Merge pull request #500 from PasanT9/docker-compose-fix

Update docker-compose artifacts to support APIM 4.3.0

docker-compose/apim-is-as-km-with-analytics/conf/apim/repository/conf/deployment.toml

@@ -11,25 +11,20 @@ password = "admin"
 create_admin_account = true
 
 [user_store]
-# type = "database_unique_id"
-type = "read_write_ldap_unique_id"
-connection_url = "ldap://is-as-km:10390"
-connection_name = "uid=admin,ou=system"
-connection_password = "admin"
-base_dn = "dc=wso2,dc=org"
-
-[database.apim_db]
+type = "database_unique_id"
+
+[database.apim_db] 
 type = "mysql"
-url = "jdbc:mysql://mysql:3306/WSO2AM_DB?autoReconnect=true&useSSL=false"
+url = "jdbc:mysql://mysql:3306/WSO2AM_DB?autoReconnect=true&allowPublicKeyRetrieval=true&useSSL=false"
 username = "wso2carbon"
 password = "wso2carbon"
 driver = "com.mysql.cj.jdbc.Driver"
 
 [database.shared_db]
 type = "mysql"
-url = "jdbc:mysql://mysql:3306/WSO2AM_SHARED_DB?autoReconnect=true&useSSL=false"
-username = "wso2carbon"
-password = "wso2carbon"
+url = "jdbc:mysql://mysql:3306/WSO2AM_SHARED_DB?autoReconnect=true&allowPublicKeyRetrieval=true&useSSL=false"
+username = "wso2carbon" 
+password = "wso2carbon" 
 driver = "com.mysql.cj.jdbc.Driver"
 
 [keystore.tls]
@@ -59,8 +54,8 @@ key_password = "wso2carbon"
 [[apim.gateway.environment]]
 name = "Default"
 type = "hybrid"
-provider = "wso2"
 gateway_type = "Regular"
+provider = "wso2"
 display_in_api_console = true
 description = "This is a hybrid gateway that handles both production and sandbox token traffic."
 show_as_token_endpoint_url = true
@@ -106,7 +101,7 @@ gateway_labels =["Default"]
 #expiry_time = "2m"
 
 [apim.analytics] 
-enable = true
+enable = true 
 config_endpoint = "https://analytics-event-auth.choreo.dev/auth/v1" 
 auth_token = "<on-prem-key>"
 
@@ -116,9 +111,9 @@ token = ""
 endpoint = ""
 
 [apim.key_manager]
-enable_apikey_subscription_validation = true
 service_url = "https://is-as-km:9444/services/"
 type = "WSO2-IS"
+#service_url = "https://localhost:${mgt.transport.https.port}/services/"
 #username = "$ref{super_admin.username}"
 #password = "$ref{super_admin.password}"
 #pool.init_idle_capacity = 50
@@ -167,10 +162,13 @@ type = "WSO2-IS"
 #enable_cross_tenant_subscriptions = true
 #default_reserved_username = "apim_reserved_user"
 
+#[apim.publisher]
+#enable_portal_configuration_only_mode = false
+
 [apim.cors]
 allow_origins = "*"
 allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
-allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "Internal-Key"]
+allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"]
 allow_credentials = false
 
 #[apim.throttling]
@@ -269,19 +267,13 @@ order = 1
 notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify"
 username = "${admin.username}"
 password = "${admin.password}"
-'header.X-WSO2-KEY-MANAGER' = "WSO2-IS"
+'header.X-WSO2-KEY-MANAGER' = "default"
 
 [oauth.grant_type.token_exchange]
-enable = true
+enable = false
 allow_refresh_tokens = true
 iat_validity_period = "1h"
 
-[config_data] 
-path = "/_system/apim/config" 
-
-[transport.passthru_https.sender.parameters] 
-HostnameVerifier="AllowAll"
-
 #[integration.transaction_counter]
 #enable = true
 #server_id = "Gateway1"

docker-compose/apim-is-as-km-with-analytics/conf/is-as-km/repository/conf/deployment.toml

@@ -10,28 +10,24 @@ password = "admin"
 create_admin_account = true
 
 [user_store]
-type = "read_write_ldap_unique_id"
-connection_url = "ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}"
-connection_name = "uid=admin,ou=system"
-connection_password = "admin"
-base_dn = "dc=wso2,dc=org" #refers the base dn on which the user and group search bases will be generated
+type = "database_unique_id"
 
 [database.identity_db]
-type = "h2"
-url = "jdbc:h2:./repository/database/WSO2IDENTITY_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
+type = "mysql"
+url = "jdbc:mysql://mysql:3306/WSO2AM_DB?autoReconnect=true&allowPublicKeyRetrieval=true&useSSL=false"
 username = "wso2carbon"
 password = "wso2carbon"
+driver = "com.mysql.cj.jdbc.Driver"
 
 [database.shared_db]
 type = "mysql"
-url = "jdbc:mysql://mysql:3306/WSO2AM_SHARED_DB?autoReconnect=true&useSSL=false"
-username = "wso2carbon"
-password = "wso2carbon"
+url = "jdbc:mysql://mysql:3306/WSO2AM_SHARED_DB?autoReconnect=true&allowPublicKeyRetrieval=true&useSSL=false"
+username = "wso2carbon" 
+password = "wso2carbon" 
 driver = "com.mysql.cj.jdbc.Driver"
 
-[keystore.primary]
-file_name = "wso2carbon.jks"
-password = "wso2carbon"
+[keystore]
+userstore_password_encryption = "InternalKeyStore"
 
 [truststore]
 file_name="client-truststore.jks"
@@ -65,7 +61,7 @@ app_password= "dashboard"
 #Google reCAPTCHA settings.
 
 #[recaptcha]
-#enabled = "true"
+#enabled = true
 #api_url = "https://www.google.com/recaptcha/api.js"
 #verify_url = "https://www.google.com/recaptcha/api/siteverify"
 #site_key = ""
@@ -79,7 +75,6 @@ app_password= "dashboard"
 #hostname= "smtp.gmail.com"
 #port= 587
 
-# custom identity server as key manager configurations
 [[event_listener]]
 id = "token_revocation"
 type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
@@ -123,23 +118,32 @@ scopes = "internal_application_mgt_view"
 [[resource.access_control]]
 context = "(.*)/keymanager-operations/dcr/register(.*)"
 secure = true
-http_method = "PUT"
-permissions = "/permission/admin/manage/identity/applicationmgt/update"
-scopes = "internal_application_mgt_update"
+http_method = "DELETE"
+permissions = "/permission/admin/manage/identity/applicationmgt/delete"
+scopes = "internal_application_mgt_delete"
 
 [[resource.access_control]]
-context = "(.)/keymanager-operations/dcr/register(.)"
+context = "(.*)/keymanager-operations/dcr/register(.*)"
 secure = true
-http_method = "POST"
+http_method = "PUT"
 permissions = "/permission/admin/manage/identity/applicationmgt/update"
 scopes = "internal_application_mgt_update"
 
 [[resource.access_control]]
 context = "(.*)/keymanager-operations/dcr/register(.*)"
 secure = true
-http_method = "DELETE"
-permissions = "/permission/admin/manage/identity/applicationmgt/delete"
-scopes = "internal_application_mgt_delete"
+http_method = "POST"
+permissions = "/permission/admin/manage/identity/applicationmgt/update"
+scopes = "internal_application_mgt_update"
 
 [tenant_context.rewrite]
 custom_webapps = ["/keymanager-operations/"]
+
+[system.parameter]
+"org.wso2.CipherTransformation" = "RSA/ECB/OAEPwithSHA1andMGF1Padding"
+
+[encryption]
+internal_crypto_provider = "org.wso2.carbon.crypto.provider.KeyStoreBasedInternalCryptoProvider"
+
+[authorization_manager.properties]
+GroupAndRoleSeparationEnabled = false

docker-compose/apim-is-as-km-with-analytics/conf/mysql/scripts/mysql_apim.sql

@@ -1,7 +1,9 @@
 DROP DATABASE IF EXISTS WSO2AM_DB;
-CREATE DATABASE WSO2AM_DB;
-GRANT ALL ON WSO2AM_DB.* TO 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+CREATE DATABASE WSO2AM_DB CHARACTER SET latin1;
 
+CREATE USER IF NOT EXISTS 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+GRANT ALL PRIVILEGES ON WSO2AM_DB.* TO 'wso2carbon'@'%';
+FLUSH PRIVILEGES;
 USE WSO2AM_DB;
 
 -- Start of IDENTITY Tables--

docker-compose/apim-is-as-km-with-analytics/conf/mysql/scripts/mysql_shared.sql

@@ -1,7 +1,9 @@
 DROP DATABASE IF EXISTS WSO2AM_SHARED_DB;
-CREATE DATABASE WSO2AM_SHARED_DB;
-GRANT ALL ON WSO2AM_SHARED_DB.* TO 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+CREATE DATABASE WSO2AM_SHARED_DB CHARACTER SET latin1;
 
+CREATE USER IF NOT EXISTS 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+GRANT ALL PRIVILEGES ON WSO2AM_SHARED_DB.* TO 'wso2carbon'@'%';
+FLUSH PRIVILEGES;
 USE WSO2AM_SHARED_DB;
 
 CREATE TABLE IF NOT EXISTS REG_CLUSTER_LOCK (

docker-compose/apim-is-as-km-with-analytics/docker-compose.yml

@@ -15,14 +15,14 @@
 version: '2.4'
 services:
  mysql:
- image: mysql:8.3.0
+ image: mysql:8.0.36
  ports:
  - 3306
  environment:
  MYSQL_ROOT_PASSWORD: root
  volumes:
  - ./conf/mysql/scripts:/docker-entrypoint-initdb.d
- - ./conf/mysql/conf/my.cnf:/etc/mysql/my.cnf
+ - ./conf/mysql/conf/my.cnf:/etc/mysql/mysql.conf.d/my.cnf
  ulimits:
  nofile:
  soft: 20000

docker-compose/apim-is-as-km-with-analytics/dockerfiles/apim/Dockerfile

@@ -22,8 +22,7 @@ FROM docker.wso2.com/wso2am:4.3.0.0
 
 LABEL maintainer="WSO2 Docker Maintainers <dev@wso2.org>"
 
-# build arguments for external artifacts
-ARG MYSQL_CONNECTOR_VERSION=8.0.17
+ARG MYSQL_CONNECTOR_VERSION=8.0.30
 
 # add MySQL JDBC connector to server home as a third party library
 ADD --chown=wso2carbon:wso2 https://repo1.maven.org/maven2/mysql/mysql-connector-java/${MYSQL_CONNECTOR_VERSION}/mysql-connector-java-${MYSQL_CONNECTOR_VERSION}.jar ${WSO2_SERVER_HOME}/repository/components/dropins/

docker-compose/apim-is-as-km-with-analytics/dockerfiles/is-as-km/Dockerfile

@@ -20,12 +20,6 @@
 FROM docker.wso2.com/wso2is:6.1.0.0
 LABEL maintainer="WSO2 Docker Maintainers <dev@wso2.org>"
 
-# build arguments for external artifacts
-ARG MYSQL_CONNECTOR_VERSION=8.0.17
-
-# add MySQL JDBC connector to server home as a third party library
-ADD --chown=wso2carbon:wso2 https://repo1.maven.org/maven2/mysql/mysql-connector-java/${MYSQL_CONNECTOR_VERSION}/mysql-connector-java-${MYSQL_CONNECTOR_VERSION}.jar ${WSO2_SERVER_HOME}/repository/components/dropins/
-
 # copy extensions to the identity server home
 COPY dropins ${WSO2_SERVER_HOME}/repository/components/dropins/
 # copy customized webapps to the identity server home

docker-compose/apim-with-analytics/conf/apim/repository/conf/deployment.toml

@@ -13,18 +13,18 @@ create_admin_account = true
 [user_store]
 type = "database_unique_id"
 
-[database.apim_db]
+[database.apim_db] 
 type = "mysql"
-url = "jdbc:mysql://mysql:3306/WSO2AM_DB?autoReconnect=true&useSSL=false"
+url = "jdbc:mysql://mysql:3306/WSO2AM_DB?autoReconnect=true&allowPublicKeyRetrieval=true&useSSL=false"
 username = "wso2carbon"
 password = "wso2carbon"
 driver = "com.mysql.cj.jdbc.Driver"
 
 [database.shared_db]
 type = "mysql"
-url = "jdbc:mysql://mysql:3306/WSO2AM_SHARED_DB?autoReconnect=true&useSSL=false"
-username = "wso2carbon"
-password = "wso2carbon"
+url = "jdbc:mysql://mysql:3306/WSO2AM_SHARED_DB?autoReconnect=true&allowPublicKeyRetrieval=true&useSSL=false"
+username = "wso2carbon" 
+password = "wso2carbon" 
 driver = "com.mysql.cj.jdbc.Driver"
 
 [keystore.tls]
@@ -54,8 +54,8 @@ key_password = "wso2carbon"
 [[apim.gateway.environment]]
 name = "Default"
 type = "hybrid"
-provider = "wso2"
 gateway_type = "Regular"
+provider = "wso2"
 display_in_api_console = true
 description = "This is a hybrid gateway that handles both production and sandbox token traffic."
 show_as_token_endpoint_url = true

docker-compose/apim-with-analytics/conf/mysql/scripts/mysql_apim.sql

@@ -1,7 +1,9 @@
 DROP DATABASE IF EXISTS WSO2AM_DB;
-CREATE DATABASE WSO2AM_DB;
-GRANT ALL ON WSO2AM_DB.* TO 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+CREATE DATABASE WSO2AM_DB CHARACTER SET latin1;
 
+CREATE USER IF NOT EXISTS 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+GRANT ALL PRIVILEGES ON WSO2AM_DB.* TO 'wso2carbon'@'%';
+FLUSH PRIVILEGES;
 USE WSO2AM_DB;
 
 -- Start of IDENTITY Tables--

docker-compose/apim-with-analytics/conf/mysql/scripts/mysql_shared.sql

@@ -1,7 +1,9 @@
 DROP DATABASE IF EXISTS WSO2AM_SHARED_DB;
-CREATE DATABASE WSO2AM_SHARED_DB;
-GRANT ALL ON WSO2AM_SHARED_DB.* TO 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+CREATE DATABASE WSO2AM_SHARED_DB CHARACTER SET latin1;
 
+CREATE USER IF NOT EXISTS 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+GRANT ALL PRIVILEGES ON WSO2AM_SHARED_DB.* TO 'wso2carbon'@'%';
+FLUSH PRIVILEGES;
 USE WSO2AM_SHARED_DB;
 
 CREATE TABLE IF NOT EXISTS REG_CLUSTER_LOCK (

docker-compose/apim-with-analytics/docker-compose.yml

@@ -15,14 +15,14 @@
 version: '2.4'
 services:
  mysql:
- image: mysql:8.3.0
+ image: mysql:8.0.36
  ports:
  - 3306
  environment:
  MYSQL_ROOT_PASSWORD: root
  volumes:
  - ./conf/mysql/scripts:/docker-entrypoint-initdb.d
- - ./conf/mysql/conf/my.cnf:/etc/mysql/my.cnf
+ - ./conf/mysql/conf/my.cnf:/etc/mysql/mysql.conf.d/my.cnf
  ulimits:
  nofile:
  soft: 20000

docker-compose/apim-with-analytics/dockerfiles/apim/Dockerfile

@@ -21,7 +21,7 @@ FROM docker.wso2.com/wso2am:4.3.0.0
 LABEL maintainer="WSO2 Docker Maintainers <dev@wso2.org>"
 
 # build arguments for external artifacts
-ARG MYSQL_CONNECTOR_VERSION=8.0.17
+ARG MYSQL_CONNECTOR_VERSION=8.0.30
 
 # add MySQL JDBC connector to server home as a third party library
 ADD --chown=wso2carbon:wso2 https://repo1.maven.org/maven2/mysql/mysql-connector-java/${MYSQL_CONNECTOR_VERSION}/mysql-connector-java-${MYSQL_CONNECTOR_VERSION}.jar ${WSO2_SERVER_HOME}/repository/components/dropins/

docker-compose/apim-with-mi/conf/apim/repository/conf/deployment.toml

@@ -15,14 +15,14 @@ type = "database_unique_id"
 
 [database.apim_db] 
 type = "mysql"
-url = "jdbc:mysql://mysql:3306/WSO2AM_DB?autoReconnect=true&useSSL=false"
+url = "jdbc:mysql://mysql:3306/WSO2AM_DB?autoReconnect=true&allowPublicKeyRetrieval=true&useSSL=false"
 username = "wso2carbon"
 password = "wso2carbon"
 driver = "com.mysql.cj.jdbc.Driver"
 
 [database.shared_db]
 type = "mysql"
-url = "jdbc:mysql://mysql:3306/WSO2AM_SHARED_DB?autoReconnect=true&useSSL=false"
+url = "jdbc:mysql://mysql:3306/WSO2AM_SHARED_DB?autoReconnect=true&allowPublicKeyRetrieval=true&useSSL=false"
 username = "wso2carbon" 
 password = "wso2carbon" 
 driver = "com.mysql.cj.jdbc.Driver"
@@ -54,8 +54,8 @@ key_password = "wso2carbon"
 [[apim.gateway.environment]]
 name = "Default"
 type = "hybrid"
-provider = "wso2"
 gateway_type = "Regular"
+provider = "wso2"
 display_in_api_console = true
 description = "This is a hybrid gateway that handles both production and sandbox token traffic."
 show_as_token_endpoint_url = true
@@ -260,7 +260,6 @@ id = "token_revocation"
 type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
 name = "org.wso2.is.notification.ApimOauthEventInterceptor"
 order = 1
-
 [event_listener.properties]
 notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify"
 username = "${admin.username}"

docker-compose/apim-with-mi/conf/mysql/scripts/mysql_apim.sql

@@ -1,7 +1,9 @@
 DROP DATABASE IF EXISTS WSO2AM_DB;
-CREATE DATABASE WSO2AM_DB;
-GRANT ALL ON WSO2AM_DB.* TO 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+CREATE DATABASE WSO2AM_DB CHARACTER SET latin1;
 
+CREATE USER IF NOT EXISTS 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon';
+GRANT ALL PRIVILEGES ON WSO2AM_DB.* TO 'wso2carbon'@'%';
+FLUSH PRIVILEGES;
 USE WSO2AM_DB;
 
 -- Start of IDENTITY Tables--