From 3efb30434bc12ee12232e69393240c66eb296281 Mon Sep 17 00:00:00 2001 From: baptiste-b-pegasys <85155432+baptiste-b-pegasys@users.noreply.github.com> Date: Wed, 4 May 2022 15:28:19 +0200 Subject: [PATCH 1/5] QLight Token Manager plugin usage --- .../manage/qlight-node.md | 67 ++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/docs/configure-and-manage/manage/qlight-node.md b/docs/configure-and-manage/manage/qlight-node.md index a4da8927..7d392744 100644 --- a/docs/configure-and-manage/manage/qlight-node.md +++ b/docs/configure-and-manage/manage/qlight-node.md @@ -1,3 +1,7 @@ +--- +description: Using QLight node +--- + # Using a GoQuorum qlight node A [qlight client node](../../concepts/qlight-node.md) requires a full node configured to act as a qlight server. @@ -66,7 +70,68 @@ The valid values are: - `none` - the token is not refreshed (this mechanism is for development/testing purposes only). - `external` - the refreshed token must be updated in the running qlight client process by invoking the `qlight.setCurrentToken` RPC API. -- `client-security-plugin` (default) - the client security plugin is used to periodically refresh the access token. Please see the client-security-plugin documentation for further details. +- `client-security-plugin` (default) - the client security plugin is used to periodically refresh the access token. Please see the client-security-plugin mode below. + +## client-security-plugin mode + +In this mode, a Go-Quorum plugin is called when reaching the expiration date, with a configuration anticipation time. +This plugin is configurable and you can even develop your own implementation of this plugin. + +A GoQuorum plugin is based on the Hashicorp plugin model, there is a gRPC model for the interface interaction: [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto). + +The model is pre-compiled as an SDK you can refer to, so you can develop your own implementation: [QLight Token Manager Plugin SDK in Go](https://github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go). + +The Go-Quorum implementation is using the Ory Hydra OAuth server: [GoQuorum Qlight Token Manager Plugin](https://github.com/ConsenSys/quorum-plugin-qlight-token-manager). + +You can refer to the GoQuorum examples Docker-compose file: [QLight Client with Token Manager Plugin](https://github.com/baptiste-b-pegasys/quorum-examples/pull/1/files#diff-f1ae6238d92e0b4f764eede62765302b1cfffee7e9a971a48ee97354b57b9686) (- [ ] TODO: fix this file in the quorum-example repository) + +The plugins are in the ConsenSys repository, they are downloed automatically when there are not present, an Internet connection is mandatory. You can provide your own plugin through the build of the plugin. + +You can refer to the [use of plugin with the hello world tutorial](/tutorials/use-plugins.md). + +### Steps + +1. Configure the plugins (`plugins/geth-plugin-settings.json`) + +``` +{ + "baseDir": "./plugins", + "providers": { + "qlighttokenmanager": { + "name":"quorum-plugin-qlight-token-manager", + "version":"1.0.0", + "config": "file://./plugins/qlight-token-manager-plugin-config.json" + }, + "helloworld": { + "name":"quorum-plugin-hello-world", + "version":"1.0.0", + "config": "file://./plugins/hello-world-plugin-config.json" + } + } +} +``` + +1. Configure the qlight token manager (`plugins/qlight-token-manager-plugin-config.json`) + +``` +{ + "url":"https://multi-tenancy-oauth2-server:4444/oauth2/token", + "method":"POST", + "parameters":{ + "grant_type":"client_credentials", + "client_id":"${PSI}", + "client_secret":"foofoo", + "scope":"rpc://eth_* p2p://qlight rpc://admin_* rpc://personal_* rpc://quorumExtension_* rpc://rpc_modules psi://${PSI}?self.eoa=0x0&node.eoa=0x0", + "audience":"Node1" + } +} +``` + +1. Enable the plugins configuration in the geth arguments + +Add the flag `--plugins file://./plugins/geth-plugin-settings.json --plugins.skipverify` so GoQuorum enables them. + +(`skipverify` will skip the verification of the plugins integrity) ## Native transport layer security (TLS) for P2P communication From 448190f5ef4656a7c86df33ab03aa6fc04d8ef07 Mon Sep 17 00:00:00 2001 From: baptiste-b-pegasys <85155432+baptiste-b-pegasys@users.noreply.github.com> Date: Wed, 4 May 2022 15:45:27 +0200 Subject: [PATCH 2/5] changes --- .../manage/qlight-node.md | 75 ++++++++++--------- 1 file changed, 38 insertions(+), 37 deletions(-) diff --git a/docs/configure-and-manage/manage/qlight-node.md b/docs/configure-and-manage/manage/qlight-node.md index 7d392744..910d8b81 100644 --- a/docs/configure-and-manage/manage/qlight-node.md +++ b/docs/configure-and-manage/manage/qlight-node.md @@ -77,61 +77,62 @@ The valid values are: In this mode, a Go-Quorum plugin is called when reaching the expiration date, with a configuration anticipation time. This plugin is configurable and you can even develop your own implementation of this plugin. -A GoQuorum plugin is based on the Hashicorp plugin model, there is a gRPC model for the interface interaction: [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto). +The plugins are in the ConsenSys repository and are downloaded automatically in their absence in the plugins directory. -The model is pre-compiled as an SDK you can refer to, so you can develop your own implementation: [QLight Token Manager Plugin SDK in Go](https://github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go). +But, you can provide your own plugin implementation: you can refer to the [use of plugin with the hello world tutorial](/tutorials/use-plugins.md) and do the same with the projects below: -The Go-Quorum implementation is using the Ory Hydra OAuth server: [GoQuorum Qlight Token Manager Plugin](https://github.com/ConsenSys/quorum-plugin-qlight-token-manager). +- A GoQuorum plugin is based on the Hashicorp plugin model, there is a gRPC model for the communication interaction: [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto). -You can refer to the GoQuorum examples Docker-compose file: [QLight Client with Token Manager Plugin](https://github.com/baptiste-b-pegasys/quorum-examples/pull/1/files#diff-f1ae6238d92e0b4f764eede62765302b1cfffee7e9a971a48ee97354b57b9686) (- [ ] TODO: fix this file in the quorum-example repository) +- The model is pre-compiled as an SDK you can refer to, so you can develop your own implementation: [QLight Token Manager Plugin SDK in Go](https://github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go). -The plugins are in the ConsenSys repository, they are downloed automatically when there are not present, an Internet connection is mandatory. You can provide your own plugin through the build of the plugin. +- The Go-Quorum implementation is using the Ory Hydra OAuth server: [GoQuorum Qlight Token Manager Plugin](https://github.com/ConsenSys/quorum-plugin-qlight-token-manager). + +- You can refer to the GoQuorum examples Docker-compose file: [QLight Client with Token Manager Plugin](https://github.com/baptiste-b-pegasys/quorum-examples/pull/1/files#diff-f1ae6238d92e0b4f764eede62765302b1cfffee7e9a971a48ee97354b57b9686) (- [ ] TODO: fix this file in the quorum-example repository) -You can refer to the [use of plugin with the hello world tutorial](/tutorials/use-plugins.md). ### Steps 1. Configure the plugins (`plugins/geth-plugin-settings.json`) -``` -{ - "baseDir": "./plugins", - "providers": { - "qlighttokenmanager": { - "name":"quorum-plugin-qlight-token-manager", - "version":"1.0.0", - "config": "file://./plugins/qlight-token-manager-plugin-config.json" - }, - "helloworld": { - "name":"quorum-plugin-hello-world", - "version":"1.0.0", - "config": "file://./plugins/hello-world-plugin-config.json" - } - } -} -``` + ``` + { + "baseDir": "./plugins", + "providers": { + "qlighttokenmanager": { + "name":"quorum-plugin-qlight-token-manager", + "version":"1.0.0", + "config": "file://./plugins/qlight-token-manager-plugin-config.json" + }, + "helloworld": { + "name":"quorum-plugin-hello-world", + "version":"1.0.0", + "config": "file://./plugins/hello-world-plugin-config.json" + } + } + } + ``` 1. Configure the qlight token manager (`plugins/qlight-token-manager-plugin-config.json`) -``` -{ - "url":"https://multi-tenancy-oauth2-server:4444/oauth2/token", - "method":"POST", - "parameters":{ - "grant_type":"client_credentials", - "client_id":"${PSI}", - "client_secret":"foofoo", - "scope":"rpc://eth_* p2p://qlight rpc://admin_* rpc://personal_* rpc://quorumExtension_* rpc://rpc_modules psi://${PSI}?self.eoa=0x0&node.eoa=0x0", - "audience":"Node1" + ``` + { + "url":"https://multi-tenancy-oauth2-server:4444/oauth2/token", + "method":"POST", + "parameters":{ + "grant_type":"client_credentials", + "client_id":"${PSI}", + "client_secret":"foofoo", + "scope":"rpc://eth_* p2p://qlight rpc://admin_* rpc://personal_* rpc://quorumExtension_* rpc://rpc_modules psi://${PSI}?self.eoa=0x0&node.eoa=0x0", + "audience":"Node1" + } } -} -``` + ``` 1. Enable the plugins configuration in the geth arguments -Add the flag `--plugins file://./plugins/geth-plugin-settings.json --plugins.skipverify` so GoQuorum enables them. + Add the flag `--plugins file://./plugins/geth-plugin-settings.json --plugins.skipverify` so GoQuorum enables them. -(`skipverify` will skip the verification of the plugins integrity) + (`skipverify` will skip the verification of the plugins integrity) ## Native transport layer security (TLS) for P2P communication From e494dd7d21bbcc5a41cec8e84f40186f25cab78a Mon Sep 17 00:00:00 2001 From: baptiste-b-pegasys <85155432+baptiste-b-pegasys@users.noreply.github.com> Date: Thu, 12 May 2022 14:06:08 +0200 Subject: [PATCH 3/5] Apply suggestions from code review --- docs/configure-and-manage/manage/qlight-node.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configure-and-manage/manage/qlight-node.md b/docs/configure-and-manage/manage/qlight-node.md index 910d8b81..9c9b2e77 100644 --- a/docs/configure-and-manage/manage/qlight-node.md +++ b/docs/configure-and-manage/manage/qlight-node.md @@ -74,14 +74,14 @@ The valid values are: ## client-security-plugin mode -In this mode, a Go-Quorum plugin is called when reaching the expiration date, with a configuration anticipation time. +In this mode, the configured Go-Quorum plugin is called when the token expiry is reached. This plugin is configurable and you can even develop your own implementation of this plugin. The plugins are in the ConsenSys repository and are downloaded automatically in their absence in the plugins directory. But, you can provide your own plugin implementation: you can refer to the [use of plugin with the hello world tutorial](/tutorials/use-plugins.md) and do the same with the projects below: -- A GoQuorum plugin is based on the Hashicorp plugin model, there is a gRPC model for the communication interaction: [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto). +- GoQuorum plugins are based on the Hashicorp plugin model, there is a gRPC model for the communication interaction: [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto). - The model is pre-compiled as an SDK you can refer to, so you can develop your own implementation: [QLight Token Manager Plugin SDK in Go](https://github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go). From fff1f8d376274a814cf57265c4c16124aa5c6941 Mon Sep 17 00:00:00 2001 From: baptiste-b-pegasys <85155432+baptiste-b-pegasys@users.noreply.github.com> Date: Thu, 12 May 2022 14:23:29 +0200 Subject: [PATCH 4/5] move qlight token manager doc to the conf doc file --- .../configure/qlight-node.md | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/docs/configure-and-manage/configure/qlight-node.md b/docs/configure-and-manage/configure/qlight-node.md index e6573000..2ce4cd08 100644 --- a/docs/configure-and-manage/configure/qlight-node.md +++ b/docs/configure-and-manage/configure/qlight-node.md @@ -52,3 +52,65 @@ Specify a refresh mechanism for the token using [`--qlight.client.token.manageme You can add an encryption layer on the qlight client-server communication. Configure the encryption layer using the [`qlight.tls.*`](../../reference/cli-syntax.md#qlighttls) command line options. + +## Configure the `client-security-plugin` mode + +In this mode, the configured Go-Quorum plugin is called when the token expiry is reached. +This plugin is configurable and you can even develop your own implementation of this plugin. + +The plugins are in the ConsenSys repository and are downloaded automatically in their absence in the plugins directory. + +But, you can provide your own plugin implementation: you can refer to the [use of plugin with the hello world tutorial](/tutorials/use-plugins.md) and do the same with the projects below: + +- GoQuorum plugins are based on the Hashicorp plugin model, there is a gRPC model for the communication interaction: [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto). + +- The model is pre-compiled as an SDK you can refer to, so you can develop your own implementation: [QLight Token Manager Plugin SDK in Go](https://github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go). + +- The Go-Quorum implementation is using the Ory Hydra OAuth server: [GoQuorum Qlight Token Manager Plugin](https://github.com/ConsenSys/quorum-plugin-qlight-token-manager). + +- You can refer to the GoQuorum examples Docker-compose file: [QLight Client with Token Manager Plugin](https://github.com/baptiste-b-pegasys/quorum-examples/pull/1/files#diff-f1ae6238d92e0b4f764eede62765302b1cfffee7e9a971a48ee97354b57b9686) (- [ ] TODO: fix this file in the quorum-example repository) + + +### Steps + +1. Configure the plugins (`plugins/geth-plugin-settings.json`) + + ``` + { + "baseDir": "./plugins", + "providers": { + "qlighttokenmanager": { + "name":"quorum-plugin-qlight-token-manager", + "version":"1.0.0", + "config": "file://./plugins/qlight-token-manager-plugin-config.json" + }, + "helloworld": { + "name":"quorum-plugin-hello-world", + "version":"1.0.0", + "config": "file://./plugins/hello-world-plugin-config.json" + } + } + } + ``` + +1. Configure the qlight token manager (`plugins/qlight-token-manager-plugin-config.json`) + + ``` + { + "url":"https://multi-tenancy-oauth2-server:4444/oauth2/token", + "method":"POST", + "parameters":{ + "grant_type":"client_credentials", + "client_id":"${PSI}", + "client_secret":"foofoo", + "scope":"rpc://eth_* p2p://qlight rpc://admin_* rpc://personal_* rpc://quorumExtension_* rpc://rpc_modules psi://${PSI}?self.eoa=0x0&node.eoa=0x0", + "audience":"Node1" + } + } + ``` + +1. Enable the plugins configuration in the geth arguments + + Add the flag `--plugins file://./plugins/geth-plugin-settings.json --plugins.skipverify` so GoQuorum enables them. + + (`skipverify` will skip the verification of the plugins integrity) \ No newline at end of file From 856ab923525e99bc7c41369bf29b56e5e7394d60 Mon Sep 17 00:00:00 2001 From: Roland Tyler Date: Mon, 16 May 2022 09:47:29 -0400 Subject: [PATCH 5/5] TW edits --- .../configure/qlight-node.md | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/docs/configure-and-manage/configure/qlight-node.md b/docs/configure-and-manage/configure/qlight-node.md index 2ce4cd08..132eea08 100644 --- a/docs/configure-and-manage/configure/qlight-node.md +++ b/docs/configure-and-manage/configure/qlight-node.md @@ -56,26 +56,25 @@ Configure the encryption layer using the [`qlight.tls.*`](../../reference/cli-sy ## Configure the `client-security-plugin` mode In this mode, the configured Go-Quorum plugin is called when the token expiry is reached. -This plugin is configurable and you can even develop your own implementation of this plugin. +You can configure and even develop your own implementation of this plugin. -The plugins are in the ConsenSys repository and are downloaded automatically in their absence in the plugins directory. +The plugins are in the ConsenSys repository and are downloaded automatically to the plugins directory. -But, you can provide your own plugin implementation: you can refer to the [use of plugin with the hello world tutorial](/tutorials/use-plugins.md) and do the same with the projects below: +You can provide your own plugin implementation. Refer to the [use of plugin with the hello world tutorial](../../tutorials/use-plugin.md) and follow the same steps with the following projects: -- GoQuorum plugins are based on the Hashicorp plugin model, there is a gRPC model for the communication interaction: [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto). +- [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto) - GoQuorum plugins are based on the Hashicorp plugin model, this is a gRPC model for the communication interaction. -- The model is pre-compiled as an SDK you can refer to, so you can develop your own implementation: [QLight Token Manager Plugin SDK in Go](https://github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go). +- [QLight Token Manager Plugin SDK in Go](https://github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go) - The model is pre-compiled as an SDK you can refer to, so you can develop your own implementation. -- The Go-Quorum implementation is using the Ory Hydra OAuth server: [GoQuorum Qlight Token Manager Plugin](https://github.com/ConsenSys/quorum-plugin-qlight-token-manager). - -- You can refer to the GoQuorum examples Docker-compose file: [QLight Client with Token Manager Plugin](https://github.com/baptiste-b-pegasys/quorum-examples/pull/1/files#diff-f1ae6238d92e0b4f764eede62765302b1cfffee7e9a971a48ee97354b57b9686) (- [ ] TODO: fix this file in the quorum-example repository) +- [GoQuorum Qlight Token Manager Plugin](https://github.com/ConsenSys/quorum-plugin-qlight-token-manager) - The Go-Quorum implementation using the Ory Hydra OAuth server. +You can refer to the [QLight Client with Token Manager Plugin](https://github.com/baptiste-b-pegasys/quorum-examples/pull/1/files#diff-f1ae6238d92e0b4f764eede62765302b1cfffee7e9a971a48ee97354b57b9686) Docker-compose file in the GoQuorum examples. ### Steps 1. Configure the plugins (`plugins/geth-plugin-settings.json`) - ``` + ```json { "baseDir": "./plugins", "providers": { @@ -93,9 +92,9 @@ But, you can provide your own plugin implementation: you can refer to the [use o } ``` -1. Configure the qlight token manager (`plugins/qlight-token-manager-plugin-config.json`) +2. Configure the qlight token manager (`plugins/qlight-token-manager-plugin-config.json`) - ``` + ```json { "url":"https://multi-tenancy-oauth2-server:4444/oauth2/token", "method":"POST", @@ -109,8 +108,8 @@ But, you can provide your own plugin implementation: you can refer to the [use o } ``` -1. Enable the plugins configuration in the geth arguments +3. Enable the plugins configuration in the geth arguments Add the flag `--plugins file://./plugins/geth-plugin-settings.json --plugins.skipverify` so GoQuorum enables them. - (`skipverify` will skip the verification of the plugins integrity) \ No newline at end of file + (`skipverify` will skip the verification of the plugins integrity)