Dotnet 5

.github/workflows/product-service.yaml

@@ -22,7 +22,7 @@ jobs:
     - uses: jacobsee/s2i-github-action@master
       with:
         path: product-service
-        base: registry.access.redhat.com/ubi8/dotnet-31:3.1
+        base: registry.access.redhat.com/ubi8/dotnet-60
         output_image: quay.io/cloudfirst/dotnet-product-service:latest
         image_push_registry: quay.io
         image_push_username: ${{ secrets.DOCKER_USERNAME }}

.github/workflows/rating-service.yaml

@@ -22,7 +22,7 @@ jobs:
     - uses: jacobsee/s2i-github-action@master
       with:
         path: rating-service
-        base: registry.access.redhat.com/ubi8/dotnet-31:3.1
+        base: registry.access.redhat.com/ubi8/dotnet-60
         output_image: quay.io/cloudfirst/dotnet-rating-service:latest
         image_push_registry: quay.io
         image_push_username: ${{ secrets.DOCKER_USERNAME }}

.github/workflows/react-ui.yaml

@@ -0,0 +1,34 @@
+name: react-ui
+
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - react-ui/**
+      - .github/workflows/react-ui.yml
+  pull_request:
+    branches: [ master ]
+    paths:
+      - react-ui/**
+      - .github/workflows/react-ui.yml
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v2
+      with:
+        node-version: '17'
+    - name: build
+      run: cd react-ui && npm install && npm run build
+    - uses: jacobsee/s2i-github-action@master
+      with:
+        path: './react-ui/build'
+        base: registry.access.redhat.com/ubi8/nginx-120
+        output_image: quay.io/cloudfirst/dotnet-react-ui:latest
+        image_push_registry: quay.io
+        image_push_username: ${{ secrets.DOCKER_USERNAME }}
+        image_push_password: ${{ secrets.DOCKER_PASSWORD }}

.github/workflows/ui-policy.yaml

@@ -0,0 +1,29 @@
+name: ui-policy
+
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - ui-policy/**
+      - .github/workflows/ui-policy.yml
+  pull_request:
+    branches: [ master ]
+    paths:
+      - ui-policy/**
+      - .github/workflows/ui-policy.yml
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: jacobsee/s2i-github-action@master
+      with:
+        path: ui-policy
+        base: registry.access.redhat.com/ubi8/dotnet-60
+        output_image: quay.io/cloudfirst/dotnet-ui-policy:latest
+        image_push_registry: quay.io
+        image_push_username: ${{ secrets.DOCKER_USERNAME }}
+        image_push_password: ${{ secrets.DOCKER_PASSWORD }}

.gitignore

@@ -19,7 +19,7 @@ obj/
 .LSOverride
 
 # Icon must end with two \r
-Icon
+Icon
 
 # Thumbnails
 ._*
@@ -56,3 +56,5 @@ Temporary Items
 
 # Custom rules (everything added below won't be overriden by 'Generate .gitignore File' if you use 'Update' option)
 
+opa-conf.yaml
+**/publish

aws-tf/.gitignore

@@ -0,0 +1,3 @@
+.terraform*
+*.tfstate
+*.tfstate.backup

aws-tf/windows-vm/main.tf

@@ -0,0 +1,108 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "aws" {
+    region = "us-east-2"
+}
+
+resource "aws_vpc" "dotnet_opa" {
+    cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "dotnet_vm_subnet" {
+    vpc_id = aws_vpc.dotnet_opa.id
+    cidr_block = "10.0.1.0/24"
+    map_public_ip_on_launch = true
+}
+
+resource "aws_route_table" "dotnet_vm_public" {
+    vpc_id = aws_vpc.dotnet_opa.id
+
+    route {
+        cidr_block = "0.0.0.0/0"
+        gateway_id = aws_internet_gateway.dotnet_vm_gateway.id
+    }
+}
+
+resource "aws_route_table_association" "dotnet_vm_public" {
+    subnet_id = aws_subnet.dotnet_vm_subnet.id
+    route_table_id = aws_route_table.dotnet_vm_public.id
+}
+
+resource "aws_internet_gateway" "dotnet_vm_gateway" {
+    vpc_id = aws_vpc.dotnet_opa.id
+}
+
+resource "aws_network_interface" "dotnet_vm" {
+    subnet_id = aws_subnet.dotnet_vm_subnet.id
+    security_groups = [
+        aws_security_group.dotnet_vm.id
+    ]
+}
+
+resource "aws_security_group" "dotnet_vm" {
+    name = "dotnet_vm"
+    vpc_id = aws_vpc.dotnet_opa.id
+
+    ingress {
+        from_port = 3389
+        to_port = 3389
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+    ingress {
+        from_port = 3389
+        to_port = 3389
+        protocol = "udp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+    ingress {
+        from_port = 443
+        to_port = 443
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+    ingress {
+        from_port = 5003
+        to_port = 5003
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+    ingress {
+        from_port = 5005
+        to_port = 5005
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+    ingress {
+        from_port = 3000
+        to_port = 3000
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+    egress {
+        cidr_blocks = ["0.0.0.0/0"]
+        from_port = 0
+        to_port = 0
+        protocol = -1
+    }
+}
+
+resource "aws_instance" "dotnet_vm" {
+    // empty windows vm
+    ami = "ami-0f540030bb04d884a"
+    // prebuilt ami with all sample binaries and opa ready to run
+    # ami = "ami-04800528e193e3f6f"
+    instance_type = "t2.small"
+    network_interface {
+       network_interface_id = aws_network_interface.dotnet_vm.id
+       device_index = 0
+    }
+    key_name = "styra-aws-sa"
+}

aws-tf/windows-vm/setup.bat

@@ -0,0 +1,15 @@
+cd c:\Users\Administrator
+mkdir apps
+cd apps
+curl -L -O https://download.visualstudio.microsoft.com/download/pr/44069ee2-ce02-41d7-bcc5-2168a1653278/cfc5131c81ae00a5f77f05f9963ec98d/dotnet-sdk-5.0.404-win-x64.exe
+dotnet-sdk-5.0.404-win-x64.exe
+curl -L -O https://github.com/cloudfirst-dev/dotnet-products/archive/refs/heads/master.zip
+powershell -command "Expand-Archive C:\Users\Administrator\apps\master.zip C:\Users\Administrator\apps"
+ren dotnet-products-master dotnet-products
+netsh advfirewall firewall add rule name= "Open Port 5003" dir=in action=allow protocol=TCP localport=5003
+netsh advfirewall firewall add rule name= "Open Port 3000" dir=in action=allow protocol=TCP localport=3000
+curl -L -O https://github.com/open-policy-agent/opa/releases/download/v0.36.1/opa_windows_amd64.exe
+ren opa_windows_amd64.exe opa.exe
+dotnet dev-certs https --trust
+curl -L -O https://nodejs.org/dist/v16.13.2/node-v16.13.2-x64.msi
+node-v16.13.2-x64.msi

opa-docker/Dockerfile

@@ -0,0 +1,5 @@
+FROM openpolicyagent/opa
+
+COPY opa-conf.yaml .
+
+CMD ["run", "--server", "--config-file", "opa-conf.yaml"]

product-service/Controllers/ProductController.cs

@@ -14,6 +14,8 @@ namespace product_service.Controllers
     [ApiController]
     public class ProductController : ControllerBase
     {
+        private static List<Product> products = new List<Product>();
+        private static Boolean init = false;
         private readonly IConfiguration Configuration;
 
 
@@ -24,6 +26,35 @@ public ProductController(ILogger<ProductController> logger, IConfiguration confi
         {
             _logger = logger;
             Configuration = configuration;
+
+            if(!init) {
+                products.Add(new Product {
+                    Name = "Soccer Ball",
+                    Id = products.Count
+                });
+                init = true;
+            }
+        }
+
+        [HttpGet]
+        [Route("/product")]
+        public List<Product> Get() {
+            return products;
+        }
+
+        [HttpPost]
+        [Route("/product")]
+        public void Post([FromBody] Product product) {
+            Console.WriteLine("Creating new product " + products.Count);
+            product.Id = products.Count;
+            products.Add(product);
+            Console.WriteLine("Added new product " + products.Count);
+        }
+
+        [HttpDelete]
+        [Route("/product/{id}")]
+        public void Delete(int id) {
+            products.RemoveAt(id);
         }
 
         [HttpGet]
@@ -38,9 +69,10 @@ public async Task<Product> Get(int id)
 
             var rating = await JsonSerializer.DeserializeAsync<Rating>(await streamTask);
 
-            return new Product {
-                Votes = rating.Votes
-            };
+            var product = products[id];
+            product.Votes = rating.Votes;
+
+            return product;
         }
     }
 }

product-service/Product.cs

@@ -4,6 +4,8 @@ namespace product_service
 {
     public class Product
     {
+        public int Id { get; set; }
+        public String Name { get; set; }
         public int Votes { get; set; }
     }
 }

product-service/Properties/launchSettings.json

@@ -21,7 +21,7 @@
       "commandName": "Project",
       "launchBrowser": true,
       "launchUrl": "weatherforecast",
-      "applicationUrl": "https://localhost:5003;http://localhost:5002",
+      "applicationUrl": "https://0.0.0.0:5003;http://0.0.0.0:5002",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }

product-service/Startup.cs

@@ -1,3 +1,5 @@
+using Build.Security.AspNetCore.Middleware.Extensions;
+using Build.Security.AspNetCore.Middleware.Request;
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -25,7 +27,18 @@ public Startup(IConfiguration configuration)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
+            var opaAddress = Environment.GetEnvironmentVariable("OPA_ADDRESS");
+
             services.AddControllers();
+            services.AddBuildAuthorization(options =>
+            {
+                options.Enable = true;
+                options.BaseAddress = opaAddress ?? "http://localhost:8181";
+                options.PolicyPath = "/authz/allow";
+                options.AllowOnFailure = false;
+                options.IncludeHeaders = true;
+                options.PermissionHierarchySeparator = '.';
+            });
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -42,6 +55,8 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
             app.UseAuthorization();
 
+            app.UseBuildAuthorization();
+
             app.UseEndpoints(endpoints =>
             {
                 endpoints.MapControllers();

product-service/appsettings.Development.json

@@ -6,5 +6,5 @@
       "Microsoft.Hosting.Lifetime": "Information"
     }
   },
-  "RatingUrl": "https://localhost:5001/rating/1"
+  "RatingUrl": "https://localhost:5001"
 }

product-service/product-service.csproj

@@ -1,13 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <RootNamespace>product_service</RootNamespace>
   </PropertyGroup>
 
-  <ItemGroup>
-    <PackageReference Include="System.Net.Http" Version="4.3.4" />
-    <PackageReference Include="System.Text.Json" Version="4.7.2" />
+  <ItemGroup>
+    <PackageReference Include="OPA-AspDotNetCore-Middleware" Version="0.1.8" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
   </ItemGroup>
 
 

rating-service/rating-service.csproj

@@ -1,9 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <RootNamespace>rating_service</RootNamespace>
   </PropertyGroup>
 
+  <ItemGroup>
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
+  </ItemGroup>
+
 
 </Project>