Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hook up authz tuple writing to Minder server #2179

Merged
merged 1 commit into from
Jan 24, 2024
Merged

Conversation

JAORMX
Copy link
Contributor

@JAORMX JAORMX commented Jan 23, 2024

This hooks up the initial creation of tuples for authorization in the
server.

Tuples define the relationships between users and projects in minder via
a role.

The intent is for these to happen first, and roll them back if database
operations fail.

Closes: #1851
Closes: #1850

@JAORMX JAORMX requested a review from a team as a code owner January 23, 2024 10:06
evankanderson
evankanderson previously approved these changes Jan 23, 2024
Copy link
Member

@evankanderson evankanderson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming we'll have a separate PR to backfill all the existing projects after we commit this PR?

I'm wondering if we should have a single "contact user" stored with the organization for things like billing or getting in touch in the case of problems. WDYT? (That wouldn't block this PR.)

internal/controlplane/default_project.go Outdated Show resolved Hide resolved
internal/controlplane/default_project.go Outdated Show resolved Hide resolved
@JAORMX
Copy link
Contributor Author

JAORMX commented Jan 24, 2024

I'm assuming we'll have a separate PR to backfill all the existing projects after we commit this PR?

Yep! Though I'm wondering if it really needs a PR or if it can be a one-off script.

I'm wondering if we should have a single "contact user" stored with the organization for things like billing or getting in touch in the case of problems. WDYT? (That wouldn't block this PR.)

Are you thinking about user metadata? I think it's a good idea, but merits it's own design.

@JAORMX JAORMX force-pushed the authz-tuple-bootstrap branch 2 times, most recently from 2826fe7 to 5e86a21 Compare January 24, 2024 06:31
This hooks up the initial creation of tuples for authorization in the
server.

Tuples define the relationships between users and projects in minder via
a role.

The intent is for these to happen first, and roll them back if database
operations fail.
@JAORMX JAORMX force-pushed the authz-tuple-bootstrap branch from 5e86a21 to a5ffda1 Compare January 24, 2024 06:41
@JAORMX JAORMX requested a review from evankanderson January 24, 2024 07:01
@JAORMX JAORMX merged commit b8977a3 into main Jan 24, 2024
18 checks passed
@JAORMX JAORMX deleted the authz-tuple-bootstrap branch January 24, 2024 12:20
@evankanderson
Copy link
Member

I'm wondering if we should have a single "contact user" stored with the organization for things like billing or getting in touch in the case of problems. WDYT? (That wouldn't block this PR.)

Are you thinking about user metadata? I think it's a good idea, but merits it's own design.

I'm thinking about having a "business owner" for each org; we might want to have (for example) stored an email address that's durable even if the GitHub account is deleted. A design is probably not a bad idea, and it definitely shouldn't be part of this work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants