Merge branch 'develop' into feat/discovery

0xPolygonID · Jan 28, 2025 · 6c4709d · 6c4709d
2 parents c7a05ee + 21912ef
commit 6c4709d
Show file tree

Hide file tree

Showing 140 changed files with 12,856 additions and 3,399 deletions.
diff --git a/.env-issuer.sample b/.env-issuer.sample
@@ -33,7 +33,7 @@ ISSUER_KMS_AWS_SECRET_KEY=<aws-secret-key>
 # If you want to use localstack region have to be local and the url should be http://localhost:4566
 ISSUER_KMS_AWS_REGION=<aws-region>
 # Uncomment the following line if you want to use localstack:
-#ISSUER_KMS_AWS_URL=http://localhost:4566
+#ISSUER_KMS_AWS_URL=http://localstack:4566
 
 # if the plugin is localstorage, you can specify the folder path
 ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH=./localstoragekeys
@@ -77,4 +77,12 @@ ISSUER_RESOLVER_PATH=./resolvers_settings.yaml
 # if you want, you can specify the content of the resolvers encoded in base64. In this case ISSUER_RESOLVER_PATH have to be empty
 ISSUER_RESOLVER_FILE=
 
-ISSUER_UNIVERSAL_LINKS_BASE_URL=https://wallet.privado.id
+ISSUER_UNIVERSAL_LINKS_BASE_URL=https://wallet.privado.id
+
+#Payments configuration
+# ISSUER_PAYMENTS_SETTINGS_PATH is the configuration file for payments.
+# You can use another file by specifying the path. Be Sure to the file is mounted in the container (docker compose files)
+ISSUER_PAYMENTS_SETTINGS_PATH=./payment_settings.yaml
+
+#if you want, you can specify the content of the payments configuration encoded in base64. In this case ISSUER_PAYMENTS_SETTINGS_PATH have to be empty
+ISSUER_PAYMENTS_SETTINGS_FILE=
diff --git a/.env-ui.sample b/.env-ui.sample
@@ -5,4 +5,6 @@ ISSUER_UI_WARNING_MESSAGE=
 ISSUER_UI_IPFS_GATEWAY_URL=https://ipfs-proxy-cache.privado.id
 ISSUER_UI_SCHEMA_EXPLORER_AND_BUILDER_URL=https://tools.privado.id
 ISSUER_UI_DISPLAY_METHOD_BUILDER_URL=https://display-method-dev.privado.id
-ISSUER_UI_INSECURE=false
+ISSUER_UI_INSECURE=false
+ISSUER_UI_BASE_URL=/
+ISSUER_UI_PAYMENT_PAGES_ENABLED=false
diff --git a/.github/workflows/delete_testing_env.yml b/.github/workflows/delete_testing_env.yml
@@ -1,9 +1,14 @@
 name: Delete Helm Release
 
-on: [delete]
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to target'
+        required: true
 
 env:
-  BRANCH_NAME: ${{ github.event.ref }}
+  BRANCH_NAME: ${{ github.event.inputs.branch }}
 
 jobs:
   delete:
@@ -24,14 +29,14 @@ jobs:
           echo "Extracted URL: $url"
           echo "::set-output name=url::$url"
 
-      - name: Cambiar contexto de kubectl
+      - name: change k3s context
         run: |
           kubectl config use-context k3s
 
-      - name: Verificar conexión al clúster
+      - name: check if the cluster exists
         run: kubectl cluster-info
 
-      - name: Check if helm chart exists
+      - name: check if helm chart exists
         id: helm_check
         run: |
           result=$(helm list --namespace "${{ steps.extract-url.outputs.url }}" -q | grep "^${{ steps.extract-url.outputs.url }}$" || echo 'not_found')
@@ -48,7 +53,7 @@ jobs:
           overrule_existing_kubeconfig: "true"
         if: steps.helm_check.outputs.result != 'not_found'
 
-      - name: "Delete namespace"
+      - name: "delete namespace"
         run: |
           kubectl delete namespace ${{ env.BRANCH_NAME }}
         if: steps.helm_check.outputs.result != 'not_found'
diff --git a/.golangci.yml b/.golangci.yml
@@ -66,6 +66,7 @@ linters-settings:
     min-complexity: 35
   revive:
     enable-all-rules: false
+
     rules:
       - name: argument-limit
         severity: warning
@@ -74,6 +75,7 @@ linters-settings:
       - name: exported
         severity: warning
         disabled: false
+        arguments: [ "disableChecksOnConstants", "disableChecksOnVariables" ]
 
 
 issues:

diff --git a/Dockerfile b/Dockerfile
@@ -26,4 +26,5 @@ RUN apk add curl
 COPY --from=base ./service/api ./api
 COPY --from=base ./service/bin/* ./
 COPY --from=base ./service/pkg/credentials ./pkg/credentials
-COPY --from=base ./service/resolvers_settings.* ./
+COPY --from=base ./service/resolvers_settings.* ./
+COPY --from=base ./service/payment_settings.* ./
diff --git a/Makefile b/Makefile
@@ -20,6 +20,11 @@ ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH := ${ISSUER_KMS_PROVIDER_LOCAL_STORA
 ISSUER_KMS_ETH_PROVIDER := ${ISSUER_KMS_ETH_PROVIDER}
 ISSUER_KMS_BJJ_PROVIDER := ${ISSUER_KMS_BJJ_PROVIDER}
 
+aws_access_key := ${ISSUER_KMS_AWS_ACCESS_KEY}
+aws_secret_key := ${ISSUER_KMS_AWS_SECRET_KEY}
+aws_region := ${ISSUER_KMS_AWS_REGION}
+aws_endpoint := ${ISSUER_KMS_AWS_URL}
+
 ISSUER_RESOLVER_FILE := ${ISSUER_RESOLVER_FILE}
 REQUIRED_FILE := ${ISSUER_RESOLVER_PATH}
 
@@ -197,8 +202,7 @@ lint-fix: $(BIN)/golangci-lint
 		  $(BIN)/golangci-lint run --fix
 
 ## Usage:
-## AWS: make private_key=XXX aws_access_key=YYY aws_secret_key=ZZZ aws_region=your-region [aws_endpoint=custom-aws-endpoint] import-private-key-to-kms
-## localstorage and vault: make private_key=XXX import-private-key-to-kms
+## make private_key=XXX import-private-key-to-kms
 .PHONY: import-private-key-to-kms
 import-private-key-to-kms:
 ifeq ($(ISSUER_KMS_ETH_PROVIDER), aws-kms)

diff --git a/README.md b/README.md
@@ -28,6 +28,9 @@ Streamline the **Verifiable Credentials issuance** process with the user-friendl
     - [Install and run Issuer Node API and UI (docker compose and build from source)](#install-and-run-issuer-node-api-and-ui---docker-compose-and-build-from-source)
     - [Running only Issuer Node API (docker compose and build from source)](#running-only-issuer-node-api-docker-compose-and-build-from-source)
   - [KMS Providers Configuration](#kms-providers-configuration)
+    - [Vault](#Running-issuer-node-with-vault-instead-of-local-storage-file)
+    - [AWS Secret Manager](#Running-issuer-node-with-AWS-Secret-Manager)
+    - [AWS KMS](#Running-issuer-node-with-AWS-KMS)
   - [Quick Start Demo](#quick-start-demo)
   - [Documentation](#documentation)
   - [Tools](#tools)
@@ -95,7 +98,6 @@ bd7b69984f1c   privadoid/issuernode-api        "sh -c './migrate &&…"   38 sec
 a4a1d3ec9159   redis:6-alpine                  "docker-entrypoint.s…"   38 seconds ago   Up 36 seconds (healthy)   6379/tcp                                     issuer-redis-1
 ```
 
-
 5. Import your Ethereum private key
 
 ```shell
@@ -139,6 +141,7 @@ then modify the file with the proper values. The most important fields to run th
 In this file you can define customizations for each type of blockchain and network. For this example, we only need to 
 define the RPCs. that will use.
 
+
 4. Copy .env-ui sample file and fill the needed env variables:
 
 ```bash 
@@ -169,7 +172,6 @@ action the given account has to be funded. For Amoy network you can request some
 make private_key=<private-key> import-private-key-to-kms
 ```
 
-
 ### Running only Issuer Node API (docker compose and build from source)
 
 If you want to run only the API, you can follow the steps below. You have to have the .env-issuer file filled with 
@@ -243,12 +245,69 @@ make up
 ``` 
 In this case, the docker container for vault will be created.
 
-To import the private key (if you have changed the kms provider you have to import the private key again) necessary to 
+To import the ethereum private key (if you have changed the kms provider you have to import the private key again) necessary to 
 transition issuer node states onchain, the command is the same as explained before:
 
 ```shell
 make private_key <private-key> import-private-key-to-kms
 ```
+You should get something like this:
+
+```shell
+ ... private key saved to vault: path:=pbkey
+```
+
+#### Running issuer node with AWS Secret Manager
+Another alternative is to configure the issuer node to store the private keys of the identities in the AWS Secret Manager service. 
+Both babyjubjub type keys and ethereum keys can be stored using this service. To configure the issuer node, you must 
+change the following variables in the .env-issuer file:
+
+```shell
+ISSUER_KMS_BJJ_PROVIDER=aws-sm
+ISSUER_KMS_ETH_PROVIDER=aws-sm
+ISSUER_KMS_AWS_ACCESS_KEY=<your-aws-access-key>
+ISSUER_KMS_AWS_SECRET_KEY=<your-aws-secret-key>
+ISSUER_KMS_AWS_REGION=<your-aws-region>
+```
+
+After configuring the variables, run the following commands:
+```shell
+make up
+```
+
+Then you must run the command to import the ethereum private key to the kms.:
+
+```shell
+make private_key <private-key> import-private-key-to-kms`
+ ```
+If all went well, you should see something like this:
+```shell
+ ... private key saved to aws: path:=pbkey
+```
+
+#### Running issuer node with AWS KMS
+Another alternative is to configure the issuer node to store the private keys of the identities in the AWS KMS service.
+**Only ethereum keys** can be stored using this service. To configure the issuer node, you must change the following variables in the .env-issuer file:
+
+```shell
+
+```shell
+ISSUER_KMS_BJJ_PROVIDER= [localstorage | vault | aws-sm] 
+ISSUER_KMS_ETH_PROVIDER=aws-kms
+ISSUER_KMS_AWS_ACCESS_KEY=<your-aws-access-key>
+ISSUER_KMS_AWS_SECRET_KEY=<your-aws-secret-key>
+ISSUER_KMS_AWS_REGION=<your-aws-region>
+```
+After configuring the variables, run the following commands:
+```shell
+make up
+```
+then you must run the command `make private_key <private-key> import-private-key-to-kms` to import the ethereum private key to the kms.
+If all went well, you should see something like this:
+
+```bash
+ ... Key material successfully imported!!!
+```
 
 ## Quick Start Demo