Skip to content

Commit

Permalink
feat: credential offer endpoint and keycloak plugin wip (#935)
Browse files Browse the repository at this point in the history
Signed-off-by: Pat Losoponkul <[email protected]>
  • Loading branch information
patlo-iog authored Mar 19, 2024
1 parent ef37646 commit bd8e0a0
Show file tree
Hide file tree
Showing 67 changed files with 3,770 additions and 17,255 deletions.
4 changes: 2 additions & 2 deletions build.sbt
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ lazy val V = new {
val typesafeConfig = "1.4.2"
val protobuf = "3.1.9"
val testContainersScala = "0.41.0"
val testContainersJavaKeycloak = "3.0.0" // scala-steward:off
val testContainersJavaKeycloak = "3.2.0" // scala-steward:off

val doobie = "1.0.0-RC2"
val quill = "4.7.3"
Expand All @@ -90,7 +90,7 @@ lazy val V = new {
val micrometer = "1.11.2"

val nimbusJwt = "10.0.0"
val keycloak = "22.0.4" // scala-steward:off
val keycloak = "23.0.7" // scala-steward:off

}

Expand Down
132 changes: 132 additions & 0 deletions examples/.nickel/agent.ncl
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
let DbConfig = {
host
| String,
port
| Number
| default
= 5432,
dbName
| String,
user
| String,
password
| String,
}
in
let NodeConfig = {
host
| String,
port
| Number
| default
= 50053
}
in
let KeycloakConfig = {
url
| String,
realmName
| String,
clientId
| String,
clientSecret
| String
}
in
let VaultConfig = {
url
| String,
token
| String,
}
in
let AgentServiceArgs = {
version
| String,
polluxDb
| DbConfig,
connectDb
| DbConfig,
agentDb
| DbConfig,
node
| NodeConfig,
didcommServiceUrl
| String,
restServiceUrl
| String,
apikeyEnabled
| Bool,
keycloak
| KeycloakConfig
| optional,
vault
| VaultConfig
| optional,
bootstrapContainer
| String
| doc "The container that agent must wait to complete before starting"
| optional
}
in
{
makeAgentService | AgentServiceArgs -> _ = fun args =>
{
image = "ghcr.io/input-output-hk/prism-agent:%{args.version}",
restart = "always",
environment =
{
POLLUX_DB_HOST = args.polluxDb.host,
POLLUX_DB_PORT = std.to_string args.polluxDb.port,
POLLUX_DB_NAME = args.polluxDb.dbName,
POLLUX_DB_USER = args.polluxDb.user,
POLLUX_DB_PASSWORD = args.polluxDb.password,
CONNECT_DB_HOST = args.connectDb.host,
CONNECT_DB_PORT = std.to_string args.connectDb.port,
CONNECT_DB_NAME = args.connectDb.dbName,
CONNECT_DB_USER = args.connectDb.user,
CONNECT_DB_PASSWORD = args.connectDb.password,
AGENT_DB_HOST = args.agentDb.host,
AGENT_DB_PORT = std.to_string args.agentDb.port,
AGENT_DB_NAME = args.agentDb.dbName,
AGENT_DB_USER = args.agentDb.user,
AGENT_DB_PASSWORD = args.agentDb.password,
DIDCOMM_SERVICE_URL = args.didcommServiceUrl,
REST_SERVICE_URL = args.restServiceUrl,
PRISM_NODE_HOST = args.node.host,
PRISM_NODE_PORT = std.to_string args.node.port,
ADMIN_TOKEN = "admin",
API_KEY_ENABLED = std.to_string args.apikeyEnabled,
}
& (
if args |> std.record.has_field "keycloak" then
{
KEYCLOAK_ENABLED = "true",
KEYCLOAK_URL = args.keycloak.url,
KEYCLOAK_REALM = args.keycloak.realmName,
KEYCLOAK_CLIENT_ID = args.keycloak.clientId,
KEYCLOAK_CLIENT_SECRET = args.keycloak.clientSecret
}
else
{}
)
& (
if args |> std.record.has_field "vault" then
{
SECRET_STORAGE_BACKEND = "vault",
VAULT_ADDR = args.vault.url,
VAULT_TOKEN = args.vault.token
}
else
{ SECRET_STORAGE_BACKEND = "postgres" }
),
depends_on =
{ "%{args.node.host}" = { condition = "service_started" } }
& (
if args |> std.record.has_field "bootstrapContainer" then
{ "%{args.bootstrapContainer}" = { condition = "service_completed_successfully" } }
else
{}
)
}
}
18 changes: 18 additions & 0 deletions examples/.nickel/bootstrap.ncl
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
let HurlBootstrapServiceArgs = {
version | String,
hurlDir | String,
variables
| { _ : String }
| default
= {}
}
in
{
makeHurlBootstrapService | HurlBootstrapServiceArgs -> _ = fun args =>
{
image = "ghcr.io/orange-opensource/hurl:%{args.version}",
volumes = ["%{args.hurlDir}:/hurl"],
command = ["--glob", "/hurl/*.hurl", "--test"],
environment = args.variables,
}
}
10 changes: 10 additions & 0 deletions examples/.nickel/build.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
find . -name "*.ncl" | xargs -I _ nickel format _

nickel export ./root.ncl -f yaml --field st > ../st/compose.yaml
nickel export ./root.ncl -f yaml --field st-vault > ../st-vault/compose.yaml
nickel export ./root.ncl -f yaml --field st-multi > ../st-multi/compose.yaml
nickel export ./root.ncl -f yaml --field st-oidc4vc > ../st-oidc4vc/compose.yaml

nickel export ./root.ncl -f yaml --field mt > ../mt/compose.yaml
nickel export ./root.ncl -f yaml --field mt-keycloak > ../mt-keycloak/compose.yaml
nickel export ./root.ncl -f yaml --field mt-keycloak-vault > ../mt-keycloak-vault/compose.yaml
52 changes: 52 additions & 0 deletions examples/.nickel/caddy.ncl
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
let CaddyServiceArgs = {
version
| String,
hostPort
| Number,
name
| String
| default
= "default",
agent
| { host | String, restPort | Number, didcommPort | Number },
keycloak
| { host | String, port | Number },
vault
| { host | String, port | Number },
}
in
{
makeCaddyConfig | CaddyServiceArgs -> _ = fun args =>
{
"caddyfile_%{args.name}" = {
content = m%"
:%{std.to_string args.hostPort} {
handle_path /didcomm* {
reverse_proxy %{args.agent.host}:%{std.to_string args.agent.didcommPort}
}
handle_path /prism-agent* {
reverse_proxy %{args.agent.host}:%{std.to_string args.agent.restPort}
}
handle_path /keycloak* {
reverse_proxy %{args.keycloak.host}:%{std.to_string args.keycloak.port}
}
handle_path /vault* {
reverse_proxy %{args.vault.host}:%{std.to_string args.vault.port}
}
}
"%
}
},
makeCaddyService | CaddyServiceArgs -> _ = fun args =>
{
image = "caddy:%{args.version}",
restart = "always",
configs = [
{
source = "caddyfile_%{args.name}",
target = "/etc/caddy/Caddyfile"
}
],
ports = ["%{std.to_string args.hostPort}:%{std.to_string args.hostPort}"],
}
}
32 changes: 32 additions & 0 deletions examples/.nickel/db.ncl
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
let DbServiceArgs = {
version
| String,
databases
| String,
volumeName
| String
}
in
{
makeDbService | DbServiceArgs -> _ = fun args =>
{
image = "postgres:%{args.version}",
restart = "always",
environment = {
POSTGRES_MULTIPLE_DATABASES = args.databases,
POSTGRES_USER = "postgres",
POSTGRES_PASSWORD = "postgres",
},
volumes = [
"%{args.volumeName}:/var/lib/postgresql/data",
"../.shared/postgres/init-script.sh:/docker-entrypoint-initdb.d/init-script.sh",
"../.shared/postgres/max_conns.sql:/docker-entrypoint-initdb.d/max_conns.sql",
],
healthcheck = {
test = ["CMD", "pg_isready", "-U", "postgres", "-d", "postgres"],
interval = "10s",
timeout = "5s",
retries = 5
}
}
}
34 changes: 34 additions & 0 deletions examples/.nickel/keycloak.ncl
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
let KeycloakServiceArgs = {
hostname
| String
| default
= "localhost",
hostnamePath
| String
| default
= "/keycloak",
hostnamePort
| Number
}
in
{
makeKeycloakService
| KeycloakServiceArgs
& { version | String } -> _
= fun args =>
{
image = "quay.io/keycloak/keycloak:%{args.version}",
restart = "always",
environment = {
KEYCLOAK_ADMIN = "admin",
KEYCLOAK_ADMIN_PASSWORD = "admin",
},
command = [
"start-dev",
"--features=preview",
"--health-enabled=true",
"--hostname-url=http://%{args.hostname}:%{std.to_string args.hostnamePort}%{args.hostnamePath}",
"--hostname-admin-url=http://%{args.hostname}:%{std.to_string args.hostnamePort}%{args.hostnamePath}",
]
}
}
40 changes: 40 additions & 0 deletions examples/.nickel/node.ncl
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
let DbConfig = {
host
| String,
port
| Number
| default
= 5432,
dbName
| String,
user
| String,
password
| String,
}
in
let NodeServiceArgs = {
version
| String,
db
| DbConfig,
}
in
{
makeNodeService | NodeServiceArgs -> _ = fun args =>
{
image = "ghcr.io/input-output-hk/prism-node:%{args.version}",
restart = "always",
environment = {
NODE_PSQL_HOST = "%{args.db.host}:%{std.to_string args.db.port}",
NODE_PSQL_DATABASE = args.db.dbName,
NODE_PSQL_USERNAME = args.db.user,
NODE_PSQL_PASSWORD = args.db.password,
},
depends_on = {
"%{args.db.host}" = {
condition = "service_healthy"
}
}
}
}
43 changes: 43 additions & 0 deletions examples/.nickel/root.ncl
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
let stack = import "./stack.ncl"
in
{
st =
stack.makeAgentStack { name = "issuer", port = 8080 },

st-vault =
stack.makeAgentStack { name = "issuer", port = 8080, vault.hostPort = 8200 },

st-multi =
(stack.makeAgentStack { name = "issuer", port = 8080 })
& (stack.makeAgentStack { name = "holder", port = 8081 })
& (stack.makeAgentStack { name = "verifier", port = 8082 }),

st-oidc4vc =
(stack.makeAgentStack { name = "issuer", port = 8080 })
& (stack.makeMockServerStack { port = 5000 })
& (
stack.makeIssuerKeycloakStack
{
name = "issuer",
port = 9980,
realm = "students",
build = "../../extensions/keycloak-oidc4vc",
extraEnvs = { IDENTUS_URL = "http://caddy-issuer:8080/prism-agent" }
}
),

mt =
stack.makeAgentStack { name = "default", port = 8080, apikeyEnabled = true },

mt-keycloak =
stack.makeAgentStack { name = "default", port = 8080, keycloakEnabled = true },

mt-keycloak-vault =
stack.makeAgentStack
{
name = "default",
port = 8080,
keycloakEnabled = true,
vault.hostPort = 8200,
},
}
Loading

0 comments on commit bd8e0a0

Please sign in to comment.