NkDOMAIN is an Erlang framework to load an manage complex distributed, multi-tenant configurations in a riak_core cluster.
NkDOMAIN can read domain configurations from YAML files, JSON files or Erlang maps, it checks its syntaxis and creates correspondig Erlang processes distributed in the cluster, saving the objects in a NkBASE database, for example:
# Load of the 'root' domain
root:
desc: Root Object
status: ready
roles:
admin:
- [email protected]
- user:root2@root
- member: group:admins.people@root # 'Members' of admins.people@root are 'admins' of root
role1:
- user:root1@root
users:
admin:
alias: [email protected]
name: Global
surname: Admin
password: 1234
roles:
root1:
alias: [[email protected], [email protected]]
roles:
admin:
password: NKD!!LXchlcfAoNecqJZzOSbsxPIgxzZ! # Hash of 4321
root2:
alias: [[email protected], [email protected]]
roles:
admin:
- user:root1@root
nodesets:
group1:
meta: core;id=group1
users:
- domainA
group2:
meta: core;id=group2
roles:
user:
- member: group:admins.people@root
services:
admin:
disabled: true
dns:
users:
- member: group:people@root
groups:
people:
members:
- member: group:admins.people@root
- member: group:all.people@root
groups:
admins:
roles:
member:
- user:admin@root
- user:admin@domainA
all:
members:
- user:admin@root
nodes:
groups:
all:
members:
- nodeset:group1@root
- nodeset:group2@root
- nodeset:group1@domainA
zones:
groups:
a:
groups:
a1:
a2:
b:
groups:
b1:
b2:
domainA:
desc: Domain A
alias: domain_a.com
roles:
admin:
- user:admin@domainA
- admin: root
- member: group:admins.people@root
status: ready
users:
user1:
admin:
alias: admin@domain_a.com
nodesets:
group1:
meta: domainA
services:
admin:
disabled: false
users:
- member: group:all.people@root
proy1.domainA:
status: ready
groups:
a:
b:
alias: nekso.net
users:
user1:
user2:
services:
dns:
By default, NkDOMAIN recognizes:
- Domains and subdomains (proyects) to any level. Inside domains, the following elements are recognized:
- Groups and subgroups
- Users
- Services
- Nodesets
- Aliases
- Tokens
Some other features are:
- Very high perfomance, it can scale to millions of objects.
- Sophisticated role management, based on NkROLE.
- Objects are distributed in the cluster using NkDIST. They can be permanent (like domains) or temporary (like users). Temporary objects are automatically reloaded if necessary.
- Domains can be re-loaded at any time, only modified items will be processed.
- Any element can be removed, and the depending elements (subgroups, etc.) will also be deleted.
- Domains and users can have any number of aliases.
- Full authentication token management, for users or any other object.
- Services are started at all nodes of the cluster automatically.
NkDOMAIN is not yet ready for normal use, but most of it is complete. See the included tests for examples of use.