基础>> traefik-kuzzle-auth>> 返回
项目作者: alexandrebouthinon

项目描述 :
Traefik Plugin from Basic Auth using Kuzzle as authentication provider and Basic Auth
高级语言: Go
项目地址: git://github.com/alexandrebouthinon/traefik-kuzzle-auth.git
创建时间: 2021-01-06T21:44:48Z
项目社区:https://github.com/alexandrebouthinon/traefik-kuzzle-auth
开源协议:MIT License
下载


Traefik plugin: Kuzzle Auth

GitHub release (latest by date)
GitHub branch checks state
codecov
Go Report Card
GitHub

What?

This is a Traefik Basic Auth Plugin using Kuzzle as authentication provider.

Why?

One authentication system to rule them all :sunglasses:

Kuzzle offer a complex and fine-grained RBAC authentication system, why do not use it everywhere?

How?

:warning: At this time, Traefik Plugin system is still an experimental feature use it with caution. You can freeze your Traefik version to increase stability if you want to use this plugin on a real world use case

Prerequisites

  • A valid Traefik Pilot token for your Traefik instance.
  • A running Kuzzle server in which one or more users are configured.

Demo

You can found a demonstration Docker Compose file (docker-compose.demo.yml) in the repository root. 

  1. TRAEFIK_PILOT_TOKEN="xxxx" docker-compose -f docker-compose.demo.yml up -d

This will launch:

  • A complete Kuzzle stack (Kuzzle, Elasticsearch and Redis containers).
  • A Traefik instance with dashboard and latest released plugin version enabled and only available using admin Kuzzle user
  • A whoami instance available using both admin and developer Kuzzle users

Once all containers are started and healthy, you can use the Kuzzle Admin Console to create your users (admin and developer).

Installation

Declare it in the Traefik configuration:

YAML

  1. pilot:
  2.   token: "xxxx"
  3. experimental:
  4.   plugins:
  5.     traefik-kuzzle-auth:
  6.         moduleName: github.com/alexandrebouthinon/traefik-kuzzle-auth
  7.         version: v0.1.0

TOML

  1. [pilot]
  2.   token = "xxxx"
  3. [experimental.plugins.fail2ban]
  4.     moduleName = "github.com/alexandrebouthinon/traefik-kuzzle-auth"
  5.     version = "v0.1.0"

CLI

  1. --pilot.token=${TRAEFIK_PILOT_TOKEN}
  2. --experimental.plugins.traefik-kuzzle-auth.moduleName=github.com/alexandrebouthinon/traefik-kuzzle-auth
  3. --experimental.plugins.traefik-kuzzle-auth.version=v0.1.0

Configuration

YAML

  1. middlewares:
  2.   your-well-named-middleware:
  3.     plugin:
  4.       traefik-kuzzle-auth:
  5.         customRealm: "Use a valid Kuzzle user to authenticate" # optional
  6.         kuzzle:
  7.           url: "http://localhost:7512" # required
  8.           routes: # optional
  9.             login: /_login/local
  10.             getCurrentUser: /_me # With Kuzzle v1 you must use '/users/_me'
  11.           allowedUsers: # optional
  12.             - admin
  13.             - developer

TOML

  1. [middlewares]
  2.   [middlewares.your-well-named-middleware]
  3.     [middlewares.your-well-named-middleware.plugin]
  4.       [middlewares.your-well-named-middleware.plugin.traefik-kuzzle-auth]
  5.         customRealm = "Use a valid Kuzzle user to authenticate" # optional
  7.         [middlewares.your-well-named-middleware.plugin.traefik-kuzzle-auth.kuzzle]
  8.           url = "http://localhost:7512" # required
  9.           allowedUsers = ["admin", "developer"] # optional
  11.           [middlewares.your-well-named-middleware.plugin.traefik-kuzzle-auth.kuzzle.routes] # optional
  12.             login = "/_login/local"
  13.             getCurrentUser = "/_me" # With Kuzzle v1 you must use '/users/_me'

Docker Compose Labels

  1. labels:
  2.   - "traefik.http.middlewares.your-well-named-middleware.plugin.traefik-kuzzle-auth.customRealm=Use a valid Kuzzle user to authenticate" # optional
  3.   - "traefik.http.middlewares.your-well-named-middleware.plugin.traefik-kuzzle-auth.kuzzle.url=http://kuzzle:7512" # required
  4.   - "traefik.http.middlewares.your-well-named-middleware.plugin.traefik-kuzzle-auth.kuzzle.routes.login=/_login/local" # optional
  5.   - "traefik.http.middlewares.your-well-named-middleware.plugin.traefik-kuzzle-auth.kuzzle.routes.getCurrentUser=/_me" # With Kuzzle v1 you must use '/users/_me' (optional)
  6.   - "traefik.http.middlewares.your-well-named-middleware.plugin.traefik-kuzzle-auth.kuzzle.allowedUsers=admin,developer" # optional

Development

You can found a development Docker Compose file (docker-compose.dev.yml) in the repository root. 

  1. TRAEFIK_PILOT_TOKEN="xxxx" docker-compose -f docker-compose.dev.yml up -d

This will launch:

  • A complete Kuzzle stack (Kuzzle, Elasticsearch and Redis containers).
  • A Traefik instance with dashboard and latest released plugin version enabled and only available using admin Kuzzle user
  • A whoami instance available using both admin and developer Kuzzle users

Once all containers are started and healthy, you can use the Kuzzle Admin Console to create your users (admin and developer).

Roadmap

New ideas are welcome, feel free to fill out an issue and let’s discuss it :wink:

What is Kuzzle?

Kuzzle is a generic backend offering the basic building blocks common to every application.

Rather than developing the same standard features over and over again each time you create a new application, Kuzzle proposes them off the shelf, allowing you to focus on building high-level, high-value business functionalities.

Kuzzle enables you to build modern web applications and complex IoT networks in no time.

  • API First: use a standardised multi-protocol API.
  • Persisted Data: store your data and perform advanced searches on it.
  • Realtime Notifications: use the pub/sub system or subscribe to database notifications.
  • User Management: login, logout and security rules are no more a burden.
  • Extensible: develop advanced business feature directly with the integrated framework.
  • Client SDKs: use our SDKs to accelerate the frontend development.