/user-roles

Service for extending the authorization capabilities of AWS Cognito.

Primary LanguageKotlin

A generic service featuring RBAC (Role Based Access Control).

Example architecture

Can be used in conjunction with e.g. AWS Cognito and a pretoken generation trigger lambda to add custom claims to an identity token.

Note that this repo only contains the User Roles service img.png

Endpoints

CRUD endpoints

Endpoint What
PUT /userroles/{userId} create or update user roles for user
GET /userroles/{userId} get user roles for user
DELETE /userroles/{userId}

NB! Currently no support for post, but can be implemented later.

Data structure for PUT and GET

{
  "userId": "userId123",
  "userroles": [
    {
      "applicationName": "application1",
      "orgId": "orgId1",
      "roleName": "orgOwner"
    },
    {
      "applicationName": "application2",
      "orgId": "orgId2",
      "roleName": "orgAdmin"
    },
    {
      "applicationName": "application2",
      "orgId": "orgId3",
      "roleName": "orgMember",
      "roleValue": "{"boards": [1,2,3]}"
    },
    {
      "roleName": "admin"
    }
  ]
}

Query endpoints

Endpoint What
GET /userroles List all users
GET /userroles?orgId={orgId1} List users with access to a given organization
GET /userroles?roleName=admin List users with a given role
GET /userroles?roleName={roleName}&orgId={orgId2} List users with a given role

Running locally

  1. Start the database

    docker-compose up -d

  2. Build and run the application

    All of these will skip tests to be quick.

    1. Option 1: In IDE

      Run the Main file.

    2. Option 2: Via Maven

      ./build-and-run.sh

    3. Option 3: Package and run with the actual Docker image

      # See the script for details.
./build-and-run-docker.sh

  3. Access the service at http://localhost:8080/health

Linting

To only check linting (no tests etc):

mvn spotless:check

To format (does not fail on lint errors):

mvn spotless:apply