Skip to main content

Getting started

This guide shows you how to easily get started with D1 Storage.

Running D1 Storage locally with Docker Compose

In this section, you will be guided through how to get started with D1 Storage in Docker. This guide will use gRPCurl to call the gRPC endpoints, but we also provide a Go client.

Requirements

By default D1 Storage reads its configuration from the TOML file config.toml, but it is possible to provide another configuration file or to overwrite specific configuration options. For more information, see the Configuration section in the user manual.

In the following we show how to use the built in Standalone ID Provider for user management. D1 Storage also supports using an external OIDC provider as an authentication/authorization mechanism. See the User Manual for more details.

Step 1: Start a local Docker Compose instance

Place the following Docker Compose file next to your config.toml. Note that we use S3 as the IO Provider in this example. For more details on how to configure various IO Providers see the User Manual.

services:
# D1 Storage
d1-service-storage:
image: cybercryptio/d1-service-storage:<version>
container_name: d1-service-storage
environment:
D1_IO_S3_URL: "http://minio:9000"
D1_IO_S3_BUCKET: "objects"
D1_IO_S3_ID: "storageid"
D1_IO_S3_KEY: "storagekey"
volumes:
- ${PWD}/config.toml:/config.toml
ports:
- 9000:9000
depends_on:
minio-init:
condition: service_completed_successfully
tty: true

# Object storage
minio:
image: minio/minio:RELEASE.RELEASE.2022-07-08T00-05-23Z
container_name: minio
volumes:
- /data
environment:
MINIO_ROOT_USER: "storageid"
MINIO_ROOT_PASSWORD: "storagekey"
command: server /data
healthcheck:
test: ["CMD", "curl", "-f", "localhost:9000/minio/health/live"]
timeout: 30s
interval: 5s
retries: 5

minio-init:
image: minio/mc:RELEASE.2022-07-06T14-54-36Z
container_name: minio-init
environment:
MINIO_ROOT_USER: "storageid"
MINIO_ROOT_PASSWORD: "storagekey"
MINIO_DEFAULT_BUCKETS: "objects"
entrypoint: |
/bin/sh -c "
/usr/bin/mc config host add --api s3v4 storage http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD};
/usr/bin/mc mb storage/$${MINIO_DEFAULT_BUCKETS};
/usr/bin/mc policy set public storage/$${MINIO_DEFAULT_BUCKETS};
"
depends_on:
minio:
condition: service_healthy

To start the service call

docker compose up --detach

You now have a complete D1 Storage instance inside Docker. The gRPC API is available on localhost:9000. When running the following command,

docker ps

the output will show that two containers, d1-service-storage and minio, are running.

Step 2: Bootstrap an initial user

docker exec d1-service-storage /d1-service-storage create-user

This user is created without any scopes, since this user should only be used to create other users, and user management does not require any scopes. Optionally you can set an additional parameter to set the scopes for the initial user. For more details on scopes see the the Standalone User Management section in the user manual.

Note down the generated credentials: user_id and password from the output. They should be used to login to D1 Storage.

Step 3: Login as initial user

Login as the initial user with the user_id and password using the LoginUser endpoint:

grpcurl -plaintext \
-d '{
"user_id": <user_id>,
"password": <password>
}' \
localhost:9000 d1.authn.Authn.LoginUser

Output:

{
"accessToken": <access token>,
"expiryTime": "1653039503"
}

When logging in, an access token is returned. The user needs to pass this token as gRPC metadata in all future calls in order to be authorized.

Step 4: Create a second user

The initial user can create a second user:

grpcurl -plaintext -H "authorization: bearer <access token>" \
-d '{
"scopes": ["READ", "CREATE", "UPDATE", "DELETE", "GETACCESS", "MODIFYACCESS"]
}' \
localhost:9000 d1.authn.Authn.CreateUser

Output:

{
"user_id": "44c8fa82-f8ed-46b0-94d1-8921a19c0d62",
"password": "Vju86gvJTEKK9zBIZAHloa2K0y2Vw_eJC7icmmCP-jc"
}

Step 5: Use D1 Storage to store an object

The new user can now store an object using the Store endpoint:

grpcurl -plaintext -H "authorization: bearer <access token>" \
-d '{
"plaintext": "1234",
"associated_data": "5678"
}' \
localhost:9000 d1.storage.Storage.Store

Output:

{
"object_id": "a9a909b9-6019-488d-bfb4-b8b4243ae177"
}

The user needs to keep the object_id in order to be able to retrieve the object later.

Step 6: Shut down the D1 Storage instance

The D1 Storage instance can be shut down by running:

docker compose down