From 61b66fda31c9743645261e634468776464ac7afb Mon Sep 17 00:00:00 2001 From: Jason Fox Date: Tue, 4 Jun 2024 10:18:25 +0200 Subject: [PATCH] Switch to WSL --- FIWARE Identity Management.postman_collection.json | 2 +- README.ja.md | 8 +++----- README.md | 9 +++++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/FIWARE Identity Management.postman_collection.json b/FIWARE Identity Management.postman_collection.json index 4e1f2db..3a58a85 100644 --- a/FIWARE Identity Management.postman_collection.json +++ b/FIWARE Identity Management.postman_collection.json @@ -2,7 +2,7 @@ "info": { "_postman_id": "83b05e2a-e6d6-4869-a632-afcbb2072759", "name": "FIWARE Identity Management", - "description": "This tutorial is an introduction to [FIWARE Keyrock](http://fiware-idm.readthedocs.io/en/latest/) - a generic enabler which introduces\n**Identity Management** into FIWARE services. The tutorial explains how to create users and organizations in preparation to assign\nroles and permissions to them in a later tutorial.\n\nThe `docker-compose` files for this tutorial can be found on GitHub: \n\n![GitHub](https://fiware.github.io/tutorials.Identity-Management/icon/GitHub-Mark-32px.png) [FIWARE 401: Identity Management](https://github.com/Fiware/tutorials.Identity-Management)\n\n# Identity Management\n\n> \"If one meets a powerful person — ask them five questions: ‘What power have you got?\n> Where did you get it from? In whose interests do you exercise it? To whom are you\n> accountable? And how can we get rid of you?’\"\n>\n> — Anthony Wedgwood Benn (The Five Essential Questions of Democracy)\n\n\nIn computer security terminology, Identity management is the security and business discipline that \"enables the right\nindividuals to access the right resources at the right times and for the right reasons\". It addresses the need to\nensure appropriate access to resources across disparate systems.\n\nThe FIWARE framework consists of a series of separate components, and the security chapter aims to implement\nthe common needs of these components regarding who (or what) gets to access which resources within the system,\nbut before access to resources can be locked down, the identity of the person (or service) making the request\nneeds to be known. The FIWARE **Keyrock** Generic Enabler sets up all of the common characteristics of an\nIdentity Management System out-of-the-box, so that other components are able to use standard authentication\nmechanisms to accept or reject requests based on industry standard protocols.\n\nIdentity Management therefore covers the issues of how to gain an identity within the system, the protection\nof that identity and the surrounding technologies such as passwords and network protocols.\n\n## Standard Concepts of Identity Management\n\nThe following common objects are found with the **Keyrock** Identity Management database:\n\n* **User** - Any signed up user able to identify themselves with an eMail and password. Users can be assigned\n rights individually or as a group\n* **Application** - Any securable FIWARE application consisting of a series of microservices\n* **Organization** - A group of users who can be assigned a series of rights. Altering the rights of the organization\n effects the access of all users of that organization\n* **OrganizationRole** - Users can either be members or admins of an organization - Admins are able to add and remove users\n from their organization, members merely gain the roles and permissions of an organization. This allows each organization\n to be responsible for their members and removes the need for a super-admin to administer all rights\n* **Role** - A role is a descriptive bucket for a set of permissions. A role can be assigned to either a single user\n or an organization. A signed-in user gains all the permissions from all of their own roles plus all of the roles associated\n to their organization\n* **Permission** - An ability to do something on a resource within the system\n\nAdditionally two further non-human application objects can be secured within a FIWARE application:\n\n* **IoTAgent** - a proxy between IoT Sensors and the Context Broker\n* **PEPProxy** - a middleware for use between generic enablers challenging the rights of a user.