Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RN-1105: Use separate .env vars for api-clients in local/dev/prod #5310

Merged
merged 11 commits into from
Jan 11, 2024

Conversation

IgorNadj
Copy link
Contributor

@IgorNadj IgorNadj commented Dec 22, 2023

Issue #: RN-1105

This change is to allow for different passwords for the api-client users between different environments. Because those api-client users are stored in the database, they get copied with the overnight clone. So in order for them to be different between enviroments, we need to automatically change their credentials somehow.

The solution we came up with is to initialise the api-client user whenever we instantiate one of the orchestration servers. Think of it as the orchestration server 'registering' itself with Tupaia.

Merge tasks:

  • Clean up .env vars in dev
  • Add .env vars to prod
  • Switch API_CLIENT_PASSWORD values in dev
  • Add insecure API_CLIENT_PASSWORD values to local


await builder.initialiseApiClient([
{entityCode: 'DL', permissionGroupName: 'Admin'},
], true);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might want to rely on the public countries list rather than giving public access to all countries

@rohan-bes rohan-bes changed the title RN-1105 local env vars RN-1105: Use separate .env vars for api-clients in local/dev/prod Jan 9, 2024
Comment on lines 77 to 93
{ entityCode: 'DL', permissionGroupName: 'Public' }, // Demo Land
{ entityCode: 'FJ', permissionGroupName: 'Public' }, // Fiji
{ entityCode: 'CK', permissionGroupName: 'Public' }, // Cook Islands
{ entityCode: 'PG', permissionGroupName: 'Public' }, // Papua New Guinea
{ entityCode: 'SB', permissionGroupName: 'Public' }, // Solomon Islands
{ entityCode: 'TK', permissionGroupName: 'Public' }, // Tokelau
{ entityCode: 'VE', permissionGroupName: 'Public' }, // Venezuela
{ entityCode: 'WS', permissionGroupName: 'Public' }, // Samoa
{ entityCode: 'KI', permissionGroupName: 'Public' }, // Kiribati
{ entityCode: 'TO', permissionGroupName: 'Public' }, // Tonga
{ entityCode: 'NG', permissionGroupName: 'Public' }, // Nigeria
{ entityCode: 'VU', permissionGroupName: 'Public' }, // Vanuatu
{ entityCode: 'AU', permissionGroupName: 'Public' }, // Australia
{ entityCode: 'PW', permissionGroupName: 'Public' }, // Palau
{ entityCode: 'TL', permissionGroupName: 'Public' }, // Timor-Leste
{ entityCode: 'NU', permissionGroupName: 'Public' }, // Niue
{ entityCode: 'TV', permissionGroupName: 'Public' }, // Tuvalu
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This list is copied across and used in a few different places (tupaia-web-server, web-config-server, datatrak-web-server). I'm inclined to keep it as is because:

  1. I like having something like a public access list be explicit
  2. It's possible that we'd like these apps to deviate (not so much tuapia-web and web-config-server, but datatrak-web it does make sense)
  3. There doesn't seem to be a comfortable place to put this (perhaps in utils we coud add a constants module?)

@rohan-bes rohan-bes marked this pull request as ready for review January 9, 2024 01:49
{ entityCode: 'VU', permissionGroupName: 'Public' }, // Vanuatu
{ entityCode: 'AU', permissionGroupName: 'Public' }, // Australia
{ entityCode: 'PW', permissionGroupName: 'Public' }, // Palau
{ entityCode: 'TL', permissionGroupName: 'Public' }, // Timor-Leste
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do have some hardcoded logic in web-config-server somewhere that 'turns off' TL for users, which gets carried through to datatrak-web and tupaia-web as a result - not sure if we should remove TL from this list, just so that it isn't confusing for developers down the line?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh good catch! Will remove this

})),
);

await models.userEntityPermission.createMany(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be being a bit dense here, but is this the same as above?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not dense!! Good catch!

@@ -0,0 +1,170 @@
/*
* Tupaia
* Copyright (c) 2017 - 2021 Beyond Essential Systems Pty Ltd
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright (c) 2017 - 2021 Beyond Essential Systems Pty Ltd
* Copyright (c) 2017 - 2024 Beyond Essential Systems Pty Ltd

{ entityCode: 'VU', permissionGroupName: 'Public' }, // Vanuatu
{ entityCode: 'AU', permissionGroupName: 'Public' }, // Australia
{ entityCode: 'PW', permissionGroupName: 'Public' }, // Palau
{ entityCode: 'TL', permissionGroupName: 'Public' }, // Timor-Leste
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, with TL perhaps?

@@ -13,13 +13,20 @@ import { bindUserSessions } from './authSession';
import { modelClasses } from './models';
import { handleError, logApiRequest } from './utils';
import './log';
import { initialiseApiClient } from '@tupaia/server-boilerplate';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just need to reorder these imports

Copy link
Contributor

@alexd-bes alexd-bes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, thanks for the changes!

@rohan-bes rohan-bes merged commit 14a156d into dev Jan 11, 2024
42 checks passed
@rohan-bes rohan-bes deleted the rn-1105-local-env-vars branch January 11, 2024 04:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants