This service handles user authentication for the platform. Namely this is used to maintain the set of known users, and their associated roles. Should a user need to interact with the platform, this service is responsible for generating the JWT token to be used when doing so.
This service depends on a couple of python libraries to work. To install them, please run the commands below. These have been tested on an ubuntu 16.04 environment (same used when generating) the service's docker image.
# you may need sudo for those
apt-get install -y python3-pip
python3 setup.pyAnother alternative is to use docker to run the service. To build the container, from the repository's root:
# you may need sudo on your machine: https://docs.docker.com/engine/installation/linux/linux-postinstall/
docker build -t <tag> -f docker/Dockerfile .Some auth configuration is made using environment variables. On a Linux system one can set a environment variable with the command
export VAR_NAME=varvalueon a docker-compose schema, one can set environment variables for a container Append the following configuration
environment:
VAR_NAME: "varvalue"The default value is used if the configuration was not provided The following variables can be set
- AUTH_DB_NAME
-
database type. Current only postgres is supported
-
default: postgres
-
AUTH_DB_USER
- The username used to access the database
- default: auth
-
AUTH_DB_PWD * The password used to access the database * default: empty password
-
AUTH_DB_HOST * The URL used to connect to the database * default: http://postgres
-
AUTH_KONG_URL * The URL where the Kong service can be found * If set to 'DISABLED' Auth won´t try to configure Kong and will generate secrets for the JWT tokens by itself. * default: http://Kong:8001
-
AUTH_TOKEN_EXP * Expiration time in second for generated JWT tokens * default: 420
-
AUTH_TOKEN_CHECK_SIGN * Whether Auth should verify received JWT signatures. Enabling this will cause one extra query to be performed. * default: False
-
AUTH_CACHE_NAME * Type of cache used. Currently only Redis is suported. * If set to 'NOCACHE' auth will work without cache. Disabling cache usage considerably degrades performance. * default: redis
-
AUTH_CACHE_USER * username to access the cache database * default: redis
-
AUTH_CACHE_PWD * password to acces the cache database * default: empty password
-
AUTH_CACHE_HOST * ip or hostname where the cache can be found * default: redis
-
AUTH_CACHE_TTL * Cache entry time to live in seconds * default: 720
-
AUTH_CACHE_DATABASE * cach database name (or number) * default: '0'
-
If you are running without docker, You will need to create and populate the database tables before the first run.
python3 shell:
>>> from webRouter import db
>>> db.create_all()Create the initial users, groups and permissions
python3 initialConf.pyThe API documentation for this service is written as API blueprints. To generate a simple web page from it, one may run the commands below.
npm install -g aglio # you may need sudo for this
# static webpage
aglio -i docs/auth.apib -o docs/auth.html
# serve apis locally
aglio -i docs/auth.apib -sAuth has some automated test scripts. We use Dredd <http://dredd.org/en/latest/>_ to execute them. Check the
Dockerfile <./tests/Dockerfile>_ used to build the test image to check how to run it.