forked from microsoft/azure-privacy-sandbox-kms
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
executable file
Β·145 lines (118 loc) Β· 7.04 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
SHELL := /bin/bash
CCF_NAME ?= "500dev10"
PYTHON_VENV := .venv_ccf_sandbox
KMS_WORKSPACE ?= ${PWD}/workspace
KMS_URL ?= https://127.0.0.1:8000
KEYS_DIR ?= ${KMS_WORKSPACE}/sandbox_common
RUN_BACK ?= true
CCF_PLATFORM ?= virtual
ifeq ($(findstring https://127.0.0.1,$(KMS_URL)),https://127.0.0.1)
MEMBER_COUNT := 3
else
MEMBER_COUNT := 1
endif
CCF_SANDBOX_EXTRA_ARGS ?=
ifeq ($(INSTALL),local)
CCFSB=../../CCF/tests/sandbox
else
CCFSB=/opt/ccf_${CCF_PLATFORM}/bin
endif
.PHONY: help
.DEFAULT_GOAL := help
help: ## π¬ This help message :)
@grep -E '[a-zA-Z_-]+:.*?## .*$$' $(firstword $(MAKEFILE_LIST)) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-22s\033[0m %s\n", $$1, $$2}'
build: ## π¨ Build the Application
@echo -e "\e[34m$@\e[0m" || true;
./scripts/set_python_env.sh
npm install
npm run build
setup: ## Setup proposals and generate an initial key
@echo -e "\e[34m$@\e[0m" || true
CCF_PLATFORM=${CCF_PLATFORM} ./scripts/kms_setup.sh --network-url "${KMS_URL}" --certificate_dir "${KEYS_DIR}"
stop-host: ## π Stop the host
@echo -e "\e[34m$@\e[0m" || true
sudo lsof -t -i :8000 | xargs -r sudo kill -9
stop-idp: ## π Stop the idp
@echo -e "\e[34m$@\e[0m" || true
sudo lsof -t -i :3000 | xargs -r sudo kill -9
stop-all: stop-host stop-idp # Stop all services
@echo -e "\e[34m$@\e[0m" || true
# idp commands to issue JWT
start-idp: ## π Start the idp for testing jwt
@echo -e "\e[34m$@\e[0m" || true
mkdir -p ${KMS_WORKSPACE}
cd test/utils/jwt && KMS_WORKSPACE=${KMS_WORKSPACE} nohup npm run start > nohup.out 2>&1 &
./scripts/wait_idp_ready.sh
# Start hosting the application using `sandbox.sh` and enable custom JWT authentication
start-host: stop-host ## π Start the CCF network using Sandbox.sh
@echo -e "\e[34m$@\e[0m" || true
$(CCFSB)/sandbox.sh --js-app-bundle ./dist/ --initial-member-count ${MEMBER_COUNT} --initial-user-count 1 --constitution ./governance/constitution/kms_actions.js -v --http2
start-host-idp: stop-host stop-idp start-idp build ## π Start the CCF network && idp using Sandbox.sh
@echo -e "\e[34m$@\e[0m" || true
@echo "Executing: $(COMMAND)"
if [ "$(RUN_BACK)" = "true" ]; then \
env -i PATH=${PATH} KMS_WORKSPACE=${KMS_WORKSPACE} $(CCFSB)/sandbox.sh --js-app-bundle ./dist/ --initial-member-count ${MEMBER_COUNT} --initial-user-count 1 --constitution ./governance/constitution/kms_actions.js --jwt-issuer ${KMS_WORKSPACE}/proposals/set_jwt_issuer_test_sandbox.json -v --http2 \
${CCF_SANDBOX_EXTRA_ARGS} & \
else \
env -i PATH=${PATH} KMS_WORKSPACE=${KMS_WORKSPACE} $(CCFSB)/sandbox.sh --js-app-bundle ./dist/ --initial-member-count ${MEMBER_COUNT} --initial-user-count 1 --constitution ./governance/constitution/kms_actions.js --jwt-issuer ${KMS_WORKSPACE}/proposals/set_jwt_issuer_test_sandbox.json -v --http2 \
${CCF_SANDBOX_EXTRA_ARGS}; \
fi
demo: stop-all start-host-idp ## π¬ Demo the KMS Application in the Sandbox
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/test_sandbox.sh --nodeAddress 127.0.0.1:8000 --certificate_dir ${KMS_WORKSPACE}/sandbox_common --constitution ./governance/constitution/kms_actions.js
# Propose the JWT validation policy
propose-jwt-demo-validation-policy: ## π Deploy the JWT validation policy
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/jwt/set_jwt_demo_validation_policy_proposal.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
# Propose a new idp
propose-jwt-ms-validation-policy: ## π Propose the AAD as idp
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/jwt/set_jwt_ms_validation_policy_proposal.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
# Propose a new settings policy
propose-settings-policy: ## π Deploy the settings policy
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/policies/settings-policy.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
# Propose a new key release policy
propose-add-key-release-policy: ## π Deploy the add claim key release policy to the sandbox or mCCF
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/policies/key-release-policy-add.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
propose-rm-key-release-policy: ## π Deploy the remove claim key release policy to the sandbox or mCCF
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, KMS_URL)
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/policies/key-release-policy-remove.json --certificate_dir "${KEYS_DIR}"
propose-key-rotation-policy: ## π Deploy the key rotation policy to the sandbox or mCCF
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_proposal.sh --network-url "${KMS_URL}" --proposal-file ./governance/policies/key-rotation-policy.json --certificate_dir "${KEYS_DIR}" --member-count ${MEMBER_COUNT}
refresh-key: ## π Refresh a key on the instance
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, KMS_URL)
@CCF_PLATFORM=${CCF_PLATFORM} sleep 20;curl "${KMS_URL}"/app/refresh -X POST --cacert "${KEYS_DIR}"/service_cert.pem -H "Content-Type: application/json" -i -w '\n'
set-constitution: start-host-idp ## Set new custom constitution
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, KMS_URL)
$(call check_defined, KEYS_DIR)
# Copy the files to the KEYS_DIR to construct the full constitution
if [ "${KMS_WORKSPACE}/sandbox_common" != "${KEYS_DIR}" ]; then \
echo "Copying files for constitution"; \
@sleep 5; \
cp -r ${KMS_WORKSPACE}/sandbox_common/*.js ${KEYS_DIR}; \
fi
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/submit_constitution.sh --network-url "${KMS_URL}" --certificate-dir "${KEYS_DIR}" --custom-constitution ./governance/constitution/kms_actions.js --member-count ${MEMBER_COUNT}
get-service-cert: # Get the mCCF service cert
@echo -e "\e[34m$@\e[0m" || true
$(call check_defined, IDENTITY_URL)
curl ${IDENTITY_URL} | jq ' .ledgerTlsCertificate' | xargs echo -e > ${KEYS_DIR}/service_cert.pem
setup-mCCF: set-constitution deploy propose-add-key-release-policy propose-jwt-ms-validation-policy refresh-key ## π Prepare an mCCF instance
@echo -e "\e[34m$@\e[0m" || true
# The following are here in case you forget to change directory!
deploy: build ## π Deploy Managed CCF or local
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/deploy.sh --network-url "${KMS_URL}" --certificate_dir "${KEYS_DIR}"
lint: ## π Lint the code base (but don't fix)
@echo -e "\e[34m$@\e[0m" || true
@CCF_PLATFORM=${CCF_PLATFORM} ./scripts/lint.sh --fix
# Keep this at the bottom.
clean: ## π§Ή Clean the working folders created during build/demo
@rm -rf ${PYTHON_VENV}
@rm -rf ${KMS_WORKSPACE}
@rm -rf dist