Merge branch 'release/1.9.11' into develop

.gitlab-ci.yml

@@ -0,0 +1,8 @@
+---
+variables:
+  DEPLOY_TEMPLATES_VERSION: v1
+
+include:
+  - project: ervu/devops/ci-cd-templates
+    ref: v1
+    file: pipelines/container-helm-kubernetes-dev.yml

Dockerfile

@@ -0,0 +1,57 @@
+ARG BUILDER_IMAGE=registry.gosuslugi.local/ervu-uat/micord-deps:1.9.11
+ARG RUNTIME_IMAGE=registry.gosuslugi.local/os/altlinux@sha256:fd478a99adab9e195d652f78d0c90638de83f6f605fd7254f6241e594054f0f2
+
+FROM $BUILDER_IMAGE AS builder
+
+ARG MVN_FLAGS="-T4C -Pprod -DexecuteNpmInstall=false --batch-mode --no-transfer-progress"
+
+RUN apt-get update \
+ && apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
+ && apt-get clean
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG ru_RU.UTF-8
+ENV LANGUAGE ru_RU.UTF-8
+ENV LC_ALL ru_RU.UTF-8
+
+WORKDIR /app
+COPY . .
+
+RUN mkdir -p /root/.m2 \
+ && cp config/uat/settings.xml /root/.m2/settings.xml
+RUN mvn clean ${MVN_FLAGS} \
+ && mvn package ${MVN_FLAGS}
+
+
+FROM $RUNTIME_IMAGE
+
+COPY --from=builder /usr/lib/locale/ru_RU /usr/lib/locale/ru_RU
+COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8
+COPY --from=builder /usr/share/locale/ru_RU /usr/share/locale/ru_RU
+
+COPY config/entrypoint.sh /entrypoint.sh
+
+RUN apt-get update \
+ && apt-get -y install fonts-ttf-ms java-17-openjdk-headless tomcat tomcat-webapps tomcat-admin-webapps \
+ && apt-get clean \
+ && rm -f /var/cache/apt/*.bin \
+ && rm -f /var/lib/apt/lists/update* \
+ && chmod +x /entrypoint.sh
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG=ru_RU.UTF-8
+ENV LANGUAGE=ru_RU.UTF-8
+ENV LC_ALL=ru_RU.UTF-8
+
+COPY config/tomcat /
+
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && chown -R tomcat:tomcat /var/lib/tomcat/webapps
+
+COPY --from=builder /app/backend/target/account-applications.war /var/lib/tomcat/webapps/account-applications.war
+
+USER tomcat
+
+EXPOSE 8080
+
+ENTRYPOINT ["/entrypoint.sh"]

Dockerfile.pgs2

@@ -0,0 +1,63 @@
+ARG BUILDER_IMAGE=registry-dev.pgs.rtlabs.ru/ervu/micord-deps:0.0.1-shaeb3853d5
+ARG RUNTIME_IMAGE=registry-dev.pgs.rtlabs.ru/basealt/altsp:c10f1
+
+FROM $BUILDER_IMAGE AS builder
+
+ARG MVN_FLAGS="-T4C -Pprod -DexecuteNpmInstall=false --batch-mode --no-transfer-progress"
+
+RUN rm -f /etc/apt/sources.list.d/* \
+ && echo "rpm http://nexus-dev.pgs.rtlabs.ru repository/alt-c10f1-classic/x86_64 classic" > /etc/apt/sources.list \ 
+ && echo "rpm http://nexus-dev.pgs.rtlabs.ru repository/alt-c10f1-classic/noarch classic" >> /etc/apt/sources.list \ 
+ && apt-get update \
+ && apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
+ && apt-get clean
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG ru_RU.UTF-8
+ENV LANGUAGE ru_RU.UTF-8
+ENV LC_ALL ru_RU.UTF-8
+
+WORKDIR /app
+COPY . .
+RUN mkdir -p /root/.m2 \
+ && cp config/settings.xml /root/.m2/settings.xml
+
+RUN mvn clean ${MVN_FLAGS} \
+ && mvn package ${MVN_FLAGS}
+
+
+FROM $RUNTIME_IMAGE
+
+COPY --from=builder /usr/lib/locale/ru_RU /usr/lib/locale/ru_RU
+COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8
+COPY --from=builder /usr/share/locale/ru_RU /usr/share/locale/ru_RU
+
+COPY config/entrypoint.sh /entrypoint.sh
+
+RUN rm -f /etc/apt/sources.list.d/* \
+ && echo "rpm http://nexus-dev.pgs.rtlabs.ru repository/alt-c10f1-classic/x86_64 classic" > /etc/apt/sources.list \ 
+ && echo "rpm http://nexus-dev.pgs.rtlabs.ru repository/alt-c10f1-classic/noarch classic" >> /etc/apt/sources.list \ 
+ && apt-get update \
+ && apt-get -y install fonts-ttf-ms java-17-openjdk-headless tomcat tomcat-webapps \
+ && apt-get clean \
+ && rm -f /var/cache/apt/*.bin \
+ && rm -f /var/lib/apt/lists/update* \
+ && chmod +x /entrypoint.sh
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG=ru_RU.UTF-8
+ENV LANGUAGE=ru_RU.UTF-8
+ENV LC_ALL=ru_RU.UTF-8
+
+COPY config/tomcat /
+
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && chown -R tomcat:tomcat /var/lib/tomcat/webapps
+
+COPY --from=builder /app/backend/target/account-applications.war /var/lib/tomcat/webapps/account-applications.war
+
+USER tomcat
+
+EXPOSE 8080
+
+ENTRYPOINT ["/entrypoint.sh"]

