diff --git a/console/console-init/ui/src/graphql-module/queries/AddressSpace.ts b/console/console-init/ui/src/graphql-module/queries/AddressSpace.ts index 948a40e7479..8677d2cae2e 100644 --- a/console/console-init/ui/src/graphql-module/queries/AddressSpace.ts +++ b/console/console-init/ui/src/graphql-module/queries/AddressSpace.ts @@ -40,8 +40,7 @@ const ALL_ADDRESS_SPACES_FILTER = ( if ( ((filterNamesLength && filterNamesLength > 0) || (filterNameSpacesLength && filterNameSpacesLength > 0)) && - filterType && - filterType.trim() !== "" + (filterType?.trim() || filterStatus?.trim()) ) { filter += " AND "; } @@ -53,6 +52,10 @@ const ALL_ADDRESS_SPACES_FILTER = ( ]); } + if (filterType?.trim() && filterStatus?.trim()) { + filter += " AND "; + } + //filter tye if (filterStatus) { if (filterStatus !== "Pending") { diff --git a/console/console-init/ui/src/modules/address-space/containers/MessagingToolbarContainer/MessagingToolbarContainer.tsx b/console/console-init/ui/src/modules/address-space/containers/MessagingToolbarContainer/MessagingToolbarContainer.tsx index 9195bbc40d6..5d15bb0fd94 100644 --- a/console/console-init/ui/src/modules/address-space/containers/MessagingToolbarContainer/MessagingToolbarContainer.tsx +++ b/console/console-init/ui/src/modules/address-space/containers/MessagingToolbarContainer/MessagingToolbarContainer.tsx @@ -79,16 +79,14 @@ export const MessagingToolbarContainer: React.FunctionComponent { + const resetInitialState = () => { setNameInput(""); setNamespaceInput(""); - setTypeSelected(null); - setStatusSelected(null); }; const onFilterSelect = (value: string) => { setFilterSelected(value); - resettInitialState(); + resetInitialState(); }; const onNameSelect = (e: any, selection: SelectOptionObject) => { diff --git a/documentation/assemblies/assembly-iot-creating-device.adoc b/documentation/assemblies/assembly-iot-creating-device.adoc index 90284ce7158..6c9ef700f6d 100644 --- a/documentation/assemblies/assembly-iot-creating-device.adoc +++ b/documentation/assemblies/assembly-iot-creating-device.adoc @@ -8,12 +8,13 @@ After installing the IoT services and creating an IoT project, you can create an IoT device for the device you want to monitor. + :headers: -H 'Content-Type: application/json' -H "Authorization: Bearer ${TOKEN}" ifeval::["{cmdcli}" == "oc"] :registry: $(oc -n {ProductNamespace} get routes device-registry --template='{{ .spec.host }}') endif::[] ifeval::["{cmdcli}" == "kubectl"] -:registry: $(kubectl -n enmasse-infra get service iot-device-registry-external -o jsonpath={.status.loadBalancer.ingress[0].hostname}):31443 +:registry: $(kubectl -n {ProductNamespace} get service iot-device-registry-external -o jsonpath={.status.loadBalancer.ingress[0].hostname}):31443 endif::[] .Prerequisites diff --git a/documentation/assemblies/assembly-iot-device-manager-guide.adoc b/documentation/assemblies/assembly-iot-device-manager-guide.adoc index ebb85286c16..78b233a8924 100644 --- a/documentation/assemblies/assembly-iot-device-manager-guide.adoc +++ b/documentation/assemblies/assembly-iot-device-manager-guide.adoc @@ -9,4 +9,6 @@ Device managers are typically responsible for creating and managing device identities and credentials in the system. +include::../modules/proc-iot-management-token.adoc[leveloffset=+1] + include::assembly-iot-creating-device.adoc[leveloffset=+1] \ No newline at end of file diff --git a/documentation/modules/proc-iot-management-token.adoc b/documentation/modules/proc-iot-management-token.adoc new file mode 100644 index 00000000000..3085f35b199 --- /dev/null +++ b/documentation/modules/proc-iot-management-token.adoc @@ -0,0 +1,116 @@ +// Module included in the following assemblies: +// +// assembly-iot-creating-device.adoc + +[id='proc-iot-management-token-{context}'] += Obtaining an authentication token + +To access the device management API, you must obtain a token to authenticate yourself +to the API. + +Access to an IoT tenant's devices is mapped by the device registry based on access to +the `IoTProject` resource. If an account has *read* access to the `IoTProject`, this +account can also execute *read* operations on the device registry for this IoT tenant. + +The token has to be presented to the API as a *bearer token* by adding +an HTTP header value: `Authorization: Bearer `. For more information, +see link:https://tools.ietf.org/html/rfc6750[RFC 6750]. + +In the following configuration examples, replace `${TOKEN}` with the actual token. + +== Obtaining an authentication token for a user + +If you want to use the token of the current {KubePlatform}, you can extract the +token. + +.Prerequisites + +* You must be logged in to your {KubePlatform} instance as a user that supports tokens. + +.Procedure + +. Extract the token for the current user: ++ +[options="nowrap",subs="+quotes,attributes"] +---- +ifeval::["{cmdcli}" == "oc"] +oc whoami -t +endif::[] +ifeval::["{cmdcli}" == "kubectl"] +kubectl config view -o json| jq -r '.users[] as $users | ."current-context" as $ctx | .contexts[] | select (.name==$ctx).context.user as $user | $users | select (.name==$user).user.token' +endif::[] +---- + +NOTE: User tokens have a limited lifetime, so it may be necessary +to renew the token after it has expired. + +== Obtaining an authentication token for a service account + +Perform the following steps to create a new service account and extract the token. + +.Prerequisites + +* You must be logged in to your {KubePlatform} instance with permissions to create new service accounts, roles and role bindings. + +.Procedure + +. Create a new service account: ++ +[source,yaml,options="nowrap"] +---- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: my-device-manager-account # <1> +---- +<1> The name of the service account. + +. Create a new role, allowing access to the `IoTProject`: ++ +[source,yaml,options="nowrap"] +---- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: device-manager-role # <1> +rules: # <2> +- apiGroups: ["iot.enmasse.io"] + resources: ["iotprojects"] + verbs: ["create", "update", "get", "list", "delete"] +---- +<1> The name of the role. +<2> The access rules, which must grant CRUD access to the `IoTProject`. ++ +This example grants access to all `IoTProjects`s in a namespace. +To further restrict access, use more specific rules. + +. Create a new role binding, assigning the role to the service account: ++ +[source,yaml,options="nowrap"] +---- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: my-device-manager-account-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: device-manager-role # <1> +subjects: +- kind: ServiceAccount + name: my-device-manager-account # <2> +---- +<1> The name of the role. +<2> The name of the service account. + +. Retrieve the token from the service account: ++ +[options="nowrap",subs="+quotes,attributes"] +---- +ifeval::["{cmdcli}" == "oc"] +oc serviceaccounts get-token my-device-manager-account +endif::[] +ifeval::["{cmdcli}" == "kubectl"] +kubectl get secret $(kubectl get sa my-device-manager-account -o json | jq -r '.secrets[] | select(.name | contains("-token-")).name') -o json | jq -r .data.token +endif::[] +---- diff --git a/iot/iot-device-registry-base/pom.xml b/iot/iot-device-registry-base/pom.xml index 504b16928e3..0dba3a71ab4 100644 --- a/iot/iot-device-registry-base/pom.xml +++ b/iot/iot-device-registry-base/pom.xml @@ -67,6 +67,7 @@ org.hamcrest hamcrest + test io.vertx diff --git a/iot/iot-device-registry-infinispan/pom.xml b/iot/iot-device-registry-infinispan/pom.xml index e2456f07771..63be9dc268c 100644 --- a/iot/iot-device-registry-infinispan/pom.xml +++ b/iot/iot-device-registry-infinispan/pom.xml @@ -79,6 +79,7 @@ org.hamcrest hamcrest + test io.vertx diff --git a/iot/iot-device-registry-jdbc/pom.xml b/iot/iot-device-registry-jdbc/pom.xml index 878f804f6b6..4ebcf4916e5 100644 --- a/iot/iot-device-registry-jdbc/pom.xml +++ b/iot/iot-device-registry-jdbc/pom.xml @@ -84,6 +84,7 @@ org.hamcrest hamcrest + test io.vertx diff --git a/iot/iot-infinispan-base/pom.xml b/iot/iot-infinispan-base/pom.xml index 08100ef7f75..b034d947694 100644 --- a/iot/iot-infinispan-base/pom.xml +++ b/iot/iot-infinispan-base/pom.xml @@ -77,6 +77,7 @@ org.hamcrest hamcrest + test diff --git a/iot/iot-jdbc-base/pom.xml b/iot/iot-jdbc-base/pom.xml index a6f4debb2e7..0a25b1c8720 100644 --- a/iot/iot-jdbc-base/pom.xml +++ b/iot/iot-jdbc-base/pom.xml @@ -70,6 +70,7 @@ org.hamcrest hamcrest + test ch.qos.logback diff --git a/pkg/controller/address_space_controller/controller.go