OrgGo
/
Mainflux.mainflux
mirror of https://github.com/mainflux/mainflux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Mainflux.mainflux/certs
History
b1ackd0t 5c270abe29
NOISSUE - Uncomment Code (#1926) 
* Uncomment all code

Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>

* feat(linters): add godox and dupword linters

This commit adds two new linters, godox and dupword, to the linter configuration file (.golangci.yml). The godox linter checks for occurrences of TODO and FIXME comments in the codebase, helping to ensure that these comments are not forgotten or left unresolved. The dupword linter detects duplicate words in comments and strings, which can be a sign of typos or errors. These new linters will enhance the code quality and maintainability of the project.

Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>

* uncomment tests in /pkg/sdk/go/tokens_test.go

Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>

---------

Signed-off-by: Rodney Osodo <28790446+rodneyosodo@users.noreply.github.com>
 		2023-10-18 16:45:08 +02:00
..
api 1890 - Update error encoding (#1891) 2023-08-24 15:09:23 +02:00
mocks NOISSUE - Switch to Google Zanzibar Access control approach (#1919) 2023-10-15 22:02:13 +02:00
pki MF-1506 - Group-based Access Control (#1716) 2023-06-14 12:40:37 +02:00
postgres NOISSUE - Add More Linters (#1924) 2023-10-16 11:43:33 +02:00
tracing Initial Commit: Add Tracing To Certs Service (#1850) 2023-07-12 11:48:29 +02:00
README.md NOISSUE - Remove Development Mode on Certs Creation (#1908) 2023-10-18 11:48:47 +02:00
certs.go NOISSUE - Change Share Client To Be AddPolicy (#1825) 2023-06-20 15:48:25 +02:00
certs_test.go MF-1506 - Group-based Access Control (#1716) 2023-06-14 12:40:37 +02:00
doc.go MF-1179 - Add a certificate service and certs endpoint to SDK (#1188) 2020-07-21 12:53:21 +02:00
service.go NOISSUE - Switch to Google Zanzibar Access control approach (#1919) 2023-10-15 22:02:13 +02:00
service_test.go NOISSUE - Uncomment Code (#1926) 2023-10-18 16:45:08 +02:00

README.md

Certs Service

Issues certificates for things. Certs service can create certificates to be used when Mainflux is deployed to support mTLS. Certificate service can create certificates using PKI mode - where certificates issued by PKI, when you deploy Vault as PKI certificate management cert service will proxy requests to Vault previously checking access rights and saving info on successfully created certificate.

PKI mode

When MF_CERTS_VAULT_HOST is set it is presumed that Vault is installed and certs service will issue certificates using Vault API. First you'll need to set up Vault. To setup Vault follow steps in Build Your Own Certificate Authority (CA).

To setup certs service with Vault following environment variables must be set:

MF_CERTS_VAULT_HOST=vault-domain.com
MF_CERTS_VAULT_PKI_PATH=<vault_pki_path>
MF_CERTS_VAULT_ROLE=<vault_role>
MF_CERTS_VAULT_TOKEN=<vault_acces_token>

For lab purposes you can use docker-compose and script for setting up PKI in https://github.com/mteodor/vault

The certificates can also be revoked using certs service. To revoke a certificate you need to provide thing_id of the thing for which the certificate was issued.

curl -s -S -X DELETE http://localhost:9019/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json'   -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}'