cf-bosh@lists.cloudfoundry.org | BOSH role-based authentication and session limit

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

BOSH role-based authