Skip to main content
  1. Data-Holder-Testings/

Self-hosted configuration

Configuration details for self-hosted non-production environments

Wych non-production Data Holder Testing consists of 3 images:

Each of these services can be retrieved from the Wych Public container registry. To access this registry you require credentials. These credentials are available in the service portal or from your account manager.

The Wych Container Registry (WCR) stores and manages private container images and other artifacts, similar to the way Docker Hub stores public Docker container images. You can use the Docker command-line interface (Docker CLI) to login and pull images from WCR.

Overview #

Tester service is 1:1 with a Data Holder but Register and Register Auth can be shared.

flowchart LR; TEST --> DH1 DH1[Data Holder] --> REG[CDR Register] subgraph Database RDB[(Tester DB)] ADB[(Tester DB)] TDB[(Tester DB)] end subgraph Testing REG[Register] --> RDB[(Register DB)] AUTH[Register Auth] --> ADB[(Auth DB)] TEST[Tester] --> TDB[(Tester DB)] TEST[Tester] --configures--> RDB end

Log in to WCR #

Docker CLI - You must also have Docker installed locally. Docker provides packages that easily configure Docker on any Linux, macOS, or Windows system.

For best practice to manage login credentials, see the docker login command reference:

docker login wychaustralia.azurecr.io

A successful login will show Login Succeeded once completed.

It is advisable to proxy the request against the WCR, this ensures you don’t have to share the registry credentials with multiple people and you can also scan the images for vulnerabilities before they enter your environment. This approach should be the same for other public repositories such as docker hub or quay.io.

AU Register Auth #

Lets start by pulling the AU Register Auth. This service provides the security, infosec, token and key capabilities of the Register. This version has been designed to support Data Holder testing and can be shared by multiple Data Holder and Tester instances but has a 1:1 relationship with the AU register.

Pull the au-register-kc image #

For more information about see au-register-kc, including versions, changelog and configuration parameters.

docker pull wychaustralia.azurecr.io/au-register-kc:[version]

The deploy location of this service (the URL) is a required parameter for the Register service.

AU Register #

Next we will pull the AU register service. This service represents the ACCC’s AU register service, this version has been designed to support Data Holder testing and so while on an API level it is similar to the ACCC’s service it is fundamentally different in a number of key ways.

Pull the au-register image #

For more information about see au-register, including versions, changelog and configuration parameters.

docker pull wychaustralia.azurecr.io/au-register:[version]

AU Data Holder Tester #

Last service to pull requires the others to be ready, this is the Tester. This service is responsible for running the test scenarios and reporting the results of the audit.

Pull the au-dataholder-tester image #

For more information about see au-dataholder-tester, including versions, changelog and configuration parameters.

docker pull wychaustralia.azurecr.io/au-dataholder-tester:[version]

Docker #

Config #

Key Description
WYCH_BASE_URL The URL of this application, a self reference e.g. https://register.host.tld
WYCH_REGISTER_URL The URL of the register application
WYCH_REGISTER_AUTH_URL The URL of register auth application, no trailing slash.
WYCH_DATASOURCE_JDBC_URL The database JDBC URL in the form jdbc:postgresql://{{host}}}:{{port}}}/{{db_name}}}
WYCH_DATASOURCE_USERNAME The database users name
WYCH_DATASOURCE_PASSWORD The database users password
KC_DB_URL The register auth’s database JDBC URL in the form jdbc:postgresql://{{host}}}:{{port}}}/{{db_name}}}
KC_DB_USERNAME The register auth’s database users name
KC_DB_PASSWORD The register auth’s database users password
DATAHOLDER_RESOURCE_ENDPOINT The resource endpoint of the Data Holder
DATAHOLDER_INFOSEC_ENDPOINT The infosec endpoint of the Data Holder
DATAHOLDER_ADMIN_ENDPOINT The admin endpoint of the Data Holder
DATAHOLDER_PUBLIC_ENDPOINT The public endpoint of the Data Holder

Compose #

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

version: "3.7"
services:
  #####
  # shared database
  db:
    image: postgres
    init: true
    environment:
      PGDATA: /var/lib/postgresql/data/pgdata
      POSTGRES_USER: a-database-user
      POSTGRES_PASSWORD: a-database-password
    volumes:
      - db-volume:/var/lib/postgresql/data/pgdata
    ports:
      - "5432:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER $$POSTGRES_DB"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - test-network

  #####
  # auth service
  au-register-auth:
    image: wychaustralia.azurecr.io/au-register-kc:[version]
    depends_on:
      - db
    restart: on-failure
    ports:
      - "8080:8080"
    environment:
      KC_DB_URL: jdbc:postgresql://db:5432/wych
      KC_DB_USERNAME: a-database-user
      KC_DB_PASSWORD: a-database-password
    command: start-dev --db=postgres --features=token-exchange
    networks:
      - test-network

  #####
  # register service
  au-register:
    image: wychaustralia.azurecr.io/au-register:[version]
    depends_on:
      - db
      - au-register-auth
    restart: on-failure
    ports:
      - "8081:80"
    environment:
      WYCH_BASE_URL: http://au-register
      WYCH_REGISTER_AUTH_URL: http://au-register-auth:8080
      WYCH_DATASOURCE_JDBC_URL: jdbc:postgresql://db:5432/wych
      WYCH_DATASOURCE_USERNAME: a-database-user
      WYCH_DATASOURCE_PASSWORD: a-database-password
    networks:
      - test-network

  #####
  # tester service
  dataholder-tester:
    image: wychaustralia.azurecr.io/au-dataholder-tester:[version]
    depends_on:
      - db
      - au-register
      - au-register-auth
    restart: on-failure
    ports:
      - "8082:80"
    environment:
      WYCH_BASE_URL: http://dataholder-tester
      WYCH_REGISTER_URL: http://au-register
      WYCH_REGISTER_AUTH_URL: http://au-register-auth:8080

      WYCH_DATASOURCE_JDBC_URL: jdbc:postgresql://db:5432/wych
      WYCH_DATASOURCE_USERNAME: a-database-user
      WYCH_DATASOURCE_PASSWORD: a-database-password

      DATAHOLDER_RESOURCE_ENDPOINT: https://au-dataholder.HOST.TLD/dh/secured
      DATAHOLDER_INFOSEC_ENDPOINT: https://au-dataholder.HOST.TLD/dh/infosec
      DATAHOLDER_ADMIN_ENDPOINT: https://au-register.HOST.TLD/dh/secured
      DATAHOLDER_PUBLIC_ENDPOINT: https://au-register.HOST.TLD/dh/public
    networks:
      - test-network
 
networks:
  test-network:
volumes:
  db-volume:

AU Data Holder Testing

This Wych Data Holder Tester (Tester) is the Wych probe for validating the state of a Data Holder solution, this has been designed to support Data Holder testing for ACCC CDR standards with each test verifying a rule as set out in the specifications.

In its simplest form you can send request direction with the auth token for the relevant endpoint and their urls.

graph BT; DR[Data Holder Tester] --> DH[Data Holder]

Alternatively using the Wych Register:

Wych Register Auth for AU Data Holder Testing

This Wych register for AU Data Holder Testing (Register) represents the ACCC’s AU register service, this version has been designed to support Data Holder testing and so while on an API level it is similar to the ACCC’s service it is fundamentally different in a number of key ways.

graph BT; DH[Data Holder] --> REG[CDR Register] REG --> REGA[CDR Register Auth] DR[Data Holder Tester] --> REG DR --> DH DR --> REGA

The register can be shared by multiple Data Holder instance and multiple Data Holder Tester instances. The main consideration here is that the Data Holders must be able to talk to the Register Auth service and vice-versa and the Register Auth must be co-located with the Tester instances as they share a configuration data store.

Wych Register for AU Data Holder Testing

This Wych register for AU Data Holder Testing (Register) represents the ACCC’s AU register service, this version has been designed to support Data Holder testing and so while on an API level it is similar to the ACCC’s service it is fundamentally different in a number of key ways.

graph BT; DH[Data Holder] --> REG[CDR Register] DR[Data Holder Tester] --> REG DR --> DH

The register can be shared by multiple Data Holder instance and multiple Data Holder Tester instances. The main consideration here is that the Data Holders must be able to talk to the Register and vice-versa and the Register must be co-located with the Tester instances as they share a configuration data store.