forked from microsoft/azure-privacy-sandbox-kms
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Makefile
executable file
Β·209 lines (168 loc) Β· 8.61 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
SHELL := /bin/bash
CCF_NAME ?= "500dev10"
PYTHON_VENV := .venv_ccf_sandbox
KMS_WORKSPACE ?= ${PWD}/workspace
KMS_URL ?= https://127.0.0.1:8000
KEYS_DIR ?= ${KMS_WORKSPACE}/sandbox_common
RUN_BACK ?= true
CCF_PLATFORM ?= virtual
DEPLOYMENT_ENV ?= $(if $(shell echo $(KMS_URL) | grep -E '127.0.0.1|localhost'),local,cloud)
ifndef MEMBER_COUNT
ifeq ($(findstring https://127.0.0.1,$(KMS_URL)),https://127.0.0.1)
MEMBER_COUNT := 3
else
MEMBER_COUNT := 1
endif
endif
CCF_SANDBOX_EXTRA_ARGS ?=
ifeq ($(INSTALL),local)
CCFSB=../../CCF/tests/sandbox
else
CCFSB=/opt/ccf_${CCF_PLATFORM}/bin
endif
.PHONY: help
.DEFAULT_GOAL := help
help: ## π¬ This help message :)
@grep -E '[a-zA-Z_-]+:.*?## .*$$' $(firstword $(MAKEFILE_LIST)) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-22s\033[0m %s\n", $$1, $$2}'
build: ## π¨ Build the Application
@echo -e "\e[34m$@\e[0m" || true;
./scripts/set_python_env.sh
npm install
npm run build
setup: ## Setup proposals and generate an initial key
@echo -e "\e[34m$@\e[0m" || true
CCF_PLATFORM=${CCF_PLATFORM} ./scripts/kms_setup.sh --network-url "${KMS_URL}" --certificate_dir "${KEYS_DIR}"
stop-host: ## π Stop the host
@echo -e "\e[34m$@\e[0m" || true
sudo lsof -t -i :8000 | xargs -r sudo kill -9
stop-idp: ## π Stop the idp
@echo -e "\e[34m$@\e[0m" || true
sudo lsof -t -i :3000 | xargs -r sudo kill -9
stop-all: stop-host stop-idp # Stop all services
@echo -e "\e[34m$@\e[0m" || true
# idp commands to issue JWT
start-idp: ## π Start the idp for testing jwt
@echo -e "\e[34m$@\e[0m" || true
mkdir -p ${KMS_WORKSPACE}
cd test/utils/jwt && KMS_WORKSPACE=${KMS_WORKSPACE} nohup npm run start > nohup.out 2>&1 &
./scripts/wait_idp_ready.sh
# Start hosting the application using `sandbox.sh` and enable custom JWT authentication
start-host: stop-host ## π Start the CCF network using Sandbox.sh
@echo -e "\e[34m$@\e[0m" || true
$(CCFSB)/sandbox.sh --js-app-bundle ./dist/ --initial-member-count ${MEMBER_COUNT} --initial-user-count 1 --constitution ./governance/constitution/kms_actions.js -v --http2
start-host-idp: stop-host stop-idp start-idp build ## π Start the CCF network && idp using Sandbox.sh
@echo -e "\e[34m$@\e[0m" || true
@echo "Executing: $(COMMAND)"
if [ "$(RUN_BACK)" = "true" ]; then \
env -i PATH=${PATH} KMS_WORKSPACE=${KMS_WORKSPACE} $(CCFSB)/sandbox.sh --js-app-bundle ./dist/ --initial-member-count ${MEMBER_COUNT} --initial-user-count 1 --constitution ./governance/constitution/kms_actions.js --jwt-issuer ${KMS_WORKSPACE}/proposals/set_jwt_issuer_test_sandbox.json -v --http2 \
${CCF_SANDBOX_EXTRA_ARGS} & \
else \
env -i PATH=${PATH} KMS_WORKSPACE=${KMS_WORKSPACE} $(CCFSB)/sandbox.sh --js-app-bundle ./dist/ --initial-member-count ${MEMBER_COUNT} --initial-user-count 1 --constitution ./governance/constitution/kms_actions.js --jwt-issuer ${KMS_WORKSPACE}/proposals/set_jwt_issuer_test_sandbox.json -v --http2 \
${CCF_SANDBOX_EXTRA_ARGS}; \
fi
demo: stop-all start-host-idp ## π¬ Demo the KMS Application in the Sandbox
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/test_sandbox.sh --nodeAddress 127.0.0.1:8000 --certificate_dir ${KMS_WORKSPACE}/sandbox_common --constitution ./governance/constitution/kms_actions.js
# Propose the JWT validation policy
propose-jwt-demo-validation-policy: ## π Deploy the JWT validation policy
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/jwt/set_jwt_demo_validation_policy_proposal.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
# Propose a new idp
propose-jwt-ms-validation-policy: ## π Propose the AAD as idp
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/jwt/set_jwt_ms_validation_policy_proposal.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
# Propose a new settings policy
propose-settings-policy: ## π Deploy the settings policy
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/policies/settings-policy.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
# Propose a new key release policy
propose-add-key-release-policy: ## π Deploy the add claim key release policy to the sandbox or mCCF
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/policies/key-release-policy-add.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
propose-rm-key-release-policy: ## π Deploy the remove claim key release policy to the sandbox or mCCF
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, KMS_URL)
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/policies/key-release-policy-remove.json --certificate_dir "${KEYS_DIR}"
propose-key-rotation-policy: ## π Deploy the key rotation policy to the sandbox or mCCF
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/policies/key-rotation-policy.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
refresh-key: ## π Refresh a key on the instance
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, KMS_URL)
@CCF_PLATFORM=${CCF_PLATFORM};curl "${KMS_URL}"/app/refresh -X POST --cacert "${KEYS_DIR}"/service_cert.pem -H "Content-Type: application/json" -i -w '\n'
set-constitution: start-host-idp ## Set new custom constitution
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, KMS_URL)
$(call check_defined, KEYS_DIR)
# Copy the files to the KEYS_DIR to construct the full constitution
if [ "${KMS_WORKSPACE}/sandbox_common" != "${KEYS_DIR}" ]; then \
echo "Copying files for constitution"; \
@sleep 5; \
cp -r ${KMS_WORKSPACE}/sandbox_common/*.js ${KEYS_DIR}; \
fi
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_constitution.sh --network-url "${KMS_URL}" --certificate-dir "${KEYS_DIR}" --custom-constitution ./governance/constitution/kms_actions.js --member-count ${MEMBER_COUNT}
get-service-cert: # Get the mCCF service cert
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, IDENTITY_URL)
curl ${IDENTITY_URL} | jq ' .ledgerTlsCertificate' | xargs echo -e > ${KEYS_DIR}/service_cert.pem
setup-mCCF: set-constitution deploy propose-add-key-release-policy propose-jwt-ms-validation-policy refresh-key ## π Prepare an mCCF instance
@echo -e "\e[34m$@\e[0m" || true
# The following are here in case you forget to change directory!
deploy: build ## π Deploy Managed CCF or local
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/deploy.sh --network-url "${KMS_URL}" --certificate_dir "${KEYS_DIR}"
lint: ## π Lint the code base (but don't fix)
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/lint.sh --fix
# Manage Infra -----------------------------------------------------------------
ccf-sandbox-up:
@WORKSPACE=${KMS_WORKSPACE} \
DEPLOYMENT_ENV=${DEPLOYMENT_ENV} \
IMAGE_TAG=${IMAGE_TAG} \
DEPLOYMENT_NAME=$(deployment-name) \
./scripts/ccf-sandbox-up.sh
ccf-sandbox-down:
@DEPLOYMENT_ENV=${DEPLOYMENT_ENV} \
DEPLOYMENT_NAME=$(deployment-name) \
./scripts/ccf-sandbox-down.sh
ccf-sandbox-attach:
@DEPLOYMENT_ENV=${DEPLOYMENT_ENV} \
./scripts/ccf-sandbox-attach.sh
ccf-sandbox-logs:
@DEPLOYMENT_ENV=${DEPLOYMENT_ENV} \
./scripts/ccf-sandbox-logs.sh
jwt-issuer-up:
@WORKSPACE=${KMS_WORKSPACE} \
DEPLOYMENT_ENV=${DEPLOYMENT_ENV} \
IMAGE_TAG=${IMAGE_TAG} \
./scripts/jwt-issuer-up.sh
jwt-issuer-down:
@DEPLOYMENT_ENV=${DEPLOYMENT_ENV} \
./scripts/jwt-issuer-down.sh
jwt-issuer-trust:
@WORKSPACE=${KMS_WORKSPACE} \
KMS_URL=${KMS_URL} \
DEPLOYMENT_ENV=${DEPLOYMENT_ENV} \
./scripts/jwt-issuer-trust.sh
# Manage KMS -------------------------------------------------------------------
js-app-set:
@WORKSPACE=${KMS_WORKSPACE} \
KMS_URL=${KMS_URL} \
./scripts/js-app-set.sh
constitution-set:
@WORKSPACE=${KMS_WORKSPACE} \
KMS_URL=${KMS_URL} \
CONSTITUTION_PATH=./governance/constitution/kms_actions.js \
./scripts/constitution-set.sh
release-policy-set:
@WORKSPACE=${KMS_WORKSPACE} \
KMS_URL=${KMS_URL} \
RELEASE_POLICY_PROPOSAL=$(release-policy-proposal) \
./scripts/release-policy-set.sh
test-system:
@pytest -s test/system-test/$(filter-out $@,$(MAKECMDGOALS))
# Keep this at the bottom.
clean: ## π§Ή Clean the working folders created during build/demo
@rm -rf ${PYTHON_VENV}
@rm -rf ${KMS_WORKSPACE}
@rm -rf dist