Worf
Worf is deprecated since Warp 10 2.1.0
From 2.1.0 version, refer to the TOKENGEN command. TOKENGEN and TOKENDUMP within WarpScript allow greater flexibility and automation.
This page is here for previous Warp 10 revisions.
If you use Worf command line in your scripts (i.e.
./warp10-standalone-2.1.0.sh worf appName ttl(ms)
), you can always use it with Warp 10 2.1.0 multiple configurations files. You need to move or copy thewarp.aes.*
andwarp.hash.*
keys from youretc/conf.d/.conf
to a new fileetc/conf.d/00-secrets.conf
. This method will work, but is not supported.
Worf User Guide
Used to generate read/write Warp 10s tokens.
Prerequisites
- JVM 1.7 or upper
- Warp 10 full Jar
- Warp 10 configuration file
Start
Launch Worf with this command line.
$ java -cp warp-full-<revision name>.jar io.warp10.worf.Worf -i <path to Warp10 configuration file>
Worf loads the Warp 10 configuration file and extracts hash and AES keys necessary for token delivery
- Use
<Tab>
for the complete list of commands. - Use
<Up or Down>
for the commands history.
Two mode are available
- interactive mode ( -i), prompts the user on the command line
- scripting mode (default), all parameters should be set on the command line.
Generate Configuration from standalone template
java -cp warp-full-<revision name>.jar io.warp10.worf.Worf -i /path/to/warp10.conf
Worf loads the Warp 10 standalone template, generates hash and AES keys, writes it by default at the same path.
Save defaults (uuid, application name)
If you generate a configuration file and tokens in the same command (io.warp10.worf.Worf -t -a <name> -ttl 10000000 -puidg <template>
) Worf can save a default configuration (.
- the producer uuid
- the owner uuid
- the application name
These values are taken by default, with the interactive or scripting mode.
Encode token
You can encode tokens with the encodeToken
command or -t option. You have to enter this following fields:
- token type (read or write)
- application name
- producer UUID
- owner UUID (enter for use producer UUID as Owner)
- time to live (in milliseconds)
- encode or cancel
You will have the following output
token=oUKQCEBFEFdhHkgllX1Bimlg3gpi53pg2YZZ5qYfmUdm2yomtFMG91m73mSe5DpbQcEnDaH0B_OvFvsx3c9_7_ujWM8oap.Al6nsWYUZcXHIfZ6yt9pY5.
tokenIdent=a25b04e4882dbf1f
application name=test.application.name
producer & owner=4430fb04-ba03-11e5-ae25-535a84589344 & 4430fb04-ba03-11e5-ae25-535a84589344
ttl=120000000
You can use this token immediately on fetch, update or delete endpoints. The token identifier can be used for revoke this token by adding it inside a TRL (token revocation list)
Decode token
You can decode and print token properties (only available in interactive mode). You also can convert write tokens into read token with strictly the same properties (validity, application, owner & producer uuids).
Quit
No command history is stored by Worf.
TOKENGEN
Since Warp 10 1.2.2, a new TokenGen
Worf command exists which uses the TOKENGEN
function from io.warp10.script.ext.token.TokenWarpScriptExtension
.
The TOKENGEN
function only useable from Worf (needs a KeyStore).
Tokens are described as a WarpScript map.
it will execute the WarpScript code from in.mc2
and outputs the stack as JSON to out.json
:
$ java -cp warp-full-<revision name>.jar io.warp10.worf.TokenGen /path/to/warp10.conf in.mc2 out.json
Example of in.mc2
{
'id' 'nameoftoken' // for bookkeeping purposes
'type' 'READ' // or 'WRITE'
'application' 'app' // Name of applications for this token
'owner' 'UUID' // UUID of the data owner for WRITE tokens or the billed user for READ tokens
'issuance' NOW 1 ms / // Time of token issuance (in ms since the Unix Epoch)
'expiry' NOW 30 d + 1 ms / // Time of token expiry (in ms since the Unix Epoch)
'ttl' 300 d 1 ms / // Time To Live of the token, use if not using 'expiry' (in ms since the Unix Epoch)
'labels' {} // Map of token labels
'attributes' {} // Map of token attributes
// The following keys are only for READ tokens, can be omitted, the token is then considered a WildCard token.
'owners' [ /* List of UUIDs */ ]
'producers' [ /* List of UUIDs */ ]
'applications' [ /* List of application names or regexps (if more than one) */ ]
// The following key is only for WRITE tokens and is mandatory.
'producer' 'UUID' // UUID of the data producer
} TOKENGEN
Example of out.json
{
"id": "nameoftoken", // Value of the ‘id’ field from the TOKENGEN parameter map
"token": "..." , // Encoded token
"ident": "hhhhhhhhhhhhhhhh" // TokenIdent, for use in Token Revocation List
}
Can use
-
for stdin / stdout:$ java -cp warp-full-<revision name>.jar io.warp10.worf.TokenGen /path/to/warp10.conf - -