Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve documentation #1

Open
martin31821 opened this issue Jul 8, 2018 · 20 comments
Open

Improve documentation #1

martin31821 opened this issue Jul 8, 2018 · 20 comments
Assignees
Labels
enhancement New feature or request

Comments

@martin31821
Copy link
Member

  • User documentation

    • Using WS endpoint
    • Using WSS endpoint
    • Using TLS authentication
      • How to PKI
    • Using Ticket authentication
      • Using resume tokens
      • Separation between Ticket check and auth role list functions
    • Anonymous authentication
  • Developer documentation

    • Start improving this tool
  • Release information

@martin31821 martin31821 added the enhancement New feature or request label Jul 8, 2018
@goldcode88
Copy link

Can you give a config.json example firstly? Thanks

@johannwagner
Copy link
Member

There is no config.json.
You can configure the entire autobahnkreuz using commandline flags. I will get up a basic example within the next 24h.

@goldcode88
Copy link

Thanks. --authorizer-func --ticket-check-func --ticket-get-role-func ... is complex input without detail description.

@martin31821
Copy link
Member Author

@goldcode88 can you read over the documentation in the referenced PR and give us some feedback?

@goldcode88
Copy link

@martin31821
OK. I'll try autobahnkreuz according to the doc tomorrow, and then give you feedbacks.

@goldcode88
Copy link

goldcode88 commented Jul 22, 2018

@martin31821 @johannwagner
I have tried autobahnkreuz according to the doc. I can't boot autobahnkreuz normally for --feature-authorizer-mapping-func or .

I think it's preferable if more details can be provided.

  1. --ticket-check-func : From the doc, the string seems like checkTicket written by golang. But I think it's registered wamp's procedure, it can be implemented by nexus, autobahn.js or autobahn.py.
    For example, session.register('com.myapp.ticket.check', function). So --ticket-check-func string should be 'com.myapp.ticket.check'.
    --ticket-get-role-func --authorizer-func --feature-authorizer-mapping-func --feature-authorizer-matrix-func is the same.
    Maybe I misunderstood something.

2.--feature-authorizer-mapping-func and --feature-authorizer-matrix-func's description need provide input args and output result. I think it's also registered wamp's procedure. If nexus or autobahn.js client's example is provided, it'll be understood better.

Edited:
"user.token.authenticate" is registered wamp's procedure.
"user.get.roleid" is a faked string.
"user.get.authorizer.map" is a faked string.

$./autobahnkreuz --realm realm01 --ws-host test.example.com --ws-port 8901 --enable-anonymous --anonymous-authrole public --enable-ticket --ticket-check-func "user.token.authenticate" --ticket-get-role-func "user.get.roleid" --enable-feature-authorization true --enable-authorization true --feature-authorizer-mapping-func "user.get.authorizer.map"
[DEBUG ] 12:04:22.956 [email protected]:249 -- Interconnect startup
[CRITICAL] 12:04:22.956 github.com/EmbeddedEnterprises/autobahnkreuz/[email protected]:182 -- Can't enable both authorizers. Choose one!

@martin31821
Copy link
Member Author

It states exactly the problem with your configuration, which is that you have enabled both authorization ways. I added some documentation for the authorization part of autobahnkreuz, so it should be more clear how the parameters work together.

a valid command line which I am using for development is the following:
autobahnkreuz --enable-wss=false --enable-authorization=false --realm=$REALM --anonymous-authrole=public --ticket-check-func=$AUTHFUNC --ticket-get-role-func=$ROLEFUNC --exclude-auth-role=system,trusted

@goldcode88
Copy link

@martin31821
Thanks!

./autobahnkreuz --enable-wss=false --ws-host 127.0.0.1 --ws-port 8901 --enable-authorization=false --realm=realm --anonymous-authrole=public --ticket-check-func="user.token.authenticate" --ticket-get-role-func="user.token.authenticate" --exclude-auth-role=system,trusted

[DEBUG   ] 20:04:29.908 [email protected]:249 -- Interconnect startup
[INFO    ] 20:04:29.908 [email protected]:97 -- Enabling anonymous authentication, role: public
[INFO    ] 20:04:29.908 [email protected]:109 -- Enabling ticket auth, func: user.token.authenticate, roles: user.token.authenticate
[INFO    ] 20:04:29.908 [email protected]:119 -- Enabling resume token auth, roles: user.token.authenticate
2018/07/22 20:04:29 Starting router
2018/07/22 20:04:29 Added realm: realm
[INFO    ] 20:04:29.912 [email protected]:273 -- Router started, local client connected.
[CRITICAL] 20:04:29.913 github.com/EmbeddedEnterprises/autobahnkreuz/[email protected]:53 -- Failed to register create-token method!

The key of problem is ticket-check-func need a function, but "user.token.authenticate" is a wamp's endpoint created by autobahn.js.

func NewDynamicTicket(authfunc string, authrolefunc string, realm string, invalid mapset.Set, allowtoken bool) (*DynamicTicketAuth, error) {
	x := &DynamicTicketAuth{
		SharedSecretAuthenticator: SharedSecretAuthenticator{
			AuthMethodValue:  "ticket",
			InvalidAuthRoles: invalid,
			Realm:            realm,
			UpstreamGetAuthRolesFunc: authrolefunc,
		},
		UpstreamAuthFunc: authfunc,
		AllowResumeToken: allowtoken,
	}
	return x, nil
}

I thinks it's more flexible if authfunc is replaced by result, err := caller.Call(ctx, "user.token.authenticate", nil, callArgs, nil, ""). So authorization function can be implemented by any client language. Of course, current authorization's method have better performance.

@martin31821
Copy link
Member Author

martin31821 commented Jul 22, 2018

As you can see here we already invoke the ticket-check-func. Any functions you pass to autobahnkreuz via command line flags are wamp functions.

The error you are seeing was fixed in 0.9.2, are you sure you are running the latest version? (i.e. docker v0.9.2 or edge or git v0.9.2 or master)

Edit:
Some technical details: The NewDynamicTicket creates a dynamicTicketAuthenticator which is passed to nexus and gets invoked once a client connects and specifies authmethod ticket, in which case Authenticate() will get called, which invokes the specified ticket-check-func and later the ticket-get-role-func.

@goldcode88
Copy link

goldcode88 commented Jul 22, 2018

@martin31821
Yeah! I use the old version (your first commit).
For v0.9.2, I git clone from github.com. But I get and build it failure.

go get github.com/EmbeddedEnterprises/autobahnkreuz
# github.com/EmbeddedEnterprises/autobahnkreuz/filter
go/src/github.com/EmbeddedEnterprises/autobahnkreuz/filter/complex.go:19:15: undefined: router.PublishFilter

go build
# github.com/EmbeddedEnterprises/autobahnkreuz/filter
filter/complex.go:19:15: undefined: router.PublishFilter

@martin31821
Copy link
Member Author

Please use burrow or the prebuilt docker image. Using go get will get you the wrong dependencies.

@goldcode88
Copy link

goldcode88 commented Jul 23, 2018

@martin31821
I met the same issues by using burrow.
My steps:

