Public | Automated Build

Last pushed: 3 months ago
Short Description
sss
Full Description

sgas-msaws-api/

A Sails application that serves the RESTful API
for MSAWS (Managed Services on AWS)

Overview

A RESTFul JSON API that stores information about AWS Accounts, IAM Roles
and the users and roles that are allowed to access them.

Endpoints and data are protected by sails-permissions which allows for
multiple Passport authentication methods.

Documentation

Look for a README.md in sub-directories of this project for more
detailed descriptios of the scripts they contin.

Structure

Follows the standard structure for Sails applications with the addition
of lib and db directories for bootsrapping and db migration code
respectively.

lib

Modules used for bootstrapping the application reside in
lib/bootstrap. They ensusre that the permissions are set correctly at
application start and that hooks are in place to update permissions
when many-to-many mapping tables are updated.

db

This directory is controlled by sails-migrations and contains all of the
knex db migration scripts necessary to build and patch database.

Development

To launch the application a mysql database is required and redis is
optional.

For just the API

> ./node_modules/.bin/sails lift

OR for the API and the node console

> ./node_modules/.bin/sails c

MySQL

The default settings will try to connection to mysql on localhost:3306
with the user msaws on database msaws with no password. These setting can be
overridden with environment variables or in config/local.js

> export sails_connections__msawsapi__user=myuser
> export sails_connections__msawsapi__password=password
> export sails_connections__msawsapi__database=mydatabase

OR

in config/local.js

module.exports = {
  connections: {
    msawsapi: {
      user: 'myuser',
      database: 'mydatabase',
      password: 'mypassword'
    }
  }
}

Redis (optional)

By default a in-memory store is used for sessions. If sessions state
must be save between application reboots or testing is being done with
multiple processes a redis store can be used.

Redis can be enabled through the environment or with config/local.js

> export sails_session__adapter=redis

OR

in config/local.js

module.exports = {
  session: {
    adapter: 'redis'
  }
}

Configuration

Default confiturations reside in the config directory. Any defaults
for a specific environment reside in config/env.

Any configuration option with a config/local.js file for development purposes.
The config/local.js file is listed in .gitignore and will not be
included in the repository.

For non-development environments any config overrides, such as
passwords, should be set by the environment.

private_modules

To streamline the deploy process private modules, other modules hosted
with the Sungard AS private Bitbucket account, are included with
git-subtree in the private_modules directory.

Using git-subtree enables deployment and container build to perform a
single git-clone to retrieve the this application and all of the private
dependencies.

sgas-passport-unifiedsso

A Passport authentication module for the Sungard AS Unified SSO system.
Only OpenID Connect is supported at this time.

sails-permissions

Application users, roles and their access is controlled by
sails-permissions. This module exposes policies, models and services
that enable row level authorization to the datastore.

Database Migrations

Database migration are implemented with sails-migrations and are stored
in db.

To create a new migration

> ./node_modules/.bin/sails-migrations generate MIGRATION-NAME

Bootstrap

The application is able to bootstrap itself if no migrations have been
run. If the application is in a bootstrap state all protected endpoints
will return a 403 with the body {error:'bootstrap required'}.

To bootstrap send a POST to /bootstrap with a
JSON body that includes the bootstrapCode that was set in the
application config. The default bootstrapCode can be found in
config/migrations.js.

Once the code has been sent a cookie will be returned that identifies
the session as the bootstrap sesession. When this session authenticates
with the SSO system it will set the logged in user as the system
administrator.

This process is streamlined when using sgas-msaws-ui.

Manual Migrations

To manually run migrations see the sails-migrations documentation.

Docker

The Dockerfile defines how this application is containerized. Outside
of development the application is moved staging to UAT to Production as
a container.

Any commits to the develop or master branch will trigger a automatic
build with
sgas-msaws-api on
DockerHub.

Pull Requests

The following PRs have been submitted to sails-permissions to add
necessary functionality for MSAWS. Once these requests are accepted the
github reference can be updated to the relevant sails-permissions
version in package.json.

  • PR #103
  • PR #104
Docker Pull Command
Owner
chandramishra
Source Repository

Comments (0)