Skip to content

Commit

Permalink
docs: add example to show full encryption
Browse files Browse the repository at this point in the history
  • Loading branch information
snandam committed Sep 5, 2024
1 parent 0d8212a commit 7d74ccb
Show file tree
Hide file tree
Showing 12 changed files with 148 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ services:
echo "Press Ctrl+C to stop the container at any time, then execute "\
"'./run.sh cleanup' to remove all containers.";
echo "";
kafka-console-consumer.sh --topic demo --timeout-ms 50000 --bootstrap-server 127.0.0.1:9092 --max-messages 8 | tee output.txt;
kafka-console-consumer.sh --topic application_team_topic --timeout-ms 50000 --bootstrap-server 127.0.0.1:9092 --max-messages 8 | tee output.txt;
if [[ ! -s output.txt ]]; then
echo "Failed to receive messages";
exit 1;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ kafka-inlet:
avoid-publishing: true
encrypted-field: pii
allow-producer: producer
allow: redpanda
allow: redpanda

Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,11 @@ services:
sleep 2
echo "Sending message: $${MESSAGES[n]}"
echo -n "$${MESSAGES[n]}" | kafka-console-producer.sh \
--topic demo \
--topic application_team_topic \
--bootstrap-server 127.0.0.1:9092 \
--producer-property request.timeout.ms=30000
done
# Keep the container running
tail -f /dev/null
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ kafka-inlet:
avoid-publishing: true
encrypted-field: pii
allow-consumer: consumer
allow: redpanda
allow: redpanda
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
networks:
data_team:
driver: bridge
services:
# Start a consumer node with ockam.
#
# Read kafka_client.dockerfile and run_ockam.sh to understand
# how the node is set up.
consumer:
container_name: data-consumer
build:
context: .
dockerfile: ../kafka_client.dockerfile
args:
OCKAM_VERSION: ${OCKAM_VERSION:-latest}
volumes:
- ./ockam-node.yaml:/ockam-node.yaml
environment:
ENROLLMENT_TICKET: ${DATA_CONSUMER_ENROLLMENT_TICKET:-}
OCKAM_DEVELOPER: ${OCKAM_DEVELOPER:-false}
networks:
- data_team
command:
- -c
- (
set -e

sleep 10

ockam node create ./ockam-node.yaml --enrollment-ticket $${ENROLLMENT_TICKET} &

sleep 14

echo "";
echo "Messages sent from producers will appear shortly.";
echo "It may take a couple of minutes for the first message to appear.";
echo "=======================================================================";
echo "Press Ctrl+C to stop the container at any time, then execute "\
"'./run.sh cleanup' to remove all containers.";
echo "";
kafka-console-consumer.sh --topic data_team_topic --timeout-ms 50000 --bootstrap-server 127.0.0.1:9092 --max-messages 8 | tee output.txt;
if [[ ! -s output.txt ]]; then
echo "Failed to receive messages";
exit 1;
fi;

echo "";
echo "The example run was successful 🥳.";
echo "The consumer was able to decrypt encrypted message";
echo "";

echo "=======================================================================";
echo "Open the console at http://127.0.0.1:8080 to see the encryted message.";
echo "=======================================================================";
tail -f /dev/null;
)

Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
relay: data-consumer

kafka-inlet:
from: 127.0.0.1:9092
to: /project/default/service/forward_to_redpanda/secure/api
avoid-publishing: true
allow-producer: data-producer
allow: redpanda
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
---
networks:
data_team:
driver: bridge
services:
# Start a producer node with ockam.
#
# Read kafka_client.dockerfile and run_ockam.sh to understand
# how the node is set up
producer:
container_name: data-producer
build:
context: .
dockerfile: ../kafka_client.dockerfile
volumes:
- ./ockam-node.yaml:/ockam-node.yaml
environment:
ENROLLMENT_TICKET: ${DATA_PRODUCER_ENROLLMENT_TICKET:-}
OCKAM_DEVELOPER: ${OCKAM_DEVELOPER:-false}
networks:
- data_team
command:
- -c
- |
set -e
sleep 17
ockam node create -vv ./ockam-node.yaml --enrollment-ticket $${ENROLLMENT_TICKET} &
sleep 20
MESSAGES=(
'{"id":"1234","first_name":"Red","age":22,"job":"writer","pii":{"last_name":"Jones","ssn":"777-223-4344","zip":98208}}'
'{"id":"5678","first_name":"Blue","age":35,"job":"developer","pii":{"last_name":"Smith","ssn":"555-867-5309","zip":10001}}'
'{"id":"9012","first_name":"Green","age":28,"job":"designer","pii":{"last_name":"Johnson","ssn":"123-456-7890","zip":60601}}'
'{"id":"3456","first_name":"Yellow","age":41,"job":"manager","pii":{"last_name":"Brown","ssn":"999-888-7777","zip":90210}}'
'{"id":"7890","first_name":"Purple","age":19,"job":"student","pii":{"last_name":"Davis","ssn":"111-222-3333","zip":20001}}'
'{"id":"2345","first_name":"Orange","age":55,"job":"consultant","pii":{"last_name":"Wilson","ssn":"444-555-6666","zip":75001}}'
'{"id":"6789","first_name":"Pink","age":33,"job":"artist","pii":{"last_name":"Taylor","ssn":"888-999-0000","zip":80202}}'
'{"id":"0123","first_name":"Gray","age":47,"job":"scientist","pii":{"last_name":"Anderson","ssn":"222-333-4444","zip":94103}}'
)
for n in {0..7}; do
sleep 2
echo "Sending message: $${MESSAGES[n]}"
echo -n "$${MESSAGES[n]}" | kafka-console-producer.sh \
--topic data_team_topic \
--bootstrap-server 127.0.0.1:9092 \
--producer-property request.timeout.ms=30000
done
# Keep the container running
tail -f /dev/null
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
kafka-inlet:
from: 127.0.0.1:9092
to: /project/default/service/forward_to_redpanda/secure/api
consumer: /project/default/service/forward_to_data-consumer/secure/api
avoid-publishing: true
allow-consumer: data-consumer
allow: redpanda
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ COPY --from=builder /ockam /usr/local/bin/ockam
ENV ENROLLMENT_TICKET=""

# Set the entrypoint to run bash
ENTRYPOINT ["/bin/bash"]
ENTRYPOINT ["/bin/bash"]
Original file line number Diff line number Diff line change
Expand Up @@ -80,3 +80,4 @@ services:
- 8080:8080
depends_on:
- redpanda

Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ relay: redpanda
# Declare a Kafka Outlet, with a local destination.
kafka-outlet:
bootstrap-server: ${REDPANDA_ADDRESS}:9092
allow: inlet
allow: inlet
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ run() {
application_team_producer_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m --attribute producer --attribute inlet)
application_team_consumer_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m --attribute consumer --attribute inlet --relay consumer)

data_producer_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m --attribute data-producer --attribute inlet)
data_consumer_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m --attribute data-consumer --attribute inlet --relay data-consumer)


# Invoke `docker-compose up` in the directory that has redpanda_operator's configuration.
# Pass the above enrollment ticket as an environment variable.
#
Expand All @@ -59,7 +63,11 @@ run() {
# in application_team's virtual private network.
echo; pushd application_team_producer; PRODUCER_ENROLLMENT_TICKET="$application_team_producer_ticket" docker compose up -d; popd

echo; pushd application_team_consumer; CONSUMER_ENROLLMENT_TICKET="$application_team_consumer_ticket" docker compose up; popd
echo; pushd application_team_consumer; CONSUMER_ENROLLMENT_TICKET="$application_team_consumer_ticket" docker compose up -d; popd

echo; pushd data_team_producer; DATA_PRODUCER_ENROLLMENT_TICKET="$data_producer_ticket" docker compose up -d; popd

echo; pushd data_team_consumer; DATA_CONSUMER_ENROLLMENT_TICKET="$data_consumer_ticket" docker compose up -d; popd

}

Expand All @@ -69,6 +77,8 @@ cleanup() {
pushd redpanda_operator; docker compose down --rmi all --remove-orphans; popd
pushd application_team_producer; docker compose down --rmi all --remove-orphans; popd
pushd application_team_consumer; docker compose down --rmi all --remove-orphans; popd
pushd data_team_producer; docker compose down --rmi all --remove-orphans; popd
pushd data_team_consumer; docker compose down --rmi all --remove-orphans; popd
}

# Check if Ockam Command is already installed and available in path.
Expand Down

0 comments on commit 7d74ccb

Please sign in to comment.