| Project | Quality Gate | Bugs | Code Smells | Coverage | Duplicated Lines (%) |
|---|---|---|---|---|---|
| Access Management | |||||
| Authorization |
SonarCloud quality metrics for main, refreshed by the nightly scan.
Authorization and access management for the Altinn 3 platform. This repository holds the Policy Decision Point (PDP) and Policy Enforcement Point (PEP) that authorize users, systems, and organizations accessing the platform, together with the Access Management services that administer rights and delegations for apps, resources, and API schemes.
| Path | Contents |
|---|---|
src/apps/Altinn.Authorization |
Authorization app: access control (PDP) and policy enforcement (PEP). |
src/apps/Altinn.AccessManagement |
Access Management app: rights and delegation administration. |
src/apps/Altinn.Register |
Vendored copy of Register, maintained in altinn-register. |
src/libs |
Shared libraries (Api.Contracts, Host, Integration). |
src/pkgs |
Published NuGet packages (Altinn.Authorization.ABAC, Altinn.Common.PEP). |
src/tools |
The Altinn.Authorization.Cli command-line tool. |
docs |
Documentation (see Documentation). |
eng |
Build, test, and coverage scripts. |
infra |
Infrastructure as code. |
- .NET SDK 10.0
- A container runtime, Docker or Podman, for integration tests and local services
- PowerShell 7+
- Just for the local-development commands
dotnet build Altinn.Authorization.sln
dotnet test # unit + integration
dotnet test -- --filter-trait "Category=Unit" # unit tests onlyIntegration tests need a running container runtime. See the testing guide for the full picture.
dotnet run --project src/apps/Altinn.Authorization/src/Altinn.Authorization
dotnet run --project src/apps/Altinn.AccessManagement/src/Altinn.AccessManagementEach app exposes a Swagger UI on startup. Running against a real database needs the local-development setup below.
Additional tooling for working against Azure-backed dependencies: Azure CLI, kubectl, kubelogin.
Sign in with your ai-dev or ai-prod account so the test-tool secrets can be
fetched:
az loginReplace <subscription-id> and <key-vault-name> with the values for your Azure
environment.
just dev # starts PostgreSQL and supporting services via the container runtime
dotnet user-secrets set "PostgreSQLSettings:AdminConnectionString" $(just dev-pgsql-connection-string) --id Altinn.Authorization
dotnet user-secrets set "PostgreSQLSettings:AuthorizationDbAdminPwd" admin --id Altinn.Authorization
dotnet user-secrets set "PostgreSQLSettings:ConnectionString" $(just dev-pgsql-connection-string) --id Altinn.Authorization
dotnet user-secrets set "PostgreSQLSettings:AuthorizationDbPwd" admin --id Altinn.Authorization
az account set --subscription <subscription-id>
dotnet user-secrets set "Platform:Token:TestTool:Endpoint" $(az keyvault secret show --id=https://<key-vault-name>.vault.azure.net/secrets/Platform--Token--TestTool--Endpoint --query value --output tsv) --id Altinn.Authorization
dotnet user-secrets set "Platform:Token:TestTool:Password" $(az keyvault secret show --id=https://<key-vault-name>.vault.azure.net/secrets/Platform--Token--TestTool--Password --query value --output tsv) --id Altinn.Authorization
dotnet user-secrets set "Platform:Token:TestTool:Username" $(az keyvault secret show --id=https://<key-vault-name>.vault.azure.net/secrets/Platform--Token--TestTool--Username --query value --output tsv) --id Altinn.AuthorizationOpen http://localhost:8000 and log in with
admin@admin.com / admin, then:
- Create the
authorizationdbdatabase. - Create two login roles with privileges on it:
platform_authorization(can_login)platform_authorization_admin(can_login,superuser)
- Testing guide: how the test suite is organised and run.
- SonarCloud: static analysis, exclusions, and the quality gate.
Open a pull request against main. CI builds and tests the verticals affected
by your change.
Report security vulnerabilities as described in SECURITY.md.
Licensed under the MIT License.