From 016cc8bbbe106a9bd06d685c934a12cacbd8c047 Mon Sep 17 00:00:00 2001 From: Martin Saporiti Date: Wed, 29 Nov 2023 11:22:34 -0300 Subject: [PATCH 1/5] chore: update onchain rhs contracts --- k8s/helm/templates/_helpers.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/helm/templates/_helpers.tpl b/k8s/helm/templates/_helpers.tpl index 1098015ad..8cbbddb81 100644 --- a/k8s/helm/templates/_helpers.tpl +++ b/k8s/helm/templates/_helpers.tpl @@ -147,9 +147,9 @@ Define Rhs contract */}} {{- define "helpers.api-rsh-contract" -}} {{- if eq .Values.mainnet true }} -"0xF5d22B2385D8cA41A649df53AE010F7b4e776dB0" +"0xbEeB6bB53504E8C872023451fd0D23BeF01d320B" {{- else }} -"0x76EB7216F2400aC18C842D8C76739F3B8E619DB9" +"0x16A1ae4c460C0a42f0a87e69c526c61599B28BC9" {{- end }} {{- end }} From 76bb9954a39586efcadd632c0fbf0522a1a7a0ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Gim=C3=A9nez?= Date: Mon, 4 Dec 2023 11:10:42 +0100 Subject: [PATCH 2/5] fix: Return link expiration date in ISO format with time 00:00:00Z (#566) --- api_ui/api.yaml | 4 +-- internal/api_ui/api.gen.go | 26 +++++++------- internal/api_ui/responses.go | 9 ++--- internal/api_ui/server_test.go | 63 +++++++++++++++++++--------------- internal/timeapi/time.go | 5 +++ internal/timeapi/time_test.go | 36 +++++++++++++++++++ 6 files changed, 96 insertions(+), 47 deletions(-) diff --git a/api_ui/api.yaml b/api_ui/api.yaml index 974d53dbd..50c8674ac 100644 --- a/api_ui/api.yaml +++ b/api_ui/api.yaml @@ -1242,9 +1242,7 @@ components: x-omitempty: false nullable: true credentialExpiration: - type: string - format: date - example: "2022-12-20" + $ref: '#/components/schemas/TimeUTC' x-omitempty: false nullable: true createdAt: diff --git a/internal/api_ui/api.gen.go b/internal/api_ui/api.gen.go index 984612e7b..d7e2721b2 100644 --- a/internal/api_ui/api.gen.go +++ b/internal/api_ui/api.gen.go @@ -185,19 +185,19 @@ type KeyValue struct { // Link defines model for Link. type Link struct { - Active bool `json:"active"` - CreatedAt TimeUTC `json:"createdAt"` - CredentialExpiration *openapi_types.Date `json:"credentialExpiration"` - CredentialSubject CredentialSubject `json:"credentialSubject"` - Expiration *TimeUTC `json:"expiration"` - Id uuid.UUID `json:"id"` - IssuedClaims int `json:"issuedClaims"` - MaxIssuance *int `json:"maxIssuance"` - ProofTypes []string `json:"proofTypes"` - SchemaHash string `json:"schemaHash"` - SchemaType string `json:"schemaType"` - SchemaUrl string `json:"schemaUrl"` - Status LinkStatus `json:"status"` + Active bool `json:"active"` + CreatedAt TimeUTC `json:"createdAt"` + CredentialExpiration *TimeUTC `json:"credentialExpiration"` + CredentialSubject CredentialSubject `json:"credentialSubject"` + Expiration *TimeUTC `json:"expiration"` + Id uuid.UUID `json:"id"` + IssuedClaims int `json:"issuedClaims"` + MaxIssuance *int `json:"maxIssuance"` + ProofTypes []string `json:"proofTypes"` + SchemaHash string `json:"schemaHash"` + SchemaType string `json:"schemaType"` + SchemaUrl string `json:"schemaUrl"` + Status LinkStatus `json:"status"` } // LinkStatus defines model for Link.Status. diff --git a/internal/api_ui/responses.go b/internal/api_ui/responses.go index 10f3f894b..b46aa971e 100644 --- a/internal/api_ui/responses.go +++ b/internal/api_ui/responses.go @@ -6,10 +6,10 @@ import ( "time" "github.com/iden3/go-schema-processor/v2/verifiable" - openapitypes "github.com/oapi-codegen/runtime/types" "github.com/polygonid/sh-id-platform/internal/common" "github.com/polygonid/sh-id-platform/internal/core/domain" + "github.com/polygonid/sh-id-platform/internal/timeapi" "github.com/polygonid/sh-id-platform/pkg/schema" ) @@ -220,9 +220,10 @@ func deleteConnection500Response(deleteCredentials bool, revokeCredentials bool) func getLinkResponse(link domain.Link) Link { hash, _ := link.Schema.Hash.MarshalText() - var date *openapitypes.Date + var credentialExpiration *timeapi.Time if link.CredentialExpiration != nil { - date = &openapitypes.Date{Time: *link.CredentialExpiration} + t := timeapi.Time(*link.CredentialExpiration) + credentialExpiration = common.ToPointer(t.UTCZeroHHMMSS()) } var validUntil *TimeUTC @@ -243,7 +244,7 @@ func getLinkResponse(link domain.Link) Link { ProofTypes: getLinkProofs(link), CreatedAt: TimeUTC(link.CreatedAt), Expiration: validUntil, - CredentialExpiration: date, + CredentialExpiration: credentialExpiration, } } diff --git a/internal/api_ui/server_test.go b/internal/api_ui/server_test.go index 57b762160..cb4bc177b 100644 --- a/internal/api_ui/server_test.go +++ b/internal/api_ui/server_test.go @@ -3146,11 +3146,11 @@ func TestServer_GetLink(t *testing.T) { tomorrow := time.Now().Add(24 * time.Hour) yesterday := time.Now().Add(-24 * time.Hour) - link, err := linkService.Save(ctx, *did, common.ToPointer(10), &tomorrow, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) + link, err := linkService.Save(ctx, *did, common.ToPointer(10), &tomorrow, importedSchema.ID, common.ToPointer(tomorrow), true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) require.NoError(t, err) hash, _ := link.Schema.Hash.MarshalText() - linkExpired, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) + linkExpired, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, common.ToPointer(tomorrow), true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) require.NoError(t, err) handler := getHandler(ctx, server) @@ -3192,18 +3192,19 @@ func TestServer_GetLink(t *testing.T) { expected: expected{ httpCode: http.StatusOK, response: GetLink200JSONResponse{ - Active: link.Active, - CredentialSubject: CredentialSubject{"birthday": 19791109, "documentType": 12, "type": schemaType, "id": "did:polygonid:polygon:mumbai:2qDDDKmo436EZGCBAvkqZjADYoNRJszkG7UymZeCHQ"}, - Expiration: common.ToPointer(TimeUTC(*link.ValidUntil)), - Id: link.ID, - IssuedClaims: link.IssuedClaims, - MaxIssuance: link.MaxIssuance, - SchemaType: link.Schema.Type, - SchemaUrl: link.Schema.URL, - Status: LinkStatusActive, - ProofTypes: []string{"SparseMerkleTreeProof", "BJJSignature2021"}, - CreatedAt: TimeUTC(link.CreatedAt), - SchemaHash: string(hash), + Active: link.Active, + CredentialSubject: CredentialSubject{"birthday": 19791109, "documentType": 12, "type": schemaType, "id": "did:polygonid:polygon:mumbai:2qDDDKmo436EZGCBAvkqZjADYoNRJszkG7UymZeCHQ"}, + Expiration: common.ToPointer(TimeUTC(*link.ValidUntil)), + Id: link.ID, + IssuedClaims: link.IssuedClaims, + MaxIssuance: link.MaxIssuance, + SchemaType: link.Schema.Type, + SchemaUrl: link.Schema.URL, + Status: LinkStatusActive, + ProofTypes: []string{"SparseMerkleTreeProof", "BJJSignature2021"}, + CreatedAt: TimeUTC(link.CreatedAt), + SchemaHash: string(hash), + CredentialExpiration: common.ToPointer(TimeUTC(tomorrow)), }, }, }, @@ -3214,16 +3215,17 @@ func TestServer_GetLink(t *testing.T) { expected: expected{ httpCode: http.StatusOK, response: GetLink200JSONResponse{ - Active: linkExpired.Active, - CredentialSubject: CredentialSubject{"birthday": 19791109, "documentType": 12, "type": schemaType, "id": "did:polygonid:polygon:mumbai:2qDDDKmo436EZGCBAvkqZjADYoNRJszkG7UymZeCHQ"}, - Expiration: common.ToPointer(TimeUTC(*linkExpired.ValidUntil)), - Id: linkExpired.ID, - IssuedClaims: linkExpired.IssuedClaims, - MaxIssuance: linkExpired.MaxIssuance, - SchemaType: linkExpired.Schema.Type, - SchemaUrl: linkExpired.Schema.URL, - Status: LinkStatusExceeded, - ProofTypes: []string{"SparseMerkleTreeProof", "BJJSignature2021"}, + Active: linkExpired.Active, + CredentialSubject: CredentialSubject{"birthday": 19791109, "documentType": 12, "type": schemaType, "id": "did:polygonid:polygon:mumbai:2qDDDKmo436EZGCBAvkqZjADYoNRJszkG7UymZeCHQ"}, + Expiration: common.ToPointer(TimeUTC(*linkExpired.ValidUntil)), + Id: linkExpired.ID, + IssuedClaims: linkExpired.IssuedClaims, + MaxIssuance: linkExpired.MaxIssuance, + SchemaType: linkExpired.Schema.Type, + SchemaUrl: linkExpired.Schema.URL, + Status: LinkStatusExceeded, + ProofTypes: []string{"SparseMerkleTreeProof", "BJJSignature2021"}, + CredentialExpiration: nil, }, }, }, @@ -3261,6 +3263,11 @@ func TestServer_GetLink(t *testing.T) { assert.Equal(t, expected.Active, response.Active) assert.InDelta(t, time.Time(*expected.Expiration).UnixMilli(), time.Time(*response.Expiration).UnixMilli(), 1000) assert.Equal(t, len(expected.ProofTypes), len(response.ProofTypes)) + if expected.CredentialExpiration != nil { + tt := time.Time(*expected.CredentialExpiration) + tt00 := common.ToPointer(TimeUTC(time.Date(tt.Year(), tt.Month(), tt.Day(), 0, 0, 0, 0, time.UTC))) + assert.Equal(t, tt00.String(), response.CredentialExpiration.String()) + } case http.StatusNotFound: var response GetLink404JSONResponse require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &response)) @@ -3315,19 +3322,19 @@ func TestServer_GetAllLinks(t *testing.T) { tomorrow := time.Now().Add(24 * time.Hour) yesterday := time.Now().Add(-24 * time.Hour) - link1, err := linkService.Save(ctx, *did, common.ToPointer(10), &tomorrow, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) + link1, err := linkService.Save(ctx, *did, common.ToPointer(10), &tomorrow, importedSchema.ID, &tomorrow, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) require.NoError(t, err) linkActive := getLinkResponse(*link1) time.Sleep(10 * time.Millisecond) - link2, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) + link2, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, &tomorrow, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) require.NoError(t, err) linkExpired := getLinkResponse(*link2) require.NoError(t, err) time.Sleep(10 * time.Millisecond) - link3, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) + link3, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, &tomorrow, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12}) link3.Active = false require.NoError(t, err) require.NoError(t, linkService.Activate(ctx, *did, link3.ID, false)) @@ -3475,6 +3482,8 @@ func TestServer_GetAllLinks(t *testing.T) { require.NoError(t, err) assert.Equal(t, tcCred, respCred) assert.InDelta(t, time.Time(*tc.expected.response[i].Expiration).UnixMilli(), time.Time(*resp.Expiration).UnixMilli(), 1000) + expectCredExpiration := common.ToPointer(TimeUTC(time.Date(tomorrow.Year(), tomorrow.Month(), tomorrow.Day(), 0, 0, 0, 0, time.UTC))) + assert.Equal(t, expectCredExpiration.String(), resp.CredentialExpiration.String()) } } case http.StatusBadRequest: diff --git a/internal/timeapi/time.go b/internal/timeapi/time.go index 2b14ff138..9ceecb095 100644 --- a/internal/timeapi/time.go +++ b/internal/timeapi/time.go @@ -33,3 +33,8 @@ func (t Time) MarshalJSON() ([]byte, error) { func (t *Time) String() string { return time.Time(*t).UTC().Format(time.RFC3339) } + +// UTCZeroHHMMSS returns a new Time with the time set to 00:00:00 and UTC location +func (t *Time) UTCZeroHHMMSS() Time { + return Time(time.Date(time.Time(*t).Year(), time.Time(*t).Month(), time.Time(*t).Day(), 0, 0, 0, 0, time.UTC)) +} diff --git a/internal/timeapi/time_test.go b/internal/timeapi/time_test.go index 88baeaa68..fbedf7bd3 100644 --- a/internal/timeapi/time_test.go +++ b/internal/timeapi/time_test.go @@ -22,3 +22,39 @@ func TestTime_MarshalJSON_UnmarshallJson(t *testing.T) { assert.NotEqual(t, now.Format(time.RFC3339), res.String()) assert.Equal(t, now.UTC().Format(time.RFC3339), res.String()) } + +func TestTime_ZeroHHMMSS(t *testing.T) { + now := time.Now() + gmt2 := time.FixedZone("GMT+2", 2*60*60) + + for _, tt := range []struct { + name string + time Time + want Time + }{ + { + name: "now", + time: Time(time.Date(now.Year(), now.Month(), now.Day(), now.Hour(), now.Minute(), now.Second(), now.Nanosecond(), now.Location())), + want: Time(time.Date(now.Year(), now.Month(), now.Day(), 0, 0, 0, 0, time.UTC)), + }, + { + name: "zero time, utc", + time: Time(time.Date(2023, 12, 31, 0, 0, 0, 0, time.UTC)), + want: Time(time.Date(2023, 12, 31, 0, 0, 0, 0, time.UTC)), + }, + { + name: "zero time, GMT+2", + time: Time(time.Date(2023, 12, 31, 0, 0, 0, 0, gmt2)), + want: Time(time.Date(2023, 12, 31, 0, 0, 0, 0, time.UTC)), + }, + { + name: "Another time, GMT+2", + time: Time(time.Date(2023, 12, 31, 17, 14, 40, 8, gmt2)), + want: Time(time.Date(2023, 12, 31, 0, 0, 0, 0, time.UTC)), + }, + } { + t.Run(tt.name, func(t *testing.T) { + assert.Equal(t, tt.want, tt.time.UTCZeroHHMMSS()) + }) + } +} From 5777c05d49f9c4d1abdc8ce56cbd14d869317cd7 Mon Sep 17 00:00:00 2001 From: Martin Saporiti Date: Mon, 4 Dec 2023 07:13:18 -0300 Subject: [PATCH 3/5] chore: improve issuer node user creation in Vault (#545) --- Makefile | 7 +++++++ infrastructure/local/.vault/scripts/init.sh | 15 +++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 310a89e04..21ab275ed 100644 --- a/Makefile +++ b/Makefile @@ -231,3 +231,10 @@ vault-export-keys: vault-import-keys: docker build -t issuer-vault-import-keys . docker run --rm -it --network=issuer-network -v $(shell pwd)/keys.json:/keys.json issuer-vault-import-keys ./vault-migrator -operation=import -input-file=keys.json -vault-token=$(vault_token) -vault-addr=http://vault:8200 + + +# usage: make new_password=xxx change-vault-password +.PHONY: change-vault-password +change-vault-password: + docker exec issuer-vault-1 \ + vault write auth/userpass/users/issuernode password=$(new_password) \ No newline at end of file diff --git a/infrastructure/local/.vault/scripts/init.sh b/infrastructure/local/.vault/scripts/init.sh index f9958ab10..f674e5725 100755 --- a/infrastructure/local/.vault/scripts/init.sh +++ b/infrastructure/local/.vault/scripts/init.sh @@ -65,10 +65,17 @@ vault policy write issuernode /vault/config/policies.hcl echo "===== CREATE USERS =====" vault auth enable userpass -vault write auth/userpass/users/issuernode \ - password=issuernodepwd \ - policies="admins,issuernode" -echo $vault_token +result=$(vault read auth/userpass/users/issuernode 2>&1) +echo $result +if [[ "$result" == "No value found at auth/userpass/users/issuernode" ]]; then + echo "issuernode user nor found, creating..." + vault write auth/userpass/users/issuernode \ + password=issuernodepwd \ + policies="admins,issuernode" +else + echo "issuernode user found, skipping creation..." +fi +echo $vault_token tail -f /dev/null From 51cf2eb0aaba93f84d72eb6e27f0fdffde740d7c Mon Sep 17 00:00:00 2001 From: Martin Saporiti Date: Mon, 4 Dec 2023 07:15:03 -0300 Subject: [PATCH 4/5] chore: update github actions (#567) --- .github/workflows/dockerhub-dev.yml | 18 ++---------------- .github/workflows/dockerhub-main.yml | 21 +++------------------ 2 files changed, 5 insertions(+), 34 deletions(-) diff --git a/.github/workflows/dockerhub-dev.yml b/.github/workflows/dockerhub-dev.yml index 46b622c99..3c5ea2e2c 100644 --- a/.github/workflows/dockerhub-dev.yml +++ b/.github/workflows/dockerhub-dev.yml @@ -43,28 +43,14 @@ jobs: push: true tags: 0xpolygon/issuernode-ui:${{ env.IMAGE_TAG }} - - name: Build and push amd64 image + - name: Build and push amd64 and arm64 image uses: docker/build-push-action@v4 env: IMAGE_TAG: ${{ steps.version.outputs.VERSION }} with: context: . - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 push: true tags: 0xpolygon/issuernode:${{ env.IMAGE_TAG }} - - name: Rename Docker Arm File - run: | - mv Dockerfile Dockerfile-amd - mv Dockerfile-arm Dockerfile - - - name: Build and push arm64 image - uses: docker/build-push-action@v4 - env: - IMAGE_TAG: ${{ steps.version.outputs.VERSION }} - with: - context: . - platforms: linux/arm64 - push: true - tags: 0xpolygon/issuernode-arm:${{ env.IMAGE_TAG }} diff --git a/.github/workflows/dockerhub-main.yml b/.github/workflows/dockerhub-main.yml index 0cf3a92ad..159e6cef1 100644 --- a/.github/workflows/dockerhub-main.yml +++ b/.github/workflows/dockerhub-main.yml @@ -37,27 +37,12 @@ jobs: push: true tags: 0xpolygon/issuernode-ui:${{ env.IMAGE_TAG }} - - name: Build and push amd64 image + - name: Build and push amd64 and arm64 image uses: docker/build-push-action@v4 env: IMAGE_TAG: latest with: context: . - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 push: true - tags: 0xpolygon/issuernode:${{ env.IMAGE_TAG }} - - - name: Rename Docker Arm File - run: | - mv Dockerfile Dockerfile-amd - mv Dockerfile-arm Dockerfile - - - name: Build and push arm64 image - uses: docker/build-push-action@v4 - env: - IMAGE_TAG: latest - with: - context: . - platforms: linux/arm64 - push: true - tags: 0xpolygon/issuernode-arm:${{ env.IMAGE_TAG }} \ No newline at end of file + tags: 0xpolygon/issuernode:${{ env.IMAGE_TAG }} \ No newline at end of file From c7e164e3e9488fc4617be1b041194760b1820b60 Mon Sep 17 00:00:00 2001 From: Martin Saporiti Date: Mon, 4 Dec 2023 07:30:17 -0300 Subject: [PATCH 5/5] feat: Vault volumen not persistent (#568) * chore: remove vault volume mapping * chore: update clean-vault command * chore: change approach to authenticate with Vault --- Makefile | 7 ------- infrastructure/local/.vault/config/policies.hcl | 4 ++++ infrastructure/local/.vault/scripts/init.sh | 1 + infrastructure/local/docker-compose-infra.yml | 2 -- internal/api/main_test.go | 5 +++-- internal/api_ui/main_test.go | 6 +++--- internal/config/config.go | 17 ++++------------- internal/core/services/tests/main_test.go | 5 +++-- internal/kms/main_test.go | 5 +++-- .../kms/vaultPluginIden3KeyProvider_test.go | 5 +++-- 10 files changed, 24 insertions(+), 33 deletions(-) diff --git a/Makefile b/Makefile index 21ab275ed..8350dcd20 100644 --- a/Makefile +++ b/Makefile @@ -115,13 +115,6 @@ stop: up-test: $(DOCKER_COMPOSE_INFRA_CMD) up -d test_postgres vault test_local_files_apache -.PHONY: clean-vault -clean-vault: - rm -R infrastructure/local/.vault/data/init.out - rm -R infrastructure/local/.vault/file/core/ - rm -R infrastructure/local/.vault/file/logical/ - rm -R infrastructure/local/.vault/file/sys/ - $(BIN)/platformid-migrate: $(BUILD_CMD) ./cmd/migrate diff --git a/infrastructure/local/.vault/config/policies.hcl b/infrastructure/local/.vault/config/policies.hcl index df793f08f..c81e77b47 100644 --- a/infrastructure/local/.vault/config/policies.hcl +++ b/infrastructure/local/.vault/config/policies.hcl @@ -2,6 +2,10 @@ path "iden3/*" { capabilities = ["create", "read", "update", "delete", "list"] } +path "secret/*" { + capabilities = ["create", "read", "update", "delete", "list"] +} + path "kv/*" { capabilities = ["create", "read", "update", "delete", "list"] } diff --git a/infrastructure/local/.vault/scripts/init.sh b/infrastructure/local/.vault/scripts/init.sh index f674e5725..369399f7a 100755 --- a/infrastructure/local/.vault/scripts/init.sh +++ b/infrastructure/local/.vault/scripts/init.sh @@ -14,6 +14,7 @@ sleep 5 FILE=/vault/data/init.out if [ ! -e "$FILE" ]; then echo -e "===== Initialize the Vault =====" + mkdir /vault/data/ vault operator init > /vault/data/init.out fi diff --git a/infrastructure/local/docker-compose-infra.yml b/infrastructure/local/docker-compose-infra.yml index c5b65ac7c..b0f941e31 100644 --- a/infrastructure/local/docker-compose-infra.yml +++ b/infrastructure/local/docker-compose-infra.yml @@ -56,8 +56,6 @@ services: volumes: - ./.vault/config:/vault/config - ./.vault/policies:/vault/policies - - ./.vault/data:/vault/data - - ./.vault/file:/vault/file:rw - ./.vault/scripts:/vault/scripts - ./.vault/plugins:/vault/plugins ports: diff --git a/internal/api/main_test.go b/internal/api/main_test.go index 20a1b0dbf..19bf9fb10 100644 --- a/internal/api/main_test.go +++ b/internal/api/main_test.go @@ -63,8 +63,9 @@ func TestMain(m *testing.M) { cachex = cache.NewMemoryCache() vaultCli, err = providers.VaultClient(ctx, providers.Config{ - Address: cfgForTesting.KeyStore.Address, - Token: cfgForTesting.KeyStore.Token, + Address: cfgForTesting.KeyStore.Address, + UserPassAuthEnabled: cfgForTesting.KeyStore.UserPassEnabled, + Pass: cfgForTesting.KeyStore.UserPassPassword, }) if err != nil { log.Error(ctx, "failed to acquire vault client", "err", err) diff --git a/internal/api_ui/main_test.go b/internal/api_ui/main_test.go index fa12238b4..2b2d3db5c 100644 --- a/internal/api_ui/main_test.go +++ b/internal/api_ui/main_test.go @@ -61,10 +61,10 @@ func TestMain(m *testing.M) { storage = s cachex = cache.NewMemoryCache() - vaultCli, err = providers.VaultClient(context.Background(), providers.Config{ - Address: cfgForTesting.KeyStore.Address, - Token: cfgForTesting.KeyStore.Token, + Address: cfgForTesting.KeyStore.Address, + UserPassAuthEnabled: cfgForTesting.KeyStore.UserPassEnabled, + Pass: cfgForTesting.KeyStore.UserPassPassword, }) if err != nil { log.Error(ctx, "failed to acquire vault client", "err", err) diff --git a/internal/config/config.go b/internal/config/config.go index f963cad25..a6889e3b6 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -106,6 +106,8 @@ type KeyStore struct { Address string `tip:"Keystore address"` Token string `tip:"Token"` PluginIden3MountPath string `tip:"PluginIden3MountPath"` + UserPassEnabled bool `tip:"UserPassEnabled"` + UserPassPassword string `tip:"UserPassPassword"` } // Log holds runtime configurations @@ -353,23 +355,12 @@ func Load(fileName string) (*Configuration, error) { func VaultTest() KeyStore { return KeyStore{ Address: "http://localhost:8200", - Token: lookupVaultTestToken(), PluginIden3MountPath: "iden3", + UserPassEnabled: true, + UserPassPassword: "issuernodepwd", } } -func lookupVaultTestToken() string { - var err error - token, ok := os.LookupEnv("VAULT_TEST_TOKEN") - if !ok { - token, err = lookupVaultTokenFromFile("infrastructure/local/.vault/data/init.out") - if err != nil { - return "" - } - } - return token -} - // lookupVaultTokenFromFile parses the vault config file looking for the hvs token and returns it // pathVaultConfig MUST be a relative path starting from the root project folder // like "infrastructure/local/.vault/data/init.out" diff --git a/internal/core/services/tests/main_test.go b/internal/core/services/tests/main_test.go index 75e81af4c..d99094a4c 100644 --- a/internal/core/services/tests/main_test.go +++ b/internal/core/services/tests/main_test.go @@ -53,8 +53,9 @@ func TestMain(m *testing.M) { storage = s vaultCli, err = providers.VaultClient(ctx, providers.Config{ - Address: cfgForTesting.KeyStore.Address, - Token: cfgForTesting.KeyStore.Token, + Address: cfgForTesting.KeyStore.Address, + UserPassAuthEnabled: cfgForTesting.KeyStore.UserPassEnabled, + Pass: cfgForTesting.KeyStore.UserPassPassword, }) if err != nil { log.Error(ctx, "failed to acquire vault client", "err", err) diff --git a/internal/kms/main_test.go b/internal/kms/main_test.go index 77c156916..4fa6a1c1c 100644 --- a/internal/kms/main_test.go +++ b/internal/kms/main_test.go @@ -38,8 +38,9 @@ func testKMSSetup(t testing.TB) TestKMS { var err error k.VaultCli, err = providers.VaultClient(context.Background(), providers.Config{ - Address: cfg.Address, - Token: cfg.Token, + Address: cfg.Address, + UserPassAuthEnabled: cfg.UserPassEnabled, + Pass: cfg.UserPassPassword, }) require.NoError(t, err) diff --git a/internal/kms/vaultPluginIden3KeyProvider_test.go b/internal/kms/vaultPluginIden3KeyProvider_test.go index 9c74ced46..bd119b066 100644 --- a/internal/kms/vaultPluginIden3KeyProvider_test.go +++ b/internal/kms/vaultPluginIden3KeyProvider_test.go @@ -127,8 +127,9 @@ func setupPluginBJJProvider(t *testing.T) (vaultCli *api.Client, mountPath strin t.Helper() var err error vaultCli, err = providers.VaultClient(context.Background(), providers.Config{ - Address: cfg.Address, - Token: cfg.Token, + Address: cfg.Address, + UserPassAuthEnabled: cfg.UserPassEnabled, + Pass: cfg.UserPassPassword, }) require.NoError(t, err) mountPath = cfg.PluginIden3MountPath