1. $ brew install glide
2. go get github.com/EmbeddedEnterprises/burrow
3. go build (in burrow path)
4. set env for burrow
5. burrow clone https://github.com/EmbeddedEnterprises/autobahnkreuz/
6. entering the autobahnkreuz folder (I copy burrow into this folder later)
7. $ ./burrow run
[     build] Building project
[     build] # github.com/EmbeddedEnterprises/autobahnkreuz/filter
[     build] filter/complex.go:19:15: undefined: router.PublishFilter
[     build] Error running action: exit status 2
8. $ ./burrow build
[     build] Building project
[     build] # github.com/EmbeddedEnterprises/autobahnkreuz/filter
[     build] filter/complex.go:19:15: undefined: router.PublishFilter
[     build] Error running action: exit status 2
9. `autobahnkreuz` directory
$ ls
CODE_OF_CONDUCT.md	README.md		burrow			docs			glide.yaml
Dockerfile		auth			burrow.yaml		filter			main.go
LICENSE			bin			cli			glide.lock		util
10. glide.yaml
package: github.com/EmbeddedEnterprises/autobahnkreuz
import:
- package: github.com/gammazero/nexus
  repo: https://github.com/EmbeddedEnterprises/nexus.git
  vcs: git
  version: master
11. burrow.yaml
name: autobahnkreuz
version: 0.9.2
description: Advanced WAMP router based on nexus
authors:
- Martin Koppehel
- Fin Christensen
- Johann Wagner
license: BSD-3-Clause
package:
  include: []
args:
  run: ""
  go:
    test: ""
    build: -ldflags '-linkmode=external "-extldflags=-static"'
    doc: ""
    vet: ""
    fmt: -s
  glide:
    install: ""
    update: ""
    get: ""
  git:
    tag: -s -m 'Update version'
    clone: ""
12. glide.lock
hash: 82f7fb5177c9168a92a1eae87e6dcd1dd4c7af5d23783587111ce41adf9ab655
updated: 2018-07-12T22:13:42.198613371+02:00
imports:
- name: github.com/deckarep/golang-set
  version: 504e848d77ea4752b3057b8fb46da0e7f746ccf3
- name: github.com/gammazero/nexus
  version: c59a33dee67b11b4efbd5a1c11f6176226a6231c
  repo: https://github.com/EmbeddedEnterprises/nexus.git
  vcs: git
  subpackages:
  - client
  - router
  - router/auth
  - stdlog
  - transport
  - transport/serialize
  - wamp
  - wamp/crsign
- name: github.com/gorilla/websocket
  version: 5ed622c449da6d44c3c8329331ff47a9e5844f71
- name: github.com/op/go-logging
  version: 970db520ece77730c7e4724c61121037378659d9
- name: github.com/spf13/pflag
  version: 3ebe029320b2676d667ae88da602a5f854788a8a
- name: github.com/ugorji/go
  version: 2e1067cd04ec91c6fdf491ac8028c9d3aea73ab4
  subpackages:
  - codec
- name: golang.org/x/crypto
  version: a49355c7e3f8fe157a85be2f77e6e269a0f89602
  subpackages:
  - pbkdf2
testImports: []

@martin31821
Copy link
Member Author

you are missing a burrow e before burrow run, which will ensure your dependencies are initialized.

@fin-ger
Copy link

fin-ger commented Jul 23, 2018

We should consider adding a section to the burrow README that shows how the usual workflow with burrow looks like. I think it is not clear that burrow mimics a npm like workflow. @martin31821

@goldcode88
Copy link

@martin31821 @fin-ger

burrow e can't be executed successful.

$burrow e
[     fetch] Fetching dependencies from lock file
[     fetch] Error running action: fork/exec /bin/glide: no such file or directory

$ which glide
/usr/local/bin/glide

burrow can't find glide command. Maybe I miss some env variable.
I agree with @fin-ger. I need a whole workflow about burrow, or an example how to build an go app by burrow.

@fin-ger
Copy link

fin-ger commented Jul 23, 2018

Your GOPATH must be set for burrow to use the glide installation in your GOPATH.

@goldcode88
Copy link

goldcode88 commented Jul 24, 2018

@martin31821 @fin-ger
Thanks!
I have built autobahnkreuz successfully after set GOPATH. But I still met an issues in burrow building.
My OS Environments:

