From e84c76f9e91fe0143138def50206265ac568bce9 Mon Sep 17 00:00:00 2001 From: Mario Voigt Date: Tue, 4 Mar 2025 00:35:25 +0100 Subject: [PATCH] remove dirty examples/ dir. proper and up to date examples can be found at https://gitlab.com/fabinfra/fabaccess/demos-environments for instance --- examples/README.md | 11 - examples/actor.py | 196 -------------- examples/actor.sh | 4 - examples/bffh.dhall | 244 ------------------ examples/docker/basic/README.md | 5 - examples/docker/basic/config/bffh.dhall | 42 --- examples/docker/basic/config/pass.toml | 1 - examples/docker/basic/config/roles.toml | 19 -- examples/docker/basic/config/users.toml | 11 - examples/docker/basic/docker-compose.yaml | 13 - examples/docker/integration/README.md | 11 - .../docker/integration/config_a/bffh.dhall | 20 -- .../docker/integration/config_a/pass.toml | 1 - .../docker/integration/config_a/roles.toml | 20 -- .../docker/integration/config_a/users.toml | 11 - .../docker/integration/config_b/bffh.dhall | 20 -- .../docker/integration/config_b/pass.toml | 1 - .../docker/integration/config_b/roles.toml | 20 -- .../docker/integration/config_b/users.toml | 11 - .../docker/integration/docker-compose.yaml | 26 -- examples/fail-actor.sh | 4 - examples/init.py | 13 - examples/self-signed-cert.pem | 19 -- examples/self-signed-key.pem | 28 -- examples/users.toml | 16 -- 25 files changed, 767 deletions(-) delete mode 100644 examples/README.md delete mode 100755 examples/actor.py delete mode 100755 examples/actor.sh delete mode 100644 examples/bffh.dhall delete mode 100644 examples/docker/basic/README.md delete mode 100644 examples/docker/basic/config/bffh.dhall delete mode 100644 examples/docker/basic/config/pass.toml delete mode 100644 examples/docker/basic/config/roles.toml delete mode 100644 examples/docker/basic/config/users.toml delete mode 100644 examples/docker/basic/docker-compose.yaml delete mode 100644 examples/docker/integration/README.md delete mode 100644 examples/docker/integration/config_a/bffh.dhall delete mode 100644 examples/docker/integration/config_a/pass.toml delete mode 100644 examples/docker/integration/config_a/roles.toml delete mode 100644 examples/docker/integration/config_a/users.toml delete mode 100644 examples/docker/integration/config_b/bffh.dhall delete mode 100644 examples/docker/integration/config_b/pass.toml delete mode 100644 examples/docker/integration/config_b/roles.toml delete mode 100644 examples/docker/integration/config_b/users.toml delete mode 100644 examples/docker/integration/docker-compose.yaml delete mode 100755 examples/fail-actor.sh delete mode 100755 examples/init.py delete mode 100644 examples/self-signed-cert.pem delete mode 100644 examples/self-signed-key.pem delete mode 100644 examples/users.toml diff --git a/examples/README.md b/examples/README.md deleted file mode 100644 index f0ba1e9..0000000 --- a/examples/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# API-Testsetup - -wirklich nur um das API zu testen. ATM implementiert: machines::* & machine::read, authenticate - -1. Ein mosquitto o.ä MQTT Server starten -1. Datenbanken füllen: `cargo run -- -c examples/bffh.dhall --load=examples` -1. Daemon starten: `cargo run -- -c examples/bffh.dhall` -1. ??? -1. PROFIT! - -A dockerized version of this example can be found in the docker subdirectory \ No newline at end of file diff --git a/examples/actor.py b/examples/actor.py deleted file mode 100755 index 5f03ae9..0000000 --- a/examples/actor.py +++ /dev/null @@ -1,196 +0,0 @@ -#!/usr/bin/env python3 - -import sys -import argparse - -def on_free(args, actor_name): - """ - Function called when the state of the connected machine changes to Free - again - """ - if args.verbose > 2: - print("on_free called!") - - if actor_name == "DoorControl1": - # Do whatever you want to do in case `DoorControl1` is returned back to free. - # Keep in mind that process actors should return quickly to not miss - # updates, so if you need to do things that take a while fork a new - # process e.g. with the `subprocess` Module - print("I'm locking door 1!") - pass - elif actor_name == "DoorControl2": - print("I'm locking door 2!") - pass # Close a different door - else: - if not args.quiet: - print("process called with unknown id %s for state `Free`" % actor_name) - # It's a good idea to exit with an error code in case something - # unexpected happens. - # The process module logs everything printed to stdout by actors into - # the server log, but marks them as `Error` in case the actor process - # exits with a code != 0, making debugging somewhat easier. - exit(-1) - -def on_use(args, actor_name, user_id): - """ - Function called when an user takes control of the connected machine - - user_id contains the UID of the user now using the machine - """ - if args.verbose > 2: - print("on_use called!") - if actor_name == "DoorControl1": - print("I'm opening door 1 for 10 seconds!") - pass # Open door one - elif actor_name == "DoorControl2": - print("I'm opening door 2 for 10 seconds!") - pass # Open a different door - else: - if not args.quiet: - print("process called with unknown id %s for state `InUse`" % actor_name) - # It's a good idea to exit with an error code in case something - # unexpected happens. - # The process module logs everything printed to stdout by actors into - # the server log, but marks them as `Error` in case the actor process - # exits with a code != 0, making debugging somewhat easier. - exit(-1) - -def on_tocheck(args, actor_name, user_id): - """ - Function called when an user returns control and the connected machine is - configured to go to state `ToCheck` instead of `Free` in that case. - - user_id contains the UID of the manager expected to check the machine. - The user that used the machine beforehand has to be taken from the last - user field using the API (via e.g. the mobile app) - """ - if args.verbose > 2: - print("on_tocheck called!") - if not args.quiet: - print("process called with unexpected combo id %s and state 'ToCheck'" % actor_name) - exit(-1) - -def on_blocked(args, actor_name, user_id): - """ - Function called when an manager marks the connected machine as `Blocked` - - user_id contains the UID of the manager that blocked the machine - """ - if args.verbose > 2: - print("on_blocked called!") - if not args.quiet: - print("process called with unexpected combo id %s and state 'Blocked'" % actor_name) - exit(-1) - -def on_disabled(args, actor_name): - """ - Function called when the connected machine is marked `Disabled` - """ - if not args.quiet: - print("process called with unexpected combo id %s and state 'Disabled'" % actor_name) - exit(-1) - -def on_reserve(args, actor_name, user_id): - """ - Function called when the connected machine has been reserved by somebody. - - user_id contains the UID of the reserving user. - """ - if not args.quiet: - print("process called with unexpected combo id %s and state 'Reserved'" % actor_name) - exit(-1) - -def on_raw(args, actor_name, data): - """ - Function called when a raw_write call was issued for the connected machine - - data is the data passed with that call, base64-encoded - """ - if args.verbose > 2: - print("on_raw called! data=" + data) - -def main(args): - """ - Python example actor - - This is an example how to use the `process` actor type to run a Python script. - """ - - if args.verbose is not None: - if args.verbose == 1: - print("verbose output enabled") - elif args.verbose == 2: - print("loud output enabled!") - elif args.verbose == 3: - print("LOUD output enabled!!!") - elif args.verbose > 4: - print("Okay stop you're being ridiculous.") - sys.exit(-2) - else: - args.verbose = 0 - - if args.restore and args.verbose > 0: - print("running in restore mode") - - # You could also check the actor name here and call different functions - # depending on that variable instead of passing it to the state change - # methods. - - new_state = args.state - if new_state == "free": - on_free(args, args.name) - elif new_state == "inuse": - on_use(args, args.name, args.userid) - elif new_state == "tocheck": - on_tocheck(args, args.name, args.userid) - elif new_state == "blocked": - on_blocked(args, args.name, args.userid) - elif new_state == "disabled": - on_disabled(args, args.name) - elif new_state == "reserved": - on_reserve(args, args.name, args.userid) - elif new_state == "raw": - on_raw(args, args.name, args.data) - else: - print("Process actor called with unknown state %s" % new_state) - -if __name__ == "__main__": - parser = argparse.ArgumentParser() - # Parameters are passed to the Process actor as follows: - # 1. the contents of params.args, split by whitespace as separate args - # 2. the configured id of the actor (e.g. "DoorControl1") - # 3. the new state as one of [free|inuse|tocheck|blocked|disabled|reserved] - - parser.add_argument("-q", "--quiet", help="be less verbose", action="store_true") - parser.add_argument("-v", "--verbose", help="be more verbose", action="count") - parser.add_argument("-r", "--restore", help="run in restore mode", action="store_true") - - parser.add_argument("name", - help="name of this actor as configured in bffh.dhall" - ) - - # We parse the new state using subparsers so that we only require a userid - # in case it's a state that sets one. - subparsers = parser.add_subparsers(required=True, dest="state") - - parser_free = subparsers.add_parser("free") - - parser_inuse = subparsers.add_parser("inuse") - parser_inuse.add_argument("userid", help="The user that is now using the machine") - - parser_tocheck = subparsers.add_parser("tocheck") - parser_tocheck.add_argument("userid", help="The user that should go check the machine") - - parser_blocked = subparsers.add_parser("blocked") - parser_blocked.add_argument("userid", help="The user that marked the machine as blocked") - - parser_disabled = subparsers.add_parser("disabled") - - parser_reserved = subparsers.add_parser("reserved") - parser_reserved.add_argument("userid", help="The user that reserved the machine") - - parser_raw = subparsers.add_parser("raw") - parser_raw.add_argument("data", help="Raw data set for this actor") - - args = parser.parse_args() - main(args) diff --git a/examples/actor.sh b/examples/actor.sh deleted file mode 100755 index 704c66f..0000000 --- a/examples/actor.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash - -echo "Bash actor called with $@" > /tmp/act -echo "Bash actor called with: $@" diff --git a/examples/bffh.dhall b/examples/bffh.dhall deleted file mode 100644 index 46e1009..0000000 --- a/examples/bffh.dhall +++ /dev/null @@ -1,244 +0,0 @@ -{- Main configuration file for bffh - - ================================ - - - - In this configuration file you configure almost all parts of how bffh operates, but most importantly: - - * Machines - - * Initiators and Actors - - * Which Initiators and Actors relate to which machine(s) - - * Roles and the permissions granted by them - -} - --- The config is in the configuration format/language dhall. You can find more information about dhall over at --- https://dhall-lang.org - --- (Our) Dhall is somewhat similar to JSON and YAML in that it expects a top-level object containing the --- configuration values -{ - -- Configure the addresses and ports bffh listens on - listens = [ - -- BFFH binds a port for every listen object in this array. - -- Each listen object is of the format { address = , port = } - -- If you don't specify a port bffh will use the default of `59661` - -- 'address' can be a IP address or a hostname - -- If bffh can not bind a port for the specified combination if will log an error but *continue with the remaining ports* - { address = "127.0.0.1", port = 59661 }, - { address = "::1", port = 59661 }, - { address = "steak.fritz.box", port = 59661 } - ], - - -- Configure TLS. BFFH requires a PEM-encoded certificate and the associated key as two separate files - certfile = "examples/self-signed-cert.pem", - keyfile = "examples/self-signed-key.pem", - - -- Set Spacename. This is used by FabFire to identify the space. - spacename = "Testspace", - - -- Set the instance Url. This is used by FabFire to locate a remote space for federation. - instanceurl = "localhost", - - -- BFFH right now requires a running MQTT broker. - mqtt_url = "tcp://localhost:1883", - - -- Path to the database file for bffh. bffh will in fact create two files; ${db_path} and ${db_path}.lock. - -- BFFH will *not* create any directories so ensure that the directory exists and the user running bffh has write - -- access into them. - db_path = "/tmp/bffh", - - -- Audit log path. Bffh will log state changes into this file, one per line. - -- Audit log entries are for now JSON: - -- {"timestamp":1641497361,"machine":"Testmachine","state":{"state":{"InUse":{"uid":"Testuser","subuid":null,"realm":null}}}} - auditlog_path = "/tmp/bffh.audit", - - -- In dhall you can also easily import definitions from other files, e.g. you could write - -- roles = ./roles.dhall - roles = { - -- Role definitions - -- A role definition is of the form - -- rolename = { - -- parents = [], - -- permissions = [], - -- } - -- - -- Role names are case sensitive, so RoleName != rolename. - -- - -- If you want either parents or permissions to be empty its best to completely skip it: - testrole = { - permissions = [ "lab.some.admin", "bffh.users.admin", "bffh.users.manage" ] - }, - somerole = { - parents = ["testparent"], - -- "Permissions" are formatted as Perm Rules, so you can use the wildcards '*' and '+' - permissions = [ "lab.test.*" ] - }, - -- Roles can inherit from each other. In that case a member of e.g. 'somerole' that inherits from - -- 'testparent' will have all the permissions of 'somerole' AND 'testparent' assigned to them. - -- Right now permissions are stricly additive so you can't take a permission away in a child role that a parent - -- role grants. - testparent = { - permissions = [ - "lab.some.write", - "lab.some.read", - "lab.some.disclose" - ] - } - }, - - -- Configure machines - -- "Machines" (which in future will be more appropiately named "resources") are the main thing bffh is concerned - -- with. - -- You can define an almost limitless amount of machines (well 2^64 - 1, so 18_446_744_073_709_551_615 to be precise) - -- Each of these machines can then have several "actors" and "initiators" assigned - machines = { - Testmachine = { - -- A machine comes with two "names". The id above ("Testmachine") and the "name" ("MachineA"). - -- The id is what you'll use in the config format and is strictly limited to alphanumeric characters and '_' - -- and must begin with a letter. Most importantly you CAN NOT use '-' or spaces in an identifier - -- (dhall makes this technically possible but you can break things in subtle ways) - - -- REQUIRED. The "name" of a machine is what will be presented to humans. It can contain all unicode - -- including spaces and nonprintable characters. - -- A name SHOULD be short but unique. - name = "MachineA", - - -- OPTIONAL. A description can be assigned to machines. It will also only be shown to humans. Thus it is - -- once again limited only to unicode. If you want to provide your users with important additional - -- information other than the name this is the place to do it. - description = "A test machine", - - -- OPTIONAL. If you have a wiki going into more detail how to use a certain machine or what to keep in - -- mind when using it you can provide a URL here that will be presented to users. - wiki = "https://wiki.example.org/machineA", - - -- OPTIONAL. You can assign categories to machines to allow clients to group/filter machines by them. - category = "Testcategory", - - -- REQUIRED. - -- Each machine MUST have *all* Permission levels assigned to it. - -- Permissions aren't PermRules as used in the 'roles' definitions but must be precise without wildcards. - -- Permission levels aren't additive, so a user having 'manage' permission does not automatically get - -- 'read' or 'write' permission. - - -- (Note, disclose is not fully implemented at the moment) - -- Users lacking 'disclose' will not be informed about this machine in any way and it will be hidden from - -- them in the client. Usually the best idea is to assign 'read' and 'disclose' to the same permission. - disclose = "lab.test.read", - - -- Users lacking 'read' will be shown a machine including name, description, category and wiki but not - -- it's current state. The current user is not disclosed. - read = "lab.test.read", - - -- The 'write' permission allows to 'use' the machine. - write = "lab.test.write", - - -- Manage represents the 'superuser' permission. Users with this permission can force set any state and - -- read out the current user - manage = "lab.test.admin" - }, - Another = { - wiki = "test_another", - category = "test", - disclose = "lab.test.read", - manage = "lab.test.admin", - name = "Another", - read = "lab.test.read", - write = "lab.test.write", - prodable = True - }, - Yetmore = { - description = "Yet more test machines", - disclose = "lab.test.read", - manage = "lab.test.admin", - name = "Yetmore", - read = "lab.test.read", - write = "lab.test.write" - } - }, - - -- Actor configuration. Actors are how bffh affects change in the real world by e.g. switching a power socket - -- using a shelly - actors = { - -- Actors similarly to machines have an 'id'. This id (here "Shelly1234") is limited to Alphanumeric ASCII - -- and must begin with a letter. - Shelly1234 = { - -- Actors are modular pieces of code that are loaded as required. The "Shelly" module will send - -- activation signals to a shelly switched power socket over MQTT - module = "Shelly", - -- Actors can have arbitrary parameters passed to them, varying by actor module. - params = { - -- For Shelly you can configure the MQTT topic segment it uses. Shellies listen to a specific topic - -- containing their name (which is usually of the form "shelly_" but can be changed). - -- If you do not configure a topic here the actor will use it's 'id' (in this case "Shelly1234"). - topic = "Topic1234" - } - }, - - Bash = { - -- The "Process" module runs a given script or command on state change. - -- bffh invoces the given cmd as `$ ${cmd} ${args} ${id} ${state}` so e.g. as - -- `$ ./examples/actor.sh your ad could be here Bash inuse` - module = "Process", - params = { - -- which is configured by the (required) 'cmd' parameter. Paths are relative to PWD of bffh. Systemd - -- and similar process managers may change this PWD so it's usually the most future-proof to use - -- absolute paths. - cmd = "./examples/actor.sh", - -- You can pass static args in here, these will be passed to every invocation of the command by this actor. - -- args passed here are split by whitespace, so these here will be passed as 5 separate arguments - args = "your ad could be here" - } - }, - - DoorControl1 = { - -- This actor calls the actor.py script in examples/ - -- It gets passed it's own name, so you can have several actors - -- from the same script. - -- If you need to pass more arguments to the command you can use the `args` key in - -- `params` as is done with the actor `Bash` - module = "Process", - -- the `args` are passed in front of all other parameters so they are best suited to - -- optional parameters like e.g. the verboseness - params = { cmd = "./examples/actor.py", args = "-vvv" } - }, - DoorControl2 = { - module = "Process", - params = { cmd = "./examples/actor.py" } - }, - DoorControl3 = { - -- This is an example for how it looks like if an actor is misconfigured. - -- the actor.py doesn't know anything about DoorControl3 and, if this actor is enabled, - -- will return with an error showing up in the server logs. - module = "Process", - params = { cmd = "./examples/actor.py" } - }, - - Bash2 = { module = "Process", params = { cmd = "./examples/actor.sh" , args = "this is a different one" }}, - FailBash = { module = "Process", params = { cmd = "./examples/fail-actor.sh" }} - }, - - -- Linkng up machines to actors - -- Actors need to be connected to machines to be useful. A machine can be connected to multiple actors, but one - -- actor can only be connected to one machine. - actor_connections = [ - { machine = "Testmachine", actor = "Shelly1234" }, - { machine = "Another", actor = "DoorControl1" }, - { machine = "Yetmore", actor = "Bash2" }, - { machine = "Yetmore", actor = "FailBash"} - ], - - -- Initiators are configured almost the same way as Actors, refer to actor documentation for more details - -- The below '{=}' is what you need if you want to define *no* initiators at all and only use the API with apps - -- to let people use machines. - initiators = {=}, - -- The "Dummy" initiator will try to use and return a machine as the given user every few seconds. It's good to - -- test your system but will spam your log so is disabled by default. - --initiators = { Initiator = { module = "Dummy", params = { uid = "Testuser" } } }, - - -- Linking up machines to initiators. Similar to actors a machine can have several initiators assigned but an - -- initiator can only be assigned to one machine. - -- The below is once again how you have to define *no* initiators. - init_connections = [] : List { machine : Text, initiator : Text }, - --init_connections = [{ machine = "Testmachine", initiator = "Initiator" }] - - spacename = Some "foospace", - instanceurl = Some "https://example.com" -} diff --git a/examples/docker/basic/README.md b/examples/docker/basic/README.md deleted file mode 100644 index 2345940..0000000 --- a/examples/docker/basic/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# API-Testsetup, aber mit Docker - -wirklich nur um das API zu testen. ATM implementiert: machines::* & machine::read, authenticate - -* run `docker-compose up` in this directory \ No newline at end of file diff --git a/examples/docker/basic/config/bffh.dhall b/examples/docker/basic/config/bffh.dhall deleted file mode 100644 index 42206e5..0000000 --- a/examples/docker/basic/config/bffh.dhall +++ /dev/null @@ -1,42 +0,0 @@ --- { actor_connections = [] : List { _1 : Text, _2 : Text } -{ actor_connections = [{ _1 = "Testmachine", _2 = "Actor" }] -, actors = - { Actor = { module = "Shelly", params = {=} } - } - , init_connections = [] : List { _1 : Text, _2 : Text } ---, init_connections = [{ _1 = "Initiator", _2 = "Testmachine" }] -, initiators = - { Initiator = { module = "Dummy", params = {=} } - } -, listens = - [ { address = "::", port = Some 59661 } - ] -, machines = - { Testmachine = - { description = Some "A test machine" - , disclose = "lab.test.read" - , manage = "lab.test.admin" - , name = "Testmachine" - , read = "lab.test.read" - , write = "lab.test.write" - }, - Another = - { description = Some "Another test machine" - , disclose = "lab.test.read" - , manage = "lab.test.admin" - , name = "Another" - , read = "lab.test.read" - , write = "lab.test.write" - }, - Yetmore = - { description = Some "Yet more test machines" - , disclose = "lab.test.read" - , manage = "lab.test.admin" - , name = "Yetmore" - , read = "lab.test.read" - , write = "lab.test.write" - } - } -, mqtt_url = "tcp://mqtt:1883" -, db_path = "/tmp/bffh" -} diff --git a/examples/docker/basic/config/pass.toml b/examples/docker/basic/config/pass.toml deleted file mode 100644 index 6d4855d..0000000 --- a/examples/docker/basic/config/pass.toml +++ /dev/null @@ -1 +0,0 @@ -Testuser = "secret" diff --git a/examples/docker/basic/config/roles.toml b/examples/docker/basic/config/roles.toml deleted file mode 100644 index 2c91a30..0000000 --- a/examples/docker/basic/config/roles.toml +++ /dev/null @@ -1,19 +0,0 @@ -[anotherrole] - -[testrole] -permissions = [ - "lab.test.*" -] - -[somerole] -parents = ["testparent/lmdb"] -permissions = [ - "lab.some.admin" -] - -[testparent] -permissions = [ - "lab.some.write", - "lab.some.read", - "lab.some.disclose", -] diff --git a/examples/docker/basic/config/users.toml b/examples/docker/basic/config/users.toml deleted file mode 100644 index 2d5ef75..0000000 --- a/examples/docker/basic/config/users.toml +++ /dev/null @@ -1,11 +0,0 @@ -[Testuser] -# Define them in roles.toml as well -roles = ["somerole/lmdb", "testrole/lmdb"] - -# If two or more users want to use the same machine at once the higher prio -# wins -priority = 0 - -# You can add whatever random data you want. -# It will get stored in the `kv` field in UserData. -noot = "noot!" diff --git a/examples/docker/basic/docker-compose.yaml b/examples/docker/basic/docker-compose.yaml deleted file mode 100644 index bb43e67..0000000 --- a/examples/docker/basic/docker-compose.yaml +++ /dev/null @@ -1,13 +0,0 @@ -version: "3.8" -services: - bffh: - image: registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest - ports: - - "59661:59661" - volumes: - # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section. - - "./config:/etc/bffh" - links: - - mqtt - mqtt: - image: eclipse-mosquitto:1.6.13 diff --git a/examples/docker/integration/README.md b/examples/docker/integration/README.md deleted file mode 100644 index 2588e6e..0000000 --- a/examples/docker/integration/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Integration tests with Docker - -## How it works -* spawns 2 instances of our bffh container and required mqqt broker -* spawns an additional debian to run a shell -* the containers can reach each other by their hostname - -## How to start - -* run `docker-compose up --exit-code-from test-manager` in this directory -* this will kill all containers when \ No newline at end of file diff --git a/examples/docker/integration/config_a/bffh.dhall b/examples/docker/integration/config_a/bffh.dhall deleted file mode 100644 index cb5cf78..0000000 --- a/examples/docker/integration/config_a/bffh.dhall +++ /dev/null @@ -1,20 +0,0 @@ -{ actor_connections = [{ _1 = "Testmachine", _2 = "Actor" }] -, actors = - { Actor = { module = "Shelly", params = {=} } - } -, init_connections = [{ _1 = "Initiator", _2 = "Testmachine" }] -, initiators = - { Initiator = { module = "Dummy", params = {=} } - } -, listens = [{ address = "::", port = Some 59661 }] -, machines = - { Testmachine = - { description = Some "A test machine" - , disclose = "lab.test.read" - , manage = "lab.test.admin" - , name = "Testmachine" - , read = "lab.test.read" - , write = "lab.test.write" - } } -, mqtt_url = "tcp://mqtt-a:1883" -} diff --git a/examples/docker/integration/config_a/pass.toml b/examples/docker/integration/config_a/pass.toml deleted file mode 100644 index 6d4855d..0000000 --- a/examples/docker/integration/config_a/pass.toml +++ /dev/null @@ -1 +0,0 @@ -Testuser = "secret" diff --git a/examples/docker/integration/config_a/roles.toml b/examples/docker/integration/config_a/roles.toml deleted file mode 100644 index cc61b71..0000000 --- a/examples/docker/integration/config_a/roles.toml +++ /dev/null @@ -1,20 +0,0 @@ -[testrole] -name = "Testrole" -permissions = [ - "lab.test.