Merge pull request #83 from ARGOeu/devel

1st Release of argo-api-authn

.gitignore

@@ -0,0 +1,5 @@
+.idea
+.DS_STORE
+argo-api-authn
+ams-create-users-gocdb.cfg
+config.json

.travis.yml

@@ -0,0 +1,3 @@
+language: go
+go:
+ - 1.10

Gopkg.toml

@@ -0,0 +1,51 @@
+# Gopkg.toml example
+#
+# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#   name = "github.com/x/y"
+#   version = "2.4.0"
+#
+# [prune]
+#   non-go = false
+#   go-tests = true
+#   unused-packages = true
+
+
+[[constraint]]
+  branch = "v2"
+  name = "gopkg.in/mgo.v2"
+
+[prune]
+  go-tests = true
+  unused-packages = true
+
+[[constraint]]
+  name = "github.com/gorilla/mux"
+  version = "1.6.1"
+
+[[constraint]]
+  name = "github.com/gorilla/handlers"
+  version = "1.3.0"
+
+[[constraint]]
+  name = "github.com/stretchr/testify"
+  version = "1.2.1"
+
+[[constraint]]
+  name = "github.com/satori/go.uuid"
+  version = "1.2.0"
+

LICENSE

@@ -0,0 +1,13 @@
+   Copyright (c) 2018 GRNET S.A.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

Makefile

@@ -0,0 +1,31 @@
+PKGNAME=argo-api-authn
+SPECFILE=${PKGNAME}.spec
+SHELL=bash
+PKGVERSION = $(shell grep -s '^Version:' $(SPECFILE) | sed -e 's/Version: *//')
+TMPDIR := $(shell mktemp -d /tmp/${PKGNAME}.XXXXXXXXXX)
+GOPATH := $(shell mktemp -d /tmp/go.XXXXXXXXXX)
+APPDIR := ${CURDIR}
+GOFILES_NOVENDOR = $(shell go list ./... | grep -v '/vendor/' | sed -e 's/_\/usr\/src\/myapp/./g')
+
+sources:
+	mkdir -p ${TMPDIR}/${PKGNAME}-${PKGVERSION}/src/github.com/ARGOeu/argo-api-authn
+	cp -rp . ${TMPDIR}/${PKGNAME}-${PKGVERSION}/src/github.com/ARGOeu/argo-api-authn
+	cd ${TMPDIR} && tar czf ${PKGNAME}-${PKGVERSION}.tar.gz ${PKGNAME}-${PKGVERSION}
+	mv ${TMPDIR}/${PKGNAME}-${PKGVERSION}.tar.gz .
+	if [[ ${TMPDIR} == /tmp* ]]; then rm -rf ${TMPDIR} ;fi
+
+go-build-linux-static:
+	mkdir -p ${GOPATH}/src/github.com/ARGOeu/argo-api-authn
+	cp -R . ${GOPATH}/src/github.com/ARGOeu/argo-api-authn
+	cd ${GOPATH}/src/github.com/ARGOeu/argo-api-authn && \
+	CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ${APPDIR}/argo-api-authn-linux-static . &&\
+	chown ${hostUID} ${APPDIR}/argo-api-authn-linux-static
+
+go-test:
+	mkdir -p ${GOPATH}/src/github.com/ARGOeu/argo-api-authn
+	cp -R . ${GOPATH}/src/github.com/ARGOeu/argo-api-authn
+	cd ${GOPATH}/src/github.com/ARGOeu/argo-api-authn && \
+	go get github.com/axw/gocov/... && \
+	go get github.com/AlekSi/gocov-xml && \
+	${GOPATH}/bin/gocov test ${GOFILES_NOVENDOR} | ${GOPATH}/bin/gocov-xml > ${APPDIR}/coverage.xml &&\
+	chown ${hostUID} ${APPDIR}/coverage.xml

README.md

@@ -1,2 +1,121 @@
-# argo-api-authn
-Authentication Server for ARGO API(s)
+# Argo Api Authn
+
+<img src="https://jenkins.argo.grnet.gr/static/3c75a153/images/headshot.png" alt="Jenkins" width="25"/> [![Build Status](https://jenkins.argo.grnet.gr/job/argo-api-authn_devel/badge/icon)](https://jenkins.argo.grnet.gr/job/argo-api-authn_devel)
+
+Authentication Service for ARGO API(s)
+
+
+## Description
+
+The purpose of the Authentication Service is to provide the ability to different services to use alternative authentication mechanisms without having to store additional user info or implement new functionalities.The AUTH service holds various information about a service’s users, hosts, API urls, etc, and leverages them to provide its functionality. 
+
+## Perquisites
+
+Before you start, you need to issue a valid certificate.
+
+## Set Up
+
+1. Install Golang 1.10
+2. Create a new work space:
+
+      `mkdir ~/go-workspace`
+
+      `export GOPATH=~/go-workspace`
+
+      `export PATH=$PATH:$GOPATH/bin`
+
+     You may add the last `export` line into the `~/.bashrc`, `/.zshrc` or the `~/.bash_profile` file to have `GOPATH` environment variable properly setup upon every login.
+
+3. Get the latest version
+
+      `go get github.com/ARGOeu/argo-api-authn`
+
+4. Get dependencies(If you plan on contributing to the project else skip this step):
+
+   Argo-api-authN uses the dep tool for dependency handling.
+
+    - Install the dep tool. You can find instructions depending on your platform at [Dep](https://github.com/golang/dep).
+
+5. To build the service use the following command:
+
+      `go build`
+
+6. To run the service use the following command:
+
+      `./argo-api-authn` (This assumes that there is a valid configuration file at `/etc/argo-api-authn/conf.d/argo-api-authn-config.json`).
+
+      Else
+
+      `./argo-api-authn --config /path/to/a/json/config/file`
+
+7. To run the unit-tests:
+
+    Inside the project's folder issue the command:
+
+      `go test $(go list ./... | grep -v /vendor/)`
+
+ 8. Install mongoDB
+
+
+ ## Configuration
+
+ The service depends on a configuration file in order to be able to run.This file contains the following information:
+
+ ```json
+ {
+   "service_port":8080,
+   "mongo_host":"mongo_host",
+   "mongo_db":"mongo database",
+   "certificate_authorities":"/path/to/cas/certificates/",
+   "certificate":"/path/to/cert/localhost.crt",
+   "certificate_key":"/path/to/key/localhost.key",
+   "service_token": "some-token",
+   "supported_auth_types": ["x509"],
+   "supported_auth_methods": ["api-key"],
+   "supported_service_types": ["ams"],
+   "verify_ssl": true,
+   "trust_unknown_cas": false,
+   "verify_certificate": true,
+   "service_types_paths": {"ams": "/v1/users:byUUID/{{identifier}}?key={{access_key}}"},
+   "service_types_retrieval_fields": {"ams": "token"}
+ }
+ ```
+
+ ## Important Notes
+It is important to notice that since we need to verify the provided certificate’s hostname, 
+the client has to make sure that both Forward and  Reverse DNS lookup on the client is correctly setup 
+and that the hostname  corresponds to the certificate used.  For both IPv4 and IPv6  (if used) 
+
+ ### Common errors
+ - Executing a request using IPv6 without having a properly configured reverse DNS.
+ ```json
+ {
+ "error": {
+  "message": "lookup *.*.*.*.*.*..... .ip6.arpa. on <ip from where the client executed the request>: no such host",
+  "code": 400,
+  "status": "BAD REQUEST"
+   }
+ }
+```
+- Executing a request from a host that is not registered on the certificate.
+
+A common case for this error is to have the FQDN registered on the certificate 
+but a reverse dns look up returns another hostname for the client from where the request was executed. 
+```json
+{
+ "error": {
+  "message": "x509: certificate is valid for host1, host2, not host3.",
+  "code": 403,
+  "status": "ACCESS_FORBIDDEN"
+ }
+}
+```
+ ## Helpful Utilities
+ You can find various utility scripts to help you get up and running the service inside the
+ repo's `bin` folder. You can also find the respective documentation for the scripts inside the `docs` folder.
+
+## Feature Milestones
+
+- Add support for authenticating with external services through x-api-key header.
+- Add default configuration for interacting easier with the [argo-web-api](https://github.com/ARGOeu/argo-web-api).
+- Add support for using OIDC tokens as an alternative authentication mechanism.

argo-api-authn.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=ARGO Authentication Service
+Requires=mongod.service
+
+[Service]
+SyslogIdentifier=argo_api_authn
+User=argo-api-authn
+Group=argo-api-authn
+WorkingDirectory=/var/www/argo-api-authn
+ExecStart=/bin/bash -c '/var/www/argo-api-authn/argo-api-authn'
+
+[Install]
+WantedBy=multi-user.target