diff --git a/changelog.d/5-internal/v0-integration-setup b/changelog.d/5-internal/v0-integration-setup new file mode 100644 index 00000000000..a25f4d3a6c0 --- /dev/null +++ b/changelog.d/5-internal/v0-integration-setup @@ -0,0 +1,3 @@ +Setup federation-v0 environment for use in integration tests: + - add federation-v0 domain to test environment + - provision integration certificates with cert-manager diff --git a/charts/federator/templates/tests/federator-integration.yaml b/charts/federator/templates/tests/federator-integration.yaml index f30d7873798..e0d9673cd3e 100644 --- a/charts/federator/templates/tests/federator-integration.yaml +++ b/charts/federator/templates/tests/federator-integration.yaml @@ -16,7 +16,7 @@ spec: # integration tests need access to the client certificate private key - name: "federator-secrets" secret: - secretName: "federator-secret" + secretName: {{ if .Values.tls.useCertManager }} "federator-certificate-secret" {{ else }} "federator-secret" {{ end }} # integration tests need access to the CA - name: "federator-ca" configMap: diff --git a/charts/integration/templates/configmap.yaml b/charts/integration/templates/configmap.yaml index e18128cbf58..f211ab25105 100644 --- a/charts/integration/templates/configmap.yaml +++ b/charts/integration/templates/configmap.yaml @@ -125,3 +125,42 @@ data: {{- if eq (include "useCassandraTLS" .Values.config) "true" }} tlsCa: /etc/wire/galley/cassandra/{{- (include "tlsSecretRef" .Values.config | fromYaml).key }} {{- end }} + + federation-v0: + originDomain: federation-test-helper.wire-federation-v0.svc.cluster.local + brig: + host: brig.wire-federation-v0.svc.cluster.local + port: 8080 + cannon: + host: cannon.wire-federation-v0.svc.cluster.local + port: 8080 + cargohold: + host: cargohold.wire-federation-v0.svc.cluster.local + port: 8080 + federatorInternal: + host: federator.wire-federation-v0.svc.cluster.local + port: 8080 + federatorExternal: + host: federator.wire-federation-v0.svc.cluster.local + port: 8081 + galley: + host: galley.wire-federation-v0.svc.cluster.local + port: 8080 + gundeck: + host: gundeck.wire-federation-v0.svc.cluster.local + port: 8080 + nginz: + host: nginz-integration-http.wire-federation-v0.svc.cluster.local + port: 8080 + spar: + host: spar.wire-federation-v0.svc.cluster.local + port: 8080 + proxy: + host: proxy.wire-federation-v0.svc.cluster.local + port: 8080 + backgroundWorker: + host: backgroundWorker.wire-federation-v0.svc.cluster.local + port: 8080 + stern: + host: stern.wire-federation-v0.svc.cluster.local + port: 8080 diff --git a/charts/integration/templates/ingress.yaml b/charts/integration/templates/ingress.yaml index 8ae7a87b23a..7d2748022f0 100644 --- a/charts/integration/templates/ingress.yaml +++ b/charts/integration/templates/ingress.yaml @@ -17,7 +17,7 @@ metadata: nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "{{ $.Values.tls.verify_depth }}" - nginx.ingress.kubernetes.io/auth-tls-secret: "{{ $.Release.Namespace }}/federator-ca-secret" + nginx.ingress.kubernetes.io/auth-tls-secret: "{{ or $.Values.tls.caNamespace $.Release.Namespace }}/federator-ca-secret" nginx.ingress.kubernetes.io/configuration-snippet: | proxy_set_header "X-SSL-Certificate" $ssl_client_escaped_cert; spec: diff --git a/charts/integration/values.yaml b/charts/integration/values.yaml index 25de2d456e7..f1310f8fa4e 100644 --- a/charts/integration/values.yaml +++ b/charts/integration/values.yaml @@ -39,6 +39,9 @@ config: tls: verify_depth: 1 + # Namespace from which to obtain the secret containing the CA trusted by + # federator. + # caNamespace: wire-federation-v0 ingress: class: nginx diff --git a/charts/nginx-ingress-services/templates/certificate_federator.yaml b/charts/nginx-ingress-services/templates/certificate_federator.yaml index 3437ab5aad5..0ac26b6b2f1 100644 --- a/charts/nginx-ingress-services/templates/certificate_federator.yaml +++ b/charts/nginx-ingress-services/templates/certificate_federator.yaml @@ -31,5 +31,5 @@ spec: encoding: PKCS1 rotationPolicy: Always dnsNames: - - {{ .Values.config.dns.federator }} + - "{{ or .Values.config.dns.certificateDomain .Values.config.dns.federator }}" {{- end -}} diff --git a/charts/nginx-ingress-services/templates/ingress_federator.yaml b/charts/nginx-ingress-services/templates/ingress_federator.yaml index e9fa137ebca..fa76aae8d95 100644 --- a/charts/nginx-ingress-services/templates/ingress_federator.yaml +++ b/charts/nginx-ingress-services/templates/ingress_federator.yaml @@ -19,7 +19,7 @@ metadata: nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "{{ .Values.tls.verify_depth }}" - nginx.ingress.kubernetes.io/auth-tls-secret: "{{ .Release.Namespace }}/federator-ca-secret" + nginx.ingress.kubernetes.io/auth-tls-secret: "{{ or $.Values.tls.caNamespace $.Release.Namespace }}/federator-ca-secret" nginx.ingress.kubernetes.io/configuration-snippet: | proxy_set_header "X-SSL-Certificate" $ssl_client_escaped_cert; spec: diff --git a/charts/nginx-ingress-services/values.yaml b/charts/nginx-ingress-services/values.yaml index bbdb5928bc8..73d7ee2ee6f 100644 --- a/charts/nginx-ingress-services/values.yaml +++ b/charts/nginx-ingress-services/values.yaml @@ -45,6 +45,9 @@ tls: # leak a hint about a common origin. name: letsencrypt-http01 kind: Issuer # Issuer | ClusterIssuer + # Namespace from which to obtain the secret containing the CA trusted by + # federator. + # caNamespace: wire-federation-v0 # Name of the ingress. # @@ -118,6 +121,8 @@ config: # ^ fakeS3 is ignored if fakeS3.enabled == false # federator: federator. # ^ federator is ignored unless federator.enabled == true +# certificateDomain: federator. +# ^ domain to use in the CSR when using cert-manager # teamSettings: teams. # ^ teamSettings is ignored unless teamSettings.enabled == true # accountPages: account. diff --git a/deploy/dockerephemeral/coredns-config/db.example.com b/deploy/dockerephemeral/coredns-config/db.example.com index 1c33e941fb1..a458686bca7 100644 --- a/deploy/dockerephemeral/coredns-config/db.example.com +++ b/deploy/dockerephemeral/coredns-config/db.example.com @@ -17,4 +17,4 @@ _wire-server-federator._tcp.b IN SRV 0 0 9443 localhost. _wire-server-federator._tcp.d1 IN SRV 0 0 10443 