[FOLIO-3372] Module users creation automation for reference environments Created: 21/Dec/21  Updated: 10/Jan/22

Status: Blocked
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Story Priority: P2
Reporter: Mikhail Fokanov Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: dev-environment, devops
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks MSEARCH-166 Use system users, that are provided v... Blocked
Relates
relates to RANCHER-112 Module users creation automation for ... Closed
relates to OKAPI-1061 Okapi creating tenant level module users Draft
relates to OKAPI-1053 Add module users section to raml schema Closed
Sprint:
Development Team: FOLIO DevOps

 Description   

Purpose/Overview:

 Some modules (e.g. mod-pubsub, mod-search, mod-remote-storage) creates users on tenant init, which is considered insecure. Also such virtual (module) users could be deleted by mistake by librarians using Folio UI.
In order to resolve both problems such users should be created in the same way, as it is done for tenant (aka institutional) users, that are used for edge modules and the type property should be specified for them. Also this information will be included to module descriptors for both existing tenant users and new module users, so that the process of creation of such users can be automated.

Requirements/Scope:

  1. Users should be created by calling mod-users the same way, as it is done for edge (aka tenant level users) and module users. The exception is that for module users, the API_KEY should not be created.
  2. The users should be created by script, that calls mod-users POST API
  3. The json body for the POST method should contain "type" property with value "module"
  4. The user should be created for modules, which have section "user": {...} in the Module-Descriptor.xml
  5. The system user should be granted with permissions, that are stated in Module-Descriptor.xml in the format
"user": { "permissions": ["search.index.inventory.reindex.post", ....]}

Acceptance criteria:

  • Users are automatically created for all reference environments (testing, snapshot, rancher) based on the module descriptors 


 Comments   
Comment by Mikhail Fokanov [ 21/Dec/21 ]

Additional documentation for this task: https://docs.google.com/document/d/1fbX8sLRJAMEX4FJ8Ix2CmrGcowd5N0KSg6_j-Jq0lEg/edit#heading=h.6wcz7jfu7qx5

Comment by Julian Ladisch [ 22/Dec/21 ]

I prefer to have these task been automated in Okapi and not as an additional tasks that sysops need to do.

This will make a single server installation very easy because Okapi can do everything.

This is my proposal as a draft to be discussed: https://folio-org.atlassian.net/browse/OKAPI-1061

Comment by Jakub Skoczen [ 10/Jan/22 ]

Blocked until a solution is discussed and agreed on (meeting scheduled for 11.01).

Generated at Thu Feb 08 23:27:36 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.