{"id":20629672,"url":"https://github.com/agile-lab-dev/witboost-hasura-auth-webhook-role-mapper","last_synced_at":"2025-07-22T09:09:24.587Z","repository":{"id":213865399,"uuid":"734434764","full_name":"agile-lab-dev/witboost-hasura-auth-webhook-role-mapper","owner":"agile-lab-dev","description":null,"archived":false,"fork":false,"pushed_at":"2024-11-07T09:32:28.000Z","size":252,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-15T18:52:45.578Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/agile-lab-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-21T17:09:26.000Z","updated_at":"2024-11-07T09:32:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"7ed00008-a3e9-4bcf-9613-40a776b2e199","html_url":"https://github.com/agile-lab-dev/witboost-hasura-auth-webhook-role-mapper","commit_stats":null,"previous_names":["agile-lab-dev/witboost-hasura-auth-webhook-role-mapper"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/agile-lab-dev/witboost-hasura-auth-webhook-role-mapper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agile-lab-dev%2Fwitboost-hasura-auth-webhook-role-mapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agile-lab-dev%2Fwitboost-hasura-auth-webhook-role-mapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agile-lab-dev%2Fwitboost-hasura-auth-webhook-role-mapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agile-lab-dev%2Fwitboost-hasura-auth-webhook-role-mapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/agile-lab-dev","download_url":"https://codeload.github.com/agile-lab-dev/witboost-hasura-auth-webhook-role-mapper/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agile-lab-dev%2Fwitboost-hasura-auth-webhook-role-mapper/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266463432,"owners_count":23932899,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T14:05:37.156Z","updated_at":"2025-07-22T09:09:24.554Z","avatar_url":"https://github.com/agile-lab-dev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cbr/\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://www.witboost.com/\"\u003e\n \u003cimg src=\"docs/img/witboost_logo.svg\" alt=\"witboost\" width=600 \u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\u003cbr/\u003e\n\nDesigned by [Agile Lab](https://www.agilelab.it/), Witboost is a versatile platform that addresses a wide range of sophisticated data engineering challenges. It enables businesses to discover, enhance, and productize their data, fostering the creation of automated data platforms that adhere to the highest standards of data governance. Want to know more about Witboost? Check it out [here](https://www.witboost.com/) or [contact us!](https://witboost.com/contact-us)\n\nThis repository is part of our [Starter Kit](https://github.com/agile-lab-dev/witboost-starter-kit) meant to showcase Witboost's integration capabilities and provide a \"batteries-included\" product.\n\n# Hasura Authentication Webhook and Role Mapper\n\n- [Overview](#overview)\n- [Building](#building)\n- [Running](#running)\n- [Configuring](#configuring)\n- [Deploying](#deploying)\n- [HLD](#hld)\n- [API specification](hasura-authenticationwebhook-rolemapping-service/openapi-specification.yml)\n\n## Overview\n\nThis Python microservice implements an Authentication Webhook and Role Mapping service for GraphQL Output Ports based on Hasura. It is used by the corresponding [Hasura Specific Provisioner](https://github.com/agile-lab-dev/witboost-hasura-specific-provisioner).\n\n### Hasura\n\n[Hasura](https://hasura.io/) is an open-source, real-time GraphQL engine that simplifies and accelerates API development for web and mobile applications. It connects to your data sources like databases or REST services and automatically generates a GraphQL API, making it easier to query and manipulate data. Hasura's real-time capabilities enable instant updates to clients when data changes, enhancing the responsiveness of applications. It's a popular tool for developers looking to streamline the process of building dynamic and interactive applications by providing a unified and efficient way to access, manage, and synchronize data.\n\n### Software stack\n\nThis microservice is written in Python 3.11, using FastAPI for the HTTP layer. Project is built with Poetry and supports packaging as Wheel and Docker image, ideal for Kubernetes deployments (which is the preferred option).\n\n### Repository structure\n\nThe Python project for the microservice is in the `hasura-authenticationwebhook-rolemapping-service` subdirectory; this is probably what you're interested in. It contains the code, the tests, the docs, etc.\n\nThe rest of the contents of the root of the repository are mostly support scripts and configuration files for the GitLab CI, gitignore, etc.\n\n## Building\n\n**Requirements:**\n\n- Python 3.11\n- Poetry\n\n### Setup the Python environment\n\nTo set up a Python environment we use [Poetry](https://python-poetry.org/):\n```\ncurl -sSL https://install.python-poetry.org | python3 -\n```\n\n\u003e 📝 If you are on Windows, you probably want to use pipx instead:\n\u003e ```\n\u003e pipx install poetry\n\u003e ```\n\nOnce Poetry is installed and in your `$PATH`, you can execute the following:\n```\npoetry --version\n```\nIf you see something like `Poetry (version x.x.x)`, your install is ready to use!\n\nInstall the dependencies defined in `hasura-authenticationwebhook-rolemapping-service/pyproject.toml`:\n```\ncd hasura-authenticationwebhook-rolemapping-service\npoetry install\n```\nPoetry automatically creates a Python virtual environment in which the packages are installed; make sure to read the next section to enable it.\n\n\u003e 📝 If you are on Windows, you may get an error about Visual C++ missing; follow the instructions provided by Poetry to fix it.\n\n### Use the Python environment\n\nYou just need to enable the Python virtual environment (venv) generated by Poetry:\n```\nsource $(poetry env info --path)/bin/activate\n```\nAs with any Python venv, your shell prompt will change to reflect the active venv.\n\nYou can also use:\n```\npoetry shell\n```\nWhich spawns a subshell in the virtual environment; it is slighly different than the command above as this is not a login shell, hence your shell's profile file will likely be ignored.\n\n### Setup the pre-commit hooks\n\nSimply run:\n```\npre-commit install\n```\nIn case you need to commit and skip the pre-commit checks (eg, to push WIP code, or to test that the CI catches formatting issues), you can pass the `--no-verify` flag to `git commit`.\n\n### Setup PyCharm\n\nThe recommended IDE is PyCharm, though other ones should work just fine.\n\nIn order to import the project, use the standard \"Open...\" dialog and point PyCharm to the `hasura-authenticationwebhook-rolemapping-service` subdirectory, *not the repository root*. This ensures that PyCharm correctly identifies this as a Poetry project and prompts you to set it up as such.\n\n### Docker build\n\nThe Docker image can be built with:\n\n```\ndocker build .\n```\n\nMore details can be found [here](hasura-authenticationwebhook-rolemapping-service/docs/docker.md).\n\n### Additional notes\n\n**Application version:** the version for the project is automatically computed using information gathered from Git, using branch name and tags. Unless you are on a release branch `1.2.x` or a tag `v1.2.3` it will end up being `0.0.0`. You can follow this branch/tag convention or update the version computation to match your preferred strategy.\n\n**CI/CD:** the pipeline is based on GitLab CI as that's what we use internally. It's configured by the `.gitlab-ci.yaml` file in the root of the repository. You can use that as a starting point for your customizations.\n\n## Running\n\nTo run the server locally, use:\n\n```bash\ncd hasura-authenticationwebhook-rolemapping-service\nsource $(poetry env info --path)/bin/activate # only needed if venv is not already enabled\nuvicorn src.main:app --host 127.0.0.1 --port 8092\n```\n\nBy default, the server binds to port 8092 on localhost. After it's up and running you can make provisioning requests to this address. You can also check the API documentation served [here](http://127.0.0.1:8092/docs).\n\n## Configuring\n\nApplication configurations are handled with environment variables:\n\n| Environment Variable | Description |\n|----------------------------------|------------------------------------------------------------------------------------|\n| GRAPHQL_URL | URL of the Hasura instance |\n | GRAPHQL_ROLE | Role to use when performing actions on Hasura |\n| GRAPHQL_ADMIN_SECRET | Admin secret for the Hasura instance | \n| JWKS_URL | JWKS URL, eg \"https://login.microsoftonline.com/common/discovery/v2.0/keys\" |\n | JWT_AUDIENCE | JWT audience, eg \"https://management.core.windows.net/\" |\n | JWT_ALGORITHMS | JWT algorithms, eg `[\\\"RS256\\\", \\\"RS512\\\"] |\n | JWT_OPTIONS | JWT options, eg `\"{\\\"verify_exp\\\": true,\\\"require\\\": [\\\"exp\\\", \\\"iat\\\"]}\"` |\n | AZURE_SCOPES | For Azure AD JWTs; the JWT scopes, eg `[\\\"https://graph.microsoft.com/.default\\\"]` |\n| AZURE_TENANT_ID | For Azure AD JWTs; the tenant id | \n| AZURE_CLIENT_ID | For Azure AD JWTs; the client id | \n| AZURE_CLIENT_SECRET | For Azure AD JWTs; the client secret |\n | AUTHORIZATION_HEADER_FIELD_NAMES | List of headers fields to use, eg: `\"[\\\"authorization\\\", \\\"Authorization\\\"]\"` |\n | ROLEMAPPING_TABLE_SCHEMA | Schema for the role mapping table on the database, eg \"rolemapping\" |\n\nThose environment variables are already templated in the Helm chart (see below). Customize them according to your needs.\n\nLogging is handled with the native Python logging module. The Helm chart provides a default [logging.yaml](helm/files/logging.yaml) that you can override. Check out the [Helm docs](helm/README.md) for details.\n\nTo configure the `OpenTelemetry framework` refer to the [OpenTelemetry Setup](hasura-authenticationwebhook-rolemapping-service/docs/opentelemetry.md).\n\n## Deploying\n\nThis microservice is meant to be deployed to a Kubernetes cluster with the included Helm chart and the scripts that can be found in the `helm` subdirectory. You can find more details [here](helm/README.md).\n\n## HLD\n\nRefer to the HLD for the corresponding Specific Provisioner [here](https://github.com/agile-lab-dev/witboost-hasura-specific-provisioner/docs/HLD.md).\n\n## License\n\nThis project is available under the [Apache License, Version 2.0](https://opensource.org/licenses/Apache-2.0); see [LICENSE](LICENSE) for full details.\n\n## About Witboost\n\n[Witboost](https://witboost.com/) is a cutting-edge Data Experience platform, that streamlines complex data projects across various platforms, enabling seamless data production and consumption. This unified approach empowers you to fully utilize your data without platform-specific hurdles, fostering smoother collaboration across teams.\n\nIt seamlessly blends business-relevant information, data governance processes, and IT delivery, ensuring technically sound data projects aligned with strategic objectives. Witboost facilitates data-driven decision-making while maintaining data security, ethics, and regulatory compliance.\n\nMoreover, Witboost maximizes data potential through automation, freeing resources for strategic initiatives. Apply your data for growth, innovation and competitive advantage.\n\n[Contact us](https://witboost.com/contact-us) or follow us on:\n\n- [LinkedIn](https://www.linkedin.com/showcase/witboost/)\n- [YouTube](https://www.youtube.com/@witboost-platform)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagile-lab-dev%2Fwitboost-hasura-auth-webhook-role-mapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fagile-lab-dev%2Fwitboost-hasura-auth-webhook-role-mapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagile-lab-dev%2Fwitboost-hasura-auth-webhook-role-mapper/lists"}