-
Notifications
You must be signed in to change notification settings - Fork 930
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth: Redefine identity certificate entity types to prevent overlap #14173
Merged
tomponline
merged 9 commits into
canonical:main
from
markylaing:split-identity-certificate-entity-types
Sep 30, 2024
Merged
Auth: Redefine identity certificate entity types to prevent overlap #14173
tomponline
merged 9 commits into
canonical:main
from
markylaing:split-identity-certificate-entity-types
Sep 30, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…s by identity type. Signed-off-by: Mark Laing <[email protected]>
markylaing
changed the title
Auth: Split identity certificate entity types
Auth: Redefine identity certificate entity types to prevent overlap
Sep 27, 2024
markylaing
force-pushed
the
split-identity-certificate-entity-types
branch
from
September 30, 2024 08:32
7736f43
to
fab42d3
Compare
markylaing
force-pushed
the
split-identity-certificate-entity-types
branch
from
September 30, 2024 08:46
fab42d3
to
e203347
Compare
tomponline
reviewed
Sep 30, 2024
tomponline
reviewed
Sep 30, 2024
tomponline
reviewed
Sep 30, 2024
tomponline
reviewed
Sep 30, 2024
tomponline
reviewed
Sep 30, 2024
Signed-off-by: Mark Laing <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
This is required so that non- fine-grained identities are still visible via the identities API, but not editable. Signed-off-by: Mark Laing <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
…lse`. Signed-off-by: Mark Laing <[email protected]>
This function could be misused if the given permission slice contains permissions that reference a different group ID. This change enforces that calls to this function can only affect one group. Signed-off-by: Mark Laing <[email protected]>
With the change to `SetAuthGroupPermissions`, we no longer need to set the group ID in each permission in the slice. Signed-off-by: Mark Laing <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
markylaing
force-pushed
the
split-identity-certificate-entity-types
branch
from
September 30, 2024 12:37
e203347
to
9b75840
Compare
tomponline
approved these changes
Sep 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR redefines the
identity
andcertificate
entity types such that acertificate
is considered to be any existing certificate type (e.g. client, metrics, server) and anidentity
is any identity whose permissions are managed via group membership.Closes #13372
Opening as draft as I would like to perform more testing on the patch before merging.