Skip to content

Altinn/altinn-authorization-tmp

Repository files navigation

Project Quality Gate Bugs Code Smells Coverage Duplicated Lines (%)
Access Management Quality Gate Status Bugs Code Smells Coverage Duplicated Lines (%)
Authorization Quality Gate Status Bugs Code Smells Coverage Duplicated Lines (%)

SonarCloud quality metrics for main, refreshed by the nightly scan.

Altinn Authorization

Authorization and access management for the Altinn 3 platform. This repository holds the Policy Decision Point (PDP) and Policy Enforcement Point (PEP) that authorize users, systems, and organizations accessing the platform, together with the Access Management services that administer rights and delegations for apps, resources, and API schemes.

Repository structure

Path Contents
src/apps/Altinn.Authorization Authorization app: access control (PDP) and policy enforcement (PEP).
src/apps/Altinn.AccessManagement Access Management app: rights and delegation administration.
src/apps/Altinn.Register Vendored copy of Register, maintained in altinn-register.
src/libs Shared libraries (Api.Contracts, Host, Integration).
src/pkgs Published NuGet packages (Altinn.Authorization.ABAC, Altinn.Common.PEP).
src/tools The Altinn.Authorization.Cli command-line tool.
docs Documentation (see Documentation).
eng Build, test, and coverage scripts.
infra Infrastructure as code.

Getting started

Prerequisites

Build and test

dotnet build Altinn.Authorization.sln
dotnet test                                          # unit + integration
dotnet test -- --filter-trait "Category=Unit"        # unit tests only

Integration tests need a running container runtime. See the testing guide for the full picture.

Run an app

dotnet run --project src/apps/Altinn.Authorization/src/Altinn.Authorization
dotnet run --project src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement

Each app exposes a Swagger UI on startup. Running against a real database needs the local-development setup below.

Local Development Environment

Additional tooling for working against Azure-backed dependencies: Azure CLI, kubectl, kubelogin.

1. Sign in to Azure

Sign in with your ai-dev or ai-prod account so the test-tool secrets can be fetched:

az login

2. Start dependencies and configure secrets

Replace <subscription-id> and <key-vault-name> with the values for your Azure environment.

just dev   # starts PostgreSQL and supporting services via the container runtime

dotnet user-secrets set "PostgreSQLSettings:AdminConnectionString" $(just dev-pgsql-connection-string) --id Altinn.Authorization
dotnet user-secrets set "PostgreSQLSettings:AuthorizationDbAdminPwd" admin --id Altinn.Authorization
dotnet user-secrets set "PostgreSQLSettings:ConnectionString" $(just dev-pgsql-connection-string) --id Altinn.Authorization
dotnet user-secrets set "PostgreSQLSettings:AuthorizationDbPwd" admin --id Altinn.Authorization

az account set --subscription <subscription-id>

dotnet user-secrets set "Platform:Token:TestTool:Endpoint" $(az keyvault secret show --id=https://<key-vault-name>.vault.azure.net/secrets/Platform--Token--TestTool--Endpoint --query value --output tsv) --id Altinn.Authorization
dotnet user-secrets set "Platform:Token:TestTool:Password" $(az keyvault secret show --id=https://<key-vault-name>.vault.azure.net/secrets/Platform--Token--TestTool--Password --query value --output tsv) --id Altinn.Authorization
dotnet user-secrets set "Platform:Token:TestTool:Username" $(az keyvault secret show --id=https://<key-vault-name>.vault.azure.net/secrets/Platform--Token--TestTool--Username --query value --output tsv) --id Altinn.Authorization

3. Bootstrap the database

Open http://localhost:8000 and log in with admin@admin.com / admin, then:

  1. Create the authorizationdb database.
  2. Create two login roles with privileges on it:
    • platform_authorization (can_login)
    • platform_authorization_admin (can_login, superuser)

Documentation

  • Testing guide: how the test suite is organised and run.
  • SonarCloud: static analysis, exclusions, and the quality gate.

Contributing

Open a pull request against main. CI builds and tests the verticals affected by your change.

Security

Report security vulnerabilities as described in SECURITY.md.

License

Licensed under the MIT License.

About

Altinn Authorization provides access management for services

Resources

License

Code of conduct

Security policy

Stars

2 stars

Watchers

3 watching

Forks

Packages

 
 
 

Contributors