This repository contains the code of the IRIS connect endpoint server (EPS), which manages the communication between different actors in the IRIS connect ecosystem. It provides a gRPC server & client to exchange messages between different actors (eps), a service directory (sd) that provides a public registry of signed information about actors, and a TLS passthrough proxy (proxy) that enables actors to directly receive data from users via TLS.

Please also check out the documentation for more detailed information. Please check the docs subfolder for instructions on how to build/view the documentation locally.

Please ensure your Golang version is recent enough (>=1.13) before you attempt to build the software.

To build the eps, sd and proxy binaries, simply run

make

For testing and development you'll also need TLS certificates, which you can generate via

make certs

Please note that you need openssl on your system for this to work. This will generate all required certificates and put them in the settings/dev/certs and settings/dev/test folders. Please do not use these certificates in a production setting and do not check them into version control. Warning: Running this command again will delete an re-create all certificates from scratch.

Please see below for additional dependencies you might need to install for various purposes (e.g. to recompile protobuf code).

To build the example services (e.g. the "locations" services eps-ls) simply run

make examples

The eps binary will look for settings in a list of colon (:) separated directories as defined by the EPS_SETTINGS environment variable (or, if it is undefined in the settings subdirectory of the current directory). The development settings include an environment-based variable EPS_OP that allows you to use different certificates for testing. You should define these variables before running the development server:

export EPS_SETTINGS=`readlink -f settings/dev`
export EPS_OP=hd-1 # run server as the 'hd-1' operator

You can also source these things from the local .dev-setup script, which includes everything you need to get started:

source .dev-setup # load all development environment variables

There are also role-specific development/test settings in the settings/dev/roles directory. Those can be used to set up multiple EPS servers and test the communication between them. Please have a a look at the integration guidelines for more information about this.

Important: The settings parser includes support for variable replacement and many other things. But with great power comes great responsibility and attack surface, so make sure you only feed trusted YAML input to it, as it is not designed to handle untrusted or potentially malicious settings.

All EPS servers rely on the service directory (SD) to discover each other and learn about permissions, certificates and other important settings. For development, you can either use a JSON-based service directory, or run the service directory API like this:

SD_SETTINGS=settings/dev/roles/sd-1 sd run

To initialize the service directory you can upload the JSON-based directory:

# for development
make sd-setup
# for testing
make sd-test-setup

This should give you a fully functional API-based service directory with certificate and service information.

To run the development EPS server simply run (from the main directory)

EPS_SETTINGS=settings/dev/roles/hd-1 eps server run

This will run the EPS server for the role hd-1 (simulating a health department in the system). For this to work you need to ensure that your GOPATH is in your PATH. This will open the JSON RPC server and (depending on the settings) also a gRPC server.

To run the public and private proxy servers simply run (from the main directory)

# private proxy server
PROXY_SETTINGS=settings/dev/roles/private-proxy-1 proxy run private
# public proxy server
PROXY_SETTINGS=settings/dev/roles/private-proxy-1 proxy run public

To run the tests

make test # run normal tests
make test-races # test for race conditions

To run the benchmarks

make bench

If you're stuck debugging a problem please have a look at the debugging guidelines, which contain a few pointers that might help you to pinpoint problems in the system.

You can generate and update copyright headers as follows

make copyright

This will add appropriate headers to all Golang files. You can edit the generation and affected file types directly in the script (in .scripts). You should run this before committing code. Please note that any additional comments that appear directly at the top of the file will be replaced by this.

Currently this code is licensed under Affero GPL 3.0.

If you make modifications to the protocol buffers (.proto files) you need to recompile them using protoc. To install this on Debian/Ubuntu systems:

sudo apt install protobuf-compiler

To generate TLS certificates for testing and development you need to have openssl installed.

You can easily deploy the server as a service using systemd or Docke. Specific documentation coming up soon.

If you have any questions just contact us.

We are happy about your contribution to the project! In order to ensure compliance with the licensing conditions and the future development of the project, we require a signed contributor license agreement (CLA) for all contributions in accordance with the Harmony standard. Please sign the corresponding document for natural persons or for organizations and send it to us.

• Björn Steiger Stiftung SbR - https://www.steiger-stiftung.de