From e4b7aa876689179e4098691bf1e665edc04cf689 Mon Sep 17 00:00:00 2001
From: Mario Voigt <mario.voigt@stadtfabrikanten.org>
Date: Tue, 4 Mar 2025 00:35:25 +0100
Subject: [PATCH 1/2] remove dirty examples/ dir. proper and up to date
examples can be found at
https://gitlab.com/fabinfra/fabaccess/demos-environments for instance
---
examples/README.md | 11 -
examples/actor.py | 179 -------------
examples/actor.sh | 4 -
examples/bffh.dhall | 237 ------------------
examples/docker/basic/README.md | 5 -
examples/docker/basic/config/bffh.dhall | 42 ----
examples/docker/basic/config/pass.toml | 1 -
examples/docker/basic/config/roles.toml | 19 --
examples/docker/basic/config/users.toml | 11 -
examples/docker/basic/docker-compose.yaml | 13 -
examples/docker/integration/README.md | 11 -
.../docker/integration/config_a/bffh.dhall | 20 --
.../docker/integration/config_a/pass.toml | 1 -
.../docker/integration/config_a/roles.toml | 20 --
.../docker/integration/config_a/users.toml | 11 -
.../docker/integration/config_b/bffh.dhall | 20 --
.../docker/integration/config_b/pass.toml | 1 -
.../docker/integration/config_b/roles.toml | 20 --
.../docker/integration/config_b/users.toml | 11 -
.../docker/integration/docker-compose.yaml | 26 --
examples/fail-actor.sh | 4 -
examples/init.py | 13 -
examples/self-signed-cert.pem | 19 --
examples/self-signed-key.pem | 28 ---
examples/users.toml | 16 --
25 files changed, 743 deletions(-)
delete mode 100644 examples/README.md
delete mode 100755 examples/actor.py
delete mode 100755 examples/actor.sh
delete mode 100644 examples/bffh.dhall
delete mode 100644 examples/docker/basic/README.md
delete mode 100644 examples/docker/basic/config/bffh.dhall
delete mode 100644 examples/docker/basic/config/pass.toml
delete mode 100644 examples/docker/basic/config/roles.toml
delete mode 100644 examples/docker/basic/config/users.toml
delete mode 100644 examples/docker/basic/docker-compose.yaml
delete mode 100644 examples/docker/integration/README.md
delete mode 100644 examples/docker/integration/config_a/bffh.dhall
delete mode 100644 examples/docker/integration/config_a/pass.toml
delete mode 100644 examples/docker/integration/config_a/roles.toml
delete mode 100644 examples/docker/integration/config_a/users.toml
delete mode 100644 examples/docker/integration/config_b/bffh.dhall
delete mode 100644 examples/docker/integration/config_b/pass.toml
delete mode 100644 examples/docker/integration/config_b/roles.toml
delete mode 100644 examples/docker/integration/config_b/users.toml
delete mode 100644 examples/docker/integration/docker-compose.yaml
delete mode 100755 examples/fail-actor.sh
delete mode 100755 examples/init.py
delete mode 100644 examples/self-signed-cert.pem
delete mode 100644 examples/self-signed-key.pem
delete mode 100644 examples/users.toml
diff --git a/examples/README.md b/examples/README.md
deleted file mode 100644
index f0ba1e9..0000000
--- a/examples/README.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# API-Testsetup
-
-wirklich nur um das API zu testen. ATM implementiert: machines::* & machine::read, authenticate
-
-1. Ein mosquitto o.ä MQTT Server starten
-1. Datenbanken füllen: `cargo run -- -c examples/bffh.dhall --load=examples`
-1. Daemon starten: `cargo run -- -c examples/bffh.dhall`
-1. ???
-1. PROFIT!
-
-A dockerized version of this example can be found in the docker subdirectory
\ No newline at end of file
diff --git a/examples/actor.py b/examples/actor.py
deleted file mode 100755
index 489260c..0000000
--- a/examples/actor.py
+++ /dev/null
@@ -1,179 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-import argparse
-
-def on_free(args, actor_name):
- """
- Function called when the state of the connected machine changes to Free
- again
- """
- if args.verbose > 2:
- print("on_free called!")
-
- if actor_name == "DoorControl1":
- # Do whatever you want to do in case `DoorControl1` is returned back to free.
- # Keep in mind that process actors should return quickly to not miss
- # updates, so if you need to do things that take a while fork a new
- # process e.g. with the `subprocess` Module
- print("I'm locking door 1!")
- pass
- elif actor_name == "DoorControl2":
- print("I'm locking door 2!")
- pass # Close a different door
- else:
- if not args.quiet:
- print("process called with unknown id %s for state `Free`" % actor_name)
- # It's a good idea to exit with an error code in case something
- # unexpected happens.
- # The process module logs everything printed to stdout by actors into
- # the server log, but marks them as `Error` in case the actor process
- # exits with a code != 0, making debugging somewhat easier.
- exit(-1)
-
-def on_use(args, actor_name, user_id):
- """
- Function called when an user takes control of the connected machine
-
- user_id contains the UID of the user now using the machine
- """
- if args.verbose > 2:
- print("on_use called!")
- if actor_name == "DoorControl1":
- print("I'm opening door 1 for 10 seconds!")
- pass # Open door one
- elif actor_name == "DoorControl2":
- print("I'm opening door 2 for 10 seconds!")
- pass # Open a different door
- else:
- if not args.quiet:
- print("process called with unknown id %s for state `InUse`" % actor_name)
- # It's a good idea to exit with an error code in case something
- # unexpected happens.
- # The process module logs everything printed to stdout by actors into
- # the server log, but marks them as `Error` in case the actor process
- # exits with a code != 0, making debugging somewhat easier.
- exit(-1)
-
-def on_tocheck(args, actor_name, user_id):
- """
- Function called when an user returns control and the connected machine is
- configured to go to state `ToCheck` instead of `Free` in that case.
-
- user_id contains the UID of the manager expected to check the machine.
- The user that used the machine beforehand has to be taken from the last
- user field using the API (via e.g. the mobile app)
- """
- if args.verbose > 2:
- print("on_tocheck called!")
- if not args.quiet:
- print("process called with unexpected combo id %s and state 'ToCheck'" % actor_name)
- exit(-1)
-
-def on_blocked(args, actor_name, user_id):
- """
- Function called when an manager marks the connected machine as `Blocked`
-
- user_id contains the UID of the manager that blocked the machine
- """
- if args.verbose > 2:
- print("on_blocked called!")
- if not args.quiet:
- print("process called with unexpected combo id %s and state 'Blocked'" % actor_name)
- exit(-1)
-
-def on_disabled(args, actor_name):
- """
- Function called when the connected machine is marked `Disabled`
- """
- if not args.quiet:
- print("process called with unexpected combo id %s and state 'Disabled'" % actor_name)
- exit(-1)
-
-def on_reserve(args, actor_name, user_id):
- """
- Function called when the connected machine has been reserved by somebody.
-
- user_id contains the UID of the reserving user.
- """
- if not args.quiet:
- print("process called with unexpected combo id %s and state 'Reserved'" % actor_name)
- exit(-1)
-
-
-def main(args):
- """
- Python example actor
-
- This is an example how to use the `process` actor type to run a Python script.
- """
-
- if args.verbose is not None:
- if args.verbose == 1:
- print("verbose output enabled")
- elif args.verbose == 2:
- print("loud output enabled!")
- elif args.verbose == 3:
- print("LOUD output enabled!!!")
- elif args.verbose > 4:
- print("Okay stop you're being ridiculous.")
- sys.exit(-2)
- else:
- args.verbose = 0
-
- # You could also check the actor name here and call different functions
- # depending on that variable instead of passing it to the state change
- # methods.
-
- new_state = args.state
- if new_state == "free":
- on_free(args, args.name)
- elif new_state == "inuse":
- on_use(args, args.name, args.userid)
- elif new_state == "tocheck":
- on_tocheck(args, args.name, args.userid)
- elif new_state == "blocked":
- on_blocked(args, args.name, args.userid)
- elif new_state == "disabled":
- on_disabled(args, args.name)
- elif new_state == "reserved":
- on_reserve(args, args.name, args.userid)
- else:
- print("Process actor called with unknown state %s" % new_state)
-
-if __name__ == "__main__":
- parser = argparse.ArgumentParser()
- # Parameters are passed to the Process actor as follows:
- # 1. the contents of params.args, split by whitespace as separate args
- # 2. the configured id of the actor (e.g. "DoorControl1")
- # 3. the new state as one of [free|inuse|tocheck|blocked|disabled|reserved]
-
- parser.add_argument("-q", "--quiet", help="be less verbose", action="store_true")
- parser.add_argument("-v", "--verbose", help="be more verbose", action="count")
-
- parser.add_argument("name",
- help="name of this actor as configured in bffh.dhall"
- )
-
- # We parse the new state using subparsers so that we only require a userid
- # in case it's a state that sets one.
- subparsers = parser.add_subparsers(required=True, dest="state")
-
- parser_free = subparsers.add_parser("free")
-
- parser_inuse = subparsers.add_parser("inuse")
- parser_inuse.add_argument("userid", help="The user that is now using the machine")
-
- parser_tocheck = subparsers.add_parser("tocheck")
- parser_tocheck.add_argument("userid", help="The user that should go check the machine")
-
- parser_blocked = subparsers.add_parser("blocked")
- parser_blocked.add_argument("userid", help="The user that marked the machine as blocked")
-
- parser_disabled = subparsers.add_parser("disabled")
-
- parser_reserved = subparsers.add_parser("reserved")
- parser_reserved.add_argument("userid", help="The user that reserved the machine")
-
- args = parser.parse_args()
- main(args)
diff --git a/examples/actor.sh b/examples/actor.sh
deleted file mode 100755
index 704c66f..0000000
--- a/examples/actor.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-
-echo "Bash actor called with $@" > /tmp/act
-echo "Bash actor called with: $@"
diff --git a/examples/bffh.dhall b/examples/bffh.dhall
deleted file mode 100644
index 65c5ae1..0000000
--- a/examples/bffh.dhall
+++ /dev/null
@@ -1,237 +0,0 @@
-{- Main configuration file for bffh
- - ================================
- -
- - In this configuration file you configure almost all parts of how bffh operates, but most importantly:
- - * Machines
- - * Initiators and Actors
- - * Which Initiators and Actors relate to which machine(s)
- - * Roles and the permissions granted by them
- -}
-
--- The config is in the configuration format/language dhall. You can find more information about dhall over at
--- https://dhall-lang.org
-
--- (Our) Dhall is somewhat similar to JSON and YAML in that it expects a top-level object containing the
--- configuration values
-{
- -- Configure the addresses and ports bffh listens on
- listens = [
- -- BFFH binds a port for every listen object in this array.
- -- Each listen object is of the format { address = <STRING>, port = <INTEGER> }
- -- If you don't specify a port bffh will use the default of `59661`
- -- 'address' can be a IP address or a hostname
- -- If bffh can not bind a port for the specified combination if will log an error but *continue with the remaining ports*
- { address = "127.0.0.1", port = 59661 },
- { address = "::1", port = 59661 },
- { address = "steak.fritz.box", port = 59661 }
- ],
-
- -- Configure TLS. BFFH requires a PEM-encoded certificate and the associated key as two separate files
- certfile = "examples/self-signed-cert.pem",
- keyfile = "examples/self-signed-key.pem",
-
- -- BFFH right now requires a running MQTT broker.
- mqtt_url = "tcp://localhost:1883",
-
- -- Path to the database file for bffh. bffh will in fact create two files; ${db_path} and ${db_path}.lock.
- -- BFFH will *not* create any directories so ensure that the directory exists and the user running bffh has write
- -- access into them.
- db_path = "/tmp/bffh",
-
- -- Audit log path. Bffh will log state changes into this file, one per line.
- -- Audit log entries are for now JSON:
- -- {"timestamp":1641497361,"machine":"Testmachine","state":{"state":{"InUse":{"uid":"Testuser","subuid":null,"realm":null}}}}
- auditlog_path = "/tmp/bffh.audit",
-
- -- In dhall you can also easily import definitions from other files, e.g. you could write
- -- roles = ./roles.dhall
- roles = {
- -- Role definitions
- -- A role definition is of the form
- -- rolename = {
- -- parents = [<list of role names to inherit from>],
- -- permissions = [<list of perm rules>],
- -- }
- --
- -- Role names are case sensitive, so RoleName != rolename.
- --
- -- If you want either parents or permissions to be empty its best to completely skip it:
- testrole = {
- permissions = [ "lab.some.admin" ]
- },
- somerole = {
- parents = ["testparent"],
- -- "Permissions" are formatted as Perm Rules, so you can use the wildcards '*' and '+'
- permissions = [ "lab.test.*" ]
- },
- -- Roles can inherit from each other. In that case a member of e.g. 'somerole' that inherits from
- -- 'testparent' will have all the permissions of 'somerole' AND 'testparent' assigned to them.
- -- Right now permissions are stricly additive so you can't take a permission away in a child role that a parent
- -- role grants.
- testparent = {
- permissions = [
- "lab.some.write",
- "lab.some.read",
- "lab.some.disclose"
- ]
- }
- },
-
- -- Configure machines
- -- "Machines" (which in future will be more appropiately named "resources") are the main thing bffh is concerned
- -- with.
- -- You can define an almost limitless amount of machines (well 2^64 - 1, so 18_446_744_073_709_551_615 to be precise)
- -- Each of these machines can then have several "actors" and "initiators" assigned
- machines = {
- Testmachine = {
- -- A machine comes with two "names". The id above ("Testmachine") and the "name" ("MachineA").
- -- The id is what you'll use in the config format and is strictly limited to alphanumeric characters and '_'
- -- and must begin with a letter. Most importantly you CAN NOT use '-' or spaces in an identifier
- -- (dhall makes this technically possible but you can break things in subtle ways)
-
- -- REQUIRED. The "name" of a machine is what will be presented to humans. It can contain all unicode
- -- including spaces and nonprintable characters.
- -- A name SHOULD be short but unique.
- name = "MachineA",
-
- -- OPTIONAL. A description can be assigned to machines. It will also only be shown to humans. Thus it is
- -- once again limited only to unicode. If you want to provide your users with important additional
- -- information other than the name this is the place to do it.
- description = "A test machine",
-
- -- OPTIONAL. If you have a wiki going into more detail how to use a certain machine or what to keep in
- -- mind when using it you can provide a URL here that will be presented to users.
- wiki = "https://wiki.example.org/machineA",
-
- -- OPTIONAL. You can assign categories to machines to allow clients to group/filter machines by them.
- category = "Testcategory",
-
- -- REQUIRED.
- -- Each machine MUST have *all* Permission levels assigned to it.
- -- Permissions aren't PermRules as used in the 'roles' definitions but must be precise without wildcards.
- -- Permission levels aren't additive, so a user having 'manage' permission does not automatically get
- -- 'read' or 'write' permission.
-
- -- (Note, disclose is not fully implemented at the moment)
- -- Users lacking 'disclose' will not be informed about this machine in any way and it will be hidden from
- -- them in the client. Usually the best idea is to assign 'read' and 'disclose' to the same permission.
- disclose = "lab.test.read",
-
- -- Users lacking 'read' will be shown a machine including name, description, category and wiki but not
- -- it's current state. The current user is not disclosed.
- read = "lab.test.read",
-
- -- The 'write' permission allows to 'use' the machine.
- write = "lab.test.write",
-
- -- Manage represents the 'superuser' permission. Users with this permission can force set any state and
- -- read out the current user
- manage = "lab.test.admin"
- },
- Another = {
- wiki = "test_another",
- category = "test",
- disclose = "lab.test.read",
- manage = "lab.test.admin",
- name = "Another",
- read = "lab.test.read",
- write = "lab.test.write"
- },
- Yetmore = {
- description = "Yet more test machines",
- disclose = "lab.test.read",
- manage = "lab.test.admin",
- name = "Yetmore",
- read = "lab.test.read",
- write = "lab.test.write"
- }
- },
-
- -- Actor configuration. Actors are how bffh affects change in the real world by e.g. switching a power socket
- -- using a shelly
- actors = {
- -- Actors similarly to machines have an 'id'. This id (here "Shelly1234") is limited to Alphanumeric ASCII
- -- and must begin with a letter.
- Shelly1234 = {
- -- Actors are modular pieces of code that are loaded as required. The "Shelly" module will send
- -- activation signals to a shelly switched power socket over MQTT
- module = "Shelly",
- -- Actors can have arbitrary parameters passed to them, varying by actor module.
- params = {
- -- For Shelly you can configure the MQTT topic segment it uses. Shellies listen to a specific topic
- -- containing their name (which is usually of the form "shelly_<id>" but can be changed).
- -- If you do not configure a topic here the actor will use it's 'id' (in this case "Shelly1234").
- topic = "Topic1234"
- }
- },
-
- Bash = {
- -- The "Process" module runs a given script or command on state change.
- -- bffh invoces the given cmd as `$ ${cmd} ${args} ${id} ${state}` so e.g. as
- -- `$ ./examples/actor.sh your ad could be here Bash inuse`
- module = "Process",
- params = {
- -- which is configured by the (required) 'cmd' parameter. Paths are relative to PWD of bffh. Systemd
- -- and similar process managers may change this PWD so it's usually the most future-proof to use
- -- absolute paths.
- cmd = "./examples/actor.sh",
- -- You can pass static args in here, these will be passed to every invocation of the command by this actor.
- -- args passed here are split by whitespace, so these here will be passed as 5 separate arguments
- args = "your ad could be here"
- }
- },
-
- DoorControl1 = {
- -- This actor calls the actor.py script in examples/
- -- It gets passed it's own name, so you can have several actors
- -- from the same script.
- -- If you need to pass more arguments to the command you can use the `args` key in
- -- `params` as is done with the actor `Bash`
- module = "Process",
- -- the `args` are passed in front of all other parameters so they are best suited to
- -- optional parameters like e.g. the verboseness
- params = { cmd = "./examples/actor.py", args = "-vvv" }
- },
- DoorControl2 = {
- module = "Process",
- params = { cmd = "./examples/actor.py" }
- },
- DoorControl3 = {
- -- This is an example for how it looks like if an actor is misconfigured.
- -- the actor.py doesn't know anything about DoorControl3 and, if this actor is enabled,
- -- will return with an error showing up in the server logs.
- module = "Process",
- params = { cmd = "./examples/actor.py" }
- },
-
- Bash2 = { module = "Process", params = { cmd = "./examples/actor.sh" , args = "this is a different one" }},
- FailBash = { module = "Process", params = { cmd = "./examples/fail-actor.sh" }}
- },
-
- -- Linkng up machines to actors
- -- Actors need to be connected to machines to be useful. A machine can be connected to multiple actors, but one
- -- actor can only be connected to one machine.
- actor_connections = [
- { machine = "Testmachine", actor = "Shelly1234" },
- { machine = "Another", actor = "Bash" },
- { machine = "Yetmore", actor = "Bash2" },
- { machine = "Yetmore", actor = "FailBash"}
- ],
-
- -- Initiators are configured almost the same way as Actors, refer to actor documentation for more details
- -- The below '{=}' is what you need if you want to define *no* initiators at all and only use the API with apps
- -- to let people use machines.
- initiators = {=},
- -- The "Dummy" initiator will try to use and return a machine as the given user every few seconds. It's good to
- -- test your system but will spam your log so is disabled by default.
- --initiators = { Initiator = { module = "Dummy", params = { uid = "Testuser" } } },
-
- -- Linking up machines to initiators. Similar to actors a machine can have several initiators assigned but an
- -- initiator can only be assigned to one machine.
