directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FC-144) Ability to assign groups to roles
Date Mon, 26 Sep 2016 16:58:20 GMT

    [ https://issues.apache.org/jira/browse/FC-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15523601#comment-15523601
] 

ASF GitHub Bot commented on FC-144:
-----------------------------------

GitHub user vvakhlyuev-work opened a pull request:

    https://github.com/apache/directory-fortress-core/pull/6

    FC-144/assign roles for groups

    There're certain situations where userId is not known to the tenant.
      Possible use case here is federated and multi-tenant login into
      openstack via keystone.  This commit allows to create a Session with
      Group, map the Group to a Role(s) inside the tenant's domain and
      check Session' Permissions.
    
    Resolves [FC-144](https://issues.apache.org/jira/browse/FC-144)

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vvakhlyuev-work/directory-fortress-core FC-144/assign-roles-for-groups

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/directory-fortress-core/pull/6.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #6
    
----
commit 098f0a37b69be2cf76fa8d6e23ef3d250ccf58fc
Author: Vyacheslav Vakhlyuev <vvakhlyuev@mirantis.com>
Date:   2016-08-28T18:45:13Z

    FC-144 Use Groups of Roles to create Sessions
    
     There're certain situations where userId is not known to the tenant.
      Possible use case here is federated and multi-tenant login into
      openstack via keystone.  This commit allows to create a Session with
      Group, map the Group to a Role(s) inside the tenant's domain and
      check Session' Permissions.
    
      There's still more work to do:
      - REST Implementation of managers
      - Add new unit-tests
      - Update Console managers with new functionality

commit 252e6116933c7d37d53159c304fdb1e309a97aa1
Author: Vyacheslav Vakhlyuev <vvakhlyuev@mirantis.com>
Date:   2016-09-23T14:17:38Z

    FC-144 Use Groups of Roles to create Sessions
    
    * Modified GroupMgr to support SSD and DSD constraints for roles  assignment
    * Added tests for new GroupMgr methods
    * Updated info needed by EnMasse project (HttpIds etc.)

----


> Ability to assign groups to roles
> ---------------------------------
>
>                 Key: FC-144
>                 URL: https://issues.apache.org/jira/browse/FC-144
>             Project: FORTRESS
>          Issue Type: Improvement
>    Affects Versions: 1.0.1
>            Reporter: Florin Stingaciu
>            Assignee: Vyacheslav Vakhlyuev
>             Fix For: 1.0.2
>
>
> We are currently working on performing an integration between Openstack Keystone and
Fortress Core. We will use Fortress as the authorization backend for the rest of Openstack.
We have managed to map most of the current functionality in Openstack within the Fortress
schema except for the ability to assign roles to a group. 
> I've spoken with [~smckinney], and he determined this improvement is a feasible addition
to Fortress's feature set. After a number of back and forths, we have come up with the following
requirements as API additions:
> * Session createSession (Group group, boolean isTrusted);
> * void assignGroup ( Group group, Role role );
> * List<Group> roleGroups ( Role role );
> * List<Role> groupRoles ( Group group );
> * the ability to use the above session with checkAccess(Session session, Permission perm)
> We also discussed temporal constrains for group to role assignment. Temporal constrains
will not be utilized as this functionality has not been defined in Openstack.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message