localhost. _wire-server-federator._tcp.d2 IN SRV 0 0 11443 localhost. _wire-server-federator._tcp.d3 IN SRV 0 0 12443 localhost. -_wire-server-federator._tcp.v0 IN SRV 0 0 21443 localhost. +_wire-server-federator._tcp.federation-v0 IN SRV 0 0 21443 localhost. diff --git a/hack/bin/integration-setup-federation.sh b/hack/bin/integration-setup-federation.sh index d7e19e66aeb..95261e8cccc 100755 --- a/hack/bin/integration-setup-federation.sh +++ b/hack/bin/integration-setup-federation.sh @@ -25,9 +25,6 @@ charts=(fake-aws databases-ephemeral redis-cluster rabbitmq wire-server ingress- mkdir -p ~/.parallel && touch ~/.parallel/will-cite printf '%s\n' "${charts[@]}" | parallel -P "${HELM_PARALLELISM}" "$DIR/update.sh" "$CHARTS_DIR/{}" -# FUTUREWORK: use helm functions instead, see https://wearezeta.atlassian.net/browse/SQPIT-723 -echo "Generating self-signed certificates..." - KUBERNETES_VERSION_MAJOR="$(kubectl version -o json | jq -r .serverVersion.major)" KUBERNETES_VERSION_MINOR="$(kubectl version -o json | jq -r .serverVersion.minor)" KUBERNETES_VERSION_MINOR="${KUBERNETES_VERSION_MINOR//[!0-9]/}" # some clusters report minor versions as a string like '27+'. Strip any non-digit characters. @@ -39,14 +36,16 @@ else fi echo "kubeVersion: $KUBERNETES_VERSION and ingress controller=$INGRESS_CHART" export NAMESPACE_1="$NAMESPACE" -export FEDERATION_DOMAIN_BASE="$NAMESPACE_1.svc.cluster.local" -export FEDERATION_DOMAIN_1="federation-test-helper.$FEDERATION_DOMAIN_BASE" -"$DIR/selfsigned-kubernetes.sh" namespace1 +export FEDERATION_DOMAIN_BASE_1="$NAMESPACE_1.svc.cluster.local" +export FEDERATION_DOMAIN_1="federation-test-helper.$FEDERATION_DOMAIN_BASE_1" export NAMESPACE_2="$NAMESPACE-fed2" -export FEDERATION_DOMAIN_BASE="$NAMESPACE_2.svc.cluster.local" -export FEDERATION_DOMAIN_2="federation-test-helper.$FEDERATION_DOMAIN_BASE" -"$DIR/selfsigned-kubernetes.sh" namespace2 +export FEDERATION_DOMAIN_BASE_2="$NAMESPACE_2.svc.cluster.local" +export FEDERATION_DOMAIN_2="federation-test-helper.$FEDERATION_DOMAIN_BASE_2" + +echo "Fetch federation-ca secret from cert-manager namespace" +FEDERATION_CA_CERTIFICATE=$(kubectl -n cert-manager get secrets federation-ca -o json -o jsonpath="{.data['tls\.crt']}") +export FEDERATION_CA_CERTIFICATE echo "Installing charts..." diff --git a/hack/bin/selfsigned-kubernetes.sh b/hack/bin/selfsigned-kubernetes.sh deleted file mode 100755 index d0023cce0f3..00000000000 --- a/hack/bin/selfsigned-kubernetes.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/bin/env bash - -# Create a self-signed x509 certificate in the hack/helm_vars directories (as helm yaml config). -# Requires 'cfssl' to be on your PATH (see https://github.com/cloudflare/cfssl) -# These certificates are only meant for integration tests. -# (The CA certificates are assumed to be re-used across the domains A and B for end2end integration tests.) - -set -e -SUFFIX=${1:?"need suffix