- -- The below is once again how you have to define *no* initiators.
- init_connections = [] : List { machine : Text, initiator : Text },
- --init_connections = [{ machine = "Testmachine", initiator = "Initiator" }]
-
- instanceurl = "https://example.com",
- spacename = "examplespace"
-}
diff --git a/examples/docker/basic/README.md b/examples/docker/basic/README.md
deleted file mode 100644
index 2345940..0000000
--- a/examples/docker/basic/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# API-Testsetup, aber mit Docker
-
-wirklich nur um das API zu testen. ATM implementiert: machines::* & machine::read, authenticate
-
-* run `docker-compose up` in this directory
\ No newline at end of file
diff --git a/examples/docker/basic/config/bffh.dhall b/examples/docker/basic/config/bffh.dhall
deleted file mode 100644
index 42206e5..0000000
--- a/examples/docker/basic/config/bffh.dhall
+++ /dev/null
@@ -1,42 +0,0 @@
--- { actor_connections = [] : List { _1 : Text, _2 : Text }
-{ actor_connections = [{ _1 = "Testmachine", _2 = "Actor" }]
-, actors =
- { Actor = { module = "Shelly", params = {=} }
- }
- , init_connections = [] : List { _1 : Text, _2 : Text }
---, init_connections = [{ _1 = "Initiator", _2 = "Testmachine" }]
-, initiators =
- { Initiator = { module = "Dummy", params = {=} }
- }
-, listens =
- [ { address = "::", port = Some 59661 }
- ]
-, machines =
- { Testmachine =
- { description = Some "A test machine"
- , disclose = "lab.test.read"
- , manage = "lab.test.admin"
- , name = "Testmachine"
- , read = "lab.test.read"
- , write = "lab.test.write"
- },
- Another =
- { description = Some "Another test machine"
- , disclose = "lab.test.read"
- , manage = "lab.test.admin"
- , name = "Another"
- , read = "lab.test.read"
- , write = "lab.test.write"
- },
- Yetmore =
- { description = Some "Yet more test machines"
- , disclose = "lab.test.read"
- , manage = "lab.test.admin"
- , name = "Yetmore"
- , read = "lab.test.read"
- , write = "lab.test.write"
- }
- }
-, mqtt_url = "tcp://mqtt:1883"
-, db_path = "/tmp/bffh"
-}
diff --git a/examples/docker/basic/config/pass.toml b/examples/docker/basic/config/pass.toml
deleted file mode 100644
index 6d4855d..0000000
--- a/examples/docker/basic/config/pass.toml
+++ /dev/null
@@ -1 +0,0 @@
-Testuser = "secret"
diff --git a/examples/docker/basic/config/roles.toml b/examples/docker/basic/config/roles.toml
deleted file mode 100644
index 2c91a30..0000000
--- a/examples/docker/basic/config/roles.toml
+++ /dev/null
@@ -1,19 +0,0 @@
-[anotherrole]
-
-[testrole]
-permissions = [
- "lab.test.*"
-]
-
-[somerole]
-parents = ["testparent/lmdb"]
-permissions = [
- "lab.some.admin"
-]
-
-[testparent]
-permissions = [
- "lab.some.write",
- "lab.some.read",
- "lab.some.disclose",
-]
diff --git a/examples/docker/basic/config/users.toml b/examples/docker/basic/config/users.toml
deleted file mode 100644
index 2d5ef75..0000000
--- a/examples/docker/basic/config/users.toml
+++ /dev/null
@@ -1,11 +0,0 @@
-[Testuser]
-# Define them in roles.toml as well
-roles = ["somerole/lmdb", "testrole/lmdb"]
-
-# If two or more users want to use the same machine at once the higher prio
-# wins
-priority = 0
-
-# You can add whatever random data you want.
-# It will get stored in the `kv` field in UserData.
-noot = "noot!"
diff --git a/examples/docker/basic/docker-compose.yaml b/examples/docker/basic/docker-compose.yaml
deleted file mode 100644
index bb43e67..0000000
--- a/examples/docker/basic/docker-compose.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-version: "3.8"
-services:
- bffh:
- image: registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest
- ports:
- - "59661:59661"
- volumes:
- # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section.
