[MOSIP-8576] Updates README instructions and notes

README.md

@@ -4,7 +4,6 @@
 - This repo contains MOSIP side of components in the MOSIP OpenCRVS integration. Namely:
   - _MOSIP side OpenCRVS Mediator_ ([`mosip-side-opencrvs-mediator`](./mediator)) receives data from OpenCRVS, creates registration packet, and uploads it to registration processor.
   - _OpenCRVS Registration Processor Stage_ ([`registration-processor-opencrvs-stage`](./registration-processor-opencrvs-stage)) is added as the last stage in MOSIP registration-processor pipeline, to issue the credentials back to OpenCRVS, after registration is successful.
-  - _MOSIP OpenCRVS Print Stage_ ([`opencrvs-print`](./opencrvs-print)) is an ephemeral component to demonstrate a credential being issued and printed successfully.
 - This repo is not to be confused with [OpenCRVS side MOSIP Mediator](https://github.com/opencrvs/mosip-mediator/tree/master), which is also part of MOSIP OpenCRVS integration, that receives the credential(UIN) issued by MOSIP, and processes it as required.
 
 _This is work-in-progress_.

deployment/README.md

@@ -8,41 +8,55 @@ This document describe deployment of `mosip-side-mediator` and `registration-pro
   - `psql`, `kubectl`,`helm`,`bash`, `curl`, `jq`
 
 ## Installation
-- Onboard a new credential type partner, with name like `opencrvs-partner`, with appropriate certificates from opencrvs, and an auth_policy that has only UIN in sharableAttributes. Use [partner onboarding scripts](https://github.com/mosip/mosip-infra/tree/develop/deployment/v3/utils/onboard/partner/).
 - Set up `mosip_opencrvs` db:
   - Navigate to [db_scripts/mosip_opencrvs](../db_scripts/mosip_opencrvs).
   - Configure deploy.properties, with required secrets and hostname.
   - Then run:
     ```sh
     ./deploy.sh deploy.properties
     ```
+- Create a new transaction type `OPENCRVS_NEW` in `mosip_regprc/transaction_type` database table.
+- Onboard a new credential type partner (using [partner onboarding scripts](https://github.com/mosip/mosip-onboarding/tree/master)), with;
+  - name like `opencrvs-partner`
+  - appropriate certificates from OpenCRVS
+  - an _auth_policy_ that has only `UIN` in _sharableAttributes_.
+  - _credential_type_ is `opencrvs`.
+- Furthermore, change the following settings for the `opencrvs-partner` client (that was just created), in keycloak admin console, in `Mosip` realm.
+  - Change _Access Type_ to `public`.
+  - Enable _Direct Access Grants_.
+  - Change _Valid Redirect URIs_ to `*`.
+- Apart from creating the partner keycloak client, create a new user with the same username as the partner name (that was previously given), with any password.
+- Apart from the certificates obtained from OpenCRVS, create a certificate key pair for MOSIP, this public certificate will later be shared with OpenCRVS.
 - Run the following to install the mediator and components (The script will prompt for inputs):
     ```sh
     ./install.sh <cluster-kubeconfig-file>
     ```
-  OR
-- Pass the following environment variables to the above script, if it is not desired to prompt for inputs:
+  - OR Pass the following environment variables to the above script, if it is not desired to prompt for inputs:
     ```sh
     export OPENCRVS_AUTH_URL=
-    export OPENCRVS_WEBHOOKS_URL=
+    export OPENCRVS_RECEIVE_CREDENTIAL_URL=
     export OPENCRVS_CLIENT_ID=
     export OPENCRVS_CLIENT_SECRET=
     export OPENCRVS_CLIENT_SHA_SECRET=
-    export OPENCRVS_CALLBACK_HOST_BIRTH=
-    export OPENCRVS_CALLBACK_URI_BIRTH=
+    export MOSIP_OPENCRVS_PARTNER_CLIENT_ID=
+    export MOSIP_OPENCRVS_PARTNER_CLIENT_SHA_SECRET=
+    export MOSIP_OPENCRVS_PARTNER_USERNAME=
+    export MOSIP_PRIVATE_KEY_PATH=
+    export OPENCRVS_PUBLIC_KEY_PATH=
     ./install.sh <cluster-kubeconfig-file>
     ```
+- Share the details with OpenCRVS: auth_url(mosip keycloak url), partner_client_id, partner_client_sha_secret, partner_username, partner_password.
+- Share MOSIP public Certificate (that was created above).
 
 ## Uploading sample birth data
 - Run the following in current directory, to upload sample birth data to mediator:
   ```sh
   curl -XPOST \
     -H "content-type: application/json" \
     -d @samples/sampleDataFromOpencrvs2.json \
-    https://<hostname-for-mediator>/opencrvs-mediator/birth
+    https://<opencrvs-hostname-for-mosip-mediator>/<mosip-mediator-webhooks-uri>
   ```
-- Replace url with `http://localhost:4545/birth` if running locally.
-
+- Replace url with `http://localhost:4545/webhooks` if running locally.
 
 ## Uninstallation
 - Run:

deployment/delete.sh

@@ -11,8 +11,11 @@ while true; do
     read -p "Are you sure you want to delete opencrvs-mediator helm chart?(Y/n) " yn
     if [ $yn = "Y" ]
       then
+        helm -n $NS delete regproc-opencrvs-stage
         helm -n $NS delete opencrvs-mediator
-        kubectl -n $NS delete secret opencrvs-client-creds
+        kubectl -n $NS delete --ignore-not-found=true secret opencrvs-client-creds
+        kubectl -n $NS delete --ignore-not-found=true secret opencrvs-partner-client-creds
+        kubectl -n $NS delete --ignore-not-found=true secret opencrvs-partner-certs-keys
         break
       else
         break

notes.md

@@ -60,7 +60,7 @@
   ```
   registration.processor.main-processes=NEW,UPDATE,LOST,RES_UPDATE,ACTIVATE,DEACTIVATE,OPENCRVS_NEW
   ```
-- Consider adding OPENCRVS_NEW proccess as part of `mosip_regprc/transaction_type` db table.
+- Consider adding OPENCRVS_NEW proccess as part of `mosip_regprc/transaction_type` db_scripts. (For now this is created as part of installation)
 - While creating `opencrvs-partner`, `opencrvs` credential_type has been used. The same will be used by the opencrvs side mediator while receiving credential. The following property has been changed to include this as well, in partner-management-default.properties. 
   ```
   pmp.allowed.credential.types=auth,qrcode,euin,reprint,vercred,opencrvs
@@ -75,17 +75,17 @@
 - Discuss a longterm model for Registrations that would happen through partners in MOSIP. And refit this implementation to that model.
 - Discuss an infra model with OpenCRVS, on how the OpenCRVS webhook and MOSIP websub would communicate with each other over a secured private channel.
   - From mosip side, we would want OpenCRVS webhook callback to happen on the private wireguard channel.
-  - Plus the callback contains Authorizaiton.
+  - Plus the callback contains Authorization.
   - Plus the data is encrypted.
-- Discuss how `zone`,`province`,`city`,`postal code` and other basic data about a country (masterdata) can be in sync in MOSIP and OpenCRVS. 
-  
+- Discuss how `zone`,`province`,`city`,`postal code` and other basic data about a country (masterdata) can be in sync between MOSIP and OpenCRVS.
+
 Misc Dev Notes:
 - Create `mosip-opencrvs-client` in keycloak. Assign this client all the roles that are required to create and upload packets. And use that in properties. TODO
-- Create a duplicate print stage called opencrvs-print stage, which will add additional opencrvs data in the credential request. TODO 
+- Create a duplicate print stage called opencrvs-print stage, which will add additional opencrvs data in the credential request. TODO
 - Onboard an `opencrvs-partner`, create a similar client and user in keycloak. DONE
-  - Use this above partner and subscribe to websub, for uin generated event. TODO 
+  - Use this above partner and subscribe to websub, for uin generated event. DONE
 - Update postgres-init to include `mosip-opencrvs` db. CLOSED: WONT DO.
 - Use `kernel-auth-adapter`, and remove the dummy adapter in code. TODO.
 - Create docker, helm chart in mosip-helm, and add ci to github. DONE.
 - Create testcases. TODO.
-- Analyze with sonar cloud. Publish snapshots to ossrh. TODO.
+- Analyze with sonar cloud. Publish to mvn repo & snapshots to ossrh. TODO.