Provision is a user and account micro-platform, a highly opinionated building block for TXN2 components. Provision defines basic object models that represent the foundation for an account, user and asset. Provision is intended as a fundamental dependency of current and future TXN2 platform services.
- Elasticsearch is used as a database for Account, User and Asset objects.
- Intended for basic storage, retrieval and searching.
Provision is intended as in internal service to be accessed by other services. Use a secure reverse proxy for direct access by system operators.
Configuration is inherited from txn2/micro. The following configuration is specific to provision:
| Flag | Environment Variable | Description |
|---|---|---|
| -esServer | ELASTIC_SERVER | Elasticsearch Server (default "http://elasticsearch:9200") |
| -systemPrefix | SYSTEM_PREFIX | Prefix for system indices. (default "system_") |
| Method | Route Pattern | Description |
|---|---|---|
| GET | /prefix | Get the prefix used for Elasticsearch indexes. |
| POST | /account | Upsert an Account object. |
| GET | /account/:id | Get an Account ojbect by id. |
| POST | /keyCheck/:id | Check if an AccessKey is associated with an account. |
| POST | /searchAccounts | Search for Accounts with a Lucene query. |
| POST | /user | Upsert a User object. |
| GET | /user/:id | Get a User object by id. |
| POST | /searchUsers | Search for Users with a Lucene query. |
| POST | /userHasAccess | Post an AccessCheck object with Token to determine basic access. |
| POST | /userHasAdminAccess | Post an AccessCheck object with Token to determine admin access. |
| POST | /authUser | Post Credentials and if valid receive a Token. |
| POST | /asset | Upsert an Asset. |
| GET | /asset/:id | Get an asset by id. |
| POST | /searchAssets | Search for Assets with a Lucene query. |
| GET | /adm/:parentAccount/account/:account | Get a child account. |
| POST | /adm/:parentAccount/account | Upsert a child account. |
| GET | /adm/:parentAccount/children | Get children of parent account. |
| GET | /adm/:parentAccount/assets/:account | Get assets with associations to account. |
| GET | /adm/:parrentId/assetAssoc/:asset/:accountFrom/:accountTo | Re-associate any routes from specified account to another (child or self) |
Testing using Elasticsearch and Kibana in docker compose:
docker-compose upRun for source:
go run ./cmd/provision.go --esServer="http://localhost:9200"curl http://localhost:8080/prefixcurl -X POST \
http://localhost:8080/account \
-H 'Content-Type: application/json' \
-d '{
"id": "test_account",
"description": "This is a test account",
"display_name": "Test Organization",
"active": true,
"access_keys": [
{
"name": "test-data",
"key": "sRqhFPdudA9s8qtVqgixHXyU8ubbYhrCBttC8amLdMwkxeZHskseNXyCRe4eXRxP",
"description": "Generic access key",
"active": true
},
{
"name": "test",
"key": "PDWgYr3bQGNoLptBRDkLTGQcRmCMqLGRFpXoXJ8xMPsMLMg3LHvWpJgDu2v3LYBA",
"description": "Generic access key 2",
"active": true
}
],
"modules": [
"telematics",
"wx",
"data_science",
"gpu"
]
}'curl http://localhost:8080/account/test_accountcurl -X POST \
http://localhost:8080/searchAccounts \
-d '{
"query": {
"match_all": {}
}
}'curl -X POST \
http://localhost:8080/keyCheck/test_account \
-H 'Content-Type: application/json' \
-d '{
"name": "test_data",
"key": "sRqhFPdudA9s8qtVqgixHXyU8ubbYhrCBttC8amLdMwkxeZHskseNXyCRe4eXRxP"
}'curl -X POST \
http://localhost:8080/user \
-H 'Content-Type: application/json' \
-d '{
"id": "test_user",
"description": "Test User non-admin",
"display_name": "Test User",
"active": true,
"sysop": false,
"password": "eWidL7UtiWJABHgn8WAv8MWbqNKjHUqhNC7ZaWotEFKYNrLvzAwwCXC9eskPFJoY",
"sections_all": false,
"sections": ["api", "config", "data"],
"accounts": ["test"],
"admin_accounts": []
}'curl -X GET http://localhost:8080/user/test_usercurl -X POST \
http://localhost:8080/searchUsers \
-d '{
"query": {
"match_all": {}
}
}'curl -X POST \
http://localhost:8080/authUser \
-H 'Content-Type: application/json' \
-d '{
"id": "test_user",
"password": "eWidL7UtiWJABHgn8WAv8MWbqNKjHUqhNC7ZaWotEFKYNrLvzAwwCXC9eskPFJoY"
}'# first get a token
TOKEN=$(curl -s -X POST \
http://localhost:8080/authUser?raw=true \
-d '{
"id": "test_user",
"password": "eWidL7UtiWJABHgn8WAv8MWbqNKjHUqhNC7ZaWotEFKYNrLvzAwwCXC9eskPFJoY"
}') && echo $TOKEN
# check for basic access
curl -X POST \
http://localhost:8080/userHasAccess \
-H "Authorization: Bearer $TOKEN" \
-d '{
"sections": ["api"],
"accounts": ["test"]
}'
# check for admin access
curl -X POST \
http://localhost:8080/userHasAdminAccess \
-H "Authorization: Bearer $TOKEN" \
-d '{
"sections": ["api"],
"accounts": ["test"]
}'curl -X POST \
http://localhost:8080/asset \
-H 'Content-Type: application/json' \
-d '{
"id": "test-unique-asset-id-12345",
"description": "A unique asset in the system.",
"display_name": "Asset 12345",
"active": true,
"asset_class": "iot_device",
"routes": [
{ "account_id": "test", "model_id": "device_details", type: "system" },
{ "account_id": "test", "model_id": "device_location", type: "account" }
]
}'curl -X GET http://localhost:8080/asset/test-unique-asset-id-12345curl -X POST \
http://localhost:8080/searchAssets \
-H 'Content-Type: application/json' \
-d '{
"query": {
"match_all": {}
}
}'Build test release:
goreleaser --skip-publish --rm-dist --skip-validateBuild and release:
GITHUB_TOKEN=$GITHUB_TOKEN goreleaser --rm-dist