- - "./config:/etc/bffh"
- links:
- - mqtt
- mqtt:
- image: eclipse-mosquitto:1.6.13
diff --git a/examples/docker/integration/README.md b/examples/docker/integration/README.md
deleted file mode 100644
index 2588e6e..0000000
--- a/examples/docker/integration/README.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# Integration tests with Docker
-
-## How it works
-* spawns 2 instances of our bffh container and required mqqt broker
-* spawns an additional debian to run a shell
-* the containers can reach each other by their hostname
-
-## How to start
-
-* run `docker-compose up --exit-code-from test-manager` in this directory
-* this will kill all containers when
\ No newline at end of file
diff --git a/examples/docker/integration/config_a/bffh.dhall b/examples/docker/integration/config_a/bffh.dhall
deleted file mode 100644
index cb5cf78..0000000
--- a/examples/docker/integration/config_a/bffh.dhall
+++ /dev/null
@@ -1,20 +0,0 @@
-{ actor_connections = [{ _1 = "Testmachine", _2 = "Actor" }]
-, actors =
- { Actor = { module = "Shelly", params = {=} }
- }
-, init_connections = [{ _1 = "Initiator", _2 = "Testmachine" }]
-, initiators =
- { Initiator = { module = "Dummy", params = {=} }
- }
-, listens = [{ address = "::", port = Some 59661 }]
-, machines =
- { Testmachine =
- { description = Some "A test machine"
- , disclose = "lab.test.read"
- , manage = "lab.test.admin"
- , name = "Testmachine"
- , read = "lab.test.read"
- , write = "lab.test.write"
- } }
-, mqtt_url = "tcp://mqtt-a:1883"
-}
diff --git a/examples/docker/integration/config_a/pass.toml b/examples/docker/integration/config_a/pass.toml
deleted file mode 100644
index 6d4855d..0000000
--- a/examples/docker/integration/config_a/pass.toml
+++ /dev/null
@@ -1 +0,0 @@
-Testuser = "secret"
diff --git a/examples/docker/integration/config_a/roles.toml b/examples/docker/integration/config_a/roles.toml
deleted file mode 100644
index cc61b71..0000000
--- a/examples/docker/integration/config_a/roles.toml
+++ /dev/null
@@ -1,20 +0,0 @@
-[testrole]
-name = "Testrole"
-permissions = [
- "lab.test.*"
-]
-
-[somerole]
-name = "Somerole"
-parents = ["testparent%lmdb"]
-permissions = [
- "lab.some.admin"
-]
-
-[testparent]
-name = "Testparent"
-permissions = [
- "lab.some.write",
- "lab.some.read",
- "lab.some.disclose",
-]
diff --git a/examples/docker/integration/config_a/users.toml b/examples/docker/integration/config_a/users.toml
deleted file mode 100644
index 46c4a67..0000000
--- a/examples/docker/integration/config_a/users.toml
+++ /dev/null
@@ -1,11 +0,0 @@
-[Testuser]
-# Define them in roles.toml as well
-roles = []
-
-# If two or more users want to use the same machine at once the higher prio
-# wins
-priority = 0
-
-# You can add whatever random data you want.
-# It will get stored in the `kv` field in UserData.
-noot = "noot!"
diff --git a/examples/docker/integration/config_b/bffh.dhall b/examples/docker/integration/config_b/bffh.dhall
deleted file mode 100644
index 5a70bd0..0000000
--- a/examples/docker/integration/config_b/bffh.dhall
+++ /dev/null
@@ -1,20 +0,0 @@
-{ actor_connections = [{ _1 = "Testmachine", _2 = "Actor" }]
-, actors =
- { Actor = { module = "Shelly", params = {=} }
- }
-, init_connections = [{ _1 = "Initiator", _2 = "Testmachine" }]
-, initiators =
- { Initiator = { module = "Dummy", params = {=} }
- }
-, listens = [{ address = "::", port = Some 59661 }]
-, machines =
- { Testmachine =
- { description = Some "A test machine"
- , disclose = "lab.test.read"
- , manage = "lab.test.admin"
- , name = "Testmachine"
- , read = "lab.test.read"
- , write = "lab.test.write"
- } }
-, mqtt_url = "tcp://mqtt-b:1883"
-}
diff --git a/examples/docker/integration/config_b/pass.toml b/examples/docker/integration/config_b/pass.toml
deleted file mode 100644
index 6d4855d..0000000
--- a/examples/docker/integration/config_b/pass.toml
+++ /dev/null
@@ -1 +0,0 @@
-Testuser = "secret"
diff --git a/examples/docker/integration/config_b/roles.toml b/examples/docker/integration/config_b/roles.toml
deleted file mode 100644
index cc61b71..0000000
--- a/examples/docker/integration/config_b/roles.toml
+++ /dev/null
@@ -1,20 +0,0 @@
-[testrole]
-name = "Testrole"
-permissions = [
- "lab.test.*"
-]
-
-[somerole]
-name = "Somerole"
-parents = ["testparent%lmdb"]
-permissions = [
- "lab.some.admin"
-]
-
-[testparent]
-name = "Testparent"
-permissions = [
- "lab.some.write",
- "lab.some.read",
- "lab.some.disclose",
-]
diff --git a/examples/docker/integration/config_b/users.toml b/examples/docker/integration/config_b/users.toml
deleted file mode 100644
index 46c4a67..0000000
--- a/examples/docker/integration/config_b/users.toml
+++ /dev/null
@@ -1,11 +0,0 @@
-[Testuser]
-# Define them in roles.toml as well
-roles = []
-
-# If two or more users want to use the same machine at once the higher prio
-# wins
-priority = 0
-
-# You can add whatever random data you want.
-# It will get stored in the `kv` field in UserData.
-noot = "noot!"
diff --git a/examples/docker/integration/docker-compose.yaml b/examples/docker/integration/docker-compose.yaml
deleted file mode 100644
index 38b54f7..0000000
--- a/examples/docker/integration/docker-compose.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-version: "3.8"
-services:
- bffh-a:
- image: registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest
- command: ["sh", "-c", "difluoroborane -c /etc/bffh/bffh.dhall --load=/etc/bffh; difluoroborane -c /etc/bffh/bffh.dhall"]
- volumes:
- # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section.
- - "./config_a:/etc/bffh"
- links:
- - mqtt-a
- mqtt-a:
- image: eclipse-mosquitto
- bffh-b:
- image: registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest
- command: ["sh", "-c", "difluoroborane -c /etc/bffh/bffh.dhall --load=/etc/bffh; difluoroborane -c /etc/bffh/bffh.dhall"]
- volumes:
- # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section.
- - "./config_b:/etc/bffh"
- links:
- - mqtt-b
- mqtt-b:
- image: eclipse-mosquitto
-
- test-manager:
- image: debian
- tty: true
diff --git a/examples/fail-actor.sh b/examples/fail-actor.sh
deleted file mode 100755
index 5630f1c..0000000
--- a/examples/fail-actor.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-
-echo "This is some error output" > /dev/stderr
-exit 115
diff --git a/examples/init.py b/examples/init.py
deleted file mode 100755
index 73ed4e2..0000000
--- a/examples/init.py
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env python
-
-import sys
-import time
-
-while True:
- print('{ "state": { "1.3.6.1.4.1.48398.612.2.4": { "state": "Free" } } }')
- sys.stdout.flush()
- time.sleep(2)
-
- print('{ "state": { "1.3.6.1.4.1.48398.612.2.4": { "state": { "InUse": { "id": "Testuser" } } } } }')
- sys.stdout.flush()
- time.sleep(2)
diff --git a/examples/self-signed-cert.pem b/examples/self-signed-cert.pem
deleted file mode 100644
index 89f056d..0000000
--- a/examples/self-signed-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDFzCCAf+gAwIBAgIUDr+1F3zzyza+soLtiurKEXW9pGIwDQYJKoZIhvcNAQEL
-BQAwGzEZMBcGA1UEAwwQYmZmaC1kZXZlbG9wbWVudDAeFw0yMTEyMDkxODQ2Mjla
-Fw0zMTEyMDkxODQ2MjlaMBsxGTAXBgNVBAMMEGJmZmgtZGV2ZWxvcG1lbnQwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGwNy7yGaURR08dWfoDmnJeyx1
-0FVRmozoGCIb3Oj6c2t+84QUxqTdknE7Cdcz5Wi1o0x2CWPZG4z1vgTaCcJVhcME
-hxn+7eK1NtDQEjs8Ojs7uaraVvooIe8R7jat0qs7Dmf8RO9P0I4MMZlvijhI7aLw
-0C6vNsr1ebeppIiwO5aUuCGuKqxJGghHeqZv18ZcPayunyNrxMC6uyX7y6nUVkfq
-x0m9gDsN112Iv9Dd/ZE5Gxivm8jZvVUGZgJD2szK7zbeCDeo5aU3cRWfYaoN0QDx
-AKmo4bjciJzfMDDgvcIBq9lGS3FxEv394Mc5YX/ZdP+KRTiHcYCXfBzr3B6HAgMB
-AAGjUzBRMB0GA1UdDgQWBBTtUvvWXlo5tU8cEoxbs5UJdodOVDAfBgNVHSMEGDAW
-gBTtUvvWXlo5tU8cEoxbs5UJdodOVDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBCwUAA4IBAQAB3IxRnWi/LrxCvlHNaWEi3ZvlbN+KpegWZeKtjHwQoizhR/Fi
-SMC7z4y6trJE7LXUOSb9Pu8QQSvpVQZd3W4XCPZMl10Lt7iV8vc3pVviCseDnT9r
-X1gXdbeuyYm9lE8KtlhX03jD/CiEx7Qe/q8Rc20AQIKAAJzvl7sXU2tmJ5kpzMEO
-v5czlLaX2ajlD/QMgNBUuDyw6wPo3wx9Khph484RygN2LHeT6kfu/PBiF0dGDTUu
-mgxg4K0GfwTcHgtz5Bag/HyuuJEKx8Wv7jth59PyKPT+lMVBznxIm3gLS5U+Nnr1
-uAws8dgLXRlPo5HJORuJCcZWVBClruZUpyDT
------END CERTIFICATE-----
diff --git a/examples/self-signed-key.pem b/examples/self-signed-key.pem
deleted file mode 100644
index 08139db..0000000
--- a/examples/self-signed-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGwNy7yGaURR08
-dWfoDmnJeyx10FVRmozoGCIb3Oj6c2t+84QUxqTdknE7Cdcz5Wi1o0x2CWPZG4z1
-vgTaCcJVhcMEhxn+7eK1NtDQEjs8Ojs7uaraVvooIe8R7jat0qs7Dmf8RO9P0I4M
-MZlvijhI7aLw0C6vNsr1ebeppIiwO5aUuCGuKqxJGghHeqZv18ZcPayunyNrxMC6
-uyX7y6nUVkfqx0m9gDsN112Iv9Dd/ZE5Gxivm8jZvVUGZgJD2szK7zbeCDeo5aU3
-cRWfYaoN0QDxAKmo4bjciJzfMDDgvcIBq9lGS3FxEv394Mc5YX/ZdP+KRTiHcYCX
-fBzr3B6HAgMBAAECggEAS5DGG6ssvRCt9e+ZatQYCl+HXt+voJAHJLMQPNG3zokV
-hLXnMNL5mbh0zoKGTJfbQLvudS5KxR/BbykoxRFSzptFszH+gztEp6tIpuNXnCVz
-odiMiejpwVptf763EU14hsKKbJJ0/j6H00EEWjEOB0Q6YB52sW0+qyf02U3SHlZN
-k2PZYkpHi3YCONtOGj7jOdW7M3RfvcBNg9EW7fZc1KkiRAlscUAYLMkKcOLevil0
-lUuF/JWj4iH22Oq6+JeSiecf6izF6lyIGvMXPry+woa8Iq0BBdmbZsK7r/Pa+wlz
-+E6xHGn2rcyrnYB2pPc+RfHhYlodaOo69DxAYlRYaQKBgQDxnKySmlcfHe8lMqR4
-2LvqMyGjNRo2+q9VZYej2mvr6+TGyd7Op/fRJ1t5f9DgtINomNQYSOtYAsPiEnl+
-43z2N/Rdh6XSmOj4gLkDeiYNSpy86L/F39uCWZpkkqiy2zxYLWOs15MA0GWOtQGh
-dz4cM0b/jyZOdHZR//L5WiMLawKBgQDSltEfQKqCEKJTqp4SU9BCHQmyheIjepY2
-eKakgcsjpFjRBK2VrUalDLOQV74rtd7wp8F8kqqPJpRshb+oVuDCg6JB17UxYd34
-iB+5cMdLRpg8f0HOqcYz4KOql2QhJQhFc3jzY7n1piPEhFO/MqFwmlUB4RdgJ3ix
-HqX+F/T8VQKBgGos76l9KcwC25T9LEnu9KV20tFmBJ8kiuh8NZ9L3SFQCLlS/RbT
-uZOwOAKsqJ4WtajBgHMrmECU9n/inoGkdsW80SZI9hYWHEsYRjXA9/ffUgGyRpQu
-S8h8l9yalogC0AHv8F2EXpV8/yQ3ZwAN5r19yzWDMtJHW7etQplRgxUBAoGAGeOy
-t+3iSHU1D6YlIsmtC8O4Int1LrluaCnzCrxuNeaJiMDTelhAHCBwnuk6lvMYAmwN
-THxXfZvXmXPj+RUdMqyuMPwM6ZJHkLtjcw/bYHTAWIeolnimxk/yrxFHnQ+Jcchd
-cUasYPfY49sE1Lerw0Ul+EIs9oRDwTqsW42kb7UCgYEA2y+oc7Fz2eq38hSbTfy7
-OcATtny+xQ1+4IELtQIP7VctkMInJs57J+vS//IT41P0L2K1YjvL8RacnvG7yMvP
-GnwHBcKgvL6zuoy11I3zPPYtbKGwcJoVGomPX7W0csfl4gdST3uugd9iCDEB8NsS
-QmOYM/dk8x8aWpndBjRF5ig=
------END PRIVATE KEY-----
diff --git a/examples/users.toml b/examples/users.toml
deleted file mode 100644
index 0a53d9e..0000000
--- a/examples/users.toml
+++ /dev/null
@@ -1,16 +0,0 @@
-[Testuser]
-# These roles have to be defined in 'bffh.dhall'.
-# Non-existant roles will not crash the server but print a `WARN` level message in the
-# server log in the form "Did not find role somerole/internal while trying to tally".
-roles = ["somerole", "testrole"]
-
-# The password will be hashed using argon2id on load time and is not available in plaintext afterwards.
-passwd = "secret"
-
-# You can add whatever random data you want.
-# It will get stored in the `kv` field in UserData.
-# This is not used for anything at the moment
-noot = "noot!"
-
-# Store the card specific AES key in kv userdata
-cardkey = "7ab8704a61b5317e1fe4cae9e3e1fd8d"
From 5e0d615adaed6ae930fec85e268b2444757db40f Mon Sep 17 00:00:00 2001
From: Mario Voigt <mario.voigt@stadtfabrikanten.org>
Date: Wed, 5 Mar 2025 23:09:37 +0100
Subject: [PATCH 2/2] make schema (API) submodule static to allow easy
project-forking
---
.gitmodules | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitmodules b/.gitmodules
index 69786d1..453aedb 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,4 +1,4 @@
[submodule "schema"]
path = api/schema
- url = ../fabaccess-api
+ url = https://gitlab.com/fabinfra/fabaccess/fabaccess-api
branch = main