Merge pull request #1 from go-ocf/moveRA

move RA to monolit repo

.dockerignore

@@ -0,0 +1,9 @@
+.git
+.github
+.gitignore
+.travis.yml
+Makefile
+Dockerfile
+README.md
+LICENSE
+renovate.json

.gitignore

@@ -4,12 +4,20 @@
 *.dll
 *.so
 *.dylib
+debug
+.tmp/
+authsvc.db
 
-# Test binary, built with `go test -c`
+# Test binary, build with `go test -c`
 *.test
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
+coverage.txt
+.codecov
 
-# Dependency directories (remove the comment below to include it)
-# vendor/
+#goland
+.idea/
+
+#vendor
+vendor/

.travis.yml

@@ -0,0 +1,18 @@
+language: minimal
+
+services:
+  - docker
+
+jobs:
+  include:
+    - stage: "Test"
+      if: type = pull_request
+      script:
+        - make test
+    - stage: "Test & Publish"
+      if: branch = master AND type != pull_request
+      script:
+        - make test
+        - bash <(curl -s https://codecov.io/bash)
+        - echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
+        - make push

.vscode/settings.json

@@ -0,0 +1,17 @@
+{
+    "cSpell.words": [
+        "Iotivity"
+    ],
+    "go.testEnvVars": {
+        "DIAL_ACME_CA_POOL":"${workspaceFolder}/.tmp/step-ca/data/certs/root_ca.crt",
+        "DIAL_ACME_DOMAINS":"localhost",
+		"DIAL_ACME_DIRECTORY_URL":"https://localhost:10443/acme/acme/directory",
+		"LISTEN_ACME_CA_POOL":"${workspaceFolder}/.tmp/step-ca/data/certs/root_ca.crt",
+        "LISTEN_ACME_DOMAINS":"localhost",
+        "LISTEN_ACME_DEVICE_ID":"adebc667-1f2b-41e3-bf5c-6d6eabc68cc6",
+        "LISTEN_ACME_DIRECTORY_URL":"https://localhost:10443/acme/acme/directory",
+        "TEST_COAP_GW_OVERWRITE_LISTEN_ACME_DIRECTORY_URL": "https://localhost:10443/acme/ocf.gw/directory",
+      //  "GOFLAGS":"-mod=vendor",
+    },
+    "go.testTimeout": "180s"
+}

Dockerfile

@@ -0,0 +1,5 @@
+FROM golang:1.13.5-alpine3.10 AS test-build
+RUN apk add --no-cache curl git build-base
+WORKDIR $GOPATH/src/github.com/go-ocf/cloud
+COPY . .
+RUN go mod download

Makefile

@@ -0,0 +1,92 @@
+SHELL = /bin/bash
+SIMULATOR_NAME_SUFFIX ?= $(shell hostname)
+
+SUBDIRS := resource-aggregate authorization resource-directory openapi-connector openapi-gateway coap-gateway grpc-gateway certificate-authority portal-webapi bundle
+.PHONY: $(SUBDIRS) push proto/generate clean build test env make-mongo make-nats make-ca test-build
+
+default: build
+
+make-ca:
+	docker pull ocfcloud/step-ca:vnext
+	if [ "${TRAVIS_OS_NAME}" == "linux" ]; then \
+		sudo sh -c 'echo net.ipv4.ip_unprivileged_port_start=0 > /etc/sysctl.d/50-unprivileged-ports.conf'; \
+		sudo sysctl --system; \
+	fi
+	mkdir -p ./.tmp/step-ca/data/secrets
+	echo "password" > ./.tmp/step-ca/data/secrets/password
+	docker run \
+		-it \
+		-v "$(shell pwd)"/.tmp/step-ca/data:/home/step --user $(shell id -u):$(shell id -g) \
+		ocfcloud/step-ca:vnext \
+		/bin/bash -c "step ca init -dns localhost -address=:10443 -provisioner=test@localhost -name test -password-file ./secrets/password && step ca provisioner add acme --type ACME && step ca provisioner add ocf.gw --type ACME"
+	docker run \
+		-d \
+		--network=host \
+		--name=step-ca-test \
+		-v /etc/nsswitch.conf:/etc/nsswitch.conf \
+		-v "$(shell pwd)"/.tmp/step-ca/data:/home/step --user $(shell id -u):$(shell id -g) \
+		ocfcloud/step-ca:vnext
+
+make-nats:
+	sleep 1
+	docker exec -it step-ca-test /bin/bash -c "mkdir -p certs/nats && step ca certificate localhost certs/nats/nats.crt certs/nats/nats.key --provisioner acme"
+	docker run \
+	    -d \
+		--network=host \
+		--name=nats \
+		-v $(shell pwd)/.tmp/step-ca/data/certs:/certs \
+		nats --tls --tlsverify --tlscert=/certs/nats/nats.crt --tlskey=/certs/nats/nats.key --tlscacert=/certs/root_ca.crt
+
+make-mongo:
+	sleep 1
+	mkdir -p $(shell pwd)/.tmp/mongo
+	docker exec -it step-ca-test /bin/bash -c "mkdir -p certs/mongo && step ca certificate localhost certs/mongo/mongo.crt certs/mongo/mongo.key --provisioner acme && cat certs/mongo/mongo.crt >> certs/mongo/mongo.key"
+	docker run \
+	    -d \
+		--network=host \
+		--name=mongo \
+		-v $(shell pwd)/.tmp/mongo:/data/db \
+		-v $(shell pwd)/.tmp/step-ca/data/certs:/certs --user $(shell id -u):$(shell id -g) \
+		mongo --tlsMode requireTLS --tlsCAFile /certs/root_ca.crt --tlsCertificateKeyFile certs/mongo/mongo.key
+
+env: clean make-ca make-nats make-mongo
+	docker build ./device-simulator --network=host -t device-simulator --target service
+	docker run -d --name=devsim --network=host -t device-simulator devsim-$(SIMULATOR_NAME_SUFFIX)
+
+test-build:
+	docker build \
+		--network=host \
+		--tag test-build \
+		.
+
+test: env test-build
+	docker run \
+		--network=host \
+		-v $(shell pwd)/.tmp/step-ca/data/certs/root_ca.crt:/root_ca.crt \
+		-e DIAL_ACME_CA_POOL=/root_ca.crt \
+		-e DIAL_ACME_DOMAINS="localhost" \
+		-e DIAL_ACME_DIRECTORY_URL="https://localhost:10443/acme/acme/directory" \
+		-e LISTEN_ACME_CA_POOL=/root_ca.crt \
+		-e LISTEN_ACME_DOMAINS="localhost" \
+		-e LISTEN_ACME_DEVICE_ID="adebc667-1f2b-41e3-bf5c-6d6eabc68cc6" \
+		-e LISTEN_ACME_DIRECTORY_URL="https://localhost:10443/acme/acme/directory" \
+		-e TEST_COAP_GW_OVERWRITE_LISTEN_ACME_DIRECTORY_URL="https://localhost:10443/acme/ocf.gw/directory" \
+		--mount type=bind,source="$(shell pwd)",target=/shared \
+		test-build \
+		go test -p 1 -v ./... -covermode=atomic -coverprofile=/shared/coverage.txt
+
+build: $(SUBDIRS)
+
+clean:
+	docker rm -f step-ca-test || true
+	docker rm -f mongo || true
+	docker rm -f nats || true
+	docker rm -f devsim || true
+	rm -rf ./.tmp/step-ca || true
+	rm -rf ./.tmp/mongo || true
+
+proto/generate: $(SUBDIRS)
+push: $(SUBDIRS)
+
+$(SUBDIRS):
+	$(MAKE) -C $@ $(MAKECMDGOALS)

README.md

@@ -0,0 +1,6 @@
+[![Build Status](https://travis-ci.com/go-ocf/cloud.svg?branch=master)](https://travis-ci.com/go-ocf/cloud)
+[![codecov](https://codecov.io/gh/go-ocf/cloud/branch/master/graph/badge.svg)](https://codecov.io/gh/go-ocf/cloud)
+[![Go Report](https://goreportcard.com/badge/github.com/go-ocf/cloud)](https://goreportcard.com/report/github.com/go-ocf/cloud)
+[![Gitter](https://badges.gitter.im/ocfcloud/Lobby.svg)](https://gitter.im/ocfcloud/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
+
+# cloud

authorization/.dockerignore

@@ -0,0 +1,25 @@
+cmd/authorization-web/authorization-web
+cmd/authorization-sevice/authorization-sevice
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# go CLI
+*.test
+coverage.txt
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# IDE
+.vscode/
+debug
+
+# Dep's guards against upstream overwrites
+# https://golang.github.io/dep/docs/FAQ.html#should-i-commit-my-vendor-directory
+vendor/
+

authorization/Dockerfile

@@ -0,0 +1,11 @@
+FROM golang:1.13.5-alpine3.10 AS build
+RUN apk add --no-cache curl git build-base
+WORKDIR $GOPATH/src/github.com/go-ocf/cloud/authorization
+COPY . .
+RUN go mod download
+RUN go build -o /go/bin/service ./cmd/service
+
+FROM alpine:3.11 as service
+RUN apk add --no-cache ca-certificates
+COPY --from=build /go/bin/service /usr/local/bin/service
+ENTRYPOINT ["/usr/local/bin/service"]

authorization/Makefile

@@ -0,0 +1,31 @@
+SHELL = /bin/bash
+SERVICE_NAME = $(notdir $(CURDIR))
+LATEST_TAG = vnext
+VERSION_TAG = vnext-$(shell git rev-parse --short=7 --verify HEAD)
+
+default: build
+
+define build-docker-image
+	docker build \
+		--network=host \
+		--tag ocfcloud/$(SERVICE_NAME):$(VERSION_TAG) \
+		--tag ocfcloud/$(SERVICE_NAME):$(LATEST_TAG) \
+		--target $(1) \
+		--file Dockerfile \
+		.
+endef
+
+build-servicecontainer:
+	$(call build-docker-image,service)
+
+build: build-servicecontainer
+
+push: build-servicecontainer
+	docker push ocfcloud/$(SERVICE_NAME):$(VERSION_TAG)
+	docker push ocfcloud/$(SERVICE_NAME):$(LATEST_TAG)
+
+proto/generate:
+	protoc -I=. -I=${GOPATH}/src -I=./pb --gogofaster_out=${GOPATH}/src pb/auth.proto
+	protoc -I=. -I=${GOPATH}/src -I=./pb --go_out=plugins=grpc:${GOPATH}/src pb/service.proto
+
+.PHONY: build-servicecontainer build push clean proto/generate

authorization/README.md

@@ -0,0 +1,90 @@
+[![GoDoc](https://godoc.org/github.com/go-ocf/cloud/authorization?status.svg)](https://godoc.org/github.com/go-ocf/cloud/authorization)
+[![Go Report Card](https://goreportcard.com/badge/go-ocf/authorization)](https://goreportcard.com/report/go-ocf/authorization)
+[![Gitter](https://badges.gitter.im/ocfcloud/Lobby.svg)](https://gitter.im/ocfcloud/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
+
+# Authorization
+
+- [Specification](https://wiki.iotivity.org/coapnativecloud#authorization_bounded_context)
+
+## Authorization Web
+
+The authorization web provides forms for the following manual actions:
+- Obtain **Authorization Code** from GitHub 
+- Demonstrate the exchange for an **Access Token**
+
+Run the web server as follows and open http://127.0.0.1:7000/ in your browser.
+
+```bash
+docker build . --network=host -t authorization:web --target web
+docker run --network=host authorization:web
+```
+
+The application can be configured using [environment variables](web/config.go)
+
+## Authorization Service
+
+The authorization service exposes Protobuf via HTTP/1.1 ([Open API](openapi.yaml)).
+
+```bash
+docker build . --network=host -t authorization:service --target service
+docker run -e CLIENT_ID='my id' -e CLIENT_SECRET='my secret' --network=host authorization:service
+```
+
+The application can be configured using [environment variables](service/config.go)
+
+To obtain the **client ID** and **secret**, register your application at 
+[GitHub](https://github.com/settings/applications)
+and set the callback to `/oauth_callback` (e.g. `http://127.0.0.1:7000/oauth_callback`).
+
+# Limitations
+
+This reference implementation lacks the following features:
+- Shared access to devices by mutliple users
+- Deletion of expired tokens
+- Encryption in transit and at rest
+- Clustered deployment
+
+# Build
+
+## Docker
+
+```sh
+make build-servicecontainer
+```
+## Local machine
+
+```sh
+go build ./cmd/service/
+```
+
+## Configuration
+| Option | ENV variable | Type | Description | Default |
+| ------ | --------- | ----------- | ------- | ------- |
+| `-` | `ADDRESS` | string | tbd | `"0.0.0.0:9100"` |
+| `-` | `DEVICE_PROVIDER` | string | `value which comes from the device during the sign-up ("apn")` | `"github"` |
+| `-` | `DEVICE_OAUTH_CLIENT_ID` | string | tbd | `""` |
+| `-` | `DEVICE_OAUTH_CLIENT_SECRET` | string | tbd | `""` |
+| `-` | `DEVICE_OAUTH_REDIRECT_URL` | string | tbd | `""` |
+| `-` | `DEVICE_OAUTH_ENDPOINT_AUTH_URL` | string | tbd | `""` |
+| `-` | `DEVICE_OAUTH_ENDPOINT_TOKEN_URL` | string | tbd | `""` |
+| `-` | `DEVICE_OAUTH_SCOPES` | string | Comma separated list of required scopes | `""` |
+| `-` | `DEVICE_OAUTH_RESPONSE_MODE` | string | one of "query/post_form" | `"query"` |
+| `-` | `SDK_OAUTH_CLIENT_ID` | string | tbd | `""` |
+| `-` | `SDK_OAUTH_REDIRECT_URL` | string | tbd | `""` |
+| `-` | `SDK_OAUTH_ENDPOINT_AUTH_URL` | string | tbd | `""` |
+| `-` | `SDK_OAUTH_AUDIENCE` | string | tbd | `""` |
+| `-` | `SDK_OAUTH_SCOPES` | string | Comma separated list of required scopes | `""` |
+| `-` | `SDK_OAUTH_RESPONSE_MODE` | string | one of "query/post_form" | `"query"` |
+| `-` | `LISTEN_TYPE` | string | tbd | `"acme"` |
+| `-` | `LISTEN_ACME_CA_POOL` | string | tbd | `""` |
+| `-` | `LISTEN_ACME_DIRECTORY_URL` | string | tbd | `""` |
+| `-` | `LISTEN_ACME_DOMAINS` | string | tbd | `""` |
+| `-` | `LISTEN_ACME_REGISTRATION_EMAIL` | string | tbd | `""` |
+| `-` | `LISTEN_ACME_TICK_FREQUENCY` | string | tbd | `""` |
+| `-` | `LISTEN_FILE_CA_POOL` | string | tbd | `""` |
+| `-` | `LISTEN_FILE_CERT_KEY_NAME` | string | tbd | `""` |
+| `-` | `LISTEN_FILE_CERT_DIR_PATH` | string | tbd | `""` |
+| `-` | `LISTEN_FILE_CERT_NAME` | string | tbd | `""` |
+| `-` | `LOG_ENABLE_DEBUG` | bool | tbd | `false` |
+| `-` | `MONGODB_URI` | string | tbd | `"mongodb://localhost:27017"` |
+| `-` | `MONGODB_DATABASE` | string | tbd | `"authorization"` |