Support for AWS Cognito auth (#75)

* vboard-ws:
- support for AWS Cognito auth
- elasticsearch:6.4.3 compatibility
- build now done in Dockerfile pre-step

vboard-front:
- fixing config parsing
- allowing an $HTTP_PROXY to be injected in httpd.conf
- build now done in Dockerfile pre-step

vboard-batchs:
- now using logstash

Author: Lucas-C

.dockerignore

@@ -1,3 +1,2 @@
 /vboard-front/node_modules/
-/vboard-front/src/
 /vboard-ws/target/

.mvn/wrapper/maven-wrapper.jar

@@ -1,5 +1,6 @@
+repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    sha: v0.9.2
+    rev: v2.4.0
     hooks:
     -   id: check-merge-conflict
     -   id: trailing-whitespace
@@ -8,7 +9,7 @@
     -   id: check-json
     -   id: check-yaml
 -   repo: https://github.com/Lucas-C/pre-commit-hooks
-    sha: v1.1.4
+    rev: v1.1.7
     hooks:
     -   id: remove-crlf
     -   id: remove-tabs
@@ -27,13 +28,15 @@
         - LICENSE-short.txt
         - --comment-style
         - <!--|  ~|  -->
--   repo: https://github.com/Lucas-C/pre-commit-hooks-nodejs
-    sha: v1.0.1
-    hooks:
-    -   id: markdown-toc
-        files: ^README\.md$
-    -   id: markdown-toc
-        files: ^CONTRIBUTING\.md$
+# The following hook installation always end up failing due to connection issues,
+# so I (Lucas) am disabling it for now.
+# -   repo: https://github.com/Lucas-C/pre-commit-hooks-nodejs
+    # rev: v1.1.0
+    # hooks:
+    # -   id: markdown-toc
+        # files: ^README\.md$
+    # -   id: markdown-toc
+        # files: ^CONTRIBUTING\.md$
 # vboard-front
 -   repo: local
     hooks:

.mvn/wrapper/maven-wrapper.properties

@@ -1,4 +1,5 @@
 language: java
+jdk: openjdk8
 
 front:
   - build
@@ -7,21 +8,37 @@ front:
 jobs:
   include:
     - stage: build
+      env: Docker frontend image build
+      services:
+        - docker
       script:
-        - mvn clean install -Dmaven.test.skip=true
-        - vboard-front/install-build.sh
+        - cd vboard-front
+        # The front image includes a call to "grunt validate":
+        - docker build .
+    - stage: build
+      env: Docker backend image build
+      services:
+        - docker
+      script:
+        - cd vboard-ws
+        - docker build .
     - stage: test
+      env: Pre-commit checks
       script:
-        - mvn test
         # Installing pre-commit globally fails with:
         # Installing collected packages: aspy.yaml, cached-property, identify, nodeenv, pre-commit
         #   File "/usr/lib/python2.7/shutil.py", line 83, in copyfile
         #     with open(dst, 'wb') as fdst:
         # IOError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/dist-packages/aspy.yaml-1.0.0-nspkg.pth'
         - pip install --user pre-commit && pre-commit run --all-files
+    - stage: test
+      env: Backend unit tests
+      script:
+        - cd vboard-ws
+        - mvn --version
+        - mvn test
 
 cache:
   pip: true
   directories:
-  - node_modules # npm packages
   - $HOME/.m2    # Maven packages

.pre-commit-config.yaml

@@ -22,6 +22,7 @@ The public, open-source version of this project was publish in January 2018. It'
 - [Usage](#usage)
 - [Contributing](#contributing)
 - [Architecture](#architecture)
+  * [Authentication](#authentication)
   * [Docker services](#docker-services)
   * [Release on Docker hub](#release-on-docker-hub)
 
@@ -45,14 +46,12 @@ with comments and a search bar
 The following command starts V.Board locally from the published images:
 
     export TAG=latest
-    docker-compose -f docker-compose.yml pull
-    docker-compose -f docker-compose.yml up -d --no-build
+    docker-compose pull
+    docker-compose up -d --no-build
 
 You can also rebuild the images locally:
 
-    mvn clean install
-    vboard-front/install-build.sh # requires npm
-    docker-compose -f docker-compose.yml build
+    docker-compose build
     docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d --no-build
 
 You can then access the website through http://localhost
@@ -72,6 +71,15 @@ V.Board is made of the folling modules, launched as `docker-compose` services:
 - `front`: [AngularJS](https://angularjs.org) 1.5 web app served by Apache (front)
 - `batchs`: Java batch job to update the ElasticSearch index
 
+## Authentication
+There are 3 supported mode of authentication, that are activated in this order:
+
+- through a [Keycloak instance](https://www.keycloak.org), if the environment variables `$KCK_PUBLIC_HOST` & `$KCK_REALM_KEY` are defined,
+_cf_. [KeycloakEnabledInEnv.java](https://github.com/voyages-sncf-technologies/vboard/blob/master/vboard-ws/src/main/java/com/vsct/vboard/config/KeycloakEnabledInEnv.java)
+- through [AWS Cognito](https://aws.amazon.com/fr/cognito/), with a `X-AMZN-OIDC-DATA` HTTP header containing a JWT token,
+if the environment variable `$AWS_COGNITO_ENABLED` is defined
+- anonymous mode
+
 ## Docker services
 Some extra `docker-compose` services are used:
 

.travis.yml

@@ -1,32 +1,18 @@
 version: '2'
 services:
   ws:
-    ports:
-      - 8080:8080
     environment:
-      - PROXY_HOST=
       - JAVA_OPTS=-Derror.whitelabel.enabled=true -Dendpoints.enabled=true -Dendpoints.sensitive=false
     #  - JAVA_OPTS=-Dspring.profiles.active=dev
     volumes:
       - ./statics:/usr/local/tomcat/data
 
   front:
-    ports:
-      - 80:80
     environment:
-      - VBOARD_API_ENDPOINT=/vboard
-      #- VBOARD_API_ENDPOINT=http://localhost:8080
+      - VBOARD_API_ENDPOINT=http://localhost:8080
     volumes:
       - ./statics:/var/vboard/statics
       # Mouting the following directory "overrides" the one in the built container.
       # We do this to benefit from "grunt watch" regenerating the statics
       #!! Does not work atm because grunt delete/recreate this directory
       - ./vboard-front/grunt-target:/var/www/vboard
-
-  wsdb:
-    ports:
-      - 3306:3306
-
-  elasticsearch:
-    ports:
-      - 9200:9200

README.md

@@ -9,12 +9,15 @@ services:
       - SERVICE_8080_VERSION=${TAG}
     environment:
       - VBOARD_DB_HOST=wsdb
-      - VBOARD_ELASTICSEARCH_HOST=elasticsearch
+      - VBOARD_ELASTICSEARCH=http://elasticsearch:9200
       - VBOARD_HOSTNAME=localhost
       - VBOARD_IMAGES_DIRECTORY=/usr/local/tomcat/data/
-      - affinity:container==~*${PROJECT_NAME}_front*
+      - VBOARD_WORDPRESS_IMAGES_DIRECTORY=/usr/local/tomcat/data/blog/
+      - MYSQL_USER=root
+      - MYSQL_ROOT_PASSWORD=root
+      - MYSQL_DATABASE=vboard_pins
     ports:
-      - 8080
+      - 8080:8080
     networks:
       - back
     volumes:
@@ -31,10 +34,12 @@ services:
       - SERVICE_80_NAME=${PROJECT_NAME}-front
       - SERVICE_80_VERSION=${TAG}
     environment:
+      - VBOARD_API_ENDPOINT=/api/v1
       - VBOARD_HOSTNAME=localhost
-      - VBOARD_WS_HOST=ws:8080
+      - VBOARD_WS_HOST=http://ws:8080
+      - VBOARD_WP_PUBLIC_HOST=
     ports:
-      - 80
+      - 80:80
     networks:
       - back
     volumes:
@@ -45,9 +50,11 @@ services:
     restart: always
     image: vboard/vboard-batchs:${TAG}
     environment:
-     - JAVA_OPTS=-Xms512m -Xmx512m
-     - VBOARD_DB_HOST=wsdb:3306
-     - VBOARD_ELASTICSEARCH_HOST=elasticsearch
+      - VBOARD_DB_HOST=wsdb:3306
+      - VBOARD_ELASTICSEARCH=http://elasticsearch:9200
+      - MYSQL_USER=root
+      - MYSQL_ROOT_PASSWORD=root
+      - MYSQL_DATABASE=vboard_pins
     networks:
      - back
 
@@ -60,24 +67,22 @@ services:
       - MYSQL_ROOT_PASSWORD=root
       - MYSQL_DATABASE=vboard_pins
     ports:
-       - 3306
+      - 3306:3306
     networks:
       - back
     volumes:
       - wsdb-data:/var/lib/mysql
 
   elasticsearch:
     restart: always
-    image: elasticsearch:1.5.2
+    image: elasticsearch:6.4.3
     labels:
       - SERVICE_9200_NAME=${PROJECT_NAME}-elasticsearch
       - SERVICE_9200_VERSION=${TAG}
     ports:
-      - 9200
+      - 9200:9200
     networks:
       - back
-    volumes:
-      - ./vboard-es-conf:/usr/share/elasticsearch/config
 
 networks:
   back: