Re: BOSH role-based authentication and session limit
|
Dmitriy Kalinin
inline
On Wed, Jul 8, 2015 at 1:20 AM, lexsys <aleksey.zalesov(a)altoros.com> wrote: Hello!currently bosh users are managed by the director. we just finished implementing uaa integration in the director which will move user management into uaa. we are waiting for uaa team to finish creating an official uaa release so it can be collocated with the director. once that's done you will be able to configure director to use uaa and will be able to limit users to be an admin or a readonly user. so that's a start in terms of permissions. we did discuss deployment permissions before; however, have not scheduled to implement it yet. with uaa it will be possible to add certain checks to the director to limit deployment visibility based on scopes. see https://github.com/cloudfoundry/bosh-notes/blob/master/uaa.md for more info: * Users can modify certain deployments that already exist and new ones that they create (i.e. tagged deployments) - covered by `bosh.<DIRECTOR-UUID>.deployments-tag.<TAG>.admin` - Example: service broker is given a client id/secret and a tag. service broker will create deployments with tag X and would like to view and update it. 2. How can I limit session time for bosh director login?when director is configured to use uaa it uses uaa tokens for auth. tokens in uaa expire after certain period of time and then bosh cli asks to re-login. so this is also pending release of uaa release. -- |
|
|