GenomicDataInfrastructure · MalinAhlberg · Apr 17, 2024 · Feb 27, 2024 · Apr 10, 2024 · Apr 10, 2024
diff --git a/config/config.yaml.example b/config/config.yaml.example
@@ -54,6 +54,16 @@ oidc:
   trusted:
     iss: "/iss.json"
 
+grpc:
+  host: "reencrypt"
+  port: 50443
+  cacert: "/shared/cert/ca.crt"
+  serverkey: "/shared/cert/server.key"
+  servercert: "/shared/cert/server.crt"
+  clientkey: "/shared/cert/client.key"
+  clientcert: "/shared/cert/client.crt"
+  timeout: 5
+
 schema:
   type: isolated
 
@@ -73,4 +83,4 @@ session:
   httponly: true
   # name of session cookie
   # default value = sda_session_key
-  name: "sda_session_key"
+  name: "sda_session_key"
diff --git a/docker-compose-demo.yml b/docker-compose-demo.yml
@@ -102,7 +102,25 @@ services:
     environment:
       - SERVER_JWTPUBKEYURL=https://oidc:8080/jwk
     volumes:
-    - cacert:/etc/ssl/certs/
+      - cacert:/etc/ssl/certs/
+
+
+  reencrypt:
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
+    command: [sda-reencrypt]
+    container_name: reencrypt
+    depends_on:
+      credentials:
+        condition: service_completed_successfully
+    restart: always
+    networks:
+      - secure
+    volumes:
+      - ${CONFIG_FILEPATH}:/config.yaml
+      - ${ISS_FILEPATH}:/iss.json
+      - shared:/shared
+      - cacert:/cacert
+
 
 volumes:
   cacert:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -24,7 +24,7 @@ services:
 
   auth:
     container_name: auth
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94-auth
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25-auth
     depends_on:
       credentials:
         condition: service_completed_successfully
@@ -63,7 +63,7 @@ services:
       interval: 5s
       timeout: 20s
       retries: 20
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94-rabbitmq
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25-rabbitmq
     networks:
       - secure
     ports:
@@ -87,7 +87,7 @@ services:
       interval: 5s
       timeout: 20s
       retries: 20
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94-postgres
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25-postgres
     networks:
       - secure
     restart: always
@@ -137,9 +137,10 @@ services:
       - DB_PASSWORD=${download_DB_PASSWORD}
       - DB_USER=${download_DB_USER}
       - OIDC_CONFIGURATION_URL=http://${DOCKERHOST:-dockerhost}:8080/oidc/.well-known/openid-configuration
+      - ARCHIVE_TYPE=s3seekable
     extra_hosts:
       - ${DOCKERHOST:-dockerhost}:host-gateway
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94-download
+    image: harbor.nbis.se/gdi/sda-download:20240415
     networks:
       - public
       - secure
@@ -170,7 +171,7 @@ services:
       - BROKER_USER=${finalize_BROKER_USER}
       - DB_PASSWORD=${finalize_DB_PASSWORD}
       - DB_USER=${finalize_DB_USER}
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
     networks:
       - secure
     restart: always
@@ -196,7 +197,7 @@ services:
       - BROKER_USER=${ingest_BROKER_USER}
       - DB_PASSWORD=${ingest_DB_PASSWORD}
       - DB_USER=${ingest_DB_USER}
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
     networks:
       - secure
     restart: always
@@ -222,7 +223,7 @@ services:
       - BROKER_USER=${mapper_BROKER_USER}
       - DB_PASSWORD=${mapper_DB_PASSWORD}
       - DB_USER=${mapper_DB_USER}
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
     networks:
       - secure
     restart: always
@@ -248,7 +249,7 @@ services:
       - BROKER_USER=${verify_BROKER_USER}
       - DB_PASSWORD=${verify_DB_PASSWORD}
       - DB_USER=${verify_DB_USER}
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
     networks:
       - secure
     restart: always
@@ -277,7 +278,7 @@ services:
       - SERVER_JWTPUBKEYURL=http://${DOCKERHOST:-dockerhost}:8080/oidc/jwk
     extra_hosts:
       - ${DOCKERHOST:-dockerhost}:host-gateway
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.94
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
     networks:
       - public
       - secure

diff --git a/scripts/certs/make_certs.sh b/scripts/certs/make_certs.sh
@@ -115,4 +115,7 @@ chmod 640 auth.key
 chown 0:65534 client.*
 chmod 640 client.*
 
+chown 0:65534 server.*
+chmod 640 server.*
+
 cp ca.crt /cacert/ca-certificates.crt
diff --git a/scripts/certs/ssl.cnf b/scripts/certs/ssl.cnf
@@ -91,7 +91,7 @@ subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth, serverAuth
-subjectAltName = DNS:localhost,DNS:dockerhost,DNS:mq,DNS:db,DNS:doa,DNS:download,DNS:server,DNS:oidc,IP:127.0.0.1
+subjectAltName = DNS:localhost,DNS:dockerhost,DNS:mq,DNS:db,DNS:doa,DNS:download,DNS:server,DNS:oidc,DNS:reencrypt,IP:127.0.0.1
 
 [ crl_ext ]
 # Extension for CRLs (`man x509v3_config`).

diff --git a/scripts/load_data.sh b/scripts/load_data.sh
@@ -5,16 +5,10 @@ apk -q --no-cache add curl jq
 
 pip -q install s3cmd
 
-FILES="NA12878.bam NA12878.bai NA12878_20k_b37.bam NA12878_20k_b37.bai"
+FILES="htsnexus_test_NA12878.bam htsnexus_test_NA12878.bam.bai htsnexus_test_NA12878.bam.blocks.yaml htsnexus_test_NA12878.bam.gzi"
 for file in ${FILES}; do
-    curl -s -L -o "$file" "https://github.com/ga4gh/htsget-refserver/raw/main/data/gcp/gatk-test-data/wgs_bam/$file"
+    curl -s -L -o "$file" "https://github.com/umccr/htsget-rs/raw/main/data/bam/$file"
 
-    case $file in (*.bai)
-        newname="$(basename "$file" .bai).bam.bai"
-        mv "$file" "$newname"
-        file="$newname"
-     ;;
-    esac
 
     yes | /shared/crypt4gh encrypt -p /shared/c4gh.pub.pem -f "$file"
     ENC_SHA=$(sha256sum "$file.c4gh" | cut -d' ' -f 1)

diff --git a/scripts/make_credentials.sh b/scripts/make_credentials.sh
@@ -17,7 +17,7 @@ for n in download finalize inbox ingest mapper sync verify; do
     curl -s -u test:test -X PUT "http://rabbitmq:15672/api/users/$n" -H "content-type:application/json" -d "${body_data}"
     curl -s -u test:test -X PUT "http://rabbitmq:15672/api/permissions/sda/$n" -H "content-type:application/json" -d '{"configure":"","write":"sda","read":".*"}'
 
-    ## password and permissions for DB
+
     psql -U postgres -h postgres -d sda -c "ALTER ROLE $n LOGIN PASSWORD '$n';"
 done
 
@@ -57,3 +57,4 @@ fi
 
 ## create TLS certificates
 bash /scripts/certs/make_certs.sh
+