Add Dev/Test/Prod environments for the Beta TOB Instance for BC

[swcurran]

As we gear up towards the Beta Launch of The BC Public TOB, we need to have a promotion path for those components from Dev through Test and Prod. This instance/promotion path of TOB needs to be different from the current Demo TOB instance we have as both are "production-like" environments that we need to be able to test before promotion. It is not acceptable to Demo from the, for example, Test version of TOB, as the functionality in Demo will be quite different from Public -e.g. there will be Permitify and other experiments added to and promoted in Demo that will not be built into Public. However, both Demo and Public will be sourced from the same repo.

[WadeBarnes]

Current OpenShift project set servicing the TOB Demo environments;

• devex-von-tools
• devex-von-dev
• devex-von-test
• devex-von-prod

The main differences between the 2 deployment streams will be;

• Purpose; one for demos and experimentation, the other for a BETA that is expected to evolve.
• Configuration; will be defined in each deployment environment and control whether the deployment is a demo, or a BETA, and to which other environments it will be connected.
• Data Source; Permitify-X (in the long run) for Demos, BC Registries Agent environments for BETA.

Builds will source their code from the TOB repo and the resulting images will be used for all deployments, which means a shared tools environment could be used.

Therefore we only need new projects for the BETA deployment environments. These can source their images from the existing devex-von-tools environment.

[WadeBarnes]

Proposed project names;

• devex-von-bc-orgbook-dev
• devex-von-bc-orgbook-test
• devex-von-bc-orgbook-prod

[WadeBarnes]

Proposed project name and description for OpenShift;

TheOrgBook-BC

• devex-von-bc-tob- A searchable directory supporting the discovery and verification of BC organizations' public credentials. Built on Hyperledger-Indy, TheOrgBook-BC is the public facing interface of BC’s verifiable organizations network.*

[WadeBarnes]

The new OpenShift environments have been created. Next step is to load the deployment configurations. Granted access to the project team.

[WadeBarnes]

TheOrgBook-BC DEV Environment has been deployed.

Resources;

• Dev Client Application Instance
• Dev Swagger API Instance
• Dev Schema-Spy Instance

As a starting point, a bc-tob profile and a set of Build and Deployment have been created based on the DEMO devex-von-* environment settings. The only difference at this point is the application URLs and Indy Seed values.

No data sources are connected to this environment.

[WadeBarnes]

TheOrgBook-BC TEST Environment has been deployed.

Resources;

• Test Client Application Instance
• Test Swagger API Instance
• Test Schema-Spy Instance

As a starting point, a bc-tob profile and a set of Build and Deployment have been created based on the DEMO devex-von-* environment settings. The only difference at this point is the application URLs and Indy Seed values.

No data sources are connected to this environment.

[WadeBarnes]

Leaving the Production deployment empty until we have the configuration to secure the dev and test environments in place, and wired into working data sources.

Next step is to add some basic authentication on these environments. That will conclude the work for this ticket. Separate tickets will be used for any additional steps.

[WadeBarnes]

Further secured the TOB database with random admin passwords.

[WadeBarnes]

Added basic authentication to schema-spy instances by default.

[WadeBarnes]

Removed external access to Solr. Had a look first at securing the admin interface, but since we don't have a need for it most of the time it did not seem worth the extra effort. It was far easier to just remove the route for now.

[WadeBarnes]

Added basic authentication on the client application (at the nginx level). Usernames and passwords are generated randomly.

The basic authentication credentials are not accepted at the API level yet, so calls into the API fail.

[WadeBarnes]

Added basic authentication to the API and Swagger UI. Wired up the client configuration so it can authenticate with the API.

Separated the deployment pipeline, so deployments/versions TheOrgBook-BC are managed separately from the other projects using the TOB source/images from the TEST environment onward. The DEV environment will always have the latest images deployed, just like all of the other environments.

[WadeBarnes]

The new deployment configurations have been deployed and tested both the TheOrgBook-BC DEV and TEST environments.

[WadeBarnes]

The configurations and settings have been created for the PROD environment, but the project will remain blank until we get the BC Registries Agent data flow connected and working with DEV and TEST, in case there are any additional configurations and settings changes.