Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Actualize eng demos with 0.96 #75

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions acra-translator/docker-compose.acra-translator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ services:
# - ./.acrakeys/acra-translator/${ACRA_CLIENT_ID}_storage
# - ./.acrakeys/acra-writer/${ACRA_CLIENT_ID}_storage.pub
acra-keymaker_client:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=}
Expand Down Expand Up @@ -64,7 +64,7 @@ services:
- webui-mongo

acra-translator:
image: "cossacklabs/acra-translator:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-translator:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
# Restart server after correct termination, for example after the config
# was changed through the API
restart: always
Expand Down
2 changes: 1 addition & 1 deletion cockroachdb/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ it to a database, and decrypts the data when the app reads it from the database.
Script reads data from `data.json` where stored array of entries as data examples.

```bash
docker exec -it cockroachdb_python_1 python3 extended_example.py --host=acra-server --port=9393 --data=data.json
docker exec -it cockroachdb_python_1 python3 extended_example.py --host=acra-server --port=9393 --data=extended_example_data.json

$:
data: [{'token_i32': 1234, 'token_i64': 645664, 'token_str': '078-05-1111', 'token_bytes': 'byt13es', 'token_email': 'john_wed@cl.com', 'data': 'John Wed, Senior Relationshop Manager', 'masking': '$112000', 'searchable': 'john_wed@cl.com'}, {'token_i32': 1235, 'token_i64': 645665, 'token_str': '078-05-1112', 'token_bytes': 'byt13es2', 'token_email': 'april_cassini@cl.com', 'data': 'April Cassini, Marketing Manager', 'masking': '$168000', 'searchable': 'april_cassini@cl.com'}, {'token_i32': 1236, 'token_i64': 645667, 'token_str': '078-05-1117', 'token_bytes': 'byt13es3', 'token_email': 'george_clooney@cl.com', 'data': 'George Clooney, Famous Actor', 'masking': '$780000', 'searchable': 'george_clooney@cl.com'}]
Expand Down
7 changes: 7 additions & 0 deletions cockroachdb/cockroach.dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM cockroachdb/cockroach:v21.2.3

COPY entrypoint.sh /entrypoint.sh

RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]
4 changes: 2 additions & 2 deletions cockroachdb/configs/acra-server.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
version: 0.95.0
version: 0.96.0

encryptor_config_file: "/config/extended_encryptor_config.yaml"
encryptor_config_file: "/config/extended_example_encryptor_config.yaml"
40 changes: 24 additions & 16 deletions cockroachdb/docker-compose.cockroachdb.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ version: "3"

services:
acra-keymaker_client:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-t14/alGiPpS5mOH5R2zOQ8gjUcSQ3b+6l0qD31V+yZE=}
volumes:
- ./.acrakeys:/keys
- acra-server:/keys
- ../_common/cockroachdb/certs/:/certs
command: >-
--client_id=""
Expand All @@ -17,7 +17,9 @@ services:
--keystore=v1

roach1:
image: cockroachdb/cockroach:v21.2.3
build:
context: .
dockerfile: cockroach.dockerfile
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's leave comment here that we need custom docker file to explicitly set proper permissions to the key file due to docker doesn't mount it properly on all systems?

environment:
GODEBUG: netdns=go
ports:
Expand All @@ -29,33 +31,39 @@ services:
networks:
- server-cockroach
- world
command: ['start', '--join=roach1:26257,roach2:26258,roach3:26259', '--certs-dir=/certs', '--listen-addr=0.0.0.0:26257', '--http-addr=0.0.0.0:8080', '--store=node1']
command: ['cockroach', 'start', '--join=roach1:26257,roach2:26258,roach3:26259', '--certs-dir=/certs', '--listen-addr=0.0.0.0:26257', '--http-addr=0.0.0.0:8080', '--store=node1']

roach2:
image: cockroachdb/cockroach:v21.2.3
build:
context: .
dockerfile: cockroach.dockerfile
environment:
GODEBUG: netdns=go
volumes:
- cockroach-data2:/cockroach/cockroach-data
- ../_common/cockroachdb/certs/:/certs
networks:
- server-cockroach
command: ['start', '--join=roach1:26257,roach2:26258,roach3:26259','--certs-dir=/certs', '--listen-addr=0.0.0.0:26258', '--http-addr=localhost:8081', '--store=node2']
command: ['cockroach', 'start', '--join=roach1:26257,roach2:26258,roach3:26259','--certs-dir=/certs', '--listen-addr=0.0.0.0:26258', '--http-addr=localhost:8081', '--store=node2']

roach3:
image: cockroachdb/cockroach:v21.2.3
build:
context: .
dockerfile: cockroach.dockerfile
volumes:
- cockroach-data3:/cockroach/cockroach-data
- ../_common/cockroachdb/certs/:/certs
environment:
GODEBUG: netdns=go
networks:
- server-cockroach
command: ['start', '--join=roach1:26257,roach2:26258,roach3:26259','--certs-dir=/certs', '--listen-addr=0.0.0.0:26259', '--http-addr=localhost:8082', '--store=node3']
command: ['cockroach', 'start', '--join=roach1:26257,roach2:26258,roach3:26259','--certs-dir=/certs', '--listen-addr=0.0.0.0:26259', '--http-addr=localhost:8082', '--store=node3']

# initialize cockroach cluster
cockroach_init:
image: cockroachdb/cockroach:v21.2.3
build:
context: .
dockerfile: cockroach.dockerfile
environment:
GODEBUG: netdns=go
depends_on:
Expand All @@ -66,10 +74,10 @@ services:
- ../_common/cockroachdb/certs/:/certs
networks:
- server-cockroach
command: [ 'init', '--certs-dir=/certs', '--url=postgresql://roach1:26257']
command: ['cockroach', 'init', '--certs-dir=/certs', '--url=postgresql://roach1:26257']

acra-server:
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
restart: always
depends_on:
- roach1
Expand All @@ -83,10 +91,10 @@ services:
ports:
- "9393:9393"
volumes:
- ./.acrakeys/acra-server:/keys
- acra-server:/keys
- ./configs/acra-server.yaml:/config/acra-server.yaml
- ../_common/cockroachdb/certs/:/certs
- ../acra/examples/python/extended_encryptor_config.yaml:/config/extended_encryptor_config.yaml
- ../acra/examples/python/extended_example_encryptor_config.yaml:/config/extended_example_encryptor_config.yaml
command: >-
--db_host=roach1
--db_port=26257
Expand All @@ -95,9 +103,8 @@ services:
--tls_key=/certs/node.key
--tls_cert=/certs/node.crt
--tls_ca=/certs/ca.crt
--keys_dir=/keys
--http_api_enable
--incoming_connection_api_string=tcp://0.0.0.0:9090
--keys_dir=/keys/acra-server
--incoming_connection_string=tcp://0.0.0.0:9393
--config_file=/config/acra-server.yaml
--incoming_connection_prometheus_metrics_string=tcp://0.0.0.0:9399
--config_file=/config/acra-server.yaml
Expand Down Expand Up @@ -199,3 +206,4 @@ volumes:
cockroach-data1:
cockroach-data2:
cockroach-data3:
acra-server:
13 changes: 13 additions & 0 deletions cockroachdb/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/sh

files=(
"/certs/node.key"
"/certs/client.root.key"
)

# explicitly specify permissions for mounted key files
for file in "${files[@]}"; do
chmod 600 "$file"
done

exec "$@"
4 changes: 2 additions & 2 deletions db-acra-migration/docker-compose.db-acra-migration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ services:
# Creating keys:
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_storage
acra-keymaker_client:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=}
Expand Down Expand Up @@ -49,7 +49,7 @@ services:
- world

acra-server:
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
# Restart server after correct termination, for example after the config
# was changed through the API
restart: always
Expand Down
4 changes: 2 additions & 2 deletions django-transparent/docker-compose.django-transparent.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ services:
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_storage.pub
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_storage_sym
acra-keymaker_client:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=}
Expand Down Expand Up @@ -57,7 +57,7 @@ services:


acra-server:
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
# Restart server after correct termination, for example after the config
# was changed through the API
restart: always
Expand Down
4 changes: 2 additions & 2 deletions django/docker-compose.django.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ services:
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_storage
# - ./.acrakeys/acra-writer/${ACRA_CLIENT_ID}_storage.pub
acra-keymaker_writer:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=}
Expand Down Expand Up @@ -57,7 +57,7 @@ services:


acra-server:
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
# Restart server after correct termination, for example after the config
# was changed through the API
restart: always
Expand Down
12 changes: 6 additions & 6 deletions python-mysql-postgresql/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@ By default in this demo, Acra configured to work with MySQL database.

### 3.1 Data Encryption(Write)

Let's write some data to DB using the [`extended_example.py`](https://github.com/cossacklabs/acra/blob/master/examples/python/extended_example.py) script:
Let's write some data to DB using the [`example_type_awareness.py`](https://github.com/cossacklabs/acra/blob/master/examples/python/extended_example.py) script:

```bash
docker exec -it python-mysql-postgresql_python_1 python3 extended_example.py --host=acra-server --port=9393 --data=data.json
docker exec -it python-mysql-postgresql_python_1 python3 example_type_awareness.py --host=acra-server --port=9393 --data=type_awareness_data.json

$:
data: [{'token_i32': 1234, 'token_i64': 645664, 'token_str': '078-05-1111', 'token_bytes': 'byt13es', 'token_email': 'john_wed@cl.com', 'data': 'John Wed, Senior Relationshop Manager', 'masking': '$112000', 'searchable': 'john_wed@cl.com'}, {'token_i32': 1235, 'token_i64': 645665, 'token_str': '078-05-1112', 'token_bytes': 'byt13es2', 'token_email': 'april_cassini@cl.com', 'data': 'April Cassini, Marketing Manager', 'masking': '$168000', 'searchable': 'april_cassini@cl.com'}, {'token_i32': 1236, 'token_i64': 645667, 'token_str': '078-05-1117', 'token_bytes': 'byt13es3', 'token_email': 'george_clooney@cl.com', 'data': 'George Clooney, Famous Actor', 'masking': '$780000', 'searchable': 'george_clooney@cl.com'}]
Expand All @@ -42,7 +42,7 @@ data: [{'token_i32': 1234, 'token_i64': 645664, 'token_str': '078-05-1111', 'tok
To read and decrypt data the same script could be used but with `--print` param provided:

```bash
docker exec -it python-mysql-postgresql_python_1 python3 extended_example.py --host=acra-server --port=9393 --print
docker exec -it python-mysql-postgresql_python_1 python3 example_type_awareness.py --host=acra-server --port=9393 --print
```

You should see the output that contains all decrypted data:
Expand Down Expand Up @@ -96,7 +96,7 @@ docker restart python-mysql-postgresql_acra-server_1
### 4.1 Data Encryption(Write)

```bash
docker exec -it python-mysql-postgresql_python_1 python3 extended_example.py --host=acra-server --port=9393 --data=data.json --postgresql
docker exec -it python-mysql-postgresql_python_1 python3 example_type_awareness.py --host=acra-server --port=9393 --data=type_awareness_data.json --postgresql

$:
data: [{'token_i32': 1234, 'token_i64': 645664, 'token_str': '078-05-1111', 'token_bytes': 'byt13es', 'token_email': 'john_wed@cl.com', 'data': 'John Wed, Senior Relationshop Manager', 'masking': '$112000', 'searchable': 'john_wed@cl.com'}, {'token_i32': 1235, 'token_i64': 645665, 'token_str': '078-05-1112', 'token_bytes': 'byt13es2', 'token_email': 'april_cassini@cl.com', 'data': 'April Cassini, Marketing Manager', 'masking': '$168000', 'searchable': 'april_cassini@cl.com'}, {'token_i32': 1236, 'token_i64': 645667, 'token_str': '078-05-1117', 'token_bytes': 'byt13es3', 'token_email': 'george_clooney@cl.com', 'data': 'George Clooney, Famous Actor', 'masking': '$780000', 'searchable': 'george_clooney@cl.com'}]
Expand All @@ -107,7 +107,7 @@ data: [{'token_i32': 1234, 'token_i64': 645664, 'token_str': '078-05-1111', 'tok
To read and decrypt data the same script could be used but with `--print` param provided:

```bash
docker exec -it python-mysql-postgresql_python_1 python3 extended_example.py --host=acra-server --port=9393 --print --postgresql
docker exec -it python-mysql-postgresql_python_1 python3 example_type_awareness.py --host=acra-server --port=9393 --print --postgresql
```

You should see the output that contains all decrypted data:
Expand Down Expand Up @@ -166,7 +166,7 @@ Select `View/Edit Data > All rows` and now you can see content of the table. Dow

## 6. Show me the code!

Take a look at the complete code of [`extended_example.py`](https://github.com/cossacklabs/acra/blob/master/examples/python/extended_example.py).
Take a look at the complete code of [`example_type_awareness.py`](https://github.com/cossacklabs/acra/blob/master/examples/python/example_type_awareness.py).

Let's see how many code lines are necessary to encrypt some data using Acra.

Expand Down
4 changes: 2 additions & 2 deletions python-mysql-postgresql/acra-server-config/acra-server.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
version: 0.95.0
version: 0.96.0
mysql_enable: true
db_host: mysql
db_port: 3306
encryptor_config_file: "/config/extended_encryptor_config.yaml"
encryptor_config_file: "/config/example_type_awareness_encryptor_config.yaml"
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ services:
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_storage
# - ./.acrakeys/acra-writer/${ACRA_CLIENT_ID}_storage.pub
acra-keymaker_client:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=}
Expand Down Expand Up @@ -87,7 +87,7 @@ services:
- webui-mysql

acra-server:
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
# Restart server after correct termination, for example after the config
# was changed through the API
restart: always
Expand Down Expand Up @@ -115,7 +115,7 @@ services:
- ../_common/ssl/acra-server/:/ssl
- ../_common/ssl/ca/ca.crt:/ssl/root.crt
- ./acra-server-config:/config
- ../acra/examples/python/extended_encryptor_config.yaml:/config/extended_encryptor_config.yaml
- ../acra/examples/python/example_type_awareness_encryptor_config.yaml:/config/example_type_awareness_encryptor_config.yaml
command: >-
--token_db=/data/token.db
--keys_dir=/data/acra-server
Expand Down
2 changes: 1 addition & 1 deletion python-searchable/acra-server-config/acra-server.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.95.0
version: 0.96.0

encryptor_config_file: "/config/searchable.yaml"

Expand Down
4 changes: 2 additions & 2 deletions python-searchable/docker-compose.python-searchable.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ services:
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_storage
# - ./.acrakeys/acra-writer/${ACRA_CLIENT_ID}_storage.pub
acra-keymaker_client:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=}
Expand Down Expand Up @@ -53,7 +53,7 @@ services:
- webui-mysql

acra-server:
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
# Restart server after correct termination, for example after the config
# was changed through the API
restart: always
Expand Down
2 changes: 1 addition & 1 deletion python/acra-server-config/acra-server.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
version: 0.95.0
version: 0.96.0

encryptor_config_file: "/config/encryptor_config.yaml"
17 changes: 11 additions & 6 deletions python/docker-compose.python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,13 @@ services:
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_storage
# - ./.acrakeys/acra-writer/${ACRA_CLIENT_ID}_storage.pub
acra-keymaker_client:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=}
volumes:
- ./.acrakeys:/keys
- acra-server:/keys
- acra-writer:/keys/acra-writer
- ../_common/ssl/acra-client/:/ssl:ro
command: >-
--client_id=""
Expand Down Expand Up @@ -53,7 +54,7 @@ services:
- world

acra-server:
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.95.0}"
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-0.96.0}"
# Restart server after correct termination, for example after the config
# was changed through the API
restart: always
Expand All @@ -73,7 +74,7 @@ services:
volumes:
# Mount the directory with only the keys for this service. Must be
# rewriteable in case of using API, otherwise should be read-only.
- ./.acrakeys/acra-server:/keys
- acra-server:/keys
# Directory with configuration, rewriteable
- ./acra-server-config:/config
- ../_common/ssl/acra-server/:/ssl
Expand All @@ -82,7 +83,7 @@ services:
command: >-
--db_host=postgresql
--db_port=5432
--keys_dir=/keys
--keys_dir=/keys/acra-server
--http_api_enable
--tls_auth=4
--tls_ca=/ssl/root.crt
Expand Down Expand Up @@ -135,7 +136,7 @@ services:
- python-server
volumes:
- ../acra/examples/python:/app
- ./.acrakeys/acra-writer:/app.acrakeys:ro
- acra-writer:/app.acrakeys:ro


postgresqlweb:
Expand Down Expand Up @@ -222,3 +223,7 @@ networks:
internal: true
grafana-prometheus:
internal: true

volumes:
acra-server:
acra-writer:
Loading