An authentication micro-service able to create tokens, check ACLs, delete expired tokens and much more.
- Create and manage users
- Create and manage groups
- Create and manage policies
- Create and store tokens
- External authentication with LDAP, Google and Microsoft
Launching wazo-auth
wazo-auth [--user <user>] --config-file <path/to/config/file>
Getting a token
curl -k -i -X POST -H 'Content-Type: application/json' -u "alice:alice" "http://localhost:9497/0.1/token" -d '{}'
Retrieving token data
curl -k -i -X GET -H 'Content-Type: application/json' "http://localhost:9497/0.1/token/${TOKEN}"
In order to be able to create users, groups and policies you have to be authenticated. The bootstrap process allows the administrator to create a first user with the necessary rights to be able to add other users.
We create the initial credentials. The username and password can then be used
to create a token with the #
acl. This can be done using the
wazo-auth-bootstrap
command.
wazo-auth-bootstrap complete
This script will create a configuration file named /root/.config/wazo-auth-cli/050-credentials.yml
containing all necessary information to be used from the wazo-auth-cli
.
The wazoplatform/wazo-auth image can be built using the following command:
docker build -t wazoplatform/wazo-auth .
The wazoplatform/wazo-auth-db image can be built using the following command:
docker build -f contribs/docker/Dockerfile-db -t wazoplatform/wazo-auth-db .
The default configuration file is located in /etc/wazo-auth/config.yml
. As with all other Wazo
services, it can be overridden (and should only be overridden this way) with YAML files located in
/etc/wazo-auth/conf.d/
.
To enable the users registration (/users/register
) API endpoint, add a file containing the following
lines to the /etc/wazo-auth/conf.d
directory and restart wazo-auth
enabled_http_plugins:
user_registration: true
If you need to profile an API to understand why it is slow, you can use the
setting profiling_enabled: true
, or enable it live with PATCH /0.1/config
.
When profiling is enabled, the profiles will be logged in /tmp/wazo-profiling
,
one file per request. Profiles are Python profiles from the module cProfile
.
Profiles can then be analyzed with CLI or GUI tools like snakeviz
.
apt-get install libldap2-dev libpq-dev python-dev libffi-dev libyaml-dev libsasl2-dev
pip install tox
tox --recreate -e py39
tox -e integration
It is possible to test wazo-auth with ab.
- ab
apt-get update && apt-get install apache2-utils
With the following content in /tmp/body.json
{}
ab -n1000 -c25 -A 'alice:alice' -p /tmp/body.json -T 'application/json' "http://localhost:9497/0.1/token"
This line will start 25 process creating 1000 tokens with the username and password alice alice
Performance tests are similar to integration tests and may be added to integration_tests/performance_suite
.
Integration/performance tests may be used to profile specific API endpoints. To do so:
with self.profiling_enabled():
result = self.client.tenants.list(...)
This will enable the configuration option profiling_enabled
in the service
and produce profiling files in /tmp/wazo-profiling
on the container and in
/tmp/wazo-profiling-*
on the host filesystem.
The output directory for profile files in tests can be configured with the
env variable WAZO_TEST_PROFILING_DIR
.
The profile files can then be analyzed with visual tools like snakeviz
.
If you ever need help from the Wazo Platform community, the following resources are available:
You can learn more on how to contribute in the Wazo Platform documentation.