Configuring the ODS to load data into a non-sandbox TPDM instance
Background
To be able load data into an instance of the ODS a number of changes need to be made in the Ed-Fi Admin database. These changes include adding an application, vendor, users and api clients (which include keys and secrets) When the ODS is running in sandbox mode, the Sandbox Administration application will handle provisioning a sandbox database including adding an api client. With a production mode install, the creation of keys, secrets, vendors and api clients are generally handled by the Ed-Fi Admin App. The Admin App does not support TPDM education organizations (Universities and Teacher Preparation Providers) which means that it is not possible to create an application or api client for a vendor that needs to load TPDM education organization data. This also holds true for claim sets. The claim set editor within the Admin App only supports claims on Ed-Fi Core resources.
If you are a Local Education Agency or school and are planning on using TPDM entities (Performance Evaluation or Certification for example) you can still use the Admin App to provision keys and secrets.
Figure 1. Education Organization Support in Ed-Fi Admin App
Creating Keys, Secrets, Applications and Vendors for loading TPDM data
The platform team has provided a SQL statement for creating keys, secrets, applications and vendors that doesn't require the Admin App (and thus is perfect for TPDM)
You should replace the values for variables with values that fit your needs.
This SQL Statement will:
- Verify that the vendor 'Local Test Vendor' exists and will create a vendor if it doesn't exist
- Add 'uri://ed-fi.org' to the list of namespaces the vendor can load (if more than one prefix is needed for a given vendor, the SQL provided below will and another prefix for the vendor
- Verify that the user 'Local Test User' exists and is associated with the vendor or will create the user and associate it with the vendor if it exists
- Verify the application 'Local Test Application' exists and creates it if not.
- Associates the ClaimSet 'SIS Vendor' with the application 'Local Test Application'
- Verifies that the API Client 'Local Test Api Client' exists or will create it if it does not.
- Associates the key 'testkey', secret 'testsecret', and user 'Local Test User' to the API client 'Local Test Api Client'
- Associates the provided EducationOrganization '255901' with the API Client 'Local Test Api Client' (if the API client needs to data for more than one education organization, SQL is provided below
Associating additional Namspaces with a Vendor
There may be times that the vendor loading data will use multiple namespaces. Associating an additional namespace with a vendor can be accomplished by running the SQL command below
You should replace the values for variables with values that fit your needs. This SQL statement does not validate that the vendor exists and will fail if the supplied vendor name is incorrect or does not exist.
DECLARE @VendorName nvarchar(150) = 'Local Test Vendor' DECLARE @NamespacePrefix nvarchar (255) = 'uri://ed-fi.org' DECLARE @VendorId int SELECT @VendorId = VendorId FROM [dbo].[Vendors] WHERE VendorName = @VendorName INSERT INTO [dbo].[VendorNamespacePrefixes] (Vendor_VendorId, NamespacePrefix) VALUES (@VendorId, @NamespacePrefix)
Associating additional education organizations with an API Client
There may be times that an api client will need load data for multiple ed-orgs. Associating an additional education organization with an api client can be accomplished by running the SQL command below:
You should replace the values for variables with values that fit your needs. This SQL statement does not validate that the api client exists and will fail if the supplied client name is incorrect or does not exist.
DECLARE @ApiClientName nvarchar(50) = 'Local Test Api Client' DECLARE @EducationOrganizationId int = 255901 DECLARE @ApplicationEducationOrganizationId int DECLARE @ApiClientId int DECLARE @ApplicationId int SELECT @ApiClientId = ApiClientId FROM [dbo].[ApiClients] WHERE Application_ApplicationId = @ApplicationId AND [Name] = @ApiClientName INSERT INTO [dbo].[ApplicationEducationOrganizations] (EducationOrganizationId, Application_ApplicationId) VALUES (@EducationOrganizationId, @ApplicationId) SELECT @ApplicationEducationOrganizationId = SCOPE_IDENTITY() INSERT INTO [dbo].[ApiClientApplicationEducationOrganizations] (ApplicationEducationOrganization_ApplicationEducationOrganizationId, ApiClient_ApiClientId) VALUES (@ApplicationEducationOrganizationId, @ApiClientId)
Creating a Claimset for TPDM
The following code will create a claimset through SQL for TPDM. Replace the ClaimSetName value with the name of the new claimset and adjust the values on the line 'WHERE ResourceName in ...' to the resources that are in the claimset. This will add Resource claims to the claimset for all CRUD opperations.
---- SQL Server ---- DECLARE @ApplicationId INT; DECLARE @ClaimSetId INT; DECLARE @ResourceName VARCHAR(2048); DECLARE @ClaimSetName VARCHAR(255); SET @ClaimSetName = 'YOUR CLAIMSET NAME HERE'; SELECT @ApplicationId = ApplicationId FROM [dbo].[Applications] WHERE ApplicationName = 'Ed-Fi ODS API'; INSERT INTO [dbo].[ClaimSets] (ClaimSetName, Application_ApplicationId) VALUES (@ClaimSetName, @ApplicationId); SELECT @ClaimSetId = (SELECT ClaimSetId FROM [dbo].[ClaimSets] WHERE ClaimSetName = @ClaimSetName); INSERT INTO [dbo].[ClaimSetResourceClaims] ([Action_ActionId] ,[ClaimSet_ClaimSetId] ,[ResourceClaim_ResourceClaimId] ,[AuthorizationStrategyOverride_AuthorizationStrategyId] ,[ValidationRuleSetNameOverride]) SELECT ac.ActionId, @ClaimSetId, ResourceClaimId, null, null FROM [dbo].[ResourceClaims] CROSS APPLY (SELECT ActionId FROM [dbo].[Actions] WHERE ActionName IN ('Create','Read','Update','Delete')) AS ac WHERE ResourceName IN ('teacherCandidate', 'evaluationRating'); -- Replace teacherCandidate and evaluationRating with appropriate resource claims ---- PostgreSQL ---- do $$ declare v_applicationId integer; v_claimSetId integer; v_resourceName VARCHAR(2048); v_claimSetName VARCHAR(255); begin v_claimSetName = 'Test TPDM Claimset'; -- Replace this with the new Claimset name SELECT ApplicationId INTO v_applicationId FROM dbo.Applications WHERE ApplicationName = 'Ed-Fi ODS API'; INSERT INTO dbo.ClaimSets (ClaimSetName, Application_ApplicationId) VALUES (v_claimSetName, v_applicationId); SELECT ClaimSetId INTO v_claimSetId FROM dbo.ClaimSets WHERE ClaimSetName = v_claimSetName; INSERT INTO dbo.ClaimSetResourceClaims (Action_ActionId ,ClaimSet_ClaimSetId ,ResourceClaim_ResourceClaimId ,AuthorizationStrategyOverride_AuthorizationStrategyId ,ValidationRuleSetNameOverride) SELECT ac.ActionId, v_claimSetId, ResourceClaimId, null, null FROM dbo.ResourceClaims CROSS JOIN LATERAL (SELECT ActionId FROM dbo.Actions WHERE ActionName in ('Create', 'Read', 'Update', 'Delete')) as ac WHERE ResourceName IN ('teacherCandidate', 'evaluationRating'); -- Replace teacherCandidate and evaluationRating with the resources for Claimset end; $$