After configuring Content Gateway, determine whether it is working correctly with Swarm and Elasticsearch by performing a functional verification. Create a domain within Gateway, then a bucket under that domain, then an object in that bucket. Perform a search query and read against the object. Create tokens for S3 client token authentication, and assign a Gateway tenant context to a domain. If any of these requests fail see https://perifery.atlassian.net/wiki/spaces/public/pages/2443817203.

Authentication

The default install has an "anonymous can do anything" policy.json and an empty idsys.json (therefore, no users). Before proceeding with verification, set up authentication.

Note the following assumptions and requirements:

• The authentication store of choice as referenced in Content Gateway's root "idsys.json" is configured correctly and ready to handle authentication requests (LDAP, Active Directory, or local Linux PAM — pluggable authentication modules).

• The user designated as the top level "root" user for Content Gateway is named "admin" with password of "password".

• Gateway's root "policy.json" is properly configured to allow this user full access rights for operations to the entire cluster.

See https://perifery.atlassian.net/wiki/spaces/public/pages/2443816796

Create Domain, Bucket, and Object

A domain and bucket in the domain are created then an object is instantiated in the bucket. 

1. Domain creation of domain 'demodomain.caringodemo.int' in the cluster 'caringodemo.int' (Gateway target GATEWAY:PORT): 

   curl -v -u "admin:password" -X POST -d "" "http: //GATEWAY:PORT/?domain=demodomain.caringodemo.int&createdomain" -H "content-type:application/castorcontext"

2. Bucket creation of 'bucket1' in the new domain 'demodomain.caringodemo.int': 

   curl -v -u "admin:password" -X POST -d "" "http://GATEWAY:PORT/bucket1?domain=demodomain.caringodemo.int" -H "content-type:application/castorcontext"

3. Placing a file/stream/object 'install.log' in the bucket 'bucket1' within the domain 'demodomain.caringodemo.int': 

   curl -v -u "admin:password" -X POST --data-binary @install.log "http://GATEWAY:PORT/bucket1/install.log?domain=demodomain.caringodemo.int"

4. Listing the indexed bucket(s) and contents of bucket 'bucket1' in the domain 'demodomain.caringodemo.int': 

5. Retrieving the stream 'install.log' from bucket 'bucket1' in domain 'demodomain.caringodemo.int':

Create Tokens for S3 Clients

Proceed to token creation now that basic operations using Swarm SCSP are used to verify functionality. This allows for the creation of token/secret pairs for a given domain, which can then be assigned to S3 clients to allow them access via Content Gateway's S3 protocol.

These commands assume a user "myuser" is creating the necessary tokens to set up an S3 client for access.

1. Create a token for S3 token auth that expires Jan 1, 2020 at 00:00:01 hours (POSIX time converter at onlineconversion.com/unix_time.htm):

2. List tokens for domain demodomain.caringodemo.int:

3. List the header (including secret key) info for a given token:

The key part of the output for this is: ... X-User-Secret-Key-Meta: MySecretKey ...

An S3 client should be configured to use the hexadecimal token along with the assigned secret to authenticate using Gateway's S3 protocol service.

Assign Tenancy to Domains under Gateway

To use Gateway's tenant functionality, add the tenant context to any domain that is created within such a deployment. To assign tenancy at domain creation time, issue a domain creation request using the following parameters:

The key parameter is -H "x-tenant-meta-name: customerdemo" — this is the header assignment designating the domain Created is assigned to the 'customerdemo' tenant context.