diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 352b62a6d..0a431c9f0 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -19,7 +19,7 @@ jobs: ResourceGroupLocation: "southcentralus" steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c287c8f1e..8ab7ba0b0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 persist-credentials: false @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 persist-credentials: false @@ -51,7 +51,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 persist-credentials: false @@ -61,3 +61,19 @@ jobs: cacheFrom: ghcr.io/microsoft/ccf-samples-devcontainer runCmd: | cd data-reconciliation-app && make unit-test && make test + + decentralized-rbac-app-sample: + name: Decentralized RBAC app sample + runs-on: ubuntu-20.04 + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + persist-credentials: false + - name: Build samples in DevContainer + uses: devcontainers/ci@v0.3 + with: + cacheFrom: ghcr.io/microsoft/ccf-samples-devcontainer + runCmd: | + cd decentralized-rbac-app && make test diff --git a/README.md b/README.md index 79ee4c018..f1c57135a 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Please choose a sample to learn more. - [Auditable Logging App](./auditable-logging-app/README.md) - [Banking App](./banking-app/README.md) - [Data Reconciliation App](./data-reconciliation-app/README.md) -- [Decentralized RBAC App](./decentralize-rbac-app/README.md) +- [Decentralized RBAC App](./decentralized-rbac-app/README.md) ## Contributing diff --git a/data-reconciliation-app/README.md b/data-reconciliation-app/README.md index 9684839ba..786ab4d99 100755 --- a/data-reconciliation-app/README.md +++ b/data-reconciliation-app/README.md @@ -93,7 +93,7 @@ Now the environment is ready, and there are several scenarios that could be exec - **Run the application's unit tests** - `make unit-test` -These are the main scenarios; more commands are available at makefile and are described in the following section. +These are the main scenarios; more commands are defined in `Makefile` and are described in the following section. ### Make file diff --git a/decentralize-rbac-app/Makefile b/decentralized-rbac-app/Makefile similarity index 100% rename from decentralize-rbac-app/Makefile rename to decentralized-rbac-app/Makefile diff --git a/decentralize-rbac-app/README.md b/decentralized-rbac-app/README.md similarity index 77% rename from decentralize-rbac-app/README.md rename to decentralized-rbac-app/README.md index e388269a0..d5b466f03 100755 --- a/decentralize-rbac-app/README.md +++ b/decentralized-rbac-app/README.md @@ -17,10 +17,10 @@ The application consists of three parts: (iii) Authorization - Role and User Management - - /{role}/roles/{action}: add a role and allowed action. Requires member auth. - - /{user_id}/users/{role}: add a user and the role. Requires member auth. + - `PUT /{role}/roles/{action}`: Add a permitted action for a given role. Requires member cert auth. + - `PUT /{user_id}/users/{role}`: Assign a specific role to a given user. Requires member cert auth. - Authorization - - /{user_id}/action/{actionName} - Authorize a user and action. Requires user auth. + - `GET /{user_id}/action/{actionName}` - Check whether a user is permitted to make a given action. Requires user cert auth. ### Repository Layout @@ -34,7 +34,7 @@ The application consists of three parts: │ └── utils utility classes └── test end-to-end tests └── docker Contains the Dockerfile to build the virtual and enclave image -└── governance +└── governance └── constitution Default constitution used for the tests └── nodes Config file for the virtual and enclave sandbox deployment └── scripts Scripts to generate member and user certs for running tests @@ -70,7 +70,7 @@ Now the environment is ready, and there are several scenarios that could be exec - `make start-host` -These are the main scenarios; more commands are available at makefile and are described in the following section. +These are the main scenarios; more commands are defined in `Makefile` and are described in the following section. ### Make file @@ -78,19 +78,19 @@ A Makefile provides a front-end to interact with the project. It is used both lo ```text