Skip to content

Contour WebApp Bootstrap

When the Contour Web App starts for the first time (e.g. after deployment), the app loads file bootstrap.json (if any) placed under the app directory (e.g. /opt/api-service), which allow bootstrapping Roles and Users without having to create manually afterwards.

Bootstrap Roles

The json template of a role definition:

  • isNodeAdmin: true|false, whether this role is the built-in application administrator that have highest privileges
  • name: string, name of the role, e.g. DC Maker
  • ldapGroup: string, name of the AD group to be mapped to this role if Single-sign-on is enabled with either LDAP or SAML2.0, e.g. contour-makers or set to null if not yet known
  • entsAccess : string, the x500 name of the corda name the webapp connecting to, e.g. "O=SureBank,L=Tokyo,C=JP"
  • productAccess : list, the list of products this role has access to, e.g. ["DC_IMPORT","DC_EXPORT","ESSDOCS"]. The possible values are
    • DC_IMPORT: for import documentary credit
    • DC_EXPORT: for export documentary credit
    • ESSDOC: for essDocs document (if essDocs integration enabled)
  • businessAccess: list, types of actions this role has access to the product, e.g. ["READ","CREATE"]. The possible values are
    • READ: view only,
    • CREATE: create/draft new transaction, i.e. for maker
    • CHECK: verify/reject drafted transaction, i.e. for checker
    • APPROVE: approve/reject verified transaction, i.e. for approver
  • reportAccess: list, e.g. ["AUDIT_USERS","AUDIT_TRANSACTIONS"]
    • AUDIT_USERS:
    • AUDIT_TRANSACTIONS:
  • roleEditing: true|false, whether this role has access to manage (create/update/deactivate) roles
  • userEditing: true|false, whether this role has access to manage (create/update/deactivate) users
  • clientAuthzEditing: true|false, for bank node only, whether this role has access to client authorization
  • authzMatrixEditing: true|false, whether this role has access to manage (create/update/delete) authorization matrix
  • fxrateEditing: true|false, whether this role has access to manage (create/update/delete) foreign exchange (FX) rates

Example json template for maker:

{
    "isNodeAdmin": false,
    "name": "DC Makers",
    "ldapGroup": null,
    "entsAccess": "O=SureBank,L=Tokyo,C=JP",
    "productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
    "businessAccess": ["READ","CREATE"],
    "reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
    "roleEditing": false,
    "userEditing": false,
    "clientAuthzEditing": false,
    "authzMatrixEditing": false,
    "fxrateEditing": false,
    "builtin": true,
    "status": {
        "approvedBy": null,
        "createdBy": null
    }
}

Bootstrap Users

One or more users can be bootstrapped, and assigned them with nodeadmin permissions.

The json template of a user definition:

{
    "isNodeAdmin": true,
    "username": "nodeadmin1",
    "password": "",
    "email": "user@email.com"
}

Other Bootstraps

Authorization matrix

  • fillAuthzMatrix: true|false.
    • If set to false, the administrator will have to create one more entries in the authorization matrix otherwise users will be blocked from making any LC related action.
    • If set to true, one default entry will be created and it will allow any amount on LC to all user roles.
  • fillFxRate: true|false.

A Complete Example

A complete example of bootstrap.json.

{
  "fillAuthzMatrix": true,
  "fillFxRate": true,
  "roles": [
    {
      "builtin": true,
      "businessAccess": [],
      "clientAuthzEditing": false,
      "fxrateEditing": false,
      "isNodeAdmin": true,
      "ldapGroup": "nodeadmins",
      "name": "Node admin",
      "productAccess": [],
      "roleEditing": true,
      "status": {
        "approvedBy": null,
        "createdBy": null
      },
      "userEditing": true
    }
  ],
  "users": [
    {
      "email": "nodeadmin1@email.com",
      "isNodeAdmin": true,
      "isMaker": false,
      "isChecker": false,
      "isApprover": false,
      "password": "yourpassword",
      "username": "Node admin one"
    },
    {
      "email": "nodeadmin2@email.com",
      "isNodeAdmin": true,
      "isMaker": false,
      "isChecker": false,
      "isApprover": false,
      "password": "yourpassword",
      "username": "Node admin two"
    }
  ]
}