feat: Enable gRPC mTLS in Docker (applies transitively to system tests)

Docker/centralserver/Dockerfile

@@ -25,6 +25,11 @@ ARG REPO=https://artifactory.niis.org/xroad-snapshot-deb
 ARG REPO_KEY=https://artifactory.niis.org/api/gpg/key/public
 ARG COMPONENT=main
 
+# Add X-Road dependencies repo
+ADD ["https://artifactory.niis.org/api/gpg/key/public","/tmp/deps-repokey.gpg"]
+RUN echo "deb https://artifactory.niis.org/xroad-dependencies-deb xroad external" >/etc/apt/sources.list.d/xroad-deps.list \
+  && && apt-key add '/tmp/deps-repokey.gpg' \
+
 ADD ["$REPO_KEY","/tmp/repokey.gpg"]
 ADD ["${REPO}/dists/${DIST}/Release","/tmp/Release"]
 RUN echo "deb $REPO $DIST $COMPONENT" >/etc/apt/sources.list.d/xroad.list \
@@ -42,6 +47,11 @@ RUN echo "deb $REPO $DIST $COMPONENT" >/etc/apt/sources.list.d/xroad.list \
 #Xroad CS from internal packages
 FROM base AS centralserver-internal
 
+# Add X-Road dependencies repo
+ADD ["https://artifactory.niis.org/api/gpg/key/public","/tmp/deps-repokey.gpg"]
+RUN echo "deb https://artifactory.niis.org/xroad-dependencies-deb xroad external" >/etc/apt/sources.list.d/xroad-deps.list \
+  && apt-key add '/tmp/deps-repokey.gpg'
+
 RUN --mount=type=bind,source=build/packages,target=/tmp/packages \
    cp -r /tmp/packages /tmp/repo \
   && cd /tmp/repo && dpkg-scanpackages -m . > Packages \

Docker/centralserver/files/cs-xroad.conf

@@ -14,6 +14,14 @@ command=/usr/sbin/nginx -g "daemon off;"
 autorestart=unexpected
 priority=100
 
+[program:openbao]
+command=/usr/bin/bao server -config=/etc/openbao/openbao.hcl
+autorestart=true
+
+[program:xroad-secret-store-local]
+command=/usr/share/xroad/scripts/secret-store-init.sh
+autorestart=true
+
 [program:xroad-center]
 command=/usr/share/xroad/bin/xroad-centralserver-admin-service
 user=xroad

Docker/securityserver/Dockerfile

@@ -29,6 +29,11 @@ ARG REPO=https://artifactory.niis.org/xroad-snapshot-deb
 ARG REPO_KEY=https://artifactory.niis.org/api/gpg/key/public
 ARG COMPONENT=main
 
+# Add X-Road dependencies repo
+ADD ["https://artifactory.niis.org/api/gpg/key/public","/tmp/deps-repokey.gpg"]
+RUN echo "deb https://artifactory.niis.org/xroad-dependencies-deb xroad external" >/etc/apt/sources.list.d/xroad-deps.list \
+  && apt-key add '/tmp/deps-repokey.gpg'
+
 ADD ["$REPO_KEY","/tmp/repokey.gpg"]
 ADD ["${REPO}/dists/${DIST}/Release","/tmp/Release"]
 RUN echo "deb $REPO $DIST $COMPONENT" >/etc/apt/sources.list.d/xroad.list \
@@ -46,6 +51,11 @@ RUN echo "deb $REPO $DIST $COMPONENT" >/etc/apt/sources.list.d/xroad.list \
 # Xroad SS from internal packages
 FROM base AS securityserver-internal
 
+# Add X-Road dependencies repo
+ADD ["https://artifactory.niis.org/api/gpg/key/public","/tmp/deps-repokey.gpg"]
+RUN echo "deb https://artifactory.niis.org/xroad-dependencies-deb xroad external" >/etc/apt/sources.list.d/xroad-deps.list \
+  && apt-key add '/tmp/deps-repokey.gpg'
+
 RUN --mount=type=bind,source=build/packages,target=/tmp/packages \
        cp -r /tmp/packages /tmp/repo \
     && cd /tmp/repo && dpkg-scanpackages -m . > Packages \

Docker/securityserver/files/ss-xroad.conf

@@ -6,6 +6,14 @@ stopwaitsecs=30
 autorestart=unexpected
 priority=100
 
+[program:openbao]
+command=/usr/bin/bao server -config=/etc/openbao/openbao.hcl
+autorestart=true
+
+[program:xroad-secret-store-local]
+command=/usr/share/xroad/scripts/secret-store-init.sh
+autorestart=true
+
 [program:xroad-proxy-ui-api]
 command=/usr/share/xroad/bin/xroad-proxy-ui-api
 user=xroad