hyperledger · Jul 24, 2023 · Jul 21, 2023 · Jul 21, 2023 · Jul 21, 2023 · Jul 21, 2023
@@ -0,0 +1,10 @@
+---
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-added-large-files
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,26 @@
+apiVersion: v2
+name: prism-node
+description: A Helm chart for deploying prism-mediator
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.5.0"
+
+dependencies: []
@@ -0,0 +1,22 @@
+{{- define "cors" }}
+    {{- if .Values.ingress.cors.enabled }}
+    - name: cors
+      enable: true
+      {{- if .Values.ingress.cors.allow_origins }}
+      config:
+        allow_origins: {{ .Values.ingress.cors.allow_origins | quote }}
+      {{- end }}
+    {{- end }}
+{{- end -}}
+{{- define "consumer-restriction" }}
+    - name: consumer-restriction
+      enable: true
+      config:
+        whitelist:
+        {{- range .Values.ingress.consumers }}
+          -  {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }}
+        {{- end }}
+{{- end -}}
+{{- define "labels.common" -}}
+app.kubernetes.io/part-of: prism-mediator
+{{- end -}}
@@ -0,0 +1,18 @@
+{{- if .Values.ingress.enabled }}
+{{- $root := . -}}
+{{- range $consumer := .Values.ingress.consumers }}
+apiVersion: apisix.apache.org/v2
+kind: ApisixConsumer
+metadata:
+  name: "{{ $consumer | lower }}"
+  namespace: "{{ $root.Release.Namespace }}"
+  labels:
+    {{ template "labels.common" . }}
+spec:
+  authParameter:
+    keyAuth:
+      secretRef:
+        name: "{{ $root.Release.Namespace }}-{{ $consumer | lower }}"
+---
+{{- end }}
+{{- end }}
@@ -0,0 +1,56 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: apisix.apache.org/v2
+kind: ApisixRoute
+metadata:
+  name: mediator-route
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    {{ template "labels.common" . }}
+spec:
+  http:
+  - name: mediator-rule
+    match:
+      hosts:
+      {{- range .Values.ingress.applicationUrls }}
+        - {{ . }}
+      {{- end }}
+      paths:
+      - /*
+    backends:
+       - serviceName: mediator-service
+         servicePort: 8080
+    plugins:
+    - name: proxy-rewrite
+      enable: true
+      config:
+        regex_uri: ["^/(.*)","/$1"]
+
+---
+
+apiVersion: apisix.apache.org/v2
+kind: ApisixRoute
+metadata:
+  name: mediator-docs-route
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    {{ template "labels.common" . }}
+spec:
+  http:
+  - name: mediator-docs-rule
+    match:
+      hosts:
+      {{- range .Values.ingress.applicationUrls }}
+        - {{ . }}
+      {{- end }}
+      paths:
+      - /docs/mediator/api/*
+    backends:
+       - serviceName: mediator-service
+         servicePort: 8080
+    plugins:
+    - name: proxy-rewrite
+      enable: true
+      config:
+        regex_uri: ["^/docs/mediator/api/(.*)","/api/$1"]
+    {{ template "cors" . }}
+{{- end -}}
@@ -0,0 +1,17 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: apisix.apache.org/v2
+kind: ApisixTls
+metadata:
+  name: "prism-mediator-base-path-tls"
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    {{ template "labels.common" . }}
+spec:
+  hosts:
+  {{- range .Values.ingress.applicationUrls }}
+    - {{ . }}
+  {{- end }}
+  secret:
+    name: "prism-mediator-base-path-secret"
+    namespace: "{{ .Release.Namespace }}"
+{{- end }}
@@ -0,0 +1,20 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "prism-mediator-base-path-cert"
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    {{ template "labels.common" . }}
+spec:
+  secretName: "prism-mediator-base-path-secret"
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+  {{- range .Values.ingress.applicationUrls }}
+    - {{ . }}
+  {{- end }}
+{{- end }}
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mediator-server
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+      {{ template "labels.common" . }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: prism-mediator-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: prism-mediator-server
+        {{ template "labels.common" . }}
+    spec:
+      imagePullSecrets:
+      - name: atala-prism-dev-deployments-github-docker-registry-key
+      containers:
+      - name: mediator-server
+        image: "{{ .Values.server.image.repository }}/{{ .Values.server.image.tag }}:{{ .Values.server.image.version | default .Chart.AppVersion }}"
+        imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+        resources:
+            {{- toYaml .Values.server.resources | nindent 12 }}
+        ports:
+        - containerPort: 8080
+        env:
+        - name: MONGODB_USER
+          value: "admin"
+        - name: MONGODB_PASSWORD
+          value: "admin"
+        - name: MONGODB_PROTOCOL
+          value: "mongodb"
+        - name: MONGODB_HOST
+          value: "mongodb.{{.Release.Namespace}}"
+        - name: MONGODB_PORT
+          value: "27017"
+        - name: MONGODB_DB_NAME
+          value: "mediator"
+        - name: SERVICE_ENDPOINT
+          value: "https://{{ index .Values.ingress.applicationUrls 0 }}/mediator"
@@ -0,0 +1,20 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "atala-prism-dev-deployments-github-docker-registry-key"
+  namespace: {{ .Release.Namespace }}
+  labels:
+      {{ template "labels.common" . }}
+spec:
+  refreshInterval: "0"
+  secretStoreRef:
+    name: {{ .Values.secrets.secretStore }}
+    kind: ClusterSecretStore
+  target:
+    template:
+      type: kubernetes.io/dockerconfigjson
+      data:
+        .dockerconfigjson: "{{ `{{ .dockerconfigjson | b64dec }}` }}"
+  dataFrom:
+    - extract:
+        key: {{ .Values.secrets.dockerRegistryToken }}
@@ -0,0 +1,77 @@
+{{- if .Values.database.mongodb.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mongodb
+  labels:
+    app: mongodb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mongodb
+  template:
+    metadata:
+      labels:
+        app: mongodb
+    spec:
+      containers:
+        - name: mongodb
+          image: mongo:6.0.7
+          ports:
+            - containerPort: 27017
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              value: "admin"
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              value: "admin"
+            - name: MONGO_INITDB_DATABASE
+              value: "mediator"
+          volumeMounts:
+            - name: mongodb-scripts
+              mountPath: /docker-entrypoint-initdb.d
+              readOnly: true
+      volumes:
+        - name: mongodb-scripts
+          configMap:
+            name: mongodb-cm
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mongodb-cm
+data:
+  initdb.js: |
+    db.createUser({
+        user: "admin",
+        pwd: "admin",
+        roles: [
+            { role: "readWrite", db: "mediator" }
+        ]
+    });
+    const database = 'mediator';
+    const collectionDidAccount = 'user.account';
+    const collectionMessages = 'messages';
+    use(database);
+    db.createCollection(collectionDidAccount);
+    db.createCollection(collectionMessages);
+    //create index
+    db.getCollection(collectionDidAccount).createIndex({ 'did': 1 }, { unique: true });
+    // Only enforce uniqueness on non-empty arrays
+    db.getCollection(collectionDidAccount).createIndex({ 'alias': 1 }, { unique: true , partialFilterExpression: { "alias.0": { $exists: true } }});
+    db.getCollection(collectionDidAccount).createIndex({ "messagesRef.hash": 1, "messagesRef.recipient": 1 });
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongodb
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  selector:
+    app: mongodb
+  ports:
+    - protocol: TCP
+      port: 27017
+      targetPort: 27017
+---
+{{- end }}
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mediator-service
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    app.kubernetes.io/name: prism-mediator-server
+    app.kubernetes.io/service: prism-mediator-server-main
+    {{ template "labels.common" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: prism-mediator-server
+  ports:
+    - protocol: "TCP"
+      port: 8080
+      targetPort: 8080
+  type: ClusterIP
+
+---
+
+{{- if .Values.ingress.enabled }}
+kind: Service
+apiVersion: v1
+metadata:
+  name:  mediator-domain-name-fake-service
+  namespace: "{{ .Release.Namespace }}"
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: "{{ join ", " .Values.ingress.applicationUrls }}"
+  labels:
+    app.kubernetes.io/name: prism-mediator-server
+    app.kubernetes.io/service: prism-mediator-server-domain-name-fake-service
+    {{ template "labels.common" . }}
+spec:
+  type: ExternalName
+  externalName: {{ .Values.ingress.platformIngressUrl }}
+{{- end }}