argument"} -TEMP=${TEMP:-/tmp} -CSR="$TEMP/csr.json" -OUTPUTNAME_CA="integration-ca" -OUTPUTNAME_LEAF_CERT="integration-leaf" -OUTPUTNAME_CLIENT_CERT="integration-client" -DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -TOP_LEVEL="$DIR/../.." -OUTPUT_CONFIG_FEDERATOR="$TOP_LEVEL/hack/helm_vars/wire-server/certificates-$SUFFIX.yaml" -OUTPUT_CONFIG_INGRESS="$TOP_LEVEL/hack/helm_vars/nginx-ingress-services/certificates-$SUFFIX.yaml" - -command -v cfssl >/dev/null 2>&1 || { - echo >&2 "cfssl is not installed, aborting. See https://github.com/cloudflare/cfssl" - exit 1 -} -command -v cfssljson >/dev/null 2>&1 || { - echo >&2 "cfssljson is not installed, aborting. See https://github.com/cloudflare/cfssl" - exit 1 -} - -FEDERATION_DOMAIN_BASE=${FEDERATION_DOMAIN_BASE:?"you must provide a FEDERATION_DOMAIN_BASE env variable"} - -# generate CA key and cert -if [ ! -f "$OUTPUTNAME_CA.pem" ]; then - echo "CA file not found, generating CA..." - echo '{ - "CN": "ca.example.com", - "key": { - "algo": "rsa", - "size": 2048 - } - }' >"$CSR" - cfssl gencert -initca "$CSR" | cfssljson -bare "$OUTPUTNAME_CA" - rm "$OUTPUTNAME_CA.csr" -else - echo "Re-using previous CA" -fi - -# For federation end2end tests, only the -# 'federation-test-helper.$FEDERATION_DOMAIN_BASE' is necessary for -# ingress->federator traffic. For other potential traffic in the integration -# tests of the future, we use a wildcard certificate here. -echo '{ - "key": { - "algo": "rsa", - "size": 2048 - } -}' >"$CSR" -# generate cert and key based on CA given comma-separated hostnames as SANs -cfssl gencert -ca "$OUTPUTNAME_CA.pem" -ca-key "$OUTPUTNAME_CA-key.pem" -hostname="*.$FEDERATION_DOMAIN_BASE" "$CSR" | cfssljson -bare "$OUTPUTNAME_LEAF_CERT" - -# generate client certificate and key -cfssl gencert -ca "$OUTPUTNAME_CA.pem" -ca-key "$OUTPUTNAME_CA-key.pem" -hostname="*.$FEDERATION_DOMAIN_BASE" "$CSR" | cfssljson -bare "$OUTPUTNAME_CLIENT_CERT" - -# the following yaml override file is needed as an override to -# nginx-ingress-services helm chart -# for domain A, ingress@A needs cert+key for A -{ - echo "secrets:" - echo " tlsWildcardCert: |" - sed -e 's/^/ /' $OUTPUTNAME_LEAF_CERT.pem - echo " tlsWildcardKey: |" - sed -e 's/^/ /' $OUTPUTNAME_LEAF_CERT-key.pem - echo " tlsClientCA: |" - sed -e 's/^/ /' $OUTPUTNAME_CA.pem -} >"$OUTPUT_CONFIG_INGRESS" - -# the following yaml override file is needed as an override to -# the wire-server (federator) helm chart -# e.g. for installing on domain A, federator@A needs the CA for B -# As a "shortcut" for integration tests, we re-use the same CA for both domains -# A and B. -{ - echo "federator:" - echo " remoteCAContents: |" - sed -e 's/^/ /' $OUTPUTNAME_CA.pem - echo " clientCertificateContents: |" - sed -e 's/^/ /' $OUTPUTNAME_CLIENT_CERT.pem - echo " clientPrivateKeyContents: |" - sed -e 's/^/ /' $OUTPUTNAME_CLIENT_CERT-key.pem -} >"$OUTPUT_CONFIG_FEDERATOR" - -# cleanup unneeded files -rm "$OUTPUTNAME_LEAF_CERT.csr" -rm "$OUTPUTNAME_LEAF_CERT.pem" -rm "$OUTPUTNAME_LEAF_CERT-key.pem" -rm "$OUTPUTNAME_CLIENT_CERT.csr" -rm "$OUTPUTNAME_CLIENT_CERT.pem" -rm "$OUTPUTNAME_CLIENT_CERT-key.pem" -rm "$CSR" diff --git a/hack/helm_vars/.gitignore b/hack/helm_vars/.gitignore index 38a7ff397ae..9849d951a02 100644 --- a/hack/helm_vars/.gitignore +++ b/hack/helm_vars/.gitignore @@ -1,3 +1 @@ certificates.yaml -certificates-namespace1.yaml -certificates-namespace2.yaml diff --git a/hack/helm_vars/common.yaml.gotmpl b/hack/helm_vars/common.yaml.gotmpl index 56f209fcce8..1e4b9b4d06d 100644 --- a/hack/helm_vars/common.yaml.gotmpl +++ b/hack/helm_vars/common.yaml.gotmpl @@ -1,7 +1,10 @@ namespace1: {{ requiredEnv "NAMESPACE_1" }} federationDomain1: {{ requiredEnv "FEDERATION_DOMAIN_1" }} +federationDomainBase1: {{ requiredEnv "FEDERATION_DOMAIN_BASE_1" }} namespace2: {{ requiredEnv "NAMESPACE_2" }} federationDomain2: {{ requiredEnv "FEDERATION_DOMAIN_2" }} +federationDomainBase2: {{ requiredEnv "FEDERATION_DOMAIN_BASE_2" }} +federationCACertificate: {{ requiredEnv "FEDERATION_CA_CERTIFICATE" }} ingressChart: {{ requiredEnv "INGRESS_CHART" }} rabbitmqUsername: guest rabbitmqPassword: guest diff --git a/hack/helm_vars/nginx-ingress-services/values.yaml.gotmpl b/hack/helm_vars/nginx-ingress-services/values.yaml.gotmpl index d1297da5fcc..10ca09507ef 100644 --- a/hack/helm_vars/nginx-ingress-services/values.yaml.gotmpl +++ b/hack/helm_vars/nginx-ingress-services/values.yaml.gotmpl @@ -6,7 +6,12 @@ federator: enabled: true integrationTestHelper: true tls: - useCertManager: false + useCertManager: true + issuer: + name: federation + kind: ClusterIssuer + createIssuer: false + caNamespace: wire-federation-v0 config: ingressClass: "nginx-{{ .Release.Namespace }}" @@ -18,6 +23,7 @@ config: teamSettings: "teams.{{ .Release.Namespace }}-integration.example.com" accountPages: "account.{{ .Release.Namespace }}-integration.example.com" # federator: dynamically set by hack/helmfile.yaml + # certificateDomain: dynamically set by hack/helmfile.yaml -# secrets/tlsWildcardCert, secrets/tlsWildcardKey and secrets/tlsClientCA -# are dynamically generated by hack/bin/selfsigned-kubernetes.sh +secrets: + tlsClientCA: {{ .Values.federationCACertificate }} diff --git a/hack/helm_vars/wire-server/values.yaml.gotmpl b/hack/helm_vars/wire-server/values.yaml.gotmpl index 509da39f8e9..0d1ffba6b87 100644 --- a/hack/helm_vars/wire-server/values.yaml.gotmpl +++ b/hack/helm_vars/wire-server/values.yaml.gotmpl @@ -393,6 +393,11 @@ federator: resources: requests: {} imagePullPolicy: {{ .Values.imagePullPolicy }} + remoteCAContents: {{ .Values.federationCACertificate | b64dec | quote }} + tls: + useCertManager: true + useSharedFederatorSecret: true + config: optSettings: useSystemCAStore: false @@ -441,6 +446,9 @@ integration: uploadXmlAwsAccessKeyId: {{ .Values.uploadXml.awsAccessKeyId }} uploadXmlAwsSecretAccessKey: {{ .Values.uploadXml.awsSecretAccessKey }} {{- end }} + tls: + caNamespace: wire-federation-v0 + backoffice: tests: {{- if .Values.uploadXml }} diff --git a/hack/helmfile.yaml b/hack/helmfile.yaml index e82a1373a3a..78634f17b25 100644 --- a/hack/helmfile.yaml +++ b/hack/helmfile.yaml @@ -118,13 +118,14 @@ releases: chart: '../.local/charts/nginx-ingress-services' values: - './helm_vars/nginx-ingress-services/values.yaml.gotmpl' - - './helm_vars/nginx-ingress-services/certificates-namespace1.yaml' set: # Federation domain is also the SRV record created by the # federation-test-helper service. Maybe we can find a way to make these # differ, so we don't make any silly assumptions in the code. - name: config.dns.federator value: '{{ .Values.federationDomain1 }}' + - name: config.dns.certificateDomain + value: '*.{{ .Values.federationDomainBase1 }}' needs: - 'ingress' @@ -133,13 +134,14 @@ releases: chart: '../.local/charts/nginx-ingress-services' values: - './helm_vars/nginx-ingress-services/values.yaml.gotmpl' - - './helm_vars/nginx-ingress-services/certificates-namespace2.yaml' set: # Federation domain is also the SRV record created by the # federation-test-helper service. Maybe we can find a way to make these # differ, so we don't make any silly assumptions in the code. - name: config.dns.federator value: '{{ .Values.federationDomain2 }}' + - name: config.dns.certificateDomain + value: '*.{{ .Values.federationDomainBase2 }}' needs: - 'ingress' @@ -153,7 +155,6 @@ releases: chart: '../.local/charts/wire-server' values: - './helm_vars/wire-server/values.yaml.gotmpl' - - './helm_vars/wire-server/certificates-namespace1.yaml' set: - name: brig.config.optSettings.setFederationDomain value: {{ .Values.federationDomain1 }} @@ -169,7 +170,6 @@ releases: chart: '../.local/charts/wire-server' values: - './helm_vars/wire-server/values.yaml.gotmpl' - - './helm_vars/wire-server/certificates-namespace2.yaml' set: - name: brig.config.optSettings.setFederationDomain value: {{ .Values.federationDomain2 }} diff --git a/integration/test/Test/Demo.hs b/integration/test/Test/Demo.hs index 509a879bcdb..824af5a7d2c 100644 --- a/integration/test/Test/Demo.hs +++ b/integration/test/Test/Demo.hs @@ -194,3 +194,16 @@ testUnrace = do True `shouldMatch` False -} retryT $ True `shouldMatch` True + +testFedV0Instance :: HasCallStack => App () +testFedV0Instance = do + res <- BrigP.getAPIVersion FedV0Domain >>= getJSON 200 + res %. "domain" `shouldMatch` FedV0Domain + +testFedV0Federation :: HasCallStack => App () +testFedV0Federation = do + alice <- randomUser OwnDomain def + bob <- randomUser FedV0Domain def + + bob' <- BrigP.getUser alice bob >>= getJSON 200 + bob' %. "qualified_id" `shouldMatch` (bob %. "qualified_id") diff --git a/integration/test/Testlib/App.hs b/integration/test/Testlib/App.hs index e0978f4e382..0e85badb2f7 100644 --- a/integration/test/Testlib/App.hs +++ b/integration/test/Testlib/App.hs @@ -57,6 +57,11 @@ instance MakesValue Domain where make OwnDomain = asks (String . T.pack . (.domain1)) make OtherDomain = asks (String . T.pack . (.domain2)) +data FedDomain = FedV0Domain + +instance MakesValue FedDomain where + make FedV0Domain = asks (String . T.pack . (.federationV0Domain)) + -- | Run an action, `recoverAll`ing with exponential backoff (min step 8ms, total timeout -- ~15s). Search this package for examples how to use it. -- diff --git a/integration/test/Testlib/Env.hs b/integration/test/Testlib/Env.hs index 39f274b1f94..f143fea4828 100644 --- a/integration/test/Testlib/Env.hs +++ b/integration/test/Testlib/Env.hs @@ -86,7 +86,8 @@ mkGlobalEnv cfgFile = do let sm = Map.fromList $ [ (intConfig.backendOne.originDomain, intConfig.backendOne.beServiceMap), - (intConfig.backendTwo.originDomain, intConfig.backendTwo.beServiceMap) + (intConfig.backendTwo.originDomain, intConfig.backendTwo.beServiceMap), + (intConfig.federationV0.originDomain, intConfig.federationV0.beServiceMap) ] <> [(berDomain resource, resourceServiceMap resource) | resource <- resources] tempDir <- Codensity $ withSystemTempDirectory "test" @@ -98,6 +99,7 @@ mkGlobalEnv cfgFile = do { gServiceMap = sm, gDomain1 = intConfig.backendOne.originDomain, gDomain2 = intConfig.backendTwo.originDomain, + gFederationV0Domain = intConfig.federationV0.originDomain, gDynamicDomains = (.domain) <$> Map.elems intConfig.dynamicBackends, gDefaultAPIVersion = 6, gManager = manager, @@ -135,6 +137,7 @@ mkEnv ge = do { serviceMap = gServiceMap ge, domain1 = gDomain1 ge, domain2 = gDomain2 ge, + federationV0Domain = gFederationV0Domain ge, dynamicDomains = gDynamicDomains ge, defaultAPIVersion = gDefaultAPIVersion ge, manager = gManager ge, diff --git a/integration/test/Testlib/Types.hs b/integration/test/Testlib/Types.hs index 025ef39ba76..ed18a345dd3 100644 --- a/integration/test/Testlib/Types.hs +++ b/integration/test/Testlib/Types.hs @@ -102,6 +102,7 @@ data GlobalEnv = GlobalEnv { gServiceMap :: Map String ServiceMap, gDomain1 :: String, gDomain2 :: String, + gFederationV0Domain :: String, gDynamicDomains :: [String], gDefaultAPIVersion :: Int, gManager :: HTTP.Manager, @@ -116,6 +117,7 @@ data GlobalEnv = GlobalEnv data IntegrationConfig = IntegrationConfig { backendOne :: BackendConfig, backendTwo :: BackendConfig, + federationV0 :: BackendConfig, dynamicBackends :: Map String DynamicBackendConfig, rabbitmq :: RabbitMQConfig, cassandra :: CassandraConfig @@ -128,6 +130,7 @@ instance FromJSON IntegrationConfig where IntegrationConfig <$> parseJSON (Object o) <*> o .: fromString "backendTwo" + <*> o .: fromString "federation-v0" <*> o .: fromString "dynamicBackends" <*> o .: fromString "rabbitmq" <*> o .: fromString "cassandra" @@ -192,6 +195,7 @@ data Env = Env { serviceMap :: Map String ServiceMap, domain1 :: String, domain2 :: String, + federationV0Domain :: String, dynamicDomains :: [String], defaultAPIVersion :: Int, manager :: HTTP.Manager, diff --git a/services/integration.yaml b/services/integration.yaml index 65543e45f10..00d54a5efa3 100644 --- a/services/integration.yaml +++ b/services/integration.yaml @@ -142,3 +142,42 @@ rabbitmq: cassandra: host: 127.0.0.1 port: 9042 + +federation-v0: + originDomain: federation-v0.example.com + brig: + host: 127.0.0.1 + port: 21082 + cannon: + host: 127.0.0.1 + port: 21083 + cargohold: + host: 127.0.0.1 + port: 21084 + federatorInternal: + host: 127.0.0.1 + port: 21097 + federatorExternal: + host: 127.0.0.1 + port: 21098 + galley: + host: 127.0.0.1 + port: 21085 + gundeck: + host: 127.0.0.1 + port: 21086 + nginz: + host: 127.0.0.1 + port: 21080 + spar: + host: 127.0.0.1 + port: 21088 + proxy: + host: 127.0.0.1 + port: 21087 + backgroundWorker: + host: 127.0.0.1 + port: 21089 + stern: + host: 127.0.0.1 + port: 21091