| `AZURE_INVALID_EMAIL` | ex. `invalid.test@email.com` | Invalid Email for Testing | no | -- |
| `AZURE_INVALID_APP_ID` | ex. `03015fad-093c-424a-a7c4-42ed9993f9e3` | Invalid Appilication Identity for Testing | no | -- |
| `AZURE_INVALID_ID` | ex. `03012fadBADX424a-a7c4-42ed9993f9e3` | Invalid Identity for Testing | no | -- |
### Configure Maven
...
...
@@ -127,7 +137,140 @@ Jet Brains - the authors of Intellij IDEA, have written an [excellent guide](htt
## Configuring User Entitlements
As of now, the management APIs that enable user entitlements to be configured are a WIP. Until they are complete, here is how you can configure user entitlements manually.
Here is how you can configure user entitlements via the Azure specific API.
###Create a new user or service principal.
The request body contains the user or service principal to create in JSON format. At a minimum, you must specify the required properties for the user or service principal.
The required properties for a user or service principal is the uid and one tenant with one group. The uid is either a user email or a service principal UUID.
You can optionally specify any additional tenants and groups.
####Permissions
The following permission is required to call this API.
service.entitlements.admin
##### POST /profile
| header | value | required |
| --- | --- | --- |
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
| Request body | In the request body, supply a JSON representation of user object. | Yes |
The following table lists the properties that are required when you create a user. .
| Property | Type | Description | Required |
| --- | --- | --- | --- |
| uid | user email or service principal UUID. | The user email or service principal UUID. | Yes |
| id | OID | The OID for the user or service principal. | No value required. |
| tenants| list of TenantInfo | The tenants for the user or service principal. | Yes. |
##### Response
If successful, this method returns 201 response code and user object in the response body.
##### Example: Create a user
##### Request
Here is an example of the request.
###### POST /profile
###### Content-type: application/json
```json
{
"id":"",
"uid":"erik.leckner@wipro.com",
"tenants":[
{
"name":"$SOME_OSDU_TENANT",
"groups":[
"service.storage.admin",
"service.legal.admin",
"data.datalake.admin",
"data.datalake.viewer",
"data.default.viewer"
]
},
{
"name":"$ANOTHER_OSDU_TENANT",
"groups":[
"service.storage.admin"
]
}
]
}
```
In the request body, supply a JSON representation of user object.
###Update a user or service principal.
The request body contains the user or service principal to update in JSON format. At a minimum, you must specify the required properties for the user or service principal.
The required properties for a user or service principal is the uid and one tenant with one group. The uid is either a user email or a service principal UUID.
You can optionally specify any additional tenants and groups.
####Permissions
The following permission is required to call this API.
service.entitlements.admin
##### PUT /profile
| header | value | required |
| --- | --- | --- |
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
| Request body | In the request body, supply a JSON representation of user object. | Yes |
The following table lists the properties that are required when you create a user. .
| Property | Type | Description | Required |
| --- | --- | --- | --- |
| uid | user email or service principal UUID. | The user email or service principal UUID. | Yes |
| id | OID | The OID for the user or service principal. | No value required. |
| tenants| list of TenantInfo | The tenants for the user or service principal. | Yes. |
##### Response
If successful, this method returns 200 response code and user object in the response body.
##### Example: Update a user
##### Request
Here is an example of the request.
###### PUT /profile
###### Content-type: application/json
```json
{
"id":"",
"uid":"erik.leckner@wipro.com",
"tenants":[
{
"name":"$SOME_OSDU_TENANT",
"groups":[
"service.storage.admin",
"service.legal.admin",
"data.datalake.admin",
"data.datalake.viewer"
]
},
{
"name":"$ANOTHER_OSDU_TENANT",
"groups":[
"service.storage.admin"
]
}
]
}
```
In the request body, supply a JSON representation of user object.
## Configuring User Entitlements (Deprecated)
Here is how you can configure user entitlements manually.
- Identify the correct CosmosDB account. This can be found in the output of the infrastructure template. Alternatively, you should be able to identify it as the singular CosmosDB account that is provisioned in the resource group that hosts the this service
- Use the `Data Explorer` tool in the CosmosDB UI and navigate to the `UserInfo` container
...
...
@@ -136,7 +279,8 @@ As of now, the management APIs that enable user entitlements to be configured ar
- If the user does not exist, you can add a document that has the following schema. The exact groups you wish to provision to the user will most likely be different, so be sure to add/remove the appropriate roles. The below listing represents a user with full access to all services.