Merge branch 'main' into calm-cleanup

Author: jpgough-ms

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -1,7 +1,9 @@
 ---
 name: 🐛 Bug Report
 about: If something isn't working as expected 🤔
-
+type: Bug
+labels: bug
+assignees: ''
 ---
 
 ## Bug Report

.github/ISSUE_TEMPLATE/Feature_proposal.md

@@ -1,6 +1,7 @@
 ---
 name: 🚀 Feature Proposal
 about: Suggest a new feature for an existing project in the monorepo
+type: Feature
 ---
 
 ## Feature Proposal

.github/ISSUE_TEMPLATE/Meeting.md

@@ -1,6 +1,8 @@
 ---
-name: 🤝 Architecture as Code Meeting Agenda (Part of the DevOps Automation SIG)
+name: 🤝 Architecture as Code Meeting Agenda
 about: To track Architecture as Code meeting agenda and attendance
+type: Meeting
+labels: meeting
 ---
 
 ## Date

.github/ISSUE_TEMPLATE/Office_Hours.md

@@ -1,6 +1,8 @@
 ---
 name: 🏢 Architecture as Code Office Hours
 about: Track Office Hours meetings
+type: Meeting
+labels: meeting, office-hours
 ---
 
 ## Date

.github/ISSUE_TEMPLATE/Support_question.md

@@ -1,7 +1,6 @@
 ---
 name: 🤗 Support Question
 about: If you have a question about configuration, usage, etc. 💬
-
 ---
 
 ## Support Question

calm-hub-ui/src/authService.tsx

@@ -1,7 +1,7 @@
 import { UserManager, Log, User } from 'oidc-client';
 
 const config = {
-    authority: 'https://localhost:9443/realms/calm-hub-realm',
+    authority: 'https://calm-hub.finos.org:9443/realms/calm-hub-realm',
     client_id: 'calm-hub-authz-code',
     redirect_uri: window.location.origin,
     response_type: 'code',
@@ -12,9 +12,20 @@ const config = {
     loadUserInfo: true,
 };
 
+//Set AUTH_SERVICE_OIDC_ENABLE to true only when the backend is running with a secure profile and is NOT behind an ADC/Reverse-Proxy that handles user authentication.
+export const AUTH_SERVICE_OIDC_ENABLE: boolean = false;
 let userManager: UserManager | null = null;
-const isHttps = window.location.protocol === 'https:';
-if (isHttps) {
+
+export function isAuthServiceEnabled(): boolean {
+    const oidcEnabled = AUTH_SERVICE_OIDC_ENABLE;
+    const isHttps =
+        typeof window !== 'undefined' &&
+        typeof window.location !== 'undefined' &&
+        window.location.protocol === 'https:';
+    return (oidcEnabled && isHttps);
+}
+
+if (isAuthServiceEnabled()) {
     userManager = new UserManager(config);
     Log.logger = console;
     Log.level = Log.INFO;
@@ -56,7 +67,7 @@ export async function clearSession(): Promise<void> {
 }
 
 export async function getToken(): Promise<string> {
-    if (!isHttps) {
+    if (!AUTH_SERVICE_OIDC_ENABLE) {
         return '';
     }
     const user = await userManager?.getUser();
@@ -76,6 +87,15 @@ export async function getToken(): Promise<string> {
     return '';
 }
 
+export async function getAuthHeaders(): Promise<HeadersInit> {
+    const accessToken = await getToken();
+    const headers: HeadersInit = {};
+    if (accessToken) {
+        headers['Authorization'] = `Bearer ${accessToken}`;
+    }
+    return headers;
+}
+
 export async function checkAuthorityService(): Promise<boolean> {
     try {
         const response = await fetch(config.authority, { method: 'HEAD' });
@@ -93,4 +113,6 @@ export const authService = {
     logout,
     clearSession,
     getToken,
+    getAuthHeaders,
+    isAuthServiceEnabled,
 };

calm-hub-ui/src/index.tsx

@@ -2,7 +2,7 @@ import './index.css';
 import React from 'react';
 import ReactDOM from 'react-dom/client';
 import ProtectedRoute from './ProtectedRoute.js';
-import { authService } from './authService.js';
+import { isAuthServiceEnabled, authService } from './authService.js';
 import App from './App.js';
 
 const root = ReactDOM.createRoot(document.getElementById('root') as HTMLElement);
@@ -19,11 +19,11 @@ const LogoutButton: React.FC = () => {
     );
 };
 
-const isHttps = window.location.protocol === 'https:';
+const isAuthenticationEnabled = isAuthServiceEnabled();
 
 root.render(
     <React.StrictMode>
-        {isHttps ? (
+        {isAuthenticationEnabled ? (
             <ProtectedRoute>
                 <App />
                 <LogoutButton />

calm-hub-ui/src/service/adr-service/adr-service.tsx

@@ -1,5 +1,5 @@
 import axios, { AxiosInstance } from 'axios';
-import { getToken } from '../../authService.js';
+import { getAuthHeaders } from '../../authService.js';
 import { CalmAdrMeta } from '@finos/calm-shared/src/view-model/adr.js';
 
 export class AdrService {
@@ -16,11 +16,10 @@ export class AdrService {
      * Fetch adr IDs for a given namespace and set them using the provided setter function.
      */
     async fetchAdrIDs(namespace: string) : Promise<number[]> {
+        const headers = await getAuthHeaders();
         return this.ax
             .get(`/calm/namespaces/${namespace}/adrs`, {
-                headers: {
-                    Authorization: `Bearer ${await getToken()}`,
-                },
+                headers,
             })
             .then((res) => res.data.values)
             .catch((error) => {
@@ -34,11 +33,10 @@ export class AdrService {
      * Fetch revisions for a given namespace and adr ID and set them using the provided setter function.
      */
     async fetchAdrRevisions(namespace: string, adrID: string): Promise<number[]> {
+        const headers = await getAuthHeaders();
         return this.ax
             .get(`/calm/namespaces/${namespace}/adrs/${adrID}/revisions`, {
-                headers: {
-                    Authorization: `Bearer ${await getToken()}`,
-                },
+                headers,
             })
             .then((res) => res.data.values)
             .catch((error) => {
@@ -52,11 +50,10 @@ export class AdrService {
      * Fetch a specific adr by namespace, adr ID, and revision, and set it using the provided setter function.
      */
     async fetchAdr(namespace: string, adrID: string, revision: string): Promise<CalmAdrMeta> {
+        const headers = await getAuthHeaders();
         return this.ax
             .get(`/calm/namespaces/${namespace}/adrs/${adrID}/revisions/${revision}`, {
-                headers: {
-                    Authorization: `Bearer ${await getToken()}`,
-                },
+                headers,
             })
             .then((res) => res.data)
             .catch((error) => {

calm-hub-ui/src/service/calm-service.tsx

@@ -1,15 +1,15 @@
 import { Data } from '../model/calm.js';
-import { getToken } from '../authService.js';
+import { getAuthHeaders } from '../authService.js';
 
 /**
  * Fetch namespaces and set them using the provided setter function.
  */
 export async function fetchNamespaces(setNamespaces: (namespaces: string[]) => void) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch('/calm/namespaces', {
             method: 'GET',
-            headers: { Authorization: `Bearer ${accessToken}` },
+            headers,
         });
         const data = await res.json();
         setNamespaces(data.values);
@@ -26,10 +26,10 @@ export async function fetchPatternIDs(
     setPatternIDs: (patternIDs: string[]) => void
 ) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(`/calm/namespaces/${namespace}/patterns`, {
             method: 'GET',
-            headers: { Authorization: `Bearer ${accessToken}` },
+            headers,
         });
         const data = await res.json();
         setPatternIDs(data.values.map((num: number) => num.toString()));
@@ -43,10 +43,10 @@ export async function fetchPatternIDs(
  */
 export async function fetchFlowIDs(namespace: string, setFlowIDs: (flowIDs: string[]) => void) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(`/calm/namespaces/${namespace}/flows`, {
             method: 'GET',
-            headers: { Authorization: `Bearer ${accessToken}` },
+            headers,
         });
         const data = await res.json();
         setFlowIDs(data.values.map((id: number) => id.toString()));
@@ -64,10 +64,10 @@ export async function fetchPatternVersions(
     setVersions: (versions: string[]) => void
 ) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(`/calm/namespaces/${namespace}/patterns/${patternID}/versions`, {
             method: 'GET',
-            headers: { Authorization: `Bearer ${accessToken}` },
+            headers,
         });
         const data = await res.json();
         setVersions(data.values);
@@ -85,10 +85,10 @@ export async function fetchFlowVersions(
     setFlowVersions: (flowVersions: string[]) => void
 ) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(`/calm/namespaces/${namespace}/flows/${flowID}/versions`, {
             method: 'GET',
-            headers: { Authorization: `Bearer ${accessToken}` },
+            headers,
         });
         const data = await res.json();
         setFlowVersions(data.values);
@@ -107,12 +107,12 @@ export async function fetchPattern(
     setPattern: (pattern: Data) => void
 ) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(
             `/calm/namespaces/${namespace}/patterns/${patternID}/versions/${version}`,
             {
                 method: 'GET',
-                headers: { Authorization: `Bearer ${accessToken}` },
+                headers,
             }
         );
         const response = await res.json();
@@ -142,12 +142,12 @@ export async function fetchFlow(
     setFlow: (flow: Data) => void
 ) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(
             `/calm/namespaces/${namespace}/flows/${flowID}/versions/${version}`,
             {
                 method: 'GET',
-                headers: { Authorization: `Bearer ${accessToken}` },
+                headers,
             }
         );
         const response = await res.json();
@@ -175,10 +175,10 @@ export async function fetchArchitectureIDs(
     setArchitectureIDs: (architectureIDs: string[]) => void
 ) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(`/calm/namespaces/${namespace}/architectures`, {
             method: 'GET',
-            headers: { Authorization: `Bearer ${accessToken}` },
+            headers,
         });
         const data = await res.json();
         setArchitectureIDs(data.values.map((id: number) => id.toString()));
@@ -196,12 +196,12 @@ export async function fetchArchitectureVersions(
     setVersions: (versions: string[]) => void
 ) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(
             `/calm/namespaces/${namespace}/architectures/${architectureID}/versions`,
             {
                 method: 'GET',
-                headers: { Authorization: `Bearer ${accessToken}` },
+                headers,
             }
         );
         const data = await res.json();
@@ -221,12 +221,12 @@ export async function fetchArchitecture(
     setArchitecture: (architecture: Data) => void
 ) {
     try {
-        const accessToken = await getToken();
+        const headers = await getAuthHeaders();
         const res = await fetch(
             `/calm/namespaces/${namespace}/architectures/${architectureID}/versions/${version}`,
             {
                 method: 'GET',
-                headers: { Authorization: `Bearer ${accessToken}` },
+                headers,
             }
         );
         const response = await res.json();

calm-hub/README.md

@@ -124,14 +124,14 @@ From the `calm-hub` directory
 
 From the `keycloak-dev` directory in `calm-hub`
 
-Create certs for KeyCloak:
+Create self-signed X.509 certificate for Keycloak:
 
 ```shell
   mkdir ./certs &&
   openssl req -x509 -newkey rsa:2048 \
     -keyout ./certs/key.pem \
     -out ./certs/cert.pem -days 90 -nodes \
-    -subj "/C=GB/ST=England/L=Manchester/O=finos/OU=Technology/CN=idp.finos.org"
+    -subj "/C=GB/ST=England/L=Manchester/O=finos/OU=Technology/CN=calm-hub.finos.org"
 ```
 
 Launch KeyCloak:
@@ -142,12 +142,12 @@ docker-compose up
 - Open KeyCloak UI: https://localhost:9443, login with admin user.
 - Switch realm from `master` to `calm-hub-realm`.
 - You can find a `demo` user with a temporary credentials under `calm-hub-realm` realm.
-- During the local development, the `demo` user you can use to authenticate with `keycloak-dev` when you integrate the `calm-ui` with `authorization-code` flow type.
+- During local development, you can use the `demo` user to authenticate with `keycloak-dev` when integrating calm-ui using the `authorization code flow`.
 
 #### Server Side with secure profile
 
 From the `calm-hub` directory
-1. Create a server side certificates
+1. Create a server-side certificate
     ```shell
     openssl req -x509 -newkey rsa:2048 \
       -keyout ./src/main/resources/key.pem \
@@ -156,7 +156,11 @@ From the `calm-hub` directory
     ```
 2. `../mvnw package`
 3. `../mvnw quarkus:dev -Dquarkus.profile=secure`
-4. Open Calm UI: https://localhost:8443
+4. When using a self-signed certificate, you have two options to avoid the `No name matching localhost found` CertificateException in the backend.
+   1. Add a host entry in `/etc/hosts` file, for example `127.0.0.1 calm-hub.finos.org`
+   2. Alternatively, create the self-signed certificate with localhost as the CN or SAN.
+5. Some browsers may block `.well-known` endpoints that use self-signed certificates (e.g., https://calm-hub.finos.org:9443/realms/calm-hub-realm/.well-known/openid-configuration). Ensure these endpoints are accessible in your browser before accessing `calm-hub-ui`.
+6. Open Calm UI at the URL matching your self-signed certificate’s CN: https://calm-hub.finos.org:8443 or https://localhost:8443.
 
 ### UI with hot reload (from src/main/webapp)