Add Kong section

Author: actions-user

.env

@@ -27,6 +27,9 @@ KEYROCK_HTTPS_PORT=3443
 MYSQL_DB_VERSION=8.0
 MYSQL_DB_PORT=3306
 
-# PEP Proxy variables
+# Wilma PEP Proxy variables
 WILMA_VERSION=8.3.0-distroless
-ORION_PROXY_PORT=1027
+ORION_PROXY_PORT=1027
+
+# Kong PEP Proxy variables
+KONG_VERSION=0.4.0

README.md

@@ -0,0 +1,244 @@
+# WARNING: Do not deploy this tutorial configuration directly to a production environment
+#
+# The tutorial docker-compose files have not been written for production deployment and will not 
+# scale. A proper architecture has been sacrificed to keep the narrative focused on the learning 
+# goals, they are just used to deploy everything onto a single Docker machine. All FIWARE components 
+# are running at full debug and extra ports have been exposed to allow for direct calls to services. 
+# They also contain various obvious security flaws - passwords in plain text, no load balancing,
+# no use of HTTPS and so on. 
+# 
+# This is all to avoid the need of multiple machines, generating certificates, encrypting secrets
+# and so on, purely so that a single docker-compose file can be read as an example to build on, 
+# not use directly. 
+# 
+# When deploying to a production environment, please refer to the Helm Repository
+# for FIWARE Components in order to scale up to a proper architecture:
+# 
+# see: https://github.com/FIWARE/helm-charts/
+#
+version: "3.8"
+services:
+  # Orion is the context broker
+  orion:
+    labels:
+      org.fiware: 'tutorial'
+    image: fiware/orion:${ORION_VERSION}
+    hostname: orion
+    container_name: fiware-orion
+    depends_on:
+      - mongo-db
+    networks:
+      default:
+        ipv4_address: 172.18.1.9
+    expose:
+      - "${ORION_PORT}"
+    ports:
+      - "${ORION_PORT}:${ORION_PORT}" # localhost:1026
+    command: -dbhost mongo-db -logLevel DEBUG
+    healthcheck:
+      test: curl --fail -s http://orion:${ORION_PORT}/version || exit 1
+      interval: 15s
+
+  # IoT-Agent is configured for the UltraLight Protocol
+  iot-agent:
+    labels:
+      org.fiware: 'tutorial'
+    image: fiware/iotagent-ul:${ULTRALIGHT_VERSION}
+    hostname: iot-agent
+    container_name: fiware-iot-agent
+    depends_on:
+      - mongo-db
+      - orion
+    networks:
+      - default
+    ports:
+      - "${IOTA_NORTH_PORT}:${IOTA_NORTH_PORT}" # localhost:4041
+      - "${IOTA_SOUTH_PORT}:${IOTA_SOUTH_PORT}" # localhost:7896
+    environment:
+      - IOTA_CB_HOST=orion # name of the context broker to update context
+      - IOTA_CB_PORT=${ORION_PORT} # port the context broker listens on to update context
+      - IOTA_NORTH_PORT=${IOTA_NORTH_PORT}
+      - IOTA_REGISTRY_TYPE=mongodb #Whether to hold IoT device info in memory or in a database
+      - IOTA_LOG_LEVEL=DEBUG # The log level of the IoT Agent
+      - IOTA_TIMESTAMP=true # Supply timestamp information with each measurement
+      - IOTA_CB_NGSI_VERSION=v2 # use NGSIv2 when sending updates for active attributes
+      - IOTA_AUTOCAST=true # Ensure Ultralight number values are read as numbers not strings
+      - IOTA_MONGO_HOST=mongo-db # The host name of MongoDB
+      - IOTA_MONGO_PORT=${MONGO_DB_PORT} # The port mongoDB is listening on
+      - IOTA_MONGO_DB=iotagentul # The name of the database used in mongoDB
+      - IOTA_HTTP_PORT=${IOTA_SOUTH_PORT} # The port used for device traffic over HTTP
+      - IOTA_PROVIDER_URL=http://iot-agent:${IOTA_NORTH_PORT}
+    healthcheck:
+      interval: 15s
+
+
+  # Keyrock is an Identity Management Front-End
+  keyrock:
+    labels:
+      org.fiware: 'tutorial'
+    image: fiware/idm:${KEYROCK_VERSION}
+    container_name: fiware-keyrock
+    hostname: keyrock
+    networks:
+      default:
+        ipv4_address: 172.18.1.5
+    depends_on:
+      - mysql-db
+    ports:
+      - "${KEYROCK_PORT}:${KEYROCK_PORT}" # localhost:3005
+    environment:
+      - DEBUG=idm:*
+      - IDM_DB_HOST=mysql-db
+      - IDM_DB_PASS_FILE=/run/secrets/my_secret_data
+      - IDM_DB_USER=root
+      - IDM_HOST=http://localhost:${KEYROCK_PORT}
+      - IDM_PORT=${KEYROCK_PORT}
+      - IDM_HTTPS_ENABLED=${IDM_HTTPS_ENABLED}
+      - IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}
+      - IDM_ADMIN_USER=alice
+      - IDM_ADMIN_EMAIL=alice-the-admin@test.com
+      - IDM_ADMIN_PASS=test
+      - IDM_CSP_FORM_ACTION=*
+    secrets:
+      - my_secret_data
+    healthcheck:
+      interval: 5s
+
+
+  # PEP Proxy for Orion
+  kong-api-gateway:
+    labels:
+      org.fiware: 'tutorial'
+    image: quay.io/fiware/kong:${KONG_VERSION}
+    container_name: fiware-orion-kong
+    hostname: orion-proxy
+    networks:
+      default:
+        ipv4_address: 172.18.1.10
+    depends_on:
+      keyrock:
+        condition: service_started
+    deploy:
+      restart_policy:
+        condition: on-failure
+    ports:
+      - "8000:8000/tcp"
+    environment:
+      - KONG_DATABASE=off
+      - KONG_DECLARATIVE_CONFIG=/etc/kong/kong.yaml
+      - KONG_PLUGINS=bundled,pep-plugin
+      - KONG_PLUGINSERVER_NAMES= pep-plugin
+      - "KONG_PLUGINSERVER_PEP_PLUGIN_QUERY_CMD=/go-plugins/pep-plugin -dump"
+      - "KONG_PLUGINSERVER_PEP_PLUGIN_START_CMD=/go-plugins/pep-plugin"
+      - KONG_LOG_LEVEL=debug
+
+    volumes:
+      - ../kong/kong.yaml:/etc/kong/kong.yaml
+    
+
+  # Tutorial acts as a series of dummy IoT Sensors over HTTP
+  tutorial:
+    labels:
+      org.fiware: 'tutorial'
+    image: fiware/tutorials.context-provider
+    hostname: iot-sensors
+    container_name: fiware-tutorial
+    depends_on:
+      iot-agent:
+        condition: service_started
+      keyrock:
+        condition: service_started
+    networks:
+      default:
+        ipv4_address: 172.18.1.7
+        aliases:
+          - tutorial
+          - context-provider
+    expose:
+      - "${TUTORIAL_APP_PORT}"
+      - "${TUTORIAL_DUMMY_DEVICE_PORT}"
+    ports:
+      - "${TUTORIAL_APP_PORT}:${TUTORIAL_APP_PORT}" # localhost:3000
+      - "${TUTORIAL_DUMMY_DEVICE_PORT}:${TUTORIAL_DUMMY_DEVICE_PORT}" # localhost:3001
+    environment:
+      - "MONGO_URL=mongodb://mongo-db:27017"
+      - "DEBUG=tutorial:*"
+      - "WEB_APP_PORT=${TUTORIAL_APP_PORT}" # Port used by the content provider proxy and web-app for viewing data
+      - "IOTA_HTTP_HOST=iot-agent"
+      - "IOTA_HTTP_PORT=${IOTA_SOUTH_PORT}"
+      - "IOTA_DEFAULT_RESOURCE=/iot/d"
+      - "DUMMY_DEVICES_PORT=${TUTORIAL_DUMMY_DEVICE_PORT}" # Port used by the dummy IOT devices to receive commands
+      - "DUMMY_DEVICES_TRANSPORT=HTTP" # Default transport used by dummy Io devices
+      - "CONTEXT_BROKER=http://orion-proxy:${ORION_PROXY_PORT}/v2" # URL of the PEP Proxy to update context
+      - "OPENWEATHERMAP_KEY_ID=<ADD_YOUR_KEY_ID>"
+      - "TWITTER_CONSUMER_KEY=<ADD_YOUR_CONSUMER_KEY>"
+      - "TWITTER_CONSUMER_SECRET=<ADD_YOUR_CONSUMER_SECRET>"
+      - "NGSI_LD_PREFIX="
+      - "SECURE_ENDPOINTS=true"
+      - "KEYROCK_URL=http://localhost"
+      - "KEYROCK_IP_ADDRESS=http://172.18.1.5"
+      - "KEYROCK_PORT=${KEYROCK_PORT}"
+      - "KEYROCK_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp"
+      - "KEYROCK_CLIENT_SECRET=tutorial-dckr-site-0000-clientsecret"
+      - "CALLBACK_URL=http://localhost:${TUTORIAL_APP_PORT}/login"
+
+
+
+  # Databases
+  mongo-db:
+    labels:
+      org.fiware: 'tutorial'
+    image: mongo:${MONGO_DB_VERSION}
+    hostname: mongo-db
+    container_name: db-mongo
+    expose:
+      - "${MONGO_DB_PORT}"
+    ports:
+      - "${MONGO_DB_PORT}:${MONGO_DB_PORT}" # localhost:27017
+    networks:
+      - default
+    volumes:
+      - mongo-db:/data
+    healthcheck:
+      test: |
+        host=`hostname --ip-address || echo '127.0.0.1'`; 
+        mongo --quiet $host/test --eval 'quit(db.runCommand({ ping: 1 }).ok ? 0 : 2)' && echo 0 || echo 1
+      interval: 5s
+    
+
+  mysql-db:
+    restart: always
+    labels:
+      org.fiware: 'tutorial'
+    image: mysql:${MYSQL_DB_VERSION}
+    hostname: mysql-db
+    container_name: db-mysql
+    expose:
+      - "${MYSQL_DB_PORT}"
+    ports:
+      - "${MYSQL_DB_PORT}:${MYSQL_DB_PORT}" # localhost:3306
+    networks:
+      default:
+        ipv4_address: 172.18.1.6
+    environment:
+      - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data"
+      - "MYSQL_ROOT_HOST=172.18.1.5" # Allow Keyrock to access this database
+    volumes:
+      - mysql-db:/var/lib/mysql
+      - ../mysql-data:/docker-entrypoint-initdb.d/:ro
+    secrets:
+      - my_secret_data
+networks:
+  default:
+    labels:
+      org.fiware: 'tutorial'
+    ipam:
+      config:
+        - subnet: 172.18.1.0/24
+volumes:
+  mysql-db: ~
+  mongo-db: ~
+
+secrets:
+  my_secret_data:
+    file: ../secrets.txt

docker-compose/northport.yml docker-compose/northport-wilma.ymldocker-compose/northport.yml renamed to docker-compose/northport-wilma.yml

@@ -107,7 +107,6 @@ services:
 
   # PEP Proxy for Orion
   orion-proxy:
-    #image: pep-slim
     labels:
       org.fiware: 'tutorial'
     image: fiware/pep-proxy:${WILMA_VERSION}

docker-compose/orion-kong.yml

@@ -0,0 +1,20 @@
+_format_version: "2.1"
+_transform: true
+
+services:
+  - host: "orion"
+    name: "orion-oidc"
+    port: 1026
+    protocol: http
+    routes:
+      - name: orion-oidc
+        paths:
+          - /orion
+        strip_path: true
+    plugins:
+      - name: pep-plugin
+        config:
+          authorizationendpointtype: Keyrock
+          authorizationendpointaddress: http://keyrock:3005/user/
+          keyrockappid: tutorial-dckr-site-0000-xpresswebapp
+          pathprefix: /orion

docker-compose/orion.yml docker-compose/orion-wilma.ymldocker-compose/orion.yml renamed to docker-compose/orion-wilma.yml

@@ -319,7 +319,7 @@ INSERT INTO `oauth_client` VALUES
 ('tutorial-dckr-site-0000-xpresswebapp','FIWARE Tutorial',
   'FIWARE Application protected by OAuth2 and Keyrock',  'tutorial-dckr-site-0000-clientsecret',
   'http://localhost:3000','http://localhost:3000/login',NULL,'default',
-  'authorization_code,implicit,password,client_credentials,refresh_token','code',NULL,NULL,NULL,'bearer,permanent', NULL),
+  'authorization_code,implicit,password,client_credentials,refresh_token','code',NULL,NULL,NULL,'bearer,jwt,permanent', '51129f085f3e1a80'),
 ('trusted-dckr-app-0000-000000000000','Trusted Application',
   'Second application protected by OAuth2 and Keyrock','trusted-dckr-app-0000-clientsecret',
   '','',NULL,'default',
@@ -491,7 +491,8 @@ INSERT INTO `permission` VALUES
 ('increase-stck-0000-0000-000000000000','Order Stock','Increase Stock Count',0,'GET','/app/order-stock',NULL,'tutorial-dckr-site-0000-xpresswebapp',0,NULL,0,NULL,NULL,NULL),
 ('entrance-open-0000-0000-000000000000','Unlock','Unlock main entrance',0,'POST','/door/unlock',NULL,'tutorial-dckr-site-0000-xpresswebapp',0,NULL,0,NULL,NULL,NULL),
 ('alrmbell-ring-0000-0000-000000000000','Ring Alarm Bell',NULL,0,'POST','/bell/ring',NULL,'tutorial-dckr-site-0000-xpresswebapp',0,NULL,0,NULL,NULL,NULL),
-('pricechg-stck-0000-0000-000000000000','Access Price Changes',NULL,0,'GET','/app/price-change',NULL,'tutorial-dckr-site-0000-xpresswebapp',0,NULL,0,NULL,NULL,NULL);
+('pricechg-stck-0000-0000-000000000000','Access Price Changes',NULL,0,'GET','/app/price-change',NULL,'tutorial-dckr-site-0000-xpresswebapp',0,NULL,0,NULL,NULL,NULL),
+('orion-context-0000-0000-000000000000','Access Context Broker',NULL,0,'GET','\/v2\/entities(\/|$).*',NULL,'tutorial-dckr-site-0000-xpresswebapp',1,NULL,0,NULL,NULL,NULL);
 /*!40000 ALTER TABLE `permission` ENABLE KEYS */;
 UNLOCK TABLES;
 
@@ -605,7 +606,9 @@ INSERT INTO `role_permission` VALUES
 (9,'security-role-0000-0000-000000000000','entrance-open-0000-0000-000000000000'),
 (10,'managers-role-0000-0000-000000000000','alrmbell-ring-0000-0000-000000000000'),
 (11,'managers-role-0000-0000-000000000000','increase-stck-0000-0000-000000000000'),
-(12,'managers-role-0000-0000-000000000000','pricechg-stck-0000-0000-000000000000');
+(12,'managers-role-0000-0000-000000000000','pricechg-stck-0000-0000-000000000000'),
+(13,'security-role-0000-0000-000000000000','orion-context-0000-0000-000000000000'),
+(14,'managers-role-0000-0000-000000000000','orion-context-0000-0000-000000000000');
 
 
 

docker-compose/southport.yml docker-compose/southport-wilma.ymldocker-compose/southport.yml renamed to docker-compose/southport-wilma.yml

@@ -133,13 +133,13 @@ startContainers () {
 stoppingContainers () {
 	export $(cat .env | grep "#" -v)
 	echo "Stopping running containers"
-	${dockerCmd} -f docker-compose/southport.yml down -v --remove-orphans
+	${dockerCmd} -f docker-compose/southport-wilma.yml down -v --remove-orphans
 }
 
 command="$1"
 case "${command}" in
 	"help")
-        echo "usage: services [create|orion|northport]"
+        echo "usage: services [create|orion|orion-wilma|orion-kong|northport]"
         ;;
     "orion")
 		stoppingContainers
@@ -149,7 +149,25 @@ case "${command}" in
 		echo -e "- \033[1mTutorial\033[0m acts as a series of dummy IoT Sensors over HTTP"
 		echo -e "- \033[1;31mKeyrock\033[0m is an Identity Management Front-End"
 		echo -e "- \033[1;31mWilma\033[0m is a PEP Proxy around \033[1;34mOrion\033[0m"
-		startContainers false orion.yml
+		startContainers false orion-wilma.yml
+		waitForKeyrock
+		export ORION_URL="http://orion:1026"
+		waitForMongo
+		addDatabaseIndex
+		waitForOrion
+		loadData
+		displayServices
+		echo -e "Now open \033[4mhttp://localhost:3000\033[0m"
+		;;
+	"orion-kong")
+		stoppingContainers
+		echo -e "Starting containers: \033[1;34mOrion\033[0m, \033[1;36mIoT-Agent\033[0m, \033[1;31mKeyrock\033[0m, \033[1;31mKong\033[0m, \033[1mTutorial\033[0m and \033[1mMongoDB\033[0m and \033[1mMySQL\033[0m databases."
+		echo -e "- \033[1;34mOrion\033[0m is the context broker"
+		echo -e "- \033[1;36mIoT-Agent\033[0m is configured for the UltraLight Protocol"
+		echo -e "- \033[1mTutorial\033[0m acts as a series of dummy IoT Sensors over HTTP"
+		echo -e "- \033[1;31mKeyrock\033[0m is an Identity Management Front-End"
+		echo -e "- \033[1;31mKong\033[0m is a PEP Proxy around \033[1;34mOrion\033[0m"
+		startContainers false orion-kong.yml
 		waitForKeyrock
 		export ORION_URL="http://orion:1026"
 		waitForMongo
@@ -167,7 +185,7 @@ case "${command}" in
 		echo -e "- \033[1mTutorial\033[0m acts as a series of dummy IoT Sensors over HTTP"
 		echo -e "- \033[1;31mKeyrock\033[0m is an Identity Management Front-End"
 		echo -e "- 2 instances of \033[1;31mWilma\033[0m as a PEP Proxy around \033[1;34mOrion\033[0m and between the Devices and \033[1;36mIoT-Agent\033[0m Southport"
-		startContainers false southport.yml
+		startContainers false southport-wilma.yml
 		waitForKeyrock
 		waitForMongo
 		addDatabaseIndex
@@ -184,7 +202,7 @@ case "${command}" in
 		echo -e "- \033[1mTutorial\033[0m acts as a series of dummy IoT Sensors over HTTP"
 		echo -e "- \033[1;31mKeyrock\033[0m is an Identity Management Front-End"
 		echo -e "- \033[1;31mWilma\033[0m as a PEP Proxy between \033[1;34mOrion\033[0m and the \033[1;36mIoT-Agent\033[0m"
-		startContainers false northport.yml
+		startContainers false northport-wilma.yml
 		waitForKeyrock
 		export ORION_URL="http://orion-proxy:1027" 
 		waitForMongo
@@ -206,15 +224,19 @@ case "${command}" in
 	"start")
 		./services orion $2
 		;;
+	"orion-wilma")
+		./services orion $2
+		;;
 	"create")
 		export $(cat .env | grep "#" -v)
 		echo "Pulling Docker images"
 		docker pull curlimages/curl
 		${dockerCmd} -f docker-compose/orion.yml  pull
+		${dockerCmd} -f docker-compose/kong.yml  pull
 		;;
 	*)
 		echo "Command not Found."
-		echo "usage: services [create|orion|southport|northport|stop]"
+		echo "usage: services [create|orion-wilma|orion-kong|southport|northport|stop]"
 		exit 127;
 		;;
 esac