Contour WebApp Bootstrap
When the Contour Web App starts for the first time (e.g. after deployment), the app loads file bootstrap.json
(if any) placed under the app directory (e.g. /opt/api-service
), which allow bootstrapping Roles
and Users
without having to create manually afterwards.
Bootstrap Roles
The json template of a role definition:
isNodeAdmin
: true|false, whether this role is the built-in application administrator that have highest privilegesname
: string, name of the role, e.g.DC Maker
ldapGroup
: string, name of the AD group to be mapped to this role if Single-sign-on is enabled with either LDAP or SAML2.0, e.g.contour-makers
or set tonull
if not yet knownentsAccess
: string, the x500 name of the corda name the webapp connecting to, e.g."O=SureBank,L=Tokyo,C=JP"
productAccess
: list, the list of products this role has access to, e.g.["DC_IMPORT","DC_EXPORT","ESSDOCS"]
. The possible values areDC_IMPORT
: for import documentary creditDC_EXPORT
: for export documentary creditESSDOC
: for essDocs document (if essDocs integration enabled)
businessAccess
: list, types of actions this role has access to the product, e.g.["READ","CREATE"]
. The possible values areREAD
: view only,CREATE
: create/draft new transaction, i.e. for makerCHECK
: verify/reject drafted transaction, i.e. for checkerAPPROVE
: approve/reject verified transaction, i.e. for approver
reportAccess
: list, e.g.["AUDIT_USERS","AUDIT_TRANSACTIONS"]
AUDIT_USERS
:AUDIT_TRANSACTIONS
:
roleEditing
: true|false, whether this role has access to manage (create/update/deactivate) rolesuserEditing
: true|false, whether this role has access to manage (create/update/deactivate) usersclientAuthzEditing
: true|false, for bank node only, whether this role has access to client authorizationauthzMatrixEditing
: true|false, whether this role has access to manage (create/update/delete) authorization matrixfxrateEditing
: true|false, whether this role has access to manage (create/update/delete) foreign exchange (FX) rates
Example json template for maker:
{
"isNodeAdmin": false,
"name": "DC Makers",
"ldapGroup": null,
"entsAccess": "O=SureBank,L=Tokyo,C=JP",
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CREATE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"clientAuthzEditing": false,
"authzMatrixEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
}
Bootstrap Users
One or more users can be bootstrapped, and assigned them with nodeadmin permissions.
The json template of a user definition:
{
"isNodeAdmin": true,
"username": "nodeadmin1",
"password": "",
"email": "user@email.com"
}
Other Bootstraps
Authorization matrix
fillAuthzMatrix
: true|false.- If set to
false
, the administrator will have to create one more entries in the authorization matrix otherwise users will be blocked from making any LC related action. - If set to
true
, one default entry will be created and it will allow any amount on LC to all user roles.
- If set to
fillFxRate
: true|false.
A Complete Example
A complete example of bootstrap.json
.
{
"fillAuthzMatrix": true,
"fillFxRate": true,
"roles": [
{
"builtin": true,
"businessAccess": [],
"clientAuthzEditing": false,
"fxrateEditing": false,
"isNodeAdmin": true,
"ldapGroup": "nodeadmins",
"name": "Node admin",
"productAccess": [],
"roleEditing": true,
"status": {
"approvedBy": null,
"createdBy": null
},
"userEditing": true
}
],
"users": [
{
"email": "nodeadmin1@email.com",
"isNodeAdmin": true,
"isMaker": false,
"isChecker": false,
"isApprover": false,
"password": "yourpassword",
"username": "Node admin one"
},
{
"email": "nodeadmin2@email.com",
"isNodeAdmin": true,
"isMaker": false,
"isChecker": false,
"isApprover": false,
"password": "yourpassword",
"username": "Node admin two"
}
]
}