The minos-kong plugin offer an interface that permit integrate Minos Microservice with Kong API Gateway
Project description
minos-kong
Summary
Pre-Alpha release, use at your own risk Minos Kong is a plugin that integrate minos micorservices with Kong API Gateway
Installation
Install the dependency:
pip install minos-discovery-kong
Modify config.yml file:
...
discovery:
client: minos.plugins.kong.KongDiscoveryClient
host: localhost
port: 8001
...
How to
The above configuration is sufficient for the microservice to subscribe on startup and unsubscribe on shutdown. Therefore, all you would have to do would be to make your requests against:
http://localhost:8000/your_endpoint
Kong official documentation
Official docs
You can get read the official docs here.
Postman
You can get the official postman collection for postman here.
Konga - Administrative interface
For development purposes you can add open-source administrative section by using next docker service:
services:
...
konga:
image: pantsel/konga
ports:
- 1337:1337
links:
- kong:kong
container_name: konga
environment:
- NODE_ENV=production
Decorators
Decorator @enroute can support next params:
path- route url path.method- HTTP method.authenticated(Optional) - True if route need authentication.authorized_groups(Optional) - Groups which can access to specified route (they must exist in Kong).regex_priority(Optional) - A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same regex_priority, the older one (lowest created_at) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones). Defaults to 0.
Example:
@enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}/jwt", "POST", authenticated=True, authorized_groups=["admin"], regex_priority=2)
@enroute.broker.command("GetUserJWT")
async def foo(self, request: Request) -> Response:
...
Route path
It is important to know that it is best to define routes with a regular expression when it is an id, uuid or similar. This is to avoid collisions with similar routes. Instead of using:
@enroute.rest.command("/users/{uuid}", "POST")
Use:
import re
UUID_REGEX = re.compile(r"\w{8}-\w{4}-\w{4}-\w{4}-\w{12}")
@enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}", "POST")
Authentication
Modify config.yml file. Add new middleware and modify discovery section:
...
middleware:
...
- minos.plugins.kong.middleware
discovery:
connector: minos.networks.DiscoveryConnector
client: minos.plugins.kong.KongDiscoveryClient
host: localhost
auth-type: basic-auth
port: 8001
...
Currently, there are 2 possible types of authentication:
basic-authjwt
For jwt auth type you can specify default token expiration. Example:
...
middleware:
...
- minos.plugins.kong.middleware
discovery:
connector: minos.networks.DiscoveryConnector
client: minos.plugins.kong.KongDiscoveryClient
host: localhost
auth-type: jwt
token-exp: 60 # seconds
port: 8001
...
JWT Token creation & refresh
Example on how to create and refresh token. You need to store in database or similar the secret and key returned form kong in order to refresh existing token.
from minos.common import (
UUID_REGEX,
NotProvidedException,
Config,
Inject,
)
from minos.cqrs import (
CommandService,
)
from minos.networks import (
Request,
Response,
enroute,
)
from ..aggregates import (
User,
)
from minos.plugins.kong import KongClient
class UserCommandService(CommandService):
"""UserCommandService class."""
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.kong = self._get_kong_client()
@staticmethod
@Inject()
def _get_kong_client(config: Config) -> KongClient:
"""Get the service name."""
if config is None:
raise NotProvidedException("The config object must be provided.")
return KongClient.from_config(config)
@enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}/jwt", "POST", authenticated=True,
authorized_groups=["admin"], regex_priority=3)
@enroute.broker.command("GetUserJWT")
async def create_user_jwt(self, request: Request) -> Response:
params = await request.params()
uuid = params["uuid"]
user = await User.get(uuid)
if user.uuid == request.user:
token = await self.add_jwt_to_consumer(request.headers.get("X-Consumer-ID"))
return Response({"token": token})
else:
return Response(status=404)
async def add_jwt_to_consumer(self, consumer: str):
resp = await self.kong.add_jwt_to_consumer(consumer=consumer)
res = resp.json()
self.key = res['key']
self.secret = res['secret']
token = await self.kong.generate_jwt_token(key=self.key, secret=self.secret)
return token
@enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}/refresh-jwt", "POST", authenticated=True,
authorized_groups=["admin"], regex_priority=3)
@enroute.broker.command("RefreshJWT")
async def refresh_jwt(self, request: Request) -> Response:
token = await self.kong.generate_jwt_token(key=self.key, secret=self.secret)
return Response({"token": token})
For the route to be authenticated with the method specified above, a parameter called authenticated must be passed:
class CategoryCommandService(CommandService):
@enroute.rest.command("/categories", "POST", authenticated=True, authorized_groups=["super_admin", "admin"])
@enroute.broker.command("CreateCategory")
async def create_category(self, request: Request) -> Response:
try:
content = await request.content()
category = await Category.create(**content)
return Response(category)
except Exception:
raise ResponseException("An error occurred during category creation.")
If authorized_groups is also specified, this means that ACL will be enabled for that path and only users in the specified group will be allowed access.
Example of how to create a user and add them to a group:
from minos.common import (
NotProvidedException,
Config,
Inject,
)
from minos.cqrs import (
CommandService,
)
from minos.networks import (
Request,
Response,
enroute,
)
from ..aggregates import (
Role,
User,
)
from minos.plugins.kong import KongClient
class UserCommandService(CommandService):
"""UserCommandService class."""
@enroute.rest.command("/users", "POST")
@enroute.broker.command("CreateUser")
async def create_user(self, request: Request) -> Response:
"""Create a new ``User`` instance.
:param request: The ``Request`` instance.
:return: A ``Response`` instance.
"""
content = await request.content()
active = True
if "active" in content:
active = content["active"]
user = User(
name=content["name"],
surname=content["surname"],
email=content["email"],
telephone=content["telephone"],
role=content["role"],
active=active,
)
await user.save()
kong = KongClient(self._get_kong_url())
consumer_raw = await kong.create_consumer(username=f"{user.name} {user.surname}", user=user.uuid, tags=[])
consumer = consumer_raw.json()
basic_auth = await kong.add_basic_auth_to_consumer(username=f"{user.name.lower()}_{user.surname.lower()}",
password=content["password"], consumer=consumer["id"])
acl = await kong.add_acl_to_consumer(role=user.role.name.lower(), consumer=consumer["id"])
return Response(user)
@staticmethod
@Inject()
def _get_kong_url(config: Config) -> str:
"""Get the service name."""
if config is None:
raise NotProvidedException("The config object must be provided.")
return f"http://{config.get_by_key('discovery.host')}:{config.get_by_key('discovery.port')}"
Generate JWT example:
from minos.common import (
UUID_REGEX,
NotProvidedException,
Config,
Inject,
)
from minos.cqrs import (
CommandService,
)
from minos.networks import (
Request,
Response,
enroute,
)
from ..aggregates import (
Role,
User,
)
from minos.plugins.kong import KongClient
class UserCommandService(CommandService):
"""UserCommandService class."""
@enroute.rest.command(f"/users/{{uuid:{UUID_REGEX.pattern}}}/jwt", "POST", authenticated=True, authorized_groups=["admin"])
@enroute.broker.command("GetUserJWT")
async def create_user_jwt(self, request: Request) -> Response:
params = await request.params()
uuid = params["uuid"]
user = await User.get(uuid)
if user.uuid == request.user:
kong = KongClient(self._get_kong_url())
jwt = await kong.add_jwt_to_consumer(request.headers.get("X-Consumer-ID"))
return Response(jwt.json())
else:
return Response(status=404)
@staticmethod
@Inject()
def _get_kong_url(config: Config) -> str:
"""Get the service name."""
if config is None:
raise NotProvidedException("The config object must be provided.")
return f"http://{config.get_by_key('discovery.host')}:{config.get_by_key('discovery.port')}"
You can get read the official docs here.
Documentation
The official API Reference is publicly available at the GitHub Pages.
Source Code
The source code of this project is hosted at the GitHub Repository.
Getting Help
For usage questions, the best place to go to is StackOverflow.
Discussion and Development
Most development discussions take place over the GitHub Issues. In addition, a Gitter channel is available for development-related questions.
License
This project is distributed under the MIT license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for minos-discovery-kong-0.7.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 91741841c811db862700ef15fa348c232d04b9870bb0cb60fcfccfcb5947abd3 |
|
| MD5 | f65012c6e7df0bf7ab3c3831724314c7 |
|
| BLAKE2b-256 | 31642b4c0abc065ab3827fe6de850adfe08cb61ee55f65fd283c63631dbccad9 |
Hashes for minos_discovery_kong-0.7.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | db5f52655277d171d7e894443c8cda666c8a16d9dd99de57e6c66095ac0b6487 |
|
| MD5 | 5ad353ccd101c760cca4163c5455ad11 |
|
| BLAKE2b-256 | ecba8f465054298aa6a347460b50aa735ca5f200aa5ff7cfb0c8ca1132abce71 |
