fiware-ambassador-auth

command module

v0.0.0-...-7139e1e Latest Latest Go to latest Published: May 20, 2019 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/RoboticBase/fiware-ambassador-auth

Links

Open Source Insights

README ¶

fiware-ambassador-auth

This REST API service works with Ambassador on Kubernetes in order to authorize and authanticate the client.

Description

This REST API service accepts any path and any methods, and checks the Authorization Header of HTTP Request. In this version, Bearer Token Authorization and Basic Authorization are acceptable.

The authrization and authentication flow is like below:

If request host does not match any hosts, this service responds 403 Forbidden.
If request path contains no_auths.allowed_paths associated with the host, this service responds 200 OK.
If request host matches but Authorization Header does not exist, this service always responds with 401 Unauhtorized.
If Bearer Token does not exist in bearer_tokens associated with the host, this service responds with 401 Unauthorized.
If Bearer Token exists but requested path does not exist in bearer_tokens[?].allowed_paths associated with the host and Token, this service responds 403 Forbidden.
If a set of username and password does not exist in basic_auths associated with the host, this service responds with 401 Unauthorized.
If valid username and password exists but requested path does not exist in basic_auths[?].allowed_paths associated with the host and user, this service responds 403 Forbidden.
otherwise, this service responds 200 OK.

This REST API service is assumed to work with Ambassador on Kubernetes.

JSON template

set your tokens as the json like below.
host and allowed_paths can accept "rgular expression".

[
  {
    "host": "<<1st_FQDN_regex>>",
    "settings": {
      "bearer_tokens": [
        {
          "token": "<<token1>>",
          "allowed_paths": ["<<allowed_path1_regex>>", "<<allowed_path2_regex>>", ...]
        }, {
          ...
        }
      ],
      "basic_auths": [
        {
          "username": "<<user1>>",
          "password": "<<password_of_user1>>",
          "allowed_paths": ["<<allowed_path1_regex>>", "<<allowed_path2_regex>>", ...]
        }, {
          ...
        }
      ],
      "no_auths": {
        "allowed_paths": ["<<allowed_path1_regex>>", "<<allowed_path2_regex>>", ...]
      }
    }
  },
  {
    "host": "<<2nd_FQDN_regex>>",
    "settings": {
      ...
    }
  }
]

example:

[
  {
    "host": "^api\\..+$",
    "settings": {
      "bearer_tokens": [
        {
          "token": "cTHMfPsSDbPd8y4TcsiNg2CnI0Y5mpfl",
          "allowed_paths": ["^/path1/.*$", "^/path2/\\d+/.*.*$"]
        }, {
          "token": "Q0H83rnkIUVPSnoQb9UpZkEXIb42b5x9",
          "allowed_paths": ["^/path1/.*$"]
        }
      ],
      "basic_auths": [],
      "no_auths": {}
    }
  },
  {
    "host": "^web\\..+$",
    "settings": {
      "bearer_tokens": [],
      "basic_auths": [
        {
          "username": "admin",
          "password": "0YziWgALc6PCXgwt4rn8qVxX6iANBRvl",
          "allowed_paths": ["^/management/users/$", "^/management/pages/.*$"]
        }, {
          "username": "user1",
          "password": "0YziWgALc6PCXgwt4rn8qVxX6iANBRvl",
          "allowed_paths": ["^/management/pages/.*$"]
        }
      ],
      "no_auths": {
        "allowed_paths": ["^.*/static/.*$"]
      }
    }
  }
]

An envrionment variable vs. a JSON file

You can set your tokens as an environment variable (AUTH_TOKENS) or json file path (AUTH_TOKENS_PATH).

set tokens as an environment variable

When you use the environment variable, you have to set your json string as AUTH_TOKENS.
After this program starts, your changes will not be applied even if you change your environment variable.

set tokens as a JSON file

When you use the JSON file, you have to set your json file path as AUTH_TOKENS_PATH.
When you change your json file, your change will be applied even if this program has already started.

Run as Docker container

Pull container roboticbase/fiware-ambassador-auth from DockerHub.
```
$ docker pull roboticbase/fiware-ambassador-auth
```

Run Container.

If you want to change exposed port, set the LISTEN_PORT environment variable.

run container using an environment variable.

$ docker run -d -e AUTH_TOKENS="$(cat auth-tokens.json)" -e LISTEN_PORT=3000 -p 3000:3000 roboticbase/fiware-ambassador-auth:0.3.0

run container using a json file.

$ docker run -d -e AUTH_TOKENS_PATH="$(pwd)/auth-tokens.json" -e LISTEN_PORT=3000 -p 3000:3000 roboticbase/fiware-ambassador-auth:0.3.0

Build from source code

go get

$ go get -u github.com/RoboticBase/fiware-ambassador-auth
$ cd ${GOPATH}/src/github.com/RoboticBase/fiware-ambassador-auth

install dependencies

$ go get -u github.com/golang/dep/cmd/dep
$ dep ensure

go install

$ go install github.com/RoboticBase/fiware-ambassador-auth

run service

$ env LISTEN_PORT=3000 ${GOPATH}/bin/fiware-ambassador-auth

License

Apache License 2.0

Copyright

Documentation ¶

Overview ¶

Package main : entry point of fiware-ambassador-auth.

license: Apache license 2.0
copyright: Nobuyuki Matsui <nobuyuki.matsui@gmail.com>

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
router Package router : authorize and authenticate HTTP Request using HTTP Header.	Package router : authorize and authenticate HTTP Request using HTTP Header.
token Package token : hold token configurations to check sing HTTP Header.	Package token : hold token configurations to check sing HTTP Header.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL