provision

package module
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2019 License: Apache-2.0 Imports: 12 Imported by: 8

README

Provision

Provision is a user and account micro-platform, a highly opinionated building block for TXN2 components. Provision defines basic object models that represent the foundation for an account and user. Provision is intended as a fundamental dependency of current and future TXN2 platform services.

Configuration

Configuration is inherited from txn2/micro. The following configuration is specific to provision:

Flag Environment Variable Description
-esServer ELASTIC_SERVER Elasticsearch Server (default "http://elasticsearch:9200")
-systemPrefix SYSTEM_PREFIX Prefix for system indices. (default "system_")

Development

Testing using Elasticsearch and Kibana in docker compose:

docker-compose up

Run for source:

go run ./cmd/provisison.go --esServer="http://localhost:9200"

Examples

Util

Get prefix:

curl http://localhost:8080/prefix

Account

Upsert account:

curl -X POST \
  http://localhost:8080/account \
  -d '{
	"id": "xorg",
	"description": "Organization X is an IOT data collection agency.",
	"display_name": "Organization X",
	"active": true,
    "modules": [
        "telematics",
        "wx",
        "data_science",
        "gpu"
    ]
}'

Get account:

curl http://localhost:8080/account/xorg

Search accounts:

curl -X POST \
  http://localhost:8080/searchAccounts \
  -d '{
  "query": {
    "match_all": {}
  }
}'

User

Upsert user:

curl -X POST \
  http://localhost:8080/user \
  -d '{
	"id": "sysop",
	"description": "Global system operator",
	"display_name": "System Operator",
	"active": true,
	"sysop": true,
	"password": "examplepassword",
	"sections_all": false,
	"sections": [],
	"accounts": [],
	"admin_accounts": []
}'

Get user:

curl http://localhost:8080/user/sysop

Search users:

curl -X POST \
  http://localhost:8080/searchUsers \
  -d '{
  "query": {
    "match_all": {}
  }
}'

Authenticate user:

curl -X POST \
  http://localhost:8080/authUser \
  -d '{
	"id": "sysop",
	"password": "examplepassword"
}'

Access check:

# first get a token
TOKEN=$(curl -s -X POST \
          http://localhost:8080/authUser?raw=true \
          -d '{
        	"id": "sysop",
        	"password": "examplepassword"
        }') && echo $TOKEN
        
# check for basic access
curl -X POST \
  http://localhost:8080/userHasAccess \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
	"sections": ["a","b"],
	"accounts": ["example","example2"]
}'

# check for admin access
curl -X POST \
  http://localhost:8080/userHasAdminAccess \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
	"sections": ["a","b"],
	"accounts": ["example","example2"]
}'

Release Packaging

Build test release:

goreleaser --skip-publish --rm-dist --skip-validate

Build and release:

GITHUB_TOKEN=$GITHUB_TOKEN goreleaser --rm-dist

Documentation

Overview

Copyright 2019 txn2

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const EncCost = 12
View Source 
const IdxAccount = "account"
View Source 
const IdxUser = "user"
View Source 
const RedactMsg = "REDACTED"

Variables

This section is empty.

Functions

func GetAccountMapping 

func GetAccountMapping(prefix string) es.IndexTemplate

GetAccountMapping

func GetUserMapping 

func GetUserMapping(prefix string) es.IndexTemplate

GetUserMapping

func UserHasAccessHandler added in v0.0.6 

func UserHasAccessHandler(c *gin.Context)

UserHasAccessHandler

func UserHasAdminAccessHandler added in v0.0.6 

func UserHasAdminAccessHandler(c *gin.Context)

UserHasAdminAccessHandler

Types

type AccessCheck 

type AccessCheck struct {
	Sections []string `json:"sections"`
	Accounts []string `json:"accounts"`
}

AccessCheck is used to configure an access check

type AccessCheckResult added in v0.0.5 

type AccessCheckResult struct {
	AccessChecked *AccessCheck `json:"access_checked"`
	Status        bool         `json:"status"`
	Message       string       `json:"message"`
}

AccessCheckResult

type AccessKey 

type AccessKey struct {
	Name        string `json:"name"`
	Description string `json:"description"`
	Key         string `json:"key"`
	Active      bool   `json:"active"`
}

AccessKey

type Account 

type Account struct {
	Id          string      `json:"id"`
	Description string      `json:"description"`
	DisplayName string      `json:"display_name"`
	Active      bool        `json:"active"`
	Modules     []string    `json:"modules"`
	OrgId       int         `json:"org_id"`
	AccessKeys  []AccessKey `json:"access_keys"`
}

User defines a DCP user object

type AccountResult 

type AccountResult struct {
	es.Result
	Source Account `json:"_source"`
}

AccountResult returned from Elastic

type AccountSearchResults added in v0.0.2 

type AccountSearchResults struct {
	es.SearchResults
	Hits struct {
		Total    int             `json:"total"`
		MaxScore float64         `json:"max_score"`
		Hits     []AccountResult `json:"hits"`
	} `json:"hits"`
}

AccountSearchResults

type AccountSearchResultsAck added in v0.0.2 

type AccountSearchResultsAck struct {
	ack.Ack
	Payload AccountSearchResults `json:"payload"`
}

AccountSearchResultsAck

type Api 

type Api struct {
	*Config
}

Api

func NewApi 

func NewApi(cfg *Config) (*Api, error)

NewApi

func (*Api) AuthUser 

func (a *Api) AuthUser(auth Auth) (*UserResult, bool, error)

AuthUser authenticates a user with id and password

func (*Api) AuthUserHandler 

func (a *Api) AuthUserHandler(c *gin.Context)

AuthUserHandler

func (*Api) GetAccount 

func (a *Api) GetAccount(id string) (int, *AccountResult, error)

GetAccount

func (*Api) GetAccountHandler 

func (a *Api) GetAccountHandler(c *gin.Context)

GetAccountHandler gets an account by ID

func (*Api) GetUser 

func (a *Api) GetUser(id string) (int, *UserResult, error)

GetUser

func (*Api) GetUserHandler 

func (a *Api) GetUserHandler(c *gin.Context)

GetUserHandler gets a user by ID

func (*Api) PrefixHandler added in v0.0.2 

func (a *Api) PrefixHandler(c *gin.Context)

PrefixHandler

func (*Api) SearchAccounts added in v0.0.2 

func (a *Api) SearchAccounts(searchObj *es.Obj) (int, AccountSearchResults, error)

SearchAccounts

func (*Api) SearchAccountsHandler added in v0.0.2 

func (a *Api) SearchAccountsHandler(c *gin.Context)

SearchAccountsHandler

func (*Api) SearchUsers added in v0.0.2 

func (a *Api) SearchUsers(searchObj *es.Obj) (int, UserSearchResults, error)

SearchUsers

func (*Api) SearchUsersHandler added in v0.0.2 

func (a *Api) SearchUsersHandler(c *gin.Context)

SearchUsersHandler

func (*Api) SendEsMapping 

func (a *Api) SendEsMapping(mapping es.IndexTemplate) error

SetupUserIndexTemplate

func (*Api) UpsertAccount 

func (a *Api) UpsertAccount(account *Account) (int, es.Result, error)

UpsertAccount inserts or updates an account. Elasticsearch treats documents as immutable.

func (*Api) UpsertAccountHandler 

func (a *Api) UpsertAccountHandler(c *gin.Context)

UpsertAccountHandler

func (*Api) UpsertUser 

func (a *Api) UpsertUser(user *User) (int, es.Result, error)

UpsertUser inserts or updates a user record. Elasticsearch treats documents as immutable.

func (*Api) UpsertUserHandler 

func (a *Api) UpsertUserHandler(c *gin.Context)

UpsertUserHandler

func (*Api) UserTokenHandler added in v0.0.2 

func (a *Api) UserTokenHandler() gin.HandlerFunc

UserTokenHandler

type Auth 

type Auth struct {
	Id       string `json:"id"`
	Password string `json:"password"`
}

Auth for authenticating users

type Config 

type Config struct {
	Logger     *zap.Logger
	HttpClient *micro.Client

	// used for communication with Elasticsearch
	// if nil, one will be created
	Elastic       *es.Client
	ElasticServer string

	// used to prefix the user and account indexes IdxPrefix_user, IdxPrefix_account
	// defaults to system.
	IdxPrefix string

	// pre-configured from server (txn2/micro)
	Token *token.Jwt
}

Config

type User 

type User struct {
	Id            string   `json:"id" mapstructure:"id"`
	Description   string   `json:"description" mapstructure:"description"`
	DisplayName   string   `json:"display_name" mapstructure:"display_name"`
	Active        bool     `json:"active" mapstructure:"active"`
	Sysop         bool     `json:"sysop" mapstructure:"sysop"`
	Password      string   `json:"password" mapstructure:"password"`
	Sections      []string `json:"sections" mapstructure:"sections"`
	SectionsAll   bool     `json:"sections_all" mapstructure:"sections_all"`
	Accounts      []string `json:"accounts" mapstructure:"accounts"`
	AdminAccounts []string `json:"admin_accounts" mapstructure:"admin_accounts"`
}

User defines a user object

func (*User) CheckEncryptPassword 

func (u *User) CheckEncryptPassword(api *Api) error

CheckEncryptPassword checks and encrypts the password in the user object.

func (*User) HasAccess 

func (u *User) HasAccess(ac *AccessCheck) bool

BasicAccess returns true is user is active and not locked

func (*User) HasAdminAccess 

func (u *User) HasAdminAccess(ac *AccessCheck) bool

HasAdminAccess

func (*User) HasBasicAccess 

func (u *User) HasBasicAccess() bool

BasicAccess returns true is user is active and not locked

type UserResult 

type UserResult struct {
	es.Result
	Source User `json:"_source"`
}

UserResult returned from Elastic

type UserSearchResults added in v0.0.2 

type UserSearchResults struct {
	es.SearchResults
	Hits struct {
		Total    int          `json:"total"`
		MaxScore float64      `json:"max_score"`
		Hits     []UserResult `json:"hits"`
	} `json:"hits"`
}

UserSearchResults

type UserSearchResultsAck added in v0.0.2 

type UserSearchResultsAck struct {
	ack.Ack
	Payload UserSearchResults `json:"payload"`
}

UserSearchResultsAck

type UserTokenResult added in v0.0.2 

type UserTokenResult struct {
	User  User   `json:"user"`
	Token string `json:"token"`
}

UserTokenResult

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.