From f2a1ce4f0fa52d9a9c3dd3071f3bd3a1a7984047 Mon Sep 17 00:00:00 2001 From: amandilaras Date: Thu, 25 Apr 2024 11:48:25 +0300 Subject: [PATCH] init microservice deployment commit --- .env | 5 - Jenkinsfile | 66 - deployment/.env | 26 + deployment/docker-compose.override.yml | 314 ++ deployment/docker-compose.yml | 115 + .../elasticsearch/certificates/ca/ca-key.pem | 28 + .../elasticsearch/certificates/ca/ca.crt | 21 + .../elasticsearch/elasticsearch.crt | 20 + .../elasticsearch/elasticsearch.key | 28 + .../certificates/elasticsearch/v3.ext | 12 + .../elasticsearch/config/elasticsearch.yml | 19 + .../elasticsearch/config/log4j2.properties | 179 + .../elk/config-elk/elasticsearch/elastic.env | 16 + .../config-elk/kibana/certificates/ca/ca.crt | 20 + .../config-elk/kibana/certificates/kibana.crt | 20 + .../config-elk/kibana/certificates/kibana.key | 27 + .../elk/config-elk/kibana/config/kibana.yml | 15 + deployment/elk/elasticsearch/Dockerfile | 18 + deployment/elk/filebeat/Dockerfile | 14 + deployment/elk/kibana/Dockerfile | 14 + deployment/elk/logstash/Dockerfile | 19 + deployment/gotenberg/gotenberg.env | 4 + .../keycloak/certs/keycloak-selfsigned.crt | 23 + .../keycloak/certs/keycloak-selfsigned.key | 28 + .../keycloak/imports/opendmp-realm.json | 3368 +++++++++++++++++ deployment/keycloak/keycloak.env | 23 + deployment/postgres/keycloak_init.sql | Bin 0 -> 141953 bytes deployment/postgres/opendmp_init.sql | Bin 0 -> 131919 bytes deployment/postgres/postgres.env | 4 + deployment/proxy/ProxyNginx.conf | 147 + deployment/proxy/nginx-selfsigned.crt | 23 + deployment/proxy/nginx-selfsigned.key | 28 + deployment/proxy/nginx.conf | 32 + deployment/proxy/proxy.env | 4 + deployment/rabbitmq/rabbitmq.env | 3 + docker-compose.override.yml | 90 - docker-compose.yml | 122 - 37 files changed, 4612 insertions(+), 283 deletions(-) delete mode 100644 .env delete mode 100644 Jenkinsfile create mode 100644 deployment/.env create mode 100644 deployment/docker-compose.override.yml create mode 100644 deployment/docker-compose.yml create mode 100644 deployment/elk/config-elk/elasticsearch/certificates/ca/ca-key.pem create mode 100644 deployment/elk/config-elk/elasticsearch/certificates/ca/ca.crt create mode 100644 deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.crt create mode 100644 deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.key create mode 100644 deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/v3.ext create mode 100644 deployment/elk/config-elk/elasticsearch/config/elasticsearch.yml create mode 100644 deployment/elk/config-elk/elasticsearch/config/log4j2.properties create mode 100644 deployment/elk/config-elk/elasticsearch/elastic.env create mode 100644 deployment/elk/config-elk/kibana/certificates/ca/ca.crt create mode 100644 deployment/elk/config-elk/kibana/certificates/kibana.crt create mode 100644 deployment/elk/config-elk/kibana/certificates/kibana.key create mode 100644 deployment/elk/config-elk/kibana/config/kibana.yml create mode 100644 deployment/elk/elasticsearch/Dockerfile create mode 100644 deployment/elk/filebeat/Dockerfile create mode 100644 deployment/elk/kibana/Dockerfile create mode 100644 deployment/elk/logstash/Dockerfile create mode 100644 deployment/gotenberg/gotenberg.env create mode 100644 deployment/keycloak/certs/keycloak-selfsigned.crt create mode 100644 deployment/keycloak/certs/keycloak-selfsigned.key create mode 100644 deployment/keycloak/imports/opendmp-realm.json create mode 100644 deployment/keycloak/keycloak.env create mode 100644 deployment/postgres/keycloak_init.sql create mode 100644 deployment/postgres/opendmp_init.sql create mode 100644 deployment/postgres/postgres.env create mode 100644 deployment/proxy/ProxyNginx.conf create mode 100644 deployment/proxy/nginx-selfsigned.crt create mode 100644 deployment/proxy/nginx-selfsigned.key create mode 100644 deployment/proxy/nginx.conf create mode 100644 deployment/proxy/proxy.env create mode 100644 deployment/rabbitmq/rabbitmq.env delete mode 100644 docker-compose.override.yml delete mode 100644 docker-compose.yml diff --git a/.env b/.env deleted file mode 100644 index 1e68e910f..000000000 --- a/.env +++ /dev/null @@ -1,5 +0,0 @@ -PROFILE=docker - -# Version of Elastic products -ELK_VERSION=7.17.4 -STACK_VERSION=7.17.4 diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 40de9c9ea..000000000 --- a/Jenkinsfile +++ /dev/null @@ -1,66 +0,0 @@ -def pipelineContext = [:] - -pipeline { - agent any - - options { - skipDefaultCheckout(true) - } - - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Build API') { - steps { - script { - pipelineContext.apiImage = docker.build("open-dmp-api:${env.BUILD_ID}", "-f dmp-backend/Dockerfile.CI dmp-backend/") - } - } - } - stage('Build WebApp') { - steps { - script { - pipelineContext.webappImage = docker.build("open-dmp-webapp:${env.BUILD_ID}", "-f dmp-frontend/Dockerfile.CI dmp-frontend/") - } - } - } - //stage('SonarQube analysis') { - // steps { - // script { - // def scannerHome = tool 'SonarQube Scanner 4.3'; - // withSonarQubeEnv('SonarQube') { // If you have configured more than one global server connection, you can specify its name - // sh "${scannerHome}/bin/sonar-scanner" - // } - // } - // } - //} - //// waiting for sonar results based into the configured web hook in Sonar server which push the status back to jenkins - //stage('SonarQube scan result check') { - // steps { - // timeout(time: 2, unit: 'MINUTES') { - // retry(3) { - // script { - // def qg = waitForQualityGate() - // if (qg.status != 'OK') { - // error "Pipeline aborted due to quality gate failure: ${qg.status}" - // } - // } - // } - // } - // } - //} - stage('Pushing to Docker Registry') { - steps { - script { - docker.withRegistry('http://drepo.local.cite.gr', 'b2c651c1-9a3b-4a98-a6da-e1dd7a20f512') { - pipelineContext.apiImage.push() - pipelineContext.webappImage.push() - } - } - } - } - } -} \ No newline at end of file diff --git a/deployment/.env b/deployment/.env new file mode 100644 index 000000000..c686f26fb --- /dev/null +++ b/deployment/.env @@ -0,0 +1,26 @@ +###################### GENERAL ######################### +#User that is used to deploy the containers +DEPLOY_USER=root + +#version selections +PROXY_TAG=mainline-alpine +MAIN_APP_TAG=2.1.3 +NOTIFICATION_APP_TAG=2.1.3 +ANNOTATION_APP_TAG=2.1.3 +DOCX_APP_TAG=0.0.8 +JSON_APP_TAG=0.0.6 +ZENODO_APP_TAG=2.0.4 +ELK_VERSION=8.13.12 +KEYCLOAK_TAG=24.0.2 +GOTENBERG_TAG=8.4.0 +POSTGRES_TAG=16-alpine + +#Application configuration +DOCKER_REGISTRY=crepo.cite.gr/ +PROFILE=staging + +#port speficiations +SERVER_PORT=8080 +PROXY_APP_PORT=8081 +PROXY_MS_PORT=8082 +POSTGRES_PORT=5432 \ No newline at end of file diff --git a/deployment/docker-compose.override.yml b/deployment/docker-compose.override.yml new file mode 100644 index 000000000..b9af6b701 --- /dev/null +++ b/deployment/docker-compose.override.yml @@ -0,0 +1,314 @@ +version: "2.4" + +services: +############################## PROXY ######################################## + opendmp.proxy: + user: ${DEPLOY_USER}:${DEPLOY_USER} + restart: unless-stopped + cpus: 1 + mem_limit: 256m + ports: + - "${PROXY_APP_PORT}:8081" + - "${PROXY_MS_PORT}:8082" + env_file: + - /proxy/proxy.env + volumes: + - /proxy/nginx.conf:/etc/nginx/nginx.conf + - /proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf + - /proxy/nginx-selfsigned.crt:/certifcates/cert.crt + - /proxy/nginx-selfsigned.key:/certifcates/key.key + - /logs/proxy:/tmp/logs + networks: + - opendmp-proxy-network + +############################## OPENDMP APP ################################# + opendmp.backend: + user: ${DEPLOY_USER}:${DEPLOY_USER} + restart: unless-stopped + cpus: 1 + mem_limit: 2048m + environment: + - PROFILE=${PROFILE} + ports: + - "8080" + volumes: + - /opendmp/backend/config:/config + - /opendmp/backend/certificates:/certificates + - /opendmp/backend/i18n:/i18n + - /opendmp/backend/material:/material + - /opendmp/backend/Semantics.json:/Semantics.json + - /storage/backend:/storage + - /logs/backend:/logs + networks: + - opendmp-proxy-network + - opendmp-backend-network + - opendmp-plugins-network + - opendmp-gotenberg-shared-network + - opendmp-elastic-shared-network + - opendmp-keycloak-shared-network + - opendmp-postgres-shared-network + - opendmp-rabbitmq-shared-network + + opendmp.frontend: + restart: unless-stopped + cpus: 1 + mem_limit: 2048m + ports: + - "8080" + volumes: + - /opendmp/webapp/config.json:/usr/share/nginx/html/assets/config/config.json + - /opendmp/webapp/nginx.conf:/etc/nginx/nginx.conf + - /opendmp/webapp/WebAppNginx.conf:/etc/nginx/conf.d/default.conf + networks: + - opendmp-proxy-network + + opendmp.notification: + user: ${DEPLOY_USER}:${DEPLOY_USER} + cpus: 1 + mem_limit: 1024m + restart: unless-stopped + ports: + - "8080" + environment: + - PROFILE=${PROFILE} + volumes: + - /opendmp/notification-api/config:/config + - /opendmp/notification-api/messages:/messages + - /opendmp/notification-api/notification_templates:/notification_templates + - /logs/notification-api:/logs + networks: + - opendmp-proxy-network + - opendmp-backend-network + - opendmp-plugins-network + - opendmp-rabbitmq-shared-network + - opendmp-keycloak-shared-network + - opendmp-postgres-shared-network + + opendmp.annotation: + user: ${DEPLOY_USER}:${DEPLOY_USER} + cpus: 1 + mem_limit: 1024m + restart: unless-stopped + ports: + - "8080" + environment: + - PROFILE=${PROFILE} + volumes: + - /opendmp/annotation-api/config:/config + - /opendmp/annotation-api/messages:/messages + - /logs/annotation-api:/logs + networks: + - opendmp-proxy-network + - opendmp-backend-network + - opendmp-plugins-network + - opendmp-rabbitmq-shared-network + - opendmp-keycloak-shared-network + - opendmp-postgres-shared-network + +############################## FILE-TRANSFORMER ################################# + + opendmp.file.transformer.docx: + user: ${DEPLOY_USER}:${DEPLOY_USER} + restart: unless-stopped + cpus: 1 + mem_limit: 1024m + expose: + - "8080" + environment: + - SERVER_PORT=${SERVER_PORT} + - PROFILE=${PROFILE} + volumes: + - /opendmp/file-transformer-docx/config:/config + - /logs/file-transformer-docx:/logs + - /storage/file-transformer-docx:/storage + networks: + - opendmp-backend-network + - opendmp-plugins-network + - opendmp-gotenberg-shared-network + + opendmp.file.transformer.rdajson: + user: ${DEPLOY_USER}:${DEPLOY_USER} + restart: unless-stopped + cpus: 1 + mem_limit: 1024m + expose: + - "8080" + environment: + - SERVER_PORT=${SERVER_PORT} + - PROFILE=${PROFILE} + volumes: + - /opendmp/file-transformer-rda-json/config:/config + - /opendmp/file-transformer-rda-json/internal:/internal + - /logs/file-transformer-rda-json:/logs + - /storage/file-transformer-rda-json:/storage + networks: + - opendmp-backend-network + - opendmp-plugins-network + +############################## ZENODO ####################################### + # opendmp.zenodo: + # user: ${DEPLOY_USER}:${DEPLOY_USER} + # restart: unless-stopped + # cpus: 1 + # mem_limit: 1024m + # expose: + # - "8080" + # environment: + # - PROFILE=${PROFILE} + # volumes: + # - /opendmp/zenodo/config:/config + # - /opendmp/zenodo/zenodo.jpg:/zenodo.jpg + # - /logs/zenodo:/logs + # networks: + # - opendmp-plugins-network + # - opendmp-keycloak-shared-network + +############################## POSTGRES 16 ################################# + + opendmp.postgres: + user: ${DEPLOY_USER}:${DEPLOY_USER} + restart: unless-stopped + mem_limit: 2048M + ports: + # - "127.0.0.1:${POSTGRES_PORT}:5432" + - "${POSTGRES_PORT}:5432" + env_file: + - postgres/postgres.env + volumes: + - /postgres/opendmp_init.sql:/docker-entrypoint-initdb.d/opendmp_init.sql + - /postgres/keycloak_init.sql:/docker-entrypoint-initdb.d/keycloak_init.sql + - /storage/postgres/data:/var/lib/postgresql/data + networks: + - opendmp-keycloak-shared-network + +################################# ELK ################################################# + opendmp.elasticsearch: + user: ${DEPLOY_USER}:${DEPLOY_USER} + group_add: + - 0 + restart: unless-stopped + cpus: 2 + mem_limit: 1024m + env_file: + - /elk/config-elk/elasticsearch/elastic.env + environment: + - "ES_JAVA_OPTS=-Xmx512m -Xms512m" + ulimits: + nproc: 65535 + memlock: + soft: -1 + hard: -1 + volumes: + - /elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates + - /elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro + - /elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro + - /elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data + - /elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs + expose: + - "9200" + - "9300" + networks: + - opendmp-elastic-network + - opendmp-elastic-shared-network + healthcheck: + test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi + interval: 30s + timeout: 10s + retries: 5 + + # opendmp.logstash: + # volumes: + # - /elk/data-elk/logstash-log:/usr/share/logstash/logs + + opendmp.kibana: + user: ${DEPLOY_USER}:${DEPLOY_USER} + restart: unless-stopped + cpus: 2 + mem_limit: 1024m + environment: + - xpack.license.self_generated.type=basic + - xpack.security.enabled=true + volumes: + - /elk/config-elk/kibana/certificates:/usr/share/kibana/certificates + - /elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities + - /elk/config-elk/kibana/config:/usr/share/kibana/config:ro + expose: + - "5601" + networks: + - opendmp-elastic-network + + # opendmp.filebeat: + + +############################## KEYCLOAK ############################################### + opendmp.keycloak: + restart: unless-stopped + command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"] + cpus: 1 + mem_limit: 1024M + security_opt: + - seccomp:unconfined + env_file: + - /keycloak/keycloak.env + environment: + - JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true" + volumes: + - /logs/keycloak:/tmp/logs + - /keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json + - /keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro + - /keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro + expose: + - "8443" + networks: + - opendmp-proxy-network + - opendmp-keycloak-shared-network + +############################## RABBITMQ ############################################### + opendmp.rabbitmq: + labels: + NAME: "rabbitmq" + cpus: 1 + mem_limit: 512m + restart: unless-stopped + expose: + - "15672" + - "5672" + env_file: + - /rabbitmq/rabbitmq.env +# volumes: +# - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro + networks: + - opendmp-proxy-network + - opendmp-rabbitmq-shared-network + +############################## GOTENBERG ############################################## + opendmo.gotenberg: + mem_limit: 2048m + restart: unless-stopped + expose: + - "3000" + hostname: gotenberg + env_file: + - /gotenberg/gotenberg.env + networks: + - opendmp-gotenberg-shared-network + +networks: + opendmp-proxy-network: + opendmp-backend-network: + opendmp-plugins-network: + opendmp-keycloak-shared-network: + external: + name: opendmp-keycloak-shared-network + opendmp-gotenberg-shared-network: + external: + name: opendmp-gotenberg-shared-network + opendmp-rabbitmq-shared-network: + external: + name: opendmp-rabbitmq-shared-network + opendmp-elastic-shared-network: + external: + name: opendmp-elastic-shared-network + opendmp-postgres-shared-network: + external: + name: opendmp-postgres-shared-network \ No newline at end of file diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml new file mode 100644 index 000000000..1d9db08fa --- /dev/null +++ b/deployment/docker-compose.yml @@ -0,0 +1,115 @@ +version: "2.4" + +services: +############################## PROXY ######################################## + opendmp.proxy: + container_name: opendmp.proxy + image: nginx:${PROXY_TAG} + +############################## OPENDMP APP ################################# + + opendmp.frontend: + container_name: opendmp.frontend + image: ${DOCKER_REGISTRY}open-dmp-webapp:${MAIN_APP_TAG} + depends_on: + - opendmp.backend + - opendmp.notification + - opendmp.annotation + + opendmp.backend: + container_name: opendmp.backend + image: ${DOCKER_REGISTRY}open-dmp-api:${MAIN_APP_TAG} + depends_on: + - opendmp.postgres + + opendmp.notification: + container_name: opendmp.notification + image: ${DOCKER_REGISTRY}open-dmp-notification-api:${NOTIFICATION_APP_TAG} + depends_on: + - opendmp.postgres + + opendmp.annotation: + container_name: opendmp.annotation + image: ${DOCKER_REGISTRY}open-dmp-annotation-api:${ANNOTATION_APP_TAG} + depends_on: + - opendmp.postgres + +############################## FILE-TRANSFORMERS ####################################### + + opendmp.file.transformer.docx: + container_name: opendmp.file.transformer.docx + image: ${DOCKER_REGISTRY}file-transformation-docx-api:${DOCX_APP_TAG} + depends_on: + - opendmp.backend + + opendmp.file.transformer.rdajson: + container_name: opendmp.file.transformer.rdajson + image: ${DOCKER_REGISTRY}file-transformation-rda-json-api:${JSON_APP_TAG} + depends_on: + - opendmp.backend + +################################ ZENODO ############################################### + # opendmp.zenodo: + # container_name: opendmp.zenodo + # image: ${DOCKER_REGISTRY}repository-deposit-zenodo:${ZENODO_APP_TAG} + # depends_on: + # - opendmp.backend + +############################## POSTGRES 16 ############################################ + opendmp.postgres: + container_name: opendmp.postgres + image: postgres:${POSTGRES_TAG} + +################################# ELK ################################################# + opendmp.elasticsearch: + container_name: opendmp.elasticsearch + image: elasticsearch + build: + context: /elk/elasticsearch/ + args: + ELK_VERSION: $ELK_VERSION + + # opendmp.logstash: + # container_name: opendmp.logstash + # image: logstash + # build: + # context: /elk/logstash/ + # args: + # ELK_VERSION: $ELK_VERSION + # depends_on: + # - opendmp.elasticsearch + + opendmp.kibana: + container_name: opendmp.kibana + image: kibana + build: + context: /elk/kibana/ + args: + ELK_VERSION: $ELK_VERSION + depends_on: + - opendmp.elasticsearch + + # opendmp.filebeat: + # container_name: opendmp.filebeat + # image: filebeat + # build: + # context: /elk/filebeat/ + # args: + # ELK_VERSION: $ELK_VERSION + # depends_on: + # - opendmp.logstash + +############################## KEYCLOAK ############################################### + opendmp.keycloak: + container_name: opendmp.keycloak + image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG} + +############################## RABBITMQ ############################################### + opendmp.rabbitmq: + container_name: opendmp.rabbitmq + image: rabbitmq:${RABBITMQ_TAG} + +############################## GOTENBERG ############################################## + opendmp.gotenberg: + image: gotenberg/gotenberg:${GOTENBERG_TAG} + container_name: opendmp.gotenberg diff --git a/deployment/elk/config-elk/elasticsearch/certificates/ca/ca-key.pem b/deployment/elk/config-elk/elasticsearch/certificates/ca/ca-key.pem new file mode 100644 index 000000000..fa1b4b8b1 --- /dev/null +++ b/deployment/elk/config-elk/elasticsearch/certificates/ca/ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC3Ijv7bT86kta/ +1wx0nMbtZvXF5Hfmt1n3087NcOi/JdjnSmF7JfTCXjzKQtOKrv2tLGkaXfrzerL+ +yPBKuffTMk80vHSixmrH71IX0DriKNxnW6RNg1j3R3igVVsGTNdUbI26dc3RZpKR +gb7u/HqR1GTLD6EfrcL655aitCmywvyzLQ/x1BWZ3WjaMONT1DdU7I1GXhqv96be +Sbi2dQUdogNFGhiK9WwFrKJpeSERlOl6jPBqoYRZjBlgJ/DlmWhvlKwj91ilYeOd +ifsB9e7F9lwUbADsSGTOKKqBIX29ZcFkXwJshtm6CIQXWnvz+jl46mu5ScEU+iwr +mvILVUIJAgMBAAECggEAEgO3WEp9FYczwj/GfSMd62T9KLgKdmLTYg5PEcT5VDJG +JaxarflEHCmWe8P6mLIRiKstdJdJlBFeEbOU9ZjZEMiqY3LlW0y+3MeFMQv9+tjP +o4gvf6N7ySlZ65Wx5EsDRI4AHBcyBZb8NH2JmWszKGy29IWnUR0v6KwG1J752hhq +vTO9aMaz3MTstKTal0cDJRaTjPctzXVSyJSTeClNpl8mFDYbCUR/PPklZbAx9CyY +K6orDCUBGOH2wK85+l9uFaUWOcupKBhg99MKZTpX/6tIgqbCuBfN8FBk0LztJ/Uo +SZAHf5QIt6eTmcBtarlbsTV0TeJj5llVUGynHTBvQQKBgQC+ZTbTkbfHIgbVqDeU +YkBiKul4M8xzIOsogNtZVevL7R2KSco1TUmcY7SDq8flshtZJb6utXUXCUprNsZl +OOM7QpXxfnYKTjv39NTM4eCCzvMcDpBRmBQmQkka+2NbAxMTy91T709EAiqgia+m +tszU93IGIle9abv9Fo1giw/lqQKBgQD2PHhwtmVT3B/H/ywtadCmyfHm+kHi8IWR +y//EvLjDgI+SzwIgM2ABLAkKqg1VXkgZ741AxaQkkcP+NgJ2saY0cJCKBr/SPyRe +jTfbWWfH89Mf3EVl2fxkG3YL1EJu+boup3l9L1rGpK9japAIMNOXh8S4A5WCOZLr +Hk6FuTF1YQKBgEr8K9qpcjrQMObm6HTdOUQwaGD57ZSOK295SGpnx4U6Lr8vDp9t +gAdC0W5mMkVJnzG+BtpiBup6sz+EhCCLhhrpv4or5ytp4n5mg4TplPWPsfmj1rz7 +6zuiMY6Z4WiPzmymhtWu04YSYF13vKEpL4TUq6i0z99+jBZCUo3qVul5AoGAcYNG +8o7i/1nGvOgBcZ4KNhl6jsRngzrmGGQ2sHdfpaCqjz8m97k3VNL8CBKEuwoPqwUn +1OhH1yPrelFjqVwUBrCtsTOTUlURaxUm3tPEaAUbGuDsjRuEopGWRbXAOnCdR8yk +0PT3oANjZy1E4MHBiWVpZnsgfTwVYpZCFJtfFYECgYBkyF06DC0DhZZ0AEZpJHxf +xbP/1gq7KlBzR6WSSRzPxX/3VOdBuGs7qYP1orDEF9wG/0Jk35Ek+PcT97j6s0gE +a4Zd8iYpSdgd36L+5uBxgRsavr/Xf4lQECRTQYfKUVhKhhCT1xjOUAAr52Vl+8V/ +5sIcUBUzbXDpZvyR/67pxQ== +-----END PRIVATE KEY----- diff --git a/deployment/elk/config-elk/elasticsearch/certificates/ca/ca.crt b/deployment/elk/config-elk/elasticsearch/certificates/ca/ca.crt new file mode 100644 index 000000000..9266570ad --- /dev/null +++ b/deployment/elk/config-elk/elasticsearch/certificates/ca/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcTCCAlmgAwIBAgIUE5s/YTgomqob7mc88HmQUn/sHkswDQYJKoZIhvcNAQEL +BQAwRzELMAkGA1UEBhMCR1IxDTALBgNVBAgMBENJVEUxDDAKBgNVBAcMA0FUSDEN +MAsGA1UECgwEQ0lURTEMMAoGA1UEAwwDZWxrMCAXDTIyMDkwODA3Mzg0NFoYDzIx +MjIwODE1MDczODQ0WjBHMQswCQYDVQQGEwJHUjENMAsGA1UECAwEQ0lURTEMMAoG +A1UEBwwDQVRIMQ0wCwYDVQQKDARDSVRFMQwwCgYDVQQDDANlbGswggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Ijv7bT86kta/1wx0nMbtZvXF5Hfmt1n3 +087NcOi/JdjnSmF7JfTCXjzKQtOKrv2tLGkaXfrzerL+yPBKuffTMk80vHSixmrH +71IX0DriKNxnW6RNg1j3R3igVVsGTNdUbI26dc3RZpKRgb7u/HqR1GTLD6EfrcL6 +55aitCmywvyzLQ/x1BWZ3WjaMONT1DdU7I1GXhqv96beSbi2dQUdogNFGhiK9WwF +rKJpeSERlOl6jPBqoYRZjBlgJ/DlmWhvlKwj91ilYeOdifsB9e7F9lwUbADsSGTO +KKqBIX29ZcFkXwJshtm6CIQXWnvz+jl46mu5ScEU+iwrmvILVUIJAgMBAAGjUzBR +MB0GA1UdDgQWBBQSAI1g3+gAsT5BHVfaWPlNFy9IgjAfBgNVHSMEGDAWgBQSAI1g +3+gAsT5BHVfaWPlNFy9IgjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQCmR4cz47QtGX1xn2Rrl1NdLX2wiS2y7P4xRGzKeAYZIHLZWW/GaJDb+yw9 +Cz9qjhuBhGqfIeh8QryRgPotd64Oef0MscC+oFfprWxQA0svP83sITr9BazGb4A4 +LcIToVHZtIMnak119k1RsNYpzADDBxnaaODs3xCe21dfCVI/ea+wSPiUY3vvZZDn +KejJclhRnQFV3yQ7hMdR9tq0BndWtqHrappa3oX2JU1yi/x3Ndi6dOMk+x7+kc4Q +OAtzcXa29kowAyLUMHhGYwcsJp8ysa6Xlltqt/kkI+3CgbTl/egUU9igysMKDyMM +0LQcef+IQwmeHfD1RAW2ksW2OOx5 +-----END CERTIFICATE----- diff --git a/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.crt b/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.crt new file mode 100644 index 000000000..ebce955cd --- /dev/null +++ b/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDXDCCAkSgAwIBAgIUK8FEbNAIdyPoRF/pTyqNuL3kP54wDQYJKoZIhvcNAQEL +BQAwRzELMAkGA1UEBhMCR1IxDTALBgNVBAgMBENJVEUxDDAKBgNVBAcMA0FUSDEN +MAsGA1UECgwEQ0lURTEMMAoGA1UEAwwDZWxrMCAXDTIyMDkwODA4MjgxM1oYDzIx +MjIwODE1MDgyODEzWjAYMRYwFAYDVQQDDA1lbGFzdGljc2VhcmNoMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoC6DoPC1kesTH0cKs1blVW8ddsQ3VmFO +ROJiUorhDIHB3sXJhCSw0hxZFNZtqgG35CTa5w3XiQMT1fr6Ar/ztOQmARg9CMQa +mOf8gR+tMTSwP7zr7WBR/1Q+GseeOnthFOfvfq7LLpRs8VNb/mhcSIjJsT9kMNXN +5iHIyEuGhQSwPZDUYx+6Ag4belQLvic+QYDhwvujtPFWj8qLSG7kTpbBK5ahH/5E +mvT5mpOYTR10f3LG4DKw7t6qG9tzh4WkwR0JYmlgxpAA/HBSa/QjS7CGxLrA4Sop +gQF8KQPEP/0w98EbYpBUPS5jqbkBr6093M7Epksi86oRjtbcXAT0qwIDAQABo20w +azApBgNVHREEIjAggg1lbGFzdGljc2VhcmNogglsb2NhbGhvc3SHBH8AAAEwHQYD +VR0OBBYEFC/cKMOAVbx8bwyoKdg2Oiej9xoSMB8GA1UdIwQYMBaAFBIAjWDf6ACx +PkEdV9pY+U0XL0iCMA0GCSqGSIb3DQEBCwUAA4IBAQBo42FOuxIMeIiMaKa347gc +WsHpkazYOA6iHK5xXPsVUU1xSCLKp5HLCC04FU5P9njCDyZo1e/SR6rirQJJHEtT +SAn7iabREE+vy0oN3JnyV+eJPmKWxlqeFr9Cs9uIXQbgjwyyj9rxT06eLr3M1MA1 +IsARV2eyxcgS5sCC8JBCEpKR4jLRrpAs0tGJOeIh1cmf/1id+NQaDa14sLFKHBH1 +3+6TfBPrhJoGqFz92jV2airr7dppyCXgmWymVc66iD00Nak6Bvchg6ARTkqJnfoZ +2/Tz7asHV2V052ZLiow7Si34nS/9Hp8F8vUaj+FYXowvGwQUXLQIg/53KXh7piuW +-----END CERTIFICATE----- diff --git a/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.key b/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.key new file mode 100644 index 000000000..2dfbc1141 --- /dev/null +++ b/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgLoOg8LWR6xMf +RwqzVuVVbx12xDdWYU5E4mJSiuEMgcHexcmEJLDSHFkU1m2qAbfkJNrnDdeJAxPV ++voCv/O05CYBGD0IxBqY5/yBH60xNLA/vOvtYFH/VD4ax546e2EU5+9+rssulGzx +U1v+aFxIiMmxP2Qw1c3mIcjIS4aFBLA9kNRjH7oCDht6VAu+Jz5BgOHC+6O08VaP +yotIbuROlsErlqEf/kSa9Pmak5hNHXR/csbgMrDu3qob23OHhaTBHQliaWDGkAD8 +cFJr9CNLsIbEusDhKimBAXwpA8Q//TD3wRtikFQ9LmOpuQGvrT3czsSmSyLzqhGO +1txcBPSrAgMBAAECggEAJdOmMPj3H9zgGKhJrh1Mrha94gCnQsZa2eiOKIj0aWQx +GL8jfgm+Gfgoz0NuBVI/j2hmq1648fmgkw0gQkr7LdIc6XBEZZAN6eMK3aFR4Idd +QcgG/PkclAvcWK2gP5ZIUEwPYh68C6VwbrLtTBBwDo8C9lEOg3vSElETHb28KCgZ +sC0wLres01crLF0Azh+m3cx+p/6TBLfpBIrM0HQn1Lmn/dP6BKcRDoncE+GcKjE1 +JZcgypdC4Juq2WctMNbBvgt+7AjVB1n9ejrUN5rlK+JP3Xa7D4zvc79CDX+BP2C2 +X57ZT4Pff5mPF70zrlqGQNnBep09UxZTRnHDRMWzZQKBgQDfMT+G+x49TZYuaiQC +gKguQ0k8F6nnrmz0rz2MNJiZ9oTYAtz5wRQ25KkbqTc7beKecSykp5izoluzgSJu +dTFh11SO1i63kMzpFFyBui3rSoUjAq+sMzRY5ERyUsG90tsaAl2a9PT3M9b5a0XC +8f1cDhKt+JQtaYRiZZJsC4Ru1wKBgQC3uirv92/dq1RcuWBf/yt2n6/JY9+9k1NI +vDzQtVI0Q3OZfRX9Rn9/+h3fSXTG3w7p5FqfNguHYPbLNzO+6WxxeuDveAL3Nx4/ +HSURjbiK+ppYDwyeY4IgKgeq2mRrIZC4rSqEsrJMLnNiDRYaVTWZczqGLT5oZ5cT +lBLDD6+STQKBgDhi68bBOIGKUW/GdvR+5n5Rl3XsEIusoHAsuaLrQsZa5nLgPk2G +vwGjQSnw1ThZaZBXzUyH3uc7FGnELRu01dX/Hai8aa8MkQgtkbVggOtZt0sCCbm6 +cfYnLTeourOnSp1GjblxO1YcranztPssQbL5BzUWgPD8IGrveE99lWafAoGAG6q4 +PoynVt0vBguQXMRjOijP4ubcUYL2/rQCAHfdmisyJEH25r4QAyiaCP7Zy/zZFRWj +I+iSkd9jKrT0YOJrxyb26njLEYlGT8DGzT7nNF6KkYoqn0ti1A8gOnVKu+tBDN5e +0b7LJLe1/mT0GCEOwj3c6Um05Sn8USFyNdeN290CgYBSdmwqJYUGJXVGTCn2Ff4Z +jdFtN/Q9kFDhCCYVV1XAJ5mdX4k77HIw5EAlDXM0EZnhQAec+RSKIO7Oc+9krmFq +R1lCT/s7UDsitQBDmkQs+12PEILuk+Qbdan+CwTLwCik06vj+VzZhHylFoOMJLdm +lf4Bnd2TNNykAsd2jy5cAg== +-----END PRIVATE KEY----- diff --git a/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/v3.ext b/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/v3.ext new file mode 100644 index 000000000..e1300cc32 --- /dev/null +++ b/deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/v3.ext @@ -0,0 +1,12 @@ +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext +[ req_distinguished_name ] +commonName = elasticsearch +[ req_ext ] +subjectAltName = @alt_names +[alt_names] +DNS.1 = elasticsearch +DNS.2 = localhost +IP.1 = 127.0.0.1 \ No newline at end of file diff --git a/deployment/elk/config-elk/elasticsearch/config/elasticsearch.yml b/deployment/elk/config-elk/elasticsearch/config/elasticsearch.yml new file mode 100644 index 000000000..1de846498 --- /dev/null +++ b/deployment/elk/config-elk/elasticsearch/config/elasticsearch.yml @@ -0,0 +1,19 @@ +--- +## Default Elasticsearch configuration from elasticsearch-docker. +## from https://github.com/elastic/elasticsearch-docker/blob/master/build/elasticsearch/elasticsearch.yml +# +network.host: 0.0.0.0 + +# minimum_master_nodes need to be explicitly set when bound on a public IP +# set to 1 to allow single node clusters +# Details: https://github.com/elastic/elasticsearch/pull/17288 +# discovery.zen.minimum_master_nodes: 1 + +## Use single node discovery in order to disable production mode and avoid bootstrap checks +## see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html +# +discovery.type: single-node +## Search Guard +# + + diff --git a/deployment/elk/config-elk/elasticsearch/config/log4j2.properties b/deployment/elk/config-elk/elasticsearch/config/log4j2.properties new file mode 100644 index 000000000..b4e59ffb8 --- /dev/null +++ b/deployment/elk/config-elk/elasticsearch/config/log4j2.properties @@ -0,0 +1,179 @@ +#https://github.com/elastic/elasticsearch/blob/7.4/distribution/src/config/log4j2.properties + +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +######## Server JSON ############################ +appender.rolling.type = RollingFile +appender.rolling.name = rolling +appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz +appender.rolling.policies.type = Policies +appender.rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling.policies.time.interval = 1 +appender.rolling.policies.time.modulate = true +appender.rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling.policies.size.size = 128MB +appender.rolling.strategy.type = DefaultRolloverStrategy +appender.rolling.strategy.fileIndex = nomax +appender.rolling.strategy.action.type = Delete +appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path} +appender.rolling.strategy.action.condition.type = IfFileName +appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* +appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize +appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB +################################################ +######## Server - old style pattern ########### +appender.rolling_old.type = RollingFile +appender.rolling_old.name = rolling_old +appender.rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log +appender.rolling_old.layout.type = PatternLayout +appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz +appender.rolling_old.policies.type = Policies +appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling_old.policies.time.interval = 1 +appender.rolling_old.policies.time.modulate = true +appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling_old.policies.size.size = 128MB +appender.rolling_old.strategy.type = DefaultRolloverStrategy +appender.rolling_old.strategy.fileIndex = nomax +appender.rolling_old.strategy.action.type = Delete +appender.rolling_old.strategy.action.basepath = ${sys:es.logs.base_path} +appender.rolling_old.strategy.action.condition.type = IfFileName +appender.rolling_old.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* +appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize +appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB +################################################ + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console +rootLogger.appenderRef.rolling.ref = rolling +rootLogger.appenderRef.rolling_old.ref = rolling_old + +######## Deprecation JSON ####################### +appender.deprecation_rolling.type = RollingFile +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.json +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation +appender.deprecation_rolling.layout.esmessagefields=x-opaque-id + +appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.json.gz +appender.deprecation_rolling.policies.type = Policies +appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.deprecation_rolling.policies.size.size = 1GB +appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy +appender.deprecation_rolling.strategy.max = 4 +################################################# +######## Deprecation - old style pattern ####### +appender.deprecation_rolling_old.type = RollingFile +appender.deprecation_rolling_old.name = deprecation_rolling_old +appender.deprecation_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log +appender.deprecation_rolling_old.layout.type = PatternLayout +appender.deprecation_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.deprecation_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _deprecation-%i.log.gz +appender.deprecation_rolling_old.policies.type = Policies +appender.deprecation_rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.deprecation_rolling_old.policies.size.size = 1GB +appender.deprecation_rolling_old.strategy.type = DefaultRolloverStrategy +appender.deprecation_rolling_old.strategy.max = 4 +################################################# +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.appenderRef.deprecation_rolling_old.ref = deprecation_rolling_old +logger.deprecation.additivity = false + +######## Search slowlog JSON #################### +appender.index_search_slowlog_rolling.type = RollingFile +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ + .cluster_name}_index_search_slowlog.json +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog +appender.index_search_slowlog_rolling.layout.esmessagefields=message,took,took_millis,total_hits,types,stats,search_type,total_shards,source,id + +appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ + .cluster_name}_index_search_slowlog-%i.json.gz +appender.index_search_slowlog_rolling.policies.type = Policies +appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.index_search_slowlog_rolling.policies.size.size = 1GB +appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy +appender.index_search_slowlog_rolling.strategy.max = 4 +################################################# +######## Search slowlog - old style pattern #### +appender.index_search_slowlog_rolling_old.type = RollingFile +appender.index_search_slowlog_rolling_old.name = index_search_slowlog_rolling_old +appender.index_search_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_search_slowlog.log +appender.index_search_slowlog_rolling_old.layout.type = PatternLayout +appender.index_search_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.index_search_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_search_slowlog-%i.log.gz +appender.index_search_slowlog_rolling_old.policies.type = Policies +appender.index_search_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.index_search_slowlog_rolling_old.policies.size.size = 1GB +appender.index_search_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy +appender.index_search_slowlog_rolling_old.strategy.max = 4 +################################################# +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling_old.ref = index_search_slowlog_rolling_old +logger.index_search_slowlog_rolling.additivity = false + +######## Indexing slowlog JSON ################## +appender.index_indexing_slowlog_rolling.type = RollingFile +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_indexing_slowlog.json +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog +appender.index_indexing_slowlog_rolling.layout.esmessagefields=message,took,took_millis,doc_type,id,routing,source + +appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_indexing_slowlog-%i.json.gz +appender.index_indexing_slowlog_rolling.policies.type = Policies +appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling.policies.size.size = 1GB +appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy +appender.index_indexing_slowlog_rolling.strategy.max = 4 +################################################# +######## Indexing slowlog - old style pattern ## +appender.index_indexing_slowlog_rolling_old.type = RollingFile +appender.index_indexing_slowlog_rolling_old.name = index_indexing_slowlog_rolling_old +appender.index_indexing_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_indexing_slowlog.log +appender.index_indexing_slowlog_rolling_old.layout.type = PatternLayout +appender.index_indexing_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.index_indexing_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_indexing_slowlog-%i.log.gz +appender.index_indexing_slowlog_rolling_old.policies.type = Policies +appender.index_indexing_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling_old.policies.size.size = 1GB +appender.index_indexing_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy +appender.index_indexing_slowlog_rolling_old.strategy.max = 4 +################################################# + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling_old.ref = index_indexing_slowlog_rolling_old +logger.index_indexing_slowlog.additivity = false diff --git a/deployment/elk/config-elk/elasticsearch/elastic.env b/deployment/elk/config-elk/elasticsearch/elastic.env new file mode 100644 index 000000000..cff43da64 --- /dev/null +++ b/deployment/elk/config-elk/elasticsearch/elastic.env @@ -0,0 +1,16 @@ +cluster.name=opendmp-cluster +bootstrap.memory_lock=true +xpack.license.self_generated.type=basic +xpack.monitoring.collection.enabled=true +xpack.ml.enabled=false +xpack.security.enabled=true +xpack.security.http.ssl.enabled=true +xpack.security.http.ssl.verification_mode=certificate +xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.key +xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt +xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.crt +xpack.security.transport.ssl.enabled=true +xpack.security.transport.ssl.verification_mode=certificate +xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt +xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.crt +xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.key \ No newline at end of file diff --git a/deployment/elk/config-elk/kibana/certificates/ca/ca.crt b/deployment/elk/config-elk/kibana/certificates/ca/ca.crt new file mode 100644 index 000000000..0acb12315 --- /dev/null +++ b/deployment/elk/config-elk/kibana/certificates/ca/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgIUXMpiJCPQnPeOHA1FjYo12FaHO1UwDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMTkwOTAzMTUyMDM1WhcNMjIwOTAyMTUyMDM1WjA0MTIwMAYD +VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI1ci/DoagopzxemkP21UmnP +wv2Yoo267y6CR/okrT3a0lARDjPl28YaNsEQ2skAnPu3gNqqDWW9j1aWEtWwNuEA +PudVCdc6irgFEbPlwU6Dh05LVB99FCw70UKM5G4CSH7gMQvzPcvjJT4ROKoDCh3W +I+pWYqhqU9xEiMzwsPdC2uy2Om2I0bZ2A03WmMr8Ts58qmBqVOMBLIY008jFetj7 +ZH67WDT92pqfG9/xRKH9ELdZNlNw/2fSTb4KBek06MZIzPkHk0iMhw7bMLwEYyDy +J14Rym4Up9akgr8J6XwyACek5oht1lQlJjYhUuf2ZSzVJ54LhYoTGg1ybYT9qx8C +AwEAAaNTMFEwHQYDVR0OBBYEFAxdsx3VcEsMaPWe7GvbyHOEnftTMB8GA1UdIwQY +MBaAFAxdsx3VcEsMaPWe7GvbyHOEnftTMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBADltg11WpSg0tYVXrAowySy68CkcK9t/XYioeRYRAvfSD5mB +ONMFegqwJVqUzu6HbxkhpVBf/JykGqSkf0Cu5BRUYT7A+egpDNAPAIa1/SbSchjP +mbFMbpLRXFfP60xqgVem0C5wKcMEFFg+0YRDkSf/232aCwb0sS63V52ssmnEDN6v +k4Cn2k/MZjAi/seWNnphaTyU71Eu3ObftIpOGc4ZJ875KiUZQtCXrP36QICUdFAM +ay+z2gEVQQE2zKbtaEeE0Sxyas9eRnGHXzbx/yoz706lME9QmzPmcvfVlHQH8N/o +2nU+I07j6TDoHn/WRIgbWR0jrWv0hlTqzxOyCDM= +-----END CERTIFICATE----- diff --git a/deployment/elk/config-elk/kibana/certificates/kibana.crt b/deployment/elk/config-elk/kibana/certificates/kibana.crt new file mode 100644 index 000000000..ae8d7a7c5 --- /dev/null +++ b/deployment/elk/config-elk/kibana/certificates/kibana.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUjCCAjqgAwIBAgIUKTnOSL0Rtnm8ZQkfSUvpQiBNGnMwDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMTkwOTAzMTUyMDM1WhcNMjIwOTAyMTUyMDM1WjAYMRYwFAYD +VQQDEw1lbGFzdGljc2VhcmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAkB1OMRBRUDUxQ6fIv5gv0myKDZgVJFnEEjIjU6YjMpf/htTsvu8zdpBoWhg6 +7IsflSkUPynDG4geFjQ/WtxVeqxjnmtIB2fMDAHppX882as3tYjBlHj1sU0/OwwI +Ga5/OtxOubGswrzCEEjIgZwTtSX2Yzx3tE2UzwjWsYwGCBM/ssN8Wc1vlqq20+Qr +Lsggk+dXapN2wL9FABrxrJfV2SxXb2qKLKVd3EIfs+HVqIt9dVrpcFRV3Lwexg+Z +wlJv58EPsynphczssBhMOhlmVqpRY8z88fqsbqDVdqHIF8hqn7czWFqeCRldnb7W +LWaYaOG0Jd6SM7OpHnfNgBST4wIDAQABo3gwdjAdBgNVHQ4EFgQUCkDAcWSJ6H2G +UFFh9dhk+mG0L08wHwYDVR0jBBgwFoAUDF2zHdVwSwxo9Z7sa9vIc4Sd+1MwKQYD +VR0RBCIwIIIJbG9jYWxob3N0hwR/AAABgg1lbGFzdGljc2VhcmNoMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggEBAAQpkdkGl2H0ylgbmmNiIlrQX+U2i4ag4sJ6 +xsVR5OWxuyB/aMWhuOHkgueMh2wElufn60jK0Mh25b2U7oO/0Nq+28rhhP9HURLz +7/TwCbLcglTAgHQPWItwn5r5WKDFNCPNpZXFU/oG5H6hUJqTvuaTN6G/PQ6V9Yp3 +J00NbPuFq8tjNAc/kQnhC7zdC/7YQ/fanHBPkvQnkGbac5+VAF/se/JYbxRpSz23 +5a+v6BDb/kjs82QgV8dzsyFmntO+Neesu9tTJurBbQD5T3xMgoGSWLgnTCq3/drl +PMBLgUQHik629dU+7o8ePCdyULruGMR6CIBqO7ZKQASulhkxdUo= +-----END CERTIFICATE----- diff --git a/deployment/elk/config-elk/kibana/certificates/kibana.key b/deployment/elk/config-elk/kibana/certificates/kibana.key new file mode 100644 index 000000000..93418fad0 --- /dev/null +++ b/deployment/elk/config-elk/kibana/certificates/kibana.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAkB1OMRBRUDUxQ6fIv5gv0myKDZgVJFnEEjIjU6YjMpf/htTs +vu8zdpBoWhg67IsflSkUPynDG4geFjQ/WtxVeqxjnmtIB2fMDAHppX882as3tYjB +lHj1sU0/OwwIGa5/OtxOubGswrzCEEjIgZwTtSX2Yzx3tE2UzwjWsYwGCBM/ssN8 +Wc1vlqq20+QrLsggk+dXapN2wL9FABrxrJfV2SxXb2qKLKVd3EIfs+HVqIt9dVrp +cFRV3Lwexg+ZwlJv58EPsynphczssBhMOhlmVqpRY8z88fqsbqDVdqHIF8hqn7cz +WFqeCRldnb7WLWaYaOG0Jd6SM7OpHnfNgBST4wIDAQABAoIBACRGPBg9czotKWlO +IkmXlPHyQA2L6kZsEd5CoIG9n75sY/UcQzsMGngNgTasQqinnBt/a4k6idG0QV51 +aD0GmL14BtspRcgXaFTdZmIx1K81WaBn+9HTYIRwXSoPrTpJody+91HmVwXtXSuc +Jlv5XTyLgakY30iS/pHeN6wZAqulS7p6DkCH+W3c15BvNYnsjDX5vYZLgmktNl62 +LoHymTt54rLhxheZiwFeiHePsl9IanvnDEjCl2jBFnFB402NeapTex84ZnOgPYEV +5w81MUYMeLy1aaziWEICPP1TU62T2oYKUFC1kQKUgCYp3t1UUkLsF6KfybJ+baMs ++Nm5IQECgYEAzy4kQ9wo2x+3teQgMR+QLIN2cgfDCgI1BXUzhIr607kpo6F12Jf0 +zT5sC+9OzSPh3dPkyvnWtg2K3ld3L+ATqGvpWC42OgSI0HK6rnfL8Q3cYld8KLwn +C8lbSQuDFo+hMJoGU7V+QTXM8j1e+2KoxgwGfceeiwql5GpqqcHFSJkCgYEAshLP +QYOBaimhOlY1m1B9YgXrgNKoj66njhHJLTD9rD4BvMsntGo8UaBrZxpcQKaDO778 +UtuRPM8Pfrg2Q2fR6SHAydoQpiGQ0XrkUXNmh3v9YOBlFzdg1PhKSCRZRv75KjnC +Z4jyL8GVYMhB+vWl/bQJO5o5YYHR7OdJCs8p4dsCgYEAnTQl0Ff9qEco3pt60cth +WmVmOqApHi8OjFWiAbBzIrQdJEwfX3nuBs6WrXeoE4BmoitmL53jjcA43vz/MxST +1fgL1x05iExog8KKZFgCJ6ac0wIO89nQxuDCo2pYzYWuiXJV2q6cXl60ZBqtN5Jk +/eGiC06svlQWDHuy85xUVgECgYEAm8jk1FWtxCiDSjvdTfEOn9C6BMtGd9y97QYW +T5jKdAMTFg1MwQMnnemPzHU9O7nwmTYuHHbGCsLCtYOGxVVwSFolBPHnGs/Gl9zB +HZitm92W/0eQaM0jw20r3w0dpYSuiohZUKZ36dubST4oqtp4ywjUAvabOHiQJIb6 +WaB+7X0CgYEAptNxensUEn+hSKfMVCxS36U1QL2njRfGiCfqVHVOKeu6+oLB4N/N +0mZngesMGV1HxzYivwkXW07U0drgfqv+iHBIF5HYRM6PkFNpop6PJAlVpFaATx0s +tDvtrcmgz3hunhHURvr/VlXcGuYo4mpySPhHDTeF6Ad/9Ml16vO7uW0= +-----END RSA PRIVATE KEY----- diff --git a/deployment/elk/config-elk/kibana/config/kibana.yml b/deployment/elk/config-elk/kibana/config/kibana.yml new file mode 100644 index 000000000..be65ad19c --- /dev/null +++ b/deployment/elk/config-elk/kibana/config/kibana.yml @@ -0,0 +1,15 @@ +--- +## Default Kibana configuration from kibana-docker. +## from https://github.com/elastic/kibana-docker/blob/master/build/kibana/config/kibana.yml +# +server.name: opendmp.kibana +server.host: "0.0.0.0" +## Custom configuration +elasticsearch.hosts: [ "https://opendmp.elasticsearch:9200" ] +elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/certificate_authorities/ca.crt" ] + +elasticsearch.username: "kibana" +elasticsearch.password: "2VzNck1n3uCed9d27wHn" +server.ssl.enabled: false +server.ssl.key: "/usr/share/kibana/certificates/kibana.key" +server.ssl.certificate: "/usr/share/kibana/certificates/kibana.crt" diff --git a/deployment/elk/elasticsearch/Dockerfile b/deployment/elk/elasticsearch/Dockerfile new file mode 100644 index 000000000..75a663384 --- /dev/null +++ b/deployment/elk/elasticsearch/Dockerfile @@ -0,0 +1,18 @@ +ARG ELK_VERSION +ARG DEPLOY_USER + +# https://github.com/elastic/elasticsearch-docker +FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION} + +RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \ + /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic +USER root +RUN groupmod -g ${DEPLOY_USER} elasticsearch +RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch +RUN chown -R elasticsearch /usr/share/elasticsearch +RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \ + -e 's/UID 1000/UID ${DEPLOY_USER}/' \ + -e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh +RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh + +ENV JAVA_HOME /usr/share/elasticsearch/jdk \ No newline at end of file diff --git a/deployment/elk/filebeat/Dockerfile b/deployment/elk/filebeat/Dockerfile new file mode 100644 index 000000000..7c3d5e6f5 --- /dev/null +++ b/deployment/elk/filebeat/Dockerfile @@ -0,0 +1,14 @@ +ARG ELK_VERSION + +FROM docker.elastic.co/beats/filebeat:${ELK_VERSION} + +USER root +RUN groupmod -g 1008 filebeat +RUN usermod -u 1008 -g 1008 filebeat +RUN chown -R filebeat /usr/share/filebeat +RUN sed -i -e 's/--userspec=1000/--userspec=1008/g' \ + -e 's/UID 1000/UID 1008/' \ + -e 's/chown -R 1000/chown -R 1008/' /usr/local/bin/docker-entrypoint +RUN chown filebeat /usr/local/bin/docker-entrypoint + +USER 1008:1008 \ No newline at end of file diff --git a/deployment/elk/kibana/Dockerfile b/deployment/elk/kibana/Dockerfile new file mode 100644 index 000000000..e1148d762 --- /dev/null +++ b/deployment/elk/kibana/Dockerfile @@ -0,0 +1,14 @@ +ARG ELK_VERSION + +# https://github.com/elastic/kibana-docker +FROM docker.elastic.co/kibana/kibana:${ELK_VERSION} + +USER root +RUN groupmod -g 1008 kibana +RUN usermod -u 1008 -g 1008 kibana +RUN chown -R kibana /usr/share/kibana + +USER 1008:1008 + +# Add your kibana plugins setup here +# Example: RUN kibana-plugin install diff --git a/deployment/elk/logstash/Dockerfile b/deployment/elk/logstash/Dockerfile new file mode 100644 index 000000000..ff9179adc --- /dev/null +++ b/deployment/elk/logstash/Dockerfile @@ -0,0 +1,19 @@ +ARG ELK_VERSION + +# https://github.com/elastic/logstash-docker +FROM docker.elastic.co/logstash/logstash:${ELK_VERSION} + +USER root +RUN groupmod -g 1008 logstash +RUN usermod -u 1008 -g 1008 logstash +RUN chown -R logstash /usr/share/logstash +RUN sed -i -e 's/--userspec=1000/--userspec=1008/g' \ + -e 's/UID 1000/UID 1008/' \ + -e 's/chown -R 1000/chown -R 1008/' /usr/local/bin/docker-entrypoint +RUN chown logstash /usr/local/bin/docker-entrypoint + +USER 1008:1008 + +# Add your logstash plugins setup here +# Example: RUN logstash-plugin install logstash-filter-json +RUN logstash-plugin update logstash-input-beats \ No newline at end of file diff --git a/deployment/gotenberg/gotenberg.env b/deployment/gotenberg/gotenberg.env new file mode 100644 index 000000000..54edddab2 --- /dev/null +++ b/deployment/gotenberg/gotenberg.env @@ -0,0 +1,4 @@ +DEFAULT_WAIT_TIMEOUT=40 +MAXIMUM_WAIT_DELAY=40 +MAXIMUM_WAIT_TIMEOUT=40 +DISABLE_GOOGLE_CHROME=1 \ No newline at end of file diff --git a/deployment/keycloak/certs/keycloak-selfsigned.crt b/deployment/keycloak/certs/keycloak-selfsigned.crt new file mode 100644 index 000000000..71b5cdf87 --- /dev/null +++ b/deployment/keycloak/certs/keycloak-selfsigned.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDvzCCAqegAwIBAgIUL9YHiVgQxrFPSGq4nMe6KbMznaowDQYJKoZIhvcNAQEL +BQAwbzELMAkGA1UEBhMCR1IxDzANBgNVBAgMBkF0dGljYTEPMA0GA1UEBwwGQXRo +ZW5zMQwwCgYDVQQKDANOTEcxDjAMBgNVBAsMBU9TRFlFMSAwHgYDVQQDDBdubGct +b3NkeWUubG9jYWwuY2l0ZS5ncjAeFw0yMDExMjcxODMzNTJaFw0yMTExMjcxODMz +NTJaMG8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExDzANBgNVBAcMBkF0 +aGVuczEMMAoGA1UECgwDTkxHMQ4wDAYDVQQLDAVPU0RZRTEgMB4GA1UEAwwXbmxn +LW9zZHllLmxvY2FsLmNpdGUuZ3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCYsoKFVSg67/NckladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRH +AGZAjIO2sGf6vTFO7SN6LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZF +e5jsGd7owCoEEFAirJpz53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoS +kOhlDXwgGtTmBAS82sXRr51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLM +SOxe5Du3F93kC4TwFckG+JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5p +zeGMD+0oyujL0HtH8nKkv9OtvYP1AgMBAAGjUzBRMB0GA1UdDgQWBBTrvPpWYBX6 +spVt2gpkpDW6yzrBZzAfBgNVHSMEGDAWgBTrvPpWYBX6spVt2gpkpDW6yzrBZzAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqfOJiorxiszfKKeD2 +eVda5pBU+qDnUOewRKizAktPm7V+cjM7bTEkmEHQ/oKlsT0FX5nsa8YfZCYgdotd +cDWC9KqYy9itXPESoJIZ/gMJ57v1BaVDly8tHedXEltob9ywrUyf7OF55eP0fWwb +AK90PfnRsxaurVYU5nfI9U/2jpi/LdsEYlJ7zUj7KM/Z2MwPA+be4EqjNcYLT/NB +bavhjLgZNoTkI7wYOJug+ouPn6xJJcj06RS1Q4FxtfrsnAuT+L33HemUludEUE00 +TJwYWJN9hOgbyzTf5EsHxxME1gIhcYLYPMeBr9VIyJxdAEuuDJbn87oOB094sCA+ +nvpp +-----END CERTIFICATE----- diff --git a/deployment/keycloak/certs/keycloak-selfsigned.key b/deployment/keycloak/certs/keycloak-selfsigned.key new file mode 100644 index 000000000..649f42b0a --- /dev/null +++ b/deployment/keycloak/certs/keycloak-selfsigned.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYsoKFVSg67/Nc +kladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRHAGZAjIO2sGf6vTFO7SN6 +LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZFe5jsGd7owCoEEFAirJpz +53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoSkOhlDXwgGtTmBAS82sXR +r51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLMSOxe5Du3F93kC4TwFckG ++JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5pzeGMD+0oyujL0HtH8nKk +v9OtvYP1AgMBAAECggEAajxoCpPAtaCT1GgL0sBWwdNzETzJrZWd9I3gqRL0KKsn +58bP6fvS5/voEG36thYM3WHGNfDDCYJ7GFolYKPrXpS2Gp3r6T7gkdzIaGzvBVEz +GkNm8jjX0TUDyLvBHSKyr4RitwkSd81WeCUqEDIOUCI9rZTxJsMN3IOetpNEcJt1 +xR2kVuTkQiIs5evQCQ2arqTf/VQFb7FuVTtmrOggsTn33FnrUDujTAAsbEoglgvw +w1A2AYtMdGcrFIsUMJFdECkQGPVeqzKHddi1k1hv3DmOx5Rf4xJCdTL9ZYzbU1lw +ydSAM88UA7MTZWNYCGb4HjqEeDRnMUN/Qbi4f80PgQKBgQDKWLxsCBBgFRoH6nlh +TmBwYOmdQkBE09txpcpAFVZVv3eq/syZnT5+pcyj7EUexhu/p78UHPPkXDfnIKKe +C+7VOEmSM9cPMZU6cqB1x4+YZkyiU1rPD2SG46ZxBBTKsPWauJNvtuhW3K6kwMCT +ECiwG1f9EAmf9q7YKqdXGgUL3QKBgQDBL5WDIRtqHBdIPgHMue/teM+fP8I0/GKV +D3oJjBLE+I7JNp0lpeVhDvqfAL0AgZ5023hjlPobUNtpWyuLufzY6S2Pv1scyM3A +xW/LVXtC7QzdPmhrPxZkHEmRFA1zXdYo0xH4O+KDXVmYuzpIPfgrQkzt1EvP5jxv +tbjY935C+QKBgHZhr+rsVNhBwDb9YQIi3p0gtcyBZCRgZjR5MHiJgzcri5GI/J6q +tlNWIQGOS2oTsUxRkaLsxWvG4BXirAEXLiWkhrZ4icuj0JCfW21M0Z/xycf2SFx3 +vvKD4W6hWqCzIx3f+rITKp8XAT32XzQq8gMGHFY7ucXShryFR93XpTgpAoGALaAF +WaDaDqdvwDoUxrsrNRSRRHUUctsglT/AfLy+OhLR9ieV2axijhexjRfpi1MRj1u+ +BRbMMuNXznwfvrJASyJXBloVNKkgHuUCUC1yHQ5LOX1hv+J4cVBU95Sa0KJaz+15 +kvzhtFC5tl6Rlzo7gEv6SzkWZpVjtKZgb62T/lECgYBr6PyDcGVGc8rbjxugnUnm +rShh7nMRUiTMLpWrucf7Mfr4cwFgejCoEMXPgxJF5Q1acppL0dKQzfmLVqazNX58 +0XM0+fNDIeGyYKAbqtnqfmyI7O/Lb1jXPFuCNujzDxfeJX0yxoo38US4ZCD2iUrW +ZK/FFkm5ncXTenBhpHOANQ== +-----END PRIVATE KEY----- diff --git a/deployment/keycloak/imports/opendmp-realm.json b/deployment/keycloak/imports/opendmp-realm.json new file mode 100644 index 000000000..aff096da3 --- /dev/null +++ b/deployment/keycloak/imports/opendmp-realm.json @@ -0,0 +1,3368 @@ +{ + "id": "8ca42ab4-2c36-4f48-b25e-7d96a00cbc1c", + "realm": "OpenDMP", + "displayName": "", + "displayNameHtml": "", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": true, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxTemporaryLockouts": 0, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "c7dcf3a3-1974-42a2-82d7-e3cb37be8467", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "8ca42ab4-2c36-4f48-b25e-7d96a00cbc1c", + "attributes": {} + }, + { + "id": "ea1273c9-d2bc-49bb-8c92-fe0dcbd9cc31", + "name": "default-roles-dmp-staging", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "8ca42ab4-2c36-4f48-b25e-7d96a00cbc1c", + "attributes": {} + }, + { + "id": "cf094a74-edef-42dd-94e6-e4dd090a657d", + "name": "Admin", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "8ca42ab4-2c36-4f48-b25e-7d96a00cbc1c", + "attributes": {} + }, + { + "id": "9067ecb6-e0fa-4ba9-95d9-8b4f2a7bf2a9", + "name": "User", + "description": "", + "composite": false, + "clientRole": false, + "containerId": "8ca42ab4-2c36-4f48-b25e-7d96a00cbc1c", + "attributes": {} + }, + { + "id": "b43525ac-c594-42ab-89dc-9314cab33b85", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "8ca42ab4-2c36-4f48-b25e-7d96a00cbc1c", + "attributes": {} + } + ], + "client": { + "dmp_webapp": [], + "realm-management": [ + { + "id": "599486f8-ace5-4389-9752-51f8d3059be7", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "ef6546e6-7910-4be8-b826-a7302241f07d", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "manage-authorization", + "view-identity-providers", + "query-groups", + "view-events", + "manage-events", + "view-users", + "query-clients", + "manage-users", + "manage-realm", + "impersonation", + "create-client", + "query-users", + "view-realm", + "query-realms", + "view-clients", + "manage-clients", + "view-authorization", + "manage-identity-providers" + ] + } + }, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "ecbf3dbb-1a14-4072-894d-d3d4c6ec09f8", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "297ace12-7c3c-4930-bbc6-8ebff7a0d3da", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "b23d1020-bfed-447c-80a0-4dc29e1c9cc0", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "7aa6617f-dc99-4205-8085-1423b2f8ada2", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "7769e962-d9fe-41d2-82ab-8d215ca4168b", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "7c6a107a-70f7-4293-8fab-6a466094d741", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "edb5f914-a65c-4651-9412-4cd3b0382833", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "432d4a16-2f32-4f18-81e1-4e17cc9b9673", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "16b08c8c-efd6-4762-9df4-4478ef61cf84", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "eca529e8-6864-424c-b9fd-42a34cec434c", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "a0d68861-91d0-4cf6-8769-a702c69672d7", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "54ab46ba-c370-4bea-b333-86b30474e736", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "d7083f59-21b9-4d39-85f9-f3b31a8567b5", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "76854cd6-d964-4ca8-9df8-56ca8969f861", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "0a240e40-f696-43ee-8f8f-d4d41e767036", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "8d85f653-e3e4-4e7a-b54c-ce2b6aa12e75", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + }, + { + "id": "8e55d13c-9c40-423b-997a-90897471c327", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "8094376d-fcf3-4366-a812-26301583cc98", + "attributes": {} + } + ], + "dmp_annotation": [ + { + "id": "8efa8a18-11aa-4fbf-91ea-862a7af419c8", + "name": "Admin", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e590dbb7-591d-4eca-93d1-6a349b9f0ccf", + "attributes": {} + }, + { + "id": "5147c4d0-31fd-4f42-a66d-d4ff1512477a", + "name": "User", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e590dbb7-591d-4eca-93d1-6a349b9f0ccf", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "dmp_plugins": [ + { + "id": "803d8611-0781-4d72-a9d5-add8e3622c5a", + "name": "app-service", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "fc60067c-3b77-4172-917c-6116ac1d91af", + "attributes": {} + } + ], + "dmp_notification": [ + { + "id": "b29aa0e2-ea83-4646-9730-cd32daa315fc", + "name": "User", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "01b43587-5af0-4761-a2af-e9059bc3a396", + "attributes": {} + }, + { + "id": "743d40ff-a039-4d78-8ed6-2c951426e239", + "name": "Admin", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "01b43587-5af0-4761-a2af-e9059bc3a396", + "attributes": {} + } + ], + "dmp_web": [ + { + "id": "191fff97-b18b-41bd-9013-512b91fdedaf", + "name": "User", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "c82150e9-a9e5-4a5f-bd0f-5f25460b3e08", + "attributes": {} + }, + { + "id": "57253b8e-69bf-44bb-950f-fbfcd4785206", + "name": "Admin", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "c82150e9-a9e5-4a5f-bd0f-5f25460b3e08", + "attributes": {} + } + ], + "account-console": [], + "broker": [ + { + "id": "cda05d95-c7fc-4139-bbc8-b86500b41060", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "79a9e8f4-f09d-4d30-bd44-3f433309c3c6", + "attributes": {} + } + ], + "account": [ + { + "id": "73b916bf-b0d9-4e87-bf15-9131d131583f", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "attributes": {} + }, + { + "id": "387e5e06-fbf9-467d-9364-b28d95fe7c83", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "attributes": {} + }, + { + "id": "3fb552e7-43b5-48da-a740-d113478cd0e8", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "attributes": {} + }, + { + "id": "078f56b7-3943-4c14-b420-9ece9b2dbe43", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "attributes": {} + }, + { + "id": "0a36d427-1013-4168-a802-a4a5b470e6cd", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "attributes": {} + }, + { + "id": "842c8adb-7c3b-4e4a-87a4-84dc81b7a404", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "attributes": {} + }, + { + "id": "de9d924f-aca7-44f4-8efc-e397fc6ec79f", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "attributes": {} + }, + { + "id": "d4e26324-81bb-42da-9147-15bb2464e8f7", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "attributes": {} + } + ] + } + }, + "groups": [ + { + "id": "e2bfeb5c-880a-43fa-a822-4b7dba87defb", + "name": "opendmp-app", + "path": "/opendmp-app", + "subGroups": [ + { + "id": "935ab34d-700a-407f-bb7b-8a00ddcef1d8", + "name": "role-admin", + "path": "/opendmp-app/role-admin", + "parentId": "e2bfeb5c-880a-43fa-a822-4b7dba87defb", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": { + "dmp_annotation": [ + "Admin" + ], + "dmp_web": [ + "Admin" + ], + "dmp_notification": [ + "Admin" + ] + } + }, + { + "id": "011269bd-9eec-445f-926d-1ebd1f45b5aa", + "name": "role-user", + "path": "/opendmp-app/role-user", + "parentId": "e2bfeb5c-880a-43fa-a822-4b7dba87defb", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": { + "dmp_annotation": [ + "User" + ], + "dmp_web": [ + "User" + ], + "dmp_notification": [ + "User" + ] + } + }, + { + "id": "01195be1-f754-415b-8225-3cc470744d62", + "name": "tenant-role-admin", + "path": "/opendmp-app/tenant-role-admin", + "parentId": "e2bfeb5c-880a-43fa-a822-4b7dba87defb", + "subGroups": [ + { + "id": "70fdec04-4dce-455c-939b-4146bed4bd4c", + "name": "tenant-default", + "path": "/opendmp-app/tenant-role-admin/tenant-default", + "parentId": "01195be1-f754-415b-8225-3cc470744d62", + "subGroups": [], + "attributes": { + "tenant_role": [ + "TenantAdmin:default" + ] + }, + "realmRoles": [], + "clientRoles": {} + } + ], + "attributes": {}, + "realmRoles": [ + "User" + ], + "clientRoles": {} + }, + { + "id": "1bfe8064-4e44-4ec1-a69e-836364a36e37", + "name": "tenant-role-description-template-editor", + "path": "/opendmp-app/tenant-role-description-template-editor", + "parentId": "e2bfeb5c-880a-43fa-a822-4b7dba87defb", + "subGroups": [ + { + "id": "b84e92ec-452d-4912-90c6-813b3d2e2076", + "name": "tenant-default", + "path": "/opendmp-app/tenant-role-description-template-editor/tenant-default", + "parentId": "1bfe8064-4e44-4ec1-a69e-836364a36e37", + "subGroups": [], + "attributes": { + "tenant_role": [ + "TenantDescriptionTemlateEditor:default" + ] + }, + "realmRoles": [], + "clientRoles": {} + } + ], + "attributes": {}, + "realmRoles": [ + "User" + ], + "clientRoles": {} + }, + { + "id": "735f22f1-a0cc-4afd-af4c-dba6bb2e7415", + "name": "tenant-role-manager", + "path": "/opendmp-app/tenant-role-manager", + "parentId": "e2bfeb5c-880a-43fa-a822-4b7dba87defb", + "subGroups": [ + { + "id": "88fb621e-499e-481b-8695-77dc7527451e", + "name": "tenant-default", + "path": "/opendmp-app/tenant-role-manager/tenant-default", + "parentId": "735f22f1-a0cc-4afd-af4c-dba6bb2e7415", + "subGroups": [], + "attributes": { + "tenant_role": [ + "TenantManager:default" + ] + }, + "realmRoles": [], + "clientRoles": {} + } + ], + "attributes": {}, + "realmRoles": [ + "User" + ], + "clientRoles": {} + }, + { + "id": "64c07220-0d92-44e5-be6e-d9edf6c10a56", + "name": "tenant-role-user", + "path": "/opendmp-app/tenant-role-user", + "parentId": "e2bfeb5c-880a-43fa-a822-4b7dba87defb", + "subGroups": [ + { + "id": "2094ae4c-804b-4a40-9c20-0efa6d384f27", + "name": "tenant-default", + "path": "/opendmp-app/tenant-role-user/tenant-default", + "parentId": "64c07220-0d92-44e5-be6e-d9edf6c10a56", + "subGroups": [], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + } + ], + "attributes": { + "tenant_role": [ + "TenantUser:default" + ] + }, + "realmRoles": [ + "User" + ], + "clientRoles": {} + } + ], + "attributes": {}, + "realmRoles": [], + "clientRoles": {} + } + ], + "defaultRole": { + "id": "ea1273c9-d2bc-49bb-8c92-fe0dcbd9cc31", + "name": "default-roles-dmp-staging", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "8ca42ab4-2c36-4f48-b25e-7d96a00cbc1c" + }, + "defaultGroups": [ + "/opendmp-app/role-user", + "/opendmp-app/tenant-role-user/tenant-default" + ], + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName" + ], + "localizationTexts": {}, + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], + "users": [ + { + "id": "bc33b6b1-5017-4314-a644-ee55e5aa7dd6", + "username": "service-account-dmp_annotation", + "emailVerified": false, + "createdTimestamp": 1712653226491, + "enabled": true, + "totp": false, + "serviceAccountClientId": "dmp_annotation", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-dmp-staging" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "7965e6d2-ea1b-4c61-a9ab-42541b3f7afa", + "username": "service-account-dmp_notification", + "emailVerified": false, + "createdTimestamp": 1712653503012, + "enabled": true, + "totp": false, + "serviceAccountClientId": "dmp_notification", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-dmp-staging" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "0ce5a953-2242-44a3-9f63-2977dd2cd7ab", + "username": "service-account-dmp_plugins", + "emailVerified": false, + "createdTimestamp": 1712654040557, + "enabled": true, + "totp": false, + "serviceAccountClientId": "dmp_plugins", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-dmp-staging" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "d939b8ee-1fee-416b-b535-24eae8828625", + "username": "service-account-dmp_web", + "emailVerified": false, + "createdTimestamp": 1712653775771, + "enabled": true, + "totp": false, + "serviceAccountClientId": "dmp_web", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-dmp-staging" + ], + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "dmp_web", + "roles": [ + "User", + "Admin" + ] + }, + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + }, + { + "clientScope": "dmp_annotation", + "roles": [ + "User", + "Admin" + ] + }, + { + "clientScope": "dmp_notification", + "roles": [ + "User", + "Admin" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "a3291f71-8f8e-4ffe-a1b3-5e08dc93d77f", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/OpenDMP/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/OpenDMP/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "28e4d2ef-28e5-42cf-8960-180b6026c4a5", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/OpenDMP/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/OpenDMP/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "6e9cba55-8e6d-42cb-a850-502169e461e5", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "79efd221-a8e9-4485-81cc-797384a1d142", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "79a9e8f4-f09d-4d30-bd44-3f433309c3c6", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "e590dbb7-591d-4eca-93d1-6a349b9f0ccf", + "clientId": "dmp_annotation", + "name": "dmp_annotation", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1712653226", + "backchannel.logout.session.required": "true", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "9118fd84-e77b-4452-8777-bbb191099cea", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "f4c21a2e-c1d7-42af-83b2-1bd773bb1d24", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "2e823e2f-bfb7-426e-a55c-90c89e6a9b95", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "01b43587-5af0-4761-a2af-e9059bc3a396", + "clientId": "dmp_notification", + "name": "dmp_notification", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1712653503", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "client.use.lightweight.access.token.enabled": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "acr.loa.map": "{}", + "require.pushed.authorization.requests": "false", + "tls.client.certificate.bound.access.tokens": "false", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "fa2a3f16-d87e-4122-8a13-781d46987f92", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "b94faa61-3757-448e-bacd-e232fdb1d1ba", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "fa13a201-56f0-4ddf-b757-54556bc4c403", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "fc60067c-3b77-4172-917c-6116ac1d91af", + "clientId": "dmp_plugins", + "name": "dmp_plugins", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1712654040", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "3dab7e1b-7a8d-4fe2-9126-cb34aa902ad5", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "0525ff56-61da-4e46-b03b-f9e9efac675d", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "b8376624-5481-4047-bacf-047b38fdb569", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "c82150e9-a9e5-4a5f-bd0f-5f25460b3e08", + "clientId": "dmp_web", + "name": "dmp_web", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1712653775", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "client.use.lightweight.access.token.enabled": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "acr.loa.map": "{}", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "f6e04c1b-cfdd-435a-8ced-4b1f74575203", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "b43fefcd-c57c-41bd-8b81-0df8eb0b9ac3", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "638dfefd-24a6-4830-9f22-447a9b58b58d", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "dmp_plugins", + "microprofile-jwt" + ] + }, + { + "id": "94d2efc9-1fad-46b6-a89a-d2edd303994b", + "clientId": "dmp_webapp", + "name": "dmp_webapp", + "description": "", + "rootUrl": "https://test.opendmp.eu/home", + "adminUrl": "", + "baseUrl": "https://test.opendmp.eu/home", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "https://test.opendmp.eu/*" + ], + "webOrigins": [ + "https://test.opendmp.eu" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "client.use.lightweight.access.token.enabled": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "acr.loa.map": "{}", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "identity_provider", + "roles", + "profile", + "email", + "tenant_role" + ], + "optionalClientScopes": [ + "address", + "dmp_annotation", + "phone", + "offline_access", + "dmp_web", + "dmp_notification", + "microprofile-jwt" + ] + }, + { + "id": "8094376d-fcf3-4366-a812-26301583cc98", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "7f40ff61-1137-4430-82fb-57cfcc54f1ac", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/OpenDMP/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/OpenDMP/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "7b0b7a33-dbf1-4a9e-9a84-4db2d2d67d9e", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "b5b320c3-eddc-4b7e-9be3-968542e2fa14", + "name": "tenant_role", + "description": "tenant_role", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "14d68445-3964-48a6-a045-0bec491533de", + "name": "Tenant role", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "aggregate.attrs": "true", + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "tenant_role", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "tenant_roles", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "bf01169f-984e-4632-81bf-b4c916ae453d", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "73fb5445-eae5-4447-9047-7f54055fb22b", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "c479bf22-e264-4c00-b8d1-7357b67e53fd", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "5d00fe6a-4cdd-46d6-bd57-d008b2403ad6", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "022d1a9f-5534-4e8e-a63c-e91238eb3b67", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "73ab53b4-0efd-49fc-a3b7-54c9d8b6fb40", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "introspection.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "41cfe68d-7ae4-4e13-ae34-2be00f238324", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "d3ac8d95-881b-4ed3-a37d-b62e537d9268", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "fa31e780-3b6d-44c2-a084-6efcab21cfde", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "93859d51-f106-4596-9520-0483ee7f5308", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "c36562fc-901f-41b1-a7ae-079fa5bac69f", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "493b316c-97f7-42b8-9548-09d5d874ab17", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "77326698-db87-4fae-b1a6-f862173a9a4c", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "66c0e5d7-d7cb-441c-b1c9-88f51c7e05dc", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "c761fe65-855c-4933-84ce-1e994ce53cf9", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "a908ffe3-5be1-4f66-b737-132085fedee9", + "name": "dmp_web", + "description": "", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "f5cd6093-9cc0-476d-aad1-d8cd30bdd8ce", + "name": "Client Id Audience", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "dmp_web", + "introspection.token.claim": "true", + "userinfo.token.claim": "false", + "id.token.claim": "false", + "lightweight.claim": "false", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "0db5db44-ef7a-4bbc-a770-3a34b4aa5f58", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bb50b0bc-17cd-4980-92dc-3179fe6ffaeb", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "64963b49-1a94-4fad-8b8a-329f8e25873e", + "name": "dmp_plugins", + "description": "", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "79169ea5-5635-41ca-997a-2ceaf6fb0431", + "name": "Client Id Audience", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "dmp_plugins", + "id.token.claim": "false", + "lightweight.claim": "false", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "6c1655da-fb82-45b7-9bc6-4774f44aa504", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "7cb5006e-0b00-4659-a84f-4817f49bcbe9", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "b9c82303-ac4b-4d45-bb31-07d174c2f338", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "f4700d8f-a939-4627-828d-aef6473619ba", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "34b4f62a-a50d-44e5-ae0f-6430af1b4fbe", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "introspection.token.claim": "true", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "f7971816-d301-462b-b160-48a088ac6643", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "a09729c9-52f7-4925-a1ea-f6f93d2745be", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "c49d0064-73f8-461a-aa3c-fa025a415446", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "2ee26d6b-fad4-422f-9582-1646b964ab15", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + }, + { + "id": "d2c7786d-b1e2-4354-9969-941a9d9bc0aa", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "e1f6b0f6-c829-4f78-a515-3fbcf37ad1ae", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "9cc28f08-d4c7-4aba-8c80-eededcd11a46", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "e4e2fd1f-ada0-4483-a224-444aa6b2cefd", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "4819d3cb-2655-4d8f-baf0-f1fa052c5742", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "cb33ebdb-cecb-4999-9d3c-ded4c8af97f8", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "4c83af62-84e3-4b2c-937a-d6b0ded5279b", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "3be3f9d8-2ee6-43ff-92a3-374b1c39921e", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "03b4e370-be59-41a3-9053-a970479b0ea0", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "d5f27ae9-d3b3-404d-bc45-ce9aae728bef", + "name": "identity_provider", + "description": "", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "361d74ff-711a-4621-92d8-59d99b8b34b2", + "name": "identity_provider", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "identity_provider", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "identity_provider", + "jsonType.label": "String", + "access.tokenResponse.claim": "true" + } + } + ] + }, + { + "id": "053f9ffc-ab71-432d-b6b8-7cc1d5ee9fc7", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "ff47565c-cfee-4aff-ace2-6101aced8863", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "601c48ac-d1f9-4cdc-8268-d04871729536", + "name": "dmp_annotation", + "description": "", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "12a858df-5ae6-4735-8ec1-dfc2b20d63a1", + "name": "Client Id Audience", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "dmp_annotation", + "introspection.token.claim": "true", + "userinfo.token.claim": "false", + "id.token.claim": "false", + "lightweight.claim": "false", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "708a6370-64e3-44e0-9138-15ca16de1f93", + "name": "dmp_notification", + "description": "", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "fc20664f-1359-41f9-b127-f121e88edeb4", + "name": "Client Id Audience", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "dmp_notification", + "id.token.claim": "false", + "lightweight.claim": "false", + "introspection.token.claim": "true", + "access.token.claim": "true" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt", + "tenant_role" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": { + "replyToDisplayName": "", + "starttls": "true", + "auth": "true", + "envelopeFrom": "", + "ssl": "false", + "password": "**********", + "port": "587", + "host": "smtp.office365.com", + "replyTo": "", + "from": "no-reply@openaire.eu", + "fromDisplayName": "", + "user": "no-reply@openaire.eu" + }, + "eventsEnabled": true, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [ + "UPDATE_CONSENT_ERROR", + "UPDATE_TOTP", + "PERMISSION_TOKEN_ERROR", + "IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR", + "IMPERSONATE_ERROR", + "CUSTOM_REQUIRED_ACTION", + "RESTART_AUTHENTICATION", + "CLIENT_INFO", + "IMPERSONATE", + "LOGIN", + "CLIENT_INITIATED_ACCOUNT_LINKING", + "OAUTH2_EXTENSION_GRANT", + "USER_DISABLED_BY_PERMANENT_LOCKOUT", + "USER_DISABLED_BY_TEMPORARY_LOCKOUT_ERROR", + "TOKEN_EXCHANGE", + "REGISTER", + "DELETE_ACCOUNT_ERROR", + "IDENTITY_PROVIDER_LINK_ACCOUNT", + "INTROSPECT_TOKEN_ERROR", + "USER_DISABLED_BY_TEMPORARY_LOCKOUT", + "DELETE_ACCOUNT", + "UPDATE_PASSWORD", + "IDENTITY_PROVIDER_FIRST_LOGIN", + "VERIFY_EMAIL", + "CLIENT_LOGIN_ERROR", + "RESTART_AUTHENTICATION_ERROR", + "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", + "TOKEN_EXCHANGE_ERROR", + "UNREGISTER_NODE", + "SEND_IDENTITY_PROVIDER_LINK_ERROR", + "USER_INFO_REQUEST_ERROR", + "EXECUTE_ACTION_TOKEN_ERROR", + "OAUTH2_EXTENSION_GRANT_ERROR", + "SEND_VERIFY_EMAIL", + "IDENTITY_PROVIDER_RESPONSE", + "EXECUTE_ACTIONS_ERROR", + "IDENTITY_PROVIDER_RETRIEVE_TOKEN", + "OAUTH2_DEVICE_CODE_TO_TOKEN", + "USER_DISABLED_BY_PERMANENT_LOCKOUT_ERROR", + "UNREGISTER_NODE_ERROR", + "VALIDATE_ACCESS_TOKEN_ERROR", + "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "REVOKE_GRANT_ERROR", + "UPDATE_EMAIL_ERROR", + "UPDATE_PROFILE", + "USER_INFO_REQUEST", + "SEND_IDENTITY_PROVIDER_LINK", + "SEND_VERIFY_EMAIL_ERROR", + "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", + "OAUTH2_DEVICE_AUTH_ERROR", + "REMOVE_TOTP_ERROR", + "VERIFY_EMAIL_ERROR", + "CLIENT_UPDATE", + "UPDATE_TOTP_ERROR", + "VERIFY_PROFILE", + "GRANT_CONSENT_ERROR", + "SEND_RESET_PASSWORD", + "GRANT_CONSENT", + "REGISTER_NODE_ERROR", + "VERIFY_PROFILE_ERROR", + "REMOVE_TOTP", + "REVOKE_GRANT", + "LOGIN_ERROR", + "CLIENT_LOGIN", + "RESET_PASSWORD_ERROR", + "CODE_TO_TOKEN_ERROR", + "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", + "VALIDATE_ACCESS_TOKEN", + "UPDATE_PROFILE_ERROR", + "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", + "IDENTITY_PROVIDER_LOGIN", + "AUTHREQID_TO_TOKEN", + "LOGOUT", + "CLIENT_INFO_ERROR", + "CLIENT_REGISTER", + "PUSHED_AUTHORIZATION_REQUEST", + "REFRESH_TOKEN", + "INTROSPECT_TOKEN", + "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", + "CLIENT_DELETE_ERROR", + "PERMISSION_TOKEN", + "REGISTER_NODE", + "INVALID_SIGNATURE", + "PUSHED_AUTHORIZATION_REQUEST_ERROR", + "OAUTH2_DEVICE_AUTH", + "REMOVE_FEDERATED_IDENTITY", + "IDENTITY_PROVIDER_POST_LOGIN", + "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", + "UPDATE_EMAIL", + "REGISTER_ERROR", + "EXECUTE_ACTION_TOKEN", + "LOGOUT_ERROR", + "CLIENT_UPDATE_ERROR", + "AUTHREQID_TO_TOKEN_ERROR", + "INVALID_SIGNATURE_ERROR", + "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", + "IDENTITY_PROVIDER_RESPONSE_ERROR", + "IDENTITY_PROVIDER_LOGIN_ERROR", + "RESET_PASSWORD", + "UPDATE_CONSENT", + "SEND_RESET_PASSWORD_ERROR", + "REFRESH_TOKEN_ERROR", + "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", + "CODE_TO_TOKEN", + "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" + ], + "adminEventsEnabled": true, + "adminEventsDetailsEnabled": false, + "identityProviders": [ + { + "alias": "openaire", + "displayName": "OpenAIRE AAI Beta", + "internalId": "ea26795f-6c3c-49e1-9be6-93ffafe62ef4", + "providerId": "keycloak-oidc", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": false, + "storeToken": false, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "firstBrokerLoginFlowAlias": "first broker login", + "config": { + "tokenUrl": "https://beta.aai.openaire.eu/auth/realms/openaire/protocol/openid-connect/token", + "acceptsPromptNoneForwardFromClient": "false", + "jwksUrl": "https://beta.aai.openaire.eu/auth/realms/openaire/protocol/openid-connect/certs", + "isAccessTokenJWT": "false", + "filteredByClaim": "false", + "backchannelSupported": "false", + "issuer": "https://beta.aai.openaire.eu/auth/realms/openaire", + "loginHint": "false", + "clientAuthMethod": "client_secret_post", + "syncMode": "IMPORT", + "clientSecret": "**********", + "allowedClockSkew": "0", + "userInfoUrl": "https://beta.aai.openaire.eu/auth/realms/openaire/protocol/openid-connect/userinfo", + "validateSignature": "true", + "hideOnLoginPage": "false", + "clientId": "11ec4125-b661-4b98-bc29-62ac61e97ee9", + "uiLocales": "false", + "disableNonce": "false", + "useJwksUrl": "true", + "sendClientIdOnLogout": "false", + "metadataDescriptorUrl": "https://beta.aai.openaire.eu/auth/realms/openaire/.well-known/openid-configuration", + "pkceEnabled": "false", + "authorizationUrl": "https://beta.aai.openaire.eu/auth/realms/openaire/protocol/openid-connect/auth", + "disableUserInfo": "false", + "logoutUrl": "https://beta.aai.openaire.eu/auth/realms/openaire/protocol/openid-connect/logout", + "sendIdTokenOnLogout": "true", + "passMaxAge": "false" + } + }, + { + "alias": "google", + "internalId": "4cfe51f3-fe85-459d-9a49-43614b965404", + "providerId": "google", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": false, + "storeToken": false, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "firstBrokerLoginFlowAlias": "first broker login", + "config": { + "hideOnLoginPage": "false", + "clientId": "596924546661-83nhl986pnrpug5h624i5kptuao03dcd.apps.googleusercontent.com", + "acceptsPromptNoneForwardFromClient": "false", + "disableUserInfo": "false", + "filteredByClaim": "false", + "syncMode": "IMPORT", + "clientSecret": "**********" + } + } + ], + "identityProviderMappers": [ + { + "id": "b2001c5a-bcd4-4447-8c63-5b9cfef84766", + "name": " identity_provider", + "identityProviderAlias": "openaire", + "identityProviderMapper": "oidc-user-session-note-idp-mapper", + "config": { + "claims": "[{\"key\":\"identity_provider\",\"value\":\"openaire\"}]", + "syncMode": "FORCE" + } + }, + { + "id": "98f6c565-cf6e-426a-b89c-969f36e1ea23", + "name": "identity_provider", + "identityProviderAlias": "google", + "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", + "config": { + "attribute.value": "google", + "syncMode": "FORCE", + "attribute": "identity_provider" + } + } + ], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "c251413a-d0d1-4585-a32d-fe289e391b22", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "be40c111-2cda-420e-9ed8-e2b4a7ec4a0f", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "2bf6d537-32e6-43f0-bac4-58a5621ca242", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "62632e2d-bb44-4744-9eea-18270e7b5eef", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper" + ] + } + }, + { + "id": "2d6bc782-e465-47be-a4a8-7e0307c18103", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } + }, + { + "id": "54cb1bcf-526c-4840-862d-23e436f70399", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "a6df9677-9684-4791-bec2-7ac39dded350", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "843d3c05-2814-44ba-bc69-6680e7a58ded", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "7758a18b-e672-499d-9816-5a2361ae8e47", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "ae89ccbb-7c9a-42bd-8d78-1f0acd65473d", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "da8ec80f-d86c-4085-b8eb-90a69d721a30", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "4152446e-df97-425c-a0e2-e55b6035f896", + "name": "hmac-generated-hs512", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS512" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "ea0de871-80f7-43c5-8265-8c60cf5ef7cf", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "c3ec62ea-bcba-459a-bd45-790243b4d80b", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "042807b5-76be-445b-9b4a-cb56ffacdff5", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "1f69e4f1-9b1e-4215-93fe-47ad8cb1d1ac", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "d0d1ce23-337c-48b1-b9e4-790f9f1e538d", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "ce420ea3-db5a-4715-97c3-43083ec45685", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "d485b957-ce85-463a-8334-2091188a40ca", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "c7308ba2-0f15-48f4-a4d3-bff7d9f69b30", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "15eb1b00-d355-46d5-b0d3-cd91ee18965f", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "70aa3e73-6037-4e9c-bd29-6d067fa76906", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "c1203bc8-8e48-47c5-aa84-ee94f2c808ee", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "21436674-8161-4a8b-95a9-eae479b0a239", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "4103b288-fde7-4bec-96d0-cefedbee5c97", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "675b7446-5346-4d6f-917d-6f68799cdeb1", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "5dbb9de2-d4b9-41ea-8b5c-3bc4992d259e", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "49943618-291e-4449-a900-95a653d1e682", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-terms-and-conditions", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 70, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "5f460d69-6953-430e-bbc3-99f2dbf5fa66", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "56d2dfdf-00e6-41ec-9528-3d18032038cf", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "84811dd1-affd-4661-82cc-bef652a72aa0", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "d02673de-ae3d-49fc-b764-668219a46137", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 90, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "firstBrokerLoginFlow": "first broker login", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "frontendUrl": "", + "acr.loa.map": "{}", + "adminEventsExpiration": "" + }, + "keycloakVersion": "24.0.2", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/deployment/keycloak/keycloak.env b/deployment/keycloak/keycloak.env new file mode 100644 index 000000000..583ff5025 --- /dev/null +++ b/deployment/keycloak/keycloak.env @@ -0,0 +1,23 @@ +##################### KEYCLOAK ######################### +# DB related configuraation +KC_DB=postgres +KC_DB_URL_HOST=opendmp.postgres +KC_DB_SCHEMA=public +KC_DB_URL_DATABASE=keycloak +KC_DB_PORT=5432 +KC_DB_USERNAME=keycloak-admin +KC_DB_PASSWORD=admin + +#Keycloak related configuration +KEYCLOAK_ADMIN=opendmp-admin +KEYCLOAK_ADMIN_PASSWORD=admin +KC_HOSTNAME_URL=https://localhost:8082 +KC_HOSTNAME_ADMIN_URL=https://localhost:8082 +KC_PROXY_HEADERS=xforwarded +KC_HOSTNAME_STRICT_HTTPS=true +KC_HOSTNAME_STRICT_BACKCHANNEL=true +KC_TRANSACTION_XA_ENABLED=false +KC_HEALTH_ENABLED=true +KC_METRICS_ENABLED=true +KC_HTTPS_CERTIFICATE_FILE=/tmp/keycloak-selfsigned.crt +KC_HTTPS_CERTIFICATE_KEY_FILE=/tmp/keycloak-selfsigned.key \ No newline at end of file diff --git a/deployment/postgres/keycloak_init.sql b/deployment/postgres/keycloak_init.sql new file mode 100644 index 0000000000000000000000000000000000000000..334cb8f660f3708838ba738911a0e8b98bf89a02 GIT binary patch literal 141953 zcmdVD3Ak+8RUURh5`hLWNgxnYsU_6isJm5jof0Abn(n7oqwd$O?$-#}m{Q%k=iXcI z)vc;m!@ch*LJX3bL4ZKaNK6LAU~C6sJYr069LJ7h$Bu{CaU45#?AXM{j^j9Xyw;x1 z-fOS5}~uyVhz``%Y|_Hh1x?X}lld+oKKd-92Ap8J?jIeO{Gf6T`meex0fd>Z~w z{qPlo^aSbX;L;lCHI-Dpf^(|o=e<@3qnWI8`ExxOme+x@nJyw&dv zHMveKP)443?8akX`q&HCj#PKo@X6!PUwiDvwTAtoVIOb2{iz#oY23K>%yUoU_g~W3 zZrIG~3;yPlu1kCm<=K{8CHv zX1ckn9spRLHmLkI$g)92ecD)Vk7v`#qjAZ`gZDMyXL{0@oR3%I$tGVlF2}38AcGHf z`VTd(KYOEb{l%xBepo%`m)}e;^2YJ>Y&zfQFIV|^b}?dWYWI2%>4z4}d^O%o7xU5P z?lNZ@Egl_jH|L{Dm8vJr@GfazJ-S`ztFn$xm!t8?$tqv3lbwVI7TeV%SHppSvT0s@ zl`r9GAWgkL2;&_CT)tW@R(x4k)U+ai*6%)aAB?}F*MoE@sVrgL$mr3>!Sh-);1Br0 z@pqn&mpe%7=b_qEKYH*wY3=q0O5=~$>&0XWqwZw1T!0Wp!unlMniW=B(8#K;h3AhE zSz1eZK?UU(La!JoX>A8Y@+A_I&CXEi8qY67O9-EDp;m93L}Jy}hcDE17x#pIEgH=JlKSBuN(i8K|!V@@6( zI3BO3lSlA{9(dE6qM4FN%4V?~&0u<-Rg$aY?R2&oP3I*KE2(*)iqv2)4=6Co=!JF} zb7Xk*O8D3ln8nIiiBw{K5T0Xod?E0z?4i|BS`-wnXpl3?p6T2Hfqkhs61&}_R|~+x z@@2D%rqCbX0bX5$0XgK3wViMrgjV3?c(%DHyDq#bl9wzxm=Mhc)afKO5nCd9igCsXl%|vEMlTF@0qF!* zERzia3@(Pz*=oEi%H!G9`0jdiGF^jD>n<3OXnL(-9aADUN&};L5gR<3xC1KR|I_MT z;>zj|`W@vQu%fa7ujlc0ldq{B{%)v2*2AN*D`-@*sj#9YlNbkt=)&ev`0?I>=xq)N z%ZBRyjgVZI;dBG7pk%lkt^ zAiuMmYNZ)|t|o!-Bk;G3p~J9a5qzn5dML$H_?8Fc=wCpq`iEG0gF(k1A!bf4CWvT+ z{0LN&P&#o1dyNpSQUZt7VMapSzXPKD>C#AO586kc1i%?Rq-xlbUb zl}vhI=x3^06(uI0lKlp}qNt^74@iym-Y8MS7Vc>3E`Z zw6rruShJfMcW{DBSDC{24W$@+ojoAjUnIdj0NF?1sW1CxIYpuVV^yHm^;FO*fse)5 zvTE_jvcf!llAn&Z;D6LZFTLPU*z+z(=EV<)`zs~f+rz;2(E_;w8+ddvUM^vBqUe8X z74-cI_7Qbeo+ZHd4Jb5|7ESy*2gLMm0uuU%%$D6&Uj=DcN@01z>@oc?P?DG;*Sgeh zy40eXLP0NKxo*89WALwLCw3h!+QMg9uW3_u7@!EpN!%`KMQ6gP51~r zfH~EPKUWQJENXzRGEr-Q#aZ74goH3vfjd0|c`tfEoc})w=V7Yo7Kp%1?CTn>hkRM?|?Y}EeYptyT!>fPPG)^Z>uKH zSkxdZPuPsbbdLlU`*1)YKVH(ut!_sJlbF{~Q;wB6PCNX;G@4QQ!>Nd3VX!;oe0YWQ z&IiQ(^%CyA_TcCf0L#hZV!4>Z6i&q!9enJxXA2l)CG&_3`-G0xdSMAWFJMSW)tQHq zJCe>S0cD^gDayV4vN7apTW^n3(Sb@weI7u`m^T)y12X!BGNbJyj9hh$3b7C3iqCe| zl-rHpqE(5(>H~&?PhiM{f12u^*Gam^ zmDo)<*W(%NUf$j0V~ty>TBx$}0Z$$Vk)GhP&W}4*WoP4Kh_{N3n_?NJx2&=F*b7@I zFrnYj;6X(xo+V(^j)UodbpCaT&dyK=*5aGsCOf?J{49qpW6J6~AVQuS2vNZlxr_yb z>nt{~lX>=ZI)h!&^7tSvC&;Z1YlXN6w@J~snnHuHAFe{q-vzTLQCN!=MDe+D#-mQ2 z!LJ1|Y&DBGCEbsUliqrJ!H84G#<5p*8H0YoXoYmZ>}Je`iWZ_fo5J2cQqA}CeyKM0)55GpPS_#_#(9amURv{X@;5j^1fY zodEg+!i?^hDTF(oH+`po7Etq+tWGFY)k(e?PiO1V&9xMuZS__8sh7$}a4MWTvP;~O z?rV6|JmZ@f!o*R$wrsx?&-lkFh&-OUE-l-ViRTI#i2 zj13*r?-67yF1eeeRks(?uoD%rn?9)&lIxbNqMsAa>>1B}!T9KWygv8MWAYUU#}x!c zPH@8ajOgMiWxuK!fj{sS6L3JmX^4U|)azl_x(Q9BV)OlFVq?nfCN$O5(?^ZKz`BE9 z&CJGY2!mXrCCsdK>{LUflQ9~cXo5|cujUYwRECfeD1Na|DLtS#JtB!y*6OOL9oja$ zhu*EGa`gdFpPXSQR$v57$%K(P(H%x~Nkwx*LCWv(ioH4@wy%+}?KQPGz37Bn!A7W- zj#gK6w*kAek3bwUA2owob>w%*6T$C-F@zpap6(arsnra}>e*_sU5+mDi{pH?KA$eB zRQ;o}u}Uj2vZX&}jkwri{V0%&DhhzU>H!IRtxTBS1#T&AuKZ|WmEU5L06ie7=&aR0;kt0pYYmkfr07E;5=x3iW(!+7vA+MG z4L;sy!oKAJIr>+YA{v*GHHUU}g^4i0#)A{c>dYV=a=1Vf%o$SB&AYlHcZ`s+3e|86 zy;SLCkzV@)T&B(R=;NMFtmgFN)lU-oDn7mZAqX9i*$2eYm+8%^5G%^66xmz`y=x_ zKUqJrUSPN%gq1#W4*Lxi=BkA3lLdw7KyZOl6-^&S+G_!**poysI3R0i9_Sx3CAFKG zQg^y(6=x$v=DrWg%f$I5_n3@!!H##S#4m6_`2H`8UNl?48W^*t**U_gcB)oBC~Wmb z1+C!2UXgMNRGiIsIoarfLB^%oJlvyfHwxD&D!6>4CyI28x}H+JNYH$Ae0O9#^(7}G zb=fNOA!LTqz0t7%v`frEQTPb_I(TNPT2_$L=?b2=N8%TdWvfc=83-)cqmT{Wu}4W0 zT1!KONfN4@*;cxU-zSU&^MJ$YUyH-3tyeu!<3i-lPYOCoDsKmuvFO}rt!gtD`vDr~ z1QBlfP#E)T5viL8g!=!LpdLcZ3FgR)`+)jCj*7*TOq}|c$~&kT3&}SVs{^T@oSs15 zw}jquxEGJ>7pioMRToNY7}vs1%<4`YklBAHG7GzpdQJidkK$4oJs%WD4=L!lbf2@+ zK}_r3<3-X*t^?o>hWuRzg!ARHh163qZ8kR~qyhlf8J*vML%=dD<$$a^D72iK2vOCc zN;RehTgfxOoCsgzfUy71k`#Bl%^=Ak8%cO9C?(fjG)s2_-E6{Wq;S&#l2kxw2?K9o z{n#?t7&SFi>Q$#QG;dX7lM>TQsiLC2V_pEpt5*&GfRc&V07>y`B>?$=BJpn}kr+aB zDXuUtrVzBFGAv#|_LeACQaZmuitQ#Am*6HB&vR)M^`4+gBV)oJ-72-|1VG`*ul`8? z4v6R{NxH2y>>qt5Ai6j`1(PwiJCG(8gX*}S6h<3g+Tg4FQOV$rc-ko22z6*`;BEV- zGd4`GOM?f+V}%%~<%gb{gE^JAjBdEa-Js+D|w5j$QjOa@)U$pOXe z6J;@LsW>#-179YnkUdu-WPaHiB9?ZO5&=t3o8)1;3ku;?d`O~2p{lqNsZ{X?c0jH2 zQ%G5S?pm^LF`{tz@HpEMAJPMg!)Ht4(1p!N%(iXv1Zz`{%E5QQ1KfHeC}ad+w}iuq zS(Q*(n6HUxFzC<$;rnd>K>vg;yZ&I9sc8@o_+frC;TU5}7)YepZqs0O>})fPS;6da z*r)A+rFuK5xxyJZR^`c=7vRyv)J(c}K$icdB{}jeHoIzSCQS=Vxer4%>}UyP#FVzf zhJ1Oi7j^u!#J}JHA^y7(#9cTV{4)4bsduV>{so)`1;m3OTsdB8T*)r}=sb znXJv+U`$8Mcds)B2v3+gl!sM*1XBTyAP2d4oI^LKZwV-WPI*Hs)VGWCSw+k4mafni zDRN)=p}%mh27IsOFOyIy8Wl15CM3wef)gwzJ3g<_Y|u0$k}UEX?vfxB)1zZB4#ebC zT0`PZ1sk~3!1QgGrc}EBYF_U3dR8Q^AYLdWb1DOLK1P+F@-rJ-xew@BRWpIB~$KYdZAYz_99O4=rK*$i-m{`!u*3 z1+V10Oyd6?a&g)-3ToBBo*!}>jF_ZU56SUbMSd%huHta;t_9g`=miCBeEd$s{RDDv zqJfEh-6>=4VzV?O4rVRTYjE$0wWpnxtNHhyyn>X9a9sd>uoXQB9_}fmg`p32OtM$6 z$`iOj1rBY|C;L&A;~95I3|F_dzYo0SVmx`_EswRh)nQbhaHb)sa04BcD}&vsE1X#{ z>0(O21Ep2=u*vSD&P`RQSzS!zB2d?*C5)-2((ROW#V%m%YKT)n4t&GxD!+tmv!K+} z!fBT+OPvU|n1M$&w`?RErYWsA@NA?VwnD;aW;^m^i+O7y{zw;H?=*By@X#CRH=8Il z&AkT%nBR8*8W^wAJE?g_A3M>ho=;3F%}SFN&JzAS0Bses9vxxD8deVtI>qc%*s59O z5auT`W&dNM*4WjljJ^Y!r2mU(l0w>Dba85rgBV2fet1MQPK(rf#!O9EK4ihGo85UG zkXSj97daq?pC-8%+U=(DHtD7<@oJMKN@ewpNg%_r2F;x?(ord;fGPlaCk^)&2SoAz zktA^lS>|vs==RN&Z|*e1nJI$uTar*R73_m&DhkWVvO<$T)FHmj0U`Z+5~SThOD*Y5 zC-8c>HJHR;i_T$pfi6JPqG{GduJpYHlV7>>?{PpR+tLspwsksB-2-Jh8{0dA@k2?m z42qUx$at=jcDoZvJ%j1v|M-9Rg_2eNs0j0N2gDY`%k>X&FLnp|SeI_z9S|t;a8N;g znc!#?D=;_<_AP@kUcEUgKejWSFDu^3U~b2#vUJjKQB8xVbPfaL0onZfmQ3nK>}D+$ z45D9SeF2Lq-rxQcP=jnzcm>Nx39eAW5cZVX) zd}$irE|-fH9vILnA<{(Olt!2qKQzvc5(Oilp;>s71A_SvBrv;>DHu0}V5z7t-hlM6 z5rkhOLg*DTz?EzaI5@QYr6klns*rmP^nqI;cs)2EUiV2;V5`?N#)Q6B#=4LB(fwf& zIIgr4z3|IYCFnz0+@4x_XiHW`*bDuF2ZZ<&M2NeY3XycG+j!`~QK^#Y(TVUY#fdO{ z16$s}ToKk(&||3%)eq?5Ew!hg*~PhM*GDGTah2)RzB?arTLdk!$-Vd}T8W+mipU!! z5y^TTb$r6zGAu6HG5<0@znYtaUCA=BaNfj^o}(}B^(EN~RVaUg!&TytI3R#xWXMxHyXsD=Ai1X-KL;7Hx^E<<;)_uI}ZL z^@eT{x6>w0m(-G!)RcqKcGmxN)#!$ zR~s)zv~60%lpRFn39mx0GRvvL_ez*5$qId)igQO*9{Fq~w9!M`l1+)k47QZC*UShK z=QaB}U^z)17BZx{H>rqQeZQI4@dJuIMnCJHaC-w%;rW)AlG>bT}Uj(!{0SikR$PP0KwV|ULsEEG!m|Z{D%z9HKsy$$)TVBtE zxE@dr{=F3gy5l(nhu$Z_m#Ss3F4qudLDl;pB?YF;ZpuBSj0&&zE<#{e=a^_VSaJVH zPC(lLY-8={qkTY@AC{D32FGJCJjrj@9be`0+e^u3#R?4n!S~|8483d>RjpEK>jAO--vK`T6KT@k(I>(;suO(fyD$0Jgc{XFb{juB@eUuDsTHV>e8<6A;Y7ZE zSRD+Qde=W#{mC85-(};=WLHBcC#KpFymPwWI#Ez!D$$RrQC<2}Vh1nOGNmg}!WzrJ@la?pp9V5*q#=S2xYDTF>v+lwHY5q8o=3e&*Zv*6s z62j4b4GM^MdW@tVu)>ftXjh!PQwwS>168C&G0}pT5OkdM3I`GAZbv&At?$k!xJ%|8%hGUHaLt*qxt+ny15!0QZvuR4 zkGAMSG|aw+71htNNhND9EYcr9gDHu;ISq zxd#oQs;G2yDkypPE8CL;;`o2qfkfAuJ;+!1O88QBfW#ruQS=M&oT$-ASznQr0%PSc z2r?5)QfG~oWO7$v^9NG6cRe81|5V1huOgXs`{=$zz0UX$-cH{ty!~!$I5B%C6!yVyVP8dJO0T zmxyp3wOuTv{L_h5f*T<^0t3Lq2}YKfq9OH+J;e&OfXBz2hSV=+(#+Z?SotezGf$@* zRwCK}fe{Q8)7Al{^WR9)nRR-_$hPmuU3LC5P=lyK{er&!G@mmP=v&Sj=Y-f0gIu%{ z@ly1%;qQ0#fB^qP3E(bVNQ-IS?8wl$6-K9!>v+40Zi1Aq65&f*C7Qf8oPcL*VmM(` zE_PF$s=z!Sv4g=3eY};+yin{d1r1}rODUrH_QF2r4*V-FdJ&>kem zL=W9nemq*NAVI-AIx6wi@HID9yds9WldZc^K@UQ!UJoBxkqfzMJpSzU7j8WN*i+YUj9P<7+UgeW;xlFL9bH24$DY1% z?fJ%y$G-IGYmH~GKmCrza(fKt^B?7_y{`d3k3I2(SAFCDqFU9|{f+0If9jdXo_|N< zt=Hbsc+f5*9&XqwANu0^j-KDS>4sA0MO$&Z0_u1#!;#vcwRt@sS*~yELw9rhncgF)(cQj&KEJtJN9VUwrH6%R0}${lzbTqSt@+`i&=Fc=0XIKKV>5 z>%RT%ZGnfche{+Kg34L=(+%F=c=7sEZ+r1t<3SwI4>!!1(5w_bXXNB7s&*r$qNES? zn1Q8;VyN9A%&ah>fchb0V*v9mE~w1Qx^xkvW5}WchBaJ6jaw=@uRVUo4v%+34H7M4 z%^XFfv2c8tnx-cYgLYTFQ~A7+kQespKtv8{y&e}Z-zqMK1H#2d;$qn89=)#MLhm5y zmo_Zuk3<^Q;BJ%MSH$n|i_!8HI}&E)P=wX9BnT~rWN7SDs>lwQ@O|j)AiZBr7WxGJ zS4-%(dzqRXw4$}=$#kxc2IyU#Y#k1Z;SC}BA8Qu-TM6vB%30|7_T1E9omwdNU%q2| zvE1{G)dPM&b^n)1!1p?xqu0PY*b7Y5E~eUBb$6QJ9U_9HUnSn&t5E|%t=2XNc-(M3xU;_2HW`)oe=8Y7t^VNXjqn0ybfT>Xakp!ATn1OX zDDzt5K#nE#6|Q)4R^;(8bjidU)t_JlZteA(3@I`FHC=tUfmRZd@s2(EATdKaP>-5^ zS5wpP5><36jtDr)`39tBaj{&?K>}^ER7(l@TpAnG6eOgM6dmMIW|SZSFYeHq2z=aB zJ@AKA4NYaxTWW96f$j!?>yw~@eovJbuY_-`eh}CvtJGhP=<-%gD5?B@l?Wy5rgxyz zupy`Ov(Y^TBggnX`HEF9xa}jU7paW|-b}NhiXnXpbpG$%qc0LSOh;-`WR}Fk7Ev`% zi&VkF3tdVMMi;JX#XtB)(lqB)P;ph4aHFOQd{|I4H+E_)1-{=>J>)aGyn36A_&_Ol zhbs;S(D4!8=5q=1lyawaR{^|eE*uQn)JZ9K+FB{%MN>6Fr%S6Z7eVjp8MWxD%L5wY z4qw#+-PK(Qcir6npu5(}ao0`N1bs+!%kP#!?=cl4?TGbPfnPNl zf^QdBf!8BtBu<73z~eugIDY;t39PwF5{Pq; zhq&t}Q0T2L!gav!-mwdk&~xqA<78kQ{*lw?FH7Es0bJ3YIc~U=tY{>F38*`(9tcvt z-Uo$?y(PUp_TEx}n1)J;irSXAQu~oeRBBv$?*nFr%AGpG;M;YYt*8_A2|dqTacCFVf>F>OwuLAU&VjW$V%v$!`i& z^|NmG2*VPhON-4=!ka!v?PHdc(*zn(eKH%Si4c4Y_A5`qQ|Ly`rO@q6YNBiA zgD#y9t|XLua3ma0J?a@u?~?cccUgSjp1{|ysRY_?h^#hKAFo(<3de3e7~9nL|8)tz z3@-d?K!*#<*bdwP#3qYk$;!)^^R~h=ESnU})RxzmB|v80g`X|e2<$fNVcqQ+l}pzH zUn^nWgVR5+fc~qwI)Hi1!u+&xLDqOak&sot@|4K-2KA8aP?PGXMFb(6r46tg z8D-?3jttP`=l_$k7iOw0Lzb8U8rkReXefztO#`4qwdfy_P#$E>BMjFdz_xTe_pZ5c3)# zHEroSN>F80L2BAEJxgfQnmV9Gch_#oVD(kn)R0vlw2W1wDffO@R|$9-r$?_%3oKZZG$%_ z*dzK{Um6O##aM373?8Al6$3csoSgV*PLf9q+g% zO9{5vY7+Z)P4G?Bew$8w@0P*us^vp){KN;GU*o2h4?$HW7_&>=)bb&yJOyRl6)z0{ z{QClegZ?m6+lAgm!=u=*6@SaBi+N%U$5oVpt8Rz({bQj(YqgQu9*mnzLLRkOPnvtw zcl*yJ4w{4BQ465M13-v9TsymfLk}tk5|XjH8;CUCDmytnlcIG}`+;%`Wn>hMhAf0N z`flD-fM{4Mc+X67No+oSC5Mx^%ebNnS+*!A@qa?Inb9>7n>YPO7KGo{*=Ma z)LjL6(;SCaBzzgT-vvLG#QfV6sLPF1!QQnS z%6nMp!;JuNG&oa%2VvphwaYki-KjSw;O1{VDNx(#7X-@sy+Qxz^8sb$6jp0=#%sX4 zTvJ=FQFSGp5Lc^l76hS#Z%N2P)Lcph)pfWU3%^5$#Ztf+?9=uU=0Q>iRMu0tG6~<$ z*F51jtX+CH@%mx$GN|!XOwo%VgMh0DPOqO&XK=^^I*MYSN+RG2m2S<1Pu3H4xS(B$ zdYjrme@~#HKkT>tb8~iM3^LAbR2nF}@~D`CC!mxrmIqKwUj1dv*e26D2`gMo7Bkan zbEL7l9~6&7x;IWJCWk;hqTr5EMO2TvBmTTZR0csgnE1->gS#`F;b}VM(B$(8{O5_m zBGp<#&Phm0T#LVMcy^EWQ!4AE9tB;avbt1d{ijj{ZnxD}-ZqoNU$1Wb;c>F$Cxx@b zn+KJZ!M!9?g1b$i*c?i^+k&=|&@OAv2jEgy@}1Frp>LPuy9aSjIOl2ym47X^r+@fe zxYTj2sJaq}$rfDUT(e%|)QlT7mcqE^&Rg5W=(VZEzY!6JtxmjEoA+RzvJ-4-kyF%D zg6S#M5;%E2mKYO7%_#s+>y7_570sWLforRi4a%VMw#;J%aLRkzQ&FdUrDcc`uRE;- zCNp)BGE9SoX1Ja}oK|37Einm>D?L1qQacjRtTGB=TVcS!om z_;kFy*swyKve6TjmvMsaagv_SXc691=D$k{d~BUr0#0t(&%$)HGvgs21Gq0aeoj3GQxFFN|nM_2eCa zy=2i&@9zx`~`o)oc$Ti(#99GmMIsodp|Rw zs&JD?(eUY^QZ8V&-YNvFIX#nd0kbWYBEGIC<^#IH@t;XRcj4?41{oIJ#EX<-gn8*s zg~x<7R>C$V+&a)m?<}RF48vy2fvzjsCNL(WHp>$t;yoSjtzSscChH|H(~HEY_A9Ig zHxXtFG0`NcSZ}}03Ru?^YY5WPOLuCR|A@Rk@~#YvV+>CDV_&JmGio`aYbpczn9~)H zCm8hVPJ(${Pdjv|8vfS;e1m4zIT}KT=^70893YDsv&zg*>~|O~aKT!D-%|#Gw~)29 zslbFXz)9mF{K7l<%h1Wb9ZRxBdR31*@QJG-(5L$5w`C4nM|j~J|Neodw>=ejyR|bs zRS8>Ogj{JgUpfpUIjO|M@}edM)I0MvlB&<((j7b{4E@yUxzKb6-2ur(M@n-B=%20T zo5@;zyM{Ope(Zc}f&;OcG8$;hAsI?=Y|nAH*m(lY%y;h7pCnDRGquR-G_|)Eev@Pt z?-ogGW=B1EtKhZmRxve>XlGe{_bmyG#8yf;qYdvs*=V2cq$s0(smYk$DC{)pQu%KS z8m>PCi|Vz6F@I#a{t07hToI6}lro5plceF$hVW!OKJUUvbsi_r z386k<1wWO-FRZT=+QpVE4)hd}I@cYxkcJhiuO+qZK3#FWLIkwaR`an=IKu|Uldq&r z?bLiss;GkR$n^yp4E0I*d`#LaMLTG$9`pmM+CNo<9?pVeV2AFk6g^XX%L?^2F^-F( z_M)mvz^m|*Ah1LA4d+^2qsBkw&Wu|wrvMwN3B3vG7*JjP*JWL;UC8l%ytedxy*)h< z6n4smELB`W1h&P=d8?5Gg{*JJe&gZvsN(-(+$2u@dub*nxbb$Gneb z#5=?(1JJ-be**5CD)8>tUxoFe$r9ErBbL2XIG}yj?@TFoMNevSXJXO%G#2fTOG+<; z!=e~2MdBWPdX^L3yYZC?N=S7jY(NVk1KNa2g-DSGQV2us^-%57Ddg7#GzTqMe|=Gm zCgXce&g1W?j;yJ=3}9n5geVgXgCL(&E?HWxd{Vb>TayQ~qtK=6;rB~?4B#5&*8`Z4 z;d#2sC!5iBH4TnQ1YfWdPI}kOtG0xKprw!pZ=P_;GEi0~Z+2Gz|W-P#&Xt=cr9If)1#rGvfgga6Vb)eOz#j%tQzs-;jTA^>}rjC=+ za^>S9eDit?^-W&PK0Q|Y@1)Vuf)g!mH9A6uV0^2nKYtRiJzcIYB@f4P2aaqL6ZW9)^pvX>exPYj$3hTWI8o2t) zDe#*NIUrpPjufSgB(5JNtoWU%M@z>Hlnxyz-zcfF3?iO!ZSKMq;%Nj!;neIRjgFKj zDyX-V55Fl&hl$8Tjpe42)Y3d?In99IY%KyhO+AmpZ?cm3W|;teJBaeMInQS>GQd3+ zxGCAOkviEM)?LN|Z7w82>!wuDd)QhMdD>J>@TpSzK1nIH`uaGv8muhn;Wv`xr$7&D zC;>fu7@FG^^ss^y=;4#lR4vfk9qI;rl_cry&QP6UR~^uP;*0#^IA5*Lr%PYpiw9Uq zzf(2~(7LN&ugZj=>uONns1B72e$nrd_hJbnwkS}KgMkUg7*H<$k}v@J86@*{Tb0%e zL^Jwr*K$1_T|F8x;1V*s112RdAN_7Xs$-KEQhKO}%Y z7(k9t4B_>zA@{}J`;5sOSJaqqEuc!Ty(cy}n?Cj#F6 z4&1+v*MXdjH{;{+I-i`6=V$qBaW-2_ZZ+6XK`QdQJEPB5#qq#CsM-v<(7GnIAY*Ha zM4o+0wO5ae7M*FoP*VCGaKfQ|X+6FexKbE1>&EgHy2UpaOStwJE`Vd9PbnLrUJiWH zREW5ZB`TCn%C;0*jqoQ;)&m_fC8+^0px`$|@FD65bKm*h)re0=n;bBQ;~XsFDarFI z6Jaju4`J4VojQQ)SI^^F)Lj!#YNNkF!m$q%Y;g8Mp8`NA-6}(W#G?65pg_9Kl9U$! zB~Njfrc^a8PSth%9yO7rKKh3wWIK>f^9@8oRXPY8w}2R1QPr`EEW|0B(3hy7ZUOAD zxe)6@O{i5)xlJfG&dGMza!n45D_}rf0q>Hy7z{h=5Tm^b-S2v1r7l5-k2DFRFCwik=VOld& ziF@YvNo-`0FHh%OF#e~)TL4;B*(`tvtCQ0HTUs3tziS~Bf30^?n}|;37yYGL-|K%( zROu$-CrfDdVcQ%H5)u-*o*qN|#MuZFNbG*zD6EXbF{r=s;`OKA_Tsh1gN4{G$19A6 zR}22a08CjaVVjZk1`XB%7XmuXK@0bri0+@0mOmNjo;L#6QFvHmdu!A_8RxUB`Skea zv^yMM-dV3U+tdD?n~*@@J}5&k+DmQQM)h+PB%5@U*lmmv=)Cb7l7A~Lprt+KbdS0a zF_LV*9zzh!sT~1SsZ1qidT^@rwScmoVUdpGL2GhzcAU>Ihuz-lxPJy4Y~4;a=CdUABwT+QB@w8BpfKU%{6nOFh0I7ndG3?l+m2 z-z)RhI~suW+df-J{lqpBbyB{bpG}OWL_52%hpBt4>Ew93z0KDU63S8NeTI7|{yHsn z&?(W|%H$p(^N%7IG5|@x3E6Lw$nLv9lu*RYd3(e2vg!~`rOAqr6O+~?T6Glb0ZQxC zBeT-V#%Lq+qKtKb=SF_|RssiZnHUR*Rokjq7oh@?ZIV-Uwf9v(2Wm#h2PyQv#>0djVpxEeCP2 zn#9^H;5CeIvB`R{i^lge!K48(@WZ2*fg))QhW&wBQMz0Q=w}0OEqJk1blO@y_tf<# zu6@PPOQFOOh6+9Y{I$n!Tx+OL8)C`Ev)3ETEqKHxj|R_7kGGq=@!|_lU4OE1yjkUW zbAJ*{La=xFEi`$jIPJ8%jgYNy3pYL{0_n2SD4rZcI_#U zUsD-Kuaf;S^(rag&31#=tK%La{SN{);max9I{!-O?eyf%$iEY4GrfqAjYO0ysE=QiQZax}N@e({3>@2HJ@}#wh5twrwLYZQ{|pNo-qE2C3BVRP z%%K!9j4+51qosVXn9EW^WoX3>h3g?1Bicqic%n;A{+S35B;omVA0Bmu5MF6h9UE7K z2L_Lb;3N84ra+j~)j8VA#8X4Uz(Z_Y8#RHU_Wf_kzzmK)D*{Hd$-#3Ip5;YHb-gIK zGe}l~9&UJW;a+SRTt%C8K{L9Fg7;5k@P_KHV5M-7KGk#8A1YRu#)`+SC?i9L&&cBq zL%b3o6%EwHho%VLN;-Vl=^Y_vhzkUmO=fDXO(8)`G=ijf+(W}I=~Voh{zr(0@87~$ zAs&sQ?s`BBDGm zoY<2 z=@=}o$pjJvgaBC;jrj139I=b_q-99W$C)H0{kFcC)$53jOEWZPbG%O2_be zNl3DG>*!MnG#HY)6E0Z510{HG72k@vuplrigvZC_bUYA{2 zVRTfii^DSI(D};L{X=;x5TxW_Fi7mYBe{ z6ZH^?u7O<12xOr=sQ#<#E-4O}VTPB7qD)mZg6lL(#G1T@dy#WfCmQ~sUL`lKT_lw$gjR09#QcA9T|@S#Y0V(R6bcx#(s18}~`6uuQnY!<6%If^T!k^a$xxY~|rJTzs##d9}fU2eEjAg=wrF zW?g!Q@i%0wGPi-{cY^~851m9>h8EfZB@Y{Uw~E$(U|^n=RLuYuM^^QoZi_RuRCqbo+P0T7BLr`0z8TBT=AmKP{cAP#3Ud@|R z6j^so@%Y{tYBeQm^rDGF;X{I)Zb-NcU=pyNtfCjA)s{lTE;@q}mC>`QQ_GJZ) z+#`J6F5^>p`miIA=nE(DapcxwSDQfz79Urips#RYi=!(IkE^97JSN03qq}%tA;VKd zX#_9JNDu~3$CI3oDHPfTBvy_R^BrmG9%1!+WUP9H@wC;4_Pl&MbilE@#egwQ62u`E zJ;Q5wn|Oxr3L|E@BxW8Ml8kwegm|&~Ej>EDx}dpx zgxM=4%;4;?+a1uVyEIhfT^w*iSx?&B6DuaFS;vVys6#{^defUAZ`TU4!saVT{JFXd z`%w?Jd(DSb%*Y#|d49HVErg*i^&o}2u+@Soy6WdMBuM+6mUCaYF0HinK}Rg>Hl~HD zf~d>sK`I+_wD!92koD51$*{EDJfQpF)Dn*k9yyDwUbbWekgGY`$@DRj6+hcbO`xdB z_BSN=SHIJBYHSKuuS5Q7rSN$-I~#Qq7xN&p?m>6ShqNz;u+cPC{BJg^&!5JkDtS^?>QpSfsC(f$6!}T9>m#4G8U)qTsM9h%4v; z6nq_mqZ>h~k)vpX;+T;E90T>>Y18fS_sH<{-C8p22P-;kxF}Pu8aS$n^qP^W`@qnA zf~28`oyvT;F-Tgh1}NYrSZTT7C>5Y zRKHO)O>I%~689M2mr3|$!(vVDcMY7hxPu6HF}w_3#XHLQ&N69rC3nKslo~DO2%l_^ zv3;xy9vRplCxJDD+hXk2t=|zrEwcMbOu3zavgNht6|k{lSgs~f3{CgzqG*S<{Y_B) zlkz+~a3}7-#PvfnjYU9Zkljb&i+b3S2ZXr>#qUvZ^pZLbVzESVpWh%N1ziz@CO#vOI}FWg*8*ogT;M2-p)+c z#Kb8LSpm6vir&=(i5mXjEDxiuTNmkWV#Y`Wg?D6tD`u3!X{iZWWOs&hzol>ka! zB5@7XL#j?Ok@_e5vpiijaEXkfxtFa z53e3|*nFLc7u-`|PqXTdT#PYA7M{Mxxq?n)Y^(%VkfIeLQ#3M#YvR<33a7C$nJS85 zp?Vlaxl8_{h!OaiUk!>Ft#bXU>+Nz0SrQ=EF+cv;ASS*j#c70fFIE@}r_&QBWa?3I z*5})*2UwSe-F&AESl^rV;bum>kIT?Z1&Tcw1d$Cvp#UWBrpHjI%=}kA>4%lqLnXR~ z@!!j+6kD;d)2A+41ncaQ7a>7~(_#TK!sUUYDIjm|#Qm#>QlFYeUn<)JnM=z6xxX-j z#dLDl{G!6cI!B{Y0Y)aToyqeSKx3NH@*}5Yi0ZEgO-8MN-z7s+?51KTbR4z%KLv($ z{gE;pEUL0_ROwbUDDw6xskY#_%v4_wos1rM{cDok4B@sgL=IPF+a+8bm$QepSWC!z-b3SJdIpD( zFe}x?;v}Divf>rNmFjE7rI+_$Jt%rKOz}QRP&(bh3fiJs0WNZgZonJZXX;;6RL(eM z%a-)uv3`83aJUUne|yhp8+m488?1*}pU&rBEn$|yy+t|HRmEv{E<3&n& zSScKeuT?%EHCBjFfxT)^r5L#6bw||8T2OVGR1bZ>G}1b~o}0wgi@6z@;>1qkVG#%!j*b&AKilTS<9w4-t6JCLnnF-KyKNj7qiC2qi`&YB^^q#C zRjX|E#*NfND7x$W=S2DF4Z_g^zDNkC2D2=Rn|Zq^Bt;pD4Schm!mvU2YZSlbK~pkr ziU#W8(xE$BzbNBU@rfXs+UC;C{ zB@FwJc)GA^RwKw0fU(u;_cHdQ&iJ7hm7@qkwV3HaEwUh67aWoZbd&crZjC@3^2*r7 zDMKe}wH|nVI+y(`8MJ}7h$yBI+&3~kGpd715WBo0 zWjuK7H`6)ULk>1d<%!OgH@&F|2=y8NpajUU-&cc5X+>Nf!bZ4wPepWWkS*nb;=X5s z#)@{x{S^Gja#i^qtcj92I2f(5en>_uJ8HndVLJmIlkTOsqJyohg8eY`dQc=^=|bD_ zF}Si0+#_UvB{0?7eYkWP1BhFLX4X{~ZH4}>(HPT~uQ%h(cHQv)R&JclYCHvV=UKe)jomPd$0P@z!haXgnBp`=Q43*WP^X z`D@o7zxIN?t|ffpLA@lvCCBcaY$!U57Z#9-DO4f1>VFC~dxGSV<@&ZxwsAV1!KEtd z7$e+G_fqIxr$0338l%*`zhB_8pTQ;rItA3hrs)Ra35<2oIK9{85GRQP5 zMi8AVa1E?h4U|5Fk#8H_Xx6E@a3tOTrl12NrZx1D9j!*+h!Y!1dEG2fCPCa#!g zhPD+lqb3ZV7xk51tr>Ej-KjeaJG3u*v!isGy}}DZ3-ze!(nZIQ3G57-t)>c;G$J*J zy(+M$&mb6BFRXC%bX)D=pxrqh4~Om39%RuKM$dO7P!a1FxFSu4T$##vw)B^VD0E$v zOhC*l)A=WcU~j&{(FD$aMPPIp!G{ID`UA*YhJgqM0(92UQ3o+H{A%aN%@R(IA)F@)i&q=YcPXUx!|-Kt4dVIF9zqM`M(5>*(k z@;Z1Or9OgA2SlB8x`Vbfq~4!^BdWKQCe>6(lV1r(lK*{$naO{Aq=YgaOCCY0L-hz6 z!0jAb37Uj{UAi{>4vC;XB=lUa4$<2nug%xttg-;mrFvncQ@uhHx>61ISH<4Ngn#^%5s(?0DlH;dU- z`}W;_b8?c+o2@*PNK4ITQbQ7dQrjVaRTozncQ3Ig^^7G_>ek*wYCExIJw!dtXmpI_ z7bPNxV22Fg?LsAkE8&gJq5|Wu(-~*63cZyLB`SY^0x-ELflRUWkj${&%9<3Ng%Y=6 zl>sV@LKXYDH@kXx7K&7}+oNve@0Hl?!{tPMct0)YZkN-G5CC#}=V$%i?Cx=XIljDg z`}Eeda|><=IUin1A!ek~{mlPC;Bt`l zTPh!e3-xxM5mdIl^VLQBa&|hrJ?ouro9*_k+xc>FdAyQH{HY{T=GcO3LS#>9m9l5* z<0ne@Mz}+ZyT!SF+?YBTDy$!;d7m=qjv{mZ+zPxJ0% z-o2XL&Q|?fo8INg`ett;QTL4r*$!%#IFlL-Ia5;}XT_*5jBZRVD}uhTBuO2qM-tc^ zp;a1LqaTz>%2d`8J>9P_HcQ;eI-Q;&QG;fFGrMzg=j_f&^LTiE-fv~i>1x$nNJORl zm{AJ?Sz@CMSs0YUYzO#!eMLfcqAqcqiT$a`nXxfppT^iFG?4WJB4@BKfJgLo_k+1C zTc6)K>CZa(aJ;#_y)~ZPIa{8dE;m;aW9el(T)|$<^8#ODll$?N@;lQPW(*IpH+!>1 zN0woWt_a>Qv!x9WcSD)egX4bZ>N3A|y4hwo7p>*|X4c9F7n5A{X?{;amc!}=uEZ8Y zu3TN*;0lzSQHm+!!&Ro=o8e6CRZY&C#;*zLQCT6;t!;l$;B3%pcGc8{8~kWxO?0Rn z-W0!8;i{k<)#ksu_Ffua-XiON5^2rhP+9n5*8|d&E|FOK)_cL4YB8iuD>R-r^<9PWCBANwDOGzt zs=S%YP)4cxC7G(O+KVH7N7+QX13w-qkyhQ5SW3klFg2%!Rngdf1f@3Ln67Yk26^ed zxzVbwhyt<0iDcFL10pxzW5lBxUbh$Obeu5?RX>xwe0{ai<7!P2qZ--yd|8S_?g+I82Va<3;-t*1wxRn0nhm_v-j+b9#Hxk_JrDehBjE z3Y3T~h78#)TVAoL6|H%sf_@|K&1f~TSM|n_or%B^p>4oEJ*xR5GG}^Kr5Er1aSotu z(mlO>+37A@7sq#Jv&Eh9{A_UCy4{&cw0$5U$WaRdb7G?*bE>)oZGp=vwX}-*#f>hp zQ}u|mK|P&;AujSd{Rx4%!Jt1-%V8^Yn8UGH0jZr)Jj?Aq)_+RGrMB0E79{%OMnmFs zmw4v#RR1QU|K_Q5Y#f_x)o~s4`uL zR~HAO&TpZNJlp8+40V3b*wJTY%699})KO32e<@Md3a2=wJM0`{;poiRu$w)IEVazi)dpr^cF{==#QJgurfMocy@N z+yIW2zZM|J-Rs2!5`N)9NH|TVhT7C9O8uF{*moruBh`vTg)Q++DV<$eK|WKxS3Eyq zm-Z$o)QaFyH`q}=!*NZH)o0>*mqXHhkfUpC!GCxiL)MD^!+-JKjk@_W5)`YJpD`> zRVlwNtwSPdaRE^YUi0C(7Wb_%rtJ4d^QBHp&9^_1J*`Q_YT1d2ojrVduY< z+36mAuFsAdMXqfrmI&1l2yR>_%|ji5XRmw?96Ey znXbu@QRs%va$pY{3Kj)@E&I43G_@&7iy8|!#iZ+QJvuuk_SDijh*H)47b2Zay;mZ1 zp3tcjqQquuuY|9@0-LJEkW8(W`O&DptFXl4`@_w5zBH@a_ogbG>8x28CAau<5>?%S z_G^sS>&0Y>cPrV%$H>xZz3Q#otrE2JD(4iMMJVCc3fz5n%0|4?VLX)u?)vV)iE3TBKF@h#R;YRvpXPW8`_CqX!~&d zrjFj&-hm%B2ppG&a4d?@)x(h6hIvt~CZibe|6U?DgIjj?8^WFSIx&QQaR+|A5mB9D z-Mm0?rLjvx{O|1`*8Sa^=Wy(r?N^BXCoY=5Eb`plS5 z`#Ykhbx-$ZST8?^`T%mFrfC4tefg^0%iNU zH^;#Qnl+8LZ%8N5KP_>LF=rj%Bf?$X0%mPs>~rNI`qR76tC~p-R<7lcS=#kVR+5=I zfA7wH74a22TDBxVTGwwZq~L$(sB7;i3CF0qlf)*sr6SeAlJRh1M-q^0(*Ghs&w&9RST4kk4 z(HJ$D_q?jxRs$laQ?{Rbb86J7Rih?BQe@M7r@(2y51~9b998(tdJ5N%sq9-|)10ja zoAcT1csSc;x4W0O$K77Ld-LYqy|N*N)e9_&Eru*k&Zn~z)lDvL^zi2^#cu6Qni`1i z)VVunNw>iMJAt%82HVdrM#S7AWYU}Km{C-xXRG;Uvc~AQ*?I!OzhZiTA5KWN+VSOD z5Gf>$hSUYs@uSaw#0&AaPgn$`-5hQyvsE1wCrc*KAfao%%Ul17V4`GG)d4Rj$ z{eU$5LeiRFUy-mfj<5}ep9C)u%?N3y4J}Vr>;|{Eb4*|#>ahSxQS^cU?wM2rE4s$$ zj|wb6YT1s8hSN6<1(^WIM=+WoC{7|I6@yJG5;=kDi_;>yxsV%O5l@a&dg>v=Pbw^q z^opm5>C)a*DQ5b1da?mjJ(^_uS4FD219jw8cRV!SgReh=+kcfJJLS*BblUx;z z)ubtP_BHO4%v8~#dL+RO(OSE~*#yHHagcmOAPEjW4881a`FwmlgK(St5`&;OcbB<} zm_N_D{YCe@d6nhMJH7c;ezH34-R%!=N~C=-L7I+gVpc%xHQ7(UeNu zrQw%K6Cl+r@K!XoA5ke)DRqS#ZACx!=0+G^bUyoeftx`KOph;6+$;?nHij9dGwh!} zvm%j_%8LS}!zvSOn3FNV(G;&dZ*53W8@uDF#4z{jHcc}lsd)W*^khwImz$ZaN2Bn6 zRG_C1{3y%NULJ*)PXRHr#myxflOyqzx<10ITVP0RE*w7goEDqROMh9xB=ow&jTx~o z^*HL&`#n0;9rgVpN3ep%1bNy$hjHW6xyrk?fJH^K-(AiwW~)J`J-c&rGH>1Por;Ma zQm4Iw+6A7(2KVJDl_f9e5XY3*n*%Y`F{3KFJK`rKrZUJzglE3Uc~l%x%Sp-f^PYq@ zA@vFDxF+^xBX#PFbb;f;wZAw1$`F7HaMYyZMogD#v+t7dA3zQcydW=3qr5!5yK0`z z#_QX6XU&rwvMA5`!&U#XDJiqmFe$2*Sddx^SwVk*5a_PH3Oo>ROUOpiA(j)VH}yDb z8&?EO?%F_zQfK_6z!6yLeU&$e2$W|Pl-UHSbrN5zM3pf=)cHyH)STQ;+ST8l zz=Uf+Ad77?WUlIJ_U$|Nh#OdJclIVs@dJ73sI^U2Kz~Fctkus{gdE9D>=r^e1HpHA zi*|Yu^vwxqq{=12{Py-EDiskY^@b(O?@B$A`X-7|UZ(z4iKGmY)!;pCZgkY5?+}EbF_TNSWKARLE)3$nXM)BFY?6CoS zt{zBQC-iA={^%@a%nKUY^n((A16U@Z z%T*b=-r;NGDS^3a)9Rcrx2>DQ?y8+1FY{Zg&hSnz-}a=D_Nxg3`DO(E#Fj$_X`Nu) zU4pwPY0`UdY9BW|ryR4iCE1-Mc71Q6m01Gk88zWOYxL8B`o{#K2kmZCd6(2X=sli` z{Nfn=>gUrX+9ci=_@~5f%7pZ)DC!o-^`6B)8A|yvsmcW_vecfV*GkbNZd`f~;-B?s zvev%5B>Q!VrYQja6LqQ{J(=AKb`gbihw7&VdcY5&GsDO3XpgCGR)wgaPXHoSFL4&O z7*ZD3#Sg6Lxd-7w_Ix#m)MHTKi|;#1g%(DIU2qAzx(bz_xsK{_ug~=ZalVi?Z)$7QhULD&wF0&QVo9IAbx#; z`1MNh>-pl>*N9)w6Tdzm{vQnUe)n{EagvWGwHLq_%gsv-_s2U$!dJ>1;1BuQlKy=k zeBR!@e0^(Y_pw^=;j={2*TesN+xuDPq?h+62YJ6U==S=@+1s;oxAw2J&OLHJ2njiI zziKapr$_CRaW0cc(czm~?Ny{S_rsID{jI(In;_0!4Skdnofkuxh=?4Akvb~y@ZF}?P<;QPq?mw<%b04K_Eh*d8?aTYw@c5w9p0rN} z$Ct+WL<-qEK7VeUw@01Z2gCN{_PGn$Irv|K^H60RUt?vJv^Sa!3HeH+xwIOqh9G!r zbAR*E&AsiK6!|WEbNS}>=KgkO9%OZ2o$A?pclIC8_P4LyxGGY;J)7jG!;|(TU&@T) zSary*UcbC~b^GAP&Fk;k+1kDd4^DcA9sRXPmiG^C?OmEqj)d+=_1e05{RUSy4NL8% zAha*z#o_qr6IRt^J>iX-G>Da@^$iQrTJ3Y;>*=)Dy*L<;hw{_*6Z_k{dpp;66+mAK z2{b_VNw#w(+r7S@Z9lQIx4)OwZ3Y^wy~~epU)#)v)5DWq2dep6$U|1s<>0+TS5n#w zTc_7r+J)sAV}2R@O%_r698rtw*RE~v?klhHUiU?IeHUt?D;-p3XD>T=ez@^}oY;zCv_SUuR{QVjHoC9Zj z?tZYpS_UsmlGs-@QMJ#8l!{v^y!<77=WsBd9FOv`tD}5ot5o~z_D@{9#**|XY}K~t zs=4%0y}-=DPoBGgs`)yqnl799>-h6ffcjB&T(joZSgU;@JlX6_dV~IDaNE7nX79^DlUpD=rue-~Ul_`_#$-ubh`9_YbAdy-9hr_d<3Plwqv zy~*vtRDF|uaL~_DW}Q(EcGf*O1pA7sVxG>F<#Y%VLY6bV)C0MJqB|^dlf2&sIE9eX zazvA?ET@R9Si792+|Jv>a#r+j)l2XjYuL(?@^phf$T-1j^(XKKsaBwiBE8Y2`cAh_ zQBc3qJAta7=Ji6wsBb?DIgUZMOQgNg9zp5*psV$)KRwMyy$({1`mIr~L`GK!(C2_M z>8vDI&in(e3<8TG=off`)}))eJj!L$(N?XtXZj!FOy9jyNYkFQY!=HKqrn|$xkh{f z*>0D>doKs81hpx06Lk6Hppe3J z^-+G3x5s&R6BrM@y8KAF^m;cRo(%4$-%(9fHy?LKy`eB)*`i1;#K@2EtgfDmq2iZ# zD%Rw16FN!Qnf^3%t4U`HX$}1Koh|K1x3;fr-nt6IB57KeMALC#dX@)wR?k0#?cuS} zU^+C)t`MqUZ6D^8+MaK$Ekzk<-Kl5L^5@6Uf`=`4{jm|WVM;ok{pNT)==4N;xpg`m z*Ry9&PxKS;7)RjxgVe^!*xrSy;u0=N8h;LU87fWK6)AUDg9M>>o~V+jp?{vGRM*4E^J9;Dd<`5;;XL@XN-B5EDJIlupbU>el}6aa#N8X_)5I3kd0b`E5x9C;-9B9-o!S;(8qwU-Eq zuHCpkI&SxSV{#bww-SK+?^(DZKke_4vkg-dqnr9oa0J#@Yd=w;^^jn{i3K~5W06q5 zp0w{*fFMd$g^mV=$CmwWfwl_K2+NLCJa}E&^wnPfDKRD;90^k%XOltZCmPRd!ZY?V|6Opx(FAJ*~+ew_sSy>6LL;?2joORhiD;8= z<`5I@fwA7jX7Y2~KtFuV+DV1RKsO`FVS`Syd3ZR=??C4thF`?M_&f|Sbjq9gQ4Zmn z4zyO$I9n&7gEexLqEl>%E>}+#=7t%cVnYfO)DU3_)$GgG_d!9unA1TmSfC9H?Ogu{ zt%q?uaJ?lxhwdF>6}-d_VO2NptaT3$bZqyjv>xFhjeb#gpo2l3r?=ji?o&+VW*NoK zI4FhDErj!gN$&K!`Lnh!YDtpH&4f?2f-O|5>tq}9a?o|#+tO-!Nrs2xHu4dfmK`ew zZ_8HW*3BK!sp`QD@4S7-HPj-$k*rP7B3gMot&S`8O(iSkWg_cF4S>6<$ZS0A+!iBY zaNHNvAX!WtjkA2xIlBQeM(9^rFV7u$n9}-V3Wc zuhBM<(f&seRQ=#C-o{Ezcp@!{nS9V6aXTxqOz(e-7`aynueKoSNChpIj|_5bDHRy%BPe*8XNv z$%HQs8zED6tYavoKq@C<6$1mkHVWuCD4P>ry!3!jE281{w5Fo{ zBIW+ita8KJzb_7z+YZ*TmOsHp&78dU<+QqYp*8Z<)W?sukCBOd9njAWN1rmPidEq) zg{t77U5rlr2Cow>)ucLF_uI!<8(vyM8{oA9J#a-(mN#i1Q(qGvA)NCosSV*vC0$kc z5~h)BlwCaqCW|5Pzpw0|A26_3i zjao@9Fx5Dt=F9VK;oQ7xgpS2pBgUzj)nW81qLX(2c-lVB<6Z;8OD;qv`l^Lyq|1k` zEy>l&XhrTrg`UhRR7E==SGk-cJEyM!VNB=Lvq5bQ^|*(+3or2T5h4rOP1Ql~aR$4A zGSNX34IB(d=AGPI!4qG<3F4_A+)IUpi(T z{PL2STyA$d`FMOF8w<0pRH3Tc_k;G4*o%@_N2*eDjfSywJZ8h@#Vv{ion4G6{T6FV zYiidb%*H)x;KVld%dFq@Uc$y@s($7jCB;BlqbuoSjr3>KKbpn=s`{n;LfRd1x@o+h zoa3o8{@o|Iq9&3Zm;c7vLSa|gYU9&0<0mACp5&qRHzpWokal}6!H0# zXP@^H4$6vN0(JfVJInd{x*Wd%=VBQYru!&Cw^}xp>e4eFpgx6?$f-@S8rE%SHAYmi zUvFN&cWsU-F=6$(bq&2*a%GMpWAaY}3YG?R;oIyoz8aUk^w6J;2 z#U98Q6x406_r_WrvHQwwR|<1dTg8b1fizURh#`EbuD6H>n+eaa;vG{+9P7a)cg&`e z7>bGa%dwx0I{|9G25DDXS zR3jK~T(c`s$~watvw-d2aH0j%tP{O+;~NS+rOr4QQCgi!IRMM$f;{K{x#tsh;zKGCVS}};%*Zt zc!6mDxO^2Buc}^!a7L0{W*H0uyDG<|lm9)Q>22~Tn<1N^c z4%?Mo!(?=w+(#?RG+TYG>Pa=pfHNYV>cL*I36XKpjTOAs^?$KCvfPk+P3cb5PqO+U z`&_YZ7(C{-eNuf=rmd~t-{=wPm`<~&kE<{dKg&AqxT|9%f^FbLkHOTLYO3naiP#|G ztXU`xH|La?(r8&@hh&e!3fCPez8C6;exKE`hB_lno&bPd(7)ya_WHa4HC}U_N>l%{ z(XfIh<}9}*orSg%M<5ye%4+MZS%7hk#G-K6u4Oeo&O=+`cE4LTsTa-*4oQgHVQbFk zR#qBEN1c`C#l!B}^2OEeYJTzXXrq1c=;&~1`KX)cOKa_O4?ip#Z!J(+TN~)}i@aC0 zMaiI`^zmXEmhkaPudBLuaL6^hP53-H3oOoV)3d;;$avm2xu;XxpIGy{-#&ym2W(V< zDJyZ*Lw4Hk!z6qcj{1-%7>w_ZCv)#$S;dRtA0n$I)_9oxI7-Az!a2m1dyh=WZN~9l zm6O@G@Bw=noOTKI?VZ9oWSKbDW-fr^w`E;7v)fZ( zFoVu-S2BAtfKBac{u62`&ZJntj-;rjZzXH$??^JF1YS6<@cT9D)>FC znqMGm{%V3_*Tadc{S&3C?Q&3c?snz2*Y*j}tvAxD9am!2hN*A{=ca-Rhy(M$rp4*5 za$~Mo+zv)6dT5myR!Gu%8#qCd>5*F}nlDqa999z=FbK zDrZ04BvPh}B&1?hCpH_gIXDJ$qZF8OW3ljni`%Fd)#MUc6VZ6!ns|NNxI&{+74ou> z>OpPNGfv)Y(t9R9%wS7-enA`oJes_1JQ)lxh^=~au11fL_}@?k^@G;=v{qK+Kz65p zrw4s^=;Y#FB$Y`&7#SKb2K_3m ztFmW4xxMO}uvB3PV^1fg9fhVwlwR_RT@DnK`~$-g-ZIcyY01+huj(awn4(MESkk;; z2%rS~P{UJYRv#x3|g44Xg7t^a7@v;zc7&y^`w16#! z(f`9Ty1F7shEpz|!fc926lriGahgeRBF8zoW=A~MbC3ei*5epIQdqjc^s11BLH;f`muV%4Ua__nsC)R3t7jz zBH+V|sBl21-LXT~n>lRhygZl^;wm>2gc#XuZmENU3ldAu&Ybp3(6<+sHYLw~?J-(Vf>J zjG*MW_xqKQl3l?byeqrCHlQ((r}2GIy3cVoo%H0XnkKHHd%|<}bJvzp7ix*DtUnwK zBxd3p?+dG}2ManZT90#(6~9+uj;PMdWS#xNKa!Y>c6`+=)xPIJkEq@avfg6Hlo{Qj zdIw>PSkaGXseX``3J2iO&l!b4A{8E__scM(n%J3^>eAVOH`Cn9!Dsx!oe#N-R^ zaeo^(fvVFR8b1v>+mSZvQQ$mX?^$Q-7ck)u;zm=bu^75;@f0eXwEPsR&b!KNs2o0s zejRB!>ZJIJ21AY<{@7Se6pvh2SD(Clnoskc{^8(RY&n0zc|!M!F&^3n!j)WbDOaR* z=NquW3jhWT4&`J;ZCeP9eX zV}!mKE?*hlg}e12`e8ztN>#?m-O`^F7p??LG%u;Jxu*dYl@)pSKVj9hwIom4ktJTA zP6$1H5$EB(chZV_X4;q5q`nAF-YwWlPv{iVIyt5l_feEO;ijYRIV+jkYx9-D+&f)0 zc1B!hR;0CJ+(h_SUmq5uw$kNF)y18XmRf>thf~vt3?ltm;Fk6MTePqmN4pznp14qSCyR9BdGCnqJR4LO{s~g9UZE zHU|K*MTJ&!ipDc3>0+53FHR2@qpH&3lBx=OUBqH2TcGIHV0C?x>k9;LrB#;R5JZiL zn8{4BF&*KZVh|-Qt)%xrAJOqB%ykDLwu@1N&jKRV5B69aYjS?toYsgn;AeRaQ0I6W z^3Q4@r3|uYm%~{uLH*R5tk9TU7E^EW+Gl3|+-N}6Ia+cY@_bJ3HsD_9`=$HgE-?88 zUh~W=XRUk4l`z*|N>`>KzoC{!a!Y0Wq<%EbshBl>e)e{rar?cTGD~Y=2ILc+HSZ#k zik^?u!zLLu71sdknKZB5I7)g8(y{Ys-kUNiYG={hgELtfyoQf0T_@}KN-4X#+|5Y@ zS0a(igTErIDVjdR@5}n$v&l1D-xgV4Kf)i#%T1mAc=;-O6K7YZCnuTg+UOOsBYTZc zb{@{~ABxYg9Nyk%r2N1@Xr&hzF&%Cu?r->9 zWIyMHtkS`5LveKZ9$bP3L2j|777z7)id8)Kj!`~3@(z_ z0LMhP+M~Vd_zs2cKbzOIb-4z2Z#oleXZJ0K zlQSoJ;XTaH%(zrO(jGJ%tfUl`0-1#|EUX30;@Fsy1u4Vlu*$H~kbCdpsB6sr7jW#0 zW3jW;fmB=&oVb78a1=zK3*j_x-TROrbL8dXP6`(%7pWf<2!zuSRsPn)2w+3HDSk8T(!4z;goNVs1rrwB0@J^)C*` zPph_5o~MG^;m@VnU1@B)!lu0NS z!_nvQ9JS=_b)u}z@p#Zt;TUX6ALdL6y;opQN4?Q_q8KLTt?O`%?x5c#o=cRNL$aJ!EKnnT4|=Zvuql*6?ia>eO3eW;_<*2PL&G#x z=hv1Sc+5GYtrYR)0ax5m+y_uXIC*jmVM7Ts)l9sI=WAVF@gs2`HUhXF^TKsxuSi(v_)-9XXr#5+1>(y!u2I8ee~c5q%W$VV#h- zF4)}SQCYp6DE6>)>ad0I;N&olQ7LdRqgzr2muQXYUhhTTcqkAT(*TL^f%?G%+2)2^ z(IRw!YI)dGV9g7dQQ_o*-3jmIT;+o;a1{oD~PYc%4WFQNSurVYqI4x*#`&xT$Stk zm$G{)R!pl0qB7i?Xz4?kr74z~imF38kuM=9zeFd>On%v7FA;>rQ(&KvuX0CgB{NeC z2X6PqaG1;hnsK=WFDNuqTB0YL1&|MCOPL%WUdWa+@x_JgFo*q3nLNA-w(%XpPAd^O z7t_c`(-Cat8=XStb50_z<8#*DPU7hA+jUhJVhU}J!F#GCcqRuDF=;3Okw_%qx%dvb z9)AR9iwKZRPh!ysi2D!K4|YYc*+TTr1OPYTP<-6}h^vg*_D8%huPfpQ=(4GaeboHj zDY}VB7`CkEA`SZsSvp$kqy|C9UOt(Cv8WESTmw{trP;OGVX8}DUc$75Ewwlnk3cq# zcB*rE&3+RFT%{JfQr|!tODrd`OGk}^hz0pf14D#sy?Bsx^mTxm>2F(*E9wM_zI+j{ z4NZAhg3yM2aby*?&hJfGr+mZcL0x~M#_S?{b367m#FYupIJXL1`B0e8(qQ@;_whQ1pO zCi*%Pi6zq=6@5Rka|t?siEf~kL8>Y>G|pM!L1K^?tU@+z#ZOA*EHlWRkS!)6;z^-5ZCnN=UeNTeihCSpgO0#|aZl*)o| zJtn!k2}wGkj2`AVEEmMyt6276t??^B2v=gTR0B7jZ!4xUct6dnXLh)&BaQ)Lx|qzY z8_I#;ARL94RF&|hlFDITk{mP9ZwB!N5&mkP@Rsf8D%+#_x$Nw#lUlr%rk4*c@x(uO zXiJPr9BvC@>oqJ}jb#}i6tGh~vDb~67t#zd@fopBQuW_lq<#@AL5vgpq`O@v+Gs&r zOt0^?EUPQ(6k=1}WjjBP{q2{g{H;(3_iCDH-WE;JTMRnmXde+ExfhO8X&>PXj0(AS zR3)Vs2uT0StaXmTUyw1sj-`FIQF|G*wf)J_!A^g3IP}jV#?1dJ$2|FVRq|yhhlonb zn2-qIq@p+q`N^o=c?u%s^1K?h(S|EwU_x_pmuu8@kSf+dRmkC>OT^68Gf?1B`+!ye zmEzuMtk1cr zSBo9ohE*l8qR6c~Dxo|;Nz8et*XQe8)%oKEX;JTT#(tnGNvf!rB~c%V6P(loYfyssX)}Q~x!>p4e<)qo zC)rtpLFx+rxyzATy#FcMn8(id6)Va;Gd9neNM*XjJ6e*H#VA$AE0u~>3#D@5MyyI~ ztU7!xtw5iNRm0Mk`!o3Y(-x~nTCf+5=`W?7fj?Z(YTzU5P=g8B@u| zs+srGyn6i!)VY$KF4J*E&;FFesyW0KL->O{;VM?`il<_rY^*wbEln>UALEICPV{zV z=az|8BLEh|mbeIkcCN5`QY>Z_rBXbxv1;=|nxW6csy83Kx}BMuiY#c0Vf8%C>S|+k zsVVn>oASWra$EM;rLn}jX|8!|d~R>sQ^Sl(!6Cw##IbH^?93i=3gklFcq!N`T$|d5 zJzN(juxTT`mHf@LlB}#OZKw$iE5qy)8u6=DRpirkLW4lCkpEI!L(g%v!%^QgF_mUY z_5&&6x)*gsHtv`0LU!bGkaRXi9eCfsMZXFnXvU@Vr>C%2s)KrPUh}W4``%3^ly?cM zKmxH^z5vk0XvgTqP`LaNgRMpr+KU&$AFIo&YpvQ_;4g92>7XyW>gIy<_^X23hvJM*>1eA}0v@CZf^BBJ%=jx!XBhc>f zpfzf8Kbmc}GB>ZzL-$q5+S$Aq^z3s=6Agfmmn?$75anMT#ukF{t9ck#YjU#v+KnwZ zrgof9;4Uq3G$z~ zH*4~MsMF!2aA*?Dv4h2fI5%!e*m;nXn!DxY#^UQ2fs9{y(JxEF>K8#G8suLY$`$N4 zpXH%!$xE66J%Jz(-Hl|uuH9e}OX=XlMVXQq&8ufi$gsbW1!sM!wge(-8y5fE%%QF7 z!CvIM8Tl;_;3QdBy;JcgT9%^x>=K9PDQ!7jKttt`6E7GW>7nL2J}53DBG`v=;wafC4$yYV%nKzRIDS71CEOt?$1A5pLXk6w zG!S3&0H=qJWM&N3WLh5f_a`-*%#2cOGU2>r;L*xo;mJ_5HGsO;fO;Qz;EU>S^JC$* zDR_{t7JzKCprN&o=LHn^mOsV=x~jT!r$e#cL8!C%mxnPOYE*Bt2->Vk-<$5t>8uH- z;EBv_f0BMPIX$t0d%)kzL)KJbHaH&!;Nqd$El>s)CSJeNLAKK&tyc4D6Yl5!01r(| zZZp^#^sY?dOg_*j^A``(mnUH|?=xVT$2??L%4JXJRhW0>Ug|1tYCgfi2WN`OTV>R7 zGXR}{j|Xl)RWq9h3mgyGJIiHELZ))94i@fp{vZ!lLk3e&;4DL*dH9mS6qE}MB1%L7 zY9_&w!4#AaVZ>GU zmwBw1F6Zi+i96pv%!8&@5@{Ex{^21@wy5f51}^DhX{}Qsyrd!PtO>BZe5=ES8;u{~ z;cCe(n~#lPJ98#~^I#=?o_v?a%4N&w);m%@Ph}h<<>gu(C_HoWH(8*Tm*f=xPXA6% z9YvVAKY7TKLpqlMjhlN;>zSGfNlx**EC|Qu9;*DS!-&TaKgPq@sJ$H6zN#-x%gi4< zgh{VvUZ(*xPbv6R%x5d5dFFKjI`e2=;P6=CZ}Y&Z;{~q{I!|Td7Y|r6jwN1Yz%rR4 zBUM0sNfIcLX>6fZ%<3b9RXj5II1f;>CQizcH>1M>Ah_v7Tzov}16s$uVELF#!sGXJ zs;W`;9GGmG2wu~^ii@$?nYFl73T?i~>Xwb8yg$z4uU6~%YdEjw$L-GDEdGiIKe>D- z&WJ`oPN(dYiijoMOPmp*=5ZobT4m7J@SsI*n*{x+$rX*>63MlOijRqfn!Xrz7Mc2z z2R|7fUup!KS2a09Mr+svxjY*%k& z;Q>!7pUH;-*v}mKloD;5&71%+$hoo>Z{UH>-(_7#V^uB#zdkx{_j_aIwfzq~fXOKX zKMNW}KLw?o#yKZLi+(1Ad+;BtGAcv5hQ0BJcu4hXhifuWS5b63k8)hur|YeM?zb;jKsa4 z!Zs*~0XNy#7Hc59qBzA3Q&oo-$4GvLhgUUJW_gfOS@Vg6G#Mv0ZzjOBNy09eaRA9- zn0q(cC?Pe%KCcYj8XkuI6COGhlhZ4I6mt3l30$&;*Doe;Gbw1;k})~^Dvg?XTp6?` z?xp@c9<*jnoW&%zboEY7;H#If)K2|2ho;M#@r_CCG?`QAc{x`H4L3GF$$|#g z7{3~{)19J}!JnhMJN?7KvpjUkWmzsS8a-410#IpTGOp(p5F?0luMQ$^QhtgDu_4#I zNV(LxJ_5yQuKwm>Oa@5399SHKB1j;UYhL^!NF>Ajt3!!H^8bj3a#i*!?Ro^cjw|@Y z!Kp0SAn|y9_u4g94Byn!aPwPkKef*6kk7 z3nPwF|5FymwI%5%_h9E!`#2X^PAHo= z#PPE{lnuE(d~Z4&4n~vSo%|XsdL6;t(pmf!4{S2v9B0Jf8_B@Koa}QE1;%;wsS;IgbN^2mC(xjp|0|dS#)rW zI<{Z~x9&g3>t$0mPf7~8n$rErL!Iozy9`nYrL5@o%K4`MYCw@WNMOs<#^ z^&<-4Aty>DVSiuBO>m{s_)|qzcDU=f3;QcP2hG}RGzZpsh(8YU({}IVfIHGCxmHBf zT;#z69F|beZtd>8`_^`LUKT2LAMX?)EAywJM44Ad5%)=dl}E89=iN=krRqvC*fXJ$ zeQ=Xc0e~WNQZJK}88-6-dNSw50rzVxaBwV#Sg;^u5|^Y);KU!iPb~yaUbaqd!!)HR z4@b58g}}+oY2d8b)mM6~`49j@mu3!dT_y~;F2TIu;=%ZDv*5xp6?O1-0!=x;BB#=%=EBFqnYBXAb$RmO zqJogiQ~{+z&Gib3TOD0HzdCcYJ$O*`J3P2*>y-sp&$gk@yzVB)ohX+izTwOm)u1QG zowz6#;jo;_o_8G&jed`Zc(t~o^;g9)!f2k5+B$TKCA8s4r_ zGED?mY-K)Lc$oD2JRhzlRAN|X?LPAG7y1*INfGLzT;)b7buaWMUO_34T`ASU#iOU+ z<-t`Gdrl9fqgJBwpe7@yF0Ud$c`%caQ?Gy&kSh1;AmSBHf5?Kkq2{85T!KA!`l|#p z{E7!PITsb@&4Wu6NcxB5aE>UD2Ae9aI_Nk8`v*Met8(~iB!=j#5nwnHP;OnUn`Rxv+rDi$I=CH!lr% z1pLQ54K2AWQb^%%T#*d;U-01HE&|`rhR5Ac#Y3K)@4=N|(2h&0?kMnJ@3WYh+2tl2 z?I6Y@LPpo6moTGY0y&kP>_3Eg@(`nfNN=3%KcIqQPplIxW<1iu_UIyGGW}cOQ1@r4lW*#d^QiR8jm<|Jz#lIlj9MWR}r8*n91>oS3pWz=LHdu zN4}5&u>qH-$hAm9F4;Tx7AO$k@v!!bIv6N-9$%D@2RgYHi4dMqU9!BS{ubP2rI#e( zUdM|W4wjqCYD{QFwkrvwLQDDVS3CpBF=3o{0Rdrwq>oOHk%$6mg(s?4JvzF9$An+N zgT5*+jWKfi{Y|lRN8Ko837{YIWPDEOv+itGbZstEt4?-*67u zcn(v7C9Ns7%4%ax8_TeUZ6Z1?iX1or8TGl?qP#3MiPhEX`V zZ89W5jSHbLeOD2twu}hSxPZ!du47+xH^6hbv9_V_FKaGu$Tg`)PxZu>d-zW;q_R6Z zWWt@@t?eh&Rb_inLw&QI{5Gre@7A;HyY?D0$QzdN?CtD6mK{z;d7hoG>$2o+0!xsu z+y$y~HCKQpGOr9z1NTur%EAL@mxxihlmhlZgOY{IuvnOcvJo&P^9bQmNmG!u5|E_} zstz5F9KDQfSiH4reql`f0FIxrUw9^O4T5-ZAH1aDq>mv_CLQoipO8J@vCd8qh$ zcIEob?VZPV)s=bf=|kDg?JL_iw|6gZ?^(qbF1fDn)l2&BxZXs+FiwQQA^Iq?X(~R$ z78)jTyHm2=2xD;7XWTR+^S|0d-_+f1g*@6ybvJc}5B`9(a1Bt3r(<-v9SMt=TjUmuNihJ3pMws!3 z-<0A+G`QqSJ-Q4`hHacFHsD-qdmEoIn`HDs2orUA>Wm~+NKkgMqFGqco-S(YU&E5H zx?EcaIE6^6@zelFN`h|=y6WRluQ^Y(SU+08P*@hvSD^rizEDKcqNoM$x*5x7lbR;B zSmY`^%LZ&^MK@q84P|xFeUh)`d2Y(EQz@R|^!60Fe{MFISYt#;=~6MHr$d@Xu&ncD zqj54Y6;+wBNJgB>Y(Y;@S?7{&wIZv09n03*a_z0kD*fZYgiZRN;iKz`Grsa;1!Vd8 zv3BSu@(V>=)%|pIdlsay{5?5~kfho9`34eJrVl7k^fk3}jZPnXJx`y$`6r|c)91@v z$YV0Th4i8nk7VhXP{^3(Q9Q8pC6BhivK7)t3s#v&IQmgKPZ-l0bClgq@um8C70Y9D zx%LW3162^*LCYx4?kS||YvC1kxF&$(JR&Xtv!Tx0Cf%WWWEt5m5`knPD!(%5tF|Me zL66SydIJx7Q{BAjAG9ancV|M#4?1AXjhVl<00Ea9ONUG17l=u5sc1{_o?Cj-cXj$z zrQ0f(XCPT+x*#y7Y{YahT6ln!v2?93t2_LBsYAM)w1uYg9gAd*C>N6l@X@S^2bQkn z45nnjoQ6_F7bQ|<)*6N_wuA9%p0%dB-$>ty4a34VoO_b&_If`I z^j&{Hsg@dspnx=EK~hGRh|1t4hSe~QB{(@tNy3((J1Bz_zPcWm5tWJPF5?xpZ({Xe zW4ZPSFhy2~*8`XWDO7+@oV5b@LQu@ZbDnbX&~lx=njFZ3)FErLa2?25on&L=%X%)l zffsnxd6Lz!rkZ4*R*((4x#G}-LO%ae2|f!=m?#fZr{!U&b2opQ!}?9+F}dnjS3OM| zCEWacndnq>1N?c8ul1#6dE$i@+8i5fcr%~vdXn%-Yt zG=ovem_n0)wnF>VdeG!92LwYgi6(ywO!e8$H50BfY_{+M&$qBFE-%ZAdbId^`RGos z0~b{*1=b&J-3p8_Jpd1~Oxhq*Eap#(Mbl>SueZh&SO?pi)HwseR5XWg=dh!{`k5H?q{hM8Rvp z-)ZU$XTf-tW9nN<_{pSo1*KqODvZsOCzTpAWZSe*n(AakV|3h*E%RhFYYz)DT(`@b zi+@$T{qmseQYOPEKb)k>Wnyz?cq39qG9V&-5#f9Va%S6QYr2=WXBL>?)n#kz6-!&4 z=!UjBxRpc(23GJ+kp@dNEDVt=$p{H)qDN+pa+2osAdo0*2AV?&5XtT#L$M{m5S-lJ zMHv9q6cRN$aH5E5;b zS3DwCJt3`jUoJS4d=?@1}DH`in(tnso-UqGvy)1;A@g8k*!`cln%lKl}x)&$n(I8QJon$?m`*aif$1x zGfkEmSn=>sp>25{fOC`S;X?>Xk%N?|xMj7NANho)h;fbYok4R7Ey@FYxqjjE6Pw(ZPQX!) z)Ii4SglZq_Sul#%w0J_*#sZ=SG@-(5Q!V0OJ3Bf}(U?s5o^-uLorKphEoO3`0r75G zMy;50^SNRSbpe!$Ry#%Aqf0Eyu;4~)#`6#eS%xL&ti+s&{!B?nTY~9S z@tAEUEzS7p(5tfP`Be`S6p_xzHb3#IUktZEs{Rw+Fa0*2_+~9DAU@TYet4lAi;`kG zIp$0=xm#9-^PGb$>ZLdkIk#w21pR@zyOIktFAs!DZJX@nd%Y7q>cWSmT;^#~_jrTr5CJ4% zS>j*Y58#-2rofhDG>Ri7C;=G`xHr;XJl}SuOxa}96BfJxcV_w$`0&{+7H^n9e+|fw z@%Hq9gZ!JzR67Z|R|rB~Jt2YLXGT-$y+ulmXjdg!@MWn&gc{y%plP^hc4nI=qFH+t zLBv#Oe=5%KjdRmri$El(vj|BN1Y~h6=&>@Q@P^>zSO5WbhaC#%KFksT%Rl_@OO!MKW2Uk9%(En&bmD#Qp${#^*3n$SB@uDMSwu%HHamP|r2i^vDOpgi&cpl+_ z*ZW8{@N!q_}a#65h!@3}vc9Pw1Rh z&9Qs9U3i?Qr&)U))I=UjlF8pnsNSG2>YZ$tlgy}tPRJ&LDTX9P%P|Wx$wO|HSh2-$ zGF2f(Ixusx3V)d8m$9ViH3~cZJH3fIoZ0nzwXVK2@*_U{(Bnjg12ceD5_{{&f%h>xX^h_j>( zAx`HPjYz6+oNjXQQ(QRVq2fe=gjJ}NEyY^l61T76sZ=wK;=T=EJhL1qAk=*6dsvRr zA4pNkl~znFB?6*0VSl3BeK+m|8%)kIvSP+|Nnz*1RNX0VXmVSoPuIfzf*TyU8?YeY zBJdzCPU)STzABrv&09~Vg2Bu)~@RNW#Q zCURqY5h#%GZl1JeO`Jupk68q+>mLQn97X*1XQF@m{dTldDP%@tHa-}(Gm0`u|bz)tLhxZG?OeDa+wXDvy07UV{g6D08qtVB<+96lLB2+AcI zp5S>PS9P)qmm}Tc$x=3CrONDIcq;}+RC4Kr&8>hWTo@ur&a2G2BPD51PO#XT?6XL! z>J*vfo#sr!=$4uHuoS^W{u_LI@+eXcKN&Ag&M?@T7SZDsgs4$ZW}50r&M-KUQpEW3 zR3Sxo23+H#22?nN{a&6F6?(JM`lOh>W}L+&m+#pe3n?+hU_#(~k`9}*zuztyb+d1z z{Mf<73Q~m$1-$lPYsNfU_&TyDStek1U(EIF!Bh&wK*c;q=KXyzc&1-4qwrC9n_UR* zWknO>CGg5ZoJb)^QtUhr3`&!;J6<^i8{Si2ipqq*1ezqq3(cYS|I2woRFmR~6cFN> zE@vRgF{hVrF(Y1Kh>{9^E7_p zV7uq2*FMSOuY74ax;~aPpr{mvwJ4om^!(%{!+3GMDH}^mSl!kNg9cy8Q`wYL4sZ}g zCJw`J{iI}{AUW)Td}xM<0uU{(__VJJdeh0-2O&&sO_U_n;Wu3~vxPM3n!S&OAFNQU zwgGu0{GPYrY$dtcM%0#^dJq-%GDomiaAnEWHbM*lE(X?{C4-W z*S|O%KYb#vy*+B5jC0jF*eD!#eicLH@&M_V$O=CVq$C6}5^ zBs|hvRwe0rF-fwQ$8i(Mk)-54C~Y_xPmV|V7!%SgjM^NqguwC-G0Jq%`Gic1R^_DK zn#5RQKzld)TwMlEY>6(jVj1iuIkI$Bqr4j>Llq)WnAtFbN0x^?5lwl}mVgT!+@#%^ z?DUTY8T#yy;w&V&zysw*n+ZzfibR%DlAPq>TBt07A(X{fQ{G%>##7;!fGFs4`;Gj2bdo!cOzAZ8LD7{FU)RTJ@E79c zEaI>{9Fb^}g9w|}*hon)BGJWmjX^+wd<9rkR z$BBI*5c#TqPSUOVbMa=ie{c7lVkZV2#NMCQ~zpn@E}}_9oF^x4}I-<%j6_08d9#ZlpG{ zIy$CB7L|;%n*0jLu!SHhX11B+Hfk#j?FS_hPLj$r*e;Hx0}r^KVrkIFJP1km^2r2N zHI5|}=7X=coOLAED)>3`q)^2nYARSs@|cG}Fq$Azs>(F2yGbSOyzm;G?+^6;uJGf*uswn(MsngPd9Y2G9nDdg#xD{PrG;V69}2TEo&02g3B3~2 z6($HotIXNDUeC~4*71vV90%<4oT)fqC{`AJEaUT%lj&i0r8raGZN`YXD97usL#TG4 zWce~xAxn1ITISx0mX3i$WDQudU=fOl28M8AvZh7-g+)_k3q-~>o*sT6?@YMUy+kd9 zV>5P@j0%QTCOUFqf;s!vsxxP-%G@Q|!i%_vJW91y$lF#Ziz^se*9@e+ugHgoMKZ*Ni9ETgTbK^C zw{)l%NJK5(4o_ZF9@r?4N6L<#IyfE)j61LzD(_D?jy{|MLY=@w*%8hjS&vwP1%=W_ zL79he{dl+j5CkMnX7oD^)3$aWtcn`w~V_Zjs)yI zdlZydHN)YaJio?eNZLeH2tpsu!=#ai^(A$C>HFg;)IA9(=)*cz!CpcR%Vp%ht9l%@ zzJw#@H+k%vwO2z8^lo9nv0}E65ss~Fil{aj=hX>1?EhHC{qarwF z62&5xj(Vf!yug))v&n$DFiz>YB4t*Wjp2 zPHkXxn1+N0sDY>(=V04ik?kj)yT%!E_hyzmn9Y3{^l?iqrrLfMHlX#}C;B7!!2GUR zp_c1sU6s^)&GGnGQ(8_J$5>*a2#8aiIZdc}XdA7g3UU%gStw)`c9k<-)@#=rx;xRp z^Nr_tcAK&*M8lnA7qQK;oW4An<3zT}?4LFJNcbvRpgJ^qvlb|U z(uy_QjenNa0+@APhkA=B8q)Y#axwfXEqM#f!2!pgM9r;B0ZzRT0vl=o(m_%XDKhB3LYAbD&oS<)<|+TszV ziD9-VQ#Q{!HqtpeLY;J#>1^o}<6CPDH4fRpGol}4>4d3kaaf$FaActV7rtq5wwa8R z;1YNSxndE0Gg)Nvz_>^>+89~6suQO-AA9zQq9k9<6Q}O0!m>*f3?#J*#?h9XdBgda zq|FwJNSndtk`pS!l@@pZ9UZIGEOl$QHt_Q z@Ck0;*1Cjot!r3~h_#SRz&sp^eEq{=%Wfcd@* zg&!|!{fY8;Dv89t5cAkza-x(0fT6ZX$|@AgAq7~a`gd8c2#Vs=e}<=6tu=8qxdlB- z=|Yvb;-imcWf$tQE8-CsIS+k>F4Pl?Ztq+IABMSHs3Ob6=_0bejwMUqD3K=1w#gh- z$%)c1?^0CR0ufO&bWD;HrAVYgnw&gUEDCi>xbFWqa3rlllt&x}C8QRbEQ0&y$N}Oz zH#5l5l?;IsIr5w#aa_^WiAx>=MF~f<$4i!^@TGwBV3_w|GVS6dA5Z8*Rm|d6b}0At z9GA*c^@mCH`j>*EooP@!aQ9z_k=L)XQV{+0vt}D~Rh4OoHC0R@zz_Oty zy*JFHcN8uA2umKUSlICl(I3Hy!^(5moYBc;Qzzu6ANxL^qxHv%`Z9d>X^M+QLWECd ziKsm@huFLomyo%-GT;;ZH*k#Yqr5USYmd#X3{%k=O07ZqkvTA>rod#xl2;$k!opF@ Y3{CHJ4v}Y80}J3B{U<$%!g_@N4>3nzZU6uP literal 0 HcmV?d00001 diff --git a/deployment/postgres/postgres.env b/deployment/postgres/postgres.env new file mode 100644 index 000000000..7ec5f2c9f --- /dev/null +++ b/deployment/postgres/postgres.env @@ -0,0 +1,4 @@ +#################### POSTGRES ######################## +#POSTGRES_DB=keycloak +POSTGRES_USER=admin +POSTGRES_PASSWORD=changeme \ No newline at end of file diff --git a/deployment/proxy/ProxyNginx.conf b/deployment/proxy/ProxyNginx.conf new file mode 100644 index 000000000..c91551e24 --- /dev/null +++ b/deployment/proxy/ProxyNginx.conf @@ -0,0 +1,147 @@ +server { + listen 8080 default_server; + listen [::]:8080 default_server; + server_name ""; + return 444; +} + +server { + listen 8080; + server_name ${APP_HOST}${APP_PORT}; + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 8081 ssl; + ssl_certificate /certifcates/cert.crt; + ssl_certificate_key /certifcates/key.key; + server_name ${APP_HOST}${APP_PORT}; + proxy_pass_header Server; + + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options nosniff; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + add_header Referrer-Policy 'strict-origin' always; + add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always; + add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always; + + location / { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Fix the “It appears that your reverse proxy set up is broken" error. + proxy_pass http://opendmp.frontend:8080; + proxy_read_timeout 90; + proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT}; + } + + location /api/ { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Fix the “It appears that your reverse proxy set up is broken" error. + proxy_pass http://opendmp.backend:8080; + proxy_read_timeout 90; + proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api; + } + + location /api/notification/ { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Fix the “It appears that your reverse proxy set up is broken" error. + proxy_pass http://opendmp.notification:8080; + proxy_read_timeout 90; + proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification; + } + + location /api/annotation/ { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Fix the “It appears that your reverse proxy set up is broken" error. + proxy_pass http://opendmp.annotation:8080; + proxy_read_timeout 90; + proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation; + } +} + +server { + listen 8082 ssl; + ssl_certificate /certifcates/cert.crt; + ssl_certificate_key /certifcates/key.key; + server_name ${MS_HOST}; + proxy_pass_header Server; + + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options nosniff; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + add_header Referrer-Policy 'strict-origin' always; + add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always; + add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always; + + location /keycloak/ { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + + # Fix the “It appears that your reverse proxy set up is broken" error. + proxy_pass https://opendmp.keycloak:8443; + proxy_read_timeout 90; + + proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak; + } + + location /rabbitmq/ { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + + # Fix the “It appears that your reverse proxy set up is broken" error. + proxy_pass https://opendmp.rabbitmq:15672; + proxy_read_timeout 90; + + proxy_redirect http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq; + } + + location /elastic/ { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + + # Fix the “It appears that your reverse proxy set up is broken" error. + proxy_pass https://opendmp.kibana:5601; + proxy_read_timeout 90; + + proxy_redirect http://opendmp.kibana:5601 https://${MS_HOST}${MS_PORT}/elastic; + } +} diff --git a/deployment/proxy/nginx-selfsigned.crt b/deployment/proxy/nginx-selfsigned.crt new file mode 100644 index 000000000..f9dd482b1 --- /dev/null +++ b/deployment/proxy/nginx-selfsigned.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDvzCCAqegAwIBAgIUL9YHiVgQxrFPSGq4nMe6KbMznaowDQYJKoZIhvcNAQEL +BQAwbzELMAkGA1UEBhMCR1IxDzANBgNVBAgMBkF0dGljYTEPMA0GA1UEBwwGQXRo +ZW5zMQwwCgYDVQQKDANOTEcxDjAMBgNVBAsMBU9TRFlFMSAwHgYDVQQDDBdubGct +b3NkeWUubG9jYWwuY2l0ZS5ncjAeFw0yMDExMjcxODMzNTJaFw0yMTExMjcxODMz +NTJaMG8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExDzANBgNVBAcMBkF0 +aGVuczEMMAoGA1UECgwDTkxHMQ4wDAYDVQQLDAVPU0RZRTEgMB4GA1UEAwwXbmxn +LW9zZHllLmxvY2FsLmNpdGUuZ3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCYsoKFVSg67/NckladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRH +AGZAjIO2sGf6vTFO7SN6LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZF +e5jsGd7owCoEEFAirJpz53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoS +kOhlDXwgGtTmBAS82sXRr51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLM +SOxe5Du3F93kC4TwFckG+JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5p +zeGMD+0oyujL0HtH8nKkv9OtvYP1AgMBAAGjUzBRMB0GA1UdDgQWBBTrvPpWYBX6 +spVt2gpkpDW6yzrBZzAfBgNVHSMEGDAWgBTrvPpWYBX6spVt2gpkpDW6yzrBZzAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqfOJiorxiszfKKeD2 +eVda5pBU+qDnUOewRKizAktPm7V+cjM7bTEkmEHQ/oKlsT0FX5nsa8YfZCYgdotd +cDWC9KqYy9itXPESoJIZ/gMJ57v1BaVDly8tHedXEltob9ywrUyf7OF55eP0fWwb +AK90PfnRsxaurVYU5nfI9U/2jpi/LdsEYlJ7zUj7KM/Z2MwPA+be4EqjNcYLT/NB +bavhjLgZNoTkI7wYOJug+ouPn6xJJcj06RS1Q4FxtfrsnAuT+L33HemUludEUE00 +TJwYWJN9hOgbyzTf5EsHxxME1gIhcYLYPMeBr9VIyJxdAEuuDJbn87oOB094sCA+ +nvpp +-----END CERTIFICATE----- \ No newline at end of file diff --git a/deployment/proxy/nginx-selfsigned.key b/deployment/proxy/nginx-selfsigned.key new file mode 100644 index 000000000..e86e8f4f8 --- /dev/null +++ b/deployment/proxy/nginx-selfsigned.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYsoKFVSg67/Nc +kladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRHAGZAjIO2sGf6vTFO7SN6 +LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZFe5jsGd7owCoEEFAirJpz +53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoSkOhlDXwgGtTmBAS82sXR +r51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLMSOxe5Du3F93kC4TwFckG ++JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5pzeGMD+0oyujL0HtH8nKk +v9OtvYP1AgMBAAECggEAajxoCpPAtaCT1GgL0sBWwdNzETzJrZWd9I3gqRL0KKsn +58bP6fvS5/voEG36thYM3WHGNfDDCYJ7GFolYKPrXpS2Gp3r6T7gkdzIaGzvBVEz +GkNm8jjX0TUDyLvBHSKyr4RitwkSd81WeCUqEDIOUCI9rZTxJsMN3IOetpNEcJt1 +xR2kVuTkQiIs5evQCQ2arqTf/VQFb7FuVTtmrOggsTn33FnrUDujTAAsbEoglgvw +w1A2AYtMdGcrFIsUMJFdECkQGPVeqzKHddi1k1hv3DmOx5Rf4xJCdTL9ZYzbU1lw +ydSAM88UA7MTZWNYCGb4HjqEeDRnMUN/Qbi4f80PgQKBgQDKWLxsCBBgFRoH6nlh +TmBwYOmdQkBE09txpcpAFVZVv3eq/syZnT5+pcyj7EUexhu/p78UHPPkXDfnIKKe +C+7VOEmSM9cPMZU6cqB1x4+YZkyiU1rPD2SG46ZxBBTKsPWauJNvtuhW3K6kwMCT +ECiwG1f9EAmf9q7YKqdXGgUL3QKBgQDBL5WDIRtqHBdIPgHMue/teM+fP8I0/GKV +D3oJjBLE+I7JNp0lpeVhDvqfAL0AgZ5023hjlPobUNtpWyuLufzY6S2Pv1scyM3A +xW/LVXtC7QzdPmhrPxZkHEmRFA1zXdYo0xH4O+KDXVmYuzpIPfgrQkzt1EvP5jxv +tbjY935C+QKBgHZhr+rsVNhBwDb9YQIi3p0gtcyBZCRgZjR5MHiJgzcri5GI/J6q +tlNWIQGOS2oTsUxRkaLsxWvG4BXirAEXLiWkhrZ4icuj0JCfW21M0Z/xycf2SFx3 +vvKD4W6hWqCzIx3f+rITKp8XAT32XzQq8gMGHFY7ucXShryFR93XpTgpAoGALaAF +WaDaDqdvwDoUxrsrNRSRRHUUctsglT/AfLy+OhLR9ieV2axijhexjRfpi1MRj1u+ +BRbMMuNXznwfvrJASyJXBloVNKkgHuUCUC1yHQ5LOX1hv+J4cVBU95Sa0KJaz+15 +kvzhtFC5tl6Rlzo7gEv6SzkWZpVjtKZgb62T/lECgYBr6PyDcGVGc8rbjxugnUnm +rShh7nMRUiTMLpWrucf7Mfr4cwFgejCoEMXPgxJF5Q1acppL0dKQzfmLVqazNX58 +0XM0+fNDIeGyYKAbqtnqfmyI7O/Lb1jXPFuCNujzDxfeJX0yxoo38US4ZCD2iUrW +ZK/FFkm5ncXTenBhpHOANQ== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/deployment/proxy/nginx.conf b/deployment/proxy/nginx.conf new file mode 100644 index 000000000..6c6478175 --- /dev/null +++ b/deployment/proxy/nginx.conf @@ -0,0 +1,32 @@ +worker_processes auto; +error_log /tmp/logs/error.log warn; +pid /tmp/nginx.pid; +events { + worker_connections 1024; +} +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + server_tokens off; + + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + client_header_buffer_size 4k; + large_client_header_buffers 4 32k; + client_max_body_size 1150m; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_real_ip" [$proxy_add_x_forwarded_for]'; + + access_log /tmp/logs/access.log main; + sendfile on; + #tcp_nopush on; + keepalive_timeout 65; + #gzip on; + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/deployment/proxy/proxy.env b/deployment/proxy/proxy.env new file mode 100644 index 000000000..27344e6a3 --- /dev/null +++ b/deployment/proxy/proxy.env @@ -0,0 +1,4 @@ +APP_HOST=localhost +APP_PORT=:51040 +MS_HOST=localhost +MS_PORT=:51041 \ No newline at end of file diff --git a/deployment/rabbitmq/rabbitmq.env b/deployment/rabbitmq/rabbitmq.env new file mode 100644 index 000000000..dd5d91e94 --- /dev/null +++ b/deployment/rabbitmq/rabbitmq.env @@ -0,0 +1,3 @@ +RABBITMQ_DEFAULT_USER=guest +RABBITMQ_DEFAULT_PASS=guest +RABBITMQ_DEFAULT_VHOST=/rabbitmq/ \ No newline at end of file diff --git a/docker-compose.override.yml b/docker-compose.override.yml deleted file mode 100644 index f8bfbc584..000000000 --- a/docker-compose.override.yml +++ /dev/null @@ -1,90 +0,0 @@ -version: "3.8" - -services: - elasticsearch: - user: 1002:1002 #develuser - restart: unless-stopped - mem_limit: 2048m - environment: - - cluster.name=open-dmp-cluster - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xmx1024m -Xms1024m" - - xpack.license.self_generated.type=basic - - xpack.monitoring.collection.enabled=true - - xpack.security.enabled=true - ulimits: - nproc: 65535 - memlock: - soft: -1 - hard: -1 - volumes: - - ./ELK.Docker/shared/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - - ./ELK.Docker/shared/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro - - ./ELK.Docker/shared/data-elk/elasticsearch-01-data:/usr/share/elasticsearch/data - - ./ELK.Docker/shared/data-elk/elasticsearch-01-log:/usr/share/elasticsearch/logs - #ports: - # - 51056:9200 - # - 51057:9300 - ports: - - "9201:9200" - expose: - - "9200" - hostname: opendmp-elastic - networks: - open-dmp-elk-network: - aliases: - - opendmp-elastic - - logstash: - # user: 1002:1002 #develuser - volumes: - - ./ELK.Docker/shared/config-elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro - - ./ELK.Docker/shared/config-elk/logstash/config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro - - ./ELK.Docker/shared/config-elk/logstash/config/log4j2.properties:/usr/share/logstash/config/log4j2.properties:ro - - ./ELK.Docker/shared/config-elk/logstash/pipeline:/usr/share/logstash/pipeline:ro - - ./ELK.Docker/shared/config-elk/logstash/logstash/templates:/usr/share/logstash/templates - - ./ELK.Docker/shared/data-elk/logstash-log:/usr/share/logstash/logs - - ./ELK.Docker/shared/data-elk/logstash-queue:/usr/share/logstash/queue - - ./ELK.Docker/shared/data-elk/logstash-dead_letter_queue:/usr/share/logstash/dead_letter_queue - expose: - - "31311" - - "31312" - restart: on-failure - mem_limit: 2048m - environment: - - LS_JAVA_OPTS=-Xmx1024m -Xms1024m - - xpack.license.self_generated.type=basic - - xpack.security.enabled=true - networks: - open-dmp-elk-network: - - kibana: - # user: 1002:1002 #develuser - mem_limit: 512m - environment: - - xpack.license.self_generated.type=basic - - xpack.security.enabled=true - - volumes: - - ./ELK.Docker/shared/config-elk/kibana/config:/usr/share/kibana/config:ro - #- ./ELK.Docker/shared/config-elk/kibana/certificates:/usr/share/kibana/certificates - restart: unless-stopped - ports: - - "51058:5601" - networks: - - open-dmp-elk-network - - filebeat: - restart: unless-stopped - mem_limit: 256m - #command: [ "-e=false" ] # to overwrite the -e that disables logging to file! - volumes: - - ./ELK.Docker/shared/config-elk/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro - - ./openDMP/logs:/usr/share/filebeat/log_data/dmp/ - - ./ELK.Docker/shared/data-elk/filebeat-log:/usr/share/filebeat/logs - - ./ELK.Docker/shared/data-elk/filebeat-data:/usr/share/filebeat/data #For windows if we mount the data directory we get "Writing of registry returned error: sync /usr/share/filebeat/data/registry/filebeat: invalid argument." - networks: - - open-dmp-elk-network - -networks: - open-dmp-elk-network: diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index fea9b49bf..000000000 --- a/docker-compose.yml +++ /dev/null @@ -1,122 +0,0 @@ -version: "3.8" - -services: - dmp-db: - image: postgres - container_name: opendmp-db - restart: unless-stopped - ports: - - "5001:5432" - expose: - - "5432" - volumes: - - dmpdata:/var/lib/postgresql/data - - ./dmp-db-scema:/docker-entrypoint-initdb.d/ - - ./dmp-db-scema/main:/main - - ./dmp-db-scema/updates:/updates - env_file: ./dmp-db-scema/Docker/dmp-db.env - networks: - - opendmp-backend-network - - dmp-pdf-converter: - image: gotenberg/gotenberg:7.4.0 - container_name: opendmp-pdf-converter - restart: unless-stopped - ports: - - "3001:3000" - expose: - - "3000" - hostname: opendmp-pdf - networks: - opendmp-pdf-network: - aliases: - - opendmp-pdf - - dmp-backend: - build: - context: ./dmp-backend - container_name: opendmp-backend - env_file: ./dmp-backend/Docker/dmp-backend.env - restart: unless-stopped - mem_limit: 2048m - ports: - - "8081:8081" - expose: - - "8080" - networks: - - opendmp-backend-network - - opendmp-pdf-network - - open-dmp-elk-network - volumes: - - ./dmp-backend/web/main/resources/config:/app/config - - ./user-guide:/app/user-guide - - ./dmp-frontend/src/assets/i18n:/app/i18n - - ./dmp-backend/web/main/resources/externalUrls:/app/externalUrls - - ./dmp-backend/web/main/resources/templates:/app/templates - - ./openDMP/dmp-backend/opendmp-logs:/app/logs - - ./openDMP/dmp-backend/tmp:/app/tmp - - ./dmp-backend/web/main/resources/logging:/app/logging - - ./dmp-backend/web/main/resources/documents:/app/documents - - dmp-frontend: - build: - context: ./dmp-frontend - container_name: opendmp-frontend - mem_limit: 2048m - restart: unless-stopped - ports: - - "8080:4200" - volumes: - - ./openDMP/dmp-frontend/static-files:/usr/share/nginx/static - - ./dmp-frontend/src/assets/config:/usr/share/nginx/html/assets/config - networks: - - opendmp-frontend-network - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} - container_name: elasticsearch - build: - context: ./ELK.Docker/elasticsearch/ - args: - ELK_VERSION: $ELK_VERSION - healthcheck: - # test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi - interval: 30s - timeout: 10s - retries: 5 - - logstash: - image: docker.elastic.co/logstash/logstash:${STACK_VERSION} - container_name: logstash - build: - context: ./ELK.Docker/logstash/ - args: - ELK_VERSION: $ELK_VERSION - depends_on: - - elasticsearch - - kibana: - image: docker.elastic.co/kibana/kibana:${STACK_VERSION} - build: - context: ./ELK.Docker/kibana/ - args: - ELK_VERSION: $ELK_VERSION - depends_on: - - elasticsearch - filebeat: - image: docker.elastic.co/filebeat/filebeat:${STACK_VERSION} - build: - context: ./ELK.Docker/filebeat/ - args: - ELK_VERSION: $ELK_VERSION - depends_on: - - logstash - -networks: - opendmp-frontend-network: - opendmp-backend-network: - opendmp-pdf-network: - open-dmp-elk-network: -volumes: - dmpdata: - external: true