From f9c3bcccedc4fb04cc5c5acc675c14d40e7a12da Mon Sep 17 00:00:00 2001
From: Jianguo Ma <jiangma@microsoft.com>
Date: Tue, 22 Sep 2020 17:00:47 +0800
Subject: [PATCH] yaml files to create resources required by sample of aad ldap
 integration

---
 3-integration/aad-ldap/aad-ldap-secret.yaml   | 15 ++++
 .../openlibertyapplication-hosts.yaml         | 81 +++++++++++++++++++
 .../aad-ldap/openlibertyapplication.yaml      | 68 ++++++++++++++++
 .../src/main/liberty/config/server.xml        |  6 +-
 3-integration/aad-ldap/tls-crt-secret.yaml    | 11 +++
 5 files changed, 178 insertions(+), 3 deletions(-)
 create mode 100644 3-integration/aad-ldap/aad-ldap-secret.yaml
 create mode 100644 3-integration/aad-ldap/openlibertyapplication-hosts.yaml
 create mode 100644 3-integration/aad-ldap/openlibertyapplication.yaml
 create mode 100644 3-integration/aad-ldap/tls-crt-secret.yaml

diff --git a/3-integration/aad-ldap/aad-ldap-secret.yaml b/3-integration/aad-ldap/aad-ldap-secret.yaml
new file mode 100644
index 0000000..044ca91
--- /dev/null
+++ b/3-integration/aad-ldap/aad-ldap-secret.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aad-ldap-secret
+  namespace: open-liberty-demo
+type: Opaque
+stringData:
+  ldap.server.host: ${LDAP_SERVER_HOST}
+  ldap.server.port: "${LDAP_SERVER_PORT}"
+  ldap.server.baseDN: "${LDAP_SERVER_BASEDN}"
+  ldap.server.bindDN: "${LDAP_SERVER_BINDDN}"
+  ldap.server.bindPassword: ${LDAP_SERVER_BINDPASSWORD}
+  keystore.name: ${KEYSTORE_NAME}
+  keystore.pass: ${KEYSTORE_PASS}
+  admin.group.name: ${ADMIN_GROUP_NAME}
diff --git a/3-integration/aad-ldap/openlibertyapplication-hosts.yaml b/3-integration/aad-ldap/openlibertyapplication-hosts.yaml
new file mode 100644
index 0000000..180c42a
--- /dev/null
+++ b/3-integration/aad-ldap/openlibertyapplication-hosts.yaml
@@ -0,0 +1,81 @@
+apiVersion: openliberty.io/v1beta1
+kind: OpenLibertyApplication
+metadata:
+  name: javaee-cafe-aad-ldap
+  namespace: open-liberty-demo
+spec:
+  replicas: 1
+  applicationImage: javaee-cafe-aad-ldap:1.0.0
+  expose: true
+  service:
+    port: 9443
+    certificateSecretRef: tls-crt-secret
+  route:
+    termination: reencrypt
+    certificateSecretRef: tls-crt-secret
+  env:
+  - name: KEY_ALIAS
+    value: 'defaultkeystore'
+  - name: LDAP_SERVER_HOST
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.host
+  - name: LDAP_SERVER_PORT
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.port
+  - name: LDAP_SERVER_BASEDN
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.baseDN
+  - name: LDAP_SERVER_BINDDN
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.bindDN
+  - name: LDAP_SERVER_BINDPASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.bindPassword
+  - name: KEYSTORE_NAME
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: keystore.name
+  - name: KEYSTORE_PASS
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: keystore.pass
+  - name: ADMIN_GROUP_NAME
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: admin.group.name
+  initContainers:
+  - name: add-hostname
+    image: busybox
+    command: ['sh', '-c', 'cp /etc/hosts /hostsconfig && echo "${LDAP_SERVER_IP_ADDRESS} ${LDAP_SERVER_HOST}" >> /hostsconfig/hosts']
+    volumeMounts:
+    - name: hostsconfig
