We use Orion to register subscriptions. There are two kinds of subscriptions in our application:
user subscriptions: they are created by the user using our GUI.
internal subscriptions: they are used by the system for communication between the components.
The problem is to distinguish the two, in order to present the user with only user-oriented subscriptions.
Which field of the subscriptions can I use? It would be nice to have a field "type", for instance.
I agree with what Jose Manuel says, it would be a really nice feature.
In addition to his reply, in the meantime I think you can use "metadata" field in subscriptions for distinguish between user subscriptions and internal subscriptions. Just have in mind that this field is not supposed for this purposes and its kind a "dark" way to implement the behavior that you want.
Here is an example of a subscription creation with my approach. In this case you create a subscription with the metadata field "isInternal" that just tells you that this is an internal subscription. Then you can use another different metadata field as a token, just to identify a user subscription:
curl -X POST \
http://localhost:1026/v2/subscriptions \
-H 'Content-Type: application/json' \
-d '{
"description": "A subscription to get info about Room1",
"subject": {
"entities": [
{
"id": "Room1",
"type": "Room"
}
],
"condition": {
"attrs": [
"temperature"
]
}
},
"notification": {
"http": {
"url": "http://localhost:1028/accumulate"
},
"attrs": ["temperature"],
"metadata": ["isInternal"]
}
}'
For more information about metadata field in subscriptions and his normal use please refer to this documentation.
In the future probably it would be nice to open the possibility to extra fields in a subscription (application defined) and to be able make queries over subscriptions (something which cannot be currently done).
A solution could be to make use of the description field associated to subscription to distinghuish between both types.
Related
Our system needs to return several KPIs grouped in different topics:
Census:
citizens (number of inhabitants)
citizens without any studies
...
Information desk
Phone response time
Mail response time
...
Tax
Online payments
Window payments
...
To my understanding, it would make sense to have an entity for each topic and each KPI being a KeyPerformanceIndicator attribute. eg: This could work similar to:
{
"description": "Census Information system",
"dataProvided": {
"entities": [
{
"idPattern": ".*"
}
],
"attrs":[ //THIS SEEMS AN INTERESTING APPROACH, BUT SADLY ALSO INVALID
{
"name": "citizens",
"type": "KeyPerformanceIndicator"
},
{
"name": "citizens_without_studies",
"type": "KeyPerformanceIndicator"
},
//...
]
},
"provider": {
"http": {
"url": "http://myhost/v2/census"
}
}
}
(TL;DR: "attrs" supports strings only, so can't return complex/data modeled types, like KPI)
Setting this happy idea aside, what it would be a good approach to solve this?
Must each KPI be an entity?
Is NGSI-LD what I'm looking for?
I think your case can be solved in NGIv2. Let my try to explain.
Must each KPI be an entity?
Yes. That's the usual way of modelling KPIs according to the KPIs datamodel. Each KPI is modeled as an entity of type KeyPerformanceIndicator.
Can KPIs be categorized?
Yes. You can use the category attribute to do that.
For instance, you can have an KPI "Online payments" of category "Tax Information" modeled this way:
{
"id": "OnlinePayments",
"type": "KeyPerformanceIndicator",
...
"category": ["taxInformation"],
...
}
Note that category is an array, so a given KPI could belong to more than one category (although in your use case it seems that each KPI belongs to exactly one category so you don't need this feature)
How can I get KPIs that belong to a given category?
You can use regular Orion Context Broker filtering features for that. For instance, to get all KPIs in category taxInformation you could use this key:
GET /v2/entitites?type=KeyPerformanceIndicator&q=category:taxInformation
or this expression in subscriptions:
{
"subject": {
"entities": [
{
"idPattern": ".*",
"type": "KeyPerformanceIndicator"
}
],
"condition": {
...
"expression": {
"q": "category:taxInformation"
}
}
},
...
}
If what you are trying to accomplish is to offer an NGSI interface for your KPI data, you can just create your own adaptor on top of your database that offers a REST interface compliant with NGSI-LD and such service can just return entities of type KeyPerformanceIndicator. Then, you can federate it to a Context Broker with a simple registration i.e. for entities of type KeyPerformanceIndicator. And that's all.
The usage of Linked Data would be recommendable as well, so I would go for NGSI-LD, as it has been officially endorsed by ETSI.
I have configured Vault Database Secret Engine with MySQL. Vault generates a unique user each time we ask for temporary credentials. Sometimes we want to know which user has executed the query in the database.
Upon finding the user, how shall I map the user name generated by Vault with the one who query the credentials from Vault? For example, if John with a token queries at:
database/creds/vault-mysql-role
and vault generates the user name for John:
v-token-vault-mysq-2OSTesyjNuCk9
How shall I match the user v-token-vault-mysq-2OSTesyjNuCk9 with John and find out that it was John who executed the query! I have checked audit logs but doesn't seem contain any info like this.
The audit log does contain this information, just not directly.
The audit log includes the response sent to the client, but all values are hashed. You can use the sys/audit-hash endpoint to compute the hash for the username you're looking for, and then search the audit log for a record with the response.data.username field set to this hash:
$ vault write sys/audit-hash/file input=v-token-vault-mysq-2OSTesyjNuCk9
Key Value
--- -----
hash hmac-sha256:c78424ed34000ffdde18d51bc950507129a2fece391d12fcd1095336204ed460
$ grep hmac-sha256:c78424ed34000ffdde18d51bc950507129a2fece391d12fcd1095336204ed460 audit.log | jq .
{
"auth": {
"token_type": "service",
"client_token": "hmac-sha256:5a134faa99fd944a8be6d58fff9aa0e2794241ca25972e5cd8b65feb4bec9713",
"accessor": "NkBx2TO4h10cN2iqKboDweFE",
"policies": [
"default",
"database"
],
"display_name": "token-bd6b709e-99d6-bd29-fedd-fd5c97ef6564-my-app",
"token_policies": [
"default",
"database"
]
},
"request": {
"operation": "read",
"id": "40198a5b-2796-e4f9-51b4-1094db130468",
"client_token_accessor": "NkBx2TO4h10cN2iqKboDweFE",
"client_token": "hmac-sha256:5a134faa99fd944a8be6d58fff9aa0e2794241ca25972e5cd8b65feb4bec9713",
"path": "database/creds/vault-mysql-role",
"namespace": {
"id": "root"
},
"remote_address": "192.0.2.1"
},
"response": {
"data": {
"username": "hmac-sha256:f746cf79101e8aa1f5f225af1a5bcc43d34040ccb00739551aa8be6455951a25",
"password": "hmac-sha256:c78424ed34000ffdde18d51bc950507129a2fece391d12fcd1095336204ed460"
},
"secret": {
"lease_id": "database/creds/my-app/ISAf9HmK4REjTBhVnKbzJ3sw"
}
},
"type": "response"
}
I made these values up, of course, but you can see that the auth field contains a bunch of information about the client.
If the auth fields are not sufficient, you can use the auth.accessor field with the auth/token/lookup-accessor endpoint to get a bit more, such as an entity_id, for example, which can be mapped to a persona (see Identity: Entities and Groups, identity/lookup/entity).
Recently some registrations of commands expired so I am trying to patch their "expires" attribute. However, I receive a 405 method not allowed message error.
Retrieving info about the registration:
curl -X GET \
http://localhost:1026/v2/registrations/5d3ff3e2ab1e270d7775a7bf \
-H 'Accept: application/json'
{
"id": "5d3ff3e2ab1e270d7775a7bf",
"expires": "2019-08-29T07:38:10.00Z",
"dataProvided": {
"entities": [
{
"id": "urn:ngsi-ld:ActuatorScreenshot:001",
"type": "Actuator"
}
],
"attrs": [
"Screen"
]
},
"provider": {
"http": {
"url": "http://localhost:4041"
},
"supportedForwardingMode": "all",
"legacyForwarding": true
},
"status": "active"
}
I attempted following the example from http://telefonicaid.github.io/fiware-orion/api/v2/stable/:
curl -X PATCH \
http://localhost:1026/v2/registrations/5d3ff3e2ab1e270d7775a7bf \
-d '{
"expires":"2040-10-04T00:00:00"
}'
But as I said I got the error message:
405 Method Not Allowed
Feel free to ask for more info.
The operation to modify registrations has not been yet implemented in Orion 2.2.0 (last version in the moment of writing this). As mentioned in Orion documentation:
Orion implements registration management as described in the NGSIv2
specification, except for the following aspects:
List item PATCH /v2/registration/<id> is not implemented. Thus, registrations cannot be updated directly. I.e., updates must be done
deleting and re-creating the registration. Please see this
issue about
this.
However, the workaround is pretty simple: delete the old registration and create a new one with the modified parameters.
I'm using Orion with Keyrock, PEPproxy, Cygnus and STH-comet, but I'm having many issues with the subscriptions part. I want to send only one request to orion to subscribe all atributes of all entities in many services like Cygnus and STH. I'm using this body but I don't know how to add other notification URL.
{
"subject":{
"entities": [
{
"type": "Nodo_aire",
"idPattern": ".*"
}
],
"condition":{
"attrs": []
}
},
"notification":{
"http":{"url":"http://192.168.1.51:5050/notify"},
"attrs": [],
"attrsFormat":"legacy"
},
"expires": "2099-12-31T23:00:00.00Z",
"throttling": 5
}
I was reading the Orion documentation and the NGSIv2, but i dont find a related section or a solution in these documents.
Orion doesn't support (at least in the newest version) multi-URL subscriptions. However, there is an easy workaround: to implement a subscription for each one of the URLs.
I have made this subscription but it notifies always a attribute is changed.
curl --include \
--header 'Content-Type: application/json' \
--request POST \
--data-binary '{
"attrsFormat":"legacy",
"description": "Day subscription",
"subject": {
"entities": [
{
"idPattern": "es-leon-.*",
"type": "Event"
}
],
"condition": {
"attrs": [
"idEvent",
"Title",
"dFlag"
],
"expression": {
"q": "dFlag>0"
}
}
},
"notification": {
"http": {
"url" : "http://localhost:5050/notify"
},
"attrs": [
"idEvent",
"Title",
"dFlag"
]
}
}' \
'http://localhost:1026/v2/subscriptions'
I want that orion notify when any attribute described in the condition is changed AND the condition is satisfied.
Example I have in orion this entitys:
Concert1 (idEvent=Mozart, Title=Mconcert, dFlag=1)
Concert2 (idEvent=Salieri, Title=Sconcert, dFlag=0)
I want that when I made a change to any attribute of Concert1, as the condition is satisfied, it will notify.
In the case of Concert2, as the condition is not satisfied, it will not notify.
Is it posible? what I have wrong in this subscription example?
In the documentation do not said much:
condition: Condition that will trigger the notification. It can have
two optional properties:
attrs: array of attribute names
expression: an expression composed of q, georel, geometry and coords (see "List entities" operation above about this field).
List entities
q: A query expression, composed of a list of statements separated by ;, i.e. q=statement;statements;statement. See Simple Query Language specification. Example: temperature>40.
Version de orion: 1.1
This could be due to a problem in subscriptions cache management in Orion 1.1. So, the solution in that version is to disable cache using -noCache CLI option.
The bug has been identified (see this issue in github) and solved for Orion 1.2.