecondsBetweenBatches: 5 - minBatchSize: 100 - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/cargohold.demo-docker.yaml b/deploy/services-demo/conf/cargohold.demo-docker.yaml deleted file mode 100644 index c9dda863aa..0000000000 --- a/deploy/services-demo/conf/cargohold.demo-docker.yaml +++ /dev/null @@ -1,17 +0,0 @@ -cargohold: - host: cargohold - port: 8084 - -aws: - keyId: dummykey - secretKey: dummysecret - s3Bucket: dummy-bucket - s3Endpoint: http://s3:4570 # https://s3-eu-west-1.amazonaws.com:443 - -settings: - maxTotalBytes: 27262976 - downloadLinkTTL: 300 # Seconds - federationDomain: example.com - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/cargohold.demo.yaml b/deploy/services-demo/conf/cargohold.demo.yaml deleted file mode 100644 index 0f1228dcba..0000000000 --- a/deploy/services-demo/conf/cargohold.demo.yaml +++ /dev/null @@ -1,17 +0,0 @@ -cargohold: - host: 127.0.0.1 - port: 8084 - -aws: - keyId: dummykey - secretKey: dummysecret - s3Bucket: dummy-bucket - s3Endpoint: http://localhost:4570 # https://s3-eu-west-1.amazonaws.com:443 - -settings: - maxTotalBytes: 27262976 - downloadLinkTTL: 300 # Seconds - federationDomain: example.com - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/ed25519.pem b/deploy/services-demo/conf/ed25519.pem deleted file mode 100644 index 4e87cf573c..0000000000 --- a/deploy/services-demo/conf/ed25519.pem +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIAocCDXsKIAjb65gOUn5vEF0RIKnVJkKR4ebQzuZ709c ------END PRIVATE KEY----- diff --git a/deploy/services-demo/conf/galley.demo-docker.yaml b/deploy/services-demo/conf/galley.demo-docker.yaml deleted file mode 100644 index 0f1d0ea313..0000000000 --- a/deploy/services-demo/conf/galley.demo-docker.yaml +++ /dev/null @@ -1,46 +0,0 @@ -galley: - host: galley - port: 8085 - -cassandra: - endpoint: - host: cassandra - port: 9042 - keyspace: galley_test - -brig: - host: brig - port: 8082 - -gundeck: - host: gundeck - port: 8086 - -spar: - host: spar - port: 8088 - -settings: - httpPoolSize: 1024 - maxTeamSize: 128 - maxConvSize: 128 - intraListing: false - conversationCodeURI: https://cannon/join/ - concurrentDeletionEvents: 1024 - deleteConvThrottleMillis: 0 - - featureFlags: # see #RefConfigOptions in `/docs/reference` - sso: disabled-by-default - legalhold: disabled-by-default - teamSearchVisibility: disabled-by-default - appLock: - defaults: - status: enabled - config: - enforceAppLock: false - inactivityTimeoutSecs: 60 - - federationDomain: example.com - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/galley.demo.yaml b/deploy/services-demo/conf/galley.demo.yaml deleted file mode 100644 index 9e9150ce5c..0000000000 --- a/deploy/services-demo/conf/galley.demo.yaml +++ /dev/null @@ -1,53 +0,0 @@ -galley: - host: 127.0.0.1 - port: 8085 - -cassandra: - endpoint: - host: 127.0.0.1 - port: 9042 - keyspace: galley_test - -brig: - host: 127.0.0.1 - port: 8082 - -gundeck: - host: 127.0.0.1 - port: 8086 - -spar: - host: 127.0.0.1 - port: 8088 - -settings: - httpPoolSize: 1024 - maxTeamSize: 128 - maxConvSize: 128 - intraListing: false - conversationCodeURI: https://127.0.0.1/conversation-join/ - concurrentDeletionEvents: 1024 - deleteConvThrottleMillis: 0 - mlsPrivateKeyPaths: - removal: - ed25519: conf/ed25519.pem - - featureFlags: # see #RefConfigOptions in `/docs/reference` - sso: disabled-by-default - legalhold: disabled-by-default - teamSearchVisibility: disabled-by-default - appLock: - defaults: - status: enabled - config: - enforceAppLock: false - inactivityTimeoutSecs: 60 - classifiedDomains: - status: enabled - config: - domains: ["example.com"] - - federationDomain: example.com - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/gundeck.demo-docker.yaml b/deploy/services-demo/conf/gundeck.demo-docker.yaml deleted file mode 100644 index 8f83e7ae49..0000000000 --- a/deploy/services-demo/conf/gundeck.demo-docker.yaml +++ /dev/null @@ -1,29 +0,0 @@ -gundeck: - host: gundeck - port: 8086 - -cassandra: - endpoint: - host: cassandra - port: 9042 - keyspace: gundeck_test - -redis: - host: redis - port: 6379 - -aws: - queueName: integration-gundeck-events - region: eu-west-1 - account: "123456789012" # Default account nr used by localstack - arnEnv: integration - sqsEndpoint: http://sqs:4568 # https://sqs.eu-west-1.amazonaws.com - snsEndpoint: http://sns:4575 # https://sns.eu-west-1.amazonaws.com - -settings: - httpPoolSize: 1024 - notificationTTL: 24192200 - bulkPush: false - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/gundeck.demo.yaml b/deploy/services-demo/conf/gundeck.demo.yaml deleted file mode 100644 index f706444fe7..0000000000 --- a/deploy/services-demo/conf/gundeck.demo.yaml +++ /dev/null @@ -1,30 +0,0 @@ -gundeck: - host: 127.0.0.1 - port: 8086 - -cassandra: - endpoint: - host: 127.0.0.1 - port: 9042 - keyspace: gundeck_test - -redis: - host: 127.0.0.1 - port: 6379 - connectionMode: master - -aws: - queueName: integration-gundeck-events - region: eu-west-1 - account: "123456789012" # Default account nr used by localstack - arnEnv: integration - sqsEndpoint: http://localhost:4568 # https://sqs.eu-west-1.amazonaws.com - snsEndpoint: http://localhost:4575 # https://sns.eu-west-1.amazonaws.com - -settings: - httpPoolSize: 1024 - notificationTTL: 24192200 - bulkPush: false - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/jwt/ed25519_bundle.pem b/deploy/services-demo/conf/jwt/ed25519_bundle.pem deleted file mode 100644 index afbd4dfb0e..0000000000 --- a/deploy/services-demo/conf/jwt/ed25519_bundle.pem +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIFANnxZLNE4p+GDzWzR3wm/v8x/0bxZYkCyke1aTRucX ------END PRIVATE KEY----- ------BEGIN PUBLIC KEY----- -MCowBQYDK2VwAyEACPvhIdimF20tOPjbb+fXJrwS2RKDp7686T90AZ0+Th8= ------END PUBLIC KEY----- diff --git a/deploy/services-demo/conf/nginz/nginx-docker.conf b/deploy/services-demo/conf/nginz/nginx-docker.conf deleted file mode 100644 index 9fdd32baf8..0000000000 --- a/deploy/services-demo/conf/nginz/nginx-docker.conf +++ /dev/null @@ -1,461 +0,0 @@ -worker_processes 4; -worker_rlimit_nofile 1024; -pid /tmp/nginz.pid; -daemon off; - -# nb. start up errors (eg. misconfiguration) may still end up in /$(LOG_PATH)/error.log -error_log stderr warn; - -events { - worker_connections 1024; - multi_accept off; -} - -http { - # - # Some temporary paths (by default, will use the `prefix` path given when starting nginx) - # - - client_body_temp_path /tmp; - fastcgi_temp_path /tmp; - proxy_temp_path /tmp; - scgi_temp_path /tmp; - uwsgi_temp_path /tmp; - - # - # Sockets - # - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - - # - # Timeouts - # - - client_body_timeout 60; - client_header_timeout 60; - keepalive_timeout 75; - send_timeout 60; - - ignore_invalid_headers off; - - types_hash_max_size 2048; - - server_names_hash_bucket_size 64; - server_name_in_redirect off; - - large_client_header_buffers 4 8k; - - - # - # Security - # - - server_tokens off; - - # - # Logging - # - # Note sanitized_request: - # We allow passing access_token as query parameter for e.g. websockets - # However we do not want to log access tokens. - # - - log_format custom_zeta '$remote_addr - $remote_user [$time_local] "$sanitized_request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" - $connection $request_time $upstream_response_time $upstream_cache_status $zauth_user $zauth_connection $request_id $proxy_protocol_addr'; - access_log /dev/stdout custom_zeta; - - # - # Monitoring - # - vhost_traffic_status_zone; - - # - # Gzip - # - - gzip on; - gzip_disable msie6; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_min_length 1024; - gzip_types 'text/plain text/css application/json text/xml'; - - # - # Proxied Upstream Services - # - - include upstreams-docker; - - # - # Mapping for websocket connections - # - - map $http_upgrade $connection_upgrade { - websocket upgrade; - default ''; - } - - - # Docker DNS, required to resolve the references to stern here. - resolver 127.0.0.11; - - # - # Locations - # - - server { - listen 8080; - listen 8081; - - zauth_keystore /configs/resources/zauth/pubkeys.txt; - zauth_acl /configs/conf/nginz/zauth_acl.txt; - - location /status { - zauth off; - return 200; - } - - location /i/status { - zauth off; - return 200; - } - - location /vts { - zauth off; - vhost_traffic_status_display; - vhost_traffic_status_display_format html; - } - - # - # Service Routing - # - - # Brig Endpoints - # - ## brig unauthenticated endpoints - - rewrite ^/api-docs/users /users/api-docs?base_url=http://127.0.0.1:8080/ break; - - location /users/api-docs { - include common_response_no_zauth.conf; - proxy_pass http://brig; - } - - location /register { - include common_response_no_zauth.conf; - proxy_pass http://brig; - } - - location /access { - include common_response_no_zauth.conf; - proxy_pass http://brig; - } - - location /activate { - include common_response_no_zauth.conf; - proxy_pass http://brig; - } - - location /login { - include common_response_no_zauth.conf; - proxy_pass http://brig; - } - - location ~* ^/teams/invitations/([^/]*)$ { - include common_response_no_zauth.conf; - proxy_pass http://brig; - } - - ## brig authenticated endpoints - - location /self { - include common_response_with_zauth.conf; - proxy_pass http://brig; - } - - location /users { - include common_response_with_zauth.conf; - proxy_pass http://brig; - } - - location /search { - include common_response_with_zauth.conf; - proxy_pass http://brig; - } - - location /connections { - include common_response_with_zauth.conf; - proxy_pass http://brig; - } - - location /clients { - include common_response_with_zauth.conf; - proxy_pass http://brig; - } - - location /properties { - include common_response_with_zauth.conf; - proxy_pass http://brig; - } - - location /calls/config { - include common_response_with_zauth.conf; - proxy_pass http://brig; - } - - location ~* ^/teams/([^/]*)/size$ { - include common_response_with_zauth.conf; - proxy_pass http://brig; - } - - # Cargohold Endpoints - - rewrite ^/api-docs/assets /assets/api-docs?base_url=http://127.0.0.1:8080/ break; - - location /assets/api-docs { - include common_response_no_zauth.conf; - proxy_pass http://cargohold; - } - - - location /assets { - include common_response_with_zauth.conf; - proxy_pass http://cargohold; - } - - location /bot/assets { - include common_response_with_zauth.conf; - proxy_pass http://cargohold; - } - - location /provider/assets { - include common_response_with_zauth.conf; - proxy_pass http://cargohold; - } - - # Galley Endpoints - - rewrite ^/api-docs/conversations /conversations/api-docs?base_url=http://127.0.0.1:8080/ break; - - location /conversations/api-docs { - include common_response_no_zauth.conf; - proxy_pass http://galley; - } - - - location /conversations { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/conversations/([^/]*)/otr/messages { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location /broadcast/otr/messages { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location /bot/conversation { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location /bot/messages { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/teams$ { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/teams/([^/]*)$ { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/teams/([^/]*)/members(.*) { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/teams/([^/]*)/conversations(.*) { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/teams/([^/]*)/features { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/teams/([^/]*)/features/([^/]*) { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/feature-configs(.*) { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - location ~* ^/teams/([^/]*)/members/csv$ { - include common_response_with_zauth.conf; - proxy_pass http://galley; - } - - # Gundeck Endpoints - - rewrite ^/api-docs/push /push/api-docs?base_url=http://127.0.0.1:8080/ break; - - location /push/api-docs { - include common_response_no_zauth.conf; - proxy_pass http://gundeck; - } - - location /push { - include common_response_with_zauth.conf; - proxy_pass http://gundeck; - } - - location /presences { - include common_response_with_zauth.conf; - proxy_pass http://gundeck; - } - - location /notifications { - include common_response_with_zauth.conf; - proxy_pass http://gundeck; - } - - # Proxy Endpoints - - rewrite ^/api-docs/proxy /proxy/api-docs?base_url=http://127.0.0.1:8080/ break; - - location /proxy/api-docs { - include common_response_no_zauth.conf; - proxy_pass http://proxy; - } - - location /proxy { - include common_response_with_zauth.conf; - proxy_pass http://proxy; - } - - # Cannon Endpoints - - rewrite ^/api-docs/await /await/api-docs?base_url=http://127.0.0.1:8080/ break; - - location /await/api-docs { - include common_response_no_zauth.conf; - proxy_pass http://cannon; - } - - location /await { - include common_response_with_zauth.conf; - proxy_pass http://cannon; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_read_timeout 1h; - } - - # Spar Endpoints - - location /sso { - include common_response_no_zauth.conf; - proxy_pass http://spar; - } - - location /sso-initiate-bind { - include common_response_with_zauth.conf; - proxy_pass http://spar; - } - - location /identity-providers { - include common_response_with_zauth.conf; - proxy_pass http://spar; - } - - # Stern Endpoints - - # We add a `/stern` suffix to the URL to resolve clashes with non-Stern endpoints. - rewrite ^/backoffice/api-docs/stern /stern/api-docs?base_url=http://127.0.0.1:8080/stern/ break; - - location /stern/api-docs { - include common_response_no_zauth.conf; - # Using a variable instead of plain upstream makes nginx still start up if stern is not there. - # https://sandro-keil.de/blog/let-nginx-start-if-upstream-host-is-unavailable-or-down - set $stern stern:8091; - proxy_pass http://$stern; - } - - location /stern { - include common_response_no_zauth.conf; - # Using a variable instead of plain upstream makes nginx still start up if stern is not there. - # https://sandro-keil.de/blog/let-nginx-start-if-upstream-host-is-unavailable-or-down - set $stern stern:8091; - # The trailing slash matters, as it makes sure the `/stern` prefix is removed. - proxy_pass http://$stern/; - } - - # - # Swagger Resource Listing - # - location /api-docs { - zauth off; - default_type application/json; - root conf/nginz/zwagger-ui; - index resources.json; - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Methods' "GET, POST, PUT, DELETE, OPTIONS"; - add_header 'Access-Control-Allow-Headers' "$http_access_control_request_headers, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; - add_header 'Content-Type' 'text/plain; charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - more_set_headers 'Access-Control-Allow-Origin: $http_origin'; - } - - # - # Back Office Swagger Resource Listing - # - location /backoffice/api-docs { - zauth off; - default_type application/json; - root conf/nginz/zwagger-ui; - index resources.json; - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Methods' "GET, POST, PUT, DELETE, OPTIONS"; - add_header 'Access-Control-Allow-Headers' "$http_access_control_request_headers, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; - add_header 'Content-Type' 'text/plain; charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - more_set_headers 'Access-Control-Allow-Origin: $http_origin'; - } - - # Swagger UI - - location /swagger-ui { - zauth off; - gzip off; - alias conf/nginz/zwagger-ui; - types { - application/javascript js; - text/css css; - text/html html; - image/png png; - } - } - } -} diff --git a/deploy/services-demo/conf/nginz/upstreams-docker b/deploy/services-demo/conf/nginz/upstreams-docker deleted file mode 100644 index 2351a238e3..0000000000 --- a/deploy/services-demo/conf/nginz/upstreams-docker +++ /dev/null @@ -1,35 +0,0 @@ -upstream cargohold { - least_conn; - keepalive 32; - server cargohold:8084 max_fails=3 weight=1; -} -upstream gundeck { - least_conn; - keepalive 32; - server gundeck:8086 max_fails=3 weight=1; -} -upstream cannon { - least_conn; - keepalive 32; - server cannon:8083 max_fails=3 weight=1; -} -upstream galley { - least_conn; - keepalive 32; - server galley:8085 max_fails=3 weight=1; -} -upstream proxy { - least_conn; - keepalive 32; - server proxy:8087 max_fails=3 weight=1; -} -upstream brig { - least_conn; - keepalive 32; - server brig:8082 max_fails=3 weight=1; -} -upstream spar { - least_conn; - keepalive 32; - server spar:8088 max_fails=3 weight=1; -} diff --git a/deploy/services-demo/conf/proxy.demo-docker.yaml b/deploy/services-demo/conf/proxy.demo-docker.yaml deleted file mode 100644 index f729d3972a..0000000000 --- a/deploy/services-demo/conf/proxy.demo-docker.yaml +++ /dev/null @@ -1,9 +0,0 @@ -host: proxy -port: 8087 - -httpPoolSize: 1000 -maxConns: 5000 -secretsConfig: resources/proxy.config - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/proxy.demo.yaml b/deploy/services-demo/conf/proxy.demo.yaml deleted file mode 100644 index 7ed80906ac..0000000000 --- a/deploy/services-demo/conf/proxy.demo.yaml +++ /dev/null @@ -1,9 +0,0 @@ -host: 127.0.0.1 -port: 8087 - -httpPoolSize: 1000 -maxConns: 5000 -secretsConfig: resources/proxy.config - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/conf/spar.demo-docker.yaml b/deploy/services-demo/conf/spar.demo-docker.yaml deleted file mode 100644 index eaad89053a..0000000000 --- a/deploy/services-demo/conf/spar.demo-docker.yaml +++ /dev/null @@ -1,37 +0,0 @@ -saml: - version: SAML2.0 - logLevel: Debug - - spHost: spar - spPort: 8088 - spAppUri: http://localhost:8080/ # <--- change this to point to a reachable web app - spSsoUri: http://localhost:8080/sso # <--- change this to the URL by which spar can be reached from an external IdP - - contacts: - - type: ContactBilling - company: Example Company - givenName: Example - surname: Company - email: email:company@example.com - -brig: - host: brig - port: 8082 - -galley: - host: galley - port: 8085 - -cassandra: - endpoint: - host: cassandra - port: 9042 - keyspace: spar_test - -maxttlAuthreq: 28800 # 8h -maxttlAuthresp: 28800 # 8h - -maxScimTokens: 16 # Token limit {#RefScimToken} -richInfoLimit: 5000 # should be in sync with Brig - -logNetStrings: False # log using netstrings encoding (see http://cr.yp.to/proto/netstrings.txt) diff --git a/deploy/services-demo/conf/spar.demo.yaml b/deploy/services-demo/conf/spar.demo.yaml deleted file mode 100644 index d3a405dd61..0000000000 --- a/deploy/services-demo/conf/spar.demo.yaml +++ /dev/null @@ -1,37 +0,0 @@ -saml: - version: SAML2.0 - logLevel: Debug - - spHost: 127.0.0.1 - spPort: 8088 - spAppUri: http://localhost:8080/ # <--- change this to point to a reachable web app - spSsoUri: http://localhost:8080/sso # <--- change this to the URL by which spar can be reached from an external IdP - - contacts: - - type: ContactBilling - company: Example Company - givenName: Example - surname: Company - email: email:company@example.com - -brig: - host: 127.0.0.1 - port: 8082 - -galley: - host: 127.0.0.1 - port: 8085 - -cassandra: - endpoint: - host: 127.0.0.1 - port: 9042 - keyspace: spar_test - -maxttlAuthreq: 28800 # 8h -maxttlAuthresp: 28800 # 8h - -maxScimTokens: 16 # Token limit {#RefScimToken} -richInfoLimit: 5000 # should be in sync with Brig - -logNetStrings: False # log using netstrings encoding (see http://cr.yp.to/proto/netstrings.txt) diff --git a/deploy/services-demo/conf/stern.demo-docker.yaml b/deploy/services-demo/conf/stern.demo-docker.yaml deleted file mode 100644 index 9ddddf4c66..0000000000 --- a/deploy/services-demo/conf/stern.demo-docker.yaml +++ /dev/null @@ -1,28 +0,0 @@ -stern: - host: stern - port: 8091 - -brig: - host: brig - port: 8082 - -galley: - host: galley - port: 8085 - -gundeck: - host: gundeck - port: 8086 - -# Both ibis and galeb should be made optional for -# installations where these services are not available -galeb: - host: galeb - port: 8089 - -ibis: - host: ibis - port: 8090 - -logLevel: Info -logNetStrings: false diff --git a/deploy/services-demo/demo.sh b/deploy/services-demo/demo.sh deleted file mode 100755 index 3ea8b3b525..0000000000 --- a/deploy/services-demo/demo.sh +++ /dev/null @@ -1,180 +0,0 @@ -#!/usr/bin/env bash - -# You can use this script to simply start all services ./demo.sh - -set -eo pipefail - -USAGE="$0 [docker] [--run-backoffice]" -docker_deployment="false" -if [ "$1" = "docker" ] || [ "$2" = "docker" ] ; then - docker_deployment="true" -fi -run_backoffice="false" -if [ "$1" = "--run-backoffice" ] || [ "$2" = "--run-backoffice" ] ; then - run_backoffice="true" -fi -TOP_LEVEL="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )" -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -DOCKER_FILE="$SCRIPT_DIR/docker-compose.yaml" -DOCKER_FILE_BACKOFFICE="$SCRIPT_DIR/docker-compose-backoffice.yaml" -DIR="${TOP_LEVEL}/services" -PARENT_PID=$$ -rm -f /tmp/demo.* # remove previous temp files, if any - -function kill_all() { - # kill the process tree of the PARENT_PID - kill -9 -${PARENT_PID} &> /dev/null -} - -function list_descendants () { - local children=$(pgrep -P "$1") - for pid in $children - do - list_descendants "$pid" - done - echo "$children" -} - -function kill_gracefully() { - pkill "gundeck|brig|galley|cargohold|cannon|spar|stern" - sleep 1 - kill $(list_descendants $PARENT_PID) &> /dev/null -} - -function run_zauth() { - if [ "$docker_deployment" = "false" ]; then - ${DIR}/../dist/zauth "$@" - else - docker run --entrypoint "/usr/bin/zauth" ${docker_zauth_image:-quay.io/wire/zauth} $@ - fi -} - -trap "kill_gracefully; kill_all" INT TERM ERR - -function check_secrets() { - if [ "$docker_deployment" = "false" ]; then - test -f ${DIR}/../dist/zauth || { echo "zauth is not compiled. How about you run 'cd ${TOP_LEVEL} && make services' first?"; exit 1; } - fi - - if [[ ! -f ${SCRIPT_DIR}/resources/turn/secret.txt ]]; then - echo "Generate a secret for the TURN servers (must match the turn.secret key in brig's config)..." - openssl rand -base64 64 | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 42 > ${SCRIPT_DIR}/resources/turn/secret.txt - else - echo "re-using existing TURN secret" - fi - if [[ ! -f ${SCRIPT_DIR}/resources/zauth/privkeys.txt || ! -f ${SCRIPT_DIR}/resources/zauth/pubkeys.txt ]]; then - echo "Generate private and public keys (used both by brig and nginz)..." - mkdir -p ${SCRIPT_DIR}/resources/zauth/ - TMP_KEYS=$(mktemp "/tmp/demo.keys.XXXXXXXXXXX") - run_zauth -m gen-keypair -i 1 > $TMP_KEYS - cat $TMP_KEYS | sed -n 's/public: \(.*\)/\1/p' > ${SCRIPT_DIR}/resources/zauth/pubkeys.txt - cat $TMP_KEYS | sed -n 's/secret: \(.*\)/\1/p' > ${SCRIPT_DIR}/resources/zauth/privkeys.txt - else - echo "re-using existing public/private keys" - fi -} - -function check_prerequisites() { - nc -z 127.0.0.1 9042 \ - && nc -z 127.0.0.1 9200 \ - && nc -z 127.0.0.1 6379 \ - || { echo "Databases not up. Maybe run 'deploy/dockerephemeral/run.sh' in a separate terminal first?"; exit 1; } - if [ "$docker_deployment" = "false" ]; then - test -f ${DIR}/../dist/brig \ - && test -f ${DIR}/../dist/galley \ - && test -f ${DIR}/../dist/cannon \ - && test -f ${DIR}/../dist/gundeck \ - && test -f ${DIR}/../dist/cargohold \ - && test -f ${DIR}/../dist/proxy \ - && test -f ${DIR}/../dist/spar \ - && test -f ${DIR}/../dist/stern \ - && ( test -f ${DIR}/../dist/nginx || which nix-build ) \ - || { echo "Not all services are compiled. How about you run 'cd ${TOP_LEVEL} && make services' first?"; exit 1; } - fi -} - -blue=6 -white=7 -green=10 -orange=3 -yellow=11 -purpleish=13 -redish=1 -blueish=4 - -function run_haskell_service() { - service=$1 - colour=$2 - (cd ${SCRIPT_DIR} && ${DIR}/../dist/${service} -c ${SCRIPT_DIR}/conf/${service}.demo.yaml || kill_all) \ - | sed -e "s/^/$(tput setaf ${colour})[${service}] /" -e "s/$/$(tput sgr0)/" & -} - -function run_nginz() { - colour=$1 - prefix=$([ -w /usr/local ] && echo /usr/local || echo "${HOME}/.wire-dev") - - # For nix we dont need LD_LIBRARY_PATH; we link against libzauth directly. - # nix-build will put a symlink to ./result with the nginx artifact - if which nix-build; then - nginz=$(nix-build "${DIR}/../nix" -A pkgs.nginz --no-out-link ) - (cd ${SCRIPT_DIR} && ${nginz}/bin/nginx -p ${SCRIPT_DIR} -c ${SCRIPT_DIR}/conf/nginz/nginx.conf -g 'daemon off;' || kill_all) \ - | sed -e "s/^/$(tput setaf ${colour})[nginz] /" -e "s/$/$(tput sgr0)/" & - else - prefix=$([ -w /usr/local ] && echo /usr/local || echo "${HOME}/.wire-dev") - (cd ${SCRIPT_DIR} && LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${prefix}/lib/ ${DIR}/../dist/nginx -p ${SCRIPT_DIR} -c ${SCRIPT_DIR}/conf/nginz/nginx.conf -g 'daemon off;' || kill_all) \ - | sed -e "s/^/$(tput setaf ${colour})[nginz] /" -e "s/$/$(tput sgr0)/" & - fi -} - -function copy_brig_templates() { - # Need to copy over the templates from Brig since symlinking does not - # work with Docker - mkdir -p "${SCRIPT_DIR}/resources/templates" - cp -r "${SCRIPT_DIR}/../../services/brig/deb/opt/brig/templates/"* "${SCRIPT_DIR}/resources/templates/" -} - -function copy_nginz_configs() { - # Need to copy over the configs from Nginz since symlinking does not - # work with Docker - # ensure swagger UI files are downloaded befory copying - make -C "${TOP_LEVEL}/services/nginz" zwagger-ui/swagger-ui - mkdir -p "${SCRIPT_DIR}/conf/nginz/zwagger-ui" - cp -r "${SCRIPT_DIR}/../../services/nginz/zwagger-ui/"* "${SCRIPT_DIR}/conf/nginz/zwagger-ui/" -} - -# brig,gundeck,galley use the amazonka library's 'Discover', which expects AWS credentials -# even if those are not used/can be dummy values with the fake sqs/ses/etc containers used (see deploy/dockerephemeral/docker-compose.yaml) -export AWS_REGION=${AWS_REGION:-eu-west-1} -export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-dummy} -export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-dummy} - -check_secrets -check_prerequisites -copy_brig_templates -copy_nginz_configs - -if [ "$docker_deployment" = "false" ]; then - run_haskell_service brig ${green} - run_haskell_service galley ${yellow} - run_haskell_service gundeck ${blue} - run_haskell_service cannon ${orange} - run_haskell_service cargohold ${purpleish} - run_haskell_service proxy ${redish} - run_haskell_service spar ${orange} - if [ "$run_backoffice" = "true" ]; then - run_haskell_service stern ${orange} - fi - run_nginz ${blueish} -else - if [ "$run_backoffice" = "true" ]; then - docker-compose --file "$DOCKER_FILE" --file "$DOCKER_FILE_BACKOFFICE" up - else - docker-compose --file "$DOCKER_FILE" up - fi -fi - -sleep 3 # wait a moment for services to start before continuing - -echo "All services up & running, Wire away!"; - -wait diff --git a/deploy/services-demo/docker-compose-backoffice.yaml b/deploy/services-demo/docker-compose-backoffice.yaml deleted file mode 100644 index 9cf4816468..0000000000 --- a/deploy/services-demo/docker-compose-backoffice.yaml +++ /dev/null @@ -1,19 +0,0 @@ -networks: - dockerephemeral_demo_wire: - external: true - -version: '2' -services: - stern: - image: quay.io/wire/stern - ports: - - 127.0.0.1:8091:8091 - volumes: - - ./:/configs - entrypoint: - - /usr/bin/stern - - -c - - /configs/conf/stern.demo-docker.yaml - working_dir: /configs - networks: - - dockerephemeral_demo_wire diff --git a/deploy/services-demo/docker-compose.yaml b/deploy/services-demo/docker-compose.yaml deleted file mode 100644 index 35364e5cc6..0000000000 --- a/deploy/services-demo/docker-compose.yaml +++ /dev/null @@ -1,160 +0,0 @@ -networks: - dockerephemeral_demo_wire: - external: true - -version: '2' -services: - brig: - image: quay.io/wire/brig - depends_on: - - cargohold - - galley - - gundeck - ports: - - 127.0.0.1:8082:8082 - volumes: - - ./:/configs - entrypoint: - - /usr/bin/brig - - -c - - /configs/conf/brig.demo-docker.yaml - working_dir: /configs - environment: - - AWS_REGION=eu-west-1 - - AWS_ACCESS_KEY_ID=dummy - - AWS_SECRET_ACCESS_KEY=dummy - external_links: - - demo_wire_cassandra:cassandra - - demo_wire_elasticsearch:elasticsearch - - demo_wire_dynamodb:dynamodb - - demo_wire_sqs:sqs - - demo_wire_smtp:smtp - networks: - - dockerephemeral_demo_wire - - galley: - image: quay.io/wire/galley - ports: - - 127.0.0.1:8085:8085 - volumes: - - ./:/configs - entrypoint: - - /usr/bin/galley - - -c - - /configs/conf/galley.demo-docker.yaml - working_dir: /configs - environment: - - AWS_REGION=eu-west-1 - - AWS_ACCESS_KEY_ID=dummy - - AWS_SECRET_ACCESS_KEY=dummy - external_links: - - demo_wire_cassandra:cassandra - networks: - - dockerephemeral_demo_wire - - gundeck: - image: quay.io/wire/gundeck - ports: - - 127.0.0.1:8086:8086 - volumes: - - ./:/configs - entrypoint: - - /usr/bin/gundeck - - -c - - /configs/conf/gundeck.demo-docker.yaml - working_dir: /configs - environment: - - AWS_REGION=eu-west-1 - - AWS_ACCESS_KEY_ID=dummy - - AWS_SECRET_ACCESS_KEY=dummy - external_links: - - demo_wire_redis:redis - - demo_wire_sqs:sqs - - demo_wire_localstack:sns - networks: - - dockerephemeral_demo_wire - - cannon: - image: quay.io/wire/cannon - ports: - - 127.0.0.1:8083:8083 - volumes: - - ./:/configs - entrypoint: - - /usr/bin/cannon - - -c - - /configs/conf/cannon.demo-docker.yaml - working_dir: /configs - networks: - - dockerephemeral_demo_wire - - cargohold: - image: quay.io/wire/cargohold - ports: - - 127.0.0.1:8084:8084 - volumes: - - ./:/configs - entrypoint: - - /usr/bin/cargohold - - -c - - /configs/conf/cargohold.demo-docker.yaml - working_dir: /configs - external_links: - - demo_wire_s3:s3 - networks: - - dockerephemeral_demo_wire - - proxy: - image: quay.io/wire/proxy - ports: - - 127.0.0.1:8087:8087 - volumes: - - ./:/configs - entrypoint: - - /usr/bin/proxy - - -c - - /configs/conf/proxy.demo-docker.yaml - working_dir: /configs - networks: - - dockerephemeral_demo_wire - - spar: - image: quay.io/wire/spar - ports: - - 127.0.0.1:8088:8088 - volumes: - - ./:/configs - entrypoint: - - /usr/bin/spar - - -c - - /configs/conf/spar.demo-docker.yaml - working_dir: /configs - external_links: - - demo_wire_cassandra:cassandra - networks: - - dockerephemeral_demo_wire - - nginz: - image: quay.io/wire/nginz - depends_on: - - cargohold - - gundeck - - cannon - - galley - - proxy - - brig - - spar - ports: - - 127.0.0.1:8080:8080 - - 127.0.0.1:8081:8081 - volumes: - - ./:/configs - entrypoint: - - /usr/sbin/nginx - - -p - - /configs - - -c - - /configs/conf/nginz/nginx-docker.conf - working_dir: /configs - networks: - - dockerephemeral_demo_wire diff --git a/deploy/services-demo/resources/nexmo-credentials.yaml b/deploy/services-demo/resources/nexmo-credentials.yaml deleted file mode 100644 index 1f83517f2e..0000000000 --- a/deploy/services-demo/resources/nexmo-credentials.yaml +++ /dev/null @@ -1,2 +0,0 @@ -key: "dummy" -secret: "dummy" diff --git a/deploy/services-demo/resources/proxy.config b/deploy/services-demo/resources/proxy.config deleted file mode 100644 index d2225ca26c..0000000000 --- a/deploy/services-demo/resources/proxy.config +++ /dev/null @@ -1,8 +0,0 @@ -secrets { - youtube = "my-youtube-secret" - googlemaps = "my-googlemaps-secret" - soundcloud = "my-soundcloud-secret" - giphy = "my-giphy-secret" - # Base64 encoded client ID and secret: `Bearer id:secret`: - spotify = "my-spotify-secret" -} diff --git a/deploy/services-demo/resources/smtp-secret.txt b/deploy/services-demo/resources/smtp-secret.txt deleted file mode 100644 index 8cd82991f4..0000000000 --- a/deploy/services-demo/resources/smtp-secret.txt +++ /dev/null @@ -1 +0,0 @@ -dummy-smtp-password diff --git a/deploy/services-demo/resources/turn/servers-v2.txt b/deploy/services-demo/resources/turn/servers-v2.txt deleted file mode 100644 index d290bbda09..0000000000 --- a/deploy/services-demo/resources/turn/servers-v2.txt +++ /dev/null @@ -1 +0,0 @@ -turn:localhost?transport=udp diff --git a/deploy/services-demo/resources/turn/servers.txt b/deploy/services-demo/resources/turn/servers.txt deleted file mode 100644 index 388f87f53a..0000000000 --- a/deploy/services-demo/resources/turn/servers.txt +++ /dev/null @@ -1 +0,0 @@ -turn:127.0.0.1?transport=udp diff --git a/deploy/services-demo/resources/twilio-credentials.yaml b/deploy/services-demo/resources/twilio-credentials.yaml deleted file mode 100644 index d64e0ec4f2..0000000000 --- a/deploy/services-demo/resources/twilio-credentials.yaml +++ /dev/null @@ -1,2 +0,0 @@ -sid: "dummy" -token: "dummy" diff --git a/docs/src/developer/developer/how-to.md b/docs/src/developer/developer/how-to.md index f7b55521af..3c98cfa869 100644 --- a/docs/src/developer/developer/how-to.md +++ b/docs/src/developer/developer/how-to.md @@ -8,14 +8,14 @@ Terminal 1: * Set up backing services: `./deploy/dockerephemeral/run.sh` Terminal 2: -* Compile all services: `make services` +* Compile all services: `make c` * Note that you have to [import the public signing keys for nginx](https://github.com/wireapp/wire-server/blob/develop/services/nginz/README.md#common-problems-while-compiling) to be able to build nginz * Run services including nginz: `./services/start-services-only.sh`. If you don't want to run nginz set `INTEGRATION_USE_NGINZ=0`. Open your browser at: - http://localhost:8080/api/swagger-ui for the swagger 2.0 endpoints (in development as of Feb 2021 - more endpoints will be added here as time goes on) -- http://localhost:8080/swagger-ui/ for the old swagger 1.2 API (old swagger, endpoints will disappear from here (and become available in the previous link) as time progresses) +- http://localhost:8080/swagger-ui/ for the old swagger 1.2 API (old swagger, endpoints will disappear from here (and become available in the previous link) as time progresses). Run `make -C services/nginz integration-test/conf/nginz/zwagger-ui` once to get JS libraries needed (they are not included in the repo). Swagger json (for swagger 2.0 endpoints) is available under http://localhost:8080/api/swagger.json diff --git a/docs/src/developer/developer/pr-guidelines.md b/docs/src/developer/developer/pr-guidelines.md index a93f125397..60acfaab6e 100644 --- a/docs/src/developer/developer/pr-guidelines.md +++ b/docs/src/developer/developer/pr-guidelines.md @@ -39,7 +39,7 @@ NB: The nginz paths are interpreted as *prefixes*. If you add a new end-point t The following needs to be done, as part of a PR adding endpoints or changing endpoint paths. - [ ] Update nginz config in helm: `charts/nginz/values.yaml` - - [ ] Update nginz config in the demo: `deploy/services-demo/conf/nginz/nginx.conf` + - [ ] Update nginz config for the local integration tests: `services/nginz/integration-test/conf/nginz/nginx.conf` ### Helm configuration @@ -79,7 +79,6 @@ If a PR adds new configuration options for say brig, the following files need to * [ ] The parser under `services/brig/src/Brig/Options.hs` * [ ] The integration test config: `services/brig/brig.integration.yaml` -* [ ] The demo config: `deploy/services-demo/conf/brig.demo.yaml` and `deploy/services-demo/conf/brig.demo.yaml` * [ ] The charts: `charts/brig/templates/configmap.yaml` * [ ] The default values: `charts/brig/values.yaml` * [ ] The values files for CI: `hack/helm_vars/wire-server/values.yaml` diff --git a/docs/src/developer/reference/spar-braindump.md b/docs/src/developer/reference/spar-braindump.md index 94d9b55797..f32532108b 100644 --- a/docs/src/developer/reference/spar-braindump.md +++ b/docs/src/developer/reference/spar-braindump.md @@ -65,7 +65,7 @@ export METADATA_FILE=... copy these two files to one of your spar instances: -- `.../wire-server/deploy/services-demo/register_idp_internal.sh` +- `.../wire-server/hack/bin/register_idp_internal.sh` - `${METADATA_FILE}` ... and ssh into it. then: diff --git a/docs/src/how-to/administrate/users.rst b/docs/src/how-to/administrate/users.rst index 8aa3493860..e7d1e856dc 100644 --- a/docs/src/how-to/administrate/users.rst +++ b/docs/src/how-to/administrate/users.rst @@ -232,7 +232,7 @@ Then delete it: Mass-invite users to a team ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -If you need to invite members to a specific given team, you can use the ``create_team_members.sh`` Bash script, located `here `__. +If you need to invite members to a specific given team, you can use the ``create_team_members.sh`` Bash script, located `here `__. This script does not create users or causes them to join a team by itself, instead, it sends invites to potential users via email, and when users accept the invitation, they create their account, set their password, and are added to the team as team members. @@ -240,7 +240,7 @@ Input is a `CSV file `__, You also need to specify the inviting admin user, the team, the URI for the Brig (`API `__) service (Host), and finally the input (CSV) file containing the users to invite. -The exact format for the parameters passed to the script is `as follows `__: +The exact format for the parameters passed to the script is `as follows `__: * ``-a ``: `User ID `__ in `UUID format `__ of the inviting admin. For example ``9122e5de-b4fb-40fa-99ad-1b5d7d07bae5``. * ``-t ``: ID of the inviting team, same format. @@ -257,7 +257,7 @@ Note: the 'http://localhost:9999' implies you are running the 'kubectl port-forw . Once the script is run, invitations will be sent to each user in the file every second until all invitations have been sent. -If you have a lot of invitations to send and this is too slow, you can speed things up by commenting `this line `__. +If you have a lot of invitations to send and this is too slow, you can speed things up by commenting `this line `__. How to obtain logs from an Android client to investigate issues @@ -503,7 +503,7 @@ Create a team using the SCIM API If you need to create a team manually, maybe because team creation was blocked in the "teams" interface, follow this procedure: -First download or locate this bash script: `wire-server/deploy/services-demo/create_test_team_scim.sh ` +First download or locate this bash script: `wire-server/hack/bin/create_test_team_scim.sh ` Then, run it the following way: @@ -572,7 +572,7 @@ Out of the JSON output of this command, you should be able to extract: * A SCIM token (`token` value in the JSON). * A SCIM token ID (`id` value in the `info` value in the JSON) -Equiped with those tokens, we move on to the next script, `wire-server/deploy/services-demo/create_team.sh ` +Equiped with those tokens, we move on to the next script, `wire-server/hack/bin/create_team.sh ` This script can be run the following way: diff --git a/docs/src/how-to/install/configuration-options.rst b/docs/src/how-to/install/configuration-options.rst index fa26548e97..76bbe423b9 100644 --- a/docs/src/how-to/install/configuration-options.rst +++ b/docs/src/how-to/install/configuration-options.rst @@ -247,7 +247,7 @@ Brig has a server option for this: If `setRestrictUserCreation` is `true`, creating new personal users or new teams on your instance from outside your backend installation is impossible. (If you want to be more technical: requests to `/register` that create a new personal account or a new team are answered with `403 forbidden`.) -On instances with restricted user creation, the site operator with access to the internal REST API can still circumvent the restriction: just log into a brig service pod via ssh and follow the steps in https://github.com/wireapp/wire-server/blob/b9a84f9b654a69c9a296761b36c042dc993236d3/deploy/services-demo/create_test_team_admins.sh. +On instances with restricted user creation, the site operator with access to the internal REST API can still circumvent the restriction: just log into a brig service pod via ssh and follow the steps in `hack/bin/create_test_team_admins.sh.` .. note:: Once the creation of new users and teams has been disabled, it will still be possible to use the `team creation process `__ (enter the new team name, email, password, etc), but it will fail/refuse creation late in the creation process (after the «Create team» button is clicked). diff --git a/deploy/services-demo/create_team.sh b/hack/bin/create_team.sh similarity index 100% rename from deploy/services-demo/create_team.sh rename to hack/bin/create_team.sh diff --git a/deploy/services-demo/create_team_members.sh b/hack/bin/create_team_members.sh similarity index 100% rename from deploy/services-demo/create_team_members.sh rename to hack/bin/create_team_members.sh diff --git a/deploy/services-demo/create_team_request_code.sh b/hack/bin/create_team_request_code.sh similarity index 100% rename from deploy/services-demo/create_team_request_code.sh rename to hack/bin/create_team_request_code.sh diff --git a/deploy/services-demo/create_test_team_admins.sh b/hack/bin/create_test_team_admins.sh similarity index 100% rename from deploy/services-demo/create_test_team_admins.sh rename to hack/bin/create_test_team_admins.sh diff --git a/deploy/services-demo/create_test_team_members.sh b/hack/bin/create_test_team_members.sh similarity index 100% rename from deploy/services-demo/create_test_team_members.sh rename to hack/bin/create_test_team_members.sh diff --git a/deploy/services-demo/create_test_team_scim.sh b/hack/bin/create_test_team_scim.sh similarity index 100% rename from deploy/services-demo/create_test_team_scim.sh rename to hack/bin/create_test_team_scim.sh diff --git a/deploy/services-demo/create_test_user.sh b/hack/bin/create_test_user.sh similarity index 100% rename from deploy/services-demo/create_test_user.sh rename to hack/bin/create_test_user.sh diff --git a/deploy/services-demo/register_idp.sh b/hack/bin/register_idp.sh similarity index 100% rename from deploy/services-demo/register_idp.sh rename to hack/bin/register_idp.sh diff --git a/deploy/services-demo/register_idp_internal.sh b/hack/bin/register_idp_internal.sh similarity index 100% rename from deploy/services-demo/register_idp_internal.sh rename to hack/bin/register_idp_internal.sh diff --git a/hack/bin/shellcheck.sh b/hack/bin/shellcheck.sh index c701ff53e1..ff551e5dc3 100755 --- a/hack/bin/shellcheck.sh +++ b/hack/bin/shellcheck.sh @@ -33,13 +33,12 @@ mapfile -t SHELL_FILES_TO_LINT < <( grep -v "services/spar/test-scim-suite/run.sh" | grep -v "services/brig/federation-tests.sh" | grep -v "services/integration.sh" | - grep -v "deploy/services-demo/create_test_team_members.sh" | - grep -v "deploy/services-demo/demo.sh" | - grep -v "deploy/services-demo/create_test_team_scim.sh" | - grep -v "deploy/services-demo/create_test_user.sh" | - grep -v "deploy/services-demo/create_team_members.sh" | - grep -v "deploy/services-demo/register_idp_internal.sh" | - grep -v "deploy/services-demo/create_test_team_admins.sh" | + grep -v "hack/bin/create_test_team_members.sh" | + grep -v "hack/bin/create_test_team_scim.sh" | + grep -v "hack/bin/create_test_user.sh" | + grep -v "hack/bin/create_team_members.sh" | + grep -v "hack/bin/register_idp_internal.sh" | + grep -v "hack/bin/create_test_team_admins.sh" | grep -v "deploy/dockerephemeral/init.sh" | grep -v "tools/nginz_disco/nginz_disco.sh" | grep -v "tools/rebase-onto-formatter.sh" | diff --git a/services/brig/test/resources/jwt/ed25519_bundle.pem b/services/brig/test/resources/jwt/ed25519_bundle.pem deleted file mode 120000 index 86e72031d1..0000000000 --- a/services/brig/test/resources/jwt/ed25519_bundle.pem +++ /dev/null @@ -1 +0,0 @@ -../../../../../deploy/services-demo/conf/jwt/ed25519_bundle.pem \ No newline at end of file diff --git a/services/brig/test/resources/jwt/ed25519_bundle.pem b/services/brig/test/resources/jwt/ed25519_bundle.pem new file mode 100644 index 0000000000..afbd4dfb0e --- /dev/null +++ b/services/brig/test/resources/jwt/ed25519_bundle.