*" -] - -[somerole] -name = "Somerole" -parents = ["testparent%lmdb"] -permissions = [ - "lab.some.admin" -] - -[testparent] -name = "Testparent" -permissions = [ - "lab.some.write", - "lab.some.read", - "lab.some.disclose", -] diff --git a/examples/docker/integration/config_a/users.toml b/examples/docker/integration/config_a/users.toml deleted file mode 100644 index 46c4a67..0000000 --- a/examples/docker/integration/config_a/users.toml +++ /dev/null @@ -1,11 +0,0 @@ -[Testuser] -# Define them in roles.toml as well -roles = [] - -# If two or more users want to use the same machine at once the higher prio -# wins -priority = 0 - -# You can add whatever random data you want. -# It will get stored in the `kv` field in UserData. -noot = "noot!" diff --git a/examples/docker/integration/config_b/bffh.dhall b/examples/docker/integration/config_b/bffh.dhall deleted file mode 100644 index 5a70bd0..0000000 --- a/examples/docker/integration/config_b/bffh.dhall +++ /dev/null @@ -1,20 +0,0 @@ -{ actor_connections = [{ _1 = "Testmachine", _2 = "Actor" }] -, actors = - { Actor = { module = "Shelly", params = {=} } - } -, init_connections = [{ _1 = "Initiator", _2 = "Testmachine" }] -, initiators = - { Initiator = { module = "Dummy", params = {=} } - } -, listens = [{ address = "::", port = Some 59661 }] -, machines = - { Testmachine = - { description = Some "A test machine" - , disclose = "lab.test.read" - , manage = "lab.test.admin" - , name = "Testmachine" - , read = "lab.test.read" - , write = "lab.test.write" - } } -, mqtt_url = "tcp://mqtt-b:1883" -} diff --git a/examples/docker/integration/config_b/pass.toml b/examples/docker/integration/config_b/pass.toml deleted file mode 100644 index 6d4855d..0000000 --- a/examples/docker/integration/config_b/pass.toml +++ /dev/null @@ -1 +0,0 @@ -Testuser = "secret" diff --git a/examples/docker/integration/config_b/roles.toml b/examples/docker/integration/config_b/roles.toml deleted file mode 100644 index cc61b71..0000000 --- a/examples/docker/integration/config_b/roles.toml +++ /dev/null @@ -1,20 +0,0 @@ -[testrole] -name = "Testrole" -permissions = [ - "lab.test.*" -] - -[somerole] -name = "Somerole" -parents = ["testparent%lmdb"] -permissions = [ - "lab.some.admin" -] - -[testparent] -name = "Testparent" -permissions = [ - "lab.some.write", - "lab.some.read", - "lab.some.disclose", -] diff --git a/examples/docker/integration/config_b/users.toml b/examples/docker/integration/config_b/users.toml deleted file mode 100644 index 46c4a67..0000000 --- a/examples/docker/integration/config_b/users.toml +++ /dev/null @@ -1,11 +0,0 @@ -[Testuser] -# Define them in roles.toml as well -roles = [] - -# If two or more users want to use the same machine at once the higher prio -# wins -priority = 0 - -# You can add whatever random data you want. -# It will get stored in the `kv` field in UserData. -noot = "noot!" diff --git a/examples/docker/integration/docker-compose.yaml b/examples/docker/integration/docker-compose.yaml deleted file mode 100644 index 38b54f7..0000000 --- a/examples/docker/integration/docker-compose.yaml +++ /dev/null @@ -1,26 +0,0 @@ -version: "3.8" -services: - bffh-a: - image: registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest - command: ["sh", "-c", "difluoroborane -c /etc/bffh/bffh.dhall --load=/etc/bffh; difluoroborane -c /etc/bffh/bffh.dhall"] - volumes: - # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section. - - "./config_a:/etc/bffh" - links: - - mqtt-a - mqtt-a: - image: eclipse-mosquitto - bffh-b: - image: registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest - command: ["sh", "-c", "difluoroborane -c /etc/bffh/bffh.dhall --load=/etc/bffh; difluoroborane -c /etc/bffh/bffh.dhall"] - volumes: - # generate a sample config.toml by running "docker run registry.gitlab.com/fabinfra/fabaccess/bffh:dev-latest --print-default > examples/config.toml" from the project root. You may have to delete the ipv6 listen section. - - "./config_b:/etc/bffh" - links: - - mqtt-b - mqtt-b: - image: eclipse-mosquitto - - test-manager: - image: debian - tty: true diff --git a/examples/fail-actor.sh b/examples/fail-actor.sh deleted file mode 100755 index 5630f1c..0000000 --- a/examples/fail-actor.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash - -echo "This is some error output" > /dev/stderr -exit 115 diff --git a/examples/init.py b/examples/init.py deleted file mode 100755 index 73ed4e2..0000000 --- a/examples/init.py +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env python - -import sys -import time - -while True: - print('{ "state": { "1.3.6.1.4.1.48398.612.2.4": { "state": "Free" } } }') - sys.stdout.flush() - time.sleep(2) - - print('{ "state": { "1.3.6.1.4.1.48398.612.2.4": { "state": { "InUse": { "id": "Testuser" } } } } }') - sys.stdout.flush() - time.sleep(2) diff --git a/examples/self-signed-cert.pem b/examples/self-signed-cert.pem deleted file mode 100644 index 89f056d..0000000 --- a/examples/self-signed-cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDFzCCAf+gAwIBAgIUDr+1F3zzyza+soLtiurKEXW9pGIwDQYJKoZIhvcNAQEL -BQAwGzEZMBcGA1UEAwwQYmZmaC1kZXZlbG9wbWVudDAeFw0yMTEyMDkxODQ2Mjla -Fw0zMTEyMDkxODQ2MjlaMBsxGTAXBgNVBAMMEGJmZmgtZGV2ZWxvcG1lbnQwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGwNy7yGaURR08dWfoDmnJeyx1 -0FVRmozoGCIb3Oj6c2t+84QUxqTdknE7Cdcz5Wi1o0x2CWPZG4z1vgTaCcJVhcME -hxn+7eK1NtDQEjs8Ojs7uaraVvooIe8R7jat0qs7Dmf8RO9P0I4MMZlvijhI7aLw -0C6vNsr1ebeppIiwO5aUuCGuKqxJGghHeqZv18ZcPayunyNrxMC6uyX7y6nUVkfq -x0m9gDsN112Iv9Dd/ZE5Gxivm8jZvVUGZgJD2szK7zbeCDeo5aU3cRWfYaoN0QDx -AKmo4bjciJzfMDDgvcIBq9lGS3FxEv394Mc5YX/ZdP+KRTiHcYCXfBzr3B6HAgMB -AAGjUzBRMB0GA1UdDgQWBBTtUvvWXlo5tU8cEoxbs5UJdodOVDAfBgNVHSMEGDAW -gBTtUvvWXlo5tU8cEoxbs5UJdodOVDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 -DQEBCwUAA4IBAQAB3IxRnWi/LrxCvlHNaWEi3ZvlbN+KpegWZeKtjHwQoizhR/Fi -SMC7z4y6trJE7LXUOSb9Pu8QQSvpVQZd3W4XCPZMl10Lt7iV8vc3pVviCseDnT9r -X1gXdbeuyYm9lE8KtlhX03jD/CiEx7Qe/q8Rc20AQIKAAJzvl7sXU2tmJ5kpzMEO -v5czlLaX2ajlD/QMgNBUuDyw6wPo3wx9Khph484RygN2LHeT6kfu/PBiF0dGDTUu -mgxg4K0GfwTcHgtz5Bag/HyuuJEKx8Wv7jth59PyKPT+lMVBznxIm3gLS5U+Nnr1 -uAws8dgLXRlPo5HJORuJCcZWVBClruZUpyDT ------END CERTIFICATE----- diff --git a/examples/self-signed-key.pem b/examples/self-signed-key.pem deleted file mode 100644 index 08139db..0000000 --- a/examples/self-signed-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGwNy7yGaURR08 -dWfoDmnJeyx10FVRmozoGCIb3Oj6c2t+84QUxqTdknE7Cdcz5Wi1o0x2CWPZG4z1 -vgTaCcJVhcMEhxn+7eK1NtDQEjs8Ojs7uaraVvooIe8R7jat0qs7Dmf8RO9P0I4M -MZlvijhI7aLw0C6vNsr1ebeppIiwO5aUuCGuKqxJGghHeqZv18ZcPayunyNrxMC6 -uyX7y6nUVkfqx0m9gDsN112Iv9Dd/ZE5Gxivm8jZvVUGZgJD2szK7zbeCDeo5aU3 -cRWfYaoN0QDxAKmo4bjciJzfMDDgvcIBq9lGS3FxEv394Mc5YX/ZdP+KRTiHcYCX -fBzr3B6HAgMBAAECggEAS5DGG6ssvRCt9e+ZatQYCl+HXt+voJAHJLMQPNG3zokV -hLXnMNL5mbh0zoKGTJfbQLvudS5KxR/BbykoxRFSzptFszH+gztEp6tIpuNXnCVz -odiMiejpwVptf763EU14hsKKbJJ0/j6H00EEWjEOB0Q6YB52sW0+qyf02U3SHlZN -k2PZYkpHi3YCONtOGj7jOdW7M3RfvcBNg9EW7fZc1KkiRAlscUAYLMkKcOLevil0 -lUuF/JWj4iH22Oq6+JeSiecf6izF6lyIGvMXPry+woa8Iq0BBdmbZsK7r/Pa+wlz -+E6xHGn2rcyrnYB2pPc+RfHhYlodaOo69DxAYlRYaQKBgQDxnKySmlcfHe8lMqR4 -2LvqMyGjNRo2+q9VZYej2mvr6+TGyd7Op/fRJ1t5f9DgtINomNQYSOtYAsPiEnl+ -43z2N/Rdh6XSmOj4gLkDeiYNSpy86L/F39uCWZpkkqiy2zxYLWOs15MA0GWOtQGh -dz4cM0b/jyZOdHZR//L5WiMLawKBgQDSltEfQKqCEKJTqp4SU9BCHQmyheIjepY2 -eKakgcsjpFjRBK2VrUalDLOQV74rtd7wp8F8kqqPJpRshb+oVuDCg6JB17UxYd34 -iB+5cMdLRpg8f0HOqcYz4KOql2QhJQhFc3jzY7n1piPEhFO/MqFwmlUB4RdgJ3ix -HqX+F/T8VQKBgGos76l9KcwC25T9LEnu9KV20tFmBJ8kiuh8NZ9L3SFQCLlS/RbT -uZOwOAKsqJ4WtajBgHMrmECU9n/inoGkdsW80SZI9hYWHEsYRjXA9/ffUgGyRpQu -S8h8l9yalogC0AHv8F2EXpV8/yQ3ZwAN5r19yzWDMtJHW7etQplRgxUBAoGAGeOy -t+3iSHU1D6YlIsmtC8O4Int1LrluaCnzCrxuNeaJiMDTelhAHCBwnuk6lvMYAmwN -THxXfZvXmXPj+RUdMqyuMPwM6ZJHkLtjcw/bYHTAWIeolnimxk/yrxFHnQ+Jcchd -cUasYPfY49sE1Lerw0Ul+EIs9oRDwTqsW42kb7UCgYEA2y+oc7Fz2eq38hSbTfy7 -OcATtny+xQ1+4IELtQIP7VctkMInJs57J+vS//IT41P0L2K1YjvL8RacnvG7yMvP -GnwHBcKgvL6zuoy11I3zPPYtbKGwcJoVGomPX7W0csfl4gdST3uugd9iCDEB8NsS -QmOYM/dk8x8aWpndBjRF5ig= ------END PRIVATE KEY----- diff --git a/examples/users.toml b/examples/users.toml deleted file mode 100644 index 0a53d9e..0000000 --- a/examples/users.toml +++ /dev/null @@ -1,16 +0,0 @@ -[Testuser] -# These roles have to be defined in 'bffh.dhall'. -# Non-existant roles will not crash the server but print a `WARN` level message in the -# server log in the form "Did not find role somerole/internal while trying to tally". -roles = ["somerole", "testrole"] - -# The password will be hashed using argon2id on load time and is not available in plaintext afterwards. -passwd = "secret" - -# You can add whatever random data you want. -# It will get stored in the `kv` field in UserData. -# This is not used for anything at the moment -noot = "noot!" - -# Store the card specific AES key in kv userdata -cardkey = "7ab8704a61b5317e1fe4cae9e3e1fd8d"