/
run.sh
executable file
·86 lines (76 loc) · 4.16 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/env bash
set -e
# This script, `./run.sh ...` is invoked on a developer’s work machine.
#
# This hands-on example uses Ockam to create an end-to-end encrypted portal to postgres. We connect a
# nodejs app in one virtual private network with a postgres database in another virtual private network.
#
# The example uses docker and docker compose to create these virtual networks.
#
# You can read a detailed walkthrough of this example at:
# https://docs.ockam.io/portals/databases/postgres/docker
run() {
# Run `ockam enroll`.
#
# The enroll command creates a new vault and generates a cryptographic identity with
# private keys stored in that vault. It then guides you to sign in to Ockam Orchestrator.
#
# If this is your first time signing in, the Orchestrator creates a new dedicated project
# for you. A project offers two services: a membership authority and a relay service.
#
# The enroll command then asks this project’s membership authority to sign and issue
# a credential that attests that your identifier is a member of this project. Since your
# account in Orchestrator is the creator and hence first administrator on this new project,
# the membership authority issues this credential. The enroll command stores the
# credential for later use and exits.
ockam enroll
# Create an enrollment ticket to enroll the identity used by an ockam node that will run
# adjacent to the postgres server in bank_corp's network.
#
# The identity that enrolls with the generated ticket will be given a project membership
# credential in which the project membership authority will cryptographically attest to the
# specified attributes - postgres-outlet=true.
#
# The identity will also allowed to create a relay in the project at the address `postgres`.
bank_corp_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m \
--attribute "postgres-outlet=true" --relay postgres)
# Create an enrollment ticket to enroll the identity used by an ockam node that will run
# adjacent to the postgres client app in analysis_corp's network.
#
# The identity that enrolls with the generated ticket will be given a project membership
# credential in which the project membership authority will cryptographically attest to the
# specified attributes - postgres-inlet=true.
analysis_corp_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m \
--attribute "postgres-inlet=true")
# Invoke `docker-compose up` in the directory that has bank_corp's configuration.
# Pass the above enrollment ticket as an environment variable.
#
# Read bank_corp/docker-compose.yml to understand the parts that are provisioned
# in bank_corp's virtual private network.
echo; pushd bank_corp; ENROLLMENT_TICKET="$bank_corp_ticket" docker-compose up -d; popd
# Invoke `docker-compose up` in the directory that has analysis_corp's configuration.
# Pass the above enrollment ticket as an environment variable.
#
# Read analysis_corp/docker-compose.yml to understand the parts that are provisioned
# in analysis_corp's virtual private network.
echo; pushd analysis_corp; ENROLLMENT_TICKET="$analysis_corp_ticket" docker-compose up; popd
}
# Cleanup after the example - `./run.sh cleanup`
# Remove all containers and images pulled or created by docker compose.
cleanup() {
pushd bank_corp; docker-compose down --rmi all --remove-orphans; popd
pushd analysis_corp; docker-compose down --rmi all --remove-orphans; popd
}
# Check if Ockam Command is already installed and available in path.
# If it's not, then install it (only if we are not cleaning up)
if ! type ockam &>/dev/null && ! [[ "$1" = "cleanup" ]]; then
curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash
source "$HOME/.ockam/env"
fi
# Check that tools we we need installed.
for c in docker docker-compose curl; do
if ! type "$c" &>/dev/null; then echo "ERROR: Please install: $c" && exit 1; fi
done
# Check if the first argument is "cleanup"
# If it is, call the cleanup function. If not, call the run function.
if [ "$1" = "cleanup" ]; then cleanup; else run; fi