Skip to content
Snippets Groups Projects
Commit 8a47f21f authored by Berend Sliedrecht's avatar Berend Sliedrecht
Browse files

formatted code and updated dependencies within the ssi-abstraction 


Signed-off-by: default avatarBerend Sliedrecht <sliedrecht@berend.io>
parent 86ae62f7
No related branches found
No related tags found
2 merge requests!9feat(ssi): Establish a trusted connection with yourself,!8Project house-keeping, refactoring and reorganizing
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 1775 additions and 2003 deletions
.gitlab-ci.yml
+ 2
2
View file @ 8a47f21f
include:
- project: '${HELPERS_PATH}'
file: '${HELPERS_FILE}'
- project: "${HELPERS_PATH}"
file: "${HELPERS_FILE}"
stages:
- lint
......
README.md
+ 4
4
View file @ 8a47f21f
# ocm-engine version 1
#### Dependencies
Node 12
Python 2.5.0 >= <3.0.0
pnpm
pnpm
### Setup local
......@@ -13,13 +14,12 @@ pnpm
app options: attestation, connection, principal, ssi
### Docker compose
### Docker compose
1. Go to compose dir
1. Go to compose dir
2. docker-compose up
## Example Flows (OCM Usage)
Please refer to [OCM-flow-overview](documentation/ocm-flow-overview.md)
apps/attestation-manager/GDPR.md
+ 11
1
View file @ 8a47f21f
# GDPR Compliance Document
The objective of this document is to detail, the data being stored and proccessed by the Organization Credential Manager's, Attestation Manger.
## What information is stored
### Source User Information
The Open Id connect claims that MAY contain all sorts of personal data (like email, name, age and others), are received from any external source.
### Technical User Information (Public)
......@@ -15,18 +18,25 @@ The Open Id connect claims that MAY contain all sorts of personal data (like ema
- Offered credential attributes and attachments
## How is the information stored
### Source User Information
Source User Information is encrypted using the Private Key of the Organizations SSI Agent and stored until the issuance of credential in Organization's SSI Agent's PostgreSQL database.
### Technical User Information (Public)
Technical User Information is encrypted using the Private Key of the Organizations SSI Agent and stored internally (on the agent) on PostgreSQL and externally/ metadata (shared between the OCM services) on PostgreSQL of Organization.
## Who can access the information
The Source User Information and Technical User Information both are accessible only by the Organization specific SSI agent's private key.
## How long will the information stay
## How long will the information stay
### Source User Information
The Source User Information is wiped out once the credential is issued.
### Technical User Information (Public)
The Technical User Information is wiped out according to the retention periods (not defined yet).
apps/attestation-manager/README.md
+ 26
11
View file @ 8a47f21f
# OCM Attestation Manager
## Description
<hr/>
The Attestation Manager is the microservice responsible for handling the features related to Issuance of Credentials. It handles REST endpoints for Schemas, Credential Definitions and Verifiable Credentials.
## Usage
<hr/>
### Swagger Documentation:
### Swagger Documentation:
[Swagger/OpenAPI](swagger.json)
## Installation
<hr/>
### Pre-requisite
* pnpm
* docker
* docker-compose
* PostgreSQL
- pnpm
- docker
- docker-compose
- PostgreSQL
### OCM Services Dependencies
* SSI Abstraction
* Connection Manager
- SSI Abstraction
- Connection Manager
## Running the app
......@@ -40,29 +43,36 @@ The Attestation Manager is the microservice responsible for handling the feature
./deployment/dev
```
* (optional) Edit docker-compose.yml in "infrastructure" to use either **/ci/** or **/dev/** Dockerfiles.
- (optional) Edit docker-compose.yml in "infrastructure" to use either **/ci/** or **/dev/** Dockerfiles.
- Run while in **"infrastructure"** project:
* Run while in **"infrastructure"** project:
```bash
$ docker-compose up --build attestation-m
```
to run only Attestation Manager or
```bash
$ docker-compose up --build
```
to run all the services.
## Build
```
pnpm build
```
## Run
```
pnpm start
```
### Environment Variables Required
```
1. PORT
2. DATABASE_URL
......@@ -72,16 +82,19 @@ pnpm start
```
### Outgoing communication services
```
1. SSI Abstraction
```
### Incomming communication services
```
1. Principal Manager
```
### Features supported
```
1. Create Schema
2. Create Credential Definition
......@@ -90,8 +103,8 @@ pnpm start
5. Accept Credential
```
## Test
<hr/>
```bash
......@@ -105,18 +118,20 @@ $ pnpm test:e2e
$ pnpm test:cov
```
## GDPR
<hr/>
[GDPR](GDPR.md)
## Dependencies
<hr/>
[Dependencies](package.json)
## License
<hr/>
[Apache 2.0 license](LICENSE)
apps/attestation-manager/deployment/helm/Chart.yaml
+ 1
1
View file @ 8a47f21f
......@@ -3,4 +3,4 @@ appVersion: v1.0.4-rc
description: attestation-manager deployment
name: attestation-manager
version: 1.0.4
icon: "https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg"
icon: 'https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg'
apps/attestation-manager/deployment/helm/README.md
+ 58
57
View file @ 8a47f21f
......@@ -6,62 +6,63 @@ attestation-manager deployment
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| attestationManager.acceptMembershipCredentialsConfig | string | `"AUTO"` | |
| attestationManager.agent.host | string | `"ssi-abstraction"` | |
| attestationManager.agent.port | int | `3010` | |
| attestationManager.agent.protocol | string | `"http"` | |
| attestationManager.database.db | string | `"ocm_attestation_manager"` | |
| attestationManager.database.host | string | `"postgresql-postgresql-ha-postgresql.infra"` | |
| attestationManager.database.password | string | `"ocm_attestation_manager"` | |
| attestationManager.database.port | int | `5432` | |
| attestationManager.database.schema | string | `"attestation"` | |
| attestationManager.database.user | string | `"ocm_attestation_manager"` | |
| attestationManager.elastic.port | int | `9200` | |
| attestationManager.elastic.protocol | string | `"http"` | |
| attestationManager.elastic.url | string | `"elasticsearch"` | |
| attestationManager.nats.port | int | `4222` | |
| attestationManager.nats.protocol | string | `"nats"` | |
| attestationManager.nats.url | string | `"nats"` | |
| attestationManager.url.attestationManager | string | `"https://gaiax.vereign.com/ocm/attestation"` | |
| attestationManager.url.connectionManager | string | `"https://gaiax.vereign.com/ocm/connection"` | |
| attestationManager.url.tsa | string | `"https://gaiax.vereign.com/tsa/policy/policy/example"` | |
| autoscaling.enabled | bool | `false` | Enable autoscaling |
| autoscaling.maxReplicas | int | `3` | Maximum replicas |
| autoscaling.minReplicas | int | `1` | Minimum replicas |
| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
| image.name | string | `"gaiax/attestation-manager"` | Image name |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` | |
| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` | |
| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | |
| ingress.enabled | bool | `true` | |
| ingress.frontendDomain | string | `"gaiax.vereign.com"` | |
| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` | |
| ingress.tlsEnabled | bool | `true` | |
| log.encoding | string | `"json"` | |
| log.level | string | `"INFO"` | |
| metrics.enabled | bool | `true` | Enable prometheus metrics |
| metrics.port | int | `2112` | Port for prometheus metrics |
| name | string | `"ssi-abstraction"` | Application name |
| nameOverride | string | `""` | Ovverwrites application name |
| podAnnotations | object | `{}` | |
| replicaCount | int | `1` | Default number of instances to start |
| resources.limits.cpu | string | `"150m"` | |
| resources.limits.memory | string | `"128Mi"` | |
| resources.requests.cpu | string | `"25m"` | |
| resources.requests.memory | string | `"64Mi"` | |
| security.runAsGid | int | `0` | Group used by the apps |
| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
| security.runAsUid | int | `0` | User used by the apps |
| service.port | int | `3005` | |
| Key | Type | Default | Description |
| ----------------------------------------------------------------- | ------ | ------------------------------------------------------- | -------------------------------------------------------------- |
| attestationManager.acceptMembershipCredentialsConfig | string | `"AUTO"` | |
| attestationManager.agent.host | string | `"ssi-abstraction"` | |
| attestationManager.agent.port | int | `3010` | |
| attestationManager.agent.protocol | string | `"http"` | |
| attestationManager.database.db | string | `"ocm_attestation_manager"` | |
| attestationManager.database.host | string | `"postgresql-postgresql-ha-postgresql.infra"` | |
| attestationManager.database.password | string | `"ocm_attestation_manager"` | |
| attestationManager.database.port | int | `5432` | |
| attestationManager.database.schema | string | `"attestation"` | |
| attestationManager.database.user | string | `"ocm_attestation_manager"` | |
| attestationManager.elastic.port | int | `9200` | |
| attestationManager.elastic.protocol | string | `"http"` | |
| attestationManager.elastic.url | string | `"elasticsearch"` | |
| attestationManager.nats.port | int | `4222` | |
| attestationManager.nats.protocol | string | `"nats"` | |
| attestationManager.nats.url | string | `"nats"` | |
| attestationManager.url.attestationManager | string | `"https://gaiax.vereign.com/ocm/attestation"` | |
| attestationManager.url.connectionManager | string | `"https://gaiax.vereign.com/ocm/connection"` | |
| attestationManager.url.tsa | string | `"https://gaiax.vereign.com/tsa/policy/policy/example"` | |
| autoscaling.enabled | bool | `false` | Enable autoscaling |
| autoscaling.maxReplicas | int | `3` | Maximum replicas |
| autoscaling.minReplicas | int | `1` | Minimum replicas |
| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
| image.name | string | `"gaiax/attestation-manager"` | Image name |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` | |
| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` | |
| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | |
| ingress.enabled | bool | `true` | |
| ingress.frontendDomain | string | `"gaiax.vereign.com"` | |
| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` | |
| ingress.tlsEnabled | bool | `true` | |
| log.encoding | string | `"json"` | |
| log.level | string | `"INFO"` | |
| metrics.enabled | bool | `true` | Enable prometheus metrics |
| metrics.port | int | `2112` | Port for prometheus metrics |
| name | string | `"ssi-abstraction"` | Application name |
| nameOverride | string | `""` | Ovverwrites application name |
| podAnnotations | object | `{}` | |
| replicaCount | int | `1` | Default number of instances to start |
| resources.limits.cpu | string | `"150m"` | |
| resources.limits.memory | string | `"128Mi"` | |
| resources.requests.cpu | string | `"25m"` | |
| resources.requests.memory | string | `"64Mi"` | |
| security.runAsGid | int | `0` | Group used by the apps |
| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
| security.runAsUid | int | `0` | User used by the apps |
| service.port | int | `3005` | |
---
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
apps/attestation-manager/deployment/helm/templates/service.yaml
+ 7
10
View file @ 8a47f21f
apiVersion: v1
kind: Service
metadata:
name: {{ template "app.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "app.labels" . | nindent 4 }}
name: { { template "app.name" . } }
namespace: { { .Release.Namespace } }
labels: { { - include "app.labels" . | nindent 4 } }
spec:
clusterIP: None
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.port }}
selector:
{{- include "app.selectorLabels" . | nindent 4 }}
- name: http
port: { { .Values.service.port } }
targetPort: { { .Values.service.port } }
selector: { { - include "app.selectorLabels" . | nindent 4 } }
apps/attestation-manager/deployment/helm/values-override.yaml
+ 33
33
View file @ 8a47f21f
image:
repository: registry.gitlab.com/gaia-x/data-infrastructure-federation-services/ocm
# -- Image name
name: attestation-manager
repository: registry.gitlab.com/gaia-x/data-infrastructure-federation-services/ocm
# -- Image name
name: attestation-manager
attestationManager:
url:
tsa: https://tsa.gxfs.dev/policy/policy/example
connectionManager: https://ocm.gxfs.dev/connection
attestationManager: https://ocm.gxfs.dev/attestation
database:
host: vereign-database1-postgres.gxfs-vereign
user: ENC[AES256_GCM,data:mk+oOKURENM=,iv:COwKJMsdTq5rk0L6bgooO2ZfTUlc1s16KWfPOGlJ1lo=,tag:5OXJ6l8DCvOUhinh922IAw==,type:str]
password: ENC[AES256_GCM,data:2DRvp3NP2KWDABEjRFqlfVPwtxsooDJW357jmJ7KEFURlubs3DGbce+5wLLhG8XbpdFZhCFEoNZivREa4LwhIw==,iv:3hqOlGqAT5/g52nSnqa8/ydUprOtWThT4lcoysmy11Q=,tag:0ZWS2zf5/huwhq9KO2HjoQ==,type:str]
db: vereign-database1-postgres
url:
tsa: https://tsa.gxfs.dev/policy/policy/example
connectionManager: https://ocm.gxfs.dev/connection
attestationManager: https://ocm.gxfs.dev/attestation
database:
host: vereign-database1-postgres.gxfs-vereign
user: ENC[AES256_GCM,data:mk+oOKURENM=,iv:COwKJMsdTq5rk0L6bgooO2ZfTUlc1s16KWfPOGlJ1lo=,tag:5OXJ6l8DCvOUhinh922IAw==,type:str]
password: ENC[AES256_GCM,data:2DRvp3NP2KWDABEjRFqlfVPwtxsooDJW357jmJ7KEFURlubs3DGbce+5wLLhG8XbpdFZhCFEoNZivREa4LwhIw==,iv:3hqOlGqAT5/g52nSnqa8/ydUprOtWThT4lcoysmy11Q=,tag:0ZWS2zf5/huwhq9KO2HjoQ==,type:str]
db: vereign-database1-postgres
ingress:
frontendDomain: ocm.gxfs.dev
frontendTlsSecretName: wildcard-gxfs-dev
frontendDomain: ocm.gxfs.dev
frontendTlsSecretName: wildcard-gxfs-dev
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1nrk70nevtmrcgzjunsed43ar6dk3e06qt7tryqqprj9axv4e0djqa0n0cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySXY3dzljdWdyamFLNkFW
WHNqeGY3Q09WNnd2blJiTDhhVzdKQ0hjalgwCjR3RGZMdHFyM1lhQXdhcnN5SVE0
NnBwMzlVY2xwTzFQNE5VR3QybnpLb28KLS0tIHU4QVZZRWViNlVKQzg0YVBQWVI5
S3J1amdkVGhBUzhHOEJmWThSbVFNdm8KsBA7cO4f2Zmym8SoIXAzNw0uxaxfDWg9
ryyxpwCjSQD2kuOw9epK/J7DpCkpAmipQSNvmU5ZiNnq9VzdQ8WGEA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-04T11:06:04Z"
mac: ENC[AES256_GCM,data:MdbVIQyR5s4efjMB1MIiOJZOueS0R1F4xvoaHEUoWaQ/bIWa3Km/CBijCI4+zqM54tZ3Zs+kMLK0FdHd+TpSujY2Jg6U8JqRHnA4cUEcr1el5pnhqo3lLiSmZXhGJaO9mlPoE/IVDdlrDXgRwexnznvyJn5RUpK1KdTsAU02wBI=,iv:EdCTlV7CDJikksz0HoiShKhKCO6LsOGsTk6GQalw6QA=,tag:QCbYT1Wr3KwcgmR70Qxlvg==,type:str]
pgp: []
encrypted_regex: ^(password|user)$
version: 3.7.3
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1nrk70nevtmrcgzjunsed43ar6dk3e06qt7tryqqprj9axv4e0djqa0n0cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySXY3dzljdWdyamFLNkFW
WHNqeGY3Q09WNnd2blJiTDhhVzdKQ0hjalgwCjR3RGZMdHFyM1lhQXdhcnN5SVE0
NnBwMzlVY2xwTzFQNE5VR3QybnpLb28KLS0tIHU4QVZZRWViNlVKQzg0YVBQWVI5
S3J1amdkVGhBUzhHOEJmWThSbVFNdm8KsBA7cO4f2Zmym8SoIXAzNw0uxaxfDWg9
ryyxpwCjSQD2kuOw9epK/J7DpCkpAmipQSNvmU5ZiNnq9VzdQ8WGEA==
-----END AGE ENCRYPTED FILE-----
lastmodified: '2022-08-04T11:06:04Z'
mac: ENC[AES256_GCM,data:MdbVIQyR5s4efjMB1MIiOJZOueS0R1F4xvoaHEUoWaQ/bIWa3Km/CBijCI4+zqM54tZ3Zs+kMLK0FdHd+TpSujY2Jg6U8JqRHnA4cUEcr1el5pnhqo3lLiSmZXhGJaO9mlPoE/IVDdlrDXgRwexnznvyJn5RUpK1KdTsAU02wBI=,iv:EdCTlV7CDJikksz0HoiShKhKCO6LsOGsTk6GQalw6QA=,tag:QCbYT1Wr3KwcgmR70Qxlvg==,type:str]
pgp: []
encrypted_regex: ^(password|user)$
version: 3.7.3
apps/attestation-manager/deployment/helm/values.yaml
+ 5
6
View file @ 8a47f21f
# -- Default number of instances to start
# -- Default number of instances to start
replicaCount: 1
# -- Application name
name: ssi-abstraction
# -- Ovverwrites application name
nameOverride: ""
nameOverride: ''
image:
repository: eu.gcr.io/vrgn-infra-prj
......@@ -11,16 +11,15 @@ image:
name: gaiax/attestation-manager
# -- Image tag
# Uses .Chart.AppVersion if empty
tag: ""
tag: ''
# -- Image sha, usually generated by the CI
# Uses image.tag if empty
sha: ""
sha: ''
# -- Image pull policy
pullPolicy: IfNotPresent
# -- Image pull secret when internal image is used
pullSecrets: deployment-key-light
podAnnotations: {}
##
## Pass extra environment variables to the container.
......@@ -67,7 +66,7 @@ metrics:
port: 2112
log:
level: "INFO"
level: 'INFO'
encoding: json
##
......
apps/attestation-manager/setup.js
+ 2
2
View file @ 8a47f21f
process.env.PORT=3005
process.env.NODE_ENV='development'
\ No newline at end of file
process.env.PORT = 3005;
process.env.NODE_ENV = 'development';
apps/attestation-manager/swagger.json
+ 27
88
View file @ 8a47f21f
......@@ -142,9 +142,7 @@
}
}
},
"tags": [
"Schemas"
]
"tags": ["Schemas"]
},
"post": {
"operationId": "SchemasController_createSchema",
......@@ -251,9 +249,7 @@
}
}
},
"tags": [
"Schemas"
]
"tags": ["Schemas"]
}
},
"/v1/schemas/{id}": {
......@@ -348,9 +344,7 @@
}
}
},
"tags": [
"Schemas"
]
"tags": ["Schemas"]
}
},
"/v1/schemas/get-dids-for-schema/{id}": {
......@@ -383,9 +377,7 @@
"total_credential_defs": 1,
"principalDids": [
{
"loremIpsumCredDef": [
"1234did"
]
"loremIpsumCredDef": ["1234did"]
}
]
}
......@@ -429,9 +421,7 @@
}
}
},
"tags": [
"Schemas"
]
"tags": ["Schemas"]
}
},
"/v1/create-offer-credential": {
......@@ -569,9 +559,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/create-propose-credential": {
......@@ -692,9 +680,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/accept-request/{credentialId}": {
......@@ -708,9 +694,7 @@
"description": ""
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/accept-proposal/{credentialId}": {
......@@ -724,9 +708,7 @@
"description": ""
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/accept-offer/{credentialId}": {
......@@ -740,9 +722,7 @@
"description": ""
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/accept-credential/{credentialId}": {
......@@ -756,9 +736,7 @@
"description": ""
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/credential-info/{id}": {
......@@ -799,9 +777,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/delete-credential/{id}": {
......@@ -844,9 +820,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/credential": {
......@@ -1008,9 +982,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/credential/{id}": {
......@@ -1082,9 +1054,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/updateSchemaIdByType": {
......@@ -1166,9 +1136,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/credentialType": {
......@@ -1227,9 +1195,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
},
"get": {
"operationId": "AttestationController_getCredentialTypeAttributes",
......@@ -1304,9 +1270,7 @@
}
}
},
"tags": [
"Credentials"
]
"tags": ["Credentials"]
}
},
"/v1/credentialDef": {
......@@ -1416,9 +1380,7 @@
}
}
},
"tags": [
"Credential Definitions"
]
"tags": ["Credential Definitions"]
},
"post": {
"operationId": "CredentialDefController_createCredentialDef",
......@@ -1515,9 +1477,7 @@
}
}
},
"tags": [
"Credential Definitions"
]
"tags": ["Credential Definitions"]
}
},
"/v1/credentialDef/{id}": {
......@@ -1605,9 +1565,7 @@
}
}
},
"tags": [
"Credential Definitions"
]
"tags": ["Credential Definitions"]
}
},
"/v1/userInfo": {
......@@ -1631,9 +1589,7 @@
"description": ""
}
},
"tags": [
"userInfo (to be deprecated)"
]
"tags": ["userInfo (to be deprecated)"]
}
}
},
......@@ -1669,12 +1625,7 @@
"type": "string"
}
},
"required": [
"name",
"createdBy",
"version",
"attributes"
]
"required": ["name", "createdBy", "version", "attributes"]
},
"CredentialPreviewAttributes": {
"type": "object",
......@@ -1686,10 +1637,7 @@
"type": "string"
}
},
"required": [
"name",
"value"
]
"required": ["name", "value"]
},
"OfferCredentialDto": {
"type": "object",
......@@ -1755,9 +1703,7 @@
"type": "string"
}
},
"required": [
"schemaId"
]
"required": ["schemaId"]
},
"CredentialTypeDto": {
"type": "object",
......@@ -1769,10 +1715,7 @@
"type": "string"
}
},
"required": [
"type",
"schemaId"
]
"required": ["type", "schemaId"]
},
"CredentialDefDto": {
"type": "object",
......@@ -1822,11 +1765,7 @@
"properties": {}
}
},
"required": [
"connectionId",
"autoAcceptCredential",
"userInfo"
]
"required": ["connectionId", "autoAcceptCredential", "userInfo"]
}
}
}
......
apps/connection-manager/GDPR.md
+ 8
1
View file @ 8a47f21f
# GDPR Compliance Document
The objective of this document is to detail, the data being stored and proccessed by the Organization Credential Manager's, Connection Manger.
## What information is stored
### Source User Information
The email id received from the user.
### Technical User Information (Public)
- DID of the OCM agent
- DID of the other participant in the connection
- Connection Status
......@@ -14,10 +18,13 @@ The email id received from the user.
- Holder email as well as wallet name is stored in DB
## How is the information stored
The Source User Information and Technical User Information is encrypted using the Private Key of the Organizations SSI Agent and stored internally (on the agent) on PostgreSQL and externally/ metadata (shared between the OCM services) on PostgreSQL of Organization.
## Who can access the information
The Source User Information and Technical User Information both are accessible only by the Organization specific SSI agent's private key.
## How long will the information stay
## How long will the information stay
The Source User Information and Technical User Information is wiped out according to the retention periods (not defined yet).
apps/connection-manager/README.md
+ 29
19
View file @ 8a47f21f
# OCM Connection Manager
## Description
<hr/>
The connection manager is the microservice responsible for handling the features related to connection between aries agents.
The service implements REST endpoints, events and calls to other services related to connections in the Organizational Credential Manager.
#### Security note
`Man in the mid` security concern will be address in Phase II of of the project. It was discussed multiple times, and one of the options is to use [TRAIN API](https://train.trust-scheme.de/info/) .
`Man in the mid` security concern will be address in Phase II of of the project. It was discussed multiple times, and one of the options is to use [TRAIN API](https://train.trust-scheme.de/info/) .
## Usage
<hr/>
<hr/>
### Swagger Documentation:
### Swagger Documentation:
[Swagger/OpenAPI](swagger.json)
## Installation
<hr/>
<hr/>
### Pre-requisites
* pnpm
* docker
* docker-compose
* postgres
* NATS Server
- pnpm
- docker
- docker-compose
- postgres
- NATS Server
### OCM Services Dependencies
* SSI Abstraction
* Principal Manager
* Attestation Manager
* Proof Manager
- SSI Abstraction
- Principal Manager
- Attestation Manager
- Proof Manager
## Running the app
<hr/>
<hr/>
**Each service in the Organizational Credential Manager can be run from the infrastructure repository with Docker.**
......@@ -52,20 +53,24 @@ The service implements REST endpoints, events and calls to other services relate
./deployment/dev
```
* (optional) Edit docker-compose.yml in "infrastructure" to use either **/ci/** or **/dev/** Dockerfiles.
- (optional) Edit docker-compose.yml in "infrastructure" to use either **/ci/** or **/dev/** Dockerfiles.
- Run while in **"infrastructure"** project:
* Run while in **"infrastructure"** project:
```bash
$ docker-compose up --build conn-m
```
to run only Connection Manager or
```bash
$ docker-compose up --build
```
to run all the services.
to run all the services.
### Environment variables required
```
1. PORT
2. DATABASE_URL
......@@ -74,6 +79,7 @@ to run all the services.
```
### Outgoing communication services
```
1. PRINCIPAL MANAGER
2. ATTESTATION MANAGER
......@@ -81,6 +87,7 @@ to run all the services.
```
### Incoming communication services
```
1. SSI-ABSTRACTION
2. PROOF MANAGER
......@@ -88,6 +95,7 @@ to run all the services.
```
### Supported features
```
1. Nats endpoint to update connection status
2. Create invitation URL.
......@@ -99,6 +107,7 @@ to run all the services.
```
## Test
<hr/>
```bash
......@@ -113,18 +122,19 @@ $ pnpm test:cov
```
## GDPR
<hr/>
[GDPR](GDPR.md)
## Dependencies
<hr/>
[Dependencies](package.json)
## License
<hr/>
[Apache 2.0 license](LICENSE)
apps/connection-manager/deployment/helm/Chart.yaml
+ 1
1
View file @ 8a47f21f
......@@ -3,4 +3,4 @@ appVersion: v1.0.7-rc
description: connection-manager deployment
name: connection-manager
version: 1.0.7
icon: "https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg"
icon: 'https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg'
apps/connection-manager/deployment/helm/README.md
+ 55
54
View file @ 8a47f21f
......@@ -6,59 +6,60 @@ connection-manager deployment
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| autoscaling.enabled | bool | `false` | Enable autoscaling |
| autoscaling.maxReplicas | int | `3` | Maximum replicas |
| autoscaling.minReplicas | int | `1` | Minimum replicas |
| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
| connectionManager.agent.host | string | `"ssi-abstraction"` | |
| connectionManager.agent.port | int | `3010` | |
| connectionManager.agent.protocol | string | `"http"` | |
| connectionManager.database.db | string | `"ocm_connection_manager"` | |
| connectionManager.database.host | string | `"postgresql-postgresql-ha-postgresql.infra"` | |
| connectionManager.database.password | string | `"ocm_connection_manager"` | |
| connectionManager.database.port | int | `5432` | |
| connectionManager.database.schema | string | `"connection"` | |
| connectionManager.database.user | string | `"ocm_connection_manager"` | |
| connectionManager.elastic.port | int | `9200` | |
| connectionManager.elastic.protocol | string | `"http"` | |
| connectionManager.elastic.url | string | `"elasticsearch"` | |
| connectionManager.nats.port | int | `4222` | |
| connectionManager.nats.protocol | string | `"nats"` | |
| connectionManager.nats.url | string | `"nats"` | |
| image.name | string | `"gaiax/connection-manager"` | Image name |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` | |
| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` | |
| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | |
| ingress.enabled | bool | `true` | |
| ingress.frontendDomain | string | `"gaiax.vereign.com"` | |
| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` | |
| ingress.pathOverride | string | `""` | |
| ingress.tlsEnabled | bool | `true` | |
| log.encoding | string | `"json"` | |
| log.level | string | `"INFO"` | |
| metrics.enabled | bool | `true` | Enable prometheus metrics |
| metrics.port | int | `2112` | Port for prometheus metrics |
| name | string | `"connection-manager"` | Application name |
| nameOverride | string | `""` | Ovverwrites application name |
| podAnnotations | object | `{}` | |
| replicaCount | int | `1` | Default number of instances to start |
| resources.limits.cpu | string | `"150m"` | |
| resources.limits.memory | string | `"128Mi"` | |
| resources.requests.cpu | string | `"25m"` | |
| resources.requests.memory | string | `"64Mi"` | |
| security.runAsGid | int | `0` | Group used by the apps |
| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
| security.runAsUid | int | `0` | User used by the apps |
| service.port | int | `3003` | |
| Key | Type | Default | Description |
| ----------------------------------------------------------------- | ------ | --------------------------------------------- | -------------------------------------------------------------- |
| autoscaling.enabled | bool | `false` | Enable autoscaling |
| autoscaling.maxReplicas | int | `3` | Maximum replicas |
| autoscaling.minReplicas | int | `1` | Minimum replicas |
| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
| connectionManager.agent.host | string | `"ssi-abstraction"` | |
| connectionManager.agent.port | int | `3010` | |
| connectionManager.agent.protocol | string | `"http"` | |
| connectionManager.database.db | string | `"ocm_connection_manager"` | |
| connectionManager.database.host | string | `"postgresql-postgresql-ha-postgresql.infra"` | |
| connectionManager.database.password | string | `"ocm_connection_manager"` | |
| connectionManager.database.port | int | `5432` | |
| connectionManager.database.schema | string | `"connection"` | |
| connectionManager.database.user | string | `"ocm_connection_manager"` | |
| connectionManager.elastic.port | int | `9200` | |
| connectionManager.elastic.protocol | string | `"http"` | |
| connectionManager.elastic.url | string | `"elasticsearch"` | |
| connectionManager.nats.port | int | `4222` | |
| connectionManager.nats.protocol | string | `"nats"` | |
| connectionManager.nats.url | string | `"nats"` | |
| image.name | string | `"gaiax/connection-manager"` | Image name |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` | |
| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` | |
| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` | |
| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | |
| ingress.enabled | bool | `true` | |
| ingress.frontendDomain | string | `"gaiax.vereign.com"` | |
| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` | |
| ingress.pathOverride | string | `""` | |
| ingress.tlsEnabled | bool | `true` | |
| log.encoding | string | `"json"` | |
| log.level | string | `"INFO"` | |
| metrics.enabled | bool | `true` | Enable prometheus metrics |
| metrics.port | int | `2112` | Port for prometheus metrics |
| name | string | `"connection-manager"` | Application name |
| nameOverride | string | `""` | Ovverwrites application name |
| podAnnotations | object | `{}` | |
| replicaCount | int | `1` | Default number of instances to start |
| resources.limits.cpu | string | `"150m"` | |
| resources.limits.memory | string | `"128Mi"` | |
| resources.requests.cpu | string | `"25m"` | |
| resources.requests.memory | string | `"64Mi"` | |
| security.runAsGid | int | `0` | Group used by the apps |
| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
| security.runAsUid | int | `0` | User used by the apps |
| service.port | int | `3003` | |
---
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
apps/connection-manager/deployment/helm/templates/service.yaml
+ 7
10
View file @ 8a47f21f
apiVersion: v1
kind: Service
metadata:
name: {{ template "app.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "app.labels" . | nindent 4 }}
name: { { template "app.name" . } }
namespace: { { .Release.Namespace } }
labels: { { - include "app.labels" . | nindent 4 } }
spec:
clusterIP: None
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.port }}
selector:
{{- include "app.selectorLabels" . | nindent 4 }}
- name: http
port: { { .Values.service.port } }
targetPort: { { .Values.service.port } }
selector: { { - include "app.selectorLabels" . | nindent 4 } }
apps/connection-manager/deployment/helm/values-override.yaml
+ 34
34
View file @ 8a47f21f
image:
repository: registry.gitlab.com/gaia-x/data-infrastructure-federation-services/ocm
# -- Image name
name: connection-manager
repository: registry.gitlab.com/gaia-x/data-infrastructure-federation-services/ocm
# -- Image name
name: connection-manager
connectionManager:
database:
host: vereign-database1-postgres.gxfs-vereign
user: ENC[AES256_GCM,data:f+UtjwOUiyM=,iv:X/7E+GBmxxVdphMTChhhrCjT/01cLFwh62vhJApJkWA=,tag:oM0vFH3KSpFTBjeRi40oJA==,type:str]
password: ENC[AES256_GCM,data:iHEwZCuABQy0RMrDGeq3QEL874JgbQWC+7WQ49TW62Ynh/isVvo0kv8FR/rXRrUks3IlTIGWncj+JnIDQkODMg==,iv:4Lza3vwWDJPTPPYwgmTvrnMLrkQBYa5mnrn9HbQd2oQ=,tag:s6f9IVyJMdqu2NXtt0tuQg==,type:str]
db: vereign-database1-postgres
database:
host: vereign-database1-postgres.gxfs-vereign
user: ENC[AES256_GCM,data:f+UtjwOUiyM=,iv:X/7E+GBmxxVdphMTChhhrCjT/01cLFwh62vhJApJkWA=,tag:oM0vFH3KSpFTBjeRi40oJA==,type:str]
password: ENC[AES256_GCM,data:iHEwZCuABQy0RMrDGeq3QEL874JgbQWC+7WQ49TW62Ynh/isVvo0kv8FR/rXRrUks3IlTIGWncj+JnIDQkODMg==,iv:4Lza3vwWDJPTPPYwgmTvrnMLrkQBYa5mnrn9HbQd2oQ=,tag:s6f9IVyJMdqu2NXtt0tuQg==,type:str]
db: vereign-database1-postgres
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
tlsEnabled: true
frontendDomain: ocm.gxfs.dev
frontendTlsSecretName: wildcard-gxfs-dev
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
tlsEnabled: true
frontendDomain: ocm.gxfs.dev
frontendTlsSecretName: wildcard-gxfs-dev
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1nrk70nevtmrcgzjunsed43ar6dk3e06qt7tryqqprj9axv4e0djqa0n0cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVHQvUk4xOXBHZjBhT0ly
R1pVeUVtU09mYmppb2hucktLeUx2bGtsUXhJCkdUKzQ5TlNCbzFBTWV4L3REMFlR
bS9nWUxWZ3JERW81QWtCQXJxU3Uzd3MKLS0tIDdmZXdGemdjYzZ5QU11QVVtYnBz
WUROeFJTV0cxYnA4MTREcVlVYkhSZmMKDqEoHpnkE6AbTn1RHDn0G6u3XmeCSaTk
smByqqxfWePRPIul8VTlKnDNN68iQuK7Xxmj3RV7LTSj60XwdeIKuQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-03T14:42:58Z"
mac: ENC[AES256_GCM,data:arq9lpFfu4WBPXPiaIgT/tdRQcBv15SB2sgaD9GBlTL+dVxAuZcDiWTykzWaxpvExf8aGv3flGCMYkQlil1u1YGdlIk7TfUHa+elta/US1QVYCJznChdV4UCSLm8PRh4sg9DWRFgrtxfs6IKhEOq17DwpGc1hVAFjNjUHgvPCFg=,iv:+GvCbcxPBJkzZu5TIZ7oGtCsSa8Fl9Qt6mGi6If2wds=,tag:8Lka/tG40HYjR7Uhn9jyig==,type:str]
pgp: []
encrypted_regex: ^(password|user)$
version: 3.7.3
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1nrk70nevtmrcgzjunsed43ar6dk3e06qt7tryqqprj9axv4e0djqa0n0cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVHQvUk4xOXBHZjBhT0ly
R1pVeUVtU09mYmppb2hucktLeUx2bGtsUXhJCkdUKzQ5TlNCbzFBTWV4L3REMFlR
bS9nWUxWZ3JERW81QWtCQXJxU3Uzd3MKLS0tIDdmZXdGemdjYzZ5QU11QVVtYnBz
WUROeFJTV0cxYnA4MTREcVlVYkhSZmMKDqEoHpnkE6AbTn1RHDn0G6u3XmeCSaTk
smByqqxfWePRPIul8VTlKnDNN68iQuK7Xxmj3RV7LTSj60XwdeIKuQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: '2022-08-03T14:42:58Z'
mac: ENC[AES256_GCM,data:arq9lpFfu4WBPXPiaIgT/tdRQcBv15SB2sgaD9GBlTL+dVxAuZcDiWTykzWaxpvExf8aGv3flGCMYkQlil1u1YGdlIk7TfUHa+elta/US1QVYCJznChdV4UCSLm8PRh4sg9DWRFgrtxfs6IKhEOq17DwpGc1hVAFjNjUHgvPCFg=,iv:+GvCbcxPBJkzZu5TIZ7oGtCsSa8Fl9Qt6mGi6If2wds=,tag:8Lka/tG40HYjR7Uhn9jyig==,type:str]
pgp: []
encrypted_regex: ^(password|user)$
version: 3.7.3
apps/connection-manager/deployment/helm/values.yaml
+ 6
7
View file @ 8a47f21f
# -- Default number of instances to start
# -- Default number of instances to start
replicaCount: 1
# -- Application name
name: connection-manager
# -- Ovverwrites application name
nameOverride: ""
nameOverride: ''
image:
repository: eu.gcr.io/vrgn-infra-prj
......@@ -11,16 +11,15 @@ image:
name: gaiax/connection-manager
# -- Image tag
# Uses .Chart.AppVersion if empty
tag: ""
tag: ''
# -- Image sha, usually generated by the CI
# Uses image.tag if empty
sha: ""
sha: ''
# -- Image pull policy
pullPolicy: IfNotPresent
# -- Image pull secret when internal image is used
pullSecrets: deployment-key-light
podAnnotations: {}
##
## Pass extra environment variables to the container.
......@@ -67,7 +66,7 @@ metrics:
port: 2112
log:
level: "INFO"
level: 'INFO'
encoding: json
##
......@@ -114,4 +113,4 @@ ingress:
tlsEnabled: true
frontendDomain: gaiax.vereign.com
frontendTlsSecretName: cert-manager-tls
pathOverride: ""
\ No newline at end of file
pathOverride: ''
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent