Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Draft: User management service PoC implementation #11896

Closed
wants to merge 67 commits into from
Closed

Draft: User management service PoC implementation #11896

wants to merge 67 commits into from

Conversation

meiersi-da
Copy link
Contributor

@meiersi-da meiersi-da commented Nov 26, 2021
edited
Loading

Fixes #12014

This PR aims to bring together all changes such that user management is implemented in all sandboxes with an in-memory backend and default JWT tokens are supported alongside the JWT tokens with the custom Daml claims.

Note that this service is not hidden behind a feature flag, as we expect to land it for the next release; and in the worst case can rip it out quite cleanly by deleting the gRPC definitions and following the thread from there.

TODO's before merge

Functionality:

  • listing users
  • use self-service errors to simplify debugging user management failures
  • hook-up standard JWT tokens to auth service
  • authorization for UserManagement API

Testing work moved to separate tickets:

Preparation for review:

  • create proper type for standard JWT tokens
  • handle FIXME's and TODO's and/or convert them to issues
  • split change into a logical sequence of commits

Pull Request Checklist

  • Read and understand the contribution guidelines
  • Include appropriate tests
  • Set a descriptive title and thorough description
  • Add a reference to the issue this PR will solve, if appropriate
  • Include changelog additions in one or more commit message bodies between the CHANGELOG_BEGIN and CHANGELOG_END tags
  • Normal production system change, include purpose of change in description
  • If you mean to change the status of a component, please make sure you keep the Component Status page up to date.

NOTE: CI is not automatically run on non-members pull-requests for security
reasons. The reviewer will have to comment with /AzurePipelines run to
trigger the build.

@nmarton-da nmarton-da force-pushed the user-management-service-stub branch from e4e35a6 to b709a05 Compare November 26, 2021 12:53
@meiersi-da meiersi-da force-pushed the user-management-service-stub branch from 24032d4 to 06431db Compare November 29, 2021 12:31
meiersi-da and others added 8 commits November 29, 2021 14:08
@meiersi-da
user management: more rights, optional primary party
cf6516f 
CHANGELOG_BEGIN
- [user management]: introduce rights to act as or read as any party hosted on a participant node
CHANGELOG_END
@nmarton-da @meiersi-da
Add crude stub for User Management CRUD
113e068 
Boring gRPC API Server integration plumbing

changelog_begin
changelog_end
@nmarton-da @meiersi-da
Add basic InMemoryUserManagementService
c734f98 
changelog_begin
changelog_end
@meiersi-da
Make sandbox-on-x pass user management tests
71f1698
@nmarton-da @meiersi-da
Initial plumbing with ErrorCodes
57c2e07 
changelog_begin
changelog_end
@meiersi-da
Remove TODO notes for PoC of user management
d271552
@meiersi-da
Improve error definitions and test them.
c47ed8f
@meiersi-da
Change DeleteUserRequest to return non-empty response
3f33fec
@meiersi-da meiersi-da force-pushed the user-management-service-stub branch from 06431db to 3f33fec Compare November 29, 2021 13:39
meiersi-da and others added 18 commits November 29, 2021 15:45
@meiersi-da
Add PoC support for parsing standard JWT tokens
70e5419
@meiersi-da
Track standard token in JWTPayload datastructure
e8ab68f
@meiersi-da
Make it compile
a6f565b
@meiersi-da
Add copy of code that was a dead-end, but will be useful for next att…
22c73d5 
…empt
@meiersi-da
Hook up user right lookup in AuthorizationInterceptor
c8ba1a2 
Compiles, but some tests are failing.
@meiersi-da
Fix two trivial test failures
9409327
@meiersi-da
Wire up CanActAsAnyParty
66ff111
@meiersi-da
Test authorization with user-lookup for admin and public calls
452a541
@meiersi-da
Add authorization code for UserManagementServiceAuthorization
00674c7 
Including support for leaving the user-id field empty on a request.

Compiles, but not tested yet.
@meiersi-da
Merge remote-tracking branch 'origin/main' into user-management-servi…
41ce760 
…ce-stub
@meiersi-da
Revert "Wire up CanActAsAnyParty"
71c9fc0 
This reverts commit 66ff111
@meiersi-da
Fix compilation errors from mergin in main
e3a55a5
@meiersi-da
Remove left-over proto messages
e2570cb
@meiersi-da
Remove superfluous file.
c5c3104
@adriaanm-da
execution context refactor
b817a71
@adriaanm-da
isCustomDamlToken in triggers
9a6db1d
@adriaanm-da
userinfo state mgmt more like a concurrent hashmap
65cb9c1 
encapsulate synchronization
synchronize on a private object, not the service (deadlocks)
@adriaanm-da
rework InMemoryUserManagementService
8f6abf2
@meiersi-da meiersi-da mentioned this pull request Dec 7, 2021
Closed
@meiersi-da
Add test that shows that rights validation is not working.
d394977
@meiersi-da
Apply ./fmt.sh
ee09561
@meiersi-da
Rename UserManagementService -> UserManagementStore
d09ae8a
@meiersi-da
Remove notes on pagination.
7599ce4 
It will be added as a future feature.
@meiersi-da
Cleanup naming in ApiUserManagementService
b511091
@meiersi-da
Add field validation for rights in user management API.
1a9aa57
@meiersi-da
Replace isCustomToken in JWTPayload with case classes
cd14213 
This makes JSON-API and the like compile again.
@meiersi-da
Cleanup structure of ClaimSet
3b46669
@meiersi-da
Merge remote-tracking branch 'origin/main' into user-management-servi…
d67026f 
…ce-stub
@meiersi-da
User Ref.UserId everywhere.
393e26a
@meiersi-da
Make java bindings compile again.
93f5fcb
@meiersi-da
Remove implicit execution context from AuthorizationInterceptor
b05b253
@meiersi-da
Cleanup user_management_service.proto
eed4181
@meiersi-da
Refer to issue for TODO in LedgerApiErrors
d7e9065
@meiersi-da
Remove FIXME
4eccf9f
@meiersi-da
Convert FIXME's to comments and TODOs
9112f0e
@meiersi-da
More FIXME cleanup
5489cda
@meiersi-da
./fmt.sh
7eda056
@meiersi-da meiersi-da mentioned this pull request Dec 8, 2021
Merged
10 tasks
@meiersi-da
Copy link
Contributor Author

Closing in favor of #12063

@meiersi-da meiersi-da closed this Dec 8, 2021
@meiersi-da meiersi-da deleted the user-management-service-stub branch December 9, 2021 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adriaanm-da adriaanm-da adriaanm-da left review comments

@gerolf-da gerolf-da gerolf-da left review comments

@cocreature cocreature cocreature left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
User Management
Development

Successfully merging this pull request may close these issues.

ledger api server: build PoC of user management service
5 participants
@meiersi-da @cocreature @gerolf-da @adriaanm-da @nmarton-da