backend/pom.xml

@@ -188,6 +188,14 @@
       <groupId>net.javacrumbs.shedlock</groupId>
       <artifactId>shedlock-provider-jdbc-template</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.apache.httpcomponents</groupId>
+      <artifactId>httpcore</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.httpcomponents</groupId>
+      <artifactId>httpclient</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-slf4j2-impl</artifactId>

backend/src/main/java/AppConfig.java

@@ -1,4 +1,11 @@
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
 import java.time.Duration;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import javax.sql.DataSource;
 
 import com.fasterxml.jackson.core.JsonFactory;
@@ -13,6 +20,10 @@ import net.javacrumbs.shedlock.provider.jdbctemplate.JdbcTemplateLockProvider;
 import net.javacrumbs.shedlock.spring.ScheduledLockConfiguration;
 import net.javacrumbs.shedlock.spring.ScheduledLockConfigurationBuilder;
 
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
@@ -21,6 +32,7 @@ import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.context.annotation.Primary;
 import org.springframework.context.annotation.FilterType;
 import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.retry.annotation.EnableRetry;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
@@ -55,6 +67,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 @EnableScheduling
 @EnableRetry
 public class AppConfig {
+  private static final Logger LOGGER = LoggerFactory.getLogger(AppConfig.class);
 
   @Bean
   public PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer(){
@@ -88,7 +101,37 @@ public class AppConfig {
 
   @Bean
   public RestTemplate restTemplate() {
-    return new RestTemplate();
+    CloseableHttpClient httpClient = HttpClients.custom()
+        .setSSLContext(sslContext())
+        .build();
+    RestTemplate restTemplate = new RestTemplate();
+    restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory(httpClient));
+    return restTemplate;
+  }
+
+  @Bean
+  public SSLContext sslContext() {
+    TrustManager[] trustAllCerts = new TrustManager[]{
+        new X509TrustManager() {
+          public X509Certificate[] getAcceptedIssuers() {
+            return null;
+          }
+
+          public void checkServerTrusted(X509Certificate[] certs, String authType) {}
+
+          public void checkClientTrusted(X509Certificate[] certs, String authType) {}
+        }
+    };
+    SSLContext sslContext = null;
+
+    try {
+      sslContext = SSLContext.getInstance("SSL");
+      sslContext.init(null, trustAllCerts, new SecureRandom());
+    }
+    catch (NoSuchAlgorithmException | KeyManagementException e) {
+      LOGGER.error("Failed to init SSL context", e);
+    }
+    return sslContext;
   }
 
   @Bean

backend/src/main/java/ru/micord/ervu/account_applications/EnumColumnFormatter.java

@@ -27,7 +27,7 @@ public class EnumColumnFormatter implements Formatter {
     strObjectToStringMapping.put("EDIT_USER_ACCOUNT", "Изменение учетной записи пользователя");
     strObjectToStringMapping.put("EDIT_USER_ROLES", "Изменение ролей пользователя");
     strObjectToStringMapping.put("BLOCK_USER", "Деактивация пользователя");
-	strObjectToStringMapping.put("UNBLOCK_USER", "Активация пользователя");
+	  strObjectToStringMapping.put("UNBLOCK_USER", "Активация пользователя");
     strObjectToStringMapping.put("RESET_PASSWORD", "Сброс пароля пользователя");
     strObjectToStringMapping.put("MALE", "Мужской");
     strObjectToStringMapping.put("FEMALE", "Женский");

backend/src/main/java/ru/micord/ervu/account_applications/component/service/ErvuUserGridLoadService.java

@@ -177,4 +177,4 @@ public class ErvuUserGridLoadService extends Behavior implements GridService {
       throw new UserDataLoadException("Ошибка при получении значения поля: " + field.getName(), e);
     }
   }
-}
+}

backend/src/main/java/ru/micord/ervu/account_applications/component/service/RecruitmentGridService.java

@@ -97,4 +97,4 @@ public class RecruitmentGridService extends GridV2ServiceImpl {
   private List<String> getAllRecruitmentIds() {
     return recruitmentDao.getAllRecruitmentIds();
   }
-}
+}

backend/src/main/java/ru/micord/ervu/account_applications/service/AbstractUserDataService.java

@@ -13,7 +13,6 @@ import com.google.common.net.HttpHeaders;
 import org.springframework.beans.factory.annotation.Value;
 import ru.micord.ervu.account_applications.component.exception.ApiResponseException;
 
-
 /**
  * @author Adel Kalimullin
  */
@@ -54,4 +53,4 @@ public abstract class AbstractUserDataService implements UserDataService {
 
 
   protected abstract Map<String, Object> objectToMap(Object object);
-}
+}

backend/src/main/java/ru/micord/ervu/account_applications/service/ErvuDirectoriesDaoService.java

@@ -22,7 +22,7 @@ public class ErvuDirectoriesDaoService {
   @Autowired
   private ErvuDirectoriesDao ervuDirectoriesDao;
 
-    @Cacheable(value = "role-ids", unless = "#result == null")
+  @Cacheable(value = "role-ids", unless = "#result == null")
   public List<String> getRoleIds() {
     return ervuDirectoriesDao.getRoleIds();
   }

backend/src/main/java/ru/micord/ervu/account_applications/service/RoleServiceImpl.java

@@ -16,6 +16,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.web.util.UriComponentsBuilder;
 import ru.micord.ervu.account_applications.component.exception.UserDataLoadException;
 import ru.micord.ervu.account_applications.component.model.Role;
+import ru.micord.ervu.account_applications.security.context.SecurityContext;
 import ru.micord.ervu.account_applications.service.constant.PathConstant;
 
 /**

backend/src/main/java/ru/micord/ervu/account_applications/websocket/WebSocketConfig.java

@@ -1,17 +1,9 @@
 package ru.micord.ervu.account_applications.websocket;
 
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.Map;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.socket.client.WebSocketClient;
@@ -24,29 +16,11 @@ import org.springframework.web.socket.client.standard.StandardWebSocketClient;
 public class WebSocketConfig {
   private static final Logger LOGGER = LoggerFactory.getLogger(WebSocketConfig.class);
 
+  @Autowired
+  private SSLContext sslContext;
+
   @Bean
   public WebSocketClient webSocketClient() {
-    //TODO remove after SUPPORT-9086
-    TrustManager[] trustAllCerts = new TrustManager[]{
-        new X509TrustManager() {
-          public X509Certificate[] getAcceptedIssuers() {
-            return null;
-          }
-
-          public void checkServerTrusted(X509Certificate[] certs, String authType) {}
-
-          public void checkClientTrusted(X509Certificate[] certs, String authType) {}
-        }
-    };
-    SSLContext sslContext = null;
-
-    try {
-      sslContext = SSLContext.getInstance("SSL");
-      sslContext.init(null, trustAllCerts, new SecureRandom());
-    }
-    catch (NoSuchAlgorithmException | KeyManagementException e) {
-      LOGGER.error("Failed to init SSL context", e);
-    }
     Map<String, Object> userProperties = new HashMap<>();
     userProperties.put("org.apache.tomcat.websocket.SSL_CONTEXT", sslContext);
     StandardWebSocketClient webSocketClient = new StandardWebSocketClient();

config/.gitignore

@@ -1,2 +1,3 @@
 /*.ear
 /*.jar
+/*.war

config/config.yaml

@@ -0,0 +1,74 @@
+name: ervu-account-applications-backend
+
+replicaCount: 1
+
+resources:
+  requests:
+    memory: '256Mi'
+    cpu: '50m'
+  limits:
+    memory: '2Gi'
+    cpu: '1'
+
+env:
+  - name: ERVU_URL
+    value: 'https://{{ $.Values.ingress_base_host }}'
+  - name: ERVU_PWD_SIGN_SECRET_KEY
+    value: 'DtCAQdeKnrAMLfdJkFVdfQnyT/Z5OINK4jqX0LbavfM='
+
+ports:
+  - name: http
+    containerPort: 8080
+
+services:
+  - name: '{{ $.Values.name }}'
+    type: ClusterIP
+    ports:
+      - name: http
+        port: 80
+        targetPort: 8080
+
+postgres:
+  database: 'ervu_account_applications'
+
+livenessProbe:
+  failureThreshold: 3
+  httpGet:
+    path: /
+    port: 8080
+  initialDelaySeconds: 30
+  periodSeconds: 3
+  successThreshold: 1
+  timeoutSeconds: 5
+
+readinessProbe:
+  failureThreshold: 3
+  httpGet:
+    path: /account-applications/version
+    port: 8080
+  initialDelaySeconds: 30
+  periodSeconds: 3
+  successThreshold: 1
+  timeoutSeconds: 5
+
+ingress:
+- name: '{{ $.Values.name }}'
+  annotations:
+    nginx.ingress.kubernetes.io/affinity: 'cookie'
+    nginx.ingress.kubernetes.io/session-cookie-name: 'stickysession'
+    nginx.ingress.kubernetes.io/session-cookie-max-age: '7200'
+    nginx.ingress.kubernetes.io/proxy-body-size: "75m"
+    nginx.ingress.kubernetes.io/rewrite-target: /account-applications/$2
+  labels:
+    app/name: ervu-account-applications
+  rules:
+  - host: '{{ $.Values.ingress_base_host }}'
+    http:
+      paths:
+      - path: /mfe/account-applications/account-applications(/|$)(.*)
+        pathType: Prefix
+        backend:
+          service:
+            name: '{{ $.Values.name }}'
+            port:
+              name: http

config/entrypoint.sh

@@ -0,0 +1,6 @@
+#! /bin/bash
+
+. /etc/tomcat/tomcat.conf
+. /etc/sysconfig/tomcat
+
+/usr/libexec/tomcat/server start

config/settings.xml

@@ -0,0 +1,13 @@
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+                          https://maven.apache.org/xsd/settings-1.0.0.xsd">
+  <mirrors>
+    <mirror>
+      <id>central-mirror</id>
+      <name>rtlabs-public</name>
+      <url>https://nexus-dev.pgs.rtlabs.ru/repository/maven-public</url>
+      <mirrorOf>*</mirrorOf>
+    </mirror>
+  </mirrors>
+</settings>

config/tomcat/etc/tomcat/conf.d/db.conf

@@ -1,8 +1,8 @@
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS \
- -Ddb.host=${DB_APP_HOST:-db} \
- -Ddb.port=${DB_APP_PORT:-5432} \
- -Ddb.name=${DB_APP_NAME:-app} \
- -Ddb.username=${DB_APP_USERNAME:-app_user} \
- -Ddb.password=${DB_APP_PASSWORD:-apppassword} \
+ -Ddb.host=\"${PG_HOST:-db}\" \
+ -Ddb.port=\"${PG_PORT:-5432}\" \
+ -Ddb.name=\"${PG_DATABASE:-app}\" \
+ -Ddb.username=\"${PG_USER:-app_user}\" \
+ -Ddb.password=\"${PG_PASSWORD:-apppassword}\" \
 "
-export JDK_JAVA_OPTIONS
+export JDK_JAVA_OPTIONS

config/tomcat/etc/tomcat/webbpm.properties

@@ -6,6 +6,7 @@ authentication.method=form
 bpmn.enable=false
 fias.enable=false
 gar.enable=false
+registration.enabled=false
 
 mail.jndi.resource.name=
 
@@ -16,4 +17,4 @@ webbpm.mode=production
 webbpm.jbpm.hibernate_statistics.enabled=false
 webbpm.cache.hazelcast.hosts=127.0.0.1
 webbpm.cache.hazelcast.outbound_port_definitions=5801-5820
-registration.enabled=false
+com.amazonaws.sdk.disableCertChecking

config/uat/settings.xml

@@ -0,0 +1,13 @@
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+                          https://maven.apache.org/xsd/settings-1.0.0.xsd">
+  <mirrors>
+    <mirror>
+      <id>central-mirror</id>
+      <name>rtlabs-public</name>
+      <url>http://nexus.gosuslugi.local/content/repositories/central</url>
+      <mirrorOf>*</mirrorOf>
+    </mirror>
+  </mirrors>
+</settings>

pom.xml

@@ -228,6 +228,16 @@
         <artifactId>slf4j-api</artifactId>
         <version>2.0.13</version>
       </dependency>
+      <dependency>
+        <groupId>org.apache.httpcomponents</groupId>
+        <artifactId>httpcore</artifactId>
+        <version>4.4.12</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.httpcomponents</groupId>
+        <artifactId>httpclient</artifactId>
+        <version>4.5.14</version>
+      </dependency>
       <dependency>
         <groupId>org.apache.logging.log4j</groupId>
         <artifactId>log4j-slf4j2-impl</artifactId>