Feature: Upgrade Universal Configuration Store to JDK 17

[carter-cundiff]

Description

Follow on to #133, where we want to migrate our whole repository to java 17. This issue focus on migrating the Universal Configuration Store.

DOD

• Update Universal Configuration Store to build with JDK 17
  • Ensure all pom dependencies are compatible - update to jakarta
    • Update to official java 17 version where possible
    • Quarkus dependencies has been completed as part of Feature: Upgrade Quarkus to 3.6+ #263
  • Clean up pom to remove unnecessary dependencies and add undeclared transient dependencies
    • Use mvn dependency:analyze
  • Update base config store image to support jdk 17
    • Will involve update to base quarkus image - coordinate with Jackson
• Update Vault chart base image to support jdk 17

Test Strategy/Script

Test Krausening

• Update your machine to build with JDK 17. Run mvn -v to verify it's configured properly. The output should be similar to the following (Note: java distributions different thank openjdk are okay):

$ mvn -v
Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae)
Maven home: /path/to/apache-maven-3.9.6-bin/3311e1d4/apache-maven-3.9.6
Java version: 17.0.8.1, vendor: Private Build, runtime: /usr/lib/jvm/java-17-openjdk-amd64

• OTS Only:

  • Within the aiSSEMBLE repo, run the following and verify it builds successfully:

  mvn clean install -pl :aissemble-configuration-store,:aissemble-configuration-store-chart,:foundation-archetype,:foundation-mda,:foundation-upgrade -am -Dmaven.build.cache.skipCache=true
  

• Create a downstream project:

mvn archetype:generate -U -DarchetypeGroupId=com.boozallen.aissemble \
  -DarchetypeArtifactId=foundation-archetype \
  -DarchetypeVersion=1.10.0-SNAPSHOT \
  -DgroupId=com.test \
  -DartifactId=test-364 \
  -DprojectGitUrl=test.url \
  -DprojectName=test-364 \
  && cd test-364

• Add the following execution to the test-364-deploy/pom.xml:

<execution>
    <id>vault</id>
    <phase>generate-sources</phase>
    <goals>
        <goal>generate-sources</goal>
    </goals>
    <configuration>
        <basePackage>com.test</basePackage>
        <profile>vault-deploy</profile>
        <!-- The property variables below are passed to the Generation Context and utilized
                to customize the deployment artifacts. -->
        <propertyVariables>
            <appName>vault</appName>
        </propertyVariables>
    </configuration>
</execution>

• Run mvn clean install once and complete the manual actions

• Run mvn clean install once more

• OTS Only:

  • Copy the updated config store helm chart from the aiSSEMBLE repo to the test project

  cp aissemble/extensions/extensions-helm/aissemble-configuration-store-chart/target/helm/repo/aissemble-configuration-store-chart-1.10.0-SNAPSHOT.tgz test-364/test-364-deploy/src/main/resources/apps/configuration-store/charts/
  

• Download and unzip the attached 364-helper.zip

• Update the aissemble-configuration-store-chart.configurationVolume.volumePathOnNode within test-364-deploy/src/main/resources/apps/configuration-store/values-dev.yaml with the path to the configurations within the downloaded folder, for example:

  configurationVolume:
    storageType: "local"
    volumePathOnNode: "/path/to/364-helper/src/main/resources/configurations"

• From the root of the test-364 project, run the following to deploy the config store:

helm install config-store test-364-deploy/src/main/resources/apps/configuration-store --values test-364-deploy/src/main/resources/apps/configuration-store/values.yaml --values test-364-deploy/src/main/resources/apps/configuration-store/values-dev.yaml --namespace config-store-ns --create-namespace

• Wait until the config store is running, you can view the status with the following command:

kubectl get pods -n config-store-ns

• Verify the config store is running on Java 17 with the following commands:

kubectl exec -it <CONFIG_STORE_POD> -n config-store-ns -- java -version

• View the config store the logs:

kubectl logs <CONFIG_STORE_POD> -n config-store-ns

• Verify you see the following:

[main] INFO  com.boozallen.aissemble.configuration.ConfigStoreInit.init():67 - Using property Dao class: com.boozallen.aissemble.configuration.dao.KrauseningPropertyDao
...
[main] INFO  com.boozallen.aissemble.configuration.store.ConfigLoader.write():267 - Successfully wrote all properties to the store.
[main] INFO  com.boozallen.aissemble.configuration.ConfigStoreInit.loadPolicies():173 - No policies found to load
[main] INFO  com.boozallen.aissemble.configuration.ConfigStoreInit.init():86 - Successfully initialized store configuration properties and policies.

• Access the REST endpoint with the following command:

kubectl exec -it <CONFIG_STORE_POD> -n config-store-ns -- curl http://configuration-store.config-store-ns.svc:8083/aissemble-properties/aws-credentials/AWS_ACCESS_KEY_ID

• Verify it returns the following:

{"groupName":"aws-credentials","name":"AWS_ACCESS_KEY_ID","value":"env-access-key-id"}

• Create a file config-test-pod.yaml with the following content:

apiVersion: v1
kind: Pod
metadata:
  name: config-test-pod
  labels:
    aissemble-configuration-store: enabled
spec:
  containers:
  - name: curl-container
    image: curlimages/curl:latest
    command: ["sleep", "infinity"]
    stdin: true
    tty: true
    env:
      - name: ACCESS_KEY
        value: $getConfigValue(groupName=aws-credentials;propertyName=AWS_ACCESS_KEY_ID)

• Run the following to deploy it:

kubectl apply -f config-test-pod.yaml

• Get the environment variables for pod with the following command:

kubectl exec -it config-test-pod -- env

• Verify the environment variable is updated to look like the following:

ACCESS_KEY=env-access-key-id

• Delete the test pod and uninstall the config store with the following commands:

kubectl delete pod config-test-pod
helm uninstall config-store -n config-store-ns

Test Vault

• Run the following from the root of the test-364 project:

tilt up vault

• Once vault is ready, scroll up to find the root key, unseal keys within the tilt log output

• In /src/main/resources/configurations/base/encrypt.properties of the downloaded and unzipped 364-helper folder, update the secrets.root.key with the ROOT KEY content and secrets.unseal.keys with the UNSEAL KEYS content (make sure to remove the [], ", and any spaces)

• Add the following env to test-364-deploy/src/main/resources/apps/configuration-store/values.yaml:

- name: STORAGE_CLASS
  value: vault

• In another terminal, run the following from the root of the test-364 project to deploy the config store:

helm install config-store test-364-deploy/src/main/resources/apps/configuration-store --values test-364-deploy/src/main/resources/apps/configuration-store/values.yaml --values test-364-deploy/src/main/resources/apps/configuration-store/values-dev.yaml --namespace config-store-ns --create-namespace

• Wait until the config store is running, you can view the status with the following command:

kubectl get pods -n config-store-ns

• View the config store the logs:

kubectl logs <CONFIG_STORE_POD> -n config-store-ns

• Verify you see the following:

[main] INFO  com.boozallen.aissemble.configuration.ConfigStoreInit.init():67 - Using property Dao class: com.boozallen.aissemble.configuration.dao.VaultPropertyDao
...
[main] INFO  com.boozallen.aissemble.configuration.store.ConfigLoader.write():267 - Successfully wrote all properties to the store.
[main] INFO  com.boozallen.aissemble.configuration.ConfigStoreInit.loadPolicies():173 - No policies found to load
[main] INFO  com.boozallen.aissemble.configuration.ConfigStoreInit.init():86 - Successfully initialized store configuration properties and policies.

• Access the REST endpoint with the following command:

kubectl exec -it <CONFIG_STORE_POD> -n config-store-ns -- curl http://configuration-store.config-store-ns.svc:8083/aissemble-properties/aws-credentials/AWS_ACCESS_KEY_ID

• Verify it returns the following:

{"groupName":"aws-credentials","name":"AWS_ACCESS_KEY_ID","value":"env-access-key-id"}

• Deploy the config-test-pod.yaml again with the following command:

kubectl apply -f config-test-pod.yaml

• Get the environment variables for pod with the following command:

kubectl exec -it config-test-pod -- env

• Verify the environment variable is updated to look like the following:

ACCESS_KEY=env-access-key-id

• Uninstall the config store, test-pod and vault:

tilt down
kubectl delete pod config-test-pod
helm uninstall config-store -n config-store-ns

Test Project Migration

• Update your java version to JDK 11. Run mvn -v to verify it's configured properly.
• Create a new downstream project from 1.9.2:

mvn archetype:generate -U -DarchetypeGroupId=com.boozallen.aissemble \
  -DarchetypeArtifactId=foundation-archetype \
  -DarchetypeVersion=1.9.2 \
  -DgroupId=com.test \
  -DartifactId=test-364-upgrade \
  -DprojectGitUrl=test.url \
  -DprojectName=test-364-upgrade \
  && cd test-364-upgrade

