Skip to content

Commit 5a7214f

Browse files
phrockerphrocker
committed
Minor improvements
1 parent cf78db3 commit 5a7214f

File tree

12 files changed

+327
-43
lines changed

12 files changed

+327
-43
lines changed

.local.env

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,5 @@ SENTRIUS_AGENT_VERSION=1.1.42
55
SENTRIUS_AI_AGENT_VERSION=1.1.263
66
LLMPROXY_VERSION=1.0.78
77
LAUNCHER_VERSION=1.0.82
8-
AGENTPROXY_VERSION=1.0.85
8+
AGENTPROXY_VERSION=1.0.85
9+
SSHPROXY_VERSION=1.0.3

.local.env.bak

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,5 @@ SENTRIUS_AGENT_VERSION=1.1.42
55
SENTRIUS_AI_AGENT_VERSION=1.1.263
66
LLMPROXY_VERSION=1.0.78
77
LAUNCHER_VERSION=1.0.82
8-
AGENTPROXY_VERSION=1.0.85
8+
AGENTPROXY_VERSION=1.0.85
9+
SSHPROXY_VERSION=1.0.3

api/src/main/resources/db/migration/V19__alter_hostsystems.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
ALTER TABLE host_systems
2+
ADD COLUMN proxied_ssh_server BOOLEAN DEFAULT FALSE,
3+
ADD COLUMN proxied_ssh_port INTEGER DEFAULT 0;

dataplane/src/main/java/io/sentrius/sso/core/model/HostSystem.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,16 @@ public class HostSystem implements Host {
9393
@Column(name = "locked")
9494
private boolean locked = false;
9595

96+
@Builder.Default
97+
@Column(name = "proxied_ssh_server")
98+
private boolean proxiedSSHServer = false;
99+
100+
@Builder.Default
101+
@Column(name = "proxied_ssh_port")
102+
private Integer proxiedSSHPort = 0;
103+
104+
105+
96106
@OneToMany(mappedBy = "hostSystem", cascade = CascadeType.ALL,orphanRemoval = true, fetch = FetchType.LAZY)
97107
private List<ProxyHost> proxies;
98108

docker/ssh-proxy/Dockerfile

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# Use an OpenJDK image as the base
2+
FROM eclipse-temurin:17-jdk-jammy
3+
4+
# Declare the argument
5+
ARG INCLUDE_DEV_CERTS=false
6+
7+
# Set environment so you can use in RUN
8+
ENV INCLUDE_DEV_CERTS=${INCLUDE_DEV_CERTS}
9+
10+
11+
# Set working directory
12+
WORKDIR /app
13+
14+
# Copy the pre-built API JAR into the container
15+
COPY sshproxy.jar /app/sshproxy.jar
16+
17+
18+
COPY dev-certs/sentrius-ca.crt /tmp/sentrius-ca.crt
19+
20+
RUN if [ "$INCLUDE_DEV_CERTS" = "true" ] && [ -f /tmp/sentrius-ca.crt ]; then \
21+
echo "Importing dev CA cert..." && \
22+
keytool -import -noprompt -trustcacerts \
23+
-alias sentrius-local-ca \
24+
-file /tmp/sentrius-ca.crt \
25+
-keystore "$JAVA_HOME/lib/security/cacerts" \
26+
-storepass changeit ; \
27+
else \
28+
echo "Skipping cert import"; \
29+
fi
30+
31+
32+
# Expose the port the app runs on
33+
EXPOSE 8080
34+
35+
RUN apt-get update && apt-get install -y curl
36+
37+
38+
# Command to run the app
39+
CMD ["java","-XX:+UseContainerSupport", "-jar", "/app/sshproxy.jar", "--spring.config.location=/config/sshproxy-application.properties"]

