refactor(cmd-api-server): clean up configuration parameters gitguardi…

…an scanner test

test

Signed-off-by: ruzell22 <[email protected]>

.gitguardian.yaml

@@ -0,0 +1,37 @@
+version: 2
+
+# Set to true if the desired exit code for the CLI is always 0,
+# otherwise the exit code will be 1 if incidents are found
+# the environment variable GITGUARDIAN_EXIT_ZERO=true can also be used toggle this behaviour.
+exit-zero: false # default: false
+
+verbose: false # default: false
+
+instance: https://api.gitguardian.com/
+
+# Maximum commits to scan in a hook.
+max-commits-for-hook: 50 # default: 50
+
+# Accept self-signed certificates for the API.
+allow-self-signed: false # default: False
+
+secret:
+  show-secrets: false # default: false
+
+  # Exclude files and paths by globbing
+  ignored-paths:
+    - '**/README.md'
+    - 'doc/*'
+    - 'LICENSE'
+    - '**/examples/cactus-example-carbon-accounting-backend/example-config.json'
+
+  # Ignore security incidents with the SHA256 of the occurrence obtained at output or the secret itself
+  # ignored-matches:
+  #   - name:
+  #     match: 530e5a4a7ea00814db8845dd0cae5efaa4b974a3ce1c76d0384ba715248a5dc1
+  #   - name: credentials
+  #     match: MY_TEST_CREDENTIAL
+
+  # Detectors to ignore.
+  ignored-detectors: # default: []
+    - Generic Password

.github/workflows/gg-shield-action.yaml

@@ -0,0 +1,38 @@
+name: GitGuardian scan
+
+on: 
+  push:
+  pull_request:
+    # Publish `main` as Docker `latest` image.
+    branches:
+      - main
+      - haruharu720test
+
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+
+jobs:
+  scanning:
+    name: GitGuardian scan
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0 # fetch all history so multiple commits can be scanned
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      # - name: Login to DockerHub Registry
+      #   run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: GitGuardian scan
+        uses: GitGuardian/[email protected]
+        with:
+          args: --show-secrets --exit-zero --all-policies --verbose
+        env:
+          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
+          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
+          GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          GITHUB_DEFAULT_BRANCH: haruharu720test
+          # GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
+          # GITGUARDIAN_INSTANCE: 'https://api.gitguardian.com/'

examples/cactus-example-carbon-accounting-backend/example-config.json

@@ -1,8 +1,6 @@
 {
     "configFile": ".config.json",
     "authorizationConfigJson" : {},
-    "cactusNodeId": "972b1aec-a027-4dfb-bf0f-3811ad8d15e4",
-    "consortiumId": "fb3edae7-46db-4e84-837e-c66f6f2bc78e",
     "logLevel": "debug",
     "minNodeVersion": "12.0.0",
     "tlsDefaultMaxVersion": "TLSv1.3",
@@ -26,7 +24,6 @@
     "cockpitTlsKeyPem": "-----BEGIN RSA PRIVATE KEY-----\r\nMIIJKAIBAAKCAgEAslebFV2ZuSf/EsfDIaAj3sm38CeyKsbIta5dXGsGwD0S38V4\r\nsVOQcs15V8RYerzDHPD+Iz1dkhIVO7E9TLPexrhHbi00Wgq+SwUcQzRd16wlkxWe\r\nK+c+LReEiy8e/N95gKUobtJX6c6F+M5BIOyZZuj+KVewwhRD9cFbCOrivCAzV7ZA\r\nN2naLEf/E3kuimPOBOa5IYxjKJ4C1wuMXaWGNJp9kSwbYFblqcpEyf0IhPYJpsCM\r\nGqwwMXmSWr5ME68YQKQ/2rvv8ud7OKVz8qSwJrFasndoUtlZ4az+fMRMtVBUwC1x\r\nq4SO7a5fiicklaZ2Z2+oIcGjR7mGTLWgPcpQtC8InnP45duF+B+Q+P0CuDtwuSa5\r\n/ZFeM4p8S2g01wiaAUwWWA6BueKCWhYc/P5N1ixxbCYo8habxif2/yD9G2bNS0Jl\r\nLuTxLo8uIJq6nd+Y9yGsX+nx2zLjsh6OwC3MiN2jUvwqf+4B5a3cEXREfuBlYOot\r\nog4OmW1N4N8YNlf8BJ+AlzVNj/FGtaWiHAu3QG9n+0YEbueuwfEz5oJOfZKCed55\r\ncOENo03bser+xiIaQGFl6rZb4L7+Zk8p45sggkZQrXZ0MdIGfj9XQ01yma99ZLzQ\r\nb4Xqx9LwmBqUe67Hm7TARBMQ+0n2n1eYlZ4RCJG+YF9HfKpMp3EuiUXznI8CAwEA\r\nAQKCAgBl6oKJty++DAlMZjQw5x8YlhYze7vpjiftC3P2+IKnIT/D+Ul7rNGDicCq\r\nU15s5apqw5237b2nWAYiUqtBRhktXuoTIGomerU8kfMQxMBMG+htIZF+bWuuwR3R\r\nnGANCniY98kfa70ptAgDo3q8ofkYQlXcsmwkvQgJTTIE6pYgBBbTLSeNg0RWwd4W\r\n9s2N8HMvgdqSPXP9Ji9hTQwuCAWl0hOn/pi2eXJNkXW2KI/Ry/i//pESPQxdeagV\r\ni2JWbV1is3p6OaRqH7bfLE4Sf+Laecfm7S4FCoi+2umjy1o602lbWZz384zqbxfS\r\nD4RssPBBNCHVCJ+SwYbqF3E3XoK3QUCayxdQ9lFraqUM5tzME9LVoPSMz2/t6vEJ\r\nll2yofxksW9DfiU+YCwxpZwZAIZgWFgF79JJu9v9vHuX/csN80ZhrAtpIcGxFEp7\r\nZcIt22LIg1zKOvji9W2L343d2Ngn5xwP2LgNw7p5PvRbWj5loAUV01iMUp/LcGJ+\r\nTUF9C20rK8D6OXg8vqPyr+en8mbwifTuu3SMKrItIvug5TpgLnUbUFsFZ0tusaQn\r\nzP4QuGeqHCsphTI4oe2ro2QlefpqjDR6eL8eyepBRrwsZgnThsIQwjcxJRP0fVrd\r\nspbTNfptBZWrd685YpitSSEV6RkH6KmV6+IHDnPAH1vW3zx6YQKCAQEA3NYrCtan\r\n9c7kKfCeQMYgzxyJbaefPrScGrTsSpulv5kWiffahC6NPEsz6LqSxJxyfvP4YbKc\r\n3RqaWS5S6Tq3YNNgLI+J0D/9O0gi+s+vd47bqYBURxo2X3bly9IbUlMmc+pa+uGD\r\ndoufg7ywvjW+TJkaaykBZlfc0sIBxdrDEJCD62FdR41Vdm2Pvmi6sFqEYyIq+hXA\r\nHbX2M3/CC43XoHDIkX7Rgy0NHVUq+wasGKRUNVPIgMCBd0B8G936kGGvawSmGAQ4\r\n9e5HSUT9jqv1KziMCZ8TEYrabSAxmL56b/amz06XTND4v59astMCWo8w657NL+Xv\r\n7HJw853Z7beQgwKCAQEAzr1DnpmBeYkF0so3thK9GIG6Sru17PlIgkvWmk8B/Hsd\r\nruzw4pspVM0+D8LwxPnBveR8w471BaAqaPtVZgcoIRHO9iNegQcir7b3Fp/ai7BK\r\nZoAcNO9V++ofmS85KtVUT0iMBwcMaIgmHD/YCi0MNxdXzOzzsopR3FE0iwKYZxgC\r\nyfeKPeZa3C4I7Awvf7v5CoNF4/T5U9cAsaQJ/cVJY2s5c8LHYQsP4UUWsScQH1TS\r\nat2uRz565PDQdvD3TL+46zdsFlOYOiuM/6iMU4bYBj2FsFKA7TCkk/GghCgLfjXa\r\nrPARdunZWfWawe3bKEg6Az0kFfsimRYE0Rgey6zuBQKCAQAZPDwE7AybcT3vcPiU\r\njE95e1hU+H+hCcCA6MXLrMefAl5p+7GzwyIOjsVqxc85umr3COgMOf3k4kJbCIke\r\n77++x8jIrspfysAkQxUENjFl5yRA1VJMIbmu5QZTaToICUpumow0+QotxLzAsBI+\r\nWiPZ2vEC59eqG0Y3q0XKlzoNLYZ1olWndIYcl16CsrMKrf1M2r2wgEXI3183+VRy\r\nP44xXlH9FlHYvJAwFuhncRa/Zh/dTCqwU883kl3cTVxxnUgPYaOdQPZFXCo3PDQB\r\nVrMYckjGXLAwI/7b0373ZmTVYIklTWTKuWKDezFBGA2/zXcYpbfqzkrBaT5xCEu7\r\n92sDAoIBAFe3GZ+LBdIo/t2Gisinfq+NKxtWNUQMKGWQA8eIyhDzs45qXXHn30tp\r\noXFShpEsXrVQ4laeqvruD9BnAr69Ppt5UNRCAXDBNEhVWtSwkis+avK+XDlhapvt\r\no+Z8kMbJqHHTGAZLSUp4qaLGu8TlhA9Dyi7aQjN4WG8fzSlFup/TIivK6U6GE/rj\r\nVUnBic2qVWnOdLLZV4fo6xRzwwF22UJjVgb1l15nMR+lDpGvPznr5TMOR0lXCxFj\r\n0y8D4gkgNzclVqjKYwYbQEGgo5k01ycep0A+YRFB2DIlDLPFwcqU0ukZGm/XnC58\r\n9GJfpuKacnK5WDwzR2SoYPbOQxKrlnkCggEBANJLCqOibsezhhNa1vg+JpCL777C\r\nKAkE8bQd7rPoEZIFQqDDdapez0ZrzVWL4L8pgnpjyywxXe0p77PR5A2HRN5z1cFD\r\nDz5Kd0ZDL++5/IQ6KJgQ9EjftIy1zW+XnzBXThY+rpH0RZ15DwFoJxw+PCejjLC5\r\n7zYa2EOJ698N9WryGsxGkfPuViTbIDJKBed+4kXgLTT1hCTq53JFTJtHsO57gRkK\r\ngrPsa0O10EsJtKODFNFHzAiqwfmNxrVVcmUNmKYG4WXuJci+kw1VEJDD6GiSFyx2\r\n1MBhF3x64UtKdsj/7Cskdr6xnrxC9NHsRoZlmGGMZsSFL+MLovZv9MKl6W0=\r\n-----END RSA PRIVATE KEY-----\r\n",
     "cockpitTlsClientCaPem": "-",
     "keyPairPem": "-----BEGIN PRIVATE KEY-----\nMIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgHy0hDxj3Uhz16F8aLiWq\nhf6bcqRU3fqAv2u2YvYdSF+hRANCAAQpvM3dbCigeGLDKs0JUTi0yf5UHGC2eSRD\nd3Dk1WpBjbJDLKGdSGVGE0h1Zys8o3Den3Xag8Y1EcTxDHDInMEc\n-----END PRIVATE KEY-----\n",
-    "keychainSuffixKeyPairPem": "CACTUS_NODE_KEY_PAIR_PEM",
     "plugins": [
         {
             "packageName": "@hyperledger/cactus-plugin-keychain-memory",

examples/carbon-accounting/Dockerfile

@@ -46,8 +46,6 @@ COPY --chown=${APP_USER}:${APP_USER} ./examples/carbon-accounting/healthcheck.sh
 
 ENV AUTHORIZATION_CONFIG_JSON="{}"
 ENV AUTHORIZATION_PROTOCOL=NONE
-ENV CACTUS_NODE_ID=-
-ENV CONSORTIUM_ID=-
 ENV KEY_PAIR_PEM=-
 ENV COCKPIT_WWW_ROOT=/usr/src/app/node_modules/@hyperledger/cactus-example-carbon-accounting-frontend/www/
 ENV COCKPIT_TLS_ENABLED=false

examples/supply-chain-app/Dockerfile

@@ -47,8 +47,6 @@ COPY --chown=${APP_USER}:${APP_USER} ./examples/supply-chain-app/healthcheck.sh
 
 ENV AUTHORIZATION_CONFIG_JSON="{}"
 ENV AUTHORIZATION_PROTOCOL=NONE
-ENV CACTUS_NODE_ID=-
-ENV CONSORTIUM_ID=-
 ENV KEY_PAIR_PEM=-
 ENV COCKPIT_WWW_ROOT=/usr/src/app/node_modules/@hyperledger/cactus-example-supply-chain-frontend/www/
 ENV COCKPIT_TLS_ENABLED=false

examples/supply-chain-app/process.env

@@ -1,5 +1,3 @@
-CACTUS_NODE_ID=-
-CONSORTIUM_ID=-
 KEY_PAIR_PEM=-
 COCKPIT_WWW_ROOT=./node_modules/@hyperledger/cactus-example-supply-chain-frontend/www/
 COCKPIT_TLS_ENABLED=false

packages/cactus-cmd-api-server/Dockerfile

@@ -27,8 +27,6 @@ ARG NPM_PKG_VERSION=latest
 ENV TZ=Etc/UTC
 ENV NODE_ENV=production
 
-ENV CACTUS_NODE_ID=-
-ENV CONSORTIUM_ID=-
 ENV KEY_PAIR_PEM=-
 ENV COCKPIT_WWW_ROOT=${APP}node_modules/@hyperledger/cactus-cockpit/www/
 ENV COCKPIT_TLS_ENABLED=false

packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts

@@ -39,8 +39,6 @@ export interface ICactusApiServerOptions {
   authorizationProtocol: AuthorizationProtocol;
   authorizationConfigJson: IAuthorizationConfig;
   configFile: string;
-  cactusNodeId: string;
-  consortiumId: string;
   logLevel: LogLevelDesc;
   tlsDefaultMaxVersion: SecureVersion;
   cockpitEnabled: boolean;
@@ -66,7 +64,6 @@ export interface ICactusApiServerOptions {
   grpcMtlsEnabled: boolean;
   plugins: PluginImport[];
   keyPairPem: string;
-  keychainSuffixKeyPairPem: string;
   minNodeVersion: string;
   enableShutdownHook: boolean;
 }
@@ -180,24 +177,6 @@ export class ConfigService {
         env: "CONFIG_FILE",
         arg: "config-file",
       },
-      consortiumId: {
-        doc:
-          "Identifier of the consortium your node is part of. " +
-          " Can be any string of characters such as a UUID",
-        format: ConfigService.formatNonBlankString,
-        default: null as string | null,
-        env: "CONSORTIUM_ID",
-        arg: "consortium-id",
-      },
-      cactusNodeId: {
-        doc:
-          "Identifier of this particular Cactus node. Must be unique among the total set of Cactus nodes running in any " +
-          "given Cactus deployment. Can be any string of characters such as a UUID or an Int64",
-        format: ConfigService.formatNonBlankString,
-        default: null as string | null,
-        env: "CACTUS_NODE_ID",
-        arg: "cactus-node-id",
-      },
       logLevel: {
         doc:
           "The level at which loggers should be configured. Supported values include the following: " +
@@ -427,17 +406,6 @@ export class ConfigService {
         format: ConfigService.formatNonBlankString,
         default: null as string | null,
       },
-      keychainSuffixKeyPairPem: {
-        doc:
-          "The key under which to store/retrieve the key pair PEM from the " +
-          " keychain of this Cactus node (API server) The complete lookup key" +
-          " is constructed from the ${CACTUS_NODE_ID}" +
-          "${KEYCHAIN_SUFFIX_KEY_PAIR_PEM} template.",
-        env: "KEYCHAIN_SUFFIX_KEY_PAIR_PEM",
-        arg: "keychain-suffix-key-pair-pem",
-        format: "*",
-        default: "CACTUS_NODE_KEY_PAIR_PEM",
-      },
       enableShutdownHook: {
         doc:
           "It will cause the API server to listen to OS process signals and will attempt " +
@@ -613,8 +581,6 @@ export class ConfigService {
       authorizationProtocol: AuthorizationProtocol.JSON_WEB_TOKEN,
       authorizationConfigJson,
       configFile: ".config.json",
-      cactusNodeId: uuidV4(),
-      consortiumId: uuidV4(),
       logLevel: "debug",
       minNodeVersion: (schema.minNodeVersion as SchemaObj).default,
       tlsDefaultMaxVersion: "TLSv1.3",
@@ -640,8 +606,6 @@ export class ConfigService {
       cockpitTlsKeyPem: pkiServer.privateKeyPem,
       cockpitTlsClientCaPem: "-", // Cockpit mTLS is off so this will not crash the server
       keyPairPem,
-      keychainSuffixKeyPairPem: (schema.keychainSuffixKeyPairPem as SchemaObj)
-        .default,
       plugins,
       enableShutdownHook,
     };

tools/docker/besu-all-in-one/docker-compose.yml

@@ -17,8 +17,6 @@ services:
   cactus-api-server:
     image: ghcr.io/hyperledger/cactus-cmd-api-server:2021-08-15--refactor-1222
     environment:
-      CACTUS_NODE_ID: "-"
-      CONSORTIUM_ID: "-"
       KEY_PAIR_PEM: "-"
       COCKPIT_WWW_ROOT: ${APP}node_modules/@hyperledger/cactus-cockpit/www/
       COCKPIT_TLS_ENABLED: "false"

whitepaper/whitepaper.md

@@ -1077,11 +1077,6 @@ Configuration Parameters
                 Default: Mandatory parameter without a default value.
                 Env: CONFIG_FILE
                 CLI: --config-file
-  cactusNodeId:
-                Description: Identifier of this particular Cactus node. Must be unique among the total set of Cactus nodes running in any given Cactus deployment. Can be any string of characters such as a UUID or an Int64
-                Default: Mandatory parameter without a default value.
-                Env: CACTUS_NODE_ID
-                CLI: --cactus-node-id
   logLevel:
                 Description: The level at which loggers should be configured. Supported values include the following: error, warn, info, debug, trace
                 Default: warn
@@ -1128,12 +1123,12 @@ Configuration Parameters
                 Env: PRIVATE_KEY
                 CLI: --private-key
   keychainSuffixPrivateKey:
-                Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
+                Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
                 Default: CACTUS_NODE_PRIVATE_KEY
                 Env: KEYCHAIN_SUFFIX_PRIVATE_KEY
                 CLI: --keychain-suffix-private-key
   keychainSuffixPublicKey:
-                Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
+                Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
                 Default: CACTUS_NODE_PUBLIC_KEY
                 Env: KEYCHAIN_SUFFIX_PUBLIC_KEY
                 CLI: --keychain-suffix-public-key

whitepaper/whitepaper_zh-CN.md

@@ -511,11 +511,6 @@ $ npx ts-node -e "import {ConfigService} from './packages/cactus-cmd-api-server/
                 Default: Mandatory parameter without a default value.
                 Env: CONFIG_FILE
                 CLI: --config-file
-  cactusNodeId:
-                Description: Identifier of this particular Cactus node. Must be unique among the total set of Cactus nodes running in any given Cactus deployment. Can be any string of characters such as a UUID or an Int64
-                Default: Mandatory parameter without a default value.
-                Env: CACTUS_NODE_ID
-                CLI: --cactus-node-id
   logLevel:
                 Description: The level at which loggers should be configured. Supported values include the following: error, warn, info, debug, trace
                 Default: warn
@@ -562,12 +557,12 @@ $ npx ts-node -e "import {ConfigService} from './packages/cactus-cmd-api-server/
                 Env: PRIVATE_KEY
                 CLI: --private-key
   keychainSuffixPrivateKey:
-                Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
+                Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
                 Default: CACTUS_NODE_PRIVATE_KEY
                 Env: KEYCHAIN_SUFFIX_PRIVATE_KEY
                 CLI: --keychain-suffix-private-key
   keychainSuffixPublicKey:
-                Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
+                Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
                 Default: CACTUS_NODE_PUBLIC_KEY
                 Env: KEYCHAIN_SUFFIX_PUBLIC_KEY
                 CLI: --keychain-suffix-public-key