Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gematik/poc-dsr-fachdienst-policy

Device security rating PoC - Fachdienst Policy
https://github.com/gematik/poc-dsr-fachdienst-policy

dsr idm poc

Last synced: 1 day ago
JSON representation

Device security rating PoC - Fachdienst Policy

Host: GitHub
URL: https://github.com/gematik/poc-dsr-fachdienst-policy
Owner: gematik
License: apache-2.0
Created: 2023-08-30T11:44:49.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-05-14T07:07:06.000Z (8 months ago)
Last Synced: 2024-11-08T16:35:51.791Z (about 2 months ago)
Topics: dsr, idm, poc
Language: Open Policy Agent
Homepage:
Size: 45.9 KB
Stars: 1
Watchers: 8
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: .github/SECURITY.md

Awesome Lists containing this project

README

# DSR Fachdienst OPA / policies

> [!NOTE]
> This software is a proof of concept and is not intended for production use. It will not be maintained or receive updates. Concepts from this project will be used in gematik specifications to standardize Zero Trust in Telematics Infrastructure. Developers are encouraged to use the implementation ideas in their own software.

> **Note:** `opa` and `docker` must be installed locally

## Build OPA bundle

```console
opa build -b src/bundle/ -o dsr-fachdienst-policy-bundle.tar.gz
```

## Configure (generate mandatory keys)

```shell script
./configure.sh
```

set your opa-user password in file nginx/.htpasswd
overwrite public key (generated by configure.sh in step above) in section "bundle_sign_puk" of file opa/opa-config.yaml

### OR: Build & Sign OPA bundle

```console
opa build -b src/bundle/ -o dsr-fachdienst-policy-bundle.tar.gz --signing-key sign/bundle_sign_prk.pem --signing-alg ES256 --claims-file sign/claims.json
```

#### ops sign command to create .signatures.json

```console
opa sign --signing-key sign/bundle_sign_prk.pem --signing-alg ES256 -b src/bundle/
```

### Inspect the OPA bundle

```console
opa inspect dsr-fachdienst-policy-bundle.tar.gz
```

### Test

```console
opa test -v src -f pretty --explain full
```

### Test with Coverage

```console
opa test -v src -f pretty --explain full --coverage --format=json
```

---

## Build the dsr/opa-bundle-server container image (based on NGINX)

```console
docker build -t dsr/opa-bundle-server .
```

### Run dsr/opa-bundle-server

```console
docker run -p 8787:80 dsr/opa-bundle-server
```

### Verify the dsr/opa-bundle-server

```console
curl --location 'http://localhost:8787/opa-bundle/dsr-fachdienst-policy-bundle.tar.gz' --header 'Authorization: Basic b3BhLXVzZXI6Tk9fU0VDUkVU' -o dsr-fachdienst-policy-bundle.tar.gz
```

---

## Run dsr/opa-bundle-server and a OPA server instance (locally)

```console
docker compose -f docker-compose-deployLocal-OPA.yml up
```