Skip to content

Commit

Permalink
[INJIMOB-1349] add data-share and minio service as part of docker com…
Browse files Browse the repository at this point in the history
…pose and update docs (#230)

Signed-off-by: Abhishek Paul <paul.apaul.abhishek.ap@gmail.com>
  • Loading branch information
abhip2565 authored Jan 10, 2025
1 parent ea6a68b commit 7215cd3
Show file tree
Hide file tree
Showing 6 changed files with 122 additions and 119 deletions.
4 changes: 1 addition & 3 deletions docker-compose/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,7 @@ This is not for production use.

3. Start esignet services (authorisation server) or use existing esignet service deployed on cloud and update esignet host references in mimoto-default.properties and mimoto-issuers-config.json

4. Start the data share services and update data share host references in mimoto-default.properties. data share service helm is available in the [Inji Web Helm](https://github.com/mosip/inji-web/tree/release-0.10.x/helm/inji-web)

5. Create certs folder in the same directory and create OIDC client. Add key in oidckeystore.p12 and copy this file under certs folder.
4. Create certs folder in the same directory and create OIDC client. Add key in oidckeystore.p12 and copy this file under certs folder. Replace oidc_p12_password environment variable value by password provided in documentation.
Refer [here](https://docs.mosip.io/inji/inji-mobile-wallet/customization-overview/credential_providers) to create client
* Update client_id and client_alias as per onboarding in mimoto-issuers-config.json file.

Expand Down
64 changes: 64 additions & 0 deletions docker-compose/config/data-share-inji-default.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server
# helm chart:
# keycloak.external.host
# keycloak.external.url
# keycloak.internal.host
# keycloak.internal.url
# mosip.datsha.client.secret
# s3.accesskey
# s3.region
# s3.secretkey

mosip.data.share.service.id=mosip.data.share
mosip.data.share.service.version=1.0

CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt
KEYMANAGER_JWTSIGN=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign
PARTNER_POLICY=${mosip.pms.policymanager.url}/v1/policymanager/policies/{policyId}/partner/{partnerId}
KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey


data.share.application.id=PARTNER
mosip.data.share.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
!-- if value is true then please set servlet path to / --!
mosip.data.share.urlshortner=false
data.share.token.request.appid=datsha
data.share.token.request.clientId=mosip-datsha-client
data.share.token.request.secretKey=${mosip.datsha.client.secret}
data.share.token.request.password=
data.share.token.request.username=
data.share.token.request.version=1.0
data.share.token.request.id=io.mosip.datashare
data.share.token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip
spring.servlet.multipart.max-file-size=14MB
mosip.data.share.protocol=http
mosip.data.share.includeCertificateHash=false
mosip.data.share.includeCertificate=false
mosip.data.share.includePayload=false
mosip.data.share.digest.algorithm=SHA256
mosip.data.share.prependThumbprint=false
mosip.role.durian.postcreatepolicyidsubscriberid=CREATE_SHARE
auth.server.admin.allowed.audience=mosip-creser-client,mpartner-default-auth,mosip-regproc-client,mosip-reg-client,mosip-syncdata-client,mpartner-default-print,mosip-resident-client,opencrvs-partner,mosip-pms-client,mpartner-default-digitalcard,mosip-admin-client,mosip-abis-client,mpartner-default-mobile

mosip.auth.filter_disable=false

# Object store
object.store.s3.accesskey=minioadmin
object.store.s3.secretkey=minioadmin
object.store.s3.url=http://minio-service:9000
object.store.s3.region=us-east-1
object.store.s3.readlimit=10000000

#specific to Compliance Toolkit, to ABIS DataShare testcases
auth.handle.ctk.flow=true
mosip.api.internal.toolkit.url=https://${mosip.api.internal.host}/v1/toolkit
mosip.compliance.toolkit.saveDataShareToken.url=${mosip.api.internal.toolkit.url}/saveDataShareToken
mosip.compliance.toolkit.invalidateDataShareToken.url=${mosip.api.internal.toolkit.url}/invalidateDataShareToken
mosip.compliance.toolkit.invalidateDataShareToken.testCaseId=ABIS3031
logging.level.org.springframework.web: DEBUG
#cache schedular
mosip.data.share.policy-cache.expiry-time-millisec=7200000

mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter
mosip.pms.policymanager.url=http://pms-policy.pms
15 changes: 15 additions & 0 deletions docker-compose/config/data-share-standalone.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Enables the data-share application in standalone mode.
mosip.data.share.standalone.mode.enabled=true
# Defines the policy json which will be taken into consideration if
# "mosip.data.share.standalone.mode.enabled" is set as true.
# If we are using "encryptionType" as "Partner based" then subscriberId must be a valid subscriberId
# i.e. should exist in system.
mosip.data.share.static-policy.policy-json={"typeOfShare":"","transactionsAllowed":"250","shareDomain":"datashare-service:8097","encryptionType":"NONE","source":"","validForInMinutes":"30"}
# Defines the policyId which will be taken into consideration if "
# mosip.data.share.standalone.mode.enabled" is set as true.
mosip.data.share.static-policy.policy-id=static-policyid
# Defines the subscriberId which will be taken into consideration if
# "mosip.data.share.standalone.mode.enabled" is set as true.
mosip.data.share.static-policy.subscriber-id=static-subscriberid
# Disables JWT signature computation while storing object in object store.
mosip.data.share.signature.disabled=true
9 changes: 4 additions & 5 deletions docker-compose/config/mimoto-default.properties
Original file line number Diff line number Diff line change
Expand Up @@ -260,7 +260,7 @@ mosip.openid.issuers=mimoto-issuers-config.json
mosip.openid.htmlTemplate=credential-template.html
mosip.oidc.client.assertion.type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
mosip.oidc.p12.filename=oidckeystore.p12
mosip.oidc.p12.password=xy4gh6swa2i
mosip.oidc.p12.password=${oidc_p12_password}
mosip.oidc.p12.path=certs/


Expand All @@ -282,9 +282,8 @@ mosip.inji.ovp.redirect.url.pattern=%s#vp_token=%s&presentation_submission=%s
mosip.inji.ovp.error.redirect.url.pattern=%s?error=%s&error_description=%s

#DataShare Config
mosip.data.share.url=https://datashare-inji.collab.mosip.net
mosip.data.share.create.url=https://datashare-inji.collab.mosip.net/v1/datashare/create/static-policyid/static-subscriberid
mosip.data.share.url=http://datashare-service:8097
mosip.data.share.create.url=http://datashare-service:8097/v1/datashare/create/static-policyid/static-subscriberid
mosip.data.share.get.url.pattern=http://datashare-service:8097/v1/datashare/get/static-policyid/static-subscriberid/*
mosip.data.share.create.retry.count=3
mosip.data.share.get.url.pattern=https://datashare-inji.collab.mosip.net/v1/datashare/get/static-policyid/static-subscriberid/*

#OpenId4VP related Configuration END
118 changes: 9 additions & 109 deletions docker-compose/config/mimoto-issuers-config.json
Original file line number Diff line number Diff line change
@@ -1,129 +1,29 @@
{
"issuers": [
{
"credential_issuer": "Mosip",
"protocol": "OpenId4VCI",
"display": [
{
"name": "National Identity Department",
"logo": {
"url": "https://api.collab.mosip.net/inji/mosip-logo.png",
"alt_text": "mosip-logo"
},
"title": "National Identity Department",
"description": "Download MOSIP National / Foundational Identity Credential",
"language": "en"
},
{
"name": "دائرة الهوية الوطنية",
"logo": {
"url": "https://api.collab.mosip.net/inji/mosip-logo.png",
"alt_text": "شعار موسيب"
},
"title": "دائرة الهوية الوطنية",
"description": "قم بتنزيل بيانات اعتماد الهوية الوطنية / التأسيسية MOSIP",
"language": "ar"
},
{
"name": "राष्ट्रीय पहचान विभाग",
"logo": {
"url": "https://api.collab.mosip.net/inji/mosip-logo.png",
"alt_text": "मोसिप लोगो"
},
"title": "राष्ट्रीय पहचान विभाग",
"description": "MOSIP नेशनल/फाउंडेशनल आइडेंटिटी क्रेडेंशियल डाउनलोड करेंं",
"language": "hi"
},
{
"name": "ರಾಷ್ಟ್ರೀಯ ಗುರುತಿನ ಇಲಾಖೆ",
"logo": {
"url": "https://api.collab.mosip.net/inji/mosip-logo.png",
"alt_text": "mosip ಲೋಗೋ"
},
"title": "ರಾಷ್ಟ್ರೀಯ ಗುರುತಿನ ಇಲಾಖೆ",
"description": "MOSIP ರಾಷ್ಟ್ರೀಯ / ಫೌಂಡೇಶನಲ್ ಐಡೆಂಟಿಟಿ ರುಜುವಾತು ಡೌನ್‌ಲೋಡ್ ಮಾಡಿ",
"language": "kn"
},
{
"name": "தேசிய அடையாளத் துறை",
"logo": {
"url": "https://api.collab.mosip.net/inji/mosip-logo.png",
"alt_text": "mosip லோகோ"
},
"title": "தேசிய அடையாளத் துறை",
"description": "MOSIP தேசிய / அடிப்படை அடையாளச் சான்றிதழைப் பதிவிறக்கவும்",
"language": "ta"
},
{
"name": "National Identity Department",
"logo": {
"url": "https://api.collab.mosip.net/inji/mosip-logo.png",
"alt_text": "logo ng mosip"
},
"title": "National Identity Department",
"description": "I-download ang MOSIP National / Foundational Identity Credential",
"language": "fil"
}
],
"client_id": "XusU7P1y10lMr9NA1qnrny_fqynODwV4SCvWPP8cfdY",
"redirect_uri": "io.mosip.residentapp.inji://oauthredirect",
"token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/Mosip",
"authorization_audience": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token",
"proxy_token_endpoint": "https://esignet-mosipid.collab.mosip.net/v1/esignet/oauth/v2/token",
"client_alias": "mpartner-default-test-mosipid",
"qr_code_type": "OnlineSharing",
"enabled": "true",
"wellknown_endpoint": "https://injicertify-mosipid.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer"
},
{
"credential_issuer": "StayProtected",
"protocol": "OpenId4VCI",
"display": [
{
"name": "StayProtected Insurance",
"logo": {
"url": "https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png",
"alt_text": "a square logo of a Sunbird"
},
"language": "en",
"title": "Download StayProtected Insurance Credentials",
"description": "Download insurance credential",
"language": "en"
"description": "Download insurance credential"
}
],
"client_id": "esignet-sunbird-partner",
"redirect_uri": "io.mosip.residentapp.inji://oauthredirect",
"token_endpoint": "https://api.dev1.mosip.net/v1/mimoto/get-token/StayProtected",
"authorization_audience": "https://esignet-insurance.dev1.mosip.net/v1/esignet/oauth/v2/token",
"proxy_token_endpoint": "https://esignet-insurance.dev1.mosip.net/v1/esignet/oauth/v2/token",
"client_alias": "esignet-sunbird-partner",
"qr_code_type": "OnlineSharing",
"enabled": "true",
"wellknown_endpoint": "https://injicertify-insurance.dev1.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer"
},
{
"credential_issuer": "Mock",
"protocol": "OpenId4VCI",
"display": [
{
"name": "Mock Identity",
"logo": {
"url": "https://api.collab.mosip.net/inji/mosip-logo.png",
"alt_text": "mosip-logo"
},
"title": "Mock Identity",
"description": "Download Mock Identity Credential",
"language": "en"
}
],
"client_id": "mpartner-mock-testing",
"client_id": "wallet-demo",
"client_alias": "wallet-demo-client",
"wellknown_endpoint": "https://injicertify-insurance.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer",
"redirect_uri": "io.mosip.residentapp.inji://oauthredirect",
"token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/Mock",
"authorization_audience": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token",
"proxy_token_endpoint": "https://esignet-mock.collab.mosip.net/v1/esignet/oauth/v2/token",
"client_alias": "mpartner-mock-testing",
"token_endpoint": "https://localhost:8099/v1/mimoto/get-token/StayProtected",
"proxy_token_endpoint": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token",
"qr_code_type": "OnlineSharing",
"enabled": "true",
"wellknown_endpoint": "https://injicertify-mock.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer"
"enabled": "true"
}
]
}
}
31 changes: 29 additions & 2 deletions docker-compose/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,31 @@ version: '3.8'

services:

minio:
container_name: 'minio-service'
image: bitnami/minio:2022.2.7-debian-10-r0
ports:
- "9001:9001"
- "9000:9000"
environment:
MINIO_ROOT_USER: minioadmin # Access Key
MINIO_ROOT_PASSWORD: minioadmin # Secret Key

datashare:
container_name: 'datashare-service'
image: mosipqa/data-share-service:1.3.x
ports:
- "8097:8097"
environment:
- active_profile_env=inji-default,standalone
- SPRING_CONFIG_NAME=data-share
- SPRING_CONFIG_LOCATION=/home/mosip/
volumes:
- ./config/data-share-inji-default.properties:/home/mosip/data-share-inji-default.properties
- ./config/data-share-standalone.properties:/home/mosip/data-share-standalone.properties
depends_on:
- minio

mimoto-service:
container_name: 'mimoto-service'
image: 'mosipqa/mimoto:0.15.x'
Expand All @@ -13,9 +38,12 @@ services:
- active_profile_env=default
- SPRING_CONFIG_NAME=mimoto
- SPRING_CONFIG_LOCATION=/home/mosip/
- oidc_p12_password=dummypassword
volumes:
- ./config/mimoto-default.properties:/home/mosip/mimoto-default.properties
- ./certs/oidckeystore.p12:/home/mosip/certs/oidckeystore.p12
depends_on:
- datashare

inji-web:
container_name: 'inji-web'
Expand All @@ -26,9 +54,8 @@ services:
- DEFAULT_LANG=en
- MIMOTO_HOST=http://localhost:3004/v1/mimoto
volumes:
- ./config/mimoto-default.properties:/home/mosip/mimoto-default.properties
- ./config/mimoto-issuers-config.json:/home/mosip/mimoto-issuers-config.json
- ./config/mimoto-trusted-verifiers.json:/home/mosip/mimoto-trusted-verifiers.json
- ./config/credential-template.html:/home/mosip/credential-template.html
depends_on:
- mimoto-service
- mimoto-service

0 comments on commit 7215cd3

Please sign in to comment.