Merge Gateway (#833)

* WIP building request transformation

* WIP

* Working /api/v2/values endpoint

* WIP: added initial implementation of authorization enforcement

* Improved tests

* small refactor and implementation of model reading and writing

* Implemented tags middleware and refactored routing

* v1 conttoller adde

* fix

* host fixed

* Adding secure-gateway to CI

* isAlive added

* modelManagement package added

* add security to modelMangement handler

* exception handled

* context transform added

* schemas added to transformation

* goThrough host to config

* CI: still work in progress, need to account for v1 routes, that don't start with api/v1

* Added health endpoint

* refactor

* Fixed integration tests and smoke tests

* tiny refactor

* extract from request added

* added act mapping

* tests added to extract

* Codefresh almost works

* jwt token added

* jwtUtils moved package

* Fixed models test

* Added support for groups using casbin

* Fixed and improved tests

* WIP implementing git policy repository

* CI fixes for policyRepositories

* Fixes for CI

* add mutex to jwt token creation

* bug fixed in gateway

* Healthcheck added to secure-gateway dockerfile (#726)

Healthcheck added to secure-gateway dockerfile

* 730 gateway accepts tweekinternals (#731)

Add support for tweekinternal authentication to gateway

* 734 move auth midware to routes (#735)

Auth middleware moved from app level to route level #734

* go fmt added to linters (#733)

* Go fmt linter bug fixed (#739)

* No fixed...

* 700 audit log (#732)

* WIP audit

* Implementing audit, stabilizing e2e

* Adding audit interface and implementation

* Returend sudo to run_tests.sh

* Some fixes for review

* Fixes for review

* 737 store gateway rules in minio (#741)

store gateway rules in minio instead of git

* Config package changed (#746)

App Config package changed from viper to configor

* E2E added to gateway (#750)

E2E added to gateway

* Separate OpenIdConnect and Tweek Issuer jwt validation (#760)

* Casbin policy refresh added (#759)

* CORS support added to secure-gateway (#743)

CORS support added to secure-gateway

* Merge master to secure-gateway (#772)

* 740 Publishing service pushes policy to minio (#765)

* 738 policies (#762)

* Fixed typo in comments

* Changes in ExtractFromRequest to account for contexts

* Added more tests and fixed bugs

* Small fixes

* Implementing matchResource function WIP

* WIP

* Some review fixes

* Added regexp support and more tests WIP

* Refactored code and fixed tests

* Small fix

* Fixed CI files

* Switched from regexp to wildcard

* Fixed policy.csv

* Refactored: changed regexp to wildcard

* Refactored map into struct

* Added resource deffinition documentation

* Fixes for tests

* fixes for CI and tests

* Fixes

* 775 authorize tweek issuer by issuer w/o email check (#777)

* Editor as SPA (#792)

* Prevented recovery middleware from printing stack (#821)

* Implemented JWK cache (#818)

* Implemented JWK cache

* Adjusting authorization to work as designed (#823)

* Adjusting authorization to work as designed

* Fix for tests

* Fixed policies

* Fixes for review

* Fixes to simplify authorization model

* Fixes for previous commit

* More fixes

* Updated resource deffinition document

* Removed unnecessary line from policy.csv

* Fixes for policy.csv

* Fixes for request utils

* Fixes for review

* e2e integration tests for api v2 (#827)

* Added tests covering v2 API

* Created k8s yaml for gateway (#831)

* Created k8s yaml for gateway

* Fixes

* Fixes for review

* Renamed secure-gateway as gateway (#836)

* Added pod disruption budget

* Added metrics per upstream for passthrough (#840)

* Added metrics per upstream for passthrough

* Fixes for review

* fix after merge

* remove deleted files added by merge

* make restore command added to gateway makefile

* fix card_view after merge from master

* Add editor local configuration (#853)

* Allow credentials should be always true (#857)

* implemented extraction of user info with opa/rego (#859)

* implemented extraction of user info with opa/rego

* Fix for CI

* Fixes for review

* Fixes for review

* Renamed UserAndGroupExtractor to SubjectExtractor

* Small fixes

* Set editor backend url properly (#856)

* Remove envVars.js

* get env var from window object as fallback

* PR CR changes

* 846 Controller for gateway that returns status of all services (#860)

