search

FIWARE / kong-plugins-fiware

Kong plugin to support attribute-based access management for NGSI requests with the iSHARE scheme
MIT License
4 stars 0 forks source link

Usage with docker compose #21

Closed pierre-josselin closed 1 year ago

pierre-josselin commented 1 year ago

Hi, would it be possible to have a minimalist docker-compose.yml example file to use ngsi-ishare-policies Kong plugin?

Thank you.

pierre-josselin commented 1 year ago

I should be able to get away from this:

https://github.com/Kong/docker-kong/tree/master/compose

https://github.com/i4Trust/tutorials/blob/main/PacketDelivery-ReferenceExample/Data-Service-Provider/kong/kong.yml

I'll let you close this issue unless you have comments.

pierre-josselin commented 1 year ago

Finally succeeded, here is a basic example if anyone needs it:

docker-compose.yml

version: "3"
services:
    kong:
        image: "quay.io/fiware/kong:0.5.3-PRE-20"
        hostname: "kong"
        user: "kong"
        ports:
            - "8020:8020"
        environment:
            KONG_DATABASE: "off"
            KONG_PROXY_LISTEN: "0.0.0.0:8020"
            KONG_ADMIN_LISTEN: "0.0.0.0:8001"
            KONG_ADMIN_ACCESS_LOG: "/dev/stdout"
            KONG_ADMIN_ERROR_LOG: "/dev/stderr"
            KONG_PROXY_ACCESS_LOG: "/dev/stdout"
            KONG_PROXY_ERROR_LOG: "/dev/stderr"
            KONG_ADMIN_GUI_ACCESS_LOG: "/dev/stdout"
            KONG_ADMIN_GUI_ERROR_LOG: "/dev/stderr"
            KONG_PORTAL_API_ACCESS_LOG: "/dev/stdout"
            KONG_PORTAL_API_ERROR_LOG: "/dev/stderr"
            KONG_DECLARATIVE_CONFIG: "/opt/kong/kong.yaml"
            KONG_NGINX_WORKER_PROCESSES: "2"
            KONG_NGINX_PROXY_LARGE_CLIENT_HEADER_BUFFERS: "16 128k"
            KONG_NGINX_PROXY_HTTP2_MAX_FIELD_SIZE: "32k"
            KONG_NGINX_PROXY_HTTP2_MAX_HEADER_SIZE: "32k"
            # KONG_LOG_LEVEL: "debug"
        restart: "always"
        volumes:
            - "./kong-config:/opt/kong

kong-config/kong.yaml

_format_version: "2.1"
_transform: true

services:
  - url: "http://orion-ld:1026"
    name: "context-broker"
    port: 1026
    protocol: "http"

    routes:
      - name: "cb"
        paths:
          - "/context-broker"
        strip_path: true

    plugins:
      - name: "ngsi-ishare-policies"
        config:
          access_token:
            header_names:
              - "authorization"
              - "Authorization"
          ar:
            identifier: ""
            host: ""
            token_endpoint: ""
            delegation_endpoint: ""
          satellite:
            identifier: ""
            host: ""
            token_endpoint: ""
            trusted_list_endpoint: ""
          jws:
            identifier: ""
            private_key: |
              -----BEGIN PRIVATE KEY-----
              -----END PRIVATE KEY-----
            x5c: |
              -----BEGIN CERTIFICATE-----
              -----END CERTIFICATE-----
              -----BEGIN CERTIFICATE-----
              -----END CERTIFICATE-----
              -----BEGIN CERTIFICATE-----
              -----END CERTIFICATE-----
      - name: "request-transformer"
        config:
          remove:
            headers:
              - "Authorization"
              - "authorization"