Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/teragrep/pth_05

Authorization scheme for Teragrep archive
https://github.com/teragrep/pth_05

authorization s3 s3-api s3-gateway teragrep

Last synced: 2 months ago
JSON representation

Authorization scheme for Teragrep archive

Awesome Lists containing this project

README 

          
= pth_05



== Functionality



pth_05 receives requests for OBJ-01 access via S3 protocol.

Requests are authenticated using credentials.json gathered by tool provided in the HDP-01 package.

Requested object path is then processed to determine host and tag parts of the object.

Host and tag is used to resolve index by searching the CFE-12 lookup files.

Request proceeds to authorization stage if index is found from the lookups.

Requests are authorized using authorize.json (generated by pth_05 provided generate_index_mapping.py tool) which contains index to unix group mappings.

Intersection is calculated by using the two sets of groups, one which are member of the index and the other which the identity is member of.

Request is accepted if any groups intersect within the two sets.



== Usage

pth_05 is a micro-service which can be deployed via RPM or a container. Only RPM

instructions are provided currently. However the Dockerfile shows what is to be

configured in order to get the container up and running as well.



=== Installation

pth_05 can be installed via the rpm package as follows:

[source,bash]

----

yum install pth_05.rpm

----



=== Configuration



==== Data files

pth_05 requires following data available:



* lookup-files

* authorize.json

* credentials.json



Lookup-files are sourced from CFE-12. Authorize.json-file can be generated with

the provided generate_index_mapping.py which ingests CFE-04 related

authorize.conf format. Credentials.json-file is produced by HDP-01 version 1.2.0

or greater.



All of the files can be hand crafted and examples are provided within the RPM.



==== Execution



Properties file configures the execution of pth_05 and is located at path:

/opt/teragrep/pth_05/etc/pth_05.properties



[source,properties]

----

pth_05.endpoint=http://127.0.0.1:8080

pth_05.credentials.file=/opt/teragrep/pth_05/etc/credentials.json

pth_05.authorize.file=/opt/teragrep/pth_05/etc/authorize.json

pth_05.lookup.path=/opt/teragrep/pth_05/etc/lookup

jclouds.provider=s3

jclouds.identity=xxxxxxxxxxxxxxxxxxxx

jclouds.credential=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

jclouds.endpoint=https://s3.domain.tld

----

Information about the variables



pth_05 specific:



* pth_05.endpoint configures the address which the pth_05 listens at.

* pth_05.credentials.file is a path to the credentials.json-file.

* pth_05.authorize.file is a path to the authorize.json-file.

* pth_05.lookup.path is a path to the lookup directory.



JClouds common:



* jclouds.provider configures which type of a service is proxied to. Use "s3".

* jclouds.identity configures the identity to the proxied target.

* jclouds.credential configures the credential to the proxied target.

* jclouds.endpoint configures the location to the proxied target.



==== Memory settings



Run `systemctl edit --full pth_05` to edit the memory settings. Currently the default values are:



`-Xms512m`



`-Xmx1024m`



==== JMX



Run `systemctl edit --full pth_05` and add the following to enable JMX:



[systemctl edit --full pth_05]

----

    -Dcom.sun.management.jmxremote \

    -Dcom.sun.management.jmxremote.port=9996 \

    -Dcom.sun.management.jmxremote.authenticate=false \

    -Dcom.sun.management.jmxremote.ssl=false \

----



==== Logging



pth_05 uses Logback to configure logging. Log configuration is at path:

/opt/teragrep/pth_05/etc/logback.xml



=== Running

pth_05 is shipped with systemd service descriptor file and therefore is

available as a systemd-unit.

[source,bash]

----

systemctl enable pth_05.service

systemctl start pth_05.service

----



=== Adding extra jars to classpath

Simply drop extra jars that might be required by logback configuration to `/opt/teragrep/pth_05/share/`



== Build Artifacts

JAR

RPM

Container