feat: regitry stuff

Author: coodos

infrastructure/evault-core/src/w3id/w3id.ts

@@ -7,64 +7,64 @@ import { SecretsStore } from "../secrets/secrets-store";
 import { uint8ArrayToHex } from "../utils/codec";
 
 export class W3ID {
-  private static instance: W3IDClass;
-  private static secretsStore: SecretsStore;
+    private static instance: W3IDClass;
+    private static secretsStore: SecretsStore;
 
-  private constructor() {}
+    private constructor() { }
 
-  static async get(options?: {
-    id: string;
-    driver: Driver;
-    password?: string;
-  }) {
-    if (W3ID.instance) return W3ID.instance;
-    if (!options)
-      throw new Error(
-        "No instance of W3ID exists yet, please create it by passing options"
-      );
+    static async get(options?: {
+        id: string;
+        driver: Driver;
+        password?: string;
+    }) {
+        if (W3ID.instance) return W3ID.instance;
+        if (!options)
+            throw new Error(
+                "No instance of W3ID exists yet, please create it by passing options"
+            );
 
-    // Initialize secrets store if not already done
-    if (!W3ID.secretsStore) {
-      if (!options.password) {
-        throw new Error("Password is required for secrets store");
-      }
-      W3ID.secretsStore = new SecretsStore(
-        process.env.SECRETS_STORE_PATH!,
-        options.password
-      );
-    }
+        // Initialize secrets store if not already done
+        if (!W3ID.secretsStore) {
+            if (!options.password) {
+                throw new Error("Password is required for secrets store");
+            }
+            W3ID.secretsStore = new SecretsStore(
+                process.env.SECRETS_STORE_PATH!,
+                options.password
+            );
+        }
 
-    const repository = new LogService(options.driver);
-    const keyId = `w3id-${options.id}`;
+        const repository = new LogService(options.driver);
+        const keyId = `w3id-${options.id}`;
 
-    try {
-      // Try to get existing seed
-      const { seed, nextKeyHash } = await W3ID.secretsStore.getSeed(keyId);
-      const keyPair = nacl.sign.keyPair.fromSeed(seed);
-      W3ID.instance = await new W3IDBuilder()
-        .withId(options.id)
-        .withRepository(repository)
-        .withGlobal(true)
-        .withSigner(createSigner(keyPair))
-        .withNextKeyHash(nextKeyHash)
-        .build();
-    } catch {
-      // If no seed exists, create new one
-      const keyPair = nacl.sign.keyPair();
-      const nextKeyPair = nacl.sign.keyPair();
-      const nextKeyHash = await hash(uint8ArrayToHex(nextKeyPair.publicKey));
+        try {
+            // Try to get existing seed
+            const { seed, nextKeyHash } = await W3ID.secretsStore.getSeed(keyId);
+            const keyPair = nacl.sign.keyPair.fromSeed(seed);
+            W3ID.instance = await new W3IDBuilder()
+                .withId(options.id)
+                .withRepository(repository)
+                .withGlobal(true)
+                .withSigner(createSigner(keyPair))
+                .withNextKeyHash(nextKeyHash)
+                .build();
+        } catch {
+            // If no seed exists, create new one
+            const keyPair = nacl.sign.keyPair();
+            const nextKeyPair = nacl.sign.keyPair();
+            const nextKeyHash = await hash(uint8ArrayToHex(nextKeyPair.publicKey));
 
-      // Store the seed
-      await W3ID.secretsStore.storeSeed(keyId, keyPair.secretKey, nextKeyHash);
+            // Store the seed
+            await W3ID.secretsStore.storeSeed(keyId, keyPair.secretKey, nextKeyHash);
 
-      W3ID.instance = await new W3IDBuilder()
-        .withId(options.id)
-        .withRepository(repository)
-        .withSigner(createSigner(keyPair))
-        .withNextKeyHash(nextKeyHash)
-        .build();
-    }
+            W3ID.instance = await new W3IDBuilder()
+                .withId(options.id)
+                .withRepository(repository)
+                .withSigner(createSigner(keyPair))
+                .withNextKeyHash(nextKeyHash)
+                .build();
+        }
 
-    return W3ID.instance;
-  }
+        return W3ID.instance;
+    }
 }

infrastructure/evault-provisioner/src/index.ts

@@ -37,8 +37,6 @@ app.post(
         res: Response<ProvisionResponse>,
     ) => {
         try {
-            // TODO: change this to take namespace from the payload, and signed entropy
-            // JWT so that we can verify both parts of the UUID come from know source
             const { registryEntropy, namespace } = req.body;
 
             if (!registryEntropy || !namespace) {

infrastructure/evault-provisioner/src/listeners/alloc.ts

@@ -44,6 +44,20 @@ export async function provisionEVault(w3id: string, eVaultId: string) {
     });
     await coreApi.createNamespacedPersistentVolumeClaim({ namespace: namespaceName, body: pvcSpec('neo4j-data') });
     await coreApi.createNamespacedPersistentVolumeClaim({ namespace: namespaceName, body: pvcSpec('evault-store') });
+    await coreApi.createNamespacedPersistentVolumeClaim({
+        namespace: namespaceName, body: {
+            metadata: { name: 'evault-secrets', namespace: namespaceName },
+            spec: {
+                accessModes: ['ReadWriteOnce'],
+                resources: {
+                    requests: {
+                        storage: '2Mi'
+                    }
+                }
+            }
+        }
+    });
+
 
     const deployment = {
         metadata: { name: 'evault', namespace: namespaceName },
@@ -73,14 +87,17 @@ export async function provisionEVault(w3id: string, eVaultId: string) {
                                 { name: 'NEO4J_USER', value: 'neo4j' },
                                 { name: 'NEO4J_PASSWORD', value: neo4jPassword },
                                 { name: 'PORT', value: containerPort.toString() },
-                                { name: 'W3ID', value: w3id }
+                                { name: 'W3ID', value: w3id },
+                                { name: "ENCRYPTION_PASSWORD", value: neo4jPassword },
+                                { name: "SECRETS_STORE_PATH", value: "/secrets" }
                             ],
                             volumeMounts: [{ name: 'evault-store', mountPath: '/evault/data' }]
                         }
                     ],
                     volumes: [
                         { name: 'neo4j-data', persistentVolumeClaim: { claimName: 'neo4j-data' } },
-                        { name: 'evault-store', persistentVolumeClaim: { claimName: 'evault-store' } }
+                        { name: 'evault-store', persistentVolumeClaim: { claimName: 'evault-store' } },
+                        { name: 'evault-secrets', persistentVolumeClaim: { claimName: "evault-secrets" } }
                     ]
                 }
             }

infrastructure/evault-provisioner/src/templates/evault.nomad.ts

@@ -1,27 +1,36 @@
 {
-  "name": "registry",
-  "version": "1.0.0",
-  "description": "Registry service for entropy and service discovery",
-  "main": "dist/index.js",
-  "scripts": {
-    "build": "tsc",
-    "start": "node dist/index.js",
-    "dev": "ts-node src/index.ts",
-    "test": "jest"
-  },
-  "dependencies": {
-    "@fastify/jwt": "^7.2.3",
-    "axios": "^1.6.7",
-    "dotenv": "^16.5.0",
-    "fastify": "^4.26.1",
-    "jose": "^5.2.2"
-  },
-  "devDependencies": {
-    "@types/jest": "^29.5.12",
-    "@types/node": "^20.11.19",
-    "jest": "^29.7.0",
-    "ts-jest": "^29.1.2",
-    "ts-node": "^10.9.2",
-    "typescript": "^5.3.3"
-  }
+    "name": "registry",
+    "version": "1.0.0",
+    "description": "Registry service for entropy and service discovery",
+    "main": "dist/index.js",
+    "scripts": {
+        "build": "tsc",
+        "start": "node dist/index.js",
+        "dev": "ts-node src/index.ts",
+        "test": "jest",
+        "typeorm": "typeorm-ts-node-commonjs",
+        "migration:generate": "npm run typeorm migration:generate -- -d src/config/database.ts",
+        "migration:run": "npm run typeorm migration:run -- -d src/config/database.ts",
+        "migration:revert": "npm run typeorm migration:revert -- -d src/config/database.ts",
+        "migration:create": "npm run typeorm migration:create"
+    },
+    "dependencies": {
+        "@fastify/jwt": "^7.2.3",
+        "axios": "^1.6.7",
+        "dotenv": "^16.5.0",
+        "fastify": "^4.26.1",
+        "jose": "^5.2.2",
+        "pg": "^8.11.3",
+        "reflect-metadata": "^0.2.1",
+        "typeorm": "^0.3.24"
+    },
+    "devDependencies": {
+        "@types/jest": "^29.5.12",
+        "@types/node": "^20.11.19",
+        "@types/pg": "^8.11.0",
+        "jest": "^29.7.0",
+        "ts-jest": "^29.1.2",
+        "ts-node": "^10.9.2",
+        "typescript": "^5.3.3"
+    }
 }

platforms/registry/package.json

@@ -0,0 +1,18 @@
+import { DataSource } from "typeorm"
+import { Vault } from "../entities/Vault"
+import * as dotenv from "dotenv"
+import { join } from "path"
+
+// Load environment variables from root .env file
+dotenv.config({ path: join(__dirname, "../../../.env") })
+
+export const AppDataSource = new DataSource({
+    type: "postgres",
+    url: process.env.REGISTRY_DATABASE_URL || "postgresql://postgres:postgres@localhost:5432/registry",
+    synchronize: process.env.NODE_ENV !== "production",
+    logging: process.env.NODE_ENV !== "production",
+    entities: [Vault],
+    migrations: [join(__dirname, "../migrations/*.{ts,js}")],
+    migrationsTableName: "migrations",
+    subscribers: [],
+}) 

platforms/registry/src/config/database.ts

@@ -0,0 +1,16 @@
+import { Entity, PrimaryGeneratedColumn, Column } from "typeorm"
+
+@Entity()
+export class Vault {
+    @PrimaryGeneratedColumn()
+    id!: number
+
+    @Column()
+    ename!: string
+
+    @Column()
+    uri!: string
+
+    @Column()
+    evault!: string
+}