Mainflux.mainflux/things
b1ackd0t 7cccba91c9
NOISSUE - Reformat Things and Users Policies Endpoint (#1831)
* Reformat Policies Enpoint to Take Sub Obj

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Add Redirect to `policies`

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Make Delete Endpoint not to Contain Body

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Remove gRPC unused functions

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Remove Redirect

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Update CLI

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Use Switch Statement

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Uncomment Commented Parts

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Add Empty Line

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Remove Unused gRPC Req and Resp

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Fix Listing of Policies

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Rename Authorize Functions For Users and Things Service

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

* Add Authorize To CLI

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>

---------

Signed-off-by: rodneyosodo <blackd0t@protonmail.com>
2023-07-28 14:39:13 +02:00
..
clients NOISSUE - Reformat Things and Users Policies Endpoint (#1831) 2023-07-28 14:39:13 +02:00
groups NOISSUE - Reformat Things and Users Policies Endpoint (#1831) 2023-07-28 14:39:13 +02:00
policies NOISSUE - Reformat Things and Users Policies Endpoint (#1831) 2023-07-28 14:39:13 +02:00
postgres MF-1506 - Group-based Access Control (#1716) 2023-06-14 12:40:37 +02:00
README.md MF-1506 - Group-based Access Control (#1716) 2023-06-14 12:40:37 +02:00
doc.go MF-1506 - Group-based Access Control (#1716) 2023-06-14 12:40:37 +02:00

README.md

Things

Things service provides an HTTP API for managing platform resources: things and channels. Through this API clients are able to do the following actions:

  • provision new things
  • create new channels
  • "connect" things into the channels

For an in-depth explanation of the aforementioned scenarios, as well as thorough understanding of Mainflux, please check out the official documentation.

Configuration

The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.

Variable Description Default
MF_THINGS_LOG_LEVEL Log level for Things (debug, info, warn, error) info
MF_THINGS_DB_HOST Database host address localhost
MF_THINGS_DB_PORT Database host port 5432
MF_THINGS_DB_USER Database user mainflux
MF_THINGS_DB_PASS Database password mainflux
MF_THINGS_DB Name of the database used by the service things
MF_THINGS_DB_SSL_MODE Database connection SSL mode (disable, require, verify-ca, verify-full) disable
MF_THINGS_DB_SSL_CERT Path to the PEM encoded certificate file
MF_THINGS_DB_SSL_KEY Path to the PEM encoded key file
MF_THINGS_DB_SSL_ROOT_CERT Path to the PEM encoded root certificate file
MF_THINGS_CLIENT_TLS Flag that indicates if TLS should be turned on false
MF_THINGS_CA_CERTS Path to trusted CAs in PEM format
MF_THINGS_CACHE_URL Cache database URL localhost:6379
MF_THINGS_CACHE_PASS Cache database password
MF_THINGS_CACHE_DB Cache instance name 0
MF_THINGS_CACHE_KEY_DURATION Cache key duration in seconds 3600
MF_THINGS_ES_URL Event store URL localhost:6379
MF_THINGS_ES_PASS Event store password
MF_THINGS_ES_DB Event store instance name 0
MF_THINGS_HTTP_PORT Things service HTTP port 9000
MF_THINGS_AUTH_HTTP_PORT Things service Auth HTTP port 9001
MF_THINGS_AUTH_GRPC_PORT Things service Auth gRPC port 7000
MF_THINGS_SERVER_CERT Path to server certificate in pem format
MF_THINGS_SERVER_KEY Path to server key in pem format
MF_THINGS_STANDALONE_ID User ID for standalone mode (no gRPC communication with users)
MF_THINGS_STANDALONE_TOKEN User token for standalone mode that should be passed in auth header
MF_JAEGER_URL Jaeger server URL localhost:6831
MF_AUTH_GRPC_URL Users service gRPC URL localhost:7001
MF_AUTH_GRPC_TIMEOUT Users service gRPC request timeout in seconds 1s
MF_SEND_TELEMETRY Send telemetry to mainflux call home server. true

Note that if you want things service to have only one user locally, you should use MF_THINGS_STANDALONE env vars. By specifying these, you don't need auth service in your deployment for users' authorization.

Deployment

The service itself is distributed as Docker container. Check the things service section in docker-compose to see how service is deployed.

To start the service outside of the container, execute the following shell script:

# download the latest version of the service
git clone https://github.com/mainflux/mainflux

cd mainflux

# compile the things
make things

# copy binary to bin
make install

# set the environment variables and run the service
MF_THINGS_LOG_LEVEL=[Things log level] \
MF_THINGS_DB_HOST=[Database host address] \
MF_THINGS_DB_PORT=[Database host port] \
MF_THINGS_DB_USER=[Database user] \
MF_THINGS_DB_PASS=[Database password] \
MF_THINGS_DB=[Name of the database used by the service] \
MF_THINGS_DB_SSL_MODE=[SSL mode to connect to the database with] \
MF_THINGS_DB_SSL_CERT=[Path to the PEM encoded certificate file] \
MF_THINGS_DB_SSL_KEY=[Path to the PEM encoded key file] \
MF_THINGS_DB_SSL_ROOT_CERT=[Path to the PEM encoded root certificate file] \
MF_HTTP_ADAPTER_CA_CERTS=[Path to trusted CAs in PEM format] \
MF_THINGS_CACHE_URL=[Cache database URL] \
MF_THINGS_CACHE_PASS=[Cache database password] \
MF_THINGS_CACHE_DB=[Cache instance name] \
MF_THINGS_ES_URL=[Event store URL] \
MF_THINGS_ES_PASS=[Event store password] \
MF_THINGS_ES_DB=[Event store instance name] \
MF_THINGS_HTTP_PORT=[Things service HTTP port] \
MF_THINGS_AUTH_HTTP_PORT=[Things service Auth HTTP port] \
MF_THINGS_AUTH_GRPC_PORT=[Things service Auth gRPC port] \
MF_THINGS_SERVER_CERT=[Path to server certificate] \
MF_THINGS_SERVER_KEY=[Path to server key] \
MF_THINGS_STANDALONE_EMAIL=[User email for standalone mode (no gRPC communication with auth)] \
MF_THINGS_STANDALONE_TOKEN=[User token for standalone mode that should be passed in auth header] \
MF_JAEGER_URL=[Jaeger server URL] \
MF_AUTH_GRPC_URL=[Users service gRPC URL] \
MF_AUTH_GRPC_TIMEOUT=[Users service gRPC request timeout in seconds] \
$GOBIN/mainflux-things

Setting MF_THINGS_CA_CERTS expects a file in PEM format of trusted CAs. This will enable TLS against the Users gRPC endpoint trusting only those CAs that are provided.

In constrained environments, sometimes it makes sense to run Things service as a standalone to reduce network traffic and simplify deployment. This means that Things service operates only using a single user and is able to authorize it without gRPC communication with Auth service. To run service in a standalone mode, set MF_THINGS_STANDALONE_EMAIL and MF_THINGS_STANDALONE_TOKEN.

Usage

For more information about service capabilities and its usage, please check out the API documentation.