+      mountPath: /hostsconfig
+  volumeMounts:
+  - name: config
+    mountPath: /config/${KEYSTORE_NAME}
+    readOnly: true
+    subPath: ${KEYSTORE_NAME}
+  - name: hostsconfig
+    mountPath: /etc/hosts
+    readOnly: true
+    subPath: hosts
+  volumes:
+  - name: config
+    configMap:
+      defaultMode: 0600
+      name: keystore-config
+  - name: hostsconfig
+    emptyDir: {}
diff --git a/3-integration/aad-ldap/openlibertyapplication.yaml b/3-integration/aad-ldap/openlibertyapplication.yaml
new file mode 100644
index 0000000..42ca680
--- /dev/null
+++ b/3-integration/aad-ldap/openlibertyapplication.yaml
@@ -0,0 +1,68 @@
+apiVersion: openliberty.io/v1beta1
+kind: OpenLibertyApplication
+metadata:
+  name: javaee-cafe-aad-ldap
+  namespace: open-liberty-demo
+spec:
+  replicas: 1
+  applicationImage: javaee-cafe-aad-ldap:1.0.0
+  expose: true
+  service:
+    port: 9443
+    certificateSecretRef: tls-crt-secret
+  route:
+    termination: reencrypt
+    certificateSecretRef: tls-crt-secret
+  env:
+  - name: KEY_ALIAS
+    value: 'defaultkeystore'
+  - name: LDAP_SERVER_HOST
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.host
+  - name: LDAP_SERVER_PORT
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.port
+  - name: LDAP_SERVER_BASEDN
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.baseDN
+  - name: LDAP_SERVER_BINDDN
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.bindDN
+  - name: LDAP_SERVER_BINDPASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.bindPassword
+  - name: KEYSTORE_NAME
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: keystore.name
+  - name: KEYSTORE_PASS
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: keystore.pass
+  - name: ADMIN_GROUP_NAME
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: admin.group.name
+  volumeMounts:
+  - name: config
+    mountPath: /config/${KEYSTORE_NAME}
+    readOnly: true
+    subPath: ${KEYSTORE_NAME}
+  volumes:
+  - name: config
+    configMap:
+      defaultMode: 0600
+      name: keystore-config
diff --git a/3-integration/aad-ldap/src/main/liberty/config/server.xml b/3-integration/aad-ldap/src/main/liberty/config/server.xml
index 3b1ce46..b4bd97b 100644
--- a/3-integration/aad-ldap/src/main/liberty/config/server.xml
+++ b/3-integration/aad-ldap/src/main/liberty/config/server.xml
@@ -70,9 +70,9 @@
     </ldapRegistry>
 
     <!-- JWT builder -->
-    <jwtBuilder id="jwtAuthUserBuilder" 
-        keyStoreRef="defaultKeyStore" keyAlias="default" 
-        issuer="https://example.com" expiresInSeconds="600" />
+    <jwtBuilder id="jwtAuthUserBuilder" keyStoreRef="defaultKeyStore" 
+        keyAlias="${key.alias}" issuer="https://example.com" expiresInSeconds="600" />
+    <variable name="key.alias" defaultValue="default"/>
 
     <!-- JWT consumer -->
     <mpJwt id="jwtUserConsumer" 
diff --git a/3-integration/aad-ldap/tls-crt-secret.yaml b/3-integration/aad-ldap/tls-crt-secret.yaml
new file mode 100644
index 0000000..bbe9bb0
--- /dev/null
+++ b/3-integration/aad-ldap/tls-crt-secret.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tls-crt-secret
+  namespace: open-liberty-demo
+type: kubernetes.io/tls
+data:
+  ca.crt: ${CA_CRT}
+  destCA.crt: ${DEST_CA_CRT}
+  tls.crt: ${TLS_CRT}
+  tls.key: ${TLS_KEY}