provision

package module
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 19, 2019 License: Apache-2.0 Imports: 12 Imported by: 8

README

Provision Provision Release Go Report Card GoDoc Docker Container Image Size Docker Container Layers

Provision is a user and account micro-platform, a highly opinionated building block for TXN2 components. Provision defines basic object models that represent the foundation for an account, user and asset. Provision is intended as a fundamental dependency of current and future TXN2 platform services.

  • Elasticsearch is used as a database for Account, User and Asset objects.
  • Intended for basic storage, retrieval and searching.

Provision is intended as in internal service to be accessed by other services. Use a secure reverse proxy for direct access by system operators.

Configuration

Configuration is inherited from txn2/micro. The following configuration is specific to provision:

Flag Environment Variable Description
-esServer ELASTIC_SERVER Elasticsearch Server (default "http://elasticsearch:9200")
-systemPrefix SYSTEM_PREFIX Prefix for system indices. (default "system_")

Routes

Method Route Pattern Description
GET /prefix Get the prefix used for Elasticsearch indexes.
POST /account Upsert an Account object.
GET /account/:id Get an Account ojbect by id.
POST /keyCheck/:id Check if an AccessKey is associated with an account.
POST /searchAccounts Search for Accounts with a Lucene query.
POST /user Upsert a User object.
GET /user/:id Get a User object by id.
POST /searchUsers Search for Users with a Lucene query.
POST /userHasAccess Post an AccessCheck object with Token to determine basic access.
POST /userHasAdminAccess Post an AccessCheck object with Token to determine admin access.
POST /authUser Post Credentials and if valid receive a Token.
POST /asset Upsert an Asset.
GET /asset/:id Get an asset by id.
POST /searchAssets Search for Assets with a Lucene query.
GET /adm/:parentAccount/account/:account Get a child account.
POST /adm/:parentAccount/account Upsert a child account.
GET /adm/:parentAccount/children Get children of parent account.
GET /adm/:parentAccount/assets/:account Get assets with associations to account.
GET /adm/:parrentId/assetAssoc/:asset/:accountFrom/:accountTo Re-associate any routes from specified account to another (child or self)

Development

Testing using Elasticsearch and Kibana in docker compose:

docker-compose up

Run for source:

go run ./cmd/provision.go --esServer="http://localhost:9200"

Examples

Util

Get Prefix
curl http://localhost:8080/prefix

Account

Upsert Account
curl -X POST \
  http://localhost:8080/account \
  -H 'Content-Type: application/json' \
  -d '{
    "id": "test_account",
    "description": "This is a test account",
    "display_name": "Test Organization",
    "active": true,
    "access_keys": [
        {
            "name": "test-data",
            "key": "sRqhFPdudA9s8qtVqgixHXyU8ubbYhrCBttC8amLdMwkxeZHskseNXyCRe4eXRxP",
            "description": "Generic access key",
            "active": true
        },
        {
            "name": "test",
            "key": "PDWgYr3bQGNoLptBRDkLTGQcRmCMqLGRFpXoXJ8xMPsMLMg3LHvWpJgDu2v3LYBA",
            "description": "Generic access key 2",
            "active": true
        }
    ],
    "modules": [
        "telematics",
        "wx",
        "data_science",
        "gpu"
    ]
}'
Get Account
curl http://localhost:8080/account/test_account
Search Accounts
curl -X POST \
  http://localhost:8080/searchAccounts \
  -d '{
  "query": {
    "match_all": {}
  }
}'
Check Key
curl -X POST \
  http://localhost:8080/keyCheck/test_account \
  -H 'Content-Type: application/json' \
  -d '{ 
	"name": "test_data", 
	"key": "sRqhFPdudA9s8qtVqgixHXyU8ubbYhrCBttC8amLdMwkxeZHskseNXyCRe4eXRxP"
}'

User

Upsert User
curl -X POST \
  http://localhost:8080/user \
  -H 'Content-Type: application/json' \
  -d '{
	"id": "test_user",
	"description": "Test User non-admin",
	"display_name": "Test User",
	"active": true,
	"sysop": false,
	"password": "eWidL7UtiWJABHgn8WAv8MWbqNKjHUqhNC7ZaWotEFKYNrLvzAwwCXC9eskPFJoY",
	"sections_all": false,
	"sections": ["api", "config", "data"],
	"accounts": ["test"],
	"admin_accounts": []
}'
Get User
curl -X GET http://localhost:8080/user/test_user
Search Users
curl -X POST \
  http://localhost:8080/searchUsers \
  -d '{
  "query": {
    "match_all": {}
  }
}'
Authenticate User
curl -X POST \
  http://localhost:8080/authUser \
  -H 'Content-Type: application/json' \
  -d '{
	"id": "test_user",
	"password": "eWidL7UtiWJABHgn8WAv8MWbqNKjHUqhNC7ZaWotEFKYNrLvzAwwCXC9eskPFJoY"
}'
Access Check
# first get a token
TOKEN=$(curl -s -X POST \
          http://localhost:8080/authUser?raw=true \
          -d '{
        	"id": "test_user",
        	"password": "eWidL7UtiWJABHgn8WAv8MWbqNKjHUqhNC7ZaWotEFKYNrLvzAwwCXC9eskPFJoY"
        }') && echo $TOKEN
        
# check for basic access
curl -X POST \
  http://localhost:8080/userHasAccess \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
	"sections": ["api"],
	"accounts": ["test"]
}'

# check for admin access
curl -X POST \
  http://localhost:8080/userHasAdminAccess \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
	"sections": ["api"],
	"accounts": ["test"]
}'

Asset

Upsert Asset
curl -X POST \
  http://localhost:8080/asset \
  -H 'Content-Type: application/json' \
  -d '{
	"id": "test-unique-asset-id-12345",
	"description": "A unique asset in the system.",
	"display_name": "Asset 12345",
	"active": true,
	"asset_class": "iot_device",
	"routes": [
		{ "account_id": "test", "model_id": "device_details", type: "system" },
		{ "account_id": "test", "model_id": "device_location", type: "account" }
	]
}'
Get Asset
curl -X GET http://localhost:8080/asset/test-unique-asset-id-12345
Search Assets
curl -X POST \
  http://localhost:8080/searchAssets \
  -H 'Content-Type: application/json' \
  -d '{
  "query": {
    "match_all": {}
  }
}'

Release Packaging

Build test release:

goreleaser --skip-publish --rm-dist --skip-validate

Build and release:

GITHUB_TOKEN=$GITHUB_TOKEN goreleaser --rm-dist

Documentation

Overview

Package provision implements Account, User and Asset objects for use in txn2 projects.

Index

Constants

View Source 
const EncCost = 12
View Source 
const IdxAccount = "account"
View Source 
const IdxAsset = "asset"
View Source 
const IdxUser = "user"
View Source 
const RedactMsg = "REDACTED"

Variables

This section is empty.

Functions

func AccountAccessCheckHandler added in v0.0.8 

func AccountAccessCheckHandler(checkAdmin bool) gin.HandlerFunc

AccountAccessCheckHandler

func GetAccountMapping 

func GetAccountMapping(prefix string) es.IndexTemplate

GetAccountMapping

func GetAssetMapping added in v0.1.1 

func GetAssetMapping(prefix string) es.IndexTemplate

GetAssetMapping

func GetUserMapping 

func GetUserMapping(prefix string) es.IndexTemplate

GetUserMapping

func UserHasAccessHandler added in v0.0.6 

func UserHasAccessHandler(c *gin.Context)

UserHasAccessHandler

func UserHasAdminAccessHandler added in v0.0.6 

func UserHasAdminAccessHandler(c *gin.Context)

UserHasAdminAccessHandler

func UserTokenHandler added in v0.0.7 

func UserTokenHandler() gin.HandlerFunc

UserTokenHandler

Types

type AccessCheck 

type AccessCheck struct {
	Sections []string `json:"sections"`
	Accounts []string `json:"accounts"`
}

AccessCheck is used to configure an access check

type AccessCheckResult added in v0.0.5 

type AccessCheckResult struct {
	AccessChecked *AccessCheck `json:"access_checked"`
	Status        bool         `json:"status"`
	Message       string       `json:"message"`
}

AccessCheckResult

type AccessKey 

type AccessKey struct {
	Name        string `json:"name" yaml:"name"`
	Description string `json:"description" yaml:"description"`
	Key         string `json:"key" yaml:"key"`
	Active      bool   `json:"active" yaml:"active"`
}

AccessKey

type Account 

type Account struct {
	Id          string      `json:"id" yaml:"id"`
	Parent      string      `json:"parent" yaml:"parent"`
	Description string      `json:"description" yaml:"description"`
	DisplayName string      `json:"display_name" yaml:"displayName"`
	Active      bool        `json:"active" yaml:"active"`
	Modules     []string    `json:"modules" yaml:"modules"`
	OrgId       int         `json:"org_id" yaml:"orgId"`
	AccessKeys  []AccessKey `json:"access_keys" yaml:"accessKeys"`
}

Account defines an account object

func (*Account) CheckEncryptKeys added in v0.0.11 

func (acnt *Account) CheckEncryptKeys(api *Api) error

CheckEncryptKeys checks and encrypts keys in the account object.

type AccountResult 

type AccountResult struct {
	es.Result
	Source Account `json:"_source"`
}

AccountResult returned from Elastic

type AccountResultAck added in v0.0.11 

type AccountResultAck struct {
	ack.Ack
	Payload AccountResult `json:"payload"`
}

AccountResultAck

type AccountSearchResults added in v0.0.2 

type AccountSearchResults struct {
	es.SearchResults
	Hits struct {
		Total    int             `json:"total"`
		MaxScore float64         `json:"max_score"`
		Hits     []AccountResult `json:"hits"`
	} `json:"hits"`
}

AccountSearchResults

type AccountSearchResultsAck added in v0.0.2 

type AccountSearchResultsAck struct {
	ack.Ack
	Payload AccountSearchResults `json:"payload"`
}

AccountSearchResultsAck

type AccountSummary added in v0.2.0 

type AccountSummary struct {
	Id          string   `json:"id" yaml:"id"`
	DisplayName string   `json:"display_name" yaml:"displayName"`
	Description string   `json:"description" yaml:"description"`
	Active      bool     `json:"active" yaml:"active"`
	Modules     []string `json:"modules" yaml:"modules"`
}

AccountSummary

type AccountSummaryResult added in v0.2.0 

type AccountSummaryResult struct {
	es.Result
	Source AccountSummary `json:"_source"`
}

AccountResult

type AccountSummaryResults added in v0.2.0 

type AccountSummaryResults struct {
	es.SearchResults
	Hits struct {
		Total    int                    `json:"total"`
		MaxScore float64                `json:"max_score"`
		Hits     []AccountSummaryResult `json:"hits"`
	} `json:"hits"`
}

AccountSummaryResults

type Api 

type Api struct {
	*Config
}

Api

func NewApi 

func NewApi(cfg *Config) (*Api, error)

NewApi

func (*Api) AssetAdmAssoc added in v0.2.0 

func (a *Api) AssetAdmAssoc(accountId string) (int, AssetSummaryResults, *es.ErrorResponse, error)

AssetAdmAssoc

func (*Api) AssetAdmAssocHandler added in v0.2.0 

func (a *Api) AssetAdmAssocHandler(c *gin.Context)

GetAdmAssetsHandler

func (*Api) AuthUser 

func (a *Api) AuthUser(auth Auth) (*UserResult, bool, error)

AuthUser authenticates a user with id and password

func (*Api) AuthUserHandler 

func (a *Api) AuthUserHandler(c *gin.Context)

AuthUserHandler

func (*Api) CheckKey added in v0.0.13 

func (a *Api) CheckKey(accountId string, key AccessKey) (bool, error)

CheckKey returns true if the provided key is valid for the account

func (*Api) CheckKeyHandler added in v0.0.13 

func (a *Api) CheckKeyHandler(c *gin.Context)

CheckKeyHandler

func (*Api) GetAccount 

func (a *Api) GetAccount(id string) (int, *AccountResult, error)

GetAccount

func (*Api) GetAccountHandler 

func (a *Api) GetAccountHandler(c *gin.Context)

GetAccountHandler gets an account by ID

func (*Api) GetAccountRaw added in v0.4.2 

func (a *Api) GetAccountRaw(id string) (int, *AccountResult, error)

GetAccountRaw returns raw account (un-redacted)

func (*Api) GetAdmAccountHandler added in v0.2.0 

func (a *Api) GetAdmAccountHandler(c *gin.Context)

GetAdmAccountHandler

func (*Api) GetAdmAssetsHandler added in v0.2.0 

func (a *Api) GetAdmAssetsHandler(c *gin.Context)

GetAdmAssetsHandler is same as parentAccount or account is a child of parentAccount

func (*Api) GetAdmChildAccounts added in v0.2.0 

func (a *Api) GetAdmChildAccounts(accountId string) (int, AccountSummaryResults, *es.ErrorResponse, error)

GetAdmChildAccounts get a list of account with a parent account id

func (*Api) GetAdmChildAccountsHandler added in v0.2.0 

func (a *Api) GetAdmChildAccountsHandler(c *gin.Context)

GetAdmChildAccountsHandler

func (*Api) GetAsset added in v0.1.1 

func (a *Api) GetAsset(id string) (int, *AssetResult, error)

GetAsset

func (*Api) GetAssetHandler added in v0.1.1 

func (a *Api) GetAssetHandler(c *gin.Context)

GetAssetHandler gets an asset by ID

func (*Api) GetUser 

func (a *Api) GetUser(id string) (int, *UserResult, error)

GetUser

func (*Api) GetUserHandler 

func (a *Api) GetUserHandler(c *gin.Context)

GetUserHandler gets a user by ID

func (*Api) PrefixHandler added in v0.0.2 

func (a *Api) PrefixHandler(c *gin.Context)

PrefixHandler

func (*Api) SearchAccounts added in v0.0.2 

func (a *Api) SearchAccounts(searchObj *es.Obj) (int, AccountSearchResults, *es.ErrorResponse, error)

SearchAccounts

func (*Api) SearchAccountsHandler added in v0.0.2 

func (a *Api) SearchAccountsHandler(c *gin.Context)

SearchAccountsHandler

func (*Api) SearchAssets added in v0.1.1 

func (a *Api) SearchAssets(searchObj *es.Obj) (int, AssetSearchResults, *es.ErrorResponse, error)

SearchAssets

func (*Api) SearchAssetsHandler added in v0.1.1 

func (a *Api) SearchAssetsHandler(c *gin.Context)

SearchAssetsHandler

func (*Api) SearchUsers added in v0.0.2 

func (a *Api) SearchUsers(searchObj *es.Obj) (int, UserSearchResults, *es.ErrorResponse, error)

SearchUsers

func (*Api) SearchUsersHandler added in v0.0.2 

func (a *Api) SearchUsersHandler(c *gin.Context)

SearchUsersHandler

func (*Api) SendEsMapping 

func (a *Api) SendEsMapping(mapping es.IndexTemplate) error

SetupUserIndexTemplate

func (*Api) UpsertAccount 

func (a *Api) UpsertAccount(account *Account) (int, es.Result, *es.ErrorResponse, error)

UpsertAccount inserts or updates an account. Elasticsearch treats documents as immutable.

func (*Api) UpsertAccountHandler 

func (a *Api) UpsertAccountHandler(c *gin.Context)

UpsertAccountHandler

func (*Api) UpsertAdmChildAccountHandler added in v0.2.0 

func (a *Api) UpsertAdmChildAccountHandler(c *gin.Context)

UpsertAccountHandler

func (*Api) UpsertAdmChildAccountUserHandler added in v0.4.1 

func (a *Api) UpsertAdmChildAccountUserHandler(c *gin.Context)

UpsertAdmChildAccountUserHandler

func (*Api) UpsertAsset added in v0.1.1 

func (a *Api) UpsertAsset(asset *Asset) (int, es.Result, *es.ErrorResponse, error)

UpsertAccount inserts or updates an asset. Elasticsearch treats documents as immutable.

func (*Api) UpsertAssetHandler added in v0.1.1 

func (a *Api) UpsertAssetHandler(c *gin.Context)

UpsertAssetHandler

func (*Api) UpsertUser 

func (a *Api) UpsertUser(user *User) (int, es.Result, *es.ErrorResponse, error)

UpsertUser inserts or updates a user record. Elasticsearch treats documents as immutable.

func (*Api) UpsertUserHandler 

func (a *Api) UpsertUserHandler(c *gin.Context)

UpsertUserHandler

type Asset added in v0.1.1 

type Asset struct {
	Id          string  `json:"id" yaml:"id"`
	AccountId   string  `json:"account_id" yaml:"accountId"`
	Description string  `json:"description" yaml:"description"`
	DisplayName string  `json:"display_name" yaml:"displayName"`
	AssetClass  string  `json:"asset_class" yaml:"assetClass"`
	AssetCfg    string  `json:"asset_cfg" yaml:"assetCfg"`
	Active      bool    `json:"active" yaml:"active"`
	Routes      []Route `json:"routes" yaml:"routes"`
}

Asset defines an asset object

type AssetResult added in v0.1.1 

type AssetResult struct {
	es.Result
	Source Asset `json:"_source"`
}

AssetResult returned from Elastic

type AssetResultAck added in v0.1.1 

type AssetResultAck struct {
	ack.Ack
	Payload AssetResult `json:"payload"`
}

AssetResultAck

type AssetSearchResults added in v0.1.1 

type AssetSearchResults struct {
	es.SearchResults
	Hits struct {
		Total    int           `json:"total"`
		MaxScore float64       `json:"max_score"`
		Hits     []AssetResult `json:"hits"`
	} `json:"hits"`
}

AssetSearchResults

type AssetSearchResultsAck added in v0.1.1 

type AssetSearchResultsAck struct {
	ack.Ack
	Payload AssetSearchResults `json:"payload"`
}

AssetSearchResultsAck

type AssetSummary added in v0.2.0 

type AssetSummary struct {
	Id          string   `json:"id" yaml:"id"`
	DisplayName string   `json:"display_name" yaml:"displayName"`
	Description string   `json:"description" yaml:"description"`
	Active      bool     `json:"active" yaml:"active"`
	Modules     []string `json:"modules" yaml:"modules"`
}

AccountSummary

type AssetSummaryResult added in v0.2.0 

type AssetSummaryResult struct {
	es.Result
	Source Account `json:"_source"`
}

AssetSummaryResult

type AssetSummaryResults added in v0.2.0 

type AssetSummaryResults struct {
	es.SearchResults
	Hits struct {
		Total    int                  `json:"total"`
		MaxScore float64              `json:"max_score"`
		Hits     []AssetSummaryResult `json:"hits"`
	} `json:"hits"`
}

AccountSummaryResults

type Auth 

type Auth struct {
	Id       string `json:"id"`
	Password string `json:"password"`
}

Auth for authenticating users

type ConditionCfg added in v0.3.1 

type ConditionCfg struct {
	Parser    string `json:"parser"`
	Condition string `json:"condition"`
}

Condition

type Config 

type Config struct {
	Logger     *zap.Logger
	HttpClient *micro.Client

	// used for communication with Elasticsearch
	// if nil, one will be created
	Elastic       *es.Client
	ElasticServer string

	// used to prefix the user and account indexes IdxPrefix_user, IdxPrefix_account
	// defaults to system.
	IdxPrefix string

	// pre-configured from server (txn2/micro)
	Token *token.Jwt
}

Config

type Route added in v0.2.0 

type Route struct {
	AccountId string `json:"account_id" yaml:"accountId"`
	ModelId   string `json:"model_id" yaml:"modelId"`

	// system or account
	Type string `json:"type" yaml:"type"`

	// conditional routing used by
	// edge parsers (qlrx, etc)
	Conditions []ConditionCfg `json:"conditions" yaml:"conditions"`
}

Route

type User 

type User struct {
	Id            string   `json:"id" json:"id" mapstructure:"id"`
	Description   string   `json:"description" yaml:"description" mapstructure:"description"`
	DisplayName   string   `json:"display_name" yaml:"displayName" mapstructure:"display_name"`
	Name          string   `json:"name" yaml:"name" mapstructure:"name"`
	Email         string   `json:"email" yaml:"email" mapstructure:"email"`
	EmailVerified bool     `json:"email_verified" yaml:"email_verified" mapstructure:"email_verified"`
	Picture       string   `json:"picture" yaml:"picture" mapstructure:"picture"`
	Active        bool     `json:"active" yaml:"active" mapstructure:"active"`
	Sysop         bool     `json:"sysop" yaml:"sysop" mapstructure:"sysop"`
	Password      string   `json:"password" yaml:"password" mapstructure:"password"`
	Sections      []string `json:"sections" yaml:"sections" mapstructure:"sections"`
	SectionsAll   bool     `json:"sections_all" yaml:"sectionsAll" mapstructure:"sections_all"`
	Accounts      []string `json:"accounts" yaml:"accounts" mapstructure:"accounts"`
	AdminAccounts []string `json:"admin_accounts" yaml:"adminAccounts" mapstructure:"admin_accounts"`
}

User defines a user object

func (*User) CheckEncryptPassword 

func (u *User) CheckEncryptPassword(api *Api) error

CheckEncryptPassword checks and encrypts the password in the user object.

func (*User) HasAccess 

func (u *User) HasAccess(ac *AccessCheck) bool

BasicAccess returns true is user is active and not locked

func (*User) HasAdminAccess 

func (u *User) HasAdminAccess(ac *AccessCheck) bool

HasAdminAccess

func (*User) HasBasicAccess 

func (u *User) HasBasicAccess() bool

BasicAccess returns true is user is active and not locked

type UserResult 

type UserResult struct {
	es.Result
	Source User `json:"_source"`
}

UserResult returned from Elastic

type UserResultAck added in v0.0.13 

type UserResultAck struct {
	ack.Ack
	Payload UserResult `json:"payload"`
}

UserTokenResultAck

type UserSearchResults added in v0.0.2 

type UserSearchResults struct {
	es.SearchResults
	Hits struct {
		Total    int          `json:"total"`
		MaxScore float64      `json:"max_score"`
		Hits     []UserResult `json:"hits"`
	} `json:"hits"`
}

UserSearchResults

type UserSearchResultsAck added in v0.0.2 

type UserSearchResultsAck struct {
	ack.Ack
	Payload UserSearchResults `json:"payload"`
}

UserSearchResultsAck

type UserTokenResult added in v0.0.2 

type UserTokenResult struct {
	User  User   `json:"user"`
	Token string `json:"token"`
}

UserTokenResult

type UserTokenResultAck added in v0.0.13 

type UserTokenResultAck struct {
	ack.Ack
	Payload UserTokenResult `json:"payload"`
}

UserTokenResultAck

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.