initial commit

Author: Alberto Fuentes

.env

@@ -0,0 +1,2 @@
+ISC_IAM_IMAGE=intersystems/iam:0.34-1-1
+ISC_IRIS_URL=http://IAM:1234@irisA:52773/api/iam/license

.gitattributes

@@ -0,0 +1,5 @@
+*.sh text eol=lf
+*.cls text eol=lf
+*.mac text eol=lf
+*.int text eol=lf
+Dockerfil* text eol=lf

.gitignore

@@ -0,0 +1,3 @@
+.DS_Store
+iris.key
+IAM/**

.vscode/settings.json

@@ -0,0 +1,14 @@
+{
+    "objectscript.export.folder": "src",
+    "objectscript.conn": {
+        "active": false,
+        "username": "superuser",
+        "password": "SYS",
+        "docker-compose": {
+            "service": "irisA"
+        },
+        "ns": "WEBINAR",
+        "port": 52773,
+        "host": "localhost"
+    }
+}

Dockerfile

@@ -0,0 +1,39 @@
+FROM containers.intersystems.com/intersystems/iris:2020.2.0.211.0
+
+USER root
+
+COPY --chown=$ISC_PACKAGE_MGRUSER:$ISC_PACKAGE_IRISGROUP irissession.sh /
+RUN chmod +x /irissession.sh
+
+# copy source code
+RUN mkdir -p /opt/webinar/install
+COPY install /opt/webinar/install
+RUN mkdir -p /opt/webinar/src
+COPY src /opt/webinar/src/
+
+# change permissions to IRIS user
+RUN chown -R ${ISC_PACKAGE_MGRUSER}:${ISC_PACKAGE_IRISGROUP} /opt/webinar
+
+USER irisowner
+
+# download zpm package manager
+RUN mkdir -p /tmp/deps \
+ && cd /tmp/deps \
+ && wget -q https://pm.community.intersystems.com/packages/zpm/latest/installer -O zpm.xml
+
+
+SHELL ["/irissession.sh"]
+
+RUN \
+    zn "USER" \
+    # load & compile source code
+    do $system.OBJ.Load("/opt/webinar/src/Webinar/Installer.cls", "ck") \
+    do ##class(Webinar.Installer).Run() \
+    # install zpm & webterminal
+    zn "WEBINAR" \
+    Do $system.OBJ.Load("/tmp/deps/zpm.xml", "ck") \
+    zpm "install webterminal" \
+    set sc = 1 
+
+# bringing the standard shell back
+SHELL ["/bin/bash", "-c"]   

README.md

@@ -0,0 +1,28 @@
+# Workshop: REST and InterSystems API Manager
+This repository contains the materials and some examples you can use to learn the basic concepts of REST and IAM. 
+
+You can find more in-depth information in https://learning.intersystems.com.
+
+# What do you need to install? 
+* [Git](https://git-scm.com/downloads) 
+* [Docker](https://www.docker.com/products/docker-desktop) (if you are using Windows, make sure you set your Docker installation to use "Linux containers").
+* [Docker Compose](https://docs.docker.com/compose/install/)
+* [Visual Studio Code](https://code.visualstudio.com/download) + [InterSystems ObjectScript VSCode Extension](https://marketplace.visualstudio.com/items?itemName=daimor.vscode-objectscript)
+* [Postman](https://www.getpostman.com/downloads/)
+
+# Setup
+Build the image we will use during the workshop:
+
+```console
+$ git clone https://github.com/intersystems-ib/workshop-rest-iam
+$ cd workshop-rest-iam
+$ docker-compose build
+```
+
+# Examples
+
+## (a). TODO
+Container registry
+IAM license
+IAM install
+start

