[
https://issues.apache.org/jira/browse/FC-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15523601#comment-15523601
]
ASF GitHub Bot commented on FC-144:
-----------------------------------
GitHub user vvakhlyuev-work opened a pull request:
https://github.com/apache/directory-fortress-core/pull/6
FC-144/assign roles for groups
There're certain situations where userId is not known to the tenant.
Possible use case here is federated and multi-tenant login into
openstack via keystone. This commit allows to create a Session with
Group, map the Group to a Role(s) inside the tenant's domain and
check Session' Permissions.
Resolves [FC-144](https://issues.apache.org/jira/browse/FC-144)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/vvakhlyuev-work/directory-fortress-core
FC-144/assign-roles-for-groups
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/directory-fortress-core/pull/6.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #6
----
commit 098f0a37b69be2cf76fa8d6e23ef3d250ccf58fc
Author: Vyacheslav Vakhlyuev <[email protected]>
Date: 2016-08-28T18:45:13Z
FC-144 Use Groups of Roles to create Sessions
There're certain situations where userId is not known to the tenant.
Possible use case here is federated and multi-tenant login into
openstack via keystone. This commit allows to create a Session with
Group, map the Group to a Role(s) inside the tenant's domain and
check Session' Permissions.
There's still more work to do:
- REST Implementation of managers
- Add new unit-tests
- Update Console managers with new functionality
commit 252e6116933c7d37d53159c304fdb1e309a97aa1
Author: Vyacheslav Vakhlyuev <[email protected]>
Date: 2016-09-23T14:17:38Z
FC-144 Use Groups of Roles to create Sessions
* Modified GroupMgr to support SSD and DSD constraints for roles assignment
* Added tests for new GroupMgr methods
* Updated info needed by EnMasse project (HttpIds etc.)
----
> Ability to assign groups to roles
> ---------------------------------
>
> Key: FC-144
> URL: https://issues.apache.org/jira/browse/FC-144
> Project: FORTRESS
> Issue Type: Improvement
> Affects Versions: 1.0.1
> Reporter: Florin Stingaciu
> Assignee: Vyacheslav Vakhlyuev
> Fix For: 1.0.2
>
>
> We are currently working on performing an integration between Openstack
> Keystone and Fortress Core. We will use Fortress as the authorization backend
> for the rest of Openstack. We have managed to map most of the current
> functionality in Openstack within the Fortress schema except for the ability
> to assign roles to a group.
> I've spoken with [~smckinney], and he determined this improvement is a
> feasible addition to Fortress's feature set. After a number of back and
> forths, we have come up with the following requirements as API additions:
> * Session createSession (Group group, boolean isTrusted);
> * void assignGroup ( Group group, Role role );
> * List<Group> roleGroups ( Role role );
> * List<Role> groupRoles ( Group group );
> * the ability to use the above session with checkAccess(Session session,
> Permission perm)
> We also discussed temporal constrains for group to role assignment. Temporal
> constrains will not be utilized as this functionality has not been defined in
> Openstack.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
