-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RN-1105: Use separate .env vars for api-clients in local/dev/prod #5310
Conversation
|
||
await builder.initialiseApiClient([ | ||
{entityCode: 'DL', permissionGroupName: 'Admin'}, | ||
], true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might want to rely on the public countries list rather than giving public access to all countries
…CT_APP_MOCK_API flag" This reverts commit bc6d9f1.
d37effa
to
6e9b51a
Compare
{ entityCode: 'DL', permissionGroupName: 'Public' }, // Demo Land | ||
{ entityCode: 'FJ', permissionGroupName: 'Public' }, // Fiji | ||
{ entityCode: 'CK', permissionGroupName: 'Public' }, // Cook Islands | ||
{ entityCode: 'PG', permissionGroupName: 'Public' }, // Papua New Guinea | ||
{ entityCode: 'SB', permissionGroupName: 'Public' }, // Solomon Islands | ||
{ entityCode: 'TK', permissionGroupName: 'Public' }, // Tokelau | ||
{ entityCode: 'VE', permissionGroupName: 'Public' }, // Venezuela | ||
{ entityCode: 'WS', permissionGroupName: 'Public' }, // Samoa | ||
{ entityCode: 'KI', permissionGroupName: 'Public' }, // Kiribati | ||
{ entityCode: 'TO', permissionGroupName: 'Public' }, // Tonga | ||
{ entityCode: 'NG', permissionGroupName: 'Public' }, // Nigeria | ||
{ entityCode: 'VU', permissionGroupName: 'Public' }, // Vanuatu | ||
{ entityCode: 'AU', permissionGroupName: 'Public' }, // Australia | ||
{ entityCode: 'PW', permissionGroupName: 'Public' }, // Palau | ||
{ entityCode: 'TL', permissionGroupName: 'Public' }, // Timor-Leste | ||
{ entityCode: 'NU', permissionGroupName: 'Public' }, // Niue | ||
{ entityCode: 'TV', permissionGroupName: 'Public' }, // Tuvalu |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This list is copied across and used in a few different places (tupaia-web-server, web-config-server, datatrak-web-server). I'm inclined to keep it as is because:
- I like having something like a public access list be explicit
- It's possible that we'd like these apps to deviate (not so much tuapia-web and web-config-server, but datatrak-web it does make sense)
- There doesn't seem to be a comfortable place to put this (perhaps in
utils
we coud add aconstants
module?)
{ entityCode: 'VU', permissionGroupName: 'Public' }, // Vanuatu | ||
{ entityCode: 'AU', permissionGroupName: 'Public' }, // Australia | ||
{ entityCode: 'PW', permissionGroupName: 'Public' }, // Palau | ||
{ entityCode: 'TL', permissionGroupName: 'Public' }, // Timor-Leste |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We do have some hardcoded logic in web-config-server
somewhere that 'turns off' TL for users, which gets carried through to datatrak-web
and tupaia-web
as a result - not sure if we should remove TL from this list, just so that it isn't confusing for developers down the line?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahh good catch! Will remove this
})), | ||
); | ||
|
||
await models.userEntityPermission.createMany( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be being a bit dense here, but is this the same as above?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not dense!! Good catch!
@@ -0,0 +1,170 @@ | |||
/* | |||
* Tupaia | |||
* Copyright (c) 2017 - 2021 Beyond Essential Systems Pty Ltd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Copyright (c) 2017 - 2021 Beyond Essential Systems Pty Ltd | |
* Copyright (c) 2017 - 2024 Beyond Essential Systems Pty Ltd |
{ entityCode: 'VU', permissionGroupName: 'Public' }, // Vanuatu | ||
{ entityCode: 'AU', permissionGroupName: 'Public' }, // Australia | ||
{ entityCode: 'PW', permissionGroupName: 'Public' }, // Palau | ||
{ entityCode: 'TL', permissionGroupName: 'Public' }, // Timor-Leste |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, with TL perhaps?
@@ -13,13 +13,20 @@ import { bindUserSessions } from './authSession'; | |||
import { modelClasses } from './models'; | |||
import { handleError, logApiRequest } from './utils'; | |||
import './log'; | |||
import { initialiseApiClient } from '@tupaia/server-boilerplate'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just need to reorder these imports
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work, thanks for the changes!
Issue #: RN-1105
This change is to allow for different passwords for the api-client users between different environments. Because those api-client users are stored in the database, they get copied with the overnight clone. So in order for them to be different between enviroments, we need to automatically change their credentials somehow.
The solution we came up with is to initialise the api-client user whenever we instantiate one of the orchestration servers. Think of it as the orchestration server 'registering' itself with Tupaia.
Merge tasks:
API_CLIENT_PASSWORD
values in devAPI_CLIENT_PASSWORD
values to local