• Verify you can successfully build the project with mvn clean install
• Update the parent in the root pom.xml to 1.10.0-SNAPSHOT
• Update your java version to JDK 17. Run mvn -v to verify it's configured properly.
• Run the following to perform the baton migrations:

mvn org.technologybrewery.baton:baton-maven-plugin:baton-migrate

• Verify the maven-shade-plugin within test-364-upgrade-tests/test-364-upgrade-tests-java/pom.xml has the dependency and transformer updated to the following:

<transformer
    implementation="org.apache.logging.log4j.maven.plugins.shade.transformer.Log4j2PluginCacheFileTransformer">
</transformer>
...
<dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-transform-maven-shade-plugin-extensions</artifactId>
    <version>${version.log4j.transform}</version>
</dependency>

• Verify you can successfully build the project with mvn clean install

References/Additional Context

[carter-cundiff]

DOD with @ewilkins-csi, @csun-cpointe, @nartieri

[ewilkins-csi]

OTS test passed ✅

[ewilkins-csi]

✅ Final Test passed 🎉

✅ Test Krausening

• ✅ Update your machine to build with JDK 17. Run mvn -v to verify it's configured properly.
• ✅ Create a downstream project:
• ✅ Add the following execution to the test-364-deploy/pom.xml
• ✅ Run mvn clean install once and complete the manual actions
• ✅ Run mvn clean install once more
• ✅ Download and unzip the attached 364-helper.zip
• ✅ Update the aissemble-configuration-store-chart.configurationVolume.volumePathOnNode within test-364-deploy/src/main/resources/apps/configuration-store/values-dev.yaml with the path to the configurations within the downloaded folder
• ✅ From the root of the test-364 project, run the following to deploy the config store:
• ✅ Wait until the config store is running, you can view the status with the following command:
• ✅ Verify the config store is running on Java 17 with the following commands:
  
• ✅ View the config store the logs
• ✅ Verify you see the following
  
  
• ✅ Access the REST endpoint with the following command:
• ✅ Verify it returns the following:
  
• ✅ Create a file config-test-pod.yaml with the following content
• ✅ Run the following to deploy it
• ✅ Get the environment variables for pod with the following command
• ✅ Verify the environment variable is updated to look like the following:
  
• ✅ Delete the test pod and uninstall the config store with the following commands:

✅ Test Vault

• ✅ Run the following from the root of the test-364 project:
• ✅ Once vault is ready, scroll up to find the root key, unseal keys within the tilt log output
• ✅ In /src/main/resources/configurations/base/encrypt.properties of the downloaded and unzipped 364-helper folder, update the secrets.root.key with the ROOT KEY content and secrets.unseal.keys with the UNSEAL KEYS content
• ✅ Add the following env to test-364-deploy/src/main/resources/apps/configuration-store/values.yaml
• ✅ In another terminal, run the following from the root of the test-364 project to deploy the config store
• ✅ Wait until the config store is running, you can view the status with the following command:
• ✅ View the config store the logs
• ✅ Verify you see the following FINDING: NPE in the logs "java.lang.NullPointerException: Property value cannot be null"
  
  
• ✅ Access the REST endpoint with the following command:
• ✅ Verify it returns the following:
  
• ✅ Deploy the config-test-pod.yaml again with the following command:
• ✅ Get the environment variables for pod with the following command:
• ✅ Verify the environment variable is updated to look like the following:
  
• ✅ Uninstall the config store, test-pod and vault:

✅ Test Project Migration

• ✅ Update your java version to JDK 11. Run mvn -v to verify it's configured properly.
• ✅ Create a new downstream project from 1.9.2:
• ✅ Verify you can successfully build the project with mvn clean install
  
• ✅ Update the parent in the root pom.xml to 1.10.0-SNAPSHOT
• ✅ Update your java version to JDK 17. Run mvn -v to verify it's configured properly.
• ✅ Run the following to perform the baton migrations:
• ✅ Verify the maven-shade-plugin within test-364-upgrade-tests/test-364-upgrade-tests-java/pom.xml has the dependency and transformer updated to the following
  
• ✅ Verify you can successfully build the project with mvn clean install