Public | Automated Build

Last pushed: 3 months ago
Short Description
Full Description


A Sails application that serves the RESTful API
for MSAWS (Managed Services on AWS)


A RESTFul JSON API that stores information about AWS Accounts, IAM Roles
and the users and roles that are allowed to access them.

Endpoints and data are protected by sails-permissions which allows for
multiple Passport authentication methods.


Look for a in sub-directories of this project for more
detailed descriptios of the scripts they contin.


Follows the standard structure for Sails applications with the addition
of lib and db directories for bootsrapping and db migration code


Modules used for bootstrapping the application reside in
lib/bootstrap. They ensusre that the permissions are set correctly at
application start and that hooks are in place to update permissions
when many-to-many mapping tables are updated.


This directory is controlled by sails-migrations and contains all of the
knex db migration scripts necessary to build and patch database.


To launch the application a mysql database is required and redis is

For just the API

> ./node_modules/.bin/sails lift

OR for the API and the node console

> ./node_modules/.bin/sails c


The default settings will try to connection to mysql on localhost:3306
with the user msaws on database msaws with no password. These setting can be
overridden with environment variables or in config/local.js

> export sails_connections__msawsapi__user=myuser
> export sails_connections__msawsapi__password=password
> export sails_connections__msawsapi__database=mydatabase


in config/local.js

module.exports = {
  connections: {
    msawsapi: {
      user: 'myuser',
      database: 'mydatabase',
      password: 'mypassword'

Redis (optional)

By default a in-memory store is used for sessions. If sessions state
must be save between application reboots or testing is being done with
multiple processes a redis store can be used.

Redis can be enabled through the environment or with config/local.js

> export sails_session__adapter=redis


in config/local.js

module.exports = {
  session: {
    adapter: 'redis'


Default confiturations reside in the config directory. Any defaults
for a specific environment reside in config/env.

Any configuration option with a config/local.js file for development purposes.
The config/local.js file is listed in .gitignore and will not be
included in the repository.

For non-development environments any config overrides, such as
passwords, should be set by the environment.


To streamline the deploy process private modules, other modules hosted
with the Sungard AS private Bitbucket account, are included with
git-subtree in the private_modules directory.

Using git-subtree enables deployment and container build to perform a
single git-clone to retrieve the this application and all of the private


A Passport authentication module for the Sungard AS Unified SSO system.
Only OpenID Connect is supported at this time.


Application users, roles and their access is controlled by
sails-permissions. This module exposes policies, models and services
that enable row level authorization to the datastore.

Database Migrations

Database migration are implemented with sails-migrations and are stored
in db.

To create a new migration

> ./node_modules/.bin/sails-migrations generate MIGRATION-NAME


The application is able to bootstrap itself if no migrations have been
run. If the application is in a bootstrap state all protected endpoints
will return a 403 with the body {error:'bootstrap required'}.

To bootstrap send a POST to /bootstrap with a
JSON body that includes the bootstrapCode that was set in the
application config. The default bootstrapCode can be found in

Once the code has been sent a cookie will be returned that identifies
the session as the bootstrap sesession. When this session authenticates
with the SSO system it will set the logged in user as the system

This process is streamlined when using sgas-msaws-ui.

Manual Migrations

To manually run migrations see the sails-migrations documentation.


The Dockerfile defines how this application is containerized. Outside
of development the application is moved staging to UAT to Production as
a container.

Any commits to the develop or master branch will trigger a automatic
build with
sgas-msaws-api on

Pull Requests

The following PRs have been submitted to sails-permissions to add
necessary functionality for MSAWS. Once these requests are accepted the
github reference can be updated to the relevant sails-permissions
version in package.json.

  • PR #103
  • PR #104
Docker Pull Command
Source Repository

Comments (0)