  1. mac OS Sierra 10.12.6
  2. go version go1.10.3 darwin/amd64
  3. glide version 0.13.1
$burrow e
[     fetch] Fetching dependencies from lock file
[     fetch] [INFO]	Loading mirrors from mirrors.yaml file
[     fetch] [INFO]	Downloading dependencies. Please wait...
[     fetch] [INFO]	--> Found desired version locally github.com/deckarep/golang-set 504e848d77ea4752b3057b8fb46da0e7f746ccf3!
[     fetch] [INFO]	--> Found desired version locally github.com/gammazero/nexus 81a086cf47177881fa1d0fe47e91ef442fd0bfdc!
[     fetch] [INFO]	--> Found desired version locally github.com/gorilla/websocket 5ed622c449da6d44c3c8329331ff47a9e5844f71!
[     fetch] [INFO]	--> Found desired version locally github.com/op/go-logging 970db520ece77730c7e4724c61121037378659d9!
[     fetch] [INFO]	--> Found desired version locally github.com/spf13/pflag 3ebe029320b2676d667ae88da602a5f854788a8a!
[     fetch] [INFO]	--> Found desired version locally github.com/ugorji/go 2e1067cd04ec91c6fdf491ac8028c9d3aea73ab4!
[     fetch] [INFO]	--> Found desired version locally golang.org/x/crypto a2144134853fc9a27a7b1e3eb4f19f1a76df13c9!
[     fetch] [INFO]	Setting references.
[     fetch] [INFO]	--> Setting version for github.com/spf13/pflag to 3ebe029320b2676d667ae88da602a5f854788a8a.
[     fetch] [INFO]	--> Setting version for golang.org/x/crypto to a2144134853fc9a27a7b1e3eb4f19f1a76df13c9.
[     fetch] [INFO]	--> Setting version for github.com/op/go-logging to 970db520ece77730c7e4724c61121037378659d9.
[     fetch] [INFO]	--> Setting version for github.com/gammazero/nexus to 81a086cf47177881fa1d0fe47e91ef442fd0bfdc.
[     fetch] [INFO]	--> Setting version for github.com/deckarep/golang-set to 504e848d77ea4752b3057b8fb46da0e7f746ccf3.
[     fetch] [INFO]	--> Setting version for github.com/gorilla/websocket to 5ed622c449da6d44c3c8329331ff47a9e5844f71.
[     fetch] [INFO]	--> Setting version for github.com/ugorji/go to 2e1067cd04ec91c6fdf491ac8028c9d3aea73ab4.
[     fetch] [INFO]	Exporting resolved dependencies...
[     fetch] [INFO]	--> Exporting github.com/gammazero/nexus
[     fetch] [INFO]	--> Exporting github.com/deckarep/golang-set
[     fetch] [INFO]	--> Exporting github.com/op/go-logging
[     fetch] [INFO]	--> Exporting github.com/gorilla/websocket
[     fetch] [INFO]	--> Exporting github.com/spf13/pflag
[     fetch] [INFO]	--> Exporting golang.org/x/crypto
[     fetch] [INFO]	--> Exporting github.com/ugorji/go
[     fetch] [INFO]	Replacing existing vendor dependencies
$burrow build
[     build] Building project
[     build] # command-line-arguments
[     build] /usr/local/Cellar/go/1.10.3/libexec/pkg/tool/darwin_amd64/link: running clang failed: exit status 1
[     build] ld: library not found for -lcrt0.o
[     build] clang: error: linker command failed with exit code 1 (use -v to see invocation)
[     build] Error running action: exit status 2

Then I use go build or go build -ldflags="-linkmode internal", I built successfully.
So I think burrow build options should be set or supported.

Anyway, I can continue to try autobahnkreuz.

@martin31821
Copy link
Member Author

martin31821 commented Jul 26, 2018

Then I use go build or go build -ldflags="-linkmode internal", I built successfully.
So I think burrow build options should be set or supported.

Burrow build options are fixed in burrow.yaml, since burrow is designed for creating reproducible builds and docker-based deployments.

@fin-ger
Copy link

fin-ger commented Jul 26, 2018

@goldcode88 You can use

burrow build -- -ldflags="-linkmode internal"

to add additional temporary flags to the go build process spawned by burrow.

@goldcode88
Copy link

@fin-ger @martin31821
I got it. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants