feat: added new wallet-demo-app component

scripts/deploy_all.sh

@@ -15,7 +15,7 @@ set -e
 : ${DEPLOYMENT_ENV:=local}
 
 ## Should be deployed in the listed order
-: ${COMPONENTS=api-gateway auth-hydra edv kms vct orb resolver csh vcs vcs-v1 vault-server hub-auth hub-router wallet-web adapter-issuer adapter-rp}
+: ${COMPONENTS=api-gateway auth-hydra edv kms vct orb resolver csh vcs vcs-v1 vault-server hub-auth hub-router wallet-web adapter-issuer adapter-rp wallet-demo-app}
 DEPLOY_LIST=( $COMPONENTS )
 
 ## Map: component --> healthcheck(s)
@@ -36,6 +36,7 @@ declare -A HEALTCHECK_URL=(
     [wallet-web]="https://wallet.$DOMAIN/healthcheck https://vcwallet.$DOMAIN/healthcheck"
     [adapter-issuer]="https://adapter-issuer.$DOMAIN/healthcheck"
     [adapter-rp]="https://adapter-rp.$DOMAIN/healthcheck"
+    [wallet-demo-app]="https://wallet-demo-app.$DOMAIN/healthcheck"
 )
 ## Map: healthckeck --> http-code
 declare -A HEALTHCHECK_CODE=(
@@ -61,7 +62,9 @@ declare -A HEALTHCHECK_CODE=(
     [https://adapter-rp.$DOMAIN/healthcheck]=200
     [https://adapter-issuer.$DOMAIN/healthcheck]=200
     [https://auth-hydra.$DOMAIN/health/ready]=200
-    [https://auth-hydra-admin.$DOMAIN/health/ready]=200)
+    [https://auth-hydra-admin.$DOMAIN/health/ready]=200
+    [https://wallet-demo-app.$DOMAIN/health/ready]=200
+)
 
 # healthCheck function -- copied from sandbox
 RED=$(tput setaf 1)

scripts/service_list.txt

@@ -30,4 +30,5 @@ vcs-awskms
 vcs-localkms
 vcwallet
 wallet
+wallet-demo-app
 static-file-server

wallet-demo-app/Makefile

@@ -0,0 +1,131 @@
+#
+# Copyright Gen Digital Inc. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+SHELL                       := /bin/bash
+CONTAINER_CMD         	 	?= docker
+USER_ID                          = $(shell id -u)
+DOCKER_CMD_RUN_OPTS            ?= -u $(USER_ID)
+CONTAINER_CMD_RUN_OPTS         ?= $(if $(findstring docker,$(CONTAINER_CMD)),$(DOCKER_CMD_RUN_OPTS),)
+
+export DEPLOYMENT_ENV	?= local
+# space delimited of Key:Value pairs
+COMMON_LABELS		:= instance:${DEPLOYMENT_ENV}
+export DOMAIN      		?= ${DEPLOYMENT_ENV}.trustbloc.dev
+
+OS 				= $(shell uname -s | tr '[:upper:]' '[:lower:]')
+ARCH  				= $(shell uname -m | sed 's/x86_64/amd64/')
+
+#IMAGES
+WALLET_DEMO_APP_IMG				?= ghcr.io/trustbloc-cicd/wallet-demo-app:1.2.2-snapshot-b08a949
+
+
+# do not modify
+KUSTOMIZE_DIR       	= kustomize/wallet-demo-app
+KEYS_OUTPUT_DIR        	 	= ${KUSTOMIZE_DIR}/overlays/${DEPLOYMENT_ENV}/keys
+CERTS_OUTPUT_DIR      	 	= ${KUSTOMIZE_DIR}/overlays/${DEPLOYMENT_ENV}/certs
+PREFIX							?=
+KUSTOMIZE_BUILD_OPTS			?= --load-restrictor LoadRestrictionsNone --enable-alpha-plugins
+export KUSTOMIZE_PLUGIN_HOME						= $(abspath .)/kustomize/plugin
+
+.PHONY: all
+all: setup
+
+.PHONY: setup
+setup: generate-test-certs
+	@echo setup
+
+.PHONY: setup-no-certs
+setup-no-certs:
+	@echo setup-no-certs
+
+# TODO (#521): frapsoft/openssl only has an amd64 version. While this does work when using Docker on arm64-based macOS
+#              currently thanks to the automatic built-in QEMU emulation, it would be better to use a
+#              native arm64 version.
+.PHONY: generate-test-certs
+generate-test-certs: clean-certs
+	@echo $(abspath .)
+	@$(CONTAINER_CMD) run ${CONTAINER_CMD_RUN_OPTS} -i --platform linux/amd64 --rm \
+		-v $(abspath .):/opt/workspace:Z \
+		-e DOMAIN=${DOMAIN} \
+		-e CERTS_OUTPUT_DIR=${CERTS_OUTPUT_DIR} \
+		--entrypoint "/opt/workspace/scripts/generate_test_certs.sh" \
+		docker.io/frapsoft/openssl:latest
+	@cd ${CERTS_OUTPUT_DIR} && ln -fs trustbloc-dev-ca.crt ca.crt
+	@cd ${CERTS_OUTPUT_DIR} && ln -fs ${DOMAIN}.key tls.key
+	@cd ${CERTS_OUTPUT_DIR} && ln -fs ${DOMAIN}.crt tls.crt
+
+.PHONY: deploy
+deploy: prechecks kustomize kubectl set-images set-labels deploy-wallet-demo-app
+
+.PHONY: prechecks
+prechecks:
+ifeq (, $(shell stat ${KUSTOMIZE_DIR}/overlays/${DEPLOYMENT_ENV} 2>/dev/null))
+	@echo "Environment not found ${KUSTOMIZE_DIR}/overlays/${DEPLOYMENT_ENV}"
+	@exit 1
+endif
+
+.PHONY: set-labels
+set-labels: kustomize
+	@pushd ${KUSTOMIZE_DIR}/overlays/${DEPLOYMENT_ENV}/wallet-demo-app &&\
+		${KUSTOMIZE} edit set label ${COMMON_LABELS} &&\
+		popd
+
+.PHONY: set-images
+set-images: kustomize
+	@pushd ${KUSTOMIZE_DIR}/base &&\
+	${KUSTOMIZE} edit set image wallet-demo-app=${WALLET_DEMO_APP_IMG} &&\
+	popd
+
+.PHONY: deploy-wallet-demo-app
+deploy-wallet-demo-app: prechecks kustomize kubectl
+	@minikube image load $(WALLET_DEMO_APP_IMG)
+	$(KUSTOMIZE) build ${KUSTOMIZE_BUILD_OPTS} \
+	${KUSTOMIZE_DIR}/overlays/${DEPLOYMENT_ENV}/wallet-demo-app | $(KUBECTL) apply -f -
+
+.PHONY: undeploy
+undeploy: prechecks kustomize kubectl set-images set-labels undeploy-wallet-demo-app
+
+.PHONY: undeploy-wallet-demo-app
+undeploy-wallet-demo-app: prechecks kustomize kubectl
+	$(KUSTOMIZE) build ${KUSTOMIZE_BUILD_OPTS} \
+	${KUSTOMIZE_DIR}/overlays/${DEPLOYMENT_ENV}/wallet-demo-app | $(KUBECTL) delete -f -
+
+.PHONY: kustomize
+kustomize:
+ifeq (, $(shell which kustomize 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p bin ;\
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.3.0/kustomize_v4.3.0_$(OS)_$(ARCH).tar.gz | tar xzf - -C bin/ ;\
+	}
+KUSTOMIZE=$(realpath ./bin/kustomize)
+else
+KUSTOMIZE=$(shell which kustomize)
+endif
+
+.PHONY: kubectl
+kubectl:
+ifeq (, $(shell which kubectl 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p bin ;\
+	curl -sSL https://storage.googleapis.com/kubernetes-release/release/v1.21.2/bin/$(OS)/$(ARCH)/kubectl -o bin/kubectl ;\
+  chmod u+x bin/kubectl ;\
+	}
+KUBECTL=$(realpath ./bin/kubectl)
+else
+KUBECTL=$(shell which kubectl)
+endif
+
+.PHONY: clean
+clean: clean-all
+
+.PHONY: clean-all
+clean-all: clean-certs
+
+.PHONY: clean-certs
+clean-certs:
+	@rm -Rf ${CERTS_OUTPUT_DIR}

wallet-demo-app/README.md

@@ -0,0 +1,27 @@
+# [Wallet Demo App](https://github.com/trustbloc/wallet-sdk/tree/main/demo/app) k8s deployment #
+
+
+## pre-requisits
+* [Minikube](https://minikube.sigs.k8s.io/docs/start/) with ingress addon.
+* GNU sed
+* (Optional: Gets installed by make) [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/).
+
+## Quick Run
+* `make all`
+* `make deploy-wallet-demo-app`
+
+## Cleanup
+* `make undeploy-wallet-demo-app`
+* `make clean`
+
+## options and features
+* By default dns domain is `local.trustboc.dev`. To run with different domain (See next), run with: `make DOMAIN=ali.trustbloc.dev`
+* By default Bloc domain is `orb-1.trustboc.dev`. To run with different domain (See next), run with: `make BLOC_DOMAIN=orb-1.ali.trustbloc.dev`
+* Will create an Ingress for external access. When running with unregistered dns domains, create records (/etc/hosts) for:
+	- `wallet.DOMAIN`
+* if running `podman` pass `CONTAINER_CMD=podman` as option to make
+* Running with none self-signed certificates: place certs into kustomize/wallet/overlays/sandbox/certs, then run with: `make setup-no-certs`.
+>files:
+	- ca.crt
+	- tls.crt
+	- tls.key

wallet-demo-app/kustomize/plugin/svceng/sedtransformer/SedTransformer

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+#
+# Copyright SecureKey Technologies Inc. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# https://github.com/kubernetes-sigs/kustomize/blob/master/plugin/someteam.example.com/v1/sedtransformer/SedTransformer
+# Skip the config file name argument.
+shift
+args=()
+for arg in "$@"; do
+  env_expanded=${arg@P}
+  args+=(-e "$env_expanded")
+done
+
+sed "${args[@]}"

wallet-demo-app/kustomize/wallet-demo-app/.gitignore

@@ -0,0 +1,8 @@
+#
+# Copyright Gen Digital Inc. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+**/keys/**
+**/certs/**

wallet-demo-app/kustomize/wallet-demo-app/base/deployment.yml

@@ -0,0 +1,35 @@
+#
+# Copyright Gen Digital Inc. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: wallet-demo-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wallet-demo-app
+  template:
+    metadata:
+      labels:
+        app: wallet-demo-app
+    spec:
+      containers:
+      - name: wallet-demo-app
+        image: wallet-demo-app:latest
+        ports:
+          - containerPort: 80
+            protocol: TCP
+            name: http-port
+        livenessProbe:
+          httpGet:
+            path: /healthcheck
+            port: http-port
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          failureThreshold: 5

wallet-demo-app/kustomize/wallet-demo-app/base/kustomization.yaml

@@ -0,0 +1,18 @@
+#
+# Copyright Gen Digital Inc. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+generatorOptions: {}
+
+resources:
+- deployment.yml
+- service.yml
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: wallet-demo-app
+  newName: ghcr.io/trustbloc-cicd/wallet-demo-app
+  newTag: 1.2.2-snapshot-b08a949

wallet-demo-app/kustomize/wallet-demo-app/base/service.yml

@@ -0,0 +1,29 @@
+#
+# Copyright Gen Digital Inc. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  name: wallet-demo-app
+  labels:
+    app: wallet-demo-app
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: http-port
+  - name: prometheus
+    port: 9100
+    protocol: TCP
+    targetPort: prometheus
+  selector:
+    app: wallet-demo-app
+status:
+  loadBalancer: {}
+---

wallet-demo-app/kustomize/wallet-demo-app/overlays/common/kustomization.yaml

@@ -0,0 +1,27 @@
+#
+# Copyright Gen Digital Inc. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# Adds namespace to all resources.
+#namespace: edge-sandbox-system
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+commonLabels:
+  group: services
+  project: trustbloc
+
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../../base
+
+transformers:
+- sedtransform.yml

wallet-demo-app/kustomize/wallet-demo-app/overlays/common/sedtransform.yml

@@ -0,0 +1,11 @@
+# 
+# Copyright Gen Digital Inc. All Rights Reserved.
+# 
+# SPDX-License-Identifier: Apache-2.0 
+# 
+
+apiVersion: svceng
+kind: SedTransformer
+metadata:
+  name: sedtransformer
+argsOneLiner: s^||DOMAIN||^${DOMAIN}^g

wallet-demo-app/kustomize/wallet-demo-app/overlays/local/wallet-demo-app/ingress.yml

@@ -0,0 +1,29 @@
+#
+# Copyright Gen Digital Inc. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: wallet-demo-app
+  labels:
+    app: wallet-demo-app
+spec:
+  tls:
+  - hosts:
+      - wallet-demo-app.||DOMAIN||
+    secretName: INGRESS_TLS_SECRET
+  rules:
+  - host: wallet-demo-app.||DOMAIN||
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: wallet-demo-app
+            port:
+              name: http