diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f0ef1b50..952eb021 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -207,11 +207,46 @@ jobs: kubernetes-version: 1.30.0 - name: Run tilt ci env: - TEST_SCRIPT: ./wait-and-test.sh - OPENTDF_INGRESS_HOST_PORT: "5432" + TEST_SCRIPT: ./wait-and-test.sh backend + OPENTDF_INGRESS_HOST_PORT: '5432' PLAYWRIGHT_TESTS_TO_RUN: roundtrip run: tilt ci + platform-roundtrip: + needs: + - cli + - lib + - web-app + runs-on: ubuntu-latest + defaults: + run: + working-directory: .github/workflows/roundtrip + timeout-minutes: 45 + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '20' + cache: 'npm' + cache-dependency-path: './web-app/package-lock.json' + - uses: actions/download-artifact@v4 + with: + name: opentdf-client-lib + path: lib/ + - uses: actions/download-artifact@v4 + with: + name: opentdf-cli + path: cli/ + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version: '1.22' + - run: docker compose up -d --wait --wait-timeout 240 + - env: + OPENTDF_SERVICES_AUTHORIZATION_URL: 'http://localhost:65432/' + PLAYWRIGHT_TESTS_TO_RUN: roundtrip + run: |- + ./wait-and-test.sh platform + deliver-ghp: needs: - lib @@ -219,6 +254,7 @@ jobs: - web-app - scripts - backend-roundtrip + - platform-roundtrip runs-on: ubuntu-latest timeout-minutes: 5 # To publish from a release or feature branch, remove the ref == condition below @@ -260,8 +296,8 @@ jobs: with version=[${{ steps.guess-build-metadata.outputs.FULL_VERSION }}]" - run: >- .github/workflows/publish-to.sh - ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - ${{ steps.guess-build-metadata.outputs.DIST_TAG }} + ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + ${{ steps.guess-build-metadata.outputs.DIST_TAG }} env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: echo "- [Client Library](https://github.com/opentdf/client-web/pkgs/npm/client)">>$GITHUB_STEP_SUMMARY diff --git a/.github/workflows/roundtrip/config-demo-idp.sh b/.github/workflows/roundtrip/config-demo-idp.sh new file mode 100755 index 00000000..532217b3 --- /dev/null +++ b/.github/workflows/roundtrip/config-demo-idp.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash + +set -x + +: "${KC_VERSION:=24.0.3}" + +if ! which kcadm.sh; then + KCADM_URL=https://github.com/keycloak/keycloak/releases/download/${KC_VERSION}/keycloak-${KC_VERSION}.zip + echo "DOWNLOADING ${KCADM_URL}" + if ! curl --output kc.zip --fail --location "${KCADM_URL}"; then + echo "[ERROR] Failed to download ${KCADM_URL}" + exit 3 + fi + ls -l + if ! unzip ./kc.zip; then + echo "[ERROR] Failed to unzip file from ${KCADM_URL}" + exit 3 + fi + ls -l + ls -l "$(pwd)/keycloak-${KC_VERSION}/bin" + PATH=$PATH:"$(pwd)/keycloak-${KC_VERSION}/bin" + export PATH + if ! which kcadm.sh; then + echo "[ERROR] Failed to find kcadm.sh" + exit 3 + fi +fi + +kcadm.sh config credentials --server http://localhost:65432/auth \ + --realm master --user admin --password changeme + +kcadm.sh create clients -r opentdf \ + -s clientId=browsertest \ + -s enabled=true \ + -s 'redirectUris=["http://localhost:65432/"]' \ + -s consentRequired=false \ + -s standardFlowEnabled=true \ + -s directAccessGrantsEnabled=true \ + -s serviceAccountsEnabled=false \ + -s publicClient=true \ + -s protocol=openid-connect \ + -s 'protocolMappers=[{"name":"aud","protocol":"openid-connect","protocolMapper":"oidc-audience-mapper","consentRequired":false,"config":{"access.token.claim":"true","included.custom.audience":"http://localhost:65432"}}]' \ + -s 'attributes={"dpop.bound.access.tokens":"true"}' + +kcadm.sh create users -r opentdf -s username=user1 -s enabled=true -s firstName=Alice -s lastName=User +kcadm.sh set-password -r opentdf --username user1 --new-password testuser123 diff --git a/.github/workflows/roundtrip/docker-compose.yaml b/.github/workflows/roundtrip/docker-compose.yaml new file mode 100644 index 00000000..1f432dd8 --- /dev/null +++ b/.github/workflows/roundtrip/docker-compose.yaml @@ -0,0 +1,80 @@ +services: + keycloak: + # This is kc 24.0.1 with opentdf protocol mapper on board + image: quay.io/keycloak/keycloak:24.0 + restart: + always + # To enable debugging, use this CMD and also set and expose the DEBUG_PORT + # command: ["--debug", "start-dev", "--log-level=DEBUG"] + command: ['start-dev'] + environment: + # DEBUG_PORT: "*:30012" + KC_DB_VENDOR: postgres + KC_DB_URL_HOST: keycloakdb + KC_DB_URL_PORT: 5432 + KC_DB_URL_DATABASE: keycloak + KC_DB_USERNAME: keycloak + KC_DB_PASSWORD: changeme + KC_FEATURES: 'preview,token-exchange' + KC_HEALTH_ENABLED: 'true' + KC_HOSTNAME_ADMIN_URL: 'http://localhost:65432/auth' + KC_HOSTNAME_PORT: '65432' + KC_HOSTNAME_STRICT: 'false' + KC_HOSTNAME_STRICT_BACKCHANNEL: 'false' + KC_HOSTNAME_STRICT_HTTPS: 'false' + KC_HOSTNAME_URL: 'http://localhost:65432/auth' + KC_HTTP_ENABLED: 'true' + KC_HTTP_PORT: '8888' + KC_HTTP_RELATIVE_PATH: '/auth' + KC_PROXY_HEADERS: 'xforwarded' + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: changeme + ports: + - '8888:8888' + # - "30012:30012" + healthcheck: + test: + - CMD-SHELL + - >- + [ -f /tmp/HealthCheck.java ] + || echo "public class HealthCheck { + public static void main(String[] args) throws java.lang.Throwable { + System.exit( + java.net.HttpURLConnection.HTTP_OK == + ((java.net.HttpURLConnection) new java.net.URL(args[0]).openConnection()) + .getResponseCode() ? 0 : 1); + } + }" >/tmp/HealthCheck.java + && java /tmp/HealthCheck.java http://localhost:8888/auth/health/live + interval: 5s + timeout: 10s + retries: 3 + start_period: 2m + keycloakdb: + image: postgres + restart: always + user: postgres + environment: + POSTGRES_PASSWORD: changeme + POSTGRES_USER: postgres + POSTGRES_DB: keycloak + healthcheck: + test: ['CMD-SHELL', 'pg_isready'] + interval: 5s + timeout: 5s + retries: 10 + opentdfdb: + image: public.ecr.aws/docker/library/postgres:15-alpine + restart: always + user: postgres + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: changeme + POSTGRES_DB: opentdf + healthcheck: + test: ['CMD-SHELL', 'pg_isready'] + interval: 5s + timeout: 5s + retries: 10 + ports: + - '5432:5432' diff --git a/.github/workflows/roundtrip/init-temp-keys.sh b/.github/workflows/roundtrip/init-temp-keys.sh new file mode 100755 index 00000000..7317e8f2 --- /dev/null +++ b/.github/workflows/roundtrip/init-temp-keys.sh @@ -0,0 +1,69 @@ +#!/bin/sh +# init-temporary-keys.sh +# Initialize temporary keys for use with a KAS + +USAGE="Usage: ${CMD:=${0##*/}} [(-v|--verbose)] [-H|--hsm]" + +# helper functions +exit2() { + printf >&2 "%s: %s: '%s'\n%s\n" "$CMD" "$1" "$2" "$USAGE" + exit 2 +} +check() { { [ "$1" != "$EOL" ] && [ "$1" != '--' ]; } || exit2 "missing argument" "$2"; } + +# parse command-line options +set -- "$@" "${EOL:=$(printf '\1\3\3\7')}" # end-of-list marker +while [ "$1" != "$EOL" ]; do + opt="$1" + shift + case "$opt" in + -H | --hsm) opt_hsm='true' ;; + -v | --verbose) opt_verbose='true' ;; + -h | --help) + printf "%s\n" "$USAGE" + exit 0 + ;; + + # process special cases + -[A-Za-z0-9] | -*[!A-Za-z0-9]*) exit2 "invalid option" "$opt" ;; + esac +done +shift + +if [ "$opt_verbose" = true ]; then + set -x +fi + +if [ "$opt_hsm" = true ]; then + : "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_PIN:=12345}" + : "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_KEYS_EC_LABEL:=development-ec-kas}" + : "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_KEYS_RSA_LABEL:=development-rsa-kas}" + + if [ -z "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_MODULEPATH}" ]; then + if which brew; then + OPENTDF_SERVER_CRYPTOPROVIDER_HSM_MODULEPATH=$(brew --prefix)/lib/softhsm/libsofthsm2.so + else + OPENTDF_SERVER_CRYPTOPROVIDER_HSM_MODULEPATH=/lib/softhsm/libsofthsm2.so + fi + fi + + if softhsm2-util --show-slots | grep dev-token; then + echo "[INFO] dev-token slot is already configured" + exit 0 + fi + + softhsm2-util --init-token --free --label "dev-token" --pin "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_PIN}" --so-pin "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_PIN}" + pkcs11-tool --module "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_MODULEPATH}" --login --show-info --list-objects --pin "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_PIN}" +fi + +openssl req -x509 -nodes -newkey RSA:2048 -subj "/CN=kas" -keyout kas-private.pem -out kas-cert.pem -days 365 +openssl ecparam -name prime256v1 >ecparams.tmp +openssl req -x509 -nodes -newkey ec:ecparams.tmp -subj "/CN=kas" -keyout kas-ec-private.pem -out kas-ec-cert.pem -days 365 + +if [ "$opt_hsm" = true ]; then + pkcs11-tool --module "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_MODULEPATH}" --login --pin "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_PIN}" --write-object kas-private.pem --type privkey --label "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_KEYS_RSA_LABEL}" + pkcs11-tool --module "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_MODULEPATH}" --login --pin "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_PIN}" --write-object kas-cert.pem --type cert --label "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_KEYS_RSA_LABEL}" + # https://manpages.ubuntu.com/manpages/jammy/man1/pkcs11-tool.1.html --usage-derive + pkcs11-tool --module "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_MODULEPATH}" --login --pin "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_PIN}" --write-object kas-ec-private.pem --type privkey --label "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_KEYS_EC_LABEL}" --usage-derive + pkcs11-tool --module "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_MODULEPATH}" --login --pin "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_PIN}" --write-object kas-ec-cert.pem --type cert --label "${OPENTDF_SERVER_CRYPTOPROVIDER_HSM_KEYS_EC_LABEL}" +fi diff --git a/.github/workflows/roundtrip/opentdf.yaml b/.github/workflows/roundtrip/opentdf.yaml new file mode 100644 index 00000000..39e53f9f --- /dev/null +++ b/.github/workflows/roundtrip/opentdf.yaml @@ -0,0 +1,163 @@ +logger: + level: debug + type: text + output: stdout +# DB and Server confgurations are defaulted for local development +# db: +# host: localhost +# port: 5432 +# user: postgres +# password: changeme +services: + kas: + enabled: true + policy: + enabled: true + authorization: + enabled: true + url: http://localhost:65432 + client: 'tdf-entity-resolution' + secret: 'secret' + realm: 'opentdf' + legacy: true +server: + auth: + enabled: true + audience: 'http://localhost:65432' + issuer: http://localhost:65432/auth/realms/opentdf + clients: + - 'opentdf' + - 'opentdf-sdk' + policy: + ## Default policy for all requests + default: #"role:readonly" + ## Dot notation is used to access nested claims (i.e. realm_access.roles) + claim: # realm_access.roles + ## Maps the external role to the opentdf role + ## Note: left side is used in the policy, right side is the external role + map: + readonly: opentdf-readonly + admin: opentdf-admin + user: default-roles-opentdf + org-admin: opentdf-org-admin + + ## Custom policy (see examples https://github.com/casbin/casbin/tree/master/examples) + csv: | + ## Roles (prefixed with role:) + # org-admin - organization admin + # admin - admin + # readonly - readonly + # user - rewrap + # unknown - unknown role or no role + ## Actions + # read - read the resource + # write - write to the resource + # delete - delete the resource + # unsafe - unsafe actions + + # Role: user + p, role:user, kas.AccessService/PublicKey, read, allow + p, role:user, kas.AccessService/Rewrap, write, allow + p, role:user, /, read, allow + p, role:user, /kas/kas_public_key, read, allow + p, role:user, /kas/v2/kas_public_key, read, allow + p, role:user, /kas/v2/rewrap, write, allow + + # Role: Org-Admin + ## gRPC routes + p, role:org-admin, policy.*, *, allow + p, role:org-admin, kasregistry.*, *, allow + p, role:org-admin, kas.AccessService/LegacyPublicKey, *, allow + p, role:org-admin, kas.AccessService/PublicKey, *, allow + p, role:org-admin, kas.AccessService/Rewrap, *, allow + ## HTTP routes + p, role:org-admin, /health, *, allow + p, role:org-admin, /attributes*, *, allow + p, role:org-admin, /namespaces*, *, allow + p, role:org-admin, /subject-mappings*, *, allow + p, role:org-admin, /resource-mappings*, *, allow + p, role:org-admin, /key-access-servers*, *, allow + p, role:org-admin, /kas.AccessService/LegacyPublicKey, *, allow + # add unsafe actions to the org-admin role + + # Role: Admin + ## gRPC routes + p, role:admin, policy.*, *, allow + p, role:admin, kasregistry.*, *, allow + p, role:admin, kas.AccessService/Info, *, allow + p, role:admin, kas.AccessService/Rewrap, *, allow + p, role:admin, kas.AccessService/LegacyPublicKey, *, allow + p, role:admin, kas.AccessService/PublicKey, *, allow + ## HTTP routes + p, role:admin, /health, *, allow + p, role:admin, /attributes*, *, allow + p, role:admin, /namespaces*, *, allow + p, role:admin, /subject-mappings*, *, allow + p, role:admin, /resource-mappings*, *, allow + p, role:admin, /key-access-servers*, *, allow + p, role:admin, /kas.AccessService/LegacyPublicKey, *, allow + + ## Role: Readonly + ## gRPC routes + p, role:readonly, policy.*, read, allow + p, role:readonly, kasregistry.*, read, allow + p, role:readonly, kas.AccessService/Info, *, allow + p, role:readonly, kas.AccessService/Rewrap, *, allow + p, role:readonly, kas.AccessService/LegacyPublicKey, *, allow + p, role:readonly, kas.AccessService/PublicKey, *, allow + ## HTTP routes + p, role:readonly, /health, read, allow + p, role:readonly, /attributes*, read, allow + p, role:readonly, /namespaces*, read, allow + p, role:readonly, /subject-mappings*, read, allow + p, role:readonly, /resource-mappings*, read, allow + p, role:readonly, /key-access-servers*, read, allow + p, role:readonly, /kas.AccessService/LegacyPublicKey, read, allow + + # Public routes + ## gRPC routes + p, role:unknown, kas.AccessService/LegacyPublicKey, other, allow + p, role:unknown, kas.AccessService/PublicKey, other, allow + ## HTTP routes + p, role:unknown, /health, read, allow + p, role:unknown, /kas/v2/kas_public_key, read, allow + p, role:unknown, /kas/kas_public_key, read, allow + + ## Custom model (see https://casbin.org/docs/syntax-for-models/) + model: #| + # [request_definition] + # r = sub, res, act, obj + # + # [policy_definition] + # p = sub, res, act, obj, eft + # + # [role_definition] + # g = _, _ + # + # [policy_effect] + # e = some(where (p.eft == allow)) && !some(where (p.eft == deny)) + # + # [matchers] + # m = g(r.sub, p.sub) && globOrRegexMatch(r.res, p.res) && globOrRegexMatch(r.act, p.act) && globOrRegexMatch(r.obj, p.obj) + + grpc: + reflectionEnabled: true # Default is false + cryptoProvider: + hsm: + enabled: false + pin: + standard: + rsa: + 123: + privateKeyPath: kas-private.pem + publicKeyPath: kas-cert.pem + 456: + privateKeyPath: kas-private.pem + publicKeyPath: kas-cert.pem + ec: + 123: + privateKeyPath: kas-ec-private.pem + publicKeyPath: kas-ec-cert.pem + port: 8080 +opa: + embedded: true # Only for local development diff --git a/.github/workflows/roundtrip/wait-and-test.sh b/.github/workflows/roundtrip/wait-and-test.sh index ca3a1fb3..ac11d269 100755 --- a/.github/workflows/roundtrip/wait-and-test.sh +++ b/.github/workflows/roundtrip/wait-and-test.sh @@ -23,15 +23,27 @@ _configure_app() { return 0 } -_wait-for() { +if [ $1 = backend ]; then + VITE_PROXY='{"/api":"http://localhost:5432","/auth":"http://localhost:5432"}' + VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/tdf","clientId":"browsertest"},"kas":"http://localhost:65432/api/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}' +else # if [ $1 = platform ]; then + VITE_PROXY='{"/kas":{"target":"http://localhost:8080","xfwd":true},"/auth":{"target":"http://localhost:8888","xfwd":true}}' + VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/opentdf","clientId":"browsertest"},"kas":"http://localhost:65432/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}' +fi +export VITE_PROXY +export VITE_TDF_CFG + +# VITE_PROXY='{"/api":"http://localhost:5432","/auth":"http://localhost:5432"}' VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/tdf","clientId":"browsertest"},"kas":"http://localhost:65432/api/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}' npm run dev + +_wait_for() { echo "[INFO] In retry loop for quickstarted opentdf backend..." limit=5 for i in $(seq 1 $limit); do - if curl --show-error --fail --insecure http://localhost:65432/api/kas; then + if curl --show-error --fail --insecure "$1"; then return 0 fi if [[ $i == "$limit" ]]; then - echo "[WARN] Breaking _wait-for loop as we are at limit" + echo "[WARN] Breaking _wait_for loop as we are at limit" break fi sleep_for=$((10 + i * i * 2)) @@ -42,7 +54,7 @@ _wait-for() { exit 1 } -_init_server() { +_init_webapp() { output=$(mktemp) if ! cd "${WEB_APP_DIR}"; then echo "[ERROR] unable to cd ${WEB_APP_DIR}" @@ -74,7 +86,51 @@ _init_server() { exit 1 fi if [[ $i == "$limit" ]]; then - echo "[WARN] Breaking _init_server loop after ${limit} iterations" + echo "[WARN] Breaking _init_webapp loop after ${limit} iterations" + cat "${output}" + break + fi + sleep_for=$((5 + i * i * 2)) + echo "[INFO] retrying in ${sleep_for} seconds... ( ${i} / $limit ) ..." + sleep ${sleep_for} + done +} + +_init_platform() { + output=$(mktemp) + if ! cd "${APP_DIR}"; then + echo "[ERROR] unable to cd ${APP_DIR}" + exit 2 + fi + if ! go run github.com/opentdf/platform/service@latest provision keycloak; then + echo "[ERROR] unable to provision keycloak" + return 1 + fi + if ! ./config-demo-idp.sh; then + echo "[ERROR] unable to provision keycloak" + return 1 + fi + if ! ./init-temp-keys.sh; then + echo "[ERROR] unable to initialize keys" + return 1 + fi + go run github.com/opentdf/platform/service@latest start &>"$output" & + server_pid=$! + echo "Platform pid: $server_pid" + echo "Output: $output" + echo "Wait:" + limit=5 + for i in $(seq 1 $limit); do + if grep -q -i 'starting http server' "$output"; then + return 0 + fi + if ! ps $server_pid >/dev/null; then + echo "The server died" >&2 + cat "${output}" + exit 1 + fi + if [[ $i == "$limit" ]]; then + echo "[WARN] Breaking _init_platform loop after ${limit} iterations" cat "${output}" break fi @@ -89,13 +145,16 @@ if ! _configure_app; then exit 2 fi -if ! _init_server; then +if ! _init_webapp; then echo "[ERROR] Couldn't run web app server" exit 2 fi -if ! _wait-for; then - exit 1 +if [ $1 = platform ]; then + if ! _init_platform; then + echo "[ERROR] Couldn't run platform" + exit 2 + fi fi if ! "${APP}"; then diff --git a/.gitignore b/.gitignore index 7a2dbcaf..279288d4 100644 --- a/.gitignore +++ b/.gitignore @@ -109,5 +109,12 @@ dist # temporary folders **/temp/ +*.tmp + +# For integration testing +/platform +kc.zip +keycloak-24.0.3 /web-app/tests/smallfiles .DS_Store +/*.pem diff --git a/cli/package-lock.json b/cli/package-lock.json index 6cca633e..11ec6929 100644 --- a/cli/package-lock.json +++ b/cli/package-lock.json @@ -371,8 +371,7 @@ "node_modules/@opentdf/client": { "version": "2.0.0", "resolved": "file:../lib/opentdf-client-2.0.0.tgz", - "integrity": "sha512-Z9WiocGfhhiDUx6mczMiPq31G7aqVph6V99psUacF7FSVv1PbAmDfZt89PaWhraTr51DES6yWEh8QyRVf6tPRw==", - "license": "BSD-3-Clause-Clear", + "integrity": "sha512-MJ/5O8dq9rrN6xzRU/4fW7vYmlu+F87oRZueCLlG28naQCvypEq9zvsgJyIaoLxf60zSviCX4FRN9TC3gQfqlQ==", "dependencies": { "axios": "^1.6.1", "axios-retry": "^3.9.0", diff --git a/remote-store/package-lock.json b/remote-store/package-lock.json index 3136e969..6baa6880 100644 --- a/remote-store/package-lock.json +++ b/remote-store/package-lock.json @@ -1649,8 +1649,7 @@ "node_modules/@opentdf/client": { "version": "2.0.0", "resolved": "file:../lib/opentdf-client-2.0.0.tgz", - "integrity": "sha512-Z9WiocGfhhiDUx6mczMiPq31G7aqVph6V99psUacF7FSVv1PbAmDfZt89PaWhraTr51DES6yWEh8QyRVf6tPRw==", - "license": "BSD-3-Clause-Clear", + "integrity": "sha512-MJ/5O8dq9rrN6xzRU/4fW7vYmlu+F87oRZueCLlG28naQCvypEq9zvsgJyIaoLxf60zSviCX4FRN9TC3gQfqlQ==", "dependencies": { "axios": "^1.6.1", "axios-retry": "^3.9.0", diff --git a/web-app/package-lock.json b/web-app/package-lock.json index 61eaf316..a0fcbac9 100644 --- a/web-app/package-lock.json +++ b/web-app/package-lock.json @@ -606,8 +606,7 @@ "node_modules/@opentdf/client": { "version": "2.0.0", "resolved": "file:../lib/opentdf-client-2.0.0.tgz", - "integrity": "sha512-Z9WiocGfhhiDUx6mczMiPq31G7aqVph6V99psUacF7FSVv1PbAmDfZt89PaWhraTr51DES6yWEh8QyRVf6tPRw==", - "license": "BSD-3-Clause-Clear", + "integrity": "sha512-MJ/5O8dq9rrN6xzRU/4fW7vYmlu+F87oRZueCLlG28naQCvypEq9zvsgJyIaoLxf60zSviCX4FRN9TC3gQfqlQ==", "dependencies": { "axios": "^1.6.1", "axios-retry": "^3.9.0", @@ -4082,7 +4081,7 @@ }, "@opentdf/client": { "version": "file:../lib/opentdf-client-2.0.0.tgz", - "integrity": "sha512-Z9WiocGfhhiDUx6mczMiPq31G7aqVph6V99psUacF7FSVv1PbAmDfZt89PaWhraTr51DES6yWEh8QyRVf6tPRw==", + "integrity": "sha512-MJ/5O8dq9rrN6xzRU/4fW7vYmlu+F87oRZueCLlG28naQCvypEq9zvsgJyIaoLxf60zSviCX4FRN9TC3gQfqlQ==", "requires": { "axios": "^1.6.1", "axios-retry": "^3.9.0", diff --git a/web-app/src/config.ts b/web-app/src/config.ts index 7dc2f709..bfb01765 100644 --- a/web-app/src/config.ts +++ b/web-app/src/config.ts @@ -14,10 +14,10 @@ function cfg(): TDFConfig { if (!VITE_TDF_CFG) { return { oidc: { - host: 'http://localhost:65432/auth/realms/tdf', + host: 'http://localhost:65432/auth/realms/opentdf', clientId: 'browsertest', }, - kas: 'http://localhost:65432/api/kas', + kas: 'http://localhost:65432/kas', reader: 'https://secure.virtru.com/start?htmlProtocol=1', }; } diff --git a/web-app/tests/tests/roundtrip.spec.ts b/web-app/tests/tests/roundtrip.spec.ts index c0cfdde4..a1e5d8eb 100644 --- a/web-app/tests/tests/roundtrip.spec.ts +++ b/web-app/tests/tests/roundtrip.spec.ts @@ -24,7 +24,7 @@ test('login', async ({ page }) => { }); const scenarios = { - nano: { encryptSelector: '#nanoEncrypt', decryptSelector: '#nanoDecrypt' }, + // nano: { encryptSelector: '#nanoEncrypt', decryptSelector: '#nanoDecrypt' }, tdf: { encryptSelector: '#zipEncrypt', decryptSelector: '#tdfDecrypt' }, html: { encryptSelector: '#htmlEncrypt', decryptSelector: '#tdfDecrypt' }, }; diff --git a/web-app/vite.config.ts b/web-app/vite.config.ts index c0c5a052..aaccc801 100644 --- a/web-app/vite.config.ts +++ b/web-app/vite.config.ts @@ -4,6 +4,20 @@ import react from '@vitejs/plugin-react'; const require = createRequire(import.meta.url) +function proxy(): Record { + console.log(process.env); + const { VITE_PROXY } = process.env; + if (VITE_PROXY) { + console.log(`using VITE_PROXY [${VITE_PROXY}]`); + return JSON.parse(VITE_PROXY); + } + console.log("using standard VITE_PROXY"); + return { + '/kas': 'http://localhost:8080', + '/auth': 'http://localhost:8888', + }; +} + // https://vitejs.dev/config/ export default defineConfig({ build: { @@ -14,9 +28,6 @@ export default defineConfig({ plugins: [react()], server: { port: 65432, - proxy: { - '/api': 'http://localhost:5432', - '/auth': 'http://localhost:5432', - }, + proxy: proxy(), }, });