Raft round 2 (#182)

* brought in rafty

* moved raft classes into Ocelot and deleted from int project

* started to set up rafty in Ocelot

* RAFTY INSIDE OCELOT...WOOT

* more work adding rafty...just need to get auth working now

* rudimentary authenticated raft requests working

* asyn await stuff

* hacked rafty into the fileconfigurationcontroller...everything seems to be working roughly but I have a lot of refactoring to do

* updated to latest rafty that doesnt need an id

* hacky but all tests passing

* changed admin area set up to use builder not configuration.json, changed admin area auth to use client credentials

* missing code coverage

* ignore raft sectionf for code coverage

* ignore raft sectionf for code coverage

* back to normal filters

* try exclude attr

* missed these

* moved client secret to builder for authentication and updated docs

* lock to try and fix error accessing identity server created temprsa file on build server

* updated postman scripts and changed Ocelot to not always use type handling as this looked crap when manually accessing the configuration endpoint

* added rafty docs

* changes I missed

* added serialisation code we need for rafty to process commands when they proxy to leader

* moved controllers into their feature slices

docs/features/administration.rst

@@ -6,33 +6,24 @@ using bearer tokens that you request from Ocelot iteself. This is provided by th
 `Identity Server <https://github.com/IdentityServer/IdentityServer4>`_ project that I have been using for a few years now. Check them out.
 
 In order to enable the administration section you need to do a few things. First of all add this to your
-initial configuration.json. The value can be anything you want and it is obviously reccomended don't use
+initial Startup.cs. 
+
+The path can be anything you want and it is obviously reccomended don't use
 a url you would like to route through with Ocelot as this will not work. The administration uses the
 MapWhen functionality of asp.net core and all requests to {root}/administration will be sent there not 
 to the Ocelot middleware.
 
-.. code-block:: json
+The secret is the client secret that Ocelot's internal IdentityServer will use to authenticate requests to the administration API. This can be whatever you want it to be!
 
-    "GlobalConfiguration": {
-        "AdministrationPath": "/administration"
+.. code-block:: csharp
+
+    public virtual void ConfigureServices(IServiceCollection services)
+    {
+        services
+            .AddOcelot(Configuration)
+            .AddAdministration("/administration", "secret");
     }
 
-This will get the admin area set up but not the authentication. 
-Please note that this is a very basic approach to 
-this problem and if needed we can obviously improve on this!
-
-You need to set 3 environmental variables. 
-
-    ``OCELOT_USERNAME``
-
-        This need to be the admin username you want to use with Ocelot.
-    ``OCELOT_HASH``
-    ``OCELOT_SALT``
-        The hash and salt of the password you want to use given hashing algorythm. When requesting bearer tokens for use with the administration api you will need to supply username and password. In order to create a hash and salt of your password please check out HashCreationTests.should_create_hash_and_salt() this technique is based on [this](https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/consumer-apis/password-hashing)
-        using SHA256 rather than SHA1.
-
-
-
 Now if you went with the configuration options above and want to access the API you can use the postman scripts
 called ocelot.postman_collection.json in the solution to change the Ocelot configuration. Obviously these 
 will need to be changed if you are running Ocelot on a different url to http://localhost:5000.
@@ -40,7 +31,6 @@ will need to be changed if you are running Ocelot on a different url to http://l
 The scripts show you how to request a bearer token from ocelot and then use it to GET the existing configuration and POST 
 a configuration.
 
-
 Administration running multiple Ocelot's
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 If you are running multiple Ocelot's in a cluster then you need to use a certificate to sign the bearer tokens used to access the administration API.
@@ -59,21 +49,17 @@ Administration API
 
 **POST {adminPath}/connect/token**
 
-This gets a token for use with the admin area using the username and password we talk about setting above. Under the hood this calls into an IdentityServer hosted within Ocelot.
+This gets a token for use with the admin area using the client credentials we talk about setting above. Under the hood this calls into an IdentityServer hosted within Ocelot.
 
 The body of the request is form-data as follows
 
 ``client_id`` set as admin
 
-``client_secret`` set as secret
+``client_secret`` set as whatever you used when setting up the administration services.
 
 ``scope`` set as admin
 
-``username`` set as whatever you used
-
-``password`` set aswhatever you used
-
-``grant_type`` set as password
+``grant_type`` set as client_credentials
 
 **GET {adminPath}/configuration**
 

docs/features/raft.rst

@@ -0,0 +1,45 @@
+Raft (EXPERIMENTAL DO NOT USE IN PRODUCTION)
+============================================
+
+Ocelot has recenely integrated `Rafty <https://github.com/TomPallister/Rafty>`_ which is an implementation of Raft that I have also been working on over the last year. This project is very experimental so please do not use this feature of Ocelot in production until I think it's OK.
+
+Raft is a distributed concensus algorythm that allows a cluster of servers (Ocelots) to maintain local state without having a centralised database for storing state (e.g. SQL Server). 
+
+In order to enable Rafty in Ocelot you must make the following changes to your Startup.cs.
+
+.. code-block:: csharp
+
+    public virtual void ConfigureServices(IServiceCollection services)
+    {
+         services
+            .AddOcelot(Configuration)
+            .AddAdministration("/administration", "secret")
+            .AddRafty();
+    }
+
+In addition to this you must add a file called peers.json to your main project and it will look as follows
+
+.. code-block:: json
+
+    {
+        "Peers": [{
+                "HostAndPort": "http://localhost:5000"
+            },
+            {
+                "HostAndPort": "http://localhost:5002"
+            },
+            {
+                "HostAndPort": "http://localhost:5003"
+            },
+            {
+                "HostAndPort": "http://localhost:5004"
+            },
+            {
+                "HostAndPort": "http://localhost:5001"
+            }
+        ]
+    }
+
+Each instance of Ocelot must have it's address in the array so that they can communicate using Rafty.
+
+Once you have made these configuration changes you must deploy and start each instance of Ocelot using the addresses in the peers.json file. The servers should then start communicating with each other! You can test if everything is working by posting a configuration update and checking it has replicated to all servers by getting there configuration.

docs/index.rst

@@ -24,6 +24,7 @@ Thanks for taking a look at the Ocelot documentation. Please use the left hand n
    features/authentication
    features/authorisation
    features/administration
+   features/raft
    features/caching
    features/qualityofservice
    features/claimstransformation