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIFANnxZLNE4p+GDzWzR3wm/v8x/0bxZYkCyke1aTRucX +-----END PRIVATE KEY----- +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEACPvhIdimF20tOPjbb+fXJrwS2RKDp7686T90AZ0+Th8= +-----END PUBLIC KEY----- diff --git a/services/federator/test/resources/integration-ca.pem b/services/federator/test/resources/integration-ca.pem index 36da21ffee..6fd38882cf 120000 --- a/services/federator/test/resources/integration-ca.pem +++ b/services/federator/test/resources/integration-ca.pem @@ -1 +1 @@ -../../../../deploy/services-demo/conf/nginz/integration-ca.pem \ No newline at end of file +../../../../services/nginz/integration-test/conf/nginz/integration-ca.pem \ No newline at end of file diff --git a/services/federator/test/resources/integration-leaf-key.pem b/services/federator/test/resources/integration-leaf-key.pem index f5d4e842e4..2c6aab67c9 120000 --- a/services/federator/test/resources/integration-leaf-key.pem +++ b/services/federator/test/resources/integration-leaf-key.pem @@ -1 +1 @@ -../../../../deploy/services-demo/conf/nginz/integration-leaf-key.pem \ No newline at end of file +../../../../services/nginz/integration-test/conf/nginz/integration-leaf-key.pem \ No newline at end of file diff --git a/services/federator/test/resources/integration-leaf.pem b/services/federator/test/resources/integration-leaf.pem index 8e5558292c..1f98501cbf 120000 --- a/services/federator/test/resources/integration-leaf.pem +++ b/services/federator/test/resources/integration-leaf.pem @@ -1 +1 @@ -../../../../deploy/services-demo/conf/nginz/integration-leaf.pem \ No newline at end of file +../../../../services/nginz/integration-test/conf/nginz/integration-leaf.pem \ No newline at end of file diff --git a/services/galley/test/resources/ed25519.pem b/services/galley/test/resources/ed25519.pem deleted file mode 120000 index 2b827f502d..0000000000 --- a/services/galley/test/resources/ed25519.pem +++ /dev/null @@ -1 +0,0 @@ -../../../../deploy/services-demo/conf/ed25519.pem \ No newline at end of file diff --git a/services/galley/test/resources/ed25519.pem b/services/galley/test/resources/ed25519.pem new file mode 100644 index 0000000000..4e87cf573c --- /dev/null +++ b/services/galley/test/resources/ed25519.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIAocCDXsKIAjb65gOUn5vEF0RIKnVJkKR4ebQzuZ709c +-----END PRIVATE KEY----- diff --git a/services/integration.sh b/services/integration.sh index e4b25974d1..648a60aaba 100755 --- a/services/integration.sh +++ b/services/integration.sh @@ -26,7 +26,7 @@ function list_descendants () { } function kill_gracefully() { - pkill "gundeck|brig|galley|cargohold|cannon|spar|nginz" + pkill "gundeck|brig|galley|cargohold|cannon|spar|nginz|stern" sleep 1 kill $(list_descendants "$PARENT_PID") &> /dev/null } @@ -44,6 +44,7 @@ function check_prerequisites() { && [ ! -f "${TOP_LEVEL}/dist/cannon" ] \ && [ ! -f "${TOP_LEVEL}/dist/gundeck" ] \ && [ ! -f "${TOP_LEVEL}/dist/cargohold" ] \ + && [ ! -f "${TOP_LEVEL}/dist/stern" ] \ && [ ! -f "${TOP_LEVEL}/dist/spar" ]; then echo "Not all services are compiled. How about you run 'cd ${TOP_LEVEL} && make' first?"; exit 1; fi @@ -116,6 +117,7 @@ else run cargohold "" ${purpleish} run spar "" ${orange} run federator "" ${blue} + run stern "" ${yellow} fi function run_nginz() { diff --git a/services/nginz/Makefile b/services/nginz/Makefile index 57eb1cb9c2..1803bdb8a6 100644 --- a/services/nginz/Makefile +++ b/services/nginz/Makefile @@ -89,9 +89,11 @@ $(DIST): NGINX_BUNDLE=nginx-$(NGINX_VERSION).tar.gz SWAGGER_BUNDLE=swagger-$(SWAGGER_VERSION).tar.gz +.PHONY: integration-test/conf/nginz/zwagger-ui integration-test/conf/nginz/zwagger-ui: zwagger-ui/swagger-ui cp -r "zwagger-ui/." integration-test/conf/nginz/zwagger-ui/ +.PHONY: zwagger-ui/swagger-ui zwagger-ui/swagger-ui: $(SWAGGER_BUNDLE) tar zxf $(SWAGGER_BUNDLE) rm -rf zwagger-ui/swagger-ui diff --git a/services/nginz/README.md b/services/nginz/README.md index b9a615b889..fb1832268a 100644 --- a/services/nginz/README.md +++ b/services/nginz/README.md @@ -72,4 +72,5 @@ If you are using macOS and you used `brew` to install openssl, the `Makefile` al ## How to run it -Have a look at our demo config in [services demo](../../deploy/services-demo/conf/nginz) +Have a look at our demo config in [./integration-test/conf/nginz/](./integration-test/conf/nginz/) + diff --git a/services/nginz/integration-test/conf/nginz b/services/nginz/integration-test/conf/nginz deleted file mode 120000 index c4846f61ea..0000000000 --- a/services/nginz/integration-test/conf/nginz +++ /dev/null @@ -1 +0,0 @@ -../../../../deploy/services-demo/conf/nginz \ No newline at end of file diff --git a/deploy/services-demo/conf/nginz/common_response.conf b/services/nginz/integration-test/conf/nginz/common_response.conf similarity index 100% rename from deploy/services-demo/conf/nginz/common_response.conf rename to services/nginz/integration-test/conf/nginz/common_response.conf diff --git a/deploy/services-demo/conf/nginz/common_response_no_zauth.conf b/services/nginz/integration-test/conf/nginz/common_response_no_zauth.conf similarity index 100% rename from deploy/services-demo/conf/nginz/common_response_no_zauth.conf rename to services/nginz/integration-test/conf/nginz/common_response_no_zauth.conf diff --git a/deploy/services-demo/conf/nginz/common_response_with_zauth.conf b/services/nginz/integration-test/conf/nginz/common_response_with_zauth.conf similarity index 100% rename from deploy/services-demo/conf/nginz/common_response_with_zauth.conf rename to services/nginz/integration-test/conf/nginz/common_response_with_zauth.conf diff --git a/deploy/services-demo/conf/nginz/integration-ca-key.pem b/services/nginz/integration-test/conf/nginz/integration-ca-key.pem similarity index 100% rename from deploy/services-demo/conf/nginz/integration-ca-key.pem rename to services/nginz/integration-test/conf/nginz/integration-ca-key.pem diff --git a/deploy/services-demo/conf/nginz/integration-ca.pem b/services/nginz/integration-test/conf/nginz/integration-ca.pem similarity index 100% rename from deploy/services-demo/conf/nginz/integration-ca.pem rename to services/nginz/integration-test/conf/nginz/integration-ca.pem diff --git a/deploy/services-demo/conf/nginz/integration-leaf-key.pem b/services/nginz/integration-test/conf/nginz/integration-leaf-key.pem similarity index 100% rename from deploy/services-demo/conf/nginz/integration-leaf-key.pem rename to services/nginz/integration-test/conf/nginz/integration-leaf-key.pem diff --git a/deploy/services-demo/conf/nginz/integration-leaf.pem b/services/nginz/integration-test/conf/nginz/integration-leaf.pem similarity index 100% rename from deploy/services-demo/conf/nginz/integration-leaf.pem rename to services/nginz/integration-test/conf/nginz/integration-leaf.pem diff --git a/deploy/services-demo/conf/nginz/nginx.conf b/services/nginz/integration-test/conf/nginz/nginx.conf similarity index 100% rename from deploy/services-demo/conf/nginz/nginx.conf rename to services/nginz/integration-test/conf/nginz/nginx.conf diff --git a/deploy/services-demo/conf/nginz/upstreams b/services/nginz/integration-test/conf/nginz/upstreams similarity index 100% rename from deploy/services-demo/conf/nginz/upstreams rename to services/nginz/integration-test/conf/nginz/upstreams diff --git a/deploy/services-demo/conf/nginz/zauth_acl.txt b/services/nginz/integration-test/conf/nginz/zauth_acl.txt similarity index 100% rename from deploy/services-demo/conf/nginz/zauth_acl.txt rename to services/nginz/integration-test/conf/nginz/zauth_acl.txt diff --git a/services/nginz/integration-test/conf/nginz/zwagger-ui/api-docs/resources.json b/services/nginz/integration-test/conf/nginz/zwagger-ui/api-docs/resources.json new file mode 100644 index 0000000000..805dee81d8 --- /dev/null +++ b/services/nginz/integration-test/conf/nginz/zwagger-ui/api-docs/resources.json @@ -0,0 +1,26 @@ +{ + "apiVersion": "1.0", + "swaggerVersion": "1.2", + "apis": [ + { + "path": "/users", + "description": "Users, Connections and Onboarding" + }, + { + "path": "/push", + "description": "Push Notifications" + }, + { + "path": "/conversations", + "description": "Conversations and Messaging" + }, + { + "path": "/assets", + "description": "Assets" + }, + { + "path": "/await", + "description": "Push Notifications" + } + ] +} diff --git a/services/nginz/integration-test/conf/nginz/zwagger-ui/backoffice/api-docs/resources.json b/services/nginz/integration-test/conf/nginz/zwagger-ui/backoffice/api-docs/resources.json new file mode 100644 index 0000000000..db64e09127 --- /dev/null +++ b/services/nginz/integration-test/conf/nginz/zwagger-ui/backoffice/api-docs/resources.json @@ -0,0 +1,13 @@ +{ + "Version": "1.0", + "swaggerVersion": "1.2", + "apis": [ + { + "path": "/stern", + "description": "Back Office" + } + ], + "info": { + "description": "The Back Office can only be used if Stern is running. It usually shouldn't be running, and if it is, make sure it can only be reached by admins, as it allows unauthorized access to endpoints. For more details see `tools/stern/README.md` in the `wire-server` repository." + } +} diff --git a/services/nginz/integration-test/conf/nginz/zwagger-ui/index.html b/services/nginz/integration-test/conf/nginz/zwagger-ui/index.html new file mode 100644 index 0000000000..921da15b8c --- /dev/null +++ b/services/nginz/integration-test/conf/nginz/zwagger-ui/index.html @@ -0,0 +1,86 @@ + + +
+ + + +
+ + + +
+ + + +
+ + + + + + + + + + + + + + diff --git a/services/nginz/integration-test/conf/nginz/zwagger-ui/tab.html b/services/nginz/integration-test/conf/nginz/zwagger-ui/tab.html new file mode 100644 index 0000000000..9d514b1452 --- /dev/null +++ b/services/nginz/integration-test/conf/nginz/zwagger-ui/tab.html @@ -0,0 +1,218 @@ + + + + + + Swagger UI + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + +

+ +
+
+
+
+
+
+ +
+ +
+ +
+ +
+ + + +
 
+
+ + + diff --git a/services/restund/README.md b/services/restund/README.md index 47748b4003..1cab623bb4 100644 --- a/services/restund/README.md +++ b/services/restund/README.md @@ -135,7 +135,8 @@ module auth.so zrest_secret {{ restund_zrest_secret }} ``` -Next, list out TURN IP and port in `deploy/services-demo/resources/turn/servers.txt`, and `deploy/services-demo/resources/turn/servers-v2.txt`, as given below: + +Next, list out TURN IP and port in `services/brig/test/resources/turn/servers.txt`, and `services/brig/test/resources/turn/servers-v2.txt`, as given below: `turn::3478` Then run the command restund command and you'll get the live stun log in your terminal. diff --git a/services/spar/test-scim-suite/run.sh b/services/spar/test-scim-suite/run.sh index 6cca62596c..71edb155b2 100755 --- a/services/spar/test-scim-suite/run.sh +++ b/services/spar/test-scim-suite/run.sh @@ -10,7 +10,7 @@ SCIM_TEST_SUITE_BRIG_PORT=8082 function create_team_and_scim_token { TOP_LEVEL="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../../.." && pwd )" - IFS=',' read -r -a creds <<< $($TOP_LEVEL/deploy/services-demo/create_test_team_admins.sh -c) + IFS=',' read -r -a creds <<< $($TOP_LEVEL/hack/bin/create_test_team_admins.sh -c) BRIG_HOST="http://$SCIM_TEST_SUITE_BRIG_HOST:$SCIM_TEST_SUITE_BRIG_PORT" WIRE_ADMIN_UUID=${creds[0]} diff --git a/services/start-services-only.sh b/services/start-services-only.sh index 344d00e5a2..9d7ea41c09 100755 --- a/services/start-services-only.sh +++ b/services/start-services-only.sh @@ -3,8 +3,6 @@ # Run all haskell services without immediately starting a test executable. # Can be useful for manually poking at the API. -# This is NOT intended for a demo with the external API, as nginz is missing here - see the demo.sh script in wire-server/deploy/services-demo for that instead. - set -eo pipefail SERVICES_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" diff --git a/deploy/services-demo/conf/stern.demo.yaml b/services/stern/stern.integration.yaml similarity index 100% rename from deploy/services-demo/conf/stern.demo.yaml rename to services/stern/stern.integration.yaml diff --git a/tools/api-simulations/loadtest/README.md b/tools/api-simulations/loadtest/README.md index f6f7e6e7c0..b44daee8ca 100644 --- a/tools/api-simulations/loadtest/README.md +++ b/tools/api-simulations/loadtest/README.md @@ -72,7 +72,7 @@ You can create test users against a given `brig` by running the following command from the root of `wire-server`: ```bash -./deploy/services-demo/create_test_user.sh +./hack/bin/create_test_user.sh ``` By default the script creates users on a `brig` running at `localhost:8082`; @@ -81,5 +81,5 @@ but you may edit the script to point elsewhere if required. E.g. to create 100 users on a brig running at `localhost:8082` and generate a valid users file: ```shell -./deploy/services-demo/create_test_user.sh -c -n 100 -h http://localhost:8082 > users.csv +./hack/bin/create_test_user.sh -c -n 100 -h http://localhost:8082 > users.csv ``` diff --git a/tools/stern/README.md b/tools/stern/README.md index 9608649f12..62f885e773 100644 --- a/tools/stern/README.md +++ b/tools/stern/README.md @@ -21,10 +21,9 @@ stern used to be run together with a separate docker image that carried the swag TODO: This section is under construction -## How to run stern locally with the `services-demo` +## How to run stern locally -Follow the instruction in [`deploy/services-demo/README.md`](../../deploy/services-demo/README.md), -using the `--run-backoffice` option, e.g. `deploy/sevices-demo/demo.sh --run-backoffice`. +Start local services via `services/start-services-only.sh` Open `http://localhost:8091/backoffice/api/swagger-ui/` in a browser. (Legacy mode: when you now open `localhost:8080/swagger-ui` in a