docker-compose.yml

@@ -0,0 +1,128 @@
+version: '3.2'
+
+services:
+  
+  # ==================
+  # InterSystems IRIS
+  # ==================
+
+  # irisA instance
+  irisA:
+    build:
+      context: .
+    container_name: irisA
+    image: workshop-rest-iam:latest
+    ports:
+    - "52773:52773"
+    volumes:
+    - ./iris.key:/usr/irissys/mgr/iris.key
+    - ./shared:/shared
+
+  # irisB instance  
+  irisB:
+    image: workshop-rest-iam:latest
+    container_name: irisB
+    ports:
+    - "52774:52773"
+    volumes:
+    - ./iris.key:/usr/irissys/mgr/iris.key
+    - ./shared:/shared
+
+  # irisC instance 
+  irisC:
+    image: workshop-rest-iam:latest
+    container_name: irisC
+    ports:
+    - "52775:52773"
+    volumes:
+    - ./iris.key:/usr/irissys/mgr/iris.key
+    - ./shared:/shared
+
+  
+  # ===================================
+  # IAM - InterSystems API Manager 0.34
+  # ===================================
+  iam-migrations:
+    image: "${ISC_IAM_IMAGE}"
+    command: kong migrations up
+    depends_on:
+      - db
+    environment:
+      KONG_DATABASE: postgres
+      KONG_PG_DATABASE: ${KONG_PG_DATABASE:-iam}
+      KONG_PG_HOST: db
+      KONG_PG_PASSWORD: ${KONG_PG_PASSWORD:-iam}
+      KONG_PG_USER: ${KONG_PG_USER:-iam}
+      KONG_CASSANDRA_CONTACT_POINTS: db
+      ISC_IRIS_URL: "${ISC_IRIS_URL}"
+    restart: on-failure
+    links:
+      - db:db
+  iam:
+    image: "${ISC_IAM_IMAGE}"
+    depends_on:
+      - db
+      - irisA
+    environment:
+      KONG_ADMIN_ACCESS_LOG: /dev/stdout
+      KONG_ADMIN_ERROR_LOG: /dev/stderr
+      KONG_ADMIN_LISTEN: '0.0.0.0:8001'
+      KONG_ANONYMOUS_REPORTS: 'off'
+      KONG_CASSANDRA_CONTACT_POINTS: db
+      KONG_DATABASE: postgres
+      KONG_PG_DATABASE: ${KONG_PG_DATABASE:-iam}
+      KONG_PG_HOST: db
+      KONG_PG_PASSWORD: ${KONG_PG_PASSWORD:-iam}
+      KONG_PG_USER: ${KONG_PG_USER:-iam}
+      KONG_PROXY_ACCESS_LOG: /dev/stdout
+      KONG_PROXY_ERROR_LOG: /dev/stderr
+      KONG_PORTAL: 'on'
+      KONG_PORTAL_GUI_PROTOCOL: http
+      KONG_PORTAL_GUI_HOST: '127.0.0.1:8003'
+      ISC_IRIS_URL: "${ISC_IRIS_URL}"
+    links:
+      - db:db
+    ports:
+      - target: 8000
+        published: 8000
+        protocol: tcp
+      - target: 8001
+        published: 8001
+        protocol: tcp
+      - target: 8002
+        published: 8002
+        protocol: tcp
+      - target: 8003
+        published: 8003
+        protocol: tcp
+      - target: 8004
+        published: 8004
+        protocol: tcp
+      - target: 8443
+        published: 8443
+        protocol: tcp
+      - target: 8444
+        published: 8444
+        protocol: tcp
+      - target: 8445
+        published: 8445
+        protocol: tcp
+    restart: on-failure
+  db:
+    image: postgres:latest
+    environment:
+      POSTGRES_DB: ${KONG_PG_DATABASE:-iam}
+      POSTGRES_PASSWORD: ${KONG_PG_PASSWORD:-iam}
+      POSTGRES_USER: ${KONG_PG_USER:-iam}
+    volumes:
+      - 'pgdata:/var/lib/postgresql/data'
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "${KONG_PG_USER:-iam}"]
+      interval: 30s
+      timeout: 30s
+      retries: 3
+    restart: on-failure
+    stdin_open: true
+    tty: true
+volumes:
+  pgdata:

install/Webinar-Role.xml

@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<RolesExport>
+  <Roles>
+    <Name>Webinar</Name>
+    <Resources>
+      <Resource>
+        <Name>%DB_%DEFAULT</Name>
+        <Permission>3</Permission>
+      </Resource>
+      <Resource>
+          <Name>%DB_USER</Name>
+          <Permission>3</Permission>
+      </Resource>
+    </Resources>
+  </Roles>
+  <Roles>
+    <Name>Webinar</Name>
+    <Resources>
+      <Resource>
+        <Name>%DB_%DEFAULT</Name>
+        <Permission>3</Permission>
+      </Resource>
+      <Resource>
+          <Name>%DB_USER</Name>
+          <Permission>3</Permission>
+      </Resource>
+    </Resources>
+  </Roles>
+  <SQLPrivileges>
+    <Namespace>WEBINAR</Namespace>
+    <SQLObject>1,Webinar_Data.Player</SQLObject>
+    <Privilege>d</Privilege>
+    <Grantee>Webinar</Grantee>
+    <Grantor>SuperUser</Grantor>
+    <Grantable>0</Grantable>
+  </SQLPrivileges>
+  <SQLPrivileges>
+    <Namespace>WEBINAR</Namespace>
+    <SQLObject>1,Webinar_Data.Player</SQLObject>
+    <Privilege>i</Privilege>
+    <Grantee>Webinar</Grantee>
+    <Grantor>SuperUser</Grantor>
+    <Grantable>0</Grantable>
+  </SQLPrivileges>
+  <SQLPrivileges>
+    <Namespace>WEBINAR</Namespace>
+    <SQLObject>1,Webinar_Data.Player</SQLObject>
+    <Privilege>s</Privilege>
+    <Grantee>Webinar</Grantee>
+    <Grantor>SuperUser</Grantor>
+    <Grantable>0</Grantable>
+  </SQLPrivileges>
+  <SQLPrivileges>
+    <Namespace>WEBINAR</Namespace>
+    <SQLObject>1,Webinar_Data.Player</SQLObject>
+    <Privilege>u</Privilege>
+    <Grantee>Webinar</Grantee>
+    <Grantor>SuperUser</Grantor>
+    <Grantable>0</Grantable>
+  </SQLPrivileges>
+  <SQLPrivileges>
+    <Namespace>WEBINAR</Namespace>
+    <SQLObject>1,Webinar_Data.Team</SQLObject>
+    <Privilege>d</Privilege>
+    <Grantee>Webinar</Grantee>
+    <Grantor>SuperUser</Grantor>
+    <Grantable>0</Grantable>
+  </SQLPrivileges>
+  <SQLPrivileges>
+    <Namespace>WEBINAR</Namespace>
+    <SQLObject>1,Webinar_Data.Team</SQLObject>
+    <Privilege>i</Privilege>
+    <Grantee>Webinar</Grantee>
+    <Grantor>SuperUser</Grantor>
+    <Grantable>0</Grantable>
+  </SQLPrivileges>
+  <SQLPrivileges>
+    <Namespace>WEBINAR</Namespace>
+    <SQLObject>1,Webinar_Data.Team</SQLObject>
+    <Privilege>s</Privilege>
+    <Grantee>Webinar</Grantee>
+    <Grantor>SuperUser</Grantor>
+    <Grantable>0</Grantable>
+  </SQLPrivileges>
+  <SQLPrivileges>
+    <Namespace>WEBINAR</Namespace>
+    <SQLObject>1,Webinar_Data.Team</SQLObject>
+    <Privilege>u</Privilege>
+    <Grantee>Webinar</Grantee>
+    <Grantor>SuperUser</Grantor>
+    <Grantable>0</Grantable>
+  </SQLPrivileges>
+</RolesExport>

install/user-iam.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<UsersExport>
+  <Users>
+    <AccountNeverExpires>true</AccountNeverExpires>
+    <AutheEnabled>0</AutheEnabled>
+    <ChangePassword>false</ChangePassword>
+    <CreateDateTime>65559,49486.273898</CreateDateTime>
+    <Enabled>true</Enabled>
+    <ExpirationDate>1840-12-31</ExpirationDate>
+    <Flags>1</Flags>
+    <FullName>User for /api/iam Web Application</FullName>
+    <HOTPKey>0DAcwOp5xQSFDlpul+AeYMhpcF8=</HOTPKey>
+    <HOTPKeyGenerate>false</HOTPKeyGenerate>
+    <HOTPKeyDisplay>false</HOTPKeyDisplay>
+    <LastModifiedDateTime>65623,37019.832752</LastModifiedDateTime>
+    <LastModifiedInfo>
+Enabled modified:
+  New value: Yes
+  Old value: No
+
+Password modified:
+  New value: *****
+  Old value: *****
+</LastModifiedInfo>
+    <LastModifiedUsername>SuperUser</LastModifiedUsername>
+    <Name>IAM</Name>
+    <Password>4BnynQwFCJFECG9ZqINnT3lC/vY=</Password>
+    <PasswordNeverExpires>true</PasswordNeverExpires>
+    <PasswordChangedDateTime>65623,37019.832609</PasswordChangedDateTime>
+    <Roles>
+      <RolesItem>%IAM_API</RolesItem>
+    </Roles>
+    <Salt>FT33QuW0h9c=</Salt>
+  </Users>
+</UsersExport>

install/webapp-iam.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ApplicationsExport>
+  <Applications>
+    <AutheEnabled>32</AutheEnabled>
+    <AutoCompile>false</AutoCompile>
+    <CookiePath>/api/iam/</CookiePath>
+    <CSPZENEnabled>true</CSPZENEnabled>
+    <CSRFToken>false</CSRFToken>
+    <DeepSeeEnabled>false</DeepSeeEnabled>
+    <Description>IAM REST Apis</Description>
+    <DispatchClass>%Api.IAM.v1.disp</DispatchClass>
+    <Enabled>true</Enabled>
+    <HyperEvent>0</HyperEvent>
+    <iKnowEnabled>false</iKnowEnabled>
+    <InbndWebServicesEnabled>false</InbndWebServicesEnabled>
+    <IsNameSpaceDefault>false</IsNameSpaceDefault>
+    <LockCSPName>true</LockCSPName>
+    <Name>/api/iam</Name>
+    <NameSpace>%SYS</NameSpace>
+    <Recurse>true</Recurse>
+    <Resource>%IAM</Resource>
+    <ServeFiles>1</ServeFiles>
+    <ServeFilesTimeout>3600</ServeFilesTimeout>
+    <Timeout>3600</Timeout>
+    <TwoFactorEnabled>false</TwoFactorEnabled>
+    <Type>2</Type>
+    <UseCookies>2</UseCookies>
+  </Applications>
+</ApplicationsExport>