Contour WebApp Bootstrap
When the Contour Web App starts for the first time (e.g. after deployment), the app loads file bootstrap.json (if any) placed under the app directory (e.g. /opt/api-service), which allow bootstrapping Roles and Users without having to create manually afterwards.
Bootstrap Roles
The json template of a role definition:
isNodeAdmin: true|false, whether this role is the built-in application administrator that have highest privilegesname: string, name of the role, e.g.DC MakerldapGroup: string, name of the AD group to be mapped to this role if Single-sign-on is enabled with either LDAP or SAML2.0, e.g.contour-makersor set tonullif not yet knownentsAccess: string, the x500 name of the corda name the webapp connecting to, e.g."O=SureBank,L=Tokyo,C=JP"productAccess: list, the list of products this role has access to, e.g.["DC_IMPORT","DC_EXPORT","ESSDOCS"]. The possible values areDC_IMPORT: for import documentary creditDC_EXPORT: for export documentary creditESSDOC: for essDocs document (if essDocs integration enabled)
businessAccess: list, types of actions this role has access to the product, e.g.["READ","CREATE"]. The possible values areREAD: view only,CREATE: create/draft new transaction, i.e. for makerCHECK: verify/reject drafted transaction, i.e. for checkerAPPROVE: approve/reject verified transaction, i.e. for approver
reportAccess: list, e.g.["AUDIT_USERS","AUDIT_TRANSACTIONS"]AUDIT_USERS:AUDIT_TRANSACTIONS:
roleEditing: true|false, whether this role has access to manage (create/update/deactivate) rolesuserEditing: true|false, whether this role has access to manage (create/update/deactivate) usersclientAuthzEditing: true|false, for bank node only, whether this role has access to client authorizationauthzMatrixEditing: true|false, whether this role has access to manage (create/update/delete) authorization matrixfxrateEditing: true|false, whether this role has access to manage (create/update/delete) foreign exchange (FX) rates
Example json template for Node Admin:
{
"builtin": true,
"businessAccess": [],
"clientAuthzEditing": false,
"fxrateEditing": false,
"isNodeAdmin": true,
"ldapGroup": "nodeadmins",
"name": "Node admin",
"productAccess": [],
"roleEditing": true,
"status": {
"approvedBy": null,
"createdBy": null
},
"userEditing": true
}
Bootstrap Users
One or more users can be bootstrapped, and assigned them with nodeadmin permissions.
The json template of a user definition:
{
"isNodeAdmin": true,
"username": "nodeadmin1",
"password": "",
"email": "user@email.com"
}
Other Bootstraps
Authorization matrix
fillAuthzMatrix: true|false.- If set to
false, the administrator will have to create one more entries in the authorization matrix otherwise users will be blocked from making any LC related action. - If set to
true, one default entry will be created and it will allow any amount on LC to all user roles.
- If set to
fillFxRate: true|false.
A Complete Example
A complete example of bootstrap.json.
{
"fillAuthzMatrix": true,
"fillFxRate": true,
"roles": [
{
"builtin": true,
"businessAccess": [],
"clientAuthzEditing": false,
"fxrateEditing": false,
"isNodeAdmin": true,
"ldapGroup": "nodeadmins",
"name": "Node admin",
"productAccess": [],
"roleEditing": true,
"status": {
"approvedBy": null,
"createdBy": null
},
"userEditing": true
}
],
"users": [
{
"email": "nodeadmin1@email.com",
"isNodeAdmin": true,
"isMaker": false,
"isChecker": false,
"isApprover": false,
"password": "yourpassword",
"username": "Node admin one"
},
{
"email": "nodeadmin2@email.com",
"isNodeAdmin": true,
"isMaker": false,
"isChecker": false,
"isApprover": false,
"password": "yourpassword",
"username": "Node admin two"
}
]
}