\n\n\n The relationship between the objects can be seen below - the entities marked in red are used directly within this tutorial:\n\n![](https://fiware.github.io/tutorials.Identity-Management/img/entities.png)\n\n## Video : Introduction to Keyrock\n\n[![](https://fiware.github.io/tutorials.Step-by-Step/img/video-logo.png)](https://www.youtube.com/watch?v=dHyVTan6bUY \"Introduction\")\n\nClick on the image above to watch an introductory video describing the **Keyrock** Generic Enabler\n\n# Prerequisites\n\n## Docker\n\nTo keep things simple both components will be run using [Docker](https://www.docker.com). **Docker** is a\ncontainer technology which allows to different components isolated into their respective environments.\n\n* To install Docker on Windows follow the instructions [here](https://docs.docker.com/docker-for-windows/)\n* To install Docker on Mac follow the instructions [here](https://docs.docker.com/docker-for-mac/)\n* To install Docker on Linux follow the instructions [here](https://docs.docker.com/install/)\n\n**Docker Compose** is a tool for defining and running multi-container Docker applications. A\n[YAML file](https://raw.githubusercontent.com/Fiware/tutorials.Entity-Relationships/master/docker-compose.yml) is used\nconfigure the required services for the application. This means all container services can be brought up in a single\ncommand. Docker Compose is installed by default as part of Docker for Windows and Docker for Mac, however Linux users\nwill need to follow the instructions found [here](https://docs.docker.com/compose/install/)\n\n## Cygwin\n\nWe will start up our services using a simple bash script. Windows users should download [cygwin](http://www.cygwin.com/) to provide a\ncommand line functionality similar to a Linux distribution on Windows.\n\n# Architecture\n\nThis introduction will only make use of one FIWARE component - the [Keyrock](http://fiware-idm.readthedocs.io/)\nIdentity Management Generic Enabler. Usage of **Keyrock** alone alone is insufficient for an application to qualify\n as *“Powered by FIWARE”*. Additionally will be persisting user data in a **MySQL** database.\n\n\nThe overall architecture will consist of the following elements:\n\n* One **FIWARE Generic Enabler**:\n * FIWARE [Keyrock](http://fiware-idm.readthedocs.io/) offer a complement Identity Management System including:\n * An OAuth2 authentication system for Applications and Users\n * A website graphical front-end for Identity Management Administration\n * An equivalent REST API for Identity Management via HTTP requests\n\n* One [MySQL](https://www.mysql.com/) database :\n * Used to persist user identities, applications, roles and permissions\n\n\nSince all interactions between the elements are initiated by HTTP requests, the entities can be containerized and run from exposed ports.\n\n\n![](https://fiware.github.io/tutorials.Identity-Management/img/architecture.png)\n\nThe specific architecture of each section of the tutorial is discussed below.\n\n## Keyrock Configuration\n\n```yaml\n keyrock:\n image: quay.io/fiware/idm\n container_name: fiware-keyrock\n hostname: keyrock\n depends_on:\n - mysql-db\n ports:\n - \"3005:3005\"\n - \"3443:3443\"\n environment:\n - DATABASE_HOST=mysql-db\n - IDM_DB_PASS_FILE=/run/secrets/my_secret_data\n - IDM_DB_USER=root\n - IDM_HOST=http://localhost:3005\n - IDM_PORT=3005\n - IDM_HTTPS_ENABLED=true\n - IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}\n - IDM_ADMIN_USER=admin\n - IDM_ADMIN_EMAIL=admin@test.com\n - IDM_ADMIN_PASS=1234\n secrets:\n - my_secret_data\n```\n\nThe `idm` container is a web application server listening on two ports:\n\n* Port `3005` has been exposed for HTTP traffic so we can display the web page and interact with the REST API.\n* Port `3443` has been exposed for secure HTTPS traffic for the website and REST API\n\n> **Note** HTTPS should be used throughout for any secured application, but to do this properly,\n> **Keyrock** requires a trusted SSL certificate - the default certificate is self-certified and\n> available for testing purposes. The certificates can be overridden by attaching a volume to\n> replace the files under `/opt/fiware-idm/certs`.\n>\n> In a production environment, all access should occur over HTTPS, to avoid sending\n> any sensitive information using plain-text. Alternatively HTTP can be used within a\n> private network behind a configured HTTPS Reverse Proxy\n>\n> The port `3005` offering the HTTP protocol is being exposed for demonstration purposes only and to\n> simplify the interactions within this tutorial - you may also use HTTPS on port `3443` with certain\n> caveats.