Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tenant permissions #623

Merged
merged 10 commits into from
Jun 1, 2023
Merged

Tenant permissions #623

merged 10 commits into from
Jun 1, 2023

Conversation

loneil
Copy link
Collaborator

@loneil loneil commented May 29, 2023
edited
Loading

Basic Tenant UI functionality calling the endpoints from #629
Allow the Innkeeper to approve the Tenant's "make myself an issuer" choices:

  • Allow if the tenant can connect to the configured endorser
  • Allow if the tenant can register their public DID

If not allowed, the user can't make those actions (see screenshots at bottom) through the Tenant UI. They could conceivably still call the appropriate API calls, this should be addressed in #608

We probably want to have this be configurable per Traction instance, see #607

This is in the existing single-ledger multi-tenancy paradigm, so the permissions are just single boolean switches on the frontend. Will need to reconfigure UI once multi-ledger is supported.

Some tenants for testing

No approvals
2d20cdc7-aae6-4038-a990-202c2de05ffc
d5275e44-38aa-4327-a482-4d1a7c1ff713

Approved for both
026c0192-8a3d-41c6-9fd3-e7ca7488780f
4f727d36-7a97-4856-8fdb-48d71af6fdf0

Approved for connect to endorser
efd148ba-cdee-4881-9ee4-02379c1503ed
0a7308c8-a432-4c48-87dd-e2b0c20dd715

Approved for register DID
cd20b6d7-2c47-4f56-b6f9-7d75bed16b5a
3348d523-c1dd-4296-9486-e85c3d2edbf8

Tenant is not allowed, wording/UI
image

Innkeeper
image

@loneil loneil force-pushed the feature/tenantPermissions branch 2 times, most recently from 0d3d120 to 89366cc Compare May 30, 2023 22:37
@loneil loneil marked this pull request as ready for review May 30, 2023 22:55
@loneil loneil temporarily deployed to development May 30, 2023 23:01 — with GitHub Actions Inactive
@github-actions
Copy link

Deployment Resource Location
Traction
Tenant UI https://pr-623-tenant-ui-dev.apps.silver.devops.gov.bc.ca
Innkeeper UI https://pr-623-tenant-ui-dev.apps.silver.devops.gov.bc.ca/innkeeper
Aca-Py
Admin Swagger https://pr-623-traction-acapy-admin-dev.apps.silver.devops.gov.bc.ca/api/doc
Tenant Proxy Swagger https://pr-623-traction-tenant-proxy-dev.apps.silver.devops.gov.bc.ca/api/doc

Deployment URLs ready for review.

@loneil loneil temporarily deployed to development May 31, 2023 23:13 — with GitHub Actions Inactive
@esune
Copy link
Member

esune commented Jun 1, 2023

Changes look good, I am however unable to sign-in to the tenants. Looking at the proxy service I see:

2023/06/01 10:46:02 [error] 46#46: *26 access forbidden by rule, client: 10.97.86.1, server: localhost, request: "OPTIONS /multitenancy/wallet/%202d20cdc7-aae6-4038-a990-202c2de05ffc/token HTTP/1.1", host: "pr-623-traction-tenant-proxy-dev.apps.silver.devops.gov.bc.ca", referrer: "https://pr-623-tenant-ui-dev.apps.silver.devops.gov.bc.ca/"
<ip-address-here> - - 
[01/Jun/2023:10:46:02 +0000] "OPTIONS /multitenancy/wallet/%202d20cdc7-aae6-4038-a990-202c2de05ffc/token HTTP/1.1" 403 153 "https://pr-623-tenant-ui-dev.apps.silver.devops.gov.bc.ca/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0" "<ip-address-here>"

I am happy to merge without waiting, looking for confirmation and/or feedback on the issue.

loneil added 10 commits June 1, 2023 09:48
@loneil
Innkeeper tenant settings UI
3c7a8ee 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
FE restriction for endorser/did
615ed32 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
Get config on startup
a7b306b 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
lint
5c4f6ed 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
Premission checks on profile
0280ad0 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
Wording
9530502 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
Regen acapy types
a3d27ce 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
tenant config handling
d736069 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
duplicate lines
37bc503 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil
Innkeeper edit tenant config
138289d 
Signed-off-by: Lucas ONeil <lucasoneil@gmail.com>
@loneil loneil force-pushed the feature/tenantPermissions branch from 340f36b to 138289d Compare June 1, 2023 16:49
@loneil loneil temporarily deployed to development June 1, 2023 16:53 — with GitHub Actions Inactive
@loneil
Copy link
Collaborator Author

loneil commented Jun 1, 2023

Something wierd happening on this PR Tenants and pods crashing all of a sudden... looking into it

@loneil
Copy link
Collaborator Author

loneil commented Jun 1, 2023

Think it was environmental (something stuck from OCP updates maybe), all tenants working now.
Merging

@loneil loneil merged commit 5f034c6 into develop Jun 1, 2023
@loneil loneil temporarily deployed to development June 1, 2023 22:22 — with GitHub Actions Inactive
@loneil loneil deleted the feature/tenantPermissions branch June 2, 2023 23:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@esune esune esune approved these changes

@amanji amanji Awaiting requested review from amanji

@popkinj popkinj Awaiting requested review from popkinj

@shaangill025 shaangill025 Awaiting requested review from shaangill025

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@loneil @esune