Skip to content

Commit

Permalink
Discovery: SQLite-based server implementation (#2589)
Browse files Browse the repository at this point in the history
  • Loading branch information
reinkrul authored Nov 30, 2023
1 parent 8e828c5 commit d1bc3af
Show file tree
Hide file tree
Showing 41 changed files with 2,287 additions and 120 deletions.
13 changes: 8 additions & 5 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -176,9 +176,9 @@ The following options can be configured on the server:
:widths: 20 30 50
:class: options-table

==================================== =============================================================================================================================================================================================================================================================================================================== ==================================================================================================================================================================================================================================
==================================== =============================================================================================================================================================================================================================================================================================================== ================================================================================================================================================================================================================================================================================================================================
Key Default Description
==================================== =============================================================================================================================================================================================================================================================================================================== ==================================================================================================================================================================================================================================
==================================== =============================================================================================================================================================================================================================================================================================================== ================================================================================================================================================================================================================================================================================================================================
configfile nuts.yaml Nuts config file
cpuprofile When set, a CPU profile is written to the given path. Ignored when strictmode is set.
datadir ./data Directory where the node stores its files.
Expand Down Expand Up @@ -207,6 +207,9 @@ The following options can be configured on the server:
crypto.vault.pathprefix kv The Vault path prefix.
crypto.vault.timeout 5s Timeout of client calls to Vault, in Golang time.Duration string format (e.g. 1s).
crypto.vault.token The Vault token. If set it overwrites the VAULT_TOKEN env var.
**Discovery**
discovery.definitions.directory Directory to load Discovery Service Definitions from. If not set, the discovery service will be disabled. If the directory contains JSON files that can't be parsed as service definition, the node will fail to start.
discovery.server.definition_ids [] IDs of the Discovery Service Definitions for which to act as server. If an ID does not map to a loaded service definition, the node will fail to start.
**Events**
events.nats.hostname 0.0.0.0 Hostname for the NATS server
events.nats.port 4222 Port where the NATS server listens on
Expand All @@ -224,7 +227,7 @@ The following options can be configured on the server:
http.default.auth.type Whether to enable authentication for the default interface, specify 'token_v2' for bearer token mode or 'token' for legacy bearer token mode.
http.default.cors.origin [] When set, enables CORS from the specified origins on the default HTTP interface.
**JSONLD**
jsonld.contexts.localmapping [https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json=assets/contexts/lds-jws2020-v1.ldjson,https://schema.org=assets/contexts/schema-org-v13.ldjson,https://nuts.nl/credentials/v1=assets/contexts/nuts.ldjson,https://www.w3.org/2018/credentials/v1=assets/contexts/w3c-credentials-v1.ldjson] This setting allows mapping external URLs to local files for e.g. preventing external dependencies. These mappings have precedence over those in remoteallowlist.
jsonld.contexts.localmapping [https://nuts.nl/credentials/v1=assets/contexts/nuts.ldjson,https://www.w3.org/2018/credentials/v1=assets/contexts/w3c-credentials-v1.ldjson,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json=assets/contexts/lds-jws2020-v1.ldjson,https://schema.org=assets/contexts/schema-org-v13.ldjson] This setting allows mapping external URLs to local files for e.g. preventing external dependencies. These mappings have precedence over those in remoteallowlist.
jsonld.contexts.remoteallowlist [https://schema.org,https://www.w3.org/2018/credentials/v1,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json] In strict mode, fetching external JSON-LD contexts is not allowed except for context-URLs listed here.
**Network**
network.bootstrapnodes [] List of bootstrap nodes ('<host>:<port>') which the node initially connect to.
Expand Down Expand Up @@ -252,12 +255,12 @@ The following options can be configured on the server:
storage.redis.sentinel.password Password for authenticating to Redis Sentinels.
storage.redis.sentinel.username Username for authenticating to Redis Sentinels.
storage.redis.tls.truststorefile PEM file containing the trusted CA certificate(s) for authenticating remote Redis servers. Can only be used when connecting over TLS (use 'rediss://' as scheme in address).
storage.sql.connection Connection string for the SQL database. If not set, it defaults to a SQLite database stored inside the configured data directory
storage.sql.connection Connection string for the SQL database. If not set it, defaults to a SQLite database stored inside the configured data directory. Note: using SQLite is not recommended in production environments. If using SQLite anyways, remember to enable foreign keys ('_foreign_keys=on') and the write-ahead-log ('_journal_mode=WAL').
**VCR**
vcr.openid4vci.definitionsdir Directory with the additional credential definitions the node could issue (experimental, may change without notice).
vcr.openid4vci.enabled true Enable issuing and receiving credentials over OpenID4VCI.
vcr.openid4vci.timeout 30s Time-out for OpenID4VCI HTTP client operations.
==================================== =============================================================================================================================================================================================================================================================================================================== ==================================================================================================================================================================================================================================
==================================== =============================================================================================================================================================================================================================================================================================================== ================================================================================================================================================================================================================================================================================================================================

This table is automatically generated using the configuration flags in the core and engines. When they're changed
the options table must be regenerated using the Makefile:
Expand Down
5 changes: 5 additions & 0 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"context"
"errors"
"fmt"
"github.com/nuts-foundation/nuts-node/discovery"
"github.com/nuts-foundation/nuts-node/vdr/resolver"

"github.com/nuts-foundation/nuts-node/golden_hammer"
Expand All @@ -46,6 +47,7 @@ import (
"github.com/nuts-foundation/nuts-node/didman"
didmanAPI "github.com/nuts-foundation/nuts-node/didman/api/v1"
didmanCmd "github.com/nuts-foundation/nuts-node/didman/cmd"
discoveryCmd "github.com/nuts-foundation/nuts-node/discovery/cmd"
"github.com/nuts-foundation/nuts-node/events"
eventsCmd "github.com/nuts-foundation/nuts-node/events/cmd"
httpEngine "github.com/nuts-foundation/nuts-node/http"
Expand Down Expand Up @@ -192,6 +194,7 @@ func CreateSystem(shutdownCallback context.CancelFunc) *core.System {
vdrInstance := vdr.NewVDR(cryptoInstance, networkInstance, didStore, eventManager)
credentialInstance := vcr.NewVCRInstance(cryptoInstance, vdrInstance, networkInstance, jsonld, eventManager, storageInstance, pkiInstance)
didmanInstance := didman.NewDidmanInstance(vdrInstance, credentialInstance, jsonld)
discoveryInstance := discovery.New(storageInstance, credentialInstance)
authInstance := auth.NewAuthInstance(auth.DefaultConfig(), vdrInstance, credentialInstance, cryptoInstance, didmanInstance, jsonld, pkiInstance)
statusEngine := status.NewStatusEngine(system)
metricsEngine := core.NewMetricsEngine()
Expand Down Expand Up @@ -233,6 +236,7 @@ func CreateSystem(shutdownCallback context.CancelFunc) *core.System {
system.RegisterEngine(credentialInstance)
system.RegisterEngine(networkInstance)
system.RegisterEngine(authInstance)
system.RegisterEngine(discoveryInstance)
system.RegisterEngine(didmanInstance)
system.RegisterEngine(goldenHammer)
// HTTP engine MUST be registered last, because when started it dispatches HTTP calls to the registered routes.
Expand Down Expand Up @@ -333,6 +337,7 @@ func serverConfigFlags() *pflag.FlagSet {
set.AddFlagSet(eventsCmd.FlagSet())
set.AddFlagSet(pki.FlagSet())
set.AddFlagSet(goldenHammerCmd.FlagSet())
set.AddFlagSet(discoveryCmd.FlagSet())

return set
}
2 changes: 1 addition & 1 deletion cmd/root_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ func Test_CreateSystem(t *testing.T) {
system.VisitEngines(func(engine core.Engine) {
numEngines++
})
assert.Equal(t, 15, numEngines)
assert.Equal(t, 16, numEngines)
}

func Test_ClientCommand_ErrorHandlers(t *testing.T) {
Expand Down
37 changes: 37 additions & 0 deletions discovery/cmd/cmd.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
/*
* Copyright (C) 2023 Nuts community
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/

package cmd

import (
"github.com/nuts-foundation/nuts-node/discovery"
"github.com/spf13/pflag"
)

// FlagSet contains flags relevant for the module.
func FlagSet() *pflag.FlagSet {
defs := discovery.DefaultConfig()
flagSet := pflag.NewFlagSet("discovery", pflag.ContinueOnError)
flagSet.String("discovery.definitions.directory", defs.Definitions.Directory,
"Directory to load Discovery Service Definitions from. If not set, the discovery service will be disabled. "+
"If the directory contains JSON files that can't be parsed as service definition, the node will fail to start.")
flagSet.StringSlice("discovery.server.definition_ids", defs.Server.DefinitionIDs,
"IDs of the Discovery Service Definitions for which to act as server. "+
"If an ID does not map to a loaded service definition, the node will fail to start.")
return flagSet
}
Loading

0 comments on commit d1bc3af

Please sign in to comment.