* 862 - Publishing validates sub extraction rules while sync to minio (#864)

* e2e editor backend url fixed

* Replaced casbin with OPA (#871)

* Replaced casbin with OPA

* Uncommented test cases

* Refactored subject treatment

* Fixed requestUtils

* Small naming fix

* Added opa tests and fixed sub in Authorize

* Added test files

* Fix for docker

* Made local config files not configurable (#874)

* Adapted policies endpoint in authoring for use with OPA (#880)

* Added rules extraction endpoint (#881)

* Added rules extraction endpoint

* Removed unnecessary console.log

* Naming fix

* Added policy validation to publishing (#882)

* Policies PATCH method added to authoring (#896)

* Gateway config moved to mounted volume (#855)

* Gateway config moved to mounted volume

* logger changed from gateway

* volumes instruction fixed

* small fix

* .

* ..

* ....

* Fix for Dockerfile

* Revert "...."

This reverts commit 520e6af.

* Revert ".."

This reverts commit 364e1b8.

* Revert "."

This reverts commit 4e7d4c3.

* Fixes for CI

* Fixes for CI

* Fixes for CI

* Fixes for CI

* Fixes for CI

* Fixed merge

* Fixes for CI

* Fixes for merge

* Fixes for merge

* Pushing gateway images

* Small fix

* Added push step for git repository

* Swagger for gateway & some more security and policy changes (#899)

* Fixed regression in password verification for basic auth

* Revert "Fixed regression in password verification for basic auth"

This reverts commit 7a7f86d.

* Fixed key derivation in publishing

* Fixed git repository

* Implemented anonymous access (#921)

* Added percentile 75 and 95 to gateway (#933)

* Added percentile 75 and 95 to gateway

* Fix for review

* Support for serving editor through gateway (#923)

* Added build id tags to gateway builds

* Implemented wildcard context (#938)

* Implemented Azure login (#948)

* Implemented Azure login

* Fixed missing configuration

* Changed auth code to use id_token

* Removed redundant console.log

* Fixes for review

* Fixed a small bug

* Bug fixes for login

* Added token expiration check in isAuthenticated (#952)

* Impelmented userinfo endpoint (#959)

* Impelmented userinfo endpoint

* Added http error status

* Moved the endpoint to /api/v2

* Renamed the endpoint to current-user to reflect the semantics

* Added /configurations endpoint (#963)

* Added /configurations endpoint

* Changed how /configurations/ path is mounted

* Refactored passThrough (#967)

* Moved security related files to security folder in repo (#969)

* Moved security related files to security folder in repo

* Fixed authoring

* Reverted CONFIGOR_ENV in docker-compose files

* Added editor context to requests for configuration (#970)

* Added editor context to requests for configuration

* Fixed configuration key name

* Fixed getConfiguration

* Fixed policy.json

* Fixed status endpoint (#971)

* Fixed status endpoint

* Fixes for review

* Fixed name and email extraction in gateway (#974)

* Fixed name and email extraction in gateway

* Fixes for review

* Small fixes

* Removed anonymous from name and email (#975)

* Fixed stale revision checking (#978)

* Implemented keyPath transformation (#979)

* Implemented keyPath transformation

* Review fixes

* Fixes for review

* Fixed settings.json

* Added repo revision to status (#982)

* Added repo revision to status

* Fixes for previous commit

* Fixed test

* Fixed /api/v1 with no host case (#985)

* Fixed swagger.yml (#988)

* Fixed swagger.yml

* Implemented serving swagger.yml file

* Added swagger.go

* Fixed StaleRevisionException being thrown when there is another problem (#1013)

* Added metrics to publishing (#1015)

* Fixed silent token refresh issue (#1020)

* Fixed stale revision issue (#1023)

* Refreshing JWKs when key is missing (#1022)

* Refresh if key is missing

* Fixed read for context in gateway (#1025)

* Fixed login expiration (#1029)

* Fixed login expiration

* Fixed redirect after login (#1031)

CI/docker-compose.override.yml

@@ -19,7 +19,7 @@ services:
     image: soluto/tweek-api
     build:
       context: ../
-      dockerfile: TweekApiDockerfile
+      dockerfile: TweekApi.Dockerfile
     logging:
       driver: "json-file"
     ports:
@@ -35,65 +35,76 @@ services:
 
   editor:
     image: soluto/tweek-editor
-    build: ../services/editor
+    build: ../services/editor      
     logging:
       driver: "json-file"
     ports:
       - "5004:3000"
 