b/pkg/controller/address_space_controller/controller.go index ac76a74d0d9..ec0da52998f 100644 --- a/pkg/controller/address_space_controller/controller.go +++ b/pkg/controller/address_space_controller/controller.go @@ -205,6 +205,9 @@ func ApplyDeployment(deployment *appsv1.Deployment) error { applyImageEnv(container, "TOPIC_FORWARDER_IMAGE", "topic-forwarder") applyImageEnv(container, "MQTT_GATEWAY_IMAGE", "mqtt-gateway") applyImageEnv(container, "MQTT_LWT_IMAGE", "mqtt-lwt") + if util.IsOpenshift() { + install.ApplyEnvSimple(container, util.EnMasseOpenshiftEnvVar, "true") + } if value, ok := os.LookupEnv("ENABLE_MONITORING_ANNOTATIONS"); ok && value == "true" { deployment.ObjectMeta.Annotations["prometheus.io/scrape"] = "true" diff --git a/pom.xml b/pom.xml index c8a9de874bf..9f45a7ceac0 100644 --- a/pom.xml +++ b/pom.xml @@ -48,19 +48,19 @@ 1.7.21 1.2.3 7.7.1 - 6.0.18.Final + 6.0.20.Final 2.10.0 2.10.4 2.10.4 2.10.4 2.10.4 + 2.10.4 2.0.1.Final 1.0.13.Final 1.9 3.0.1-b08 3.6.1.SP2 2.21.0 - 3.2.2 25.0-jre 2.2 5.5.2 @@ -81,7 +81,7 @@ v10.15.3 6.9.0 v1.21.1 - 1.23 + 1.26 1.3.2 2.3.2 1.0.2 @@ -216,13 +216,6 @@ - - - commons-collections - commons-collections - ${commons-collections.version} - - org.apache.activemq apache-artemis @@ -513,6 +506,11 @@ jackson-module-jaxb-annotations ${jackson-module-jaxb-annotations.version} + + com.fasterxml.jackson.jaxrs + jackson-jaxrs-json-provider + ${jackson-jaxrs-json-provider.version} + io.netty @@ -683,7 +681,6 @@ ${gson.version} - org.yaml snakeyaml diff --git a/systemtests/src/test/java/io/enmasse/systemtest/bases/web/ConsoleTest.java b/systemtests/src/test/java/io/enmasse/systemtest/bases/web/ConsoleTest.java index a092be12eda..47cc690d419 100644 --- a/systemtests/src/test/java/io/enmasse/systemtest/bases/web/ConsoleTest.java +++ b/systemtests/src/test/java/io/enmasse/systemtest/bases/web/ConsoleTest.java @@ -722,7 +722,17 @@ protected void doTestFilterAddressSpaceStatus() throws Exception { consolePage.addFilter(FilterType.STATUS, "Terminating"); assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(0)); + consolePage.removeAllFilters(); + consolePage.addFilter(FilterType.NAME, "standard"); + consolePage.addFilter(FilterType.NAMESPACE, kubernetes.getInfraNamespace()); + assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(2)); + consolePage.addFilter(FilterType.STATUS, "Active"); + assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(2)); + consolePage.addFilter(FilterType.TYPE, "Standard"); + assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(1)); + consolePage.addFilter(FilterType.STATUS, "Pending"); + assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(0)); } protected void doTestListEndpoints() throws Exception { diff --git a/systemtests/src/test/java/io/enmasse/systemtest/isolated/monitoring/MonitoringTest.java b/systemtests/src/test/java/io/enmasse/systemtest/isolated/monitoring/MonitoringTest.java index 4c513918b1a..cb556591d31 100644 --- a/systemtests/src/test/java/io/enmasse/systemtest/isolated/monitoring/MonitoringTest.java +++ b/systemtests/src/test/java/io/enmasse/systemtest/isolated/monitoring/MonitoringTest.java @@ -204,8 +204,6 @@ void testMonitoringCommonQueries() throws Exception { assertDoesNotThrow(() -> monitoring.validateQueryAndWait(MonitoringQueries.ENMASSE_COMPONENT_HEALTH, "1", Map.ofEntries(Map.entry("endpoint", "cr-metrics"), Map.entry("job", "enmasse-operator-metrics")))); assertDoesNotThrow(() -> monitoring.validateQueryAndWait(MonitoringQueries.ENMASSE_COMPONENT_HEALTH, "1", Map.ofEntries(Map.entry("endpoint", "http-metrics"), Map.entry("job", "enmasse-operator-metrics")))); - - assertEquals(environment.enmasseVersion(), monitoring.getQueryResult(MonitoringQueries.ENMASSE_VERSION, Collections.singletonMap("name", "enmasse-operator")).getMetadataValue("version")); } @Test diff --git a/templates/crds/iotconfigs.crd.yaml b/templates/crds/iotconfigs.crd.yaml index 6393e2c1a1d..fa4442618d6 100644 --- a/templates/crds/iotconfigs.crd.yaml +++ b/templates/crds/iotconfigs.crd.yaml @@ -122,6 +122,18 @@ spec: lorawan: type: object + services: + type: object + properties: + deviceConnection: + type: object + deviceRegistry: + type: object + authentication: + type: object + tenant: + type: object + tracing: type: object