Add RBAC sample to CI (#251)

.github/workflows/cd.yml

@@ -19,7 +19,7 @@ jobs:
       ResourceGroupLocation: "southcentralus"
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           persist-credentials: false

.github/workflows/ci.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -35,7 +35,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -51,7 +51,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -61,3 +61,19 @@ jobs:
           cacheFrom: ghcr.io/microsoft/ccf-samples-devcontainer
           runCmd: |
             cd data-reconciliation-app && make unit-test && make test
+
+  decentralized-rbac-app-sample:
+    name: Decentralized RBAC app sample
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Build samples in DevContainer
+        uses: devcontainers/[email protected]
+        with:
+          cacheFrom: ghcr.io/microsoft/ccf-samples-devcontainer
+          runCmd: |
+            cd decentralized-rbac-app && make test

README.md

@@ -21,7 +21,7 @@ Please choose a sample to learn more.
 - [Auditable Logging App](./auditable-logging-app/README.md)
 - [Banking App](./banking-app/README.md)
 - [Data Reconciliation App](./data-reconciliation-app/README.md)
-- [Decentralized RBAC App](./decentralize-rbac-app/README.md)
+- [Decentralized RBAC App](./decentralized-rbac-app/README.md)
 
 ## Contributing
 

data-reconciliation-app/README.md

@@ -93,7 +93,7 @@ Now the environment is ready, and there are several scenarios that could be exec
 - **Run the application's unit tests**
   - `make unit-test`
 
-These are the main scenarios; more commands are available at makefile and are described in the following section.
+These are the main scenarios; more commands are defined in `Makefile` and are described in the following section.
 
 ### Make file
 

decentralize-rbac-app/README.md → decentralized-rbac-app/README.md

@@ -17,10 +17,10 @@ The application consists of three parts:
 (iii) Authorization
 
 - Role and User Management
-  - /{role}/roles/{action}: add a role and allowed action. Requires member auth.
-  - /{user_id}/users/{role}: add a user and the role. Requires member auth.
+  - `PUT /{role}/roles/{action}`: Add a permitted action for a given role. Requires member cert auth.
+  - `PUT /{user_id}/users/{role}`: Assign a specific role to a given user. Requires member cert auth.
 - Authorization
-  - /{user_id}/action/{actionName} - Authorize a user and action. Requires user auth.
+  - `GET /{user_id}/action/{actionName}` - Check whether a user is permitted to make a given action. Requires user cert auth.
 
 ### Repository Layout
 
@@ -34,7 +34,7 @@ The application consists of three parts:
 │    └── utils          utility classes
 └── test                end-to-end tests
 └── docker              Contains the Dockerfile to build the virtual and enclave image
-└── governance          
+└── governance
     └── constitution    Default constitution used for the tests
     └── nodes           Config file for the virtual and enclave sandbox deployment
     └── scripts         Scripts to generate member and user certs for running tests
@@ -70,27 +70,27 @@ Now the environment is ready, and there are several scenarios that could be exec
 
   - `make start-host`
 
-These are the main scenarios; more commands are available at makefile and are described in the following section.
+These are the main scenarios; more commands are defined in `Makefile` and are described in the following section.
 
 ### Make file
 
 A Makefile provides a front-end to interact with the project. It is used both locally, during CI, and on GitHub Actions. This Makefile is self-documented, and has the following targets:
 
 ```text
 help                 💬 This help message :)
-build                🔨 Build the Application
+build                🔨 Build the decentralized-rbac Application
 build-virtual        📦 Build Virtual container image from Dockerfile
 build-enclave        📦 Build Enclave container image from Dockerfile
-start-host           🏃 Start the CCF network using Sandbox.sh
-test                 🧪 Test the Data Reconciliation Application in the sandbox
-test-docker-virtual  🧪 Test the Data Reconciliation Application in a Docker sandbox
-test-docker-enclave  🧪 Test the Data Reconciliation Application in a Docker enclave
+test                 🧪 Test the decentralized-rbac Application in the sandbox
+test-docker-virtual  🧪 Test the decentralized-rbac Application in a Docker sandbox
+test-docker-enclave  🧪 Test the decentralized-rbac Application in a Docker enclave
+start-host           🏁 Start the CCF Sandbox for the demo
 clean                🧹 Clean the working folders created during build/demo
 ```
 
 ## Testing
 
 ```bash
-cd data-reconciliation-app    # Navigate to reconciliation sample folder
+cd decentralized-rbac-app      # Navigate to RBAC sample folder
 make test                     # Run the end-to-end(e2e) tests
-```
+```

decentralize-rbac-app/src/endpoints/authz.ts → decentralized-rbac-app/src/endpoints/authz.ts

@@ -3,15 +3,14 @@ import { ApiResult, CCFResponse } from "../utils/api-result";
 import authenticationService from "../services/authentication-service";
 import authzService from "../services/authz-service";
 import { ServiceResult } from "../utils/service-result";
-import { Service } from "protobufjs";
 
 /**
  * HTTP GET Handler for checking if a user exists
  * @param {ccfapp.Request<any>} request - mTLS request with userId and CSV file for ingestion
  * @returns {ServiceResult<string>} - data has been ingested successfully
  */
 export function authorize(
-  request: ccfapp.Request<any>,
+  request: ccfapp.Request<any>
 ): ccfapp.Response<CCFResponse> {
   // check if caller has a valid identity
   const isValidIdentity = authenticationService.isAuthenticated(request);
@@ -27,8 +26,8 @@ export function authorize(
           errorMessage: "userId and action are required",
           errorType: "InvalidData",
         },
-        400,
-      ),
+        400
+      )
     );
   }
 

scripts/devContainer_OnStart.sh

@@ -5,6 +5,7 @@ set -euo pipefail
 npm install --prefix=banking-app
 npm install --prefix=auditable-logging-app
 npm install --prefix=data-reconciliation-app
+npm install --prefix=decentralized-rbac-app
 
 # Create the JWT issuer config files for (Test - Microsoft Azure Identity Provider).
 npm run create-jwt-config --prefix=data-reconciliation-app