Auth group -> Aerie role mapping

.github/workflows/ci.yml

@@ -20,9 +20,11 @@ jobs:
       packages: write
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - name: Setup node
+        uses: actions/setup-node@v3
         with:
-          node-version: '16.13.0'
+          node-version-file: '.nvmrc'
+          cache: npm
       - name: Install Dev Dependencies and Build
         run: |
           npm install

.github/workflows/lint.yml

@@ -15,13 +15,18 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - name: Setup node
+        uses: actions/setup-node@v3
         with:
-          node-version: '16.13.0'
+          node-version-file: '.nvmrc'
+          cache: npm
       - name: Install Dev Dependencies and Build
         run: |
           npm install
           npm run build
       - name: Lint
         run: |
           npm run lint
+      - name: Check formatting
+        run: |
+          npm run format:check

.github/workflows/test.yml

@@ -0,0 +1,29 @@
+name: Test
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - dev-[0-9]+.[0-9]+.[0-9]+
+  push:
+    branches:
+      - develop
+    tags:
+      - v*
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+      - name: Setup node
+        uses: actions/setup-node@v3
+        with:
+          node-version-file: '.nvmrc'
+          cache: npm
+      - name: Install Dependencies
+        run: npm ci
+      - name: Test
+        run: npm run test

.nvmrc

@@ -0,0 +1 @@
+20

docs/ENVIRONMENT.md

@@ -6,11 +6,12 @@ This document provides detailed information about environment variables for the
 | --------------------------- | ---------------------------------------------------------------------------------------------------- | -------- | ---------------------------------------------- |
 | `ALLOWED_ROLES`             | Allowed roles when authentication is enabled.                                                        | `array`  | ["user", "viewer"]                             |
 | `ALLOWED_ROLES_NO_AUTH`     | Allowed roles when authentication is disabled.                                                       | `array`  | ["aerie_admin", "user", "viewer"]              |
+| `AUTH_GROUP_ROLE_MAPPINGS`  | JSON object that maps auth provider groups to Aerie roles. See [SSO authentication docs][SSO authn]  | `JSON`   | {}                                             |
 | `AUTH_TYPE`                 | Mode of authentication. Set to `cam` to enable CAM authentication.                                   | `string` | none                                           |
 | `AUTH_URL`                  | URL of Auth provider's REST API. Used if the given `AUTH_TYPE` is not set to `none`.                 | `string` | https://atb-ocio-12b.jpl.nasa.gov:8443/cam-api |
 | `AUTH_UI_URL`               | URL of Auth provider's login UI. Returned to the UI if SSO token is invalid, so user is redirected   | `string` | https://atb-ocio-12b.jpl.nasa.gov:8443/cam-ui  |
 | `AUTH_SSO_TOKEN_NAME`       | The name of the SSO tokens the Gateway should parse cookies for. Likely found in auth provider docs. | `array`  | ["iPlanetDirectoryPro"]                        |
-| `DEFAULT_ROLE`              | Default role when authentication is enabled.                                                         | `array`  | user                                           |
+| `DEFAULT_ROLE`              | Default roles when authentication is enabled. See [SSO authorization docs][SSO authz] for details.   | `array`  | ["user"]                                       |
 | `DEFAULT_ROLE_NO_AUTH`      | Default role when authentication is disabled.                                                        | `array`  | aerie_admin                                    |
 | `GQL_API_URL`               | URL of GraphQL API for the GraphQL Playground.                                                       | `string` | http://localhost:8080/v1/graphql               |
 | `GQL_API_WS_URL`            | URL of GraphQL WebSocket API for the GraphQL Playground.                                             | `string` | ws://localhost:8080/v1/graphql                 |
@@ -29,3 +30,5 @@ This document provides detailed information about environment variables for the
 | `RATE_LIMITER_LOGIN_MAX`    | Max requests allowed every 15 minutes to login endpoints                                             | `number` | 1000                                           |
 
 [algorithms]: https://github.com/auth0/node-jsonwebtoken#algorithms-supported
+[SSO authn]: https://nasa-ammos.github.io/aerie-docs/deployment/advanced-authentication
+[SSO authz]: https://nasa-ammos.github.io/aerie-docs/deployment/advanced-permissions