Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-4014

The deployment of the GPII-3717 work to enhance logon procedure from NOVA


    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      • Deployment steps:
        1. Shut down the cloud service;
        2. An ops team member runs this curl command that outputs all client credentials into a file:
        curl {Couch-db-url}/gpii/_design/views/_view/findDocsByType?key=%22clientCredential%22 > clientCredentials.json

        3. Sends the output file "clientCredentials.json" to Javi;
        4. Javi identifies the client credential ID created for NOVA;
        5. Assuming the NOVA client credential ID identified at step 4 is "aaa-bbb-ccc", an ops team member runs this command in the universal root directory:

        node ./scripts/migration/migration-GPII-3711.js {Couch-db-url}/gpii "aaa-bbb-ccc"

        6. An ops team member or(and) a developer performs some random checks on CouchDB data, especially client credentials. To understand what this migration does:
        (1) Add 4 new fields to all "clientCredential" documents: allowedIPBlocks, allowedPrefsToWrite, isCreateGpiiKeyAllowed, isCreatePrefsSafeAllowed;
        Now, Nova client credential looks like:

          "_id": "aaa-bbb-ccc",
          "_rev": "???",
          "type": "clientCredential",
          "schemaVersion": "0.2",
          "clientId": "gpiiAppInstallationClient-1",
          "oauth2ClientId": "???",
          "oauth2ClientSecret": "???",
          "allowedIPBlocks": null,
          "allowedPrefsToWrite": [
          "isCreateGpiiKeyAllowed": true,
          "isCreatePrefsSafeAllowed": true,
          "revoked": false,
          "revokedReason": null,
          "timestampCreated": "2019-1-21T18:11:22.101Z",
          "timestampRevoked": null

        Non-Nova client credentials look like:

          "_id": "non-nova",
          "_rev": "???",
          "type": "clientCredential",
          "schemaVersion": "0.2",
          "clientId": "gpiiAppInstallationClient-1",
          "oauth2ClientId": "???",
          "oauth2ClientSecret": "???",
          "allowedIPBlocks": null,
          "allowedPrefsToWrite": null,
          "isCreateGpiiKeyAllowed": false,
          "isCreatePrefsSafeAllowed": false,
          "revoked": false,
          "revokedReason": null,
          "timestampCreated": "2019-1-21T18:11:22.101Z",
          "timestampRevoked": null

        (2) Bump schemaVersion value from 0.1 to 0.2 for all documents that have schemaVersion field. Note that views doc doesn't have this field;
        (3) if the document has "timestampUpdated" field, it should have been set to the timestamp when the migration runs.
        Now the NOVA client credential looks like:
        For example, running the curl command below fetches carla's document. This document should have "schemaVersion" valued as "0.2" and "timestampUpdated" being set to the migration timestamp.

        curl http://localhost:25984/gpii/carla

        7. Data migration completes;
        8. Deploy the universal docker image that includes the GPII-3717 work to the Cloud;
        9. Deployment completes;
        10. Start the Cloud service.

      • Test Plan after the Deployment:
        1. Morphic installations that use the NOVA client credential are able to create new GPII keys and prefs safes;
        2. Morphic installations that use non-NOVA client credentials are not able to create new GPII keys and prefs safes. These requests will be rejected with an "unauthorized" message;
        3. Use a Morphic installation having the NOVA client credential to save preferences that contain one or more pref keys that are not in this list. This request will be rejected with an "unauthorized" message.
        4. Use a Morphic installation that uses the version of pre-GPII-3711 universal source code operates the same as the post-GPII-3711 code, as described in test plan 1 & 2.

      Javier Hern√°ndez, Antranig Basman, Tyler Roscoe, kavya: Please let me know if anything in this ticket does not make sense. Thanks.


          Issue Links



              • Assignee:
                cli@ocad.ca Cindy Qi Li
                cli@ocad.ca Cindy Qi Li
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created: