From 543439e2b1f4b2379b3cfc97584860e62513657b Mon Sep 17 00:00:00 2001 From: abhip2565 <74866247+abhip2565@users.noreply.github.com> Date: Fri, 10 Jan 2025 14:14:07 +0530 Subject: [PATCH] [INJIMOB-1349] add data-share and minio service as part of docker compose (#550) Signed-off-by: Abhishek Paul --- .../config/data-share-inji-default.properties | 64 ++++++++++ .../config/data-share-standalone.properties | 15 +++ .../config/mimoto-default.properties | 8 +- .../config/mimoto-issuers-config.json | 118 ++---------------- docker-compose/docker-compose.yml | 27 ++++ 5 files changed, 119 insertions(+), 113 deletions(-) create mode 100644 docker-compose/config/data-share-inji-default.properties create mode 100644 docker-compose/config/data-share-standalone.properties diff --git a/docker-compose/config/data-share-inji-default.properties b/docker-compose/config/data-share-inji-default.properties new file mode 100644 index 00000000..ac669265 --- /dev/null +++ b/docker-compose/config/data-share-inji-default.properties @@ -0,0 +1,64 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# keycloak.external.host +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# mosip.datsha.client.secret +# s3.accesskey +# s3.region +# s3.secretkey + +mosip.data.share.service.id=mosip.data.share +mosip.data.share.service.version=1.0 + +CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +KEYMANAGER_JWTSIGN=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign +PARTNER_POLICY=${mosip.pms.policymanager.url}/v1/policymanager/policies/{policyId}/partner/{partnerId} +KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + + +data.share.application.id=PARTNER +mosip.data.share.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +!-- if value is true then please set servlet path to / --! +mosip.data.share.urlshortner=false +data.share.token.request.appid=datsha +data.share.token.request.clientId=mosip-datsha-client +data.share.token.request.secretKey=${mosip.datsha.client.secret} +data.share.token.request.password= +data.share.token.request.username= +data.share.token.request.version=1.0 +data.share.token.request.id=io.mosip.datashare +data.share.token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +spring.servlet.multipart.max-file-size=14MB +mosip.data.share.protocol=http +mosip.data.share.includeCertificateHash=false +mosip.data.share.includeCertificate=false +mosip.data.share.includePayload=false +mosip.data.share.digest.algorithm=SHA256 +mosip.data.share.prependThumbprint=false +mosip.role.durian.postcreatepolicyidsubscriberid=CREATE_SHARE +auth.server.admin.allowed.audience=mosip-creser-client,mpartner-default-auth,mosip-regproc-client,mosip-reg-client,mosip-syncdata-client,mpartner-default-print,mosip-resident-client,opencrvs-partner,mosip-pms-client,mpartner-default-digitalcard,mosip-admin-client,mosip-abis-client,mpartner-default-mobile + +mosip.auth.filter_disable=false + +# Object store +object.store.s3.accesskey=minioadmin +object.store.s3.secretkey=minioadmin +object.store.s3.url=http://minio-service:9000 +object.store.s3.region=us-east-1 +object.store.s3.readlimit=10000000 + +#specific to Compliance Toolkit, to ABIS DataShare testcases +auth.handle.ctk.flow=true +mosip.api.internal.toolkit.url=https://${mosip.api.internal.host}/v1/toolkit +mosip.compliance.toolkit.saveDataShareToken.url=${mosip.api.internal.toolkit.url}/saveDataShareToken +mosip.compliance.toolkit.invalidateDataShareToken.url=${mosip.api.internal.toolkit.url}/invalidateDataShareToken +mosip.compliance.toolkit.invalidateDataShareToken.testCaseId=ABIS3031 +logging.level.org.springframework.web: DEBUG +#cache schedular +mosip.data.share.policy-cache.expiry-time-millisec=7200000 + +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.pms.policymanager.url=http://pms-policy.pms diff --git a/docker-compose/config/data-share-standalone.properties b/docker-compose/config/data-share-standalone.properties new file mode 100644 index 00000000..52134774 --- /dev/null +++ b/docker-compose/config/data-share-standalone.properties @@ -0,0 +1,15 @@ +# Enables the data-share application in standalone mode. +mosip.data.share.standalone.mode.enabled=true +# Defines the policy json which will be taken into consideration if +# "mosip.data.share.standalone.mode.enabled" is set as true. +# If we are using "encryptionType" as "Partner based" then subscriberId must be a valid subscriberId +# i.e. should exist in system. +mosip.data.share.static-policy.policy-json={"typeOfShare":"","transactionsAllowed":"250","shareDomain":"datashare-service:8097","encryptionType":"NONE","source":"","validForInMinutes":"30"} +# Defines the policyId which will be taken into consideration if " +# mosip.data.share.standalone.mode.enabled" is set as true. +mosip.data.share.static-policy.policy-id=static-policyid +# Defines the subscriberId which will be taken into consideration if +# "mosip.data.share.standalone.mode.enabled" is set as true. +mosip.data.share.static-policy.subscriber-id=static-subscriberid +# Disables JWT signature computation while storing object in object store. +mosip.data.share.signature.disabled=true \ No newline at end of file diff --git a/docker-compose/config/mimoto-default.properties b/docker-compose/config/mimoto-default.properties index f0f5d632..375e9f23 100644 --- a/docker-compose/config/mimoto-default.properties +++ b/docker-compose/config/mimoto-default.properties @@ -259,7 +259,7 @@ mosip.openid.issuer.credentialSupported=/wellKnownIssuer/Insurance.json mosip.openid.htmlTemplate=credential-template.html mosip.oidc.client.assertion.type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer mosip.oidc.p12.filename=oidckeystore.p12 -mosip.oidc.p12.password=5YBx6QT2wbY8Ls6w +mosip.oidc.p12.password=${oidc_p12_password} mosip.oidc.p12.path=certs/ @@ -281,9 +281,9 @@ mosip.inji.ovp.redirect.url.pattern=%s#vp_token=%s&presentation_submission=%s mosip.inji.ovp.error.redirect.url.pattern=%s?error=%s&error_description=%s #DataShare Config -mosip.data.share.url=https://datashare-inji.collab.mosip.net -mosip.data.share.create.url=https://datashare-inji.collab.mosip.net/v1/datashare/create/static-policyid/static-subscriberid +mosip.data.share.url=http://datashare-service:8097 +mosip.data.share.create.url=http://datashare-service:8097/v1/datashare/create/static-policyid/static-subscriberid +mosip.data.share.get.url.pattern=http://datashare-service:8097/v1/datashare/get/static-policyid/static-subscriberid/* mosip.data.share.create.retry.count=3 -mosip.data.share.get.url.pattern=https://datashare-inji.collab.mosip.net/v1/datashare/get/static-policyid/static-subscriberid/* #OpenId4VP related Configuration END diff --git a/docker-compose/config/mimoto-issuers-config.json b/docker-compose/config/mimoto-issuers-config.json index ff624399..8e9defa2 100644 --- a/docker-compose/config/mimoto-issuers-config.json +++ b/docker-compose/config/mimoto-issuers-config.json @@ -1,83 +1,7 @@ { "issuers": [ - { - "credential_issuer": "Mosip", - "protocol": "OpenId4VCI", - "display": [ - { - "name": "National Identity Department", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip-logo" - }, - "title": "National Identity Department", - "description": "Download MOSIP National / Foundational Identity Credential", - "language": "en" - }, - { - "name": "دائرة الهوية الوطنية", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "شعار موسيب" - }, - "title": "دائرة الهوية الوطنية", - "description": "قم بتنزيل بيانات اعتماد الهوية الوطنية / التأسيسية MOSIP", - "language": "ar" - }, - { - "name": "राष्ट्रीय पहचान विभाग", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "मोसिप लोगो" - }, - "title": "राष्ट्रीय पहचान विभाग", - "description": "MOSIP नेशनल/फाउंडेशनल आइडेंटिटी क्रेडेंशियल डाउनलोड करेंं", - "language": "hi" - }, - { - "name": "ರಾಷ್ಟ್ರೀಯ ಗುರುತಿನ ಇಲಾಖೆ", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip ಲೋಗೋ" - }, - "title": "ರಾಷ್ಟ್ರೀಯ ಗುರುತಿನ ಇಲಾಖೆ", - "description": "MOSIP ರಾಷ್ಟ್ರೀಯ / ಫೌಂಡೇಶನಲ್ ಐಡೆಂಟಿಟಿ ರುಜುವಾತು ಡೌನ್‌ಲೋಡ್ ಮಾಡಿ", - "language": "kn" - }, - { - "name": "தேசிய அடையாளத் துறை", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip லோகோ" - }, - "title": "தேசிய அடையாளத் துறை", - "description": "MOSIP தேசிய / அடிப்படை அடையாளச் சான்றிதழைப் பதிவிறக்கவும்", - "language": "ta" - }, - { - "name": "National Identity Department", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "logo ng mosip" - }, - "title": "National Identity Department", - "description": "I-download ang MOSIP National / Foundational Identity Credential", - "language": "fil" - } - ], - "client_id": "XusU7P1y10lMr9NA1qnrny_fqynODwV4SCvWPP8cfdY", - "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", - "token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/Mosip", - "authorization_audience": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token", - "proxy_token_endpoint": "https://esignet-mosipid.collab.mosip.net/v1/esignet/oauth/v2/token", - "client_alias": "mpartner-default-test-mosipid", - "qr_code_type": "OnlineSharing", - "enabled": "true", - "wellknown_endpoint": "https://injicertify-mosipid.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer" - }, { "credential_issuer": "StayProtected", - "protocol": "OpenId4VCI", "display": [ { "name": "StayProtected Insurance", @@ -85,45 +9,21 @@ "url": "https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png", "alt_text": "a square logo of a Sunbird" }, + "language": "en", "title": "Download StayProtected Insurance Credentials", - "description": "Download insurance credential", - "language": "en" + "description": "Download insurance credential" } ], - "client_id": "esignet-sunbird-partner", - "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", - "token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/StayProtected", - "authorization_audience": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token", - "proxy_token_endpoint": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token", - "client_alias": "esignet-sunbird-partner", - "qr_code_type": "OnlineSharing", - "enabled": "true", - "wellknown_endpoint": "https://injicertify-insurance.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer" - }, - { - "credential_issuer": "Mock", "protocol": "OpenId4VCI", - "display": [ - { - "name": "Mock Identity", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip-logo" - }, - "title": "Mock Identity", - "description": "Download Mock Identity Credential", - "language": "en" - } - ], - "client_id": "mpartner-mock-testing", + "client_id": "wallet-demo", + "client_alias": "wallet-demo-client", + "wellknown_endpoint": "https://injicertify-insurance.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer", "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", - "token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/Mock", "authorization_audience": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token", - "proxy_token_endpoint": "https://esignet-mock.collab.mosip.net/v1/esignet/oauth/v2/token", - "client_alias": "mpartner-mock-testing", + "token_endpoint": "https://localhost:8099/v1/mimoto/get-token/StayProtected", + "proxy_token_endpoint": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token", "qr_code_type": "OnlineSharing", - "enabled": "true", - "wellknown_endpoint": "https://injicertify-mock.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer" + "enabled": "true" } ] -} +} \ No newline at end of file diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml index 316278b7..375c611e 100644 --- a/docker-compose/docker-compose.yml +++ b/docker-compose/docker-compose.yml @@ -1,6 +1,32 @@ version: '3.8' services: + + minio: + container_name: 'minio-service' + image: bitnami/minio:2022.2.7-debian-10-r0 + ports: + - "9001:9001" + - "9000:9000" + environment: + MINIO_ROOT_USER: minioadmin # Access Key + MINIO_ROOT_PASSWORD: minioadmin # Secret Key + + datashare: + container_name: 'datashare-service' + image: mosipqa/data-share-service:1.3.x + ports: + - "8097:8097" + environment: + - active_profile_env=inji-default,standalone + - SPRING_CONFIG_NAME=data-share + - SPRING_CONFIG_LOCATION=/home/mosip/ + volumes: + - ./config/data-share-inji-default.properties:/home/mosip/data-share-inji-default.properties + - ./config/data-share-standalone.properties:/home/mosip/data-share-standalone.properties + depends_on: + - minio + nginx: container_name: nginx image: nginx:alpine @@ -22,6 +48,7 @@ services: - active_profile_env=default - SPRING_CONFIG_NAME=mimoto - SPRING_CONFIG_LOCATION=/home/mosip/ + - oidc_p12_password=dummypassword volumes: - ./config/mimoto-default.properties:/home/mosip/mimoto-default.properties - ./config/mimoto-issuers-config.json:/home/mosip/mimoto-issuers-config.json