h icon indicating copy to clipboard operation
h copied to clipboard

Published 20 hours ago verified publisher icon hypothesis

Allow LMS authorities other than `lms.hypothes.is`

Open jon-betts opened this issue 3 years ago • 1 comments

For: https://github.com/hypothesis/h/issues/6712 Related to: https://github.com/hypothesis/playbook/issues/683

To allow multi-region hosting we want to use different authorities for the CA region LMS instance. For example lms.ca.hypothes.is.

We should:

  • Allow a pattern rather than a fixed value in h
  • Potentially allow all *.hypothes.is values to translate into a principal?
  • Do we want to map the value to an LMS principal rather than the exact value?
  • Ensure we can use an LMS instance end-to-end with the new authority value (this should exercise h-api which looks fine at a quick look)

Implementation notes

The next authority is: lms.ca.hypothes.is

LMS and h-api look to be authority agnostic, but there might be some hidden hard codings. There are plenty of mentions, but I think they are all tests and examples. It might be worth expanding the examples or tests to have a few examples of different authorities.

h has a few hard coded places:

  • h.models.groups - Uses it to derive the ACLs
  • h.services.bulk_executor._executor - Is parameterised but is currently only using the default. We should think about whether h should be able to accept multiple LMSs at once?
  • h.views.api.bulk - The entry point where the object is constructed
  • h.traversal.roots.BulkAPIRoot

jon-betts avatar Jun 17 '21 12:06 jon-betts

For: #6712 Related to: https://github.com/hypothesis/playbook/issues/683

To allow multi-region hosting we want to use different authorities for the CA region LMS instance. For example lms.ca.hypothes.is.

We should:

  • Allow a pattern rather than a fixed value in h
  • Potentially allow all *.hypothes.is values to translate into a principal?
  • Do we want to map the value to an LMS principal rather than the exact value?
  • Ensure we can use an LMS instance end-to-end with the new authority value (this should exercise h-api which looks fine at a quick look)

Implementation notes

The next authority is: lms.ca.hypothes.is

LMS and h-api look to be authority agnostic, but there might be some hidden hard codings. There are plenty of mentions, but I think they are all tests and examples. It might be worth expanding the examples or tests to have a few examples of different authorities.

h has a few hard coded places:

  • h.models.groups - Uses it to derive the ACLs
  • h.services.bulk_executor._executor - Is parameterised but is currently only using the default. We should think about whether h should be able to accept multiple LMSs at once?
  • h.views.api.bulk - The entry point where the object is constructed
  • h.traversal.roots.BulkAPIRoot

JayLyons85 avatar Jul 06 '21 12:07 JayLyons85