Registry of identities

Quickstart

Example data

"identities" = [{
    "uuid": "identity-62936e70-1815-439b-bf89-8492855a7e6b",
    "email": "test+publisher@hetzner.co.za",
    "roles": {
        "staff": {
            "department": "technical"
         },
         "configuration_publisher": {
             "configuration_identifiers": ["*"]
         }
    }
}]

Directory

Create a directory provider

require 'soar/registry/directory'
directory_provider = Soar::Registry::Directory::Provider::Stub.new(
  table: "identities",
  index: ["uuid", "email"]
)

Create a directory

directory = Soar::Registry::Directory.new(directory_provider)

Staff UUID IDR

Search for roles, attributes or identifiers by UUID. Used by policies to determine authorization.

Create an identity provider.

require 'soar/registry/identity'
identity_provider = Soar::Registry::Identity::Provider::Staff::Id.new(directory: directory)

Create an IDR

@id_idr = Soar::Registry::Identity.new(identity_provider)

Staff Email IDR

Search for identifiers by email address. Used by soar-authentication-identity to translate an authenticated identifier to an UUID.

require 'soar/registry/identity'
identity_provider = Soar::Registry::Identity::Provider::Staff::Email.new(directory: directory)

@email_idr = Soar::Registry::Identity.new(identity_provider)

Getting a list of identifiers

> identifiers = @id_idr.get_identifiers("identity-820d5660-2204-4f7d-8c04-746313439b81") 
> identifiers = @email_idr.get_identifiers("admin@hetzner.co.za") 
> puts identifiers.inspect
["admin@hetzner.co.za", "identity-820d5660-2204-4f7d-8c04-746313439b81"]

Getting a list of roles

> roles = @id_idr.get_roles("identity-820d5660-2204-4f7d-8c04-746313439b81")
> puts roles.inspect
["staff", "configuration_publisher", "configuration_consumer"]

Getting a hash of attributes for a role

> role = 'staff'
> attributes = @id_idr.get_attributes("identity-820d5660-2204-4f7d-8c04-746313439b81", role)
> puts attributes.inspect
{
    "staff": {
        "department": "technical"
    }
}

Getting a hash of all attributes

> attributes = @id_idr.get_attributes("identity-820d5660-2204-4f7d-8c04-746313439b81")
> puts attributes.inspect
{
    "identity_id" => "identity-820d5660-2204-4f7d-8c04-746313439b81",
    "entity_id"=> "entity-bad85eb9-0713-4da7-8d36-07a8e4b00eab",
    "email"=> "admin@hetzner.co.za",
    "roles"=> {
        "staff"=> {},
        "configuration_publisher"=> {
            "configuration_identifiers"=> ["*"]
        },
        "configuration_consumer"=> {
            "configuration_identifiers"=> ["*"]
        }
    },
    "address"=> {
        "detail"=> "Belvedere Office Park, Unit F",
        "street"=> "Bella Rosa Street",
        "suburb"=> "Tygervalley",
        "city"=> "Durbanville",
        "postal"=> "7550"
    }
}

Tests

Local

$ bundle exec rspec 

CI

docker-compose --file docker-compose.ci.yml  up --abort-on-container-exit --remove-orphans --build --force-recreate
EXIT_CODE=$(docker ps -a -f "name=soar-registry-identity-provider-staff" -q | xargs docker inspect -f "{{ .State.ExitCode }}");
exit $EXIT_CODE;

Resources

• DynamoDBLocal
• Multiple AWS Credentials
• AWS SDK for Ruby

References

• soar idm
• Domain analysis
• staff idr