airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AIRAVATA-2787) GatewayGroups model for storing adminsGroupId, readOnlyAdminsGroupId and defaultGatewayUsersGroupId
Date Thu, 10 May 2018 17:28:00 GMT

     [ https://issues.apache.org/jira/browse/AIRAVATA-2787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Marcus Christie updated AIRAVATA-2787:
--------------------------------------
    Description: 
Create a GatewayGroups thrift model and backend to store the ids of the "Admins", "Read Only
Admins" and the default "Gateway Users" group.  The "Admins" and "Read Only Admins" group
will be used in the API server to automatically grant access to WRITE and READ to those groups,
respectively, for newly created entities.  The default "Gateway Users" group will be used
by migrations (to keep track of previously migrated "Gateway Users" group and to share resources
that are being migrated to group-based auth) and also to pre-populate the list of groups to
share a new Group Resource Profile or Application Deployment with in UIs (but can be changed
by the user).

The AiravataDataMigrator should use the presence of this model to determine if the gateway
groups should be created or not.

TODO
* [ ] add GatewayGroups model and entity to GroupManagerService (seems like the best place
to put it)
* [ ] add GroupManagerService api methods to create/update/read the GatewayGroups
* [ ] only a member of the "Admins" group may update GatewayGroups, and the user must be a
member of the before and after "Admins" groups (if the "Admins" group is changing)
* [ ] How to create the GatewayGroups from the migration script? There is no AuthzToken.


  was:
Create a GatewayGroups thrift model and backend to store the ids of the "Admins", "Read Only
Admins" and the default "Gateway Users" group.  The "Admins" and "Read Only Admins" group
will be used in the API server to automatically grant access to WRITE and READ to those groups,
respectively, for newly created entities.  The default "Gateway Users" group will be used
by migrations (to keep track of previously migrated "Gateway Users" group and to share resources
that are being migrated to group-based auth) and also to pre-populate the list of groups to
share a new Group Resource Profile or Application Deployment with in UIs (but can be changed
by the user).

The AiravataDataMigrator should use the presence of this model to determine if the gateway
groups should be created or not.


> GatewayGroups model for storing adminsGroupId, readOnlyAdminsGroupId and defaultGatewayUsersGroupId
> ---------------------------------------------------------------------------------------------------
>
>                 Key: AIRAVATA-2787
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2787
>             Project: Airavata
>          Issue Type: New Feature
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
>
> Create a GatewayGroups thrift model and backend to store the ids of the "Admins", "Read
Only Admins" and the default "Gateway Users" group.  The "Admins" and "Read Only Admins" group
will be used in the API server to automatically grant access to WRITE and READ to those groups,
respectively, for newly created entities.  The default "Gateway Users" group will be used
by migrations (to keep track of previously migrated "Gateway Users" group and to share resources
that are being migrated to group-based auth) and also to pre-populate the list of groups to
share a new Group Resource Profile or Application Deployment with in UIs (but can be changed
by the user).
> The AiravataDataMigrator should use the presence of this model to determine if the gateway
groups should be created or not.
> TODO
> * [ ] add GatewayGroups model and entity to GroupManagerService (seems like the best
place to put it)
> * [ ] add GroupManagerService api methods to create/update/read the GatewayGroups
> * [ ] only a member of the "Admins" group may update GatewayGroups, and the user must
be a member of the before and after "Admins" groups (if the "Admins" group is changing)
> * [ ] How to create the GatewayGroups from the migration script? There is no AuthzToken.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message