docs: add example to show full encryption

build-trust · Sep 5, 2024 · f05fb76 · f05fb76
1 parent 0d8212a
commit f05fb76
Show file tree

Hide file tree

Showing 7 changed files with 139 additions and 3 deletions.
diff --git a/...rtals/kafka/redpanda/docker-field-encryption/application_team_consumer/docker-compose.yml b/...rtals/kafka/redpanda/docker-field-encryption/application_team_consumer/docker-compose.yml
@@ -39,7 +39,7 @@ services:
           echo "Press Ctrl+C to stop the container at any time, then execute "\
           "'./run.sh cleanup' to remove all containers.";
           echo "";
-          kafka-console-consumer.sh --topic demo --timeout-ms 50000 --bootstrap-server 127.0.0.1:9092 --max-messages 8 | tee output.txt;
+          kafka-console-consumer.sh --topic application_team_topic --timeout-ms 50000 --bootstrap-server 127.0.0.1:9092 --max-messages 8 | tee output.txt;
           if [[ ! -s output.txt ]]; then
             echo "Failed to receive messages";
             exit 1;

diff --git a/...rtals/kafka/redpanda/docker-field-encryption/application_team_producer/docker-compose.yml b/...rtals/kafka/redpanda/docker-field-encryption/application_team_producer/docker-compose.yml
@@ -45,7 +45,7 @@ services:
           sleep 2
           echo "Sending message: $${MESSAGES[n]}"
           echo -n "$${MESSAGES[n]}" | kafka-console-producer.sh \
-            --topic demo \
+            --topic application_team_topic \
             --bootstrap-server 127.0.0.1:9092 \
             --producer-property request.timeout.ms=30000
         done

diff --git a/...mand/portals/kafka/redpanda/docker-field-encryption/data_team_consumer/docker-compose.yml b/...mand/portals/kafka/redpanda/docker-field-encryption/data_team_consumer/docker-compose.yml
@@ -0,0 +1,57 @@
+---
+networks:
+  data_team:
+      driver: bridge
+services:
+  # Start a consumer node with ockam.
+  #
+  # Read kafka_client.dockerfile and run_ockam.sh to understand
+  # how the node is set up.
+  consumer:
+    container_name: data-consumer
+    build:
+      context: .
+      dockerfile: ../kafka_client.dockerfile
+      args:
+        OCKAM_VERSION: ${OCKAM_VERSION:-latest}
+    volumes:
+      - ./ockam-node.yaml:/ockam-node.yaml
+    environment:
+      ENROLLMENT_TICKET: ${DATA_CONSUMER_ENROLLMENT_TICKET:-}
+      OCKAM_DEVELOPER: ${OCKAM_DEVELOPER:-false}
+    networks:
+      - data_team
+    command:
+      - -c
+      - (
+          set -e
+
+          sleep 10
+
+          ockam node create ./ockam-node.yaml --enrollment-ticket $${ENROLLMENT_TICKET} &
+
+          sleep 14
+
+          echo "";
+          echo "Messages sent from producers will appear shortly.";
+          echo "It may take a couple of minutes for the first message to appear.";
+          echo "=======================================================================";
+          echo "Press Ctrl+C to stop the container at any time, then execute "\
+          "'./run.sh cleanup' to remove all containers.";
+          echo "";
+          kafka-console-consumer.sh --topic data_team_topic --timeout-ms 50000 --bootstrap-server 127.0.0.1:9092 --max-messages 8 | tee output.txt;
+          if [[ ! -s output.txt ]]; then
+            echo "Failed to receive messages";
+            exit 1;
+          fi;
+
+          echo "";
+          echo "The example run was successful 🥳.";
+          echo "The consumer was able to decrypt encrypted message";
+          echo "";
+
+          echo "=======================================================================";
+          echo "Open the console at http://127.0.0.1:8080 to see the encryted message.";
+          echo "=======================================================================";
+          tail -f /dev/null;
+        )
diff --git a/...command/portals/kafka/redpanda/docker-field-encryption/data_team_consumer/ockam-node.yaml b/...command/portals/kafka/redpanda/docker-field-encryption/data_team_consumer/ockam-node.yaml
@@ -0,0 +1,8 @@
+relay: data-consumer
+
+kafka-inlet:
+  from: 127.0.0.1:9092
+  to: /project/default/service/forward_to_redpanda/secure/api
+  avoid-publishing: true
+  allow-producer: data-producer
+  allow: redpanda
diff --git a/...mand/portals/kafka/redpanda/docker-field-encryption/data_team_producer/docker-compose.yml b/...mand/portals/kafka/redpanda/docker-field-encryption/data_team_producer/docker-compose.yml
@@ -0,0 +1,54 @@
+---
+networks:
+  data_team:
+      driver: bridge
+services:
+  # Start a producer node with ockam.
+  #
+  # Read kafka_client.dockerfile and run_ockam.sh to understand
+  # how the node is set up
+  producer:
+    container_name: data-producer
+    build:
+      context: .
+      dockerfile: ../kafka_client.dockerfile
+    volumes:
+      - ./ockam-node.yaml:/ockam-node.yaml
+    environment:
+      ENROLLMENT_TICKET: ${DATA_PRODUCER_ENROLLMENT_TICKET:-}
+      OCKAM_DEVELOPER: ${OCKAM_DEVELOPER:-false}
+    networks:
+      - data_team
+    command:
+      - -c
+      - |
+        set -e
+        
+        sleep 17
+
+        ockam node create -vv ./ockam-node.yaml --enrollment-ticket $${ENROLLMENT_TICKET} &
+
+        sleep 20
+
+        MESSAGES=(
+          '{"id":"1234","first_name":"Red","age":22,"job":"writer","pii":{"last_name":"Jones","ssn":"777-223-4344","zip":98208}}'
+          '{"id":"5678","first_name":"Blue","age":35,"job":"developer","pii":{"last_name":"Smith","ssn":"555-867-5309","zip":10001}}'
+          '{"id":"9012","first_name":"Green","age":28,"job":"designer","pii":{"last_name":"Johnson","ssn":"123-456-7890","zip":60601}}'
+          '{"id":"3456","first_name":"Yellow","age":41,"job":"manager","pii":{"last_name":"Brown","ssn":"999-888-7777","zip":90210}}'
+          '{"id":"7890","first_name":"Purple","age":19,"job":"student","pii":{"last_name":"Davis","ssn":"111-222-3333","zip":20001}}'
+          '{"id":"2345","first_name":"Orange","age":55,"job":"consultant","pii":{"last_name":"Wilson","ssn":"444-555-6666","zip":75001}}'
+          '{"id":"6789","first_name":"Pink","age":33,"job":"artist","pii":{"last_name":"Taylor","ssn":"888-999-0000","zip":80202}}'
+          '{"id":"0123","first_name":"Gray","age":47,"job":"scientist","pii":{"last_name":"Anderson","ssn":"222-333-4444","zip":94103}}'
+        )
+
+        for n in {0..7}; do
+          sleep 2
+          echo "Sending message: $${MESSAGES[n]}"
+          echo -n "$${MESSAGES[n]}" | kafka-console-producer.sh \
+            --topic data_team_topic \
+            --bootstrap-server 127.0.0.1:9092 \
+            --producer-property request.timeout.ms=30000
+        done
+
+        # Keep the container running
+        tail -f /dev/null
diff --git a/...command/portals/kafka/redpanda/docker-field-encryption/data_team_producer/ockam-node.yaml b/...command/portals/kafka/redpanda/docker-field-encryption/data_team_producer/ockam-node.yaml
@@ -0,0 +1,7 @@
+kafka-inlet:
+  from: 127.0.0.1:9092
+  to: /project/default/service/forward_to_redpanda/secure/api
+  consumer: /project/default/service/forward_to_data-consumer/secure/api
+  avoid-publishing: true
+  allow-consumer: data-consumer
+  allow: redpanda
diff --git a/examples/command/portals/kafka/redpanda/docker-field-encryption/run.sh b/examples/command/portals/kafka/redpanda/docker-field-encryption/run.sh
@@ -45,6 +45,10 @@ run() {
     application_team_producer_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m --attribute producer --attribute inlet)
     application_team_consumer_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m --attribute consumer --attribute inlet --relay consumer)
 
+    data_producer_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m --attribute data-producer --attribute inlet)
+    data_consumer_ticket=$(ockam project ticket --usage-count 1 --expires-in 10m --attribute data-consumer --attribute inlet --relay data-consumer)
+
+
     # Invoke `docker-compose up` in the directory that has redpanda_operator's configuration.
     # Pass the above enrollment ticket as an environment variable.
     #
@@ -59,7 +63,11 @@ run() {
     # in application_team's virtual private network.
     echo; pushd application_team_producer; PRODUCER_ENROLLMENT_TICKET="$application_team_producer_ticket" docker compose up -d; popd
 
-    echo; pushd application_team_consumer; CONSUMER_ENROLLMENT_TICKET="$application_team_consumer_ticket" docker compose up; popd
+    echo; pushd application_team_consumer; CONSUMER_ENROLLMENT_TICKET="$application_team_consumer_ticket" docker compose up -d; popd
+
+    echo; pushd data_team_producer; DATA_PRODUCER_ENROLLMENT_TICKET="$data_producer_ticket" docker compose up -d; popd
+
+    echo; pushd data_team_consumer; DATA_CONSUMER_ENROLLMENT_TICKET="$data_consumer_ticket" docker compose up -d; popd
 
 }
 
@@ -69,6 +77,8 @@ cleanup() {
     pushd redpanda_operator; docker compose down --rmi all --remove-orphans; popd
     pushd application_team_producer; docker compose down --rmi all --remove-orphans; popd
     pushd application_team_consumer; docker compose down --rmi all --remove-orphans; popd
+    pushd data_team_producer; docker compose down --rmi all --remove-orphans; popd
+    pushd data_team_consumer; docker compose down --rmi all --remove-orphans; popd
 }
 
 # Check if Ockam Command is already installed and available in path.