Skip to content
🔑 Authentication service for Wazo
Python Other
  1. Python 99.0%
  2. Other 1.0%
Branch: master
Clone or download

README.md

wazo-auth

Build Status

A micro-service to create tokens, check ACLs and delete expired tokens

Usage

Launching wazo-auth

wazo_auth [--user <user>] --config <path/to/config/file>

Getting a token

curl -k -i -X POST -H 'Content-Type: application/json' -u "alice:alice" "https://localhost:9497/0.1/token" -d '{"backend": "xivo_user"}'

Retrieving token data

curl -k -i -X GET -H 'Content-Type: application/json' "https://localhost:9497/0.1/token/${TOKEN}"

Boostraping wazo-auth

In order to be able to create users, groups and policies you have to be authenticated. The bootstrap process allows the administrator to create a first user with the necessary rights to be able to add other users.

Preparing wazo-auth to be bootstrapped

To be able to bootstrap wazo-auth, you will have to enable the init plugin and create a key file in wazo-auth's HOME directory. This can be done using the wazo-auth-bootstrap command.

wazo-auth-bootstrap setup && systemctl restart wazo-auth

Bootstrapping wazo-auth

Once wazo-auth is ready to be bootstrapped, calling the init resource with a username, password and the content of the key file will create a new user. The username and password can then be used to create a token with the auth.# acl. This can be done using the wazo-auth-bootstrap command.

wazo-auth-bootstrap complete

This script will create a configuration file named /root/.config/wazo-auth-cli/050-credentials.yml containing all necessary information to be used from the wazo-auth-cli.

Docker

The wazopbx/wazo-auth image can be built using the following command:

% docker build -t wazopbx/wazo-auth .

To run wazo-auth in docker, use the following commands:

% docker run -p 9497:9497 -v /conf/wazo-auth:/etc/wazo-auth/conf.d/ -it wazopbx/wazo-auth bash
% wazo-auth [-df] [-u <user>] [-c <path/to/config/file>]

The wazopbx/wazo-auth-db image can be built using the following command:

% docker build -f contribs/docker/Dockerfile-db -t wazopbx/wazo-auth-db .

Configuration

The default config is /etc/wazo-auth/config.yml, you could override in /etc/wazo-auth/conf.d/

Enabling the users registration API

To enable the users registration (/users/register) API endpoint, add a file containing the following lines to the /etc/wazo-auth/conf.d directory and restart wazo-auth

enabled_http_plugins:
  user_registration: true

Running unit tests

apt-get install libldap2-dev libpq-dev python-dev libffi-dev libyaml-dev libsasl2-dev
pip install tox
tox --recreate -e py27

Running integration tests

You need Docker installed.

cd integration_tests
pip install -U -r test-requirements.txt
make test-setup
make test

Load testing

To test wazo-auth with ab

Dependencies

  • ab
apt-get update && apt-get install apache2-utils

Running the tests

with the following content in '/tmp/body.json'

{"backend": "xivo_user"}
ab -n1000 -c25 -A 'alice:alice' -p /tmp/body.json -T 'application/json' "https://localhost:9497/0.1/token"

This line will start 25 process creating 1000 tokens with the username and password alice alice

Adding a new database migration

To add a new migration script for the database use the following command from the root of the project:

% ./alembic_revision.sh ""

To add a new ACL migration script use the following command from the root of the project:

% ./alembic_revision.sh -a ""

Available ACL policies are:

  • wazo_default_admin_policy
  • wazo_default_user_policy
You can’t perform that action at this time.