help 💬 This help message :) -build 🔨 Build the Application +build 🔨 Build the decentralized-rbac Application build-virtual 📦 Build Virtual container image from Dockerfile build-enclave 📦 Build Enclave container image from Dockerfile -start-host 🏃 Start the CCF network using Sandbox.sh -test 🧪 Test the Data Reconciliation Application in the sandbox -test-docker-virtual 🧪 Test the Data Reconciliation Application in a Docker sandbox -test-docker-enclave 🧪 Test the Data Reconciliation Application in a Docker enclave +test 🧪 Test the decentralized-rbac Application in the sandbox +test-docker-virtual 🧪 Test the decentralized-rbac Application in a Docker sandbox +test-docker-enclave 🧪 Test the decentralized-rbac Application in a Docker enclave +start-host 🏁 Start the CCF Sandbox for the demo clean 🧹 Clean the working folders created during build/demo ``` ## Testing ```bash -cd data-reconciliation-app # Navigate to reconciliation sample folder +cd decentralized-rbac-app # Navigate to RBAC sample folder make test # Run the end-to-end(e2e) tests -``` \ No newline at end of file +``` diff --git a/decentralize-rbac-app/babel.config.json b/decentralized-rbac-app/babel.config.json similarity index 100% rename from decentralize-rbac-app/babel.config.json rename to decentralized-rbac-app/babel.config.json diff --git a/decentralize-rbac-app/build_bundle.js b/decentralized-rbac-app/build_bundle.js similarity index 100% rename from decentralize-rbac-app/build_bundle.js rename to decentralized-rbac-app/build_bundle.js diff --git a/decentralize-rbac-app/docker/ccf_app_js.enclave b/decentralized-rbac-app/docker/ccf_app_js.enclave similarity index 100% rename from decentralize-rbac-app/docker/ccf_app_js.enclave rename to decentralized-rbac-app/docker/ccf_app_js.enclave diff --git a/decentralize-rbac-app/docker/ccf_app_js.virtual b/decentralized-rbac-app/docker/ccf_app_js.virtual similarity index 100% rename from decentralize-rbac-app/docker/ccf_app_js.virtual rename to decentralized-rbac-app/docker/ccf_app_js.virtual diff --git a/decentralize-rbac-app/governance/constitution/actions.js b/decentralized-rbac-app/governance/constitution/actions.js similarity index 100% rename from decentralize-rbac-app/governance/constitution/actions.js rename to decentralized-rbac-app/governance/constitution/actions.js diff --git a/decentralize-rbac-app/governance/constitution/apply.js b/decentralized-rbac-app/governance/constitution/apply.js similarity index 100% rename from decentralize-rbac-app/governance/constitution/apply.js rename to decentralized-rbac-app/governance/constitution/apply.js diff --git a/decentralize-rbac-app/governance/constitution/resolve.js b/decentralized-rbac-app/governance/constitution/resolve.js similarity index 100% rename from decentralize-rbac-app/governance/constitution/resolve.js rename to decentralized-rbac-app/governance/constitution/resolve.js diff --git a/decentralize-rbac-app/governance/constitution/validate.js b/decentralized-rbac-app/governance/constitution/validate.js similarity index 100% rename from decentralize-rbac-app/governance/constitution/validate.js rename to decentralized-rbac-app/governance/constitution/validate.js diff --git a/decentralize-rbac-app/governance/nodes/cchost_config_enclave_js.json b/decentralized-rbac-app/governance/nodes/cchost_config_enclave_js.json similarity index 100% rename from decentralize-rbac-app/governance/nodes/cchost_config_enclave_js.json rename to decentralized-rbac-app/governance/nodes/cchost_config_enclave_js.json diff --git a/decentralize-rbac-app/governance/nodes/cchost_config_virtual_js.json b/decentralized-rbac-app/governance/nodes/cchost_config_virtual_js.json similarity index 100% rename from decentralize-rbac-app/governance/nodes/cchost_config_virtual_js.json rename to decentralized-rbac-app/governance/nodes/cchost_config_virtual_js.json diff --git a/decentralize-rbac-app/governance/scripts/setup_governance.sh b/decentralized-rbac-app/governance/scripts/setup_governance.sh similarity index 100% rename from decentralize-rbac-app/governance/scripts/setup_governance.sh rename to decentralized-rbac-app/governance/scripts/setup_governance.sh diff --git a/decentralize-rbac-app/governance/vote/vote_accept.json b/decentralized-rbac-app/governance/vote/vote_accept.json similarity index 100% rename from decentralize-rbac-app/governance/vote/vote_accept.json rename to decentralized-rbac-app/governance/vote/vote_accept.json diff --git a/decentralize-rbac-app/jest.config.js b/decentralized-rbac-app/jest.config.js similarity index 100% rename from decentralize-rbac-app/jest.config.js rename to decentralized-rbac-app/jest.config.js diff --git a/decentralize-rbac-app/package.json b/decentralized-rbac-app/package.json similarity index 100% rename from decentralize-rbac-app/package.json rename to decentralized-rbac-app/package.json diff --git a/decentralize-rbac-app/rollup.config.js b/decentralized-rbac-app/rollup.config.js similarity index 100% rename from decentralize-rbac-app/rollup.config.js rename to decentralized-rbac-app/rollup.config.js diff --git a/decentralize-rbac-app/src/auth/validator/certificate/member-cert-validation.ts b/decentralized-rbac-app/src/auth/validator/certificate/member-cert-validation.ts similarity index 100% rename from decentralize-rbac-app/src/auth/validator/certificate/member-cert-validation.ts rename to decentralized-rbac-app/src/auth/validator/certificate/member-cert-validation.ts diff --git a/decentralize-rbac-app/src/auth/validator/certificate/user-cert-validation.ts b/decentralized-rbac-app/src/auth/validator/certificate/user-cert-validation.ts similarity index 100% rename from decentralize-rbac-app/src/auth/validator/certificate/user-cert-validation.ts rename to decentralized-rbac-app/src/auth/validator/certificate/user-cert-validation.ts diff --git a/decentralize-rbac-app/src/auth/validator/jwt/demo-jwt-provider.ts b/decentralized-rbac-app/src/auth/validator/jwt/demo-jwt-provider.ts similarity index 100% rename from decentralize-rbac-app/src/auth/validator/jwt/demo-jwt-provider.ts rename to decentralized-rbac-app/src/auth/validator/jwt/demo-jwt-provider.ts diff --git a/decentralize-rbac-app/src/auth/validator/jwt/jwt-validation.ts b/decentralized-rbac-app/src/auth/validator/jwt/jwt-validation.ts similarity index 100% rename from decentralize-rbac-app/src/auth/validator/jwt/jwt-validation.ts rename to decentralized-rbac-app/src/auth/validator/jwt/jwt-validation.ts diff --git a/decentralize-rbac-app/src/auth/validator/jwt/ms-aad-jwt-provider.ts b/decentralized-rbac-app/src/auth/validator/jwt/ms-aad-jwt-provider.ts similarity index 100% rename from decentralize-rbac-app/src/auth/validator/jwt/ms-aad-jwt-provider.ts rename to decentralized-rbac-app/src/auth/validator/jwt/ms-aad-jwt-provider.ts diff --git a/decentralize-rbac-app/src/auth/validator/validation-service.ts b/decentralized-rbac-app/src/auth/validator/validation-service.ts similarity index 100% rename from decentralize-rbac-app/src/auth/validator/validation-service.ts rename to decentralized-rbac-app/src/auth/validator/validation-service.ts diff --git a/decentralize-rbac-app/src/endpoints/all.ts b/decentralized-rbac-app/src/endpoints/all.ts similarity index 100% rename from decentralize-rbac-app/src/endpoints/all.ts rename to decentralized-rbac-app/src/endpoints/all.ts diff --git a/decentralize-rbac-app/src/endpoints/app.json b/decentralized-rbac-app/src/endpoints/app.json similarity index 100% rename from decentralize-rbac-app/src/endpoints/app.json rename to decentralized-rbac-app/src/endpoints/app.json diff --git a/decentralize-rbac-app/src/endpoints/authz.ts b/decentralized-rbac-app/src/endpoints/authz.ts similarity index 93% rename from decentralize-rbac-app/src/endpoints/authz.ts rename to decentralized-rbac-app/src/endpoints/authz.ts index ac3355094..e8aa05b6a 100644 --- a/decentralize-rbac-app/src/endpoints/authz.ts +++ b/decentralized-rbac-app/src/endpoints/authz.ts @@ -3,7 +3,6 @@ import { ApiResult, CCFResponse } from "../utils/api-result"; import authenticationService from "../services/authentication-service"; import authzService from "../services/authz-service"; import { ServiceResult } from "../utils/service-result"; -import { Service } from "protobufjs"; /** * HTTP GET Handler for checking if a user exists @@ -11,7 +10,7 @@ import { Service } from "protobufjs"; * @returns {ServiceResult} - data has been ingested successfully */ export function authorize( - request: ccfapp.Request, + request: ccfapp.Request ): ccfapp.Response { // check if caller has a valid identity const isValidIdentity = authenticationService.isAuthenticated(request); @@ -27,8 +26,8 @@ export function authorize( errorMessage: "userId and action are required", errorType: "InvalidData", }, - 400, - ), + 400 + ) ); } diff --git a/decentralize-rbac-app/src/endpoints/roles.ts b/decentralized-rbac-app/src/endpoints/roles.ts similarity index 100% rename from decentralize-rbac-app/src/endpoints/roles.ts rename to decentralized-rbac-app/src/endpoints/roles.ts diff --git a/decentralize-rbac-app/src/endpoints/users.ts b/decentralized-rbac-app/src/endpoints/users.ts similarity index 100% rename from decentralize-rbac-app/src/endpoints/users.ts rename to decentralized-rbac-app/src/endpoints/users.ts diff --git a/decentralize-rbac-app/src/repositories/kv-repository.ts b/decentralized-rbac-app/src/repositories/kv-repository.ts similarity index 100% rename from decentralize-rbac-app/src/repositories/kv-repository.ts rename to decentralized-rbac-app/src/repositories/kv-repository.ts diff --git a/decentralize-rbac-app/src/services/authentication-service.ts b/decentralized-rbac-app/src/services/authentication-service.ts similarity index 100% rename from decentralize-rbac-app/src/services/authentication-service.ts rename to decentralized-rbac-app/src/services/authentication-service.ts diff --git a/decentralize-rbac-app/src/services/authz-service.ts b/decentralized-rbac-app/src/services/authz-service.ts similarity index 100% rename from decentralize-rbac-app/src/services/authz-service.ts rename to decentralized-rbac-app/src/services/authz-service.ts diff --git a/decentralize-rbac-app/src/services/role-service.ts b/decentralized-rbac-app/src/services/role-service.ts similarity index 100% rename from decentralize-rbac-app/src/services/role-service.ts rename to decentralized-rbac-app/src/services/role-service.ts diff --git a/decentralize-rbac-app/src/services/user-service.ts b/decentralized-rbac-app/src/services/user-service.ts similarity index 100% rename from decentralize-rbac-app/src/services/user-service.ts rename to decentralized-rbac-app/src/services/user-service.ts diff --git a/decentralize-rbac-app/src/utils/api-result.ts b/decentralized-rbac-app/src/utils/api-result.ts similarity index 100% rename from decentralize-rbac-app/src/utils/api-result.ts rename to decentralized-rbac-app/src/utils/api-result.ts diff --git a/decentralize-rbac-app/src/utils/config.ts b/decentralized-rbac-app/src/utils/config.ts similarity index 100% rename from decentralize-rbac-app/src/utils/config.ts rename to decentralized-rbac-app/src/utils/config.ts diff --git a/decentralize-rbac-app/src/utils/constants.ts b/decentralized-rbac-app/src/utils/constants.ts similarity index 100% rename from decentralize-rbac-app/src/utils/constants.ts rename to decentralized-rbac-app/src/utils/constants.ts diff --git a/decentralize-rbac-app/src/utils/service-result.ts b/decentralized-rbac-app/src/utils/service-result.ts similarity index 100% rename from decentralize-rbac-app/src/utils/service-result.ts rename to decentralized-rbac-app/src/utils/service-result.ts diff --git a/decentralize-rbac-app/test/test.sh b/decentralized-rbac-app/test/test.sh similarity index 100% rename from decentralize-rbac-app/test/test.sh rename to decentralized-rbac-app/test/test.sh diff --git a/decentralize-rbac-app/tsconfig.json b/decentralized-rbac-app/tsconfig.json similarity index 100% rename from decentralize-rbac-app/tsconfig.json rename to decentralized-rbac-app/tsconfig.json diff --git a/scripts/devContainer_OnStart.sh b/scripts/devContainer_OnStart.sh index 7c77805fb..3f7cf0d73 100755 --- a/scripts/devContainer_OnStart.sh +++ b/scripts/devContainer_OnStart.sh @@ -5,6 +5,7 @@ set -euo pipefail npm install --prefix=banking-app npm install --prefix=auditable-logging-app npm install --prefix=data-reconciliation-app +npm install --prefix=decentralized-rbac-app # Create the JWT issuer config files for (Test - Microsoft Azure Identity Provider). npm run create-jwt-config --prefix=data-reconciliation-app