Contour WebApp Bootstrap
When the Contour Web App starts for the first time (e.g. after deployment), the app loads file bootstrap.json (if any) placed under the app directory (e.g. /opt/api-service), which allow bootstrapping Roles and Users without having to create manually afterwards.
Bootstrap Roles
The json template of a role definition:
isSuperAdmin: true|false, whether this role is the built-in application administrator that have highest privilegesname: string, name of the role, e.g.DC MakerldapGroup: string, name of the AD group to be mapped to this role if Single-sign-on is enabled with either LDAP or SAML2.0, e.g.contour-makersor set tonullif not yet knownentsAccess: list, the x500 name of the corda name the webapp connecting to, e.g.["O=SureBank,L=Tokyo,C=JP"]productAccess: list, the list of products this role has access to, e.g.["DC_IMPORT","DC_EXPORT","ESSDOCS"]. The possible values areDC_IMPORT: for import documentary creditDC_EXPORT: for export documentary creditESSDOC: for essDocs document (if essDocs integration enabled)
businessAccess: list, types of actions this role has access to the product, e.g.["READ","CREATE"]. The possible values areREAD: view only,CREATE: create/draft new transaction, i.e. for makerCHECK: verify/reject drafted transaction, i.e. for checkerAPPROVE: approve/reject verified transaction, i.e. for approver
reportAccess: list, e.g.["AUDIT_USERS","AUDIT_TRANSACTIONS"]AUDIT_USERS:AUDIT_TRANSACTIONS:
roleEditing: true|false, whether this role has access to manage (create/update/deactivate) rolesuserEditing: true|false, whether this role has access to manage (create/update/deactivate) usersclientAuthzEditing: true|false, for bank node only, whether this role has access to client authorizationauthzMatrixEditing: true|false, whether this role has access to manage (create/update/delete) authorization matrixfxrateEditing: true|false, whether this role has access to manage (create/update/delete) foreign exchange (FX) rates
Example json template for maker:
{
"isSuperAdmin": false,
"name": "DC Makers",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CREATE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"clientAuthzEditing": false,
"authzMatrixEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
}
Bootstrap Users
One or more users can be bootstrapped, and the assigned them with superadmin permissions.
The json template of a user definition:
{
"isSuperAdmin": true,
"username": "sysadmin1",
"password": "",
"email": "user@email.com"
}
Other Bootstraps
Authorization matrix
fillAuthzMatrix: true|false.- If set to
false, the administrator will have to create one more entries in the authorization matrix otherwise users will be blocked from making any LC related action. - If set to
true, one default entry will be created and it will allow any amount on LC to all user roles.
- If set to
fillFxRate: true|false.
A Complete Example
A complete example of bootstrap.json.
{
"users":[
{
"isSuperAdmin": true,
"username": "sysadmin1",
"password": "",
"email": "user@email.com"
},
{
"isSuperAdmin": true,
"username": "sysadmin1",
"password": "",
"email": "user@email.com"
}
],
"roles": [
{
"isSuperAdmin": false,
"name": "DC Makers",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CREATE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"authzMatrixEditing": false,
"clientAuthzEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
},
{
"isSuperAdmin": false,
"name": "DC Checkers",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CHECK"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"authzMatrixEditing": false,
"clientAuthzEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
},
{
"isSuperAdmin": false,
"name": "DC Approvers",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","APPROVE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"authzMatrixEditing": false,
"clientAuthzEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
},
{
"isSuperAdmin": false,
"name": "User Administrators",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CREATE","CHECK","APPROVE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": true,
"userEditing": true,
"authzMatrixEditing": true,
"clientAuthzEditing": true,
"fxrateEditing": true,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
},
{
"isSuperAdmin": true,
"name": "superadmin",
"ldapGroup": null,
"entsAccess": [],
"productAccess": [],
"businessAccess": ["READ"],
"reportAccess": ["AUDIT_USERS"],
"roleEditing": true,
"userEditing": true,
"authzMatrixEditing": false,
"clientAuthzEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
}
],
"fillAuthzMatrix": "true",
"fillFxRate": "true"
}