System Initialization
- Loganathan Shanmugam
- Shailesh Kochhar
Background & Existing Solution
In the existing Sunbird installation we face a 'user-org' circular dependency issue as described in SB-2602 - Getting issue details... STATUS
At present we create a default rootOrg manually and set it to sunbird env (key : sunbird_default_channel) with the help of the keycloak user-manger user account. However, this keycloak user has no corresponding Sunbird account which leaves a dangling reference when creating the first rootOrg. We should not rely on user who is not the part of sunbird (keycloak user) to create the default rootOrg. In addition, this solution adds complication for a Sunbird Adopter who wants to install and configure sunbird on their own server/machine.
Proposed Solution
We propose a new step 'Initialisation' after successful installation and configuration of sunbird. As a part of Initialisation we should create the first rootOrg using Initialize API which doesn't require any user token.
Initialise API
- This Initialise API will create the first rootOrg in the system.The request body structure of the api should be like the one below :
POST - /v1/system/init/rootOrg
Request Object structure
{
"request": { "orgName": string, // Mandatory
"channel": string // Mandatory } }
2.This Initialize API should be invoked through the curl command by the adopter.(Necessary changes should be made to the Developer Documentation with this instructions)
3. Once first rootOrg is created successfully then, add a field 'isRootOrgInitialized' with value 'true' to system settings.If 'isRootOrgInitialized' field in system settings is true already, initialisation should not happen and INITIALIZE api should respond with appropriate error message(http response code: 400).
Notes:
- In terms of security,As we don't have any user data in the system,we need to validate the client request for Initialise API is from the trusted hosts through the origin headers in the request.
- Values for fields createdby to be set to 'Initializer', isdefault to be set to true for organisation by the system.
- If this default rootOrg is retired(deleted),then field 'isRootOrgInitialized' should be set to false in system settings.
Conclusion
Using the channel of rootOrg created by the above Initialise API ,we can add users through existing Create User API.Also we can eliminate the environmental variable dependency('sunbird_default_channel') for getting the default channel by reading this created rootOrg channel from organisation table.