Skip to content

Commit

Permalink
feat(rust): persist application data in a database
Browse files Browse the repository at this point in the history
  • Loading branch information
etorreborre committed Nov 20, 2023
1 parent 7d866ec commit 69552fe
Show file tree
Hide file tree
Showing 323 changed files with 11,959 additions and 9,594 deletions.
394 changes: 368 additions & 26 deletions Cargo.lock

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion examples/rust/example_projects/no_std/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ log-semihosting = []
log-uart = []

[dependencies]
ockam = { path = "../../../../implementations/rust/ockam/ockam", default_features = false, features = ["software_vault"] }
ockam = { path = "../../../../implementations/rust/ockam/ockam", optional = true, default_features = false, features = ["software_vault"] }

alloc-cortex-m = { version = "0.4.1", optional = true }
cortex-m = { version = "0.7.2", optional = true }
Expand Down
2 changes: 2 additions & 0 deletions examples/rust/get_started/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ std = [
"serde_json/default",
"ockam_multiaddr/std",
"ockam_api/std",
"storage",
]

# Feature: "no_std" enables functionality required for platforms
Expand All @@ -27,6 +28,7 @@ no_std = ["ockam/no_std"]
# Feature: "alloc" enables support for heap allocation on "no_std"
# platforms, requires nightly.
alloc = ["ockam/alloc", "serde_json/alloc"]
storage = ["ockam_api/storage"]

[dependencies]
anyhow = "1"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,14 @@ async fn main(ctx: Context) -> Result<()> {
// For a different application this attested attribute set can be different and
// distinct for each identifier, but for this example we'll keep things simple.
let credential_issuer = CredentialsIssuer::new(
node.identities().repository(),
node.identities().identity_attributes_repository(),
node.credentials(),
&issuer,
"trust_context".into(),
);
for identifier in known_identifiers.iter() {
node.identities()
.repository()
.identity_attributes_repository()
.put_attribute_value(identifier, b"cluster".to_vec(), b"production".to_vec())
.await?;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ async fn main(ctx: Context) -> Result<()> {
DefaultAddress::ECHO_SERVICE,
&sc_listener_options.spawner_flow_control_id(),
);
let allow_production = AbacAccessControl::create(node.identities_repository(), "cluster", "production");
let allow_production = AbacAccessControl::create(node.identity_attributes_repository(), "cluster", "production");
node.start_worker_with_access_control(DefaultAddress::ECHO_SERVICE, Echoer, allow_production, AllowAll)
.await?;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
use std::sync::Arc;

use hello_ockam::{create_token, import_project};
use ockam::abac::AbacAccessControl;
use ockam::identity::OneTimeCode;
use ockam::identity::{
AuthorityService, RemoteCredentialsRetriever, RemoteCredentialsRetrieverInfo, SecureChannelListenerOptions,
SecureChannelOptions, TrustContext, TrustMultiIdentifiersPolicy,
};
use ockam::identity::{CredentialsRetriever, OneTimeCode};
use ockam::remote::RemoteRelayOptions;
use ockam::{node, route, Context, Result, TcpOutletOptions};
use ockam_api::authenticator::enrollment_tokens::TokenAcceptor;
use ockam_api::nodes::NodeManager;
use ockam_api::{multiaddr_to_route, DefaultAddress};
use ockam_multiaddr::MultiAddr;
use ockam_transport_tcp::TcpTransportExtension;
use std::sync::Arc;

/// This node supports a "control" server on which several "edge" devices can connect
///
Expand Down Expand Up @@ -74,26 +75,24 @@ async fn start_node(ctx: Context, project_information_path: &str, token: OneTime
let tcp_project_session = multiaddr_to_route(&project.authority_route(), &tcp).await.unwrap(); // FIXME: Handle error

// Create a trust context that will be used to authenticate credential exchanges
let credentials_retriever = Arc::new(RemoteCredentialsRetriever::new(
node.secure_channels(),
RemoteCredentialsRetrieverInfo::new(
project.authority_identifier(),
tcp_project_session.route,
DefaultAddress::CREDENTIAL_ISSUER.into(),
),
));
let trust_context = TrustContext::new(
"trust_context_id".to_string(),
Some(AuthorityService::new(
node.credentials(),
project.authority_identifier(),
Some(Arc::new(RemoteCredentialsRetriever::new(
node.secure_channels(),
RemoteCredentialsRetrieverInfo::new(
project.authority_identifier(),
tcp_project_session.route,
DefaultAddress::CREDENTIAL_ISSUER.into(),
),
))),
Some(credentials_retriever.clone()),
)),
);

let credential = trust_context
.authority()?
.credential(node.context(), &control_plane)
.await?;
let credential = credentials_retriever.retrieve(node.context(), &control_plane).await?;

// start a credential exchange worker which will be
// later on to exchange credentials with the edge node
Expand All @@ -108,7 +107,7 @@ async fn start_node(ctx: Context, project_information_path: &str, token: OneTime
.await?;

// 3. create an access control policy checking the value of the "component" attribute of the caller
let access_control = AbacAccessControl::create(node.identities_repository(), "component", "edge");
let access_control = AbacAccessControl::create(node.identity_attributes_repository(), "component", "edge");

// 4. create a tcp outlet with the above policy
tcp.create_outlet(
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
use hello_ockam::{create_token, import_project};
use ockam::abac::AbacAccessControl;
use ockam::identity::OneTimeCode;
use ockam::identity::{
identities, AuthorityService, RemoteCredentialsRetriever, RemoteCredentialsRetrieverInfo, SecureChannelOptions,
TrustContext, TrustMultiIdentifiersPolicy,
};
use ockam::identity::{CredentialsRetriever, OneTimeCode};
use ockam::node;
use ockam::{route, Context, Result};
use ockam_api::authenticator::enrollment_tokens::TokenAcceptor;
Expand Down Expand Up @@ -74,26 +74,25 @@ async fn start_node(ctx: Context, project_information_path: &str, token: OneTime
// Create a trust context that will be used to authenticate credential exchanges
let tcp_project_session = multiaddr_to_route(&project.route(), &tcp).await.unwrap(); // FIXME: Handle error

// Create a trust context that will be used to authenticate credential exchanges
let credentials_retriever = Arc::new(RemoteCredentialsRetriever::new(
node.secure_channels(),
RemoteCredentialsRetrieverInfo::new(
project.authority_identifier(),
tcp_project_session.route,
DefaultAddress::CREDENTIAL_ISSUER.into(),
),
));
let trust_context = TrustContext::new(
"trust_context_id".to_string(),
Some(AuthorityService::new(
node.credentials(),
project.authority_identifier(),
Some(Arc::new(RemoteCredentialsRetriever::new(
node.secure_channels(),
RemoteCredentialsRetrieverInfo::new(
project.authority_identifier(),
tcp_project_session.route,
DefaultAddress::CREDENTIAL_ISSUER.into(),
),
))),
Some(credentials_retriever.clone()),
)),
);

let credential = trust_context
.authority()?
.credential(node.context(), &edge_plane)
.await?;
let credential = credentials_retriever.retrieve(node.context(), &edge_plane).await?;

// start a credential exchange worker which will be
// later on to exchange credentials with the control node
Expand All @@ -108,7 +107,8 @@ async fn start_node(ctx: Context, project_information_path: &str, token: OneTime
.await?;

// 3. create an access control policy checking the value of the "component" attribute of the caller
let access_control = AbacAccessControl::create(identities().repository(), "component", "control");
let access_control =
AbacAccessControl::create(identities().identity_attributes_repository(), "component", "control");

// 4. create a tcp inlet with the above policy

Expand Down
Loading

0 comments on commit 69552fe

Please sign in to comment.