-  zap-smoke:
-    image: soluto/zap
-    build: ../deployments/dev/zap
-    logging:
-      driver: "json-file"
+  gateway:
+    image: soluto/tweek-gateway
+    build: ../services/gateway
     volumes:
-      - ../deployments/dev/zap/session/smoke:/root/.ZAP/session/smoke
+      - ../deployments/dev/gateway/config:/config
+    ports:
+      - "5099:80"
 
-  zap-e2e:
-    image: soluto/zap
-    build: ../deployments/dev/zap
-    logging:
-      driver: "json-file"
-    volumes:
-      - ../deployments/dev/zap/session/e2e:/root/.ZAP/session/e2e
+  selenium:
+    image: selenium/standalone-chrome-debug:3.8.1
+    ports:
+      - "5900:5900"
 
   smoke-tests:
     build:
       context: ../
-      dockerfile: TweekApiSmokeTestDockerfile
+      dockerfile: TweekApiSmokeTest.Dockerfile
     depends_on: 
-      - api
+      - gateway
       - publishing
-      - zap-smoke
     environment: 
       - TWEEK_API_URL=http://api/
-      - PROXY_URL=http://zap-smoke:8090
+    links:
+      - gateway:api
 
   e2e-ui:
     build: ../e2e/ui
     depends_on: 
       - selenium
       - editor
-      - authoring
-      - api
+      - gateway
       - publishing
-      - zap-e2e
+    links:
+      - gateway:api
+      - gateway:authoring
     environment:
-      - EDITOR_URL=http://editor:3000/
+      - GATEWAY_URL=http://gateway/
       - TWEEK_API_URL=http://api/
-      - AUTHORING_URL=http://authoring:3000
-      - GIT_PRIVATE_KEY_INLINE=eWFybiBydW4gdjEuMy4yCiQgZG9ja2VyLWNvbXBvc2UgLWYgLi9kZXBsb3ltZW50cy9kZXYvZG9ja2VyLWNvbXBvc2UueW1sIC1mIC4vZGVwbG95bWVudHMvZGV2L2RvY2tlci1jb21wb3NlLm92ZXJyaWRlLnltbCBleGVjIHB1Ymxpc2hpbmcgY2F0IC90bXAvc3NoX3NlcnZlcgotLS0tLUJFR0lOIFJTQSBQUklWQVRFIEtFWS0tLS0tDQpNSUlFcEFJQkFBS0NBUUVBeE1JdjB3QW9NTkhzc1J6OUhvanM2eUNla2w5RHI5RUt1WjUwZ3QveHk4Wk9DelFKDQplblhvbm9TeHJVK0U2a0tNUFpxVzhJUFVoN0doL0pIbTFGV3MxZVR3YTNaMStVRUZraTNROWVERklQVE8zNW5hDQpxVjBwVXJZMndLTFRXbjNzN3ZkaGNBU09YdnVqc3lxdm9sQ1BrRXFyQVV1SVFXZzV3RzBKRHVweG4vMHRSSW9xDQpPT0gxNmlmeFpZcjdEQzQvQkp2Z0g2anRrdTVuNVhNTDhBaXVnd3B3bFNTU0c4dnVldXZabW53VWRKZ3FPM0RVDQpITHVTcEZwUXUySjZGeXY4ZFVhWVQxVnRxWDloeExpSG1HRVJLaEwrNWtQRzRkMTNCb2Q1VFhWZG82eHhmQ1BhDQpoaFVuemxkTWVzQTBiL1ZhUThBaVFoa29DY1FpYk9hclU3MDNSUUlEQVFBQkFvSUJBUUNaak5ZWHU3S2h6dUlCDQpvcGJpNG9iS1JDMmNHMTVPY2p3RmVlU0JVbFYzNnExelRzdnExdU9QK2d4VExaQ1Q1UlZlNmlyTFRvWm8wemFRDQpUaWl2SXFGOFYydE00aWpWT1dvb2x6clE5L1cvYjIyVzBKSDF4RytBVGhWU3BuOTh5bk5DVnFxaTZkdFZ3dG9RDQo4OG9YU1BtUTZNU2xnUlczdmFmOFJOdGgyWktOQUg5N1k4cGpWTVgvcUxMMW5aOTVicW9yUklMUnp6S0dKanFHDQplN0VpeFQ0a0JaemxHWUF5a1dVeFFZZzBkdTlnQjc1U1o2MHNwZzVUQlh5a3RXdzVIWG1ZWlMvSHdCOVRKbG1XDQpUanlWdE9lVmxqT0ZiOFZnSHBNd3d1Mk1vcjdWUEFQd2dEWHVxRk1XdkZ6cVViSGNVS3JXMGdCSExqWFNQbVM2DQowTDFJM2NXQkFvR0JBUE94eXFKZnhyelVDUG4zcDNtWTZyNmdseVhiLytlYVhhNDY3c05ZOE1acFZkbDVtUUpWDQpuOEdRN3FYaklaa2pCU2E5YzZZQThxOFRLVHlJbEcvTDE1OFVSaFRqZldNSC9nandaem1oSmVkL0N6Lzg1Y2V4DQpsUWw3bE4vUjI0VGIzd1UxNjNtRXluaEdSVzVLd3FjVTVvRUJtbjkvWWs4aGlia2k2aEk2NEFobEFvR0JBTTZ4DQpxUFpuL25odjh1K21PZTdjelNWNUxzd2ZNM1NTc25mWGdRUlc3cnpraGtmclFaMmVYekVDbWhWTy91SlZvTWJUDQpoQS9tUXRYRzVuMk9QMndmSk1LVUNiVVZ2ZTJYNUQxU1VGYk03dWVHU3JlWExXdXJzaHdnN1p6VlpxVDYzUEJSDQpqVGtRRTRydWtWRUszTTBVUDlJTVZ3c2FEajI4K2NNUWZOTkZodFZoQW9HQUNUOXErQ1I0VHp3Z3B4TzkyRUIwDQpVQTJhRHNhOWZGV0FUcGRQN2p2V3owQzZFRW1zQThtcUNWZHRwdi9xaTN3bnV1T2ZtdUlZVTRwL214dDN2cEpXDQp1V08wa1NCYzVzQXI1THp5dmQ0ZXFSMUtHUUNJMjc0aWNMeXUxcHVKSUE2VDlRZXB5dSsrR3poWGRDc0VIZ0VPDQpDa0U4VXJCTDA4THJEZ3FFSlhMMGczMENnWUJtMHpVbUdBZ2RMRHdrQW9MUmxLQ3Q0c0pvSTZGNmZid3hLRkZ6DQpzamVrV3Q5K2ljZWp2UFRJTWU0cmFaZ2RTdEhuOTdPOElTWGdxY2xpYnRDWVhrbndUcXNobmdaVlczbmRFOFVKDQoyWHVFVEdlQk84RUp6bW1WMnIrNmhPTkNjZFpWNjR3ZzlpRnl2VW9ua2dyVUx4MnN4aHpMVmhQOW5MUjMyUXp3DQpJYWQ1SVFLQmdRRFhwYVNubHhnK28zMldBR3dHc0F4cTVDVytyRXBPOFBDRG8rUmVlNnZjRjduSWYveTRzUlB1DQo0MWlwWjZYeFlwd2dSRDd6blpqejlBZVZoRzhpQUFBQk5GVTFKRlRpWGlnUERaLzA4WUUwdGdDVmIvRU9XZnFUDQptS0NBTUgrSjJZWUlwb3NLL3dyQmRXQ1RiUHYvYUI3RkVraFFLeGVJTXYxd0trd2tSaU5BQ0E9PQ0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCkRvbmUgaW4gMC42NHMuCg
-      - PROXY_URL=http://zap-e2e:8090
+      - AUTHORING_URL=http://authoring
