lets-fiware / ngsi-go Goto Github PK

This is a small improvement suggestion.

With ngsi broker get you can get information like this:

$ ngsi broker get --host orion-alumbrado
brokerHost http://localhost:1026
ngsiType v2
FIWARE-Service alcobendas
FIWARE-ServicePath /alumbrado
IdmType thinkingcities
IdmHost http://idmhost:5001/v3/auth/tokens
Username admin_user
Password user_password

The problem is that when the broker setting is using an IDM (I have observed it for ThinkingCities one but I guess that for other IDM types it would be the same) the password appears in clear text.

Maybe a possible improvement would be by default ofuscating that information, i.e:

$ ngsi broker get --host orion-alumbrado
brokerHost http://localhost:1026
ngsiType v2
FIWARE-Service alcobendas
FIWARE-ServicePath /alumbrado
IdmType thinkingcities
IdmHost http://idmhost:5001/v3/auth/tokens
Username admin_user
Password ****

and require an explicit parameter to see it in clear text, i.e.:

$ ngsi broker get --host orion-alumbrado --cleartextPassword
brokerHost http://localhost:1026
ngsiType v2
FIWARE-Service alcobendas
FIWARE-ServicePath /alumbrado
IdmType thinkingcities
IdmHost http://idmhost:5001/v3/auth/tokens
Username admin_user
Password user_password

(cleartextPassword is just a suggestion... of course it could a better one, based on the conventions used for parameter names in NGSI Go)

Note this is not to achieve perfect security (user can use --cleartextPassword without any restriction and, in any case, check the information in the filesystem storage used by NGSI Go) but a equivalent feature to the one in browsers and similar systems (see picture below)

In the latest version of Orion ("2.5.0-next"), ngsi list entities without options can not print a list of entities.

$ ngsi version --host orion
{
"orion" : {
  "version" : "2.5.0-next",
  "uptime" : "0 d, 0 h, 0 m, 27 s",
  "git_hash" : "1744eeb6a3489c2c0bfbeceadaf471d0a3784a95",
  "compile_time" : "Fri Feb 12 14:55:26 UTC 2021",
  "compiled_by" : "root",
  "compiled_in" : "eea31cce414e",
  "release_date" : "Fri Feb 12 14:55:26 UTC 2021",
  "doc" : "https://fiware-orion.rtfd.io/",
  "libversions": {
     "boost": "1_53",
     "libcurl": "libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0",
     "libmicrohttpd": "0.9.70",
     "openssl": "1.0.2k",
     "rapidjson": "1.1.0",
     "mongodriver": "legacy-1.1.2"
  }
}
}

$ ngsi create entity --data '{"id":"id001","A":{"type":"Text","value":"FIWARE"}}'

$ ngsi list entities

$ ngsi list entities --count
1

$ ngsi list entities --verbose
[{"id":"id001","type":"Thing","A":{"type":"Text","value":"FIWARE","metadata":{}}}]

$ docker images fiware/orion:latest
REPOSITORY     TAG       IMAGE ID       CREATED      SIZE
fiware/orion   latest    a6806f7270f8   7 days ago   279MB

I have been testing ngsi-go version 0.8.0 (very nice work by the way! :) and I have one doubt, please. Not sure if GitHub issues are the best place for doubt: if there is a better channel for this just let me know and I will use it.

Looking to "Supported FIWARE Open APIs" in the master README.md I see ngsi-go supports Keyrock API. I understand this means this security stack:

• Keyrock (as IDM)
• Authzforce (as Access Control)
• Wilma (as PEP)

However, Orion can be used with other security stacks, which are similar but not exactly the same. In particular, we use:

• Keystone (as IDM)
• Keypass (as Access Control)
• Steelskin (as PEP)

What I wonder if it ngsi-go would also work in this case. As far as I know, Keystone and Keyrock are pretty similar (Keystone is the standard IDM in OpenStack, while Keyrock is a kind of derivate but supporting similar APIs... although I could be wrong).

Keystone token management operations (i.e. to get a token to be used later in a request to Orion through PEP) are based in the POST /v3/auth/tokens operation (more detail here). I can provide more detail (a sequence of specific requests used to get a token to be used with Orion) if you need it.

Thanks!

First of all, this tool is super mega awesome! ❤️
This is an ideal tool for setting up a FIWARE installation from the command line.
However, it is not clear from the docs that you first need to add keyrock as server if you want to execute commands.
The following worked for me:

ngsi server add --host idm --serverType keyrock --serverHost https://idm.example.com --username [email protected] --password 1234567
ngsi applications --host idm create --name "CB" -- ... 

Print no version and revision when error level is higher than info

$ ngsi --stderr info create --host orion subscription --type abc --typePattern abc
 (git_hash:)
subscriptionsCreateV2002 type or typePattern
setSubscriptionValuesV2004 type or typePattern
abnormal termination

(I have hit this while doing the tests described in #123 (comment) but I think is bette to use it a separate issue for the report).

With the following broker configuration:

$ ngsi broker list
myinstance

$ ngsi broker get --host myinstance
brokerHost http://localhost:1026
ngsiType v2
FIWARE-Service alcobendas
IdmType thinkingcities
IdmHost http://iomhost:5001/v3/auth/tokens
Username admin_alcobendas
Password <offuscated>

If I do:

$ ngsi create entity --data '{"id":"E", "type": "T", "A": {"value": 1, "type": "Number"}}'

I get:

entityCreate001 required host not found

However, --host doesn't seem to be a valid option here. It doesn't appear at ngsi create entity --help and if I try to use it any way with:

ngsi create entity --data '{"id":"E", "type": "T", "A": {"value": 1, "type": "Number"}}' --host myinstance

I get:

Incorrect Usage: flag provided but not defined: -host

Probably I'm doing something wrong, but I don't know what...

Testing with ngsi-go version 0.8.0 if I run:

ngsi broker add --help

I see:

   --brokerType value              orion-ld, scorpio, stellio

Should "orion" been added to this list? Note that orion and orion-ld are not the same piece of software...

In the current implementation, when renewing a token, NGSI Go gets a token using user,.password and client_id and client_secret without using a refresh token or a token that was gotten first time.

Hey guys,

I was just checking if i could use your tool to access an orion instance, but unfortunately i'm failing already in the beginning.

It seems that you do not support fiware-services with uppercase letters (seems to be intented as you test that uppercase fiware services are producing an error):

The problem is, the orion instance i want to connect to uses fiware services like Foo instead of foo and if i try to connect with a lowercase fiware service, it does not work.

Does work:

➜ ngsi broker add \
  --host myinstance \
  --brokerHost http://localhost:1026 \
  --ngsiType v2 \
  --service foo \
  --path /iot

Does not work

➜ ngsi broker add \
  --host myinstance \
  --brokerHost http://localhost:1026 \
  --ngsiType v2 \
  --service Foo \
  --path /iot

With this error: brokersAdd007 error FIWARE Service: Foo

Using current master version.

I wanted to add the following: subscription using the ngis-go tool:

ngsi create --host orion-with-apikey subscription --data @SingleSubcriptionTest

orion is running as docker container: fiware/orion:3.2.0

Executing gives a 400 bad request. Inserting the subscription using Postman works fine.

0.9.0 (git_hash:bfd1ec240a8a8421929e2923f8fb5d3f6cab18ab) (git_hash:bfd1ec240a8a8421929e2923f8fb5d3f6cab18ab)
subscriptionsCreate
InitTokenMgr
subscriptionsCreateV2004 400 Bad Request {"error":"BadRequest","description":"condition is empty"}
abnormal termination

I switched orion to debug and this is the payload I see in the logs.
The conditions object is empty

| comp=Orion | op=logTracing.cpp[141]:logInfoRequestWithPayload | msg=Request received: POST /v2/subscriptions, request payload (238 bytes): {"description":"Test Notification","subject":{"entities":[{"idPattern":"Alert.*","type":"Alert"}],"condition":{}},"notification":{"httpCustom":{"url":"http://dev/null","headers":{"fiware-shared-key":"test"}},"attrsFormat":"keyValues"}}, response code: 400

Save the json as SingleSubcriptionTest.json

{
    "description": "Test Notification",
    "subject": {
      "entities": [
        {
          "idPattern": "Alert.*",
          "type": "Alert"
        }
      ],
      "condition": {
        "attrs": []
      }
    },
    "notification": {
      "httpCustom": {
        "url": "http://dev/null",
        "headers": {
          "fiware-shared-key": "test"
        }
      },
      "attrsFormat": "keyValues"
    }
  }