waiverdb

Clone

#334 Store PERMISSION_MAPPING in database
Closed: Invalid 5 years ago by lholecek. Opened 5 years ago by lholecek.

Closed: Invalid
Reopen Issue

Changing PERMISSION_MAPPING requires re-rolling the web pods in OpenShift manually.

Since this may be done more frequently in future, it would be simpler to store the permissions in WaiverDB database.

This would probably require new API endpoint to add and remove permissions and initial set of people or an LDAP group with permission to access the endpoint.

These things need to be figured out first:

  • List of admins in configuration OR also in DB?
  • Use a Python library to handle permissions?
  • Schema for the new DB table(s) (users, groups, permissions)
  • New endpoint name(s), attributes and methods (POST, DELETE, UPDATE)

List of admins in configuration OR also in DB?

The issue with tracking permissions in the DB is that it makes it more difficult for users to request access. When this is done in a configuration file store in git, for example, users can submit a PR requesting access. This also has the benefit of having an audit trail of who gave access to who and potentially why.

Use a Python library to handle permissions?

The ones I've seen so far require modeling the user in an internal table. We could do some sort of auto-add/update on each request.
Edited 5 years ago by lucarval

@yashn suggested dropping this issue and re-opening it if it becomes a problem. Sounds OK to me. Fixing this would required a lot of effort.

I might still want to change the format of the mapping at least. But let's see how it grows in future.

Metadata Update from @lholecek:
- Issue close_status updated to: Invalid
- Issue status updated to: Closed (was: Open)
5 years ago

Log in to comment on this ticket.

Metadata
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.