+      - GIT_PRIVATE_KEY_INLINE=LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeE1JdjB3QW9NTkhzc1J6OUhvanM2eUNla2w5RHI5RUt1WjUwZ3QveHk4Wk9DelFKCmVuWG9ub1N4clUrRTZrS01QWnFXOElQVWg3R2gvSkhtMUZXczFlVHdhM1oxK1VFRmtpM1E5ZURGSVBUTzM1bmEKcVYwcFVyWTJ3S0xUV24zczd2ZGhjQVNPWHZ1anN5cXZvbENQa0VxckFVdUlRV2c1d0cwSkR1cHhuLzB0UklvcQpPT0gxNmlmeFpZcjdEQzQvQkp2Z0g2anRrdTVuNVhNTDhBaXVnd3B3bFNTU0c4dnVldXZabW53VWRKZ3FPM0RVCkhMdVNwRnBRdTJKNkZ5djhkVWFZVDFWdHFYOWh4TGlIbUdFUktoTCs1a1BHNGQxM0JvZDVUWFZkbzZ4eGZDUGEKaGhVbnpsZE1lc0EwYi9WYVE4QWlRaGtvQ2NRaWJPYXJVNzAzUlFJREFRQUJBb0lCQVFDWmpOWVh1N0toenVJQgpvcGJpNG9iS1JDMmNHMTVPY2p3RmVlU0JVbFYzNnExelRzdnExdU9QK2d4VExaQ1Q1UlZlNmlyTFRvWm8wemFRClRpaXZJcUY4VjJ0TTRpalZPV29vbHpyUTkvVy9iMjJXMEpIMXhHK0FUaFZTcG45OHluTkNWcXFpNmR0Vnd0b1EKODhvWFNQbVE2TVNsZ1JXM3ZhZjhSTnRoMlpLTkFIOTdZOHBqVk1YL3FMTDFuWjk1YnFvclJJTFJ6ektHSmpxRwplN0VpeFQ0a0JaemxHWUF5a1dVeFFZZzBkdTlnQjc1U1o2MHNwZzVUQlh5a3RXdzVIWG1ZWlMvSHdCOVRKbG1XClRqeVZ0T2VWbGpPRmI4VmdIcE13d3UyTW9yN1ZQQVB3Z0RYdXFGTVd2RnpxVWJIY1VLclcwZ0JITGpYU1BtUzYKMEwxSTNjV0JBb0dCQVBPeHlxSmZ4cnpVQ1BuM3AzbVk2cjZnbHlYYi8rZWFYYTQ2N3NOWThNWnBWZGw1bVFKVgpuOEdRN3FYaklaa2pCU2E5YzZZQThxOFRLVHlJbEcvTDE1OFVSaFRqZldNSC9nandaem1oSmVkL0N6Lzg1Y2V4CmxRbDdsTi9SMjRUYjN3VTE2M21FeW5oR1JXNUt3cWNVNW9FQm1uOS9ZazhoaWJraTZoSTY0QWhsQW9HQkFNNngKcVBabi9uaHY4dSttT2U3Y3pTVjVMc3dmTTNTU3NuZlhnUVJXN3J6a2hrZnJRWjJlWHpFQ21oVk8vdUpWb01iVApoQS9tUXRYRzVuMk9QMndmSk1LVUNiVVZ2ZTJYNUQxU1VGYk03dWVHU3JlWExXdXJzaHdnN1p6VlpxVDYzUEJSCmpUa1FFNHJ1a1ZFSzNNMFVQOUlNVndzYURqMjgrY01RZk5ORmh0VmhBb0dBQ1Q5cStDUjRUendncHhPOTJFQjAKVUEyYURzYTlmRldBVHBkUDdqdld6MEM2RUVtc0E4bXFDVmR0cHYvcWkzd251dU9mbXVJWVU0cC9teHQzdnBKVwp1V08wa1NCYzVzQXI1THp5dmQ0ZXFSMUtHUUNJMjc0aWNMeXUxcHVKSUE2VDlRZXB5dSsrR3poWGRDc0VIZ0VPCkNrRThVckJMMDhMckRncUVKWEwwZzMwQ2dZQm0welVtR0FnZExEd2tBb0xSbEtDdDRzSm9JNkY2ZmJ3eEtGRnoKc2pla1d0OStpY2VqdlBUSU1lNHJhWmdkU3RIbjk3TzhJU1hncWNsaWJ0Q1lYa253VHFzaG5nWlZXM25kRThVSgoyWHVFVEdlQk84RUp6bW1WMnIrNmhPTkNjZFpWNjR3ZzlpRnl2VW9ua2dyVUx4MnN4aHpMVmhQOW5MUjMyUXp3CklhZDVJUUtCZ1FEWHBhU25seGcrbzMyV0FHd0dzQXhxNUNXK3JFcE84UENEbytSZWU2dmNGN25JZi95NHNSUHUKNDFpcFo2WHhZcHdnUkQ3em5aano5QWVWaEc4aUFBQUJORlUxSkZUaVhpZ1BEWi8wOFlFMHRnQ1ZiL0VPV2ZxVAptS0NBTUgrSjJZWUlwb3NLL3dyQmRXQ1RiUHYvYUI3RkVraFFLeGVJTXYxd0trd2tSaU5BQ0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
       - AUTH_DIGEST_CREDENTIALS=user:pwd
 
   e2e-integration:
     build: ../e2e/integration
     depends_on: 
-      - authoring
-      - api
+      - gateway
       - publishing
+    links:
+      - gateway:api
+      - gateway:authoring
     environment:
       - API_URL=http://api
-      - AUTHORING_URL=http://authoring:3000
-      - PUBLISHING_URL=http://publishing:3000
-      - GIT_PRIVATE_KEY_INLINE=eWFybiBydW4gdjEuMy4yCiQgZG9ja2VyLWNvbXBvc2UgLWYgLi9kZXBsb3ltZW50cy9kZXYvZG9ja2VyLWNvbXBvc2UueW1sIC1mIC4vZGVwbG95bWVudHMvZGV2L2RvY2tlci1jb21wb3NlLm92ZXJyaWRlLnltbCBleGVjIHB1Ymxpc2hpbmcgY2F0IC90bXAvc3NoX3NlcnZlcgotLS0tLUJFR0lOIFJTQSBQUklWQVRFIEtFWS0tLS0tDQpNSUlFcEFJQkFBS0NBUUVBeE1JdjB3QW9NTkhzc1J6OUhvanM2eUNla2w5RHI5RUt1WjUwZ3QveHk4Wk9DelFKDQplblhvbm9TeHJVK0U2a0tNUFpxVzhJUFVoN0doL0pIbTFGV3MxZVR3YTNaMStVRUZraTNROWVERklQVE8zNW5hDQpxVjBwVXJZMndLTFRXbjNzN3ZkaGNBU09YdnVqc3lxdm9sQ1BrRXFyQVV1SVFXZzV3RzBKRHVweG4vMHRSSW9xDQpPT0gxNmlmeFpZcjdEQzQvQkp2Z0g2anRrdTVuNVhNTDhBaXVnd3B3bFNTU0c4dnVldXZabW53VWRKZ3FPM0RVDQpITHVTcEZwUXUySjZGeXY4ZFVhWVQxVnRxWDloeExpSG1HRVJLaEwrNWtQRzRkMTNCb2Q1VFhWZG82eHhmQ1BhDQpoaFVuemxkTWVzQTBiL1ZhUThBaVFoa29DY1FpYk9hclU3MDNSUUlEQVFBQkFvSUJBUUNaak5ZWHU3S2h6dUlCDQpvcGJpNG9iS1JDMmNHMTVPY2p3RmVlU0JVbFYzNnExelRzdnExdU9QK2d4VExaQ1Q1UlZlNmlyTFRvWm8wemFRDQpUaWl2SXFGOFYydE00aWpWT1dvb2x6clE5L1cvYjIyVzBKSDF4RytBVGhWU3BuOTh5bk5DVnFxaTZkdFZ3dG9RDQo4OG9YU1BtUTZNU2xnUlczdmFmOFJOdGgyWktOQUg5N1k4cGpWTVgvcUxMMW5aOTVicW9yUklMUnp6S0dKanFHDQplN0VpeFQ0a0JaemxHWUF5a1dVeFFZZzBkdTlnQjc1U1o2MHNwZzVUQlh5a3RXdzVIWG1ZWlMvSHdCOVRKbG1XDQpUanlWdE9lVmxqT0ZiOFZnSHBNd3d1Mk1vcjdWUEFQd2dEWHVxRk1XdkZ6cVViSGNVS3JXMGdCSExqWFNQbVM2DQowTDFJM2NXQkFvR0JBUE94eXFKZnhyelVDUG4zcDNtWTZyNmdseVhiLytlYVhhNDY3c05ZOE1acFZkbDVtUUpWDQpuOEdRN3FYaklaa2pCU2E5YzZZQThxOFRLVHlJbEcvTDE1OFVSaFRqZldNSC9nandaem1oSmVkL0N6Lzg1Y2V4DQpsUWw3bE4vUjI0VGIzd1UxNjNtRXluaEdSVzVLd3FjVTVvRUJtbjkvWWs4aGlia2k2aEk2NEFobEFvR0JBTTZ4DQpxUFpuL25odjh1K21PZTdjelNWNUxzd2ZNM1NTc25mWGdRUlc3cnpraGtmclFaMmVYekVDbWhWTy91SlZvTWJUDQpoQS9tUXRYRzVuMk9QMndmSk1LVUNiVVZ2ZTJYNUQxU1VGYk03dWVHU3JlWExXdXJzaHdnN1p6VlpxVDYzUEJSDQpqVGtRRTRydWtWRUszTTBVUDlJTVZ3c2FEajI4K2NNUWZOTkZodFZoQW9HQUNUOXErQ1I0VHp3Z3B4TzkyRUIwDQpVQTJhRHNhOWZGV0FUcGRQN2p2V3owQzZFRW1zQThtcUNWZHRwdi9xaTN3bnV1T2ZtdUlZVTRwL214dDN2cEpXDQp1V08wa1NCYzVzQXI1THp5dmQ0ZXFSMUtHUUNJMjc0aWNMeXUxcHVKSUE2VDlRZXB5dSsrR3poWGRDc0VIZ0VPDQpDa0U4VXJCTDA4THJEZ3FFSlhMMGczMENnWUJtMHpVbUdBZ2RMRHdrQW9MUmxLQ3Q0c0pvSTZGNmZid3hLRkZ6DQpzamVrV3Q5K2ljZWp2UFRJTWU0cmFaZ2RTdEhuOTdPOElTWGdxY2xpYnRDWVhrbndUcXNobmdaVlczbmRFOFVKDQoyWHVFVEdlQk84RUp6bW1WMnIrNmhPTkNjZFpWNjR3ZzlpRnl2VW9ua2dyVUx4MnN4aHpMVmhQOW5MUjMyUXp3DQpJYWQ1SVFLQmdRRFhwYVNubHhnK28zMldBR3dHc0F4cTVDVytyRXBPOFBDRG8rUmVlNnZjRjduSWYveTRzUlB1DQo0MWlwWjZYeFlwd2dSRDd6blpqejlBZVZoRzhpQUFBQk5GVTFKRlRpWGlnUERaLzA4WUUwdGdDVmIvRU9XZnFUDQptS0NBTUgrSjJZWUlwb3NLL3dyQmRXQ1RiUHYvYUI3RkVraFFLeGVJTXYxd0trd2tSaU5BQ0E9PQ0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCkRvbmUgaW4gMC42NHMuCg
+      - AUTHORING_URL=http://authoring
+      - PUBLISHING_URL=http://publishing
+      - GATEWAY_URL=http://gateway
+      - GIT_PRIVATE_KEY_INLINE=LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeE1JdjB3QW9NTkhzc1J6OUhvanM2eUNla2w5RHI5RUt1WjUwZ3QveHk4Wk9DelFKCmVuWG9ub1N4clUrRTZrS01QWnFXOElQVWg3R2gvSkhtMUZXczFlVHdhM1oxK1VFRmtpM1E5ZURGSVBUTzM1bmEKcVYwcFVyWTJ3S0xUV24zczd2ZGhjQVNPWHZ1anN5cXZvbENQa0VxckFVdUlRV2c1d0cwSkR1cHhuLzB0UklvcQpPT0gxNmlmeFpZcjdEQzQvQkp2Z0g2anRrdTVuNVhNTDhBaXVnd3B3bFNTU0c4dnVldXZabW53VWRKZ3FPM0RVCkhMdVNwRnBRdTJKNkZ5djhkVWFZVDFWdHFYOWh4TGlIbUdFUktoTCs1a1BHNGQxM0JvZDVUWFZkbzZ4eGZDUGEKaGhVbnpsZE1lc0EwYi9WYVE4QWlRaGtvQ2NRaWJPYXJVNzAzUlFJREFRQUJBb0lCQVFDWmpOWVh1N0toenVJQgpvcGJpNG9iS1JDMmNHMTVPY2p3RmVlU0JVbFYzNnExelRzdnExdU9QK2d4VExaQ1Q1UlZlNmlyTFRvWm8wemFRClRpaXZJcUY4VjJ0TTRpalZPV29vbHpyUTkvVy9iMjJXMEpIMXhHK0FUaFZTcG45OHluTkNWcXFpNmR0Vnd0b1EKODhvWFNQbVE2TVNsZ1JXM3ZhZjhSTnRoMlpLTkFIOTdZOHBqVk1YL3FMTDFuWjk1YnFvclJJTFJ6ektHSmpxRwplN0VpeFQ0a0JaemxHWUF5a1dVeFFZZzBkdTlnQjc1U1o2MHNwZzVUQlh5a3RXdzVIWG1ZWlMvSHdCOVRKbG1XClRqeVZ0T2VWbGpPRmI4VmdIcE13d3UyTW9yN1ZQQVB3Z0RYdXFGTVd2RnpxVWJIY1VLclcwZ0JITGpYU1BtUzYKMEwxSTNjV0JBb0dCQVBPeHlxSmZ4cnpVQ1BuM3AzbVk2cjZnbHlYYi8rZWFYYTQ2N3NOWThNWnBWZGw1bVFKVgpuOEdRN3FYaklaa2pCU2E5YzZZQThxOFRLVHlJbEcvTDE1OFVSaFRqZldNSC9nandaem1oSmVkL0N6Lzg1Y2V4CmxRbDdsTi9SMjRUYjN3VTE2M21FeW5oR1JXNUt3cWNVNW9FQm1uOS9ZazhoaWJraTZoSTY0QWhsQW9HQkFNNngKcVBabi9uaHY4dSttT2U3Y3pTVjVMc3dmTTNTU3NuZlhnUVJXN3J6a2hrZnJRWjJlWHpFQ21oVk8vdUpWb01iVApoQS9tUXRYRzVuMk9QMndmSk1LVUNiVVZ2ZTJYNUQxU1VGYk03dWVHU3JlWExXdXJzaHdnN1p6VlpxVDYzUEJSCmpUa1FFNHJ1a1ZFSzNNMFVQOUlNVndzYURqMjgrY01RZk5ORmh0VmhBb0dBQ1Q5cStDUjRUendncHhPOTJFQjAKVUEyYURzYTlmRldBVHBkUDdqdld6MEM2RUVtc0E4bXFDVmR0cHYvcWkzd251dU9mbXVJWVU0cC9teHQzdnBKVwp1V08wa1NCYzVzQXI1THp5dmQ0ZXFSMUtHUUNJMjc0aWNMeXUxcHVKSUE2VDlRZXB5dSsrR3poWGRDc0VIZ0VPCkNrRThVckJMMDhMckRncUVKWEwwZzMwQ2dZQm0welVtR0FnZExEd2tBb0xSbEtDdDRzSm9JNkY2ZmJ3eEtGRnoKc2pla1d0OStpY2VqdlBUSU1lNHJhWmdkU3RIbjk3TzhJU1hncWNsaWJ0Q1lYa253VHFzaG5nWlZXM25kRThVSgoyWHVFVEdlQk84RUp6bW1WMnIrNmhPTkNjZFpWNjR3ZzlpRnl2VW9ua2dyVUx4MnN4aHpMVmhQOW5MUjMyUXp3CklhZDVJUUtCZ1FEWHBhU25seGcrbzMyV0FHd0dzQXhxNUNXK3JFcE84UENEbytSZWU2dmNGN25JZi95NHNSUHUKNDFpcFo2WHhZcHdnUkQ3em5aano5QWVWaEc4aUFBQUJORlUxSkZUaVhpZ1BEWi8wOFlFMHRnQ1ZiL0VPV2ZxVAptS0NBTUgrSjJZWUlwb3NLL3dyQmRXQ1RiUHYvYUI3RkVraFFLeGVJTXYxd0trd2tSaU5BQ0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
+      - MINIO_HOST=minio
+      - MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
+      - MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+      - MINIO_PORT=9000
+      - MINIO_BUCKET=tweek
+
+  oidc-server-mock:
+    logging:
+      driver: "json-file"
+    ports: 
+      - "5011:80"