Skip to content

Latest commit

 

History

History
 
 

xbosmortard

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
ttl
ttl
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
hodconfig.yml
hodconfig.yml
 
 
main.go
main.go
 
 
mortarconfig.yml
mortarconfig.yml
 
 

README.md

xbosmortard

This is the client frontend to the ingester process which stores timeseries data retrieved through WAVEMQ subscriptions and the hod process which stores Brick models.

Default configuration uses InfluxDB and assumes the same database/measurement setup that the ingester process uses.

Proofs

xbosmortard uses WAVE to authenticate/authorize clients and servers. The server entity needs the following proof

  • permission set: GyC5wUUGKON6uC4gxuH6TpzU9vvuKHGeJa1jUr4G-j_NbA==
  • permission: serve_grpc
  • namespace: the namespace the server operates on
  • resource: <grpc package name>/<grpc service name>/* (for this example, it is mortar/Mortar/*

Note: due to a limitation of the grpcauth package, you need to grant exactly the mortar/Mortar/* resource to the server entity.

Example of granting the proof

# namespace.ent can be some other authorized entity
$ wv rtgrant --attester namespace.ent \
           --subject myserver.ent \
           GyC5wUUGKON6uC4gxuH6TpzU9vvuKHGeJa1jUr4G-j_NbA==:serve_grpc@namespace.ent/\
           mortar/Mortar/*

$ wv rtgrant --attester namespace.ent \
           --subject myclient.ent \
           GyC5wUUGKON6uC4gxuH6TpzU9vvuKHGeJa1jUr4G-j_NbA==:call_grpc@namespace.ent/\
           mortar/Mortar/*

Example of creating the proof file

$ wv rtprove --subject myserver.ent -o serverproof.pem GyC5wUUGKON6uC4gxuH6TpzU9vvuKHGeJa1jUr4G-j_NbA==:serve_grpc@namespace.ent/mortar/Mortar/*
$ wv verify serverproof.pem

$ wv rtprove --subject myclient.ent -o clientproof.pem GyC5wUUGKON6uC4gxuH6TpzU9vvuKHGeJa1jUr4G-j_NbA==:call_grpc@namespace.ent/mortar/Mortar/*
$ wv verify clientproof.pem

A client needs a similar proof:

  • permission set: GyC5wUUGKON6uC4gxuH6TpzU9vvuKHGeJa1jUr4G-j_NbA==
  • permission: call_grpc
  • namespace: the namespace the server operates on
  • resource: <grpc package name>/<grpc service name>/* (for this example, it is mortar/Mortar/*

Server Configuration

Setup WAVE configuration in mortarconfig.yml

WAVE:
    Agent: "localhost:410"
    EntityFile: "mortartest.ent"
    ProofFile: "serverproof.pem"
  • Agent points the local WAVE agent process.
  • EntityFile is the path to a WAVE entity file that represents the Mortar daemon
  • ProofFile is the path to a WAVE proof that shows that EntityFile has sufficient permissions to operate.

You should of course configure the rest of the file to point to whatever db you have (InfluxDB or BTrDB)

Client Configuration

Install/upgrade the pyxbos package (requires >= 0.2.0)

client = MortarClient({
    'namespace':  "GyCetklhSNcgsCKVKXxSuCUZP4M80z9NRxU1pwfb2XwGhg==", # change this
    'wave': 'localhost:410',
    'entity': 'mortarclienttest.ent',
    'prooffile': 'clientproof.pem',
    'grpcservice': 'mortar/Mortar/*', # no change
    'address': 'localhost:4587', # address of xbosmortard
})

And now you can use the Mortar API in the same fashion. See the example file