Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • hackathon-playground
  • jwks-service-for-development
  • luben-test
  • nginx-tls-localhost
  • policy-service
  • improve-readme
7 results
Compare History
Lyuben Penkovski's avatar
Test prometheus metrics and some random stuff (NOT FOR MERGE)
Lyuben Penkovski authored
9251072d
Name Last commit Last update
env
mongo/docker-entrypoint-initdb.d
nginx
vault
.gitignore
LICENSE
README.md
docker-compose.yml
setup.sh
README.md

workspace

This is a local development workspace for Trust Services API backend. It uses docker-compose to bootstrap the services and their dependencies.

Each service has its own .env file in the env directory with environment variables which will be injected in its container.

Prerequisites

Setup

Clone the workspace repository into $GOPATH/src/code.vereign.com/gaiax/tsa/workspace. Using GOPATH is important because it's the way the workspace will know where to find you Go source code.

# create the backend directory where the workspace will be checked out
mkdir -p $GOPATH/src/code.vereign.com/gaiax/tsa/workspace

# change to the created directory
cd $GOPATH/src/code.vereign.com/gaiax/tsa/workspace

# clone the workspace repo
git clone git@code.vereign.com:gaiax/tsa/workspace.git .

Checkout services repos

This step is optional because you may already have the repos checked out or you may want to do this step manually. But the workspace provides you with a setup.sh script which will go and checkout the TSA backend services at their correct locations, ready for use with docker-compose.

./setup.sh

Note: If you have already checked out a repository, and it's not on the main branch or is not in a clean state, the script will give you a warning and won't override the state of your repo. You will have to checkout/update it manually.

Usage

Now you're ready to start using the workspace environment.

# start all services
docker-compose up -d

# see the state of the containers and their exposed ports 
docker-compose ps

# follow the logs of all services in the workspace
docker-compose logs -f 

# follow the logs of specified services only
docker-compose logs -f policy task

# restart a service
docker-compose restart policy

# restart a service and reload its environment variables
docker-compose up -d policy

# rebuild the docker image of a service
docker-compose build task

3rd Party Services

DID Resolver

The DID Resolver service can be reached at localhost:9090 from your local machine. Example usage:

curl -X GET http://localhost:9090/1.0/identifiers/did:indy:idunion:BDrEcHc8Tb4Lb2VyQZWEDE
curl -X GET http://localhost:9090/1.0/identifiers/did:key:z6Mkfriq1MqLBoPWecGoDLjguo1sB9brj6wT3qZ5BxkKpuP6
curl -X GET http://localhost:9090/1.0/identifiers/did:web:did.actor:alice

In order to support more DID methods refer to currently supported ones here:

https://github.com/decentralized-identity/universal-resolver/blob/main/docker-compose.yml

Needed env variables are here:

https://github.com/decentralized-identity/universal-resolver/blob/main/.env

The services access DID resolver from their containers as uni-resolver-web:8080

MongoDB

MongoDB is used to store policies and act as a synchronization point and single source of truth for the current policy state.

In the workspace it's initialized with the script mongo-init.js to populate a collection with some policies suitable for local development.

The server can be reached at localhost:27017 from your machine. The services access MongoDB from their containers as mongo:27017.

Because of some license requirements, we're using MongoDB 3.6.

Redis

The Redis server can be reached at localhost:6397 from your local machine.

The services access Redis from their containers as redis:6397

Hashicorp Vault

When the vault is first started with docker-compose on your local machine, it's not yet initialized. To initialize it and get a vault token which can be used by the signer service, you should open the Vault UI and follow the initial steps to generate a token. The token then must be set as a value for the ENV variable VAULT_TOKEN in signer.env

Vault UI is exposed at http://0.0.0.0:8200/ui/vault

Setting Vault (only for local env):

  1. On the first screen of the Vault Web UI enter "Key shares" = 1 and "Key threshold" = 1
  2. Click Initialize
  3. Save key/token
  4. Unseal Vault by using the key
  5. Sign in by using the token (the same one you need for VAULT_TOKEN env variable)
  6. On the "Secrets" tab click "Enable new engine" => "transit" => "next" => "Enable engine"
  7. Click "Create encryption key" enter name "key1"
  8. For "Type" use one of the options in signer.env for VAULT_SUPPORTED_KEYS
  9. Click "Create encryption key"

License

Apache 2.0 license