wattson

command module

v1.0.1 Latest Latest Go to latest Published: Feb 13, 2017 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/indigo-dc/wattson

Links

Open Source Insights

README ¶

Wattson

The WaTTS (INDIGO Token Translation Service) command line client

Quickstart

Once installed using wattson is straight forward:

The next lines will set up the connection and check the supported issuer:

export WATTSON_URL=https://tts-dev.data.kit.edu
wattson lsprov

The output will be similar to:

connecting to https://tts-dev.data.kit.edu/api/v2/ using protocol version 2

*** WARNING: either access token or issuer has not been specified ***

retrieving provider list:
Provider [iam][ready] INDIGO Datacloud Identity and Access Management (IAM) (https://iam-test.indigo-datacloud.eu/)
Provider [hbp][ready] Human Brain Project (HBP) (https://services.humanbrainproject.eu/oidc/)
Provider [eudat][ready] EUDAT (b2access) (https://b2access.eudat.eu:8443/oauth2)
Provider [egi][ready] European Grid Infrastracture (Development) (https://aai-dev.egi.eu/oidc/)
Provider [google][ready] Google, the well known search giant (https://accounts.google.com)

The output shows the list of supported provider:

their id
wether they are ready or not
a descriptive name
the issuer url

Also a warning is shown that the access token and isuer need to be set. In this example we will use 'iam'. Log in at the web interface of TTS using IAM. Then select 'show access token' and copy the content of the dialog. The following line will set up the authorization for the command line client and request the list of services:

export WATTSON_TOKEN=<paste the copied text from the dialog here>
export WATTSON_ISSUER=https://iam-test.indigo-datacloud.eu/
wattson lsserv

The output should be similar to:

connecting to https://tts-dev.data.kit.edu/api/v2/ using protocol version 2
retrieving service list:

Service [x509][enabled/authorized] A simple, non trusted demo CA
 - credenitals: 0/3
 - parameter sets:
    Empty Parameter Set (allows basic request)


Service [aarc_ssh][enabled/NOT AUTHORIZED] Ssh Key Deployment on multiple VMs
   Your authorisation is insufficient for this service. This may be due to missing group membership or due to a too low Level of Assurance (LoA) (Yes, we already support that kind of stuff ;D)
 - credenitals: 0/1
 - parameter sets:
    Parameter Set:
      MANDATORY Parameter 'public key' [pub_key]: the public key to upload to the service (textarea)

    Empty Parameter Set (allows basic request)


Service [indigo_ssh][enabled/authorized] Example Ssh Key Deployment
 - credenitals: 0/1
 - parameter sets:
    Parameter Set:
      MANDATORY Parameter 'public key' [pub_key]: the public key to upload to the service (textarea)

    Empty Parameter Set (allows basic request)


Service [HBP_S3][enabled/NOT AUTHORIZED] Self Service for your HBP-S3 storage keys
   The S3 key creation is only active when you are a member of the HBP group 'hbp-kit-cloud'
 - credenitals: 0/1
 - parameter sets:
    Empty Parameter Set (allows basic request)


Service [info][enabled/authorized] Simple Info Service
 - credenitals: 0/1
 - parameter sets:
    Empty Parameter Set (allows basic request)

The warning of the missing token/issuer is gone. The output shows the list of all services:

the id
wether the service is enabled
wether one is authorized to use that service
a description of the service
the number of credentials one has and max. allowed
the parameter sets (mainly used for development)

Requesting a credential simply works with the command 'request' and the service id:

wattson request info

the output should be similar to:

requesting credential for service [info]:
Credential [f9dbb0e0-9e3e-4065-9fee-8ac30387d2b4]:
[ TTS version (text)] => 1.0.0-rc4
[ TTS userid (text)] => eyJpc3N1ZXIiOiJpc3MiLCJzdWJqZWN0Ijoic3ViIn0
[ TTS userid (decoded) (text)] => {"issuer":"iss","subject":"sub"}
[ family_name (text)] => Wegh
[ Name (text)] => Bas Wegh
[ Issuer (text)] => iss
[ Gender (text)] => M
[ preferred_username (text)] => bwegh
[ updated_at (text)] => Wed Aug 31 09:06:43 UTC 2016
[ given_name (text)] => Bas
[ Groups (textarea)] => [<<"Users">>]
[ organisation_name (text)] => indigo-dc
[ Subject (text)] => sub
[ json object (textarea)] => {
    "action": "request",
    "conf_params": {},
    "cred_state": "undefined",
    "params": {},
    "tts_userid": "eyJpc3N1ZXIiOiJpc3MiLCJzdWJqZWN0Ijoic3ViIn0",
    "tts_version": "1.0.0-rc4",
    "user_info": {
        "family_name": "Wegh",
        "gender": "M",
        "given_name": "Bas",
        "groups": [
            "Users"
        ],
        "iss": "iss",
        "name": "Bas Wegh",
        "organisation_name": "indigo-dc",
        "preferred_username": "baswegh",
        "sub": "sub",
        "updated_at": "Wed Aug 31 09:06:43 UTC 2016"
    }
}

Now you can use that information/credential, once you do not need it anymore you need to revoke it using the credential id, shown in the first line:

wattson revoke f9dbb0e0-9e3e-4065-9fee-8ac30387d2b4

the output should look like:

revoking credential [f9dbb0e0-9e3e-4065-9fee-8ac30387d2b4]:
credential sucessfully revoked

For more information and more examples please see the documentation

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

wattson.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL