AssetId support for adapters

.github/dependabot.yaml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "sunday"

.github/workflows/.build-publish-docker.yaml

@@ -0,0 +1,53 @@
+name: Build and publish
+
+on:
+  workflow_call:
+    outputs:
+      image-tags:
+        description: "Docker image with tag"
+        value: ${{ jobs.publish.outputs.image-tags }}
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    outputs:
+      image-tags: ${{ steps.meta.outputs.tags }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Login to ghcr
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v6
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix={{date 'YYYY.MM.DD.HH.mm'}}-,format=short,priority=9002
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Summarize
+        run: echo "Docker image ${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
+

.github/workflows/.cluster-deploy.yaml

@@ -0,0 +1,54 @@
+name: Cluster deploy
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: "Environment"
+        required: true
+        type: string
+      image-tags:
+        description: "Docker image with tag"
+        required: true
+        type: string
+
+jobs:
+  deploy-to-cluster:
+    name: Deploy to Cluster
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Bake manifests with Kustomize
+        id: bake
+        uses: azure/k8s-bake@v4
+        with:
+          renderEngine: "kustomize"
+          kustomizationPath: "kustomize/overlays/${{ inputs.environment }}"
+
+      - name: Azure login
+        uses: azure/login@v2
+        with:
+          creds: "${{ secrets[format('AKS_{0}_FINT_GITHUB', inputs.environment )] }}"
+
+      - name: Set the target cluster
+        uses: azure/aks-set-context@v5
+        with:
+          cluster-name: "${{ vars[format('{0}_CLUSTER_NAME', inputs.environment)] }}"
+          resource-group: "${{ vars[format('{0}_CLUSTER_RESOURCE_GROUP', inputs.environment)] }}"
+          admin: "true"
+          use-kubelogin: "true"
+
+      - name: Deploy
+        uses: azure/k8s-deploy@v6
+        with:
+          action: deploy
+          manifests: ${{ steps.bake.outputs.manifestsBundle }}
+          images: ${{ inputs.image-tags }}
+          pull-images: 'false'
+          namespace: operators

.github/workflows/.create-release.yaml

@@ -0,0 +1,32 @@
+name: Create release
+
+on:
+  workflow_call:
+    inputs:
+      image-tags:
+        description: 'Docker image with tag'
+        required: true
+        type: string
+
+jobs:
+  create-release:
+    name: Create release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Extract tag from image reference
+        id: version
+        run: |
+          full_tag="${{ inputs.image-tags }}"
+          version="${full_tag##*:}"
+          echo "Extracted version: $version"
+          echo "version=$version" >> $GITHUB_OUTPUT
+
+      - uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.version.outputs.version }}
+          generateReleaseNotes: true

.github/workflows/build-deployment.yaml

@@ -0,0 +1,57 @@
+name: Build and deploy
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Select environment"
+        required: true
+        default: "alpha"
+        type: choice
+        options: [alpha, beta, api]
+
+permissions:
+  actions: read
+  id-token: write
+  contents: write
+  packages: write
+
+jobs:
+  build-publish:
+    uses: ./.github/workflows/.build-publish-docker.yaml
+    secrets: inherit
+
+  deploy-alpha:
+    if: github.event.name == 'workflow_dispatch' && inputs.environment == 'alpha'
+    uses: ./.github/workflows/.cluster-deploy.yaml
+    needs: build-publish
+    secrets: inherit
+    with:
+      environment: alpha
+      image-tags: ${{ needs.build-publish.outputs.image-tags }}
+
+
+  deploy-beta:
+    if: github.event_name == 'workflow_dispatch' && inputs.environment == 'beta'
+    uses: ./.github/workflows/.cluster-deploy.yaml
+    needs: build-publish
+    secrets: inherit
+    with:
+      environment: beta
+      image-tags: ${{ needs.build-publish.outputs.image-tags }}
+
+  deploy-api:
+    if: github.event_name == 'workflow_dispatch' && inputs.environment == 'api'
+    uses: ./.github/workflows/.cluster-deploy.yaml
+    needs: build-publish
+    secrets: inherit
+    with:
+      environment: api
+      image-tags: ${{ needs.build-publish.outputs.image-tags }}
+
+  create-release:
+    if: github.ref == 'refs/heads/prod'
+    uses: ./.github/workflows/.create-release.yaml
+    needs: [build-publish, deploy-api]
+    secrets: inherit
+    with:
+      image-tags: ${{ needs.build-publish.outputs.image-tags }}

README.md

@@ -9,28 +9,56 @@ for LibreSSL 3.3.6:
 openssl genpkey -algorithm rsa
 ```
 
+### Client
+.yaml example file:
+```yaml
+apiVersion: fintlabs.no/v1alpha1
+kind: FintClient
+metadata:
+  name: flais-test-client
+  namespace: fintlabs-no
+  labels:
+    app.kubernetes.io/name: test-client
+    app.kubernetes.io/instance: test-service-backend-client_county_no
+    app.kubernetes.io/version: latest
+    app.kubernetes.io/component: backend
+    app.kubernetes.io/part-of: arkiv
+    fintlabs.no/team: flais
+    fintlabs.no/org-id: fintlabs.no
 
+spec:
+  orgId: fintlabs.no
+  note: Dette er en test. Nu kjør vi!!
+  components:
+    - administrasjon_personal
+    - utdanning_elev
+```
 
+### Adapter
 .yaml example file:
 ```yaml
 apiVersion: fintlabs.no/v1alpha1
-kind: FintClient
+kind: FintAdapter
 metadata:
-  name: frodes-test-client
+  name: flais-test-adapter
   namespace: fintlabs-no
   labels:
     app.kubernetes.io/name: test-adapter
-    app.kubernetes.io/instance: test-adapter_rogfk_no
+    app.kubernetes.io/instance: test-adapter_county_no
     app.kubernetes.io/version: latest
     app.kubernetes.io/component: adapter
+    app.kubernetes.io/component: arkiv-adapter
     app.kubernetes.io/part-of: arkiv
     fintlabs.no/team: flais
     fintlabs.no/org-id: fintlabs.no
-
+    
 spec:
   orgId: fintlabs.no
   note: Dette er en test. Nu kjør vi!!
   components:
     - administrasjon_personal
     - utdanning_elev
+  assetIds:
+    - test.fylke.no
+    - test.annet_fylke.no 
 ```

build.gradle

@@ -1,6 +1,6 @@
 plugins {
-	id 'org.springframework.boot' version '2.7.16'
-	id 'io.spring.dependency-management' version '1.1.3'
+	id 'org.springframework.boot' version '2.7.18'
+	id 'io.spring.dependency-management' version '1.1.7'
 	id 'java'
 }
 

examples/fint-adapter.yaml

@@ -1,21 +1,25 @@
 apiVersion: fintlabs.no/v1alpha1
 kind: FintAdapter
 metadata:
-  name: sondres-test-adapter
+  name: test-adapter
   namespace: fintlabs-no
   labels:
     app.kubernetes.io/name: test-adapter
-    app.kubernetes.io/instance: test-adapter_rogfk_no
+    app.kubernetes.io/instance: test-adapter_flais_no
     app.kubernetes.io/version: latest
     app.kubernetes.io/component: adapter
-    app.kubernetes.io/part-of: arkiv
+    app.kubernetes.io/part-of: internal
     fintlabs.no/team: flais
-    fintlabs.no/org-id: fintlabs.no
+    fintlabs.no/org-id: fintlabs-no
 
 spec:
   orgId: fintlabs.no
   note: This is LA8PV transmitting on the short-wave band on fifty meters - over og ut.
   components:
     - administrasjon_personal
     - utdanning_elev
+  assetIds:
+    - fylkesting_viken_no
+    - fylkesting_rogfk_no
+    - fylkesting_flais_no
 

examples/fint-adapter2.yaml

@@ -1,16 +1,16 @@
 apiVersion: fintlabs.no/v1alpha1
 kind: FintAdapter
 metadata:
-  name: test-adapter
+  name: testadapter
   namespace: fintlabs-no
   labels:
     app.kubernetes.io/name: test-adapter
-    app.kubernetes.io/instance: test-adapter_rogfk_no
+    app.kubernetes.io/instance: test-adapter_flais_no
     app.kubernetes.io/version: latest
     app.kubernetes.io/component: adapter
-    app.kubernetes.io/part-of: arkiv
+    app.kubernetes.io/part-of: internal
     fintlabs.no/team: flais
-    fintlabs.no/org-id: fintlabs.no
+    fintlabs.no/org-id: fintlabs-no
 
 spec:
   orgId: fintlabs.no
@@ -19,8 +19,9 @@ spec:
     - administrasjon_personal
     - utdanning_elev
   assets:
-    - fylkesting.fintlabs.no
+    - fylkesting.viken.no
+    - fylkesting.telemark.no
 #   - frad.fintlabs.no
 
 # assetIds: "org,asset,asset"
-# fintAdapterIDs: "ou=viken_no,ou=assets,ou=viken_no,ou=organisations,o=fint"
+# fintAdapterIDs: "ou=viken_no,ou=assets,ou=viken_no,ou=organisations,o=fint"

examples/fint-client.yaml

@@ -1,20 +1,20 @@
 apiVersion: fintlabs.no/v1alpha1
 kind: FintClient
 metadata:
-  name: frodes-test-client
+  name: flais-test-client
   namespace: fintlabs-no
   labels:
     app.kubernetes.io/name: test-adapter
-    app.kubernetes.io/instance: test-adapter_rogfk_no
+    app.kubernetes.io/instance: test-adapter_flais_no
     app.kubernetes.io/version: latest
     app.kubernetes.io/component: adapter
-    app.kubernetes.io/part-of: arkiv
+    app.kubernetes.io/part-of: internal
     fintlabs.no/team: flais
-    fintlabs.no/org-id: fintlabs.no
+    fintlabs.no/org-id: fintlabs-no
 
 spec:
   orgId: fintlabs.no
-  note: Dette er en test. Jævlar, nu kjør vi!!
+  note: Dette er en test. Nu kjör vi!!
   components:
     - administrasjon_personal
     - utdanning_elev

kustomize/base/fintadapters.fintlabs.no-v1.yml

@@ -25,6 +25,10 @@ spec:
                 items:
                   type: string
                 type: array
+              assetIds:
+                items:
+                  type: string
+                type: array
             type: object
           status:
             properties:

kustomize/overlays/alpha/exclude-kafka.yaml

@@ -0,0 +1,10 @@
+$patch: delete
+apiVersion: "fintlabs.no/v1alpha1"
+kind: KafkaUserAndAcl
+metadata:
+  name: finterator
+specs:
+  acls:
+    - permission: admin
+      topic: 'flais-io.fint-customer-objects.*'
+