\n>\n> If you want to use HTTPS to access the REST API when you are using Postman, ensure that SSL\n> certificate verfication is OFF. If you want to use HTTPS to access the web front-end, please\n> accept any security warnings issued.\n\n\n\nThe `idm` container is driven by environment variables as shown:\n\n| Key |Value|Description|\n|-----|-----|-----------|\n|IDM_DB_PASS|`idm`| Password of the attached MySQL Database - secured by **Docker Secrets** (see below) |\n|IDM_DB_USER|`root`|User name of the default MySQL user - left in plain-text |\n|IDM_HOST|`http://localhost:3005`| Host name of the **Keyrock** App Server - used in activation eMails when signing up users|\n|IDM_PORT|`3005`| Port used by the **Keyrock** App Server for HTTP traffic - this has been altered from the default 3000 port to avoid clashes |\n|IDM_HTTPS_ENABLED|`true`| Whether to offer HTTPS Support - this will use the self-signed certs unless overridden |\n|IDM_HTTPS_PORT|`3443`| Port used by the **Keyrock** App Server for HTTP traffic this has been altered from the default 443 |\n\n\n> :information_source: **Note** that this example has secured the MySQL password using **Docker Secrets**\n> By using `IDM_DB_PASS` with the `_FILE` suffix and referring to a secrets file location.\n> This avoids exposing the password as an `ENV` variable in plain-text - either in the `Dockerfile` Image or\n> as an injected variable which could be read using `docker inspect`.\n>\n> The following list of variables (where used) should be set via secrets with the `_FILE` suffix in a Production System:\n>\n> * `IDM_SESSION_SECRET`\n> * `IDM_ENCRYPTION_KEY`\n> * `IDM_DB_PASS`\n> * `IDM_DB_USER`\n> * `IDM_ADMIN_ID`\n> * `IDM_ADMIN_USER`\n> * `IDM_ADMIN_EMAIL`\n> * `IDM_ADMIN_PASS`\n> * `IDM_EX_AUTH_DB_USER`\n> * `IDM_EX_AUTH_DB_PASS`\n\n\n\n## MySQL Configuration\n\n```yaml\n mysql-db:\n image: mysql:5.7\n hostname: mysql-db\n container_name: db-mysql\n expose:\n - \"3306\"\n ports:\n - \"3306:3306\"\n networks:\n default:\n environment:\n - \"MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data\"\n - \"MYSQL_ROOT_HOST=172.18.1.5\"\n volumes:\n - mysql-db:/var/lib/mysql\n secrets:\n - my_secret_data\n```\n\n\nThe `mysql-db` container is listening on a single port:\n\n* Port `3306` is the default port for a MySQL server. It has been exposed so you can also run other database tools to display data if you wish\n\nThe `mysql-db` container is driven by environment variables as shown:\n\n| Key |Value. |Description |\n|-------------------|----------|------------------------------------------|\n|MYSQL_ROOT_PASSWORD|`123`. | specifies a password that is set for the MySQL `root` account - secured by **Docker Secrets** (see below)|\n|MYSQL_ROOT_HOST |`root`| By default, MySQL creates the `root'@'localhost` account. This account can only be connected to from inside the container. Setting this environment variable allows root connections from other hosts |\n\n# Start Up\n\nTo start the installation, do the following:\n\n```console\ngit clone git@github.com:Fiware/tutorials.Identity-Management.git\ncd tutorials.Identity-Management\n\n./services create\n```\n\n>**Note** The initial creation of Docker images can take up to three minutes\n\n\nThereafter, all services can be initialized from the command line by running the [services](https://github.com/Fiware/tutorials.Identity-Management/blob/master/services) Bash script provided within the repository:\n\n```console\n./services \n```\n\nWhere `` will vary depending upon the exercise we wish to activate.\n\n>:information_source: **Note:** If you want to clean up and start over again you can do so with the following command:\n>\n>```console\n>./services stop\n>```\n>\n\n\n### Reading directly from the Keyrock MySQL Database\n\nAll Identify Management records and relationships are held within the the attached MySQL database. This can be\naccessed by entering the running Docker container as shown:\n\n```console\ndocker exec -it db-mysql bash\n```\n\n```console\nmysql -u -p idm\n```\n\nWhere `` and `` match the values defined in the `docker-compose` file for `MYSQL_ROOT_PASSWORD`\nand `MYSQL_ROOT_USER`. The default values for the tutorial are usually `root` and `secret`.\n\nSQL commands can then be entered from the command line. e.g.:\n\n```SQL\nselect id, username, email, password from user;\n```\n\n\n### UUIDs within Keyrock\n\nAll IDs and tokens within **Keyrock** are subject to change. The following values will need to be amended when\nquerying for records. Record IDs use Universally Unique Identifiers - UUIDs.