This is an automated email from the ASF dual-hosted git repository.
lahirujayathilake pushed a commit to branch privileges-impl
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/privileges-impl by this push:
new e0dd9b03e Seed dev users and roles, take out bootstrap super admin
from main
e0dd9b03e is described below
commit e0dd9b03e7d0d6b61a8ccf7b28b17827df8a8c65
Author: lahiruj <[email protected]>
AuthorDate: Thu May 28 17:16:23 2026 -0400
Seed dev users and roles, take out bootstrap super admin from main
---
cmd/server/bootstrap.go | 43 ++++++++++++++
cmd/server/main.go | 6 +-
dev-ops/compose/seeds/dev_users_and_roles.sql | 81 +++++++++++++++++++++++++++
3 files changed, 125 insertions(+), 5 deletions(-)
diff --git a/cmd/server/bootstrap.go b/cmd/server/bootstrap.go
new file mode 100644
index 000000000..883288bbd
--- /dev/null
+++ b/cmd/server/bootstrap.go
@@ -0,0 +1,43 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package main
+
+import (
+ "context"
+ "log/slog"
+ "os"
+
+ "github.com/apache/airavata-custos/pkg/service"
+)
+
+const bootstrapAdminEmailEnv = "CUSTOS_BOOTSTRAP_ADMIN_EMAIL"
+
+// tryBootstrap runs the super_admin bootstrap if the operator set
+// CUSTOS_BOOTSTRAP_ADMIN_EMAIL. Idempotent: skips quietly when no env value
+// is set, the user does not exist, or super_admin already has a holder.
+// A bootstrap failure never blocks server start; the warning surfaces the
+// issue without crashing.
+func tryBootstrap(ctx context.Context, svc *service.Service) {
+ email := os.Getenv(bootstrapAdminEmailEnv)
+ if email == "" {
+ return
+ }
+ if err := svc.BootstrapSuperAdmin(ctx, email,
"env:"+bootstrapAdminEmailEnv); err != nil {
+ slog.Warn("bootstrap super_admin failed", "email", email,
"error", err)
+ }
+}
diff --git a/cmd/server/main.go b/cmd/server/main.go
index e74f0f42d..42b3159dd 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -80,11 +80,7 @@ func run() error {
ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt,
syscall.SIGTERM)
defer stop()
- if email := os.Getenv("CUSTOS_BOOTSTRAP_ADMIN_EMAIL"); email != "" {
- if err := svc.BootstrapSuperAdmin(ctx, email,
"env:CUSTOS_BOOTSTRAP_ADMIN_EMAIL"); err != nil {
- slog.Warn("bootstrap super_admin failed", "email",
email, "error", err)
- }
- }
+ tryBootstrap(ctx, svc)
// Tracks every background goroutine spawned by connectors so we can
wait
// for them to drain on shutdown instead of killing them mid-flight.
diff --git a/dev-ops/compose/seeds/dev_users_and_roles.sql
b/dev-ops/compose/seeds/dev_users_and_roles.sql
new file mode 100644
index 000000000..9b3477bd4
--- /dev/null
+++ b/dev-ops/compose/seeds/dev_users_and_roles.sql
@@ -0,0 +1,81 @@
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+
+-- Dev-only seed: inserts an org, four developer-facing users, and two
+-- non-system roles with sample privilege bundles. Apply after migrations
+-- have run; safe to re-apply (everything is idempotent).
+--
+-- Apply with:
+-- docker exec -i custos_db mariadb -uadmin -padmin custos \
+-- < dev-ops/compose/seeds/dev_users_and_roles.sql
+--
+-- The bootstrap super_admin role is NOT created here — set
+-- [email protected]
+-- before starting the server and it will be created idempotently on boot
+-- and granted to the user inserted below.
+
+SET NAMES utf8mb4;
+SET time_zone = '+00:00';
+
+-- ---------------------------------------------------------------------------
+-- Organization
+-- ---------------------------------------------------------------------------
+INSERT IGNORE INTO organizations (id, originated_id, name)
+VALUES ('dev-org', 'DEV-ORG', 'Custos Dev Org');
+
+-- ---------------------------------------------------------------------------
+-- Users (deterministic IDs so callers can paste them into the
X-Custos-User-Id header)
+-- ---------------------------------------------------------------------------
+INSERT IGNORE INTO users (id, organization_id, first_name, last_name,
middle_name, email, status)
+VALUES
+ ('dev-admin', 'dev-org', 'Admin', 'Dev', '',
'[email protected]', 'ACTIVE'),
+ ('dev-operator', 'dev-org', 'Operator', 'Dev', '',
'[email protected]', 'ACTIVE'),
+ ('dev-auditor', 'dev-org', 'Auditor', 'Dev', '',
'[email protected]', 'ACTIVE'),
+ ('dev-researcher', 'dev-org', 'Researcher', 'Dev', '',
'[email protected]', 'ACTIVE');
+
+-- ---------------------------------------------------------------------------
+-- Roles (deterministic UUIDs so API examples stay stable across re-applies)
+-- ---------------------------------------------------------------------------
+-- operator: AMIE + HPC read/write. Day-to-day operations of HPC + AMIE flows.
+INSERT IGNORE INTO roles (id, name, description, is_system)
+VALUES
+ ('11111111-1111-1111-1111-111111111111', 'operator', 'Day-to-day AMIE and
HPC operations (read + write)', 0),
+ ('22222222-2222-2222-2222-222222222222', 'auditor', 'Read-only access
across AMIE, HPC, and signer surfaces', 0);
+
+-- operator privileges
+INSERT IGNORE INTO role_privileges (role_id, privilege) VALUES
+ ('11111111-1111-1111-1111-111111111111', 'amie:read'),
+ ('11111111-1111-1111-1111-111111111111', 'amie:write'),
+ ('11111111-1111-1111-1111-111111111111', 'hpc:read'),
+ ('11111111-1111-1111-1111-111111111111', 'hpc:write');
+
+-- auditor privileges
+INSERT IGNORE INTO role_privileges (role_id, privilege) VALUES
+ ('22222222-2222-2222-2222-222222222222', 'amie:read'),
+ ('22222222-2222-2222-2222-222222222222', 'hpc:read'),
+ ('22222222-2222-2222-2222-222222222222', 'signer:read');
+
+-- ---------------------------------------------------------------------------
+-- Role assignments
+-- ---------------------------------------------------------------------------
+INSERT IGNORE INTO user_roles (user_id, role_id, granted_by, reason)
+VALUES
+ ('dev-operator', '11111111-1111-1111-1111-111111111111', 'dev-admin', 'dev
seed'),
+ ('dev-auditor', '22222222-2222-2222-2222-222222222222', 'dev-admin', 'dev
seed');
+
+-- dev-researcher holds no roles - used to exercise 403 paths from a
+-- low-privilege caller.
