feat: credential offer endpoint and keycloak plugin wip (#935)

Signed-off-by: Pat Losoponkul <[email protected]>

examples/.nickel/agent.ncl

@@ -0,0 +1,132 @@
+let DbConfig = {
+  host
+    | String,
+  port
+    | Number
+    | default
+    = 5432,
+  dbName
+    | String,
+  user
+    | String,
+  password
+    | String,
+}
+in
+let NodeConfig = {
+  host
+    | String,
+  port
+    | Number
+    | default
+    = 50053
+}
+in
+let KeycloakConfig = {
+  url
+    | String,
+  realmName
+    | String,
+  clientId
+    | String,
+  clientSecret
+    | String
+}
+in
+let VaultConfig = {
+  url
+    | String,
+  token
+    | String,
+}
+in
+let AgentServiceArgs = {
+  version
+    | String,
+  polluxDb
+    | DbConfig,
+  connectDb
+    | DbConfig,
+  agentDb
+    | DbConfig,
+  node
+    | NodeConfig,
+  didcommServiceUrl
+    | String,
+  restServiceUrl
+    | String,
+  apikeyEnabled
+    | Bool,
+  keycloak
+    | KeycloakConfig
+    | optional,
+  vault
+    | VaultConfig
+    | optional,
+  bootstrapContainer
+    | String
+    | doc "The container that agent must wait to complete before starting"
+    | optional
+}
+in
+{
+  makeAgentService | AgentServiceArgs -> _ = fun args =>
+      {
+        image = "ghcr.io/input-output-hk/prism-agent:%{args.version}",
+        restart = "always",
+        environment =
+          {
+            POLLUX_DB_HOST = args.polluxDb.host,
+            POLLUX_DB_PORT = std.to_string args.polluxDb.port,
+            POLLUX_DB_NAME = args.polluxDb.dbName,
+            POLLUX_DB_USER = args.polluxDb.user,
+            POLLUX_DB_PASSWORD = args.polluxDb.password,
+            CONNECT_DB_HOST = args.connectDb.host,
+            CONNECT_DB_PORT = std.to_string args.connectDb.port,
+            CONNECT_DB_NAME = args.connectDb.dbName,
+            CONNECT_DB_USER = args.connectDb.user,
+            CONNECT_DB_PASSWORD = args.connectDb.password,
+            AGENT_DB_HOST = args.agentDb.host,
+            AGENT_DB_PORT = std.to_string args.agentDb.port,
+            AGENT_DB_NAME = args.agentDb.dbName,
+            AGENT_DB_USER = args.agentDb.user,
+            AGENT_DB_PASSWORD = args.agentDb.password,
+            DIDCOMM_SERVICE_URL = args.didcommServiceUrl,
+            REST_SERVICE_URL = args.restServiceUrl,
+            PRISM_NODE_HOST = args.node.host,
+            PRISM_NODE_PORT = std.to_string args.node.port,
+            ADMIN_TOKEN = "admin",
+            API_KEY_ENABLED = std.to_string args.apikeyEnabled,
+          }
+          & (
+            if args |> std.record.has_field "keycloak" then
+              {
+                KEYCLOAK_ENABLED = "true",
+                KEYCLOAK_URL = args.keycloak.url,
+                KEYCLOAK_REALM = args.keycloak.realmName,
+                KEYCLOAK_CLIENT_ID = args.keycloak.clientId,
+                KEYCLOAK_CLIENT_SECRET = args.keycloak.clientSecret
+              }
+            else
+              {}
+          )
+          & (
+            if args |> std.record.has_field "vault" then
+              {
+                SECRET_STORAGE_BACKEND = "vault",
+                VAULT_ADDR = args.vault.url,
+                VAULT_TOKEN = args.vault.token
+              }
+            else
+              { SECRET_STORAGE_BACKEND = "postgres" }
+          ),
+        depends_on =
+          { "%{args.node.host}" = { condition = "service_started" } }
+          & (
+            if args |> std.record.has_field "bootstrapContainer" then
+              { "%{args.bootstrapContainer}" = { condition = "service_completed_successfully" } }
+            else
+              {}
+          )
+      }
+}

examples/.nickel/bootstrap.ncl

@@ -0,0 +1,18 @@
+let HurlBootstrapServiceArgs = {
+  version | String,
+  hurlDir | String,
+  variables
+    | { _ : String }
+    | default
+    = {}
+}
+in
+{
+  makeHurlBootstrapService | HurlBootstrapServiceArgs -> _ = fun args =>
+      {
+        image = "ghcr.io/orange-opensource/hurl:%{args.version}",
+        volumes = ["%{args.hurlDir}:/hurl"],
+        command = ["--glob", "/hurl/*.hurl", "--test"],
+        environment = args.variables,
+      }
+}

examples/.nickel/build.sh

@@ -0,0 +1,10 @@
+find . -name "*.ncl" | xargs -I _ nickel format _
+
+nickel export ./root.ncl -f yaml --field st > ../st/compose.yaml
+nickel export ./root.ncl -f yaml --field st-vault > ../st-vault/compose.yaml
+nickel export ./root.ncl -f yaml --field st-multi > ../st-multi/compose.yaml
+nickel export ./root.ncl -f yaml --field st-oidc4vc > ../st-oidc4vc/compose.yaml
+
+nickel export ./root.ncl -f yaml --field mt > ../mt/compose.yaml
+nickel export ./root.ncl -f yaml --field mt-keycloak > ../mt-keycloak/compose.yaml
+nickel export ./root.ncl -f yaml --field mt-keycloak-vault > ../mt-keycloak-vault/compose.yaml

examples/.nickel/caddy.ncl

@@ -0,0 +1,52 @@
+let CaddyServiceArgs = {
+  version
+    | String,
+  hostPort
+    | Number,
+  name
+    | String
+    | default
+    = "default",
+  agent
+    | { host | String, restPort | Number, didcommPort | Number },
+  keycloak
+    | { host | String, port | Number },
+  vault
+    | { host | String, port | Number },
+}
+in
+{
+  makeCaddyConfig | CaddyServiceArgs -> _ = fun args =>
+      {
+        "caddyfile_%{args.name}" = {
+          content = m%"
+              :%{std.to_string args.hostPort} {
+                handle_path /didcomm* {
+                  reverse_proxy %{args.agent.host}:%{std.to_string args.agent.didcommPort}
+                }
+                handle_path /prism-agent* {
+                  reverse_proxy %{args.agent.host}:%{std.to_string args.agent.restPort}
+                }
+                handle_path /keycloak* {
+                  reverse_proxy %{args.keycloak.host}:%{std.to_string args.keycloak.port}
+                }
+                handle_path /vault* {
+                  reverse_proxy %{args.vault.host}:%{std.to_string args.vault.port}
+                }
+              }
+            "%
+        }
+      },
+  makeCaddyService | CaddyServiceArgs -> _ = fun args =>
+      {
+        image = "caddy:%{args.version}",
+        restart = "always",
+        configs = [
+          {
+            source = "caddyfile_%{args.name}",
+            target = "/etc/caddy/Caddyfile"
+          }
+        ],
+        ports = ["%{std.to_string args.hostPort}:%{std.to_string args.hostPort}"],
+      }
+}

examples/.nickel/db.ncl

@@ -0,0 +1,32 @@
+let DbServiceArgs = {
+  version
+    | String,
+  databases
+    | String,
+  volumeName
+    | String
+}
+in
+{
+  makeDbService | DbServiceArgs -> _ = fun args =>
+      {
+        image = "postgres:%{args.version}",
+        restart = "always",
+        environment = {
+          POSTGRES_MULTIPLE_DATABASES = args.databases,
+          POSTGRES_USER = "postgres",
+          POSTGRES_PASSWORD = "postgres",
+        },
+        volumes = [
+          "%{args.volumeName}:/var/lib/postgresql/data",
+          "../.shared/postgres/init-script.sh:/docker-entrypoint-initdb.d/init-script.sh",
+          "../.shared/postgres/max_conns.sql:/docker-entrypoint-initdb.d/max_conns.sql",
+        ],
+        healthcheck = {
+          test = ["CMD", "pg_isready", "-U", "postgres", "-d", "postgres"],
+          interval = "10s",
+          timeout = "5s",
+          retries = 5
+        }
+      }
+}

examples/.nickel/keycloak.ncl

@@ -0,0 +1,34 @@
+let KeycloakServiceArgs = {
+  hostname
+    | String
+    | default
+    = "localhost",
+  hostnamePath
+    | String
+    | default
+    = "/keycloak",
+  hostnamePort
+    | Number
+}
+in
+{
+  makeKeycloakService
+    | KeycloakServiceArgs
+    & { version | String } -> _
+    = fun args =>
+      {
+        image = "quay.io/keycloak/keycloak:%{args.version}",
+        restart = "always",
+        environment = {
+          KEYCLOAK_ADMIN = "admin",
+          KEYCLOAK_ADMIN_PASSWORD = "admin",
+        },
+        command = [
+          "start-dev",
+          "--features=preview",
+          "--health-enabled=true",
+          "--hostname-url=http://%{args.hostname}:%{std.to_string args.hostnamePort}%{args.hostnamePath}",
+          "--hostname-admin-url=http://%{args.hostname}:%{std.to_string args.hostnamePort}%{args.hostnamePath}",
+        ]
+      }
+}

examples/.nickel/node.ncl

@@ -0,0 +1,40 @@
+let DbConfig = {
+  host
+    | String,
+  port
+    | Number
+    | default
+    = 5432,
+  dbName
+    | String,
+  user
+    | String,
+  password
+    | String,
+}
+in
+let NodeServiceArgs = {
+  version
+    | String,
+  db
+    | DbConfig,
+}
+in
+{
+  makeNodeService | NodeServiceArgs -> _ = fun args =>
+      {
+        image = "ghcr.io/input-output-hk/prism-node:%{args.version}",
+        restart = "always",
+        environment = {
+          NODE_PSQL_HOST = "%{args.db.host}:%{std.to_string args.db.port}",
+          NODE_PSQL_DATABASE = args.db.dbName,
+          NODE_PSQL_USERNAME = args.db.user,
+          NODE_PSQL_PASSWORD = args.db.password,
+        },
+        depends_on = {
+          "%{args.db.host}" = {
+            condition = "service_healthy"
+          }
+        }
+      }
+}

examples/.nickel/root.ncl

@@ -0,0 +1,43 @@
+let stack = import "./stack.ncl"
+in
+{
+  st =
+    stack.makeAgentStack { name = "issuer", port = 8080 },
+
+  st-vault =
+    stack.makeAgentStack { name = "issuer", port = 8080, vault.hostPort = 8200 },
+
+  st-multi =
+    (stack.makeAgentStack { name = "issuer", port = 8080 })
+    & (stack.makeAgentStack { name = "holder", port = 8081 })
+    & (stack.makeAgentStack { name = "verifier", port = 8082 }),
+
+  st-oidc4vc =
+    (stack.makeAgentStack { name = "issuer", port = 8080 })
+    & (stack.makeMockServerStack { port = 5000 })
+    & (
+      stack.makeIssuerKeycloakStack
+        {
+          name = "issuer",
+          port = 9980,
+          realm = "students",
+          build = "../../extensions/keycloak-oidc4vc",
+          extraEnvs = { IDENTUS_URL = "http://caddy-issuer:8080/prism-agent" }
+        }
+    ),
+
+  mt =
+    stack.makeAgentStack { name = "default", port = 8080, apikeyEnabled = true },
+
+  mt-keycloak =
+    stack.makeAgentStack { name = "default", port = 8080, keycloakEnabled = true },
+
+  mt-keycloak-vault =
+    stack.makeAgentStack
+      {
+        name = "default",
+        port = 8080,
+        keycloakEnabled = true,
+        vault.hostPort = 8200,
+      },
+}