\n\n| Key |Description | Sample Value |\n|-----|-----------------------------------|--------------|\n|`keyrock`| URL for the location of the **Keyrock** service|`localhost:3005`|\n|`X-Auth-token`| Token received in the Header when logging in as a user - in other words *\"Who am I?\"* |`51f2e380-c959-4dee-a0af-380f730137c3`|\n|`X-Subject-token`|Token added to requests to define *\"Who do I want to inquire about?\"* - This can also be a repeat the `X-Auth-token` defined above |`51f2e380-c959-4dee-a0af-380f730137c3`|\n|`user-id`| id of an existing user, found with the `user` table |`96154659-cb3b-4d2d-afef-18d6aec0518e`|\n|`organization-id`| id of an existing organization, found with the `organization` table |`e424ed98-c966-46e3-b161-a165fd31bc01`|\n|`organization-role-id`| type of role a user has within an organization either `owner` or `member`|`member`|\n\nTokens are designed to expire after a set period. If the `X-Auth-token` value you are using has expired, log-in again to obtain a new token.\n\n## Video : Creating User Accounts with the Keyrock GUI\n\n[![](http://img.youtube.com/vi/dtKsjGbJ7Xc/0.jpg)](https://www.youtube.com/watch?v=dtKsjGbJ7Xc \" Creating User Accounts\")\n\nClick on the image above to watch a video demonstrating how to create users with the **Keyrock** GUI\n", + "description": "This tutorial is an introduction to [FIWARE Keyrock](http://fiware-idm.readthedocs.io/en/latest/) - a generic enabler which introduces\n**Identity Management** into FIWARE services. The tutorial explains how to create users and organizations in preparation to assign\nroles and permissions to them in a later tutorial.\n\nThe `docker-compose` files for this tutorial can be found on GitHub: \n\n![GitHub](https://fiware.github.io/tutorials.Identity-Management/icon/GitHub-Mark-32px.png) [FIWARE 401: Identity Management](https://github.com/Fiware/tutorials.Identity-Management)\n\n# Identity Management\n\n> \"If one meets a powerful person — ask them five questions: ‘What power have you got?\n> Where did you get it from? In whose interests do you exercise it? To whom are you\n> accountable? And how can we get rid of you?’\"\n>\n> — Anthony Wedgwood Benn (The Five Essential Questions of Democracy)\n\n\nIn computer security terminology, Identity management is the security and business discipline that \"enables the right\nindividuals to access the right resources at the right times and for the right reasons\". It addresses the need to\nensure appropriate access to resources across disparate systems.\n\nThe FIWARE framework consists of a series of separate components, and the security chapter aims to implement\nthe common needs of these components regarding who (or what) gets to access which resources within the system,\nbut before access to resources can be locked down, the identity of the person (or service) making the request\nneeds to be known. The FIWARE **Keyrock** Generic Enabler sets up all of the common characteristics of an\nIdentity Management System out-of-the-box, so that other components are able to use standard authentication\nmechanisms to accept or reject requests based on industry standard protocols.\n\nIdentity Management therefore covers the issues of how to gain an identity within the system, the protection\nof that identity and the surrounding technologies such as passwords and network protocols.\n\n## Standard Concepts of Identity Management\n\nThe following common objects are found with the **Keyrock** Identity Management database:\n\n* **User** - Any signed up user able to identify themselves with an eMail and password. Users can be assigned\n rights individually or as a group\n* **Application** - Any securable FIWARE application consisting of a series of microservices\n* **Organization** - A group of users who can be assigned a series of rights. Altering the rights of the organization\n effects the access of all users of that organization\n* **OrganizationRole** - Users can either be members or admins of an organization - Admins are able to add and remove users\n from their organization, members merely gain the roles and permissions of an organization. This allows each organization\n to be responsible for their members and removes the need for a super-admin to administer all rights\n* **Role** - A role is a descriptive bucket for a set of permissions. A role can be assigned to either a single user\n or an organization. A signed-in user gains all the permissions from all of their own roles plus all of the roles associated\n to their organization\n* **Permission** - An ability to do something on a resource within the system\n\nAdditionally two further non-human application objects can be secured within a FIWARE application:\n\n* **IoTAgent** - a proxy between IoT Sensors and the Context Broker\n* **PEPProxy** - a middleware for use between generic enablers challenging the rights of a user.\n\n\n The relationship between the objects can be seen below - the entities marked in red are used directly within this tutorial:\n\n![](https://fiware.github.io/tutorials.Identity-Management/img/entities.png)\n\n## Video : Introduction to Keyrock\n\n[![](https://fiware.github.io/tutorials.Step-by-Step/img/video-logo.png)](https://www.youtube.com/watch?v=dHyVTan6bUY \"Introduction\")\n\nClick on the image above to watch an introductory video describing the **Keyrock** Generic Enabler\n\n# Prerequisites\n\n## Docker\n\nTo keep things simple both components will be run using [Docker](https://www.docker.com). **Docker** is a\ncontainer technology which allows to different components isolated into their respective environments.\n\n* To install Docker on Windows follow the instructions [here](https://docs.docker.com/docker-for-windows/)\n* To install Docker on Mac follow the instructions [here](https://docs.docker.com/docker-for-mac/)\n* To install Docker on Linux follow the instructions [here](https://docs.docker.com/install/)\n\n**Docker Compose** is a tool for defining and running multi-container Docker applications. A\n[YAML file](https://raw.githubusercontent.com/Fiware/tutorials.Entity-Relationships/master/docker-compose.yml) is used\nconfigure the required services for the application. This means all container services can be brought up in a single\ncommand. Docker Compose is installed by default as part of Docker for Windows and Docker for Mac, however Linux users\nwill need to follow the instructions found [here](https://docs.docker.com/compose/install/)\n\n## WSL\n\nWe will start up our services using a simple bash script. Windows users should download the [Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/install) to provide a\ncommand line functionality similar to a Linux distribution on Windows.\n\n# Architecture\n\nThis introduction will only make use of one FIWARE component - the [Keyrock](http://fiware-idm.readthedocs.io/)\nIdentity Management Generic Enabler. Usage of **Keyrock** alone alone is insufficient for an application to qualify\n as *“Powered by FIWARE”*. Additionally will be persisting user data in a **MySQL** database.\n\n\nThe overall architecture will consist of the following elements:\n\n* One **FIWARE Generic Enabler**:\n * FIWARE [Keyrock](http://fiware-idm.readthedocs.io/) offer a complement Identity Management System including:\n * An OAuth2 authentication system for Applications and Users\n * A website graphical front-end for Identity Management Administration\n * An equivalent REST API for Identity Management via HTTP requests\n\n* One [MySQL](https://www.mysql.com/) database :\n * Used to persist user identities, applications, roles and permissions\n\n\nSince all interactions between the elements are initiated by HTTP requests, the entities can be containerized and run from exposed ports.\n\n\n![](https://fiware.github.io/tutorials.Identity-Management/img/architecture.png)\n\nThe specific architecture of each section of the tutorial is discussed below.\n\n## Keyrock Configuration\n\n```yaml\n keyrock:\n image: quay.io/fiware/idm\n container_name: fiware-keyrock\n hostname: keyrock\n depends_on:\n - mysql-db\n ports:\n - \"3005:3005\"\n - \"3443:3443\"\n environment:\n - DATABASE_HOST=mysql-db\n - IDM_DB_PASS_FILE=/run/secrets/my_secret_data\n - IDM_DB_USER=root\n - IDM_HOST=http://localhost:3005\n - IDM_PORT=3005\n - IDM_HTTPS_ENABLED=true\n - IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}\n - IDM_ADMIN_USER=admin\n - IDM_ADMIN_EMAIL=admin@test.com\n - IDM_ADMIN_PASS=1234\n secrets:\n - my_secret_data\n```\n\nThe `idm` container is a web application server listening on two ports:\n\n* Port `3005` has been exposed for HTTP traffic so we can display the web page and interact with the REST API.\n* Port `3443` has been exposed for secure HTTPS traffic for the website and REST API\n\n> **Note** HTTPS should be used throughout for any secured application, but to do this properly,\n> **Keyrock** requires a trusted SSL certificate - the default certificate is self-certified and\n> available for testing purposes. The certificates can be overridden by attaching a volume to\n> replace the files under `/opt/fiware-idm/certs`.\n>\n> In a production environment, all access should occur over HTTPS, to avoid sending\n> any sensitive information using plain-text. Alternatively HTTP can be used within a\n> private network behind a configured HTTPS Reverse Proxy\n>\n> The port `3005` offering the HTTP protocol is being exposed for demonstration purposes only and to\n> simplify the interactions within this tutorial - you may also use HTTPS on port `3443` with certain\n> caveats.\n>\n> If you want to use HTTPS to access the REST API when you are using Postman, ensure that SSL\n> certificate verfication is OFF. If you want to use HTTPS to access the web front-end, please\n> accept any security warnings issued.\n\n\n\nThe `idm` container is driven by environment variables as shown:\n\n| Key |Value|Description|\n|-----|-----|-----------|\n|IDM_DB_PASS|`idm`| Password of the attached MySQL Database - secured by **Docker Secrets** (see below) |\n|IDM_DB_USER|`root`|User name of the default MySQL user - left in plain-text |\n|IDM_HOST|`http://localhost:3005`| Host name of the **Keyrock** App Server - used in activation eMails when signing up users|\n|IDM_PORT|`3005`| Port used by the **Keyrock** App Server for HTTP traffic - this has been altered from the default 3000 port to avoid clashes |\n|IDM_HTTPS_ENABLED|`true`| Whether to offer HTTPS Support - this will use the self-signed certs unless overridden |\n|IDM_HTTPS_PORT|`3443`| Port used by the **Keyrock** App Server for HTTP traffic this has been altered from the default 443 |\n\n\n> :information_source: **Note** that this example has secured the MySQL password using **Docker Secrets**\n> By using `IDM_DB_PASS` with the `_FILE` suffix and referring to a secrets file location.\n> This avoids exposing the password as an `ENV` variable in plain-text - either in the `Dockerfile` Image or\n> as an injected variable which could be read using `docker inspect`.\n>\n> The following list of variables (where used) should be set via secrets with the `_FILE` suffix in a Production System:\n>\n> * `IDM_SESSION_SECRET`\n> * `IDM_ENCRYPTION_KEY`\n> * `IDM_DB_PASS`\n> * `IDM_DB_USER`\n> * `IDM_ADMIN_ID`\n> * `IDM_ADMIN_USER`\n> * `IDM_ADMIN_EMAIL`\n> * `IDM_ADMIN_PASS`\n> * `IDM_EX_AUTH_DB_USER`\n> * `IDM_EX_AUTH_DB_PASS`\n\n\n\n## MySQL Configuration\n\n```yaml\n mysql-db:\n image: mysql:5.7\n hostname: mysql-db\n container_name: db-mysql\n expose:\n - \"3306\"\n ports:\n - \"3306:3306\"\n networks:\n default:\n environment:\n - \"MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data\"\n - \"MYSQL_ROOT_HOST=172.18.1.5\"\n volumes:\n - mysql-db:/var/lib/mysql\n secrets:\n - my_secret_data\n```\n\n\nThe `mysql-db` container is listening on a single port:\n\n* Port `3306` is the default port for a MySQL server. It has been exposed so you can also run other database tools to display data if you wish\n\nThe `mysql-db` container is driven by environment variables as shown:\n\n| Key |Value. |Description |\n|-------------------|----------|------------------------------------------|\n|MYSQL_ROOT_PASSWORD|`123`. | specifies a password that is set for the MySQL `root` account - secured by **Docker Secrets** (see below)|\n|MYSQL_ROOT_HOST |`root`| By default, MySQL creates the `root'@'localhost` account. This account can only be connected to from inside the container. Setting this environment variable allows root connections from other hosts |\n\n# Start Up\n\nTo start the installation, do the following:\n\n```console\ngit clone git@github.com:Fiware/tutorials.Identity-Management.git\ncd tutorials.Identity-Management\n\n./services create\n```\n\n>**Note** The initial creation of Docker images can take up to three minutes\n\n\nThereafter, all services can be initialized from the command line by running the [services](https://github.com/Fiware/tutorials.Identity-Management/blob/master/services) Bash script provided within the repository:\n\n```console\n./services \n```\n\nWhere `` will vary depending upon the exercise we wish to activate.\n\n>:information_source: **Note:** If you want to clean up and start over again you can do so with the following command:\n>\n>```console\n>./services stop\n>```\n>\n\n\n### Reading directly from the Keyrock MySQL Database\n\nAll Identify Management records and relationships are held within the the attached MySQL database. This can be\naccessed by entering the running Docker container as shown:\n\n```console\ndocker exec -it db-mysql bash\n```\n\n```console\nmysql -u -p idm\n```\n\nWhere `` and `` match the values defined in the `docker-compose` file for `MYSQL_ROOT_PASSWORD`\nand `MYSQL_ROOT_USER`. The default values for the tutorial are usually `root` and `secret`.\n\nSQL commands can then be entered from the command line. e.g.:\n\n```SQL\nselect id, username, email, password from user;\n```\n\n\n### UUIDs within Keyrock\n\nAll IDs and tokens within **Keyrock** are subject to change. The following values will need to be amended when\nquerying for records. Record IDs use Universally Unique Identifiers - UUIDs.\n\n| Key |Description | Sample Value |\n|-----|-----------------------------------|--------------|\n|`keyrock`| URL for the location of the **Keyrock** service|`localhost:3005`|\n|`X-Auth-token`| Token received in the Header when logging in as a user - in other words *\"Who am I?\"* |`51f2e380-c959-4dee-a0af-380f730137c3`|\n|`X-Subject-token`|Token added to requests to define *\"Who do I want to inquire about?\"* - This can also be a repeat the `X-Auth-token` defined above |`51f2e380-c959-4dee-a0af-380f730137c3`|\n|`user-id`| id of an existing user, found with the `user` table |`96154659-cb3b-4d2d-afef-18d6aec0518e`|\n|`organization-id`| id of an existing organization, found with the `organization` table |`e424ed98-c966-46e3-b161-a165fd31bc01`|\n|`organization-role-id`| type of role a user has within an organization either `owner` or `member`|`member`|\n\nTokens are designed to expire after a set period. If the `X-Auth-token` value you are using has expired, log-in again to obtain a new token.\n\n## Video : Creating User Accounts with the Keyrock GUI\n\n[![](http://img.youtube.com/vi/dtKsjGbJ7Xc/0.jpg)](https://www.youtube.com/watch?v=dtKsjGbJ7Xc \" Creating User Accounts\")\n\nClick on the image above to watch a video demonstrating how to create users with the **Keyrock** GUI\n", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ diff --git a/README.ja.md b/README.ja.md index fca3eeb..95a16bf 100644 --- a/README.ja.md +++ b/README.ja.md @@ -32,7 +32,7 @@ Enabler です。このチュートリアルでは、ユーザと組織の作成 - [:arrow_forward: ビデオ : Keyrock のイントロダクション](#arrow_forward-video--introduction-to-keyrock) - [前提条件](#prerequisites) - [Docker](#docker) - - [Cygwin](#cygwin) + - [WSL](#wsl) - [アーキテクチャ](#architecture) - [Keyrock の設定](#keyrock-configuration) - [MySQL の設定](#mysql-configuration) @@ -166,12 +166,10 @@ application) のオブジェクトを保護することができます。 は[ここ](https://docs.docker.com/compose/install/)に記載されている手順に従う必要 があります。 - - -## Cygwin +## WSL シンプルな bash スクリプトを使用してサービスを開始します。Windows ユーザは -[cygwin](http://www.cygwin.com/) をダウンロードして、Windows 上の Linux ディスト +[を使用して Windows に Linux をインストールする方法](https://learn.microsoft.com/ja-jp/windows/wsl/install) をダウンロードして、Windows 上の Linux ディスト リビューションと同様のコマンドライン機能を提供する必要があります。 diff --git a/README.md b/README.md index 85a3b59..3cc63fc 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ commands used to access the **Keyrock** REST API - - [:arrow_forward: Video : Introduction to Keyrock](#arrow_forward-video--introduction-to-keyrock) - [Prerequisites](#prerequisites) - [Docker](#docker) - - [Cygwin](#cygwin) + - [WSL](#wsl) - [Architecture](#architecture) - [Keyrock Configuration](#keyrock-configuration) - [MySQL Configuration](#mysql-configuration) @@ -141,10 +141,11 @@ configure the required services for the application. This means all container se command. Docker Compose is installed by default as part of Docker for Windows and Docker for Mac, however Linux users will need to follow the instructions found [here](https://docs.docker.com/compose/install/) -## Cygwin +## WSL -We will start up our services using a simple bash script. Windows users should download [cygwin](http://www.cygwin.com/) -to provide a command-line functionality similar to a Linux distribution on Windows. +We will start up our services using a simple bash script. Windows users should download the +[Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/install) to provide a command-line +functionality similar to a Linux distribution on Windows. # Architecture