Skip to content

DAPCS-1965: Changes to support multi-vault for ripple - DO NOT MERGE #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Rohitash-Karan wants to merge 1 commit into
base: main
Choose a base branch
from
Open

DAPCS-1965: Changes to support multi-vault for ripple - DO NOT MERGE #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 96 additions & 6 deletions contracts/ripple/backend/backend.yml.tftpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ services:
environment:
# This must be same as VAULT_ID below
Vault__Ids__0: ${tpl.vault_id}
Vault__Ids__1: b5c95ea1-0e12-4b2f-8426-87c572b99d09
Vault__Ids__2: 1e14abd7-9086-4196-8385-a74907fee202
Vault__Ids__3: 4a2b3c11-93c2-4b9f-affd-ff6893774b98
Vault__Ids__4: 11111111-1111-1111-1111-111111111111

# Passphrase: "{{EMPTY}}" is needed so that the bridge data is not cyphered and can be managed by OSO
Passphrase: "${tpl.passphrase}"
restart: always
Expand All @@ -15,8 +20,8 @@ services:
kmsconnect:
image: ${tpl.kmsconnect_image}
volumes:
- "./ibm.cfg:/opt/kms/cfg/ibm.cfg"
- "./cert:/data/cert:ro"
- "./ibm.cfg:/app/cfg/ibm.cfg:Z"
- "./cert:/data/cert:ro,Z"
restart: always

cold-vault:
Expand All @@ -26,14 +31,99 @@ services:
- kmsconnect
environment:
PLATFORM: kms
VAULT_BRIDGE_LOGLEVEL: 7
VAULT_CORE_LOGLEVEL: 7
VAULT_BRIDGE_LOGLEVEL: 6
VAULT_CORE_LOGLEVEL: 3
VAULT_KMS_ENDPOINT: kmsconnect:10000
VAULT_TRUSTED_SIG: pem:${tpl.notary_messaging_public_key}
VAULT_TRUSTED_SIG: ${tpl.notary_messaging_public_key}
VAULT_ID: ${tpl.vault_id}
# This comes from the docker container that is spun up above. If it's normal vault, then it would be API end point.
HARMONIZE_CORE_ENDPOINT: http://cold-bridge:8080/internal/v1
HMZ_FEATURE_OPTIONAL_MAXIMUM_FEE: 'true'
restart: always

vault-releases:
image: ${tpl.cold_vault_image}
depends_on:
- cold-bridge

environment:
PLATFORM: mock
MOCK_PHRASE: ibmosocold

# This is the notary public key if it's mock
TRUSTED_SIG: ed25519:50692dfa472f013e2f87e5d210be40cefe178e33787be4688d5da0afe06ed149
VAULT_ID: b5c95ea1-0e12-4b2f-8426-87c572b99d09

# This comes from the docker container that is spun up above. If it's normal vault, then it would be API end point.
HARMONIZE_CORE_ENDPOINT: http://cold-bridge:8080/internal/v1
restart: always

volumes:
- ./mock-cfg/vault.cfg:/opt/vault-core/cfg/vault.cfg
- ./mock-cfg/mock.cfg:/opt/vault-core/cfg/mock.cfg


vault-releases2:
image: ${tpl.cold_vault_image}
depends_on:
- cold-bridge

environment:
PLATFORM: mock
MOCK_PHRASE: ibmosocold2

# This is the notary public key if it's mock
TRUSTED_SIG: ed25519:50692dfa472f013e2f87e5d210be40cefe178e33787be4688d5da0afe06ed149
VAULT_ID: 1e14abd7-9086-4196-8385-a74907fee202
HMZ_LOG_LEVEL: "DEBUG"
HARMONIZE_CORE_ENDPOINT: http://cold-bridge:8080/internal/v1
restart: always

volumes:
- ./mock-cfg/vault.cfg:/opt/vault-core/cfg/vault.cfg
- ./mock-cfg/mock.cfg:/opt/vault-core/cfg/mock.cfg

vault-releases3:
image: ${tpl.cold_vault_image}
depends_on:
- cold-bridge

environment:
PLATFORM: mock
MOCK_PHRASE: ibmosocold4

# This is the notary public key if it's mock
TRUSTED_SIG: ed25519:50692dfa472f013e2f87e5d210be40cefe178e33787be4688d5da0afe06ed149
VAULT_ID: 4a2b3c11-93c2-4b9f-affd-ff6893774b98

# This comes from the docker container that is spun up above. If it's normal vault, then it would be API end point.
HARMONIZE_CORE_ENDPOINT: http://cold-bridge:8080/internal/v1
restart: always

volumes:
- ./mock-cfg/vault.cfg:/opt/vault-core/cfg/vault.cfg
- ./mock-cfg/mock.cfg:/opt/vault-core/cfg/mock.cfg

vault-releases4:
image: ${tpl.cold_vault_image}
depends_on:
- cold-bridge

environment:
PLATFORM: mock
MOCK_PHRASE: 22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222
VAULT_LOG_LEVEL: "DEBUG"
# This is the notary public key if it's mock
TRUSTED_SIG: ed25519:50692dfa472f013e2f87e5d210be40cefe178e33787be4688d5da0afe06ed149
VAULT_ID: 11111111-1111-1111-1111-111111111111
# This comes from the docker container that is spun up above. If it's normal vault, then it would be API end point.
HARMONIZE_CORE_ENDPOINT: http://cold-bridge:8080/internal/v1
restart: always

volumes:
- ./mock-cfg/vault.cfg:/opt/vault-core/cfg/vault.cfg
- ./mock-cfg/mock.cfg:/opt/vault-core/cfg/mock.cfg

backend-plugin:
image: ${tpl.backend_plugin_image}
depends_on:
Expand All @@ -42,7 +132,7 @@ services:
- "$${PORT}:$${PORT}"
environment:
COMPONENT: "backend_plugin"
SEED: "${tpl.seed}"
OSOENCRYPTIONPASS: "${tpl.seed}"
BACKEND_ENDPOINT: http://cold-bridge:8080
PORT: $${PORT}
BRIDGE_FINGERPRINT: $${BRIDGE_FINGERPRINT}
Expand Down
2 changes: 1 addition & 1 deletion contracts/ripple/backend/user_data_backend.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ resource "local_file" "docker_compose" {
vault_id = var.VAULT_ID,
passphrase = var.PASSPHRASE,
notary_messaging_public_key = var.NOTARY_MESSAGING_PUBLIC_KEY,
seed = var.SEED,
seed = var.OSOENCRYPTIONPASS,
enable_ep11server = var.INTERNAL_GREP11,
crypto_pass_enable = var.CRYPTO_PASSTHROUGH_ENABLEMENT,
grep11_image = var.GREP11_IMAGE,
Expand Down
3 changes: 2 additions & 1 deletion contracts/ripple/backend/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

variable "PREFIX" {
type = string
default = ""
}

variable "DEBUG" {
Expand All @@ -23,7 +24,7 @@ variable "DEBUG" {
default = false
}

variable "SEED" {
variable "OSOENCRYPTIONPASS" {
type = string
description = "Encrypt data through the iteration pipeline (should be the same value as frontend plugin)"
default = ""
Expand Down
6 changes: 4 additions & 2 deletions contracts/ripple/frontend_plugin/frontend_plugin.yml.tftpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,12 @@ services:
COMPONENT_CA_CERT: $${COMPONENT_CA_CERT}
FRONTEND_KEY: $${FRONTEND_PLUGIN_KEY}
FRONTEND_CERT: $${FRONTEND_PLUGIN_CERT}
SK: "${tpl.SK}"
HMZ_USER_SK: "${tpl.HMZ_USER_SK}"
VAULTID: "${tpl.VAULTID}"
HMZ_AUTH_HOSTNAME: "${tpl.HMZ_AUTH_HOSTNAME}"
HMZ_AUTH_CUSTOMERID: "${tpl.HMZ_AUTH_CUSTOMERID}"
HMZ_AUTH_PATH: "${tpl.HMZ_AUTH_PATH}"
HMZ_API_HOSTNAME: "${tpl.HMZ_API_HOSTNAME}"
ROOTCERT: "${tpl.ROOTCERT}"
SEED: "${tpl.SEED}"
OSOENCRYPTIONPASS: "${tpl.OSOENCRYPTIONPASS}"
TOKEN_EXP: "${tpl.TOKEN_EXP}"
2 changes: 1 addition & 1 deletion contracts/ripple/frontend_plugin/terraform.tfvars.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ FRONTEND_PLUGIN_IMAGE="registry.control12.dap.local/oso/oso-ripple-plugins@sha25
HMZ_AUTH_HOSTNAME=""
HMZ_API_HOSTNAME=""
VAULT_ID=""
SK=""
HMZ_USER_SK=""
6 changes: 4 additions & 2 deletions contracts/ripple/frontend_plugin/user_data_frontend_plugin.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,14 @@ resource "local_file" "frontend_plugin_docker_compose" {
"${path.module}/frontend_plugin.yml.tftpl",
{ tpl = {
image = var.FRONTEND_PLUGIN_IMAGE,
SK = var.SK,
HMZ_USER_SK = var.HMZ_USER_SK,
VAULTID = var.VAULT_ID,
HMZ_AUTH_HOSTNAME = var.HMZ_AUTH_HOSTNAME,
HMZ_AUTH_PATH = var.HMZ_AUTH_PATH,
HMZ_AUTH_CUSTOMERID = var.HMZ_AUTH_CUSTOMERID,
HMZ_API_HOSTNAME = var.HMZ_API_HOSTNAME,
ROOTCERT = var.ROOTCERT,
SEED = var.SEED,
OSOENCRYPTIONPASS = var.OSOENCRYPTIONPASS,
TOKEN_EXP = var.TOKEN_EXP
} },
)
Expand Down
16 changes: 14 additions & 2 deletions contracts/ripple/frontend_plugin/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@ variable "FRONTEND_PLUGIN_IMAGE" {
description = "Frontend plugin image name"
}

variable "SEED" {
variable "OSOENCRYPTIONPASS" {
type = string
description = "Encrypt data through the iteration pipeline (should be same value as backend plugin)"
default = ""
}

# Ripple
variable "SK" {
variable "HMZ_USER_SK" {
type = string
description = "Private (secret) key of a registered user used to login to Ripple"
}
Expand All @@ -58,6 +58,18 @@ variable "HMZ_API_HOSTNAME" {
description = "Ripple api hostname containing no protocol or path"
}

variable "HMZ_AUTH_PATH" {
type = string
description = "Harmonize path to get auth toekn"
default = "/token"
}

variable "HMZ_AUTH_CUSTOMERID" {
type = string
description = "Harmonize customer id used to authent"
default = "customer_api"
}

variable "ROOTCERT" {
type = string
description = "Ripple SSL server certification as base64 encoded (optional)"
Expand Down
Loading