docker/ssh-proxy/dev-certs/sentrius-ca.crt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDJTCCAg2gAwIBAgIUDvcfbY2leSeMSnrsrJo2zv0ue/kwDQYJKoZIhvcNAQEL
3+
BQAwGjEYMBYGA1UEAwwPc2VudHJpdXMtZGV2LWNhMB4XDTI1MDcwMjIxNDk0MloX
4+
DTI2MDcwMjIxNDk0MlowGjEYMBYGA1UEAwwPc2VudHJpdXMtZGV2LWNhMIIBIjAN
5+
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DDoRTDzG6QhQNy9tthyVnFIfBvS
6+
issnqzmpT3XrDdpHT0BIgYIBXWZzQbnhfnM1abCzZtn1ozmzUp84/PJbFYcupjNZ
7+
YUwul0C7BTAm8oN1vhQFbZ6u5iixHUsIbvxNb9IW8Yu003dtP1iXiaMcNZPr9xz7
8+
INgYigJuoSxtIEuzSBOFNYaXuUfn4r4GIlzF9lDnxeltvQqHTS5j4cdzXdis2e6k
9+
Gy+9OYZZp62WRHWTuhRfOakL1b+voTU8udyIS++mmxXy+AjHlzPuRB8L7wi3HoAM
10+
hBUxCzzJB3+mYNzyOd75bccbiWbMu1ay7WhOxxN2hxWJg+8u05bgAi4EPQIDAQAB
11+
o2MwYTAdBgNVHQ4EFgQU63Fomh1GrbWOavtqFoOhcboMAxMwHwYDVR0jBBgwFoAU
12+
63Fomh1GrbWOavtqFoOhcboMAxMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
13+
BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAIu5heYvdV0r33avCMg82txjWvv7mXA5
14+
8BwU2GUsHqbh/0bS3Sxwc2KRsEh77NcgGo5Lr0gEftTzexGBjCikzhTL1+cWf6Ay
15+
b04NTr7E/EigZlZs/Ceoav5Mw7zElwDhtAr35OoQKTKBUHJgPKUAr5i2Ijwj8HYw
16+
ua/zUKU3RxRiuMTfsZmnzTJEtrTkgMbQN4HNRXTSmVPYNpYhVS+cPM9Xvy5QVaIR
17+
F2RxiywKSSzRY88w2c3sGXjDYs9wmxIWKbjNX51q2ZxwpF9E4c2s48eTjiVS5kVA
18+
/frlToZdVeLORjTtVw24RN4DTqsbOB3SkybylkopF8YjlkvEQNNZZ3c=
19+
-----END CERTIFICATE-----

ops-scripts/base/build-images.sh

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ update_sentrius_ai_agent=false
149149
update_integrationproxy=false
150150
update_launcher=false
151151
update_agent_proxy=false
152+
update_ssh_proxy=false
152153

153154
while [[ "$#" -gt 0 ]]; do
154155
case $1 in
@@ -160,7 +161,8 @@ while [[ "$#" -gt 0 ]]; do
160161
--sentrius-launcher-service) update_launcher=true ;;
161162
--sentrius-integration-proxy) update_integrationproxy=true ;;
162163
--sentrius-agent-proxy) update_agent_proxy=true ;;
163-
--all) update_sentrius=true; update_sentrius_ssh=true; update_sentrius_keycloak=true; update_sentrius_agent=true; update_sentrius_ai_agent=true; update_integrationproxy=true; update_launcher=true; update_agent_proxy=true; ;;
164+
--sentrius-ssh-proxy) update_ssh_proxy=true ;;
165+
--all) update_sentrius=true; update_sentrius_ssh=true; update_sentrius_keycloak=true; update_sentrius_agent=true; update_sentrius_ai_agent=true; update_integrationproxy=true; update_launcher=true; update_agent_proxy=true; update_ssh_proxy=true; ;;
164166
--no-cache) NO_CACHE=true ;;
165167
--include-dev-certs) INCLUDE_DEV_CERTS=true ;;
166168
*) echo "Unknown flag: $1"; exit 1 ;;
@@ -237,4 +239,12 @@ if $update_agent_proxy; then
237239
build_image "sentrius-agent-proxy" "$AGENTPROXY_VERSION" "${SCRIPT_DIR}/../../docker/agent-proxy"
238240
rm docker/agent-proxy/agentproxy.jar
239241
update_env_var "AGENTPROXY_VERSION" "$AGENTPROXY_VERSION"
242+
fi
243+
244+
if $update_ssh_proxy; then
245+
cp ssh-proxy/target/ssh-proxy-*.jar docker/ssh-proxy/sshproxy.jar
246+
SSHPROXY_VERSION=$(increment_patch_version $SSHPROXY_VERSION)
247+
build_image "sentrius-ssh-proxy" "$SSHPROXY_VERSION" "${SCRIPT_DIR}/../../docker/ssh-proxy"
248+
rm docker/ssh-proxy/sshproxy.jar
249+
update_env_var "SSHPROXY_VERSION" "$SSHPROXY_VERSION"
240250
fi

ops-scripts/local/deploy-helm.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,7 @@ helm upgrade --install sentrius ./sentrius-chart --namespace ${TENANT} \
260260
--set sentriusaiagent.image.tag=${SENTRIUS_AI_AGENT_VERSION} \
261261
--set launcherservice.image.pullPolicy="Never" \
262262
--set launcherservice.image.tag=${LAUNCHER_VERSION} \
263+
--set sshproxy.image.tag=${SSHPROXY_VERSION} \
263264
--set neo4j.env.NEO4J_server_config_strict__validation__enabled="\"false\"" \
264265
--set sentriusagent.image.tag=${SENTRIUS_AGENT_VERSION} || { echo "Failed to deploy Sentrius with Helm"; exit 1; }
265266

sentrius-chart/templates/configmap.yaml

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -478,3 +478,59 @@ data:
478478
twopartyapproval.require.explanation.LOCKING_SYSTEMS=false
479479
canApproveOwnJITs=false
480480
yamlConfiguration=/app/demoInstaller.yml
481+
sshproxy-application.properties: |
482+
keystore.file=sso.jceks
483+
keystore.password=${KEYSTORE_PASSWORD}
484+
keystore.alias=KEYBOX-ENCRYPTION_KEY
485+
spring.thymeleaf.enabled=true
486+
spring.freemarker.enabled=false
487+
management.metrics.enable.system.processor={{ .Values.metrics.enabled }}
488+
spring.autoconfigure.exclude={{ .Values.metrics.class.exclusion }}
489+
#flyway configuration
490+
spring.main.web-application-type=reactive
491+
spring.flyway.enabled=false
492+
logging.level.org.springframework.web=INFO
493+
logging.level.org.springframework.security=INFO
494+
logging.level.io.sentrius=DEBUG
495+
logging.level.org.thymeleaf=INFO
496+
spring.thymeleaf.servlet.produce-partial-output-while-processing=false
497+
spring.servlet.multipart.enabled=true
498+
spring.servlet.multipart.max-file-size=10MB
499+
spring.servlet.multipart.max-request-size=10MB
500+
server.error.whitelabel.enabled=false
501+
dynamic.properties.path=/config/dynamic.properties
502+
keycloak.realm=sentrius
503+
keycloak.base-url={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}
504+
agent.api.url={{ .Values.sentriusDomain }}
505+
# Keycloak configuration
506+
spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.agentproxy.oauth2.client_id }}
507+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET}
508+
spring.security.oauth2.client.registration.keycloak.authorization-grant-type={{ .Values.sentriusagent.oauth2.authorization_grant_type }}
509+
#spring.security.oauth2.client.registration.keycloak.redirect-uri={{ .Values.sentriusDomain }}/login/oauth2/code/keycloak
510+
#spring.security.oauth2.client.registration.keycloak.scope={{ .Values.sentriusagent.oauth2.scope }}
511+
spring.security.oauth2.resourceserver.jwt.issuer-uri={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}/realms/sentrius
512+
spring.security.oauth2.client.provider.keycloak.issuer-uri={{ .Values.keycloakInternalDomain | default .Values.keycloakDomain }}/realms/sentrius
513+
# OTEL settings
514+
otel.traces.exporter=otlp
515+
otel.metrics.exporter=none
516+
otel.logs.exporter=none
517+
otel.exporter.otlp.endpoint=http://sentrius-jaeger:4317
518+
otel.resource.attributes.service.name=integration-proxy
519+
otel.traces.sampler=always_on
520+
otel.exporter.otlp.timeout=10s
521+
otel.exporter.otlp.protocol=grpc
522+
provenance.kafka.topic=sentrius-provenance
523+
# Serialization
524+
spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
525+
spring.kafka.producer.value-serializer=org.springframework.kafka.support.serializer.JsonSerializer
526+
spring.kafka.producer.properties.spring.json.trusted.packages=io.sentrius.*
527+
# Reliability
528+
spring.kafka.producer.retries=5
529+
spring.kafka.producer.acks=all
530+
# Timeout tuning
531+
spring.kafka.producer.request-timeout-ms=10000
532+
spring.kafka.producer.delivery-timeout-ms=30000
533+
spring.kafka.properties.max.block.ms=500
534+
spring.kafka.properties.metadata.max.age.ms=10000
535+
spring.kafka.properties.retry.backoff.ms=1000
536+
spring.kafka.bootstrap-servers=sentrius-kafka:9092

ssh-proxy/pom.xml

Lines changed: 87 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,14 @@
3333
<artifactId>sentrius-dataplane</artifactId>
3434
<version>1.0.0-SNAPSHOT</version>
3535
</dependency>
36+
<dependency>
37+
<groupId>io.kubernetes</groupId>
38+
<artifactId>client-java-api</artifactId>
39+
</dependency>
40+
<dependency>
41+
<groupId>io.kubernetes</groupId>
42+
<artifactId>client-java</artifactId>
43+
</dependency>
3644

3745
<!-- Spring Boot -->
3846
<dependency>
@@ -79,19 +87,84 @@
7987
</dependencies>
8088

8189
<build>
82-
<plugins>
83-
<plugin>
84-
<groupId>org.springframework.boot</groupId>
85-
<artifactId>spring-boot-maven-plugin</artifactId>
86-
<configuration>
87-
<excludes>
88-
<exclude>
89-
<groupId>org.projectlombok</groupId>
90-
<artifactId>lombok</artifactId>
91-
</exclude>
92-
</excludes>
93-
</configuration>
94-
</plugin>
95-
</plugins>
90+
<pluginManagement>
91+
<plugins>
92+
<plugin>
93+
<groupId>com.github.eirslett</groupId>
94+
<artifactId>frontend-maven-plugin</artifactId>
95+
<version>1.13.4</version>
96+
<executions>
97+
<execution>
98+
<id>install node and npm</id>
99+
<goals>
100+
<goal>install-node-and-npm</goal>
101+
</goals>
102+
<phase>generate-resources</phase>
103+
</execution>
104+
<execution>
105+
<id>npm install</id>
106+
<goals>
107+
<goal>npm</goal>
108+
</goals>
109+
<phase>generate-resources</phase>
110+
<configuration>
111+
<arguments>clean-install</arguments>
112+
</configuration>
113+
</execution>
114+
<execution>
115+
<id>grunt build</id>
116+
<goals>
117+
<goal>grunt</goal>
118+
</goals>
119+
<phase>generate-resources</phase>
120+
</execution>
121+
</executions>
122+
<configuration>
123+
<nodeVersion>v16.13.1</nodeVersion>
124+
</configuration>
125+
</plugin>
126+
<plugin>
127+
<groupId>org.springframework.boot</groupId>
128+
<artifactId>spring-boot-maven-plugin</artifactId>
129+
<!-- execution needed if using spring boot as BOM and not as parent -->
130+
<executions>
131+
<execution>
132+
<id>repackage</id>
133+
<goals>
134+
<goal>repackage</goal>
135+
</goals>
136+
</execution>
137+
</executions>
138+
</plugin>
139+
<plugin>
140+
<artifactId>maven-compiler-plugin</artifactId>
141+
</plugin>
142+
143+
<plugin>
144+
<artifactId>maven-clean-plugin</artifactId>
145+
</plugin>
146+
<plugin>
147+
<artifactId>maven-resources-plugin</artifactId>
148+
</plugin>
149+
<plugin>
150+
<artifactId>maven-surefire-plugin</artifactId>
151+
</plugin>
152+
<plugin>
153+
<artifactId>maven-jar-plugin</artifactId>
154+
</plugin>
155+
<plugin>
156+
<artifactId>maven-install-plugin</artifactId>
157+
</plugin>
158+
<plugin>
159+
<artifactId>maven-deploy-plugin</artifactId>
160+
</plugin>
161+
<plugin>
162+
<artifactId>maven-site-plugin</artifactId>
163+
</plugin>
164+
<plugin>
165+
<artifactId>maven-project-info-reports-plugin</artifactId>
166+
</plugin>
167+
</plugins>
168+
</pluginManagement>
96169
</build>
97170
</project>

0 commit comments

Comments
 (0)