I hope this helps. We are working on deploying some of the Generic Enablers, included IdM, Wilma PEP and Orion among others using docker and docker-compose.
This environment, called Fiware-devguide-APP is actually under construction, but you can test's the environment (already working) and also check our configuration here.
We are updating all the documentation!
For this, we have the images here.
Docker and docker-compose are required.
If you already have them, to start all the apps integrated in Devguide, you just have to clone the repository:
git clone https://github.com/Bitergia/fiware-devguide-app.git
And then run docker-compose using the .yml
file in the fiware-devguide-app/docker/compose:
docker-compose -f docker-compose.yml up -d
So you will have up all the containers! Finally, add the ip of the devguide container (compose_devguide_1) to your /etc/hosts
and you will be able to browse it :)
Explanation:
We've went through several configurations for this. I assume you are interested in IdM and Wilma PEP, so here it goes what we did:
We've installed a IdM GE from the scratch providing the users, roles, and permissions desired. Here you can find what we added at test_data
method:
Note that all those provision could have been done also using Keystone REST API
Also here you can find the Dockerfile i.e. how it has been installed.
We've installed an Authzforce for the role management as explained in the tour guide. You will need it as wilma-pep will send the PDP requests to validate requests against the resource protected.
Finally the PEP Wilma. Here you can find the configuration files.
How does it work?
Here goes the trick. Let's assume the env Authzforce (Access Control), IdM, PEP Wilma, Orion (the app to be protected) and the devguide. As we use docker-compose, all this steps are done almost at the same time! :)
In authzforce, we need to create a domain as stands in the documentation, and we do it here.
The script itself retrieves the domain ID and, it parses the config.js
file of the PEP Wilma in this line using the right path.
The config.js
is simple:
account_host
and keystone_host
are in the same container 'idm'. Docker-compose handle this by adding aliases to the /etc/hosts
of each container, which makes the process much easier and we don't need to handle the IP's ourselves.
app_host
and app_port
are the IP and port of the app to protect, in our case is 'orion'!
config.username
and config.password
. We've created a user 'pepproxy' in the provision we explained before, exactly here. (Note that this user must have domain roles
assigned in order to work, as done here).
- And the
azf
configuration, which contains also the 'authzforce' host and where the path is parsed as explained before.
Adding the authzforce configuration to IdM and PEP (i.e. domain)
Get an Oauth2 token as it explains here.
Finally, with this token and everything running, you can open the compose_devguide_1
. It has different resources that can be reached depending on the roles you have assigned at IdM. For example, 'user0@test.com' can access to all the resources, meanwhile the other one can access just to the restaurants.
Hope I was clear enough.
Best!