Implementing a AWS cloud directory user store extension for WSO2 IS using REST API

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Implementing a AWS cloud directory user store extension for WSO2 IS using REST API

Biruntha
Hi All,

I'm working on $Subject. This extension will allow users to use AWS cloud directory[1] as the user store for product IS using REST API [2]. Cloud Directory is a specialized graph-based directory store that provides a foundational building block for developers. With Cloud Directory, we can organize directory objects into multiple hierarchies to support many organizational pivots and relationships across directory information.

For this user store chart, I have created a hierarchy as shown in the following image [3]. The first step in using Cloud Directory is to define a schema [4], which describes the data that will be stored in the directory. In my case, I define the schema by providing a JSON. The schema has four facets: GROUP [5], UM_USER [6], UM_ROLE [7], UM_USER_ATTRIBUTE [8].


Steps to create user store chart in AWS cloud directory


For the user management related things I have planned to add UM_USER, UM_ROLE, UM_USER_ATTRIBUTE objects and their attributes as an initial step.

  1. Create a directory by using the schema I just published.

  2. Create UM_USER, UM_ROLE, UM_USER_ATTRIBUTE group objects with object type as NODE (with GROUP facet), which are created under the root node of the directory.

  3. Create user objects for User_1 and User_2 with object type as LEAF_NODE under the UM_USER (NODE) group (with UM_USER facet), role objects for Role_1 and Role_2 with object type as  LEAF_NODE under the UM_ROLE (NODE) group (with UM_ROLE facet), user attribute objects for Attribute_1 and Attribute_2 with object type as LEAF_NODE under the UM_USER_ATTRIBUTE (NODE) group (with UM_USER_ATTRIBUTE facet).

  4. When creating the user objects under UM_USER Node, I define attribute values for UM_USER_NAME, UM_USER_PASSWORD, UM_SALT_VALUE, UM_REQUIRE_CHANGE, UM_CHANGED_TIME, UM_TENANT_ID.

  5. When creating the role objects under UM_ROLE Node, I define attribute values for UM_ROLE_NAME, UM_TENANT_ID, UM_SHARED_ROLE.

  6. When creating the user attribute objects under UM_USER_ATTRIBUTE Node, I define attribute values for UM_ATTR_NAME, UM_ATTR_VALUE, UM_PROFILE_NAME, UM_TENANT_ID.

  7. To create unique objects under each Node,

    1. For user object - I'm creating child link as (c)/(d) with the link name userName + tenantId. So with this link name we can add unique objects with userName and tenantId combination.

    2. For role object - I'm creating child link as (e)/(f) with the link name roleName + tenantId

    3. For user attribute object -  I'm creating child link as (g)/(h) with the link name profileName + attributeName + tenantId

  1. To create object-to-object relationships across hierarchies (In here user to role and user to user attribute relationships), I'm using typed links for this as in below image [3]. Here we can have a set of attributes on the links to store additional information about the relationship between the source object and the destination object. Typed links help to maintain referential data integrity by ensuring objects with existing relationships to other objects are not deleted inadvertently.

  2. For user to role relationship, Create Typed link as (L1)/(L3)/(L4) with attributes UM_USER_NAME, UM_TENANT_ID, UM_ROLE_NAME.

10. For user to user attributes relationship, Create Typed link as (L2) with attributes UM_USER_NAME, UM_TENANT_ID, UM_PROFILE_NAME, UM_ATTR_NAME.


Any comments and suggestions would be appreciated.



[4] https://docs.aws.amazon.com/directoryservice/latest/admin-guide/cd_schemas.html
[5]
{
"Attributes": [
{
"AttributeDefinition": {
"IsImmutable": true,
"Type": "STRING"
},
"Name": "Name",
"RequiredBehavior": "REQUIRED_ALWAYS"
}
],
"Name": "GROUP",
"ObjectType": "NODE"
}
[6]
{
"Attributes": [
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_USER_NAME",
"RequiredBehavior": "REQUIRED_ALWAYS"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_USER_PASSWORD",
"RequiredBehavior": "REQUIRED_ALWAYS"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_SALT_VALUE",
"RequiredBehavior": "REQUIRED_ALWAYS"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_REQUIRE_CHANGE",
"RequiredBehavior": "NOT_REQUIRED"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_CHANGED_TIME",
"RequiredBehavior": "NOT_REQUIRED"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_TENANT_ID",
"RequiredBehavior": "REQUIRED_ALWAYS"
}
],
"Name": "UM_USER",
"ObjectType": "LEAF_NODE"
}

[7]
{
"Attributes": [
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_ROLE_NAME",
"RequiredBehavior": "REQUIRED_ALWAYS"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_TENANT_ID",
"RequiredBehavior": "REQUIRED_ALWAYS"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_SHARED_ROLE",
"RequiredBehavior": "REQUIRED_ALWAYS"
}
],
"Name": "UM_ROLE",
"ObjectType": "LEAF_NODE"
}

[8]
{
"Attributes": [
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_ATTR_NAME",
"RequiredBehavior": "REQUIRED_ALWAYS"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_ATTR_VALUE",
"RequiredBehavior": "REQUIRED_ALWAYS"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_PROFILE_NAME",
"RequiredBehavior": "REQUIRED_ALWAYS"
},
{
"AttributeDefinition": {
"IsImmutable": false,
"Type": "STRING"
},
"Name": "UM_TENANT_ID",
"RequiredBehavior": "REQUIRED_ALWAYS"
}
],
"Name": "UM_USER_ATTRIBUTE",
"ObjectType": "LEAF_NODE"
}

Thanks,

--
Biruntha

Software Engineer
WSO2
Email: [hidden email]
Mobile : +94773718986

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture