Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: digital credential queuing service #2299

Merged
merged 67 commits into from
Nov 20, 2023
Merged
Show file tree
Hide file tree
Changes from 63 commits
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
58e63e2
feat: devcontainer configuraton for vscode
amanji Sep 7, 2023
107604e
feat: hard code digital business card schema
amanji Sep 7, 2023
3793db1
feat: hard code digital business card schema
amanji Sep 7, 2023
d0c51ce
feat: issue credentials through Traction tenant
amanji Sep 11, 2023
7b88982
refactor: app initialization workflow
amanji Sep 12, 2023
ad0fa01
feat: use out-of-band invitation for connecting
amanji Sep 20, 2023
2e75d5f
feat: use v2.0 for issuing credential
amanji Sep 21, 2023
79a2631
feat: web socket implmentation with flask-socketio
amanji Oct 11, 2023
fc8edc4
feat: db migration script to enable revocation
amanji Oct 16, 2023
4fe8406
feat: revocation endpoint
amanji Oct 18, 2023
aec27f2
feat: replace endpoints
amanji Oct 19, 2023
99e54fe
chore: fix linting errors
amanji Oct 19, 2023
88e3ccc
chore: update requirements
amanji Oct 19, 2023
fd96a6e
chore: update tests
amanji Oct 25, 2023
e397e04
feat: traction token exchanger
amanji Oct 26, 2023
1f2fe2b
chore: update workflow variables
amanji Oct 26, 2023
4090b35
chore: update workflow variables
amanji Oct 26, 2023
7f1f546
refactor: ws cors setting is a config option
amanji Oct 26, 2023
a259818
chore: fix linting errors
amanji Oct 26, 2023
080825f
refactor: clean up init in digital credential service
amanji Oct 27, 2023
6beb1b1
18284: digital credentials (#2260)
amanji Oct 27, 2023
87d0854
feat: endpoints to reset credential offers
amanji Oct 28, 2023
4042676
Merge remote-tracking branch 'upstream/feature-digital-credentials' i…
amanji Oct 30, 2023
26a01e7
feat: credential id lookup table
amanji Oct 30, 2023
32a7d7a
feat: add business roles
amanji Oct 30, 2023
205dd68
18284 Add pre-fork server hook to gunicorn config (#2285)
argush3 Oct 30, 2023
c55cebc
chore: fix tests and linting
amanji Oct 30, 2023
8ad8cb9
chore: fix tests
amanji Oct 31, 2023
65a9a4d
18284 feat: digital credentials (#2281)
amanji Oct 31, 2023
2fc5cb3
Merge remote-tracking branch 'upstream/feature-digital-credentials' i…
amanji Oct 31, 2023
d368673
refactor: remove records from Traction on deletion
amanji Nov 1, 2023
0b3b60b
Revert "feat: web socket implmentation with flask-socketio"
amanji Nov 1, 2023
9763a17
fix: port so it doesnt overlap with airplay server on OSX
amanji Nov 1, 2023
633e3d9
Revert "fix: port so it doesnt overlap with airplay server on OSX"
amanji Nov 1, 2023
2976d11
feat: digital credentials (#2287)
amanji Nov 1, 2023
b22e419
Merge remote-tracking branch 'upstream/feature-digital-credentials' i…
amanji Nov 2, 2023
fc6c34a
Merge branch 'feature-digital-credentials'
amanji Nov 3, 2023
40f3af2
Merge remote-tracking branch 'upstream/main'
amanji Nov 3, 2023
2697cd6
Merge remote-tracking branch 'upstream/main'
amanji Nov 3, 2023
0224805
feat: base and scaffolding queue
amanji Oct 24, 2023
f9e6795
feat: add placeholders for events to capture
amanji Oct 24, 2023
808b58e
feat: add processor scaffolding and revocation reasons
amanji Oct 25, 2023
a4ceff6
chore: clean up code based on review comments
amanji Nov 1, 2023
18b4831
fix: 404 errors when attempting to remove invitations and credentials
amanji Nov 6, 2023
b0f66b5
refactor: update digital credential helpers
amanji Nov 7, 2023
27f4d19
feat: add init file for helpers module
amanji Nov 7, 2023
4fce169
refactor: move methods into digital credential service
amanji Nov 7, 2023
4eeebd9
feat: add query methods
amanji Nov 7, 2023
6951179
refactor: more code re-organization
amanji Nov 7, 2023
48e638c
feat: complete queue event processors
amanji Nov 8, 2023
95e54b6
feat: add manual revocation processor
amanji Nov 8, 2023
0f4834e
Merge remote-tracking branch 'upstream/main' into feature-digital-cre…
amanji Nov 8, 2023
b840527
fix: improved token validation in traction auth decorator
amanji Nov 15, 2023
18d2aaa
Merge remote-tracking branch 'upstream/main'
amanji Nov 16, 2023
822f35d
Merge branch 'main' into feature-digital-credentials
amanji Nov 16, 2023
d1a2463
chore: address first set of code review comments
amanji Nov 16, 2023
b3bbad1
chore: fix linting
amanji Nov 16, 2023
9524ecc
chore: address second set of code reivew comments
amanji Nov 16, 2023
4eae367
chore: address third set of code reivew comments
amanji Nov 16, 2023
764bdf1
Merge remote-tracking branch 'upstream/main'
amanji Nov 20, 2023
5a83dd7
Merge branch 'main' into feature-digital-credentials
amanji Nov 20, 2023
f359f9c
chore: clean up config file for edc queue
amanji Nov 20, 2023
dae32ad
feat: add DevOps config files
amanji Nov 20, 2023
ff89db3
chore: address code review comments
amanji Nov 20, 2023
48c1213
chore: fix linting errors
amanji Nov 20, 2023
1a732a9
refactor: relax error logging level
amanji Nov 20, 2023
81f8abc
chore: add k8s files
amanji Nov 20, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 6 additions & 8 deletions .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,21 @@
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
"ghcr.io/itsmechlark/features/postgresql:1": {}
},

// Features to add to the dev container. More info: https://containers.dev/features.
// "features": {},

// Use 'forwardPorts' to make a list of ports inside the container available locally.
// This can be used to network with other containers or the host.
// "forwardPorts": [5000, 5432],

"forwardPorts": [
5432,
4222,
8222
],
// Use 'postCreateCommand' to run commands after the container is created.
// "postCreateCommand": "pip install --user -r requirements.txt",

// Configure tool-specific properties.
// "customizations": {},

// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
// "remoteUser": "root",

// Enable this on OSX to add ssh key to agent inside container
"initializeCommand": "find ~/.ssh/ -type f -exec grep -l 'PRIVATE' {} \\; | xargs ssh-add"
}
}
11 changes: 10 additions & 1 deletion .devcontainer/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ services:
command: sleep infinity

# Runs app on the same network as the database container, allows "forwardPorts" in devcontainer.json function.
network_mode: service:db
network_mode: host

# Use "forwardPorts" in **devcontainer.json** to forward an app port locally.
# (Adding the "ports" property to this file will not forward from a Codespace.)
Expand All @@ -30,6 +30,15 @@ services:

# Add "forwardPorts": ["5432"] to **devcontainer.json** to forward PostgreSQL locally.
# (Adding the "ports" property to this file will not forward from a Codespace.)
network_mode: host

nats:
image: nats-streaming
restart: unless-stopped
ports:
- 4222:4222
- 8222:8222
network_mode: host

volumes:
postgres-data:
114 changes: 114 additions & 0 deletions .github/workflows/entity-digital-credentials-cd.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
name: Entity Digital Credentials CD

on:
push:
branches:
- main
paths:
- "queue_services/entity-digital-credentials/**"
- "queue_services/common/**"
workflow_dispatch:
inputs:
environment:
description: "Environment (dev/test/prod)"
required: true
default: "dev"

defaults:
run:
shell: bash
working-directory: ./queue_services/entity-digital-credentials

env:
APP_NAME: "entity-digital-credentials"
TAG_NAME: "dev"

jobs:
entity-digital-credentials-cd-by-push:
runs-on: ubuntu-20.04

if: github.event_name == 'push' && github.repository == 'bcgov/lear'
environment:
name: "dev"

steps:
- uses: actions/checkout@v3

- name: Login Openshift
shell: bash
run: |
oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}}

- name: CD Flow
shell: bash
env:
OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
TAG_NAME: ${{ env.TAG_NAME }}
run: |
make cd

- name: Watch new rollout (trigger by image change in Openshift)
shell: bash
run: |
oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w

- name: Rocket.Chat Notification
uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master
if: failure()
with:
type: ${{ job.status }}
job_name: "*Entity Digital Credentials Built and Deployed to ${{env.TAG_NAME}}*"
channel: "#registries-bot"
url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
commit: true
token: ${{ secrets.GITHUB_TOKEN }}

entity-digital-credentials-cd-by-dispatch:
runs-on: ubuntu-20.04

if: github.event_name == 'workflow_dispatch' && github.repository == 'bcgov/lear'
environment:
name: "${{ github.event.inputs.environment }}"

steps:
- uses: actions/checkout@v3
- name: Set env by input
run: |
echo "TAG_NAME=${{ github.event.inputs.environment }}" >> $GITHUB_ENV

- name: Login Openshift
shell: bash
run: |
oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}}

- name: CD Flow
shell: bash
env:
OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
TAG_NAME: ${{ env.TAG_NAME }}
run: |
make cd

- name: Watch new rollout (trigger by image change in Openshift)
shell: bash
run: |
oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w

- name: Rocket.Chat Notification
uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master
if: failure()
with:
type: ${{ job.status }}
job_name: "*Entity Digital Credentials Built and Deployed to ${{env.TAG_NAME}}*"
channel: "#registries-bot"
url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
commit: true
token: ${{ secrets.GITHUB_TOKEN }}
110 changes: 110 additions & 0 deletions .github/workflows/entity-digital-credentials-ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
name: Entity Digital Credentials CI

on:
pull_request:
types: [assigned, synchronize]
paths:
- "queue_services/entity-digital-credentials/**"
- "queue_services/common/**"

defaults:
run:
shell: bash
working-directory: ./queue_services/entity-digital-credentials

jobs:
setup-job:
runs-on: ubuntu-20.04

if: github.repository == 'bcgov/lear'

steps:
- uses: actions/checkout@v3
- run: "true"

linting:
needs: setup-job
runs-on: ubuntu-20.04

strategy:
matrix:
python-version: [3.8]

steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
make setup
- name: Lint with pylint
id: pylint
run: |
make pylint
- name: Lint with flake8
id: flake8
run: |
make flake8

testing:
needs: setup-job
env:
DATABASE_TEST_USERNAME: postgres
DATABASE_TEST_PASSWORD: postgres
DATABASE_TEST_NAME: postgres
DATABASE_TEST_HOST: localhost
NATS_SERVERS: "nats://nats:4222"
NATS_CLIENT_NAME: entity.digital-credentials.tester
NATS_CLUSTER_ID: test-cluster
NATS_ENTITY_EVENT_SUBJECT: entity.events
NATS_QUEUE: entity-digital-credentials-worker
TEST_NATS_DOCKER: True
STAN_CLUSTER_NAME: test-cluster

runs-on: ubuntu-20.04

services:
postgres:
image: postgres:12
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
ports:
- 5432:5432
# needed because the postgres container does not provide a healthcheck
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
make setup
- name: Test with pytest
id: test
run: |
make test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: ./queue_services/entity-digital-credentials/coverage.xml
flags: entity-digital-credentials
name: codecov-entity-digital-credentials
fail_ci_if_error: true

build-check:
needs: setup-job
runs-on: ubuntu-20.04

steps:
- uses: actions/checkout@v3
- name: build to check strictness
id: build
run: |
make build-nc
39 changes: 39 additions & 0 deletions queue_services/entity-digital-credentials/.env.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@

# Flask
FLASK_ENV=


### SQL Alchemy
ENTITY_DATABASE_USERNAME=
ENTITY_DATABASE_PASSWORD=
ENTITY_DATABASE_NAME=
ENTITY_DATABASE_HOST=
ENTITY_DATABASE_PORT=

DATABASE_TEST_USERNAME=
DATABASE_TEST_PASSWORD=
DATABASE_TEST_NAME=
DATABASE_TEST_HOST=
DATABASE_TEST_PORT=


## ## NATS - STAN
NATS_SERVERS=
NATS_CLIENT_NAME=
NATS_CLUSTER_ID=
NATS_EMAILER_SUBJECT=
NATS_ENTITY_EVENT_SUBJECT=
#NATS_QUEUE=
NATS_QUEUE=
STAN_CLUSTER_NAME=

# ## NATS - STAN - DEV
#NATS_SERVERS=
#NATS_CLIENT_NAME=
#NATS_CLUSTER_ID=
#NATS_EMAILER_SUBJECT=
#NATS_ENTITY_EVENT_SUBJECT=
#NATS_QUEUE=


#DEPLOYMENT_ENV=
6 changes: 6 additions & 0 deletions queue_services/entity-digital-credentials/.envrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
while read -r line; do
echo $line
[[ "$line" =~ ^#.*$ ]] && continue
export $line
done < .env
source venv/bin/activate
13 changes: 13 additions & 0 deletions queue_services/entity-digital-credentials/LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Copyright © 2023 Province of British Columbia

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Loading
Loading