Setting up Auth for Sandbox

From Ocean Framework Documentation Wiki
Jump to: navigation, search
Shark.jpeg WARNING: The following information is out of date. We will update this page soon.

Now that the Sandbox service is complete, we must set up Auth to recognise it. This is done by modifying a couple of configuration files in Auth. We need to set up an ApiUser for Sandbox, and we also need to inform Auth of what resources Sandbox contains and what their respective Rights are for each HTTP method and action.

The Sandbox ApiUser

Open config/seeding_data.yml. Add the following section, on the same level of indentation as the corresponding sections (indentation has meaning in yml files):

 - - sandbox
   - :real_name: Sandbox pedagogical service
     :email:     your.email.here@example.com
     :password:  xxxxxxxxxxx

The password should be the same as the value you specified for API_PASSWORD in the Sandbox configuration file in config/config.yml. Now run

rake ocean:update_api_users

You will see a printout similar to the following:

Updating god.
Updating auth.
Updating cms.
Updating log.
Updating media.
Updating jobs.
Updating xact.
Creating sandbox.
Updating admin_client.
Updating admin_client_testuser.
Updating webshop_client.
Updating webshop_client_testuser.
Done.

The new ApiUser is now operational.

Declaring the Sandbox Service Resources and Rights

Open lib/tasks/update_services_resources_and_rights.rake. Add the following to basic_set:

     { name:        "sandbox",
       description: "pedagogical service",
       resources: [
           { name: "notes",
             description: "A Note resource has a title and a body and is designed for teaching purposes.",
             rights: [
                 { description: "Note resource God" },
                 { description: "Get a Note",                hyperlink: "self", verb: "GET" },
                 { description: "Delete a Note",             hyperlink: "self", verb: "DELETE"},
                 { description: "Create a Note",             hyperlink: "self", verb: "POST"},
                 { description: "Get a collection of Notes", hyperlink: "self", verb: "GET*"},
                 { description: "Get the Comments for this Note",     hyperlink: "comments", verb: "GET"},
                 { description: "Create a new Comment for this Note", hyperlink: "comments", verb: "POST"}
               ]
           },
           { name: "comments",
             description: "Comment resources can be attached to Notes.",
             rights: [
                 { description: "Comment resource God" },
                 { description: "Get a Comment",                hyperlink: "self", verb: "GET" },
                 { description: "Delete a Comment",             hyperlink: "self", verb: "DELETE"},
                 { description: "Get a collection of Comments", hyperlink: "self", verb: "GET*"}
               ]
           }
         ]}

Then run

rake ocean:update_services_resources_and_rights

You will see something like the following:

Creating service sandbox.
| Creating resource notes
| | Creating right [* *] - Note resource God
| | Creating right [self GET] - Get a Note
| | Creating right [self DELETE] - Delete a Note
| | Creating right [self POST] - Create a Note
| | Creating right [self GET*] - Get a collection of Notes
| | Creating right [comments GET] - Get the Comments for this Note
| | Creating right [comments POST] - Create a new Comment for this Note
| Creating resource comments
| | Creating right [* *] - Comment resource God
| | Creating right [self GET] - Get a Comment
| | Creating right [self DELETE] - Delete a Comment
| | Creating right [self GET*] - Get a collection of Comments

All Rights required to support the Sandbox service have now been created.

The final step is to assign the new wildcard rights to the Ocean superuser, god, via the Role dedicated to that purpose:

rake ocean:update_god

This will print:

Updating the God Role. 
God Role saved.
All superuser Rights are now assigned to the God Role.
The God Role is now assigned to the God user as its single Role.
Done.

Auth has now been set up for the new service on your development machine. The Chef deployment procedure will take care of the above tasks automatically in all other environments.


Next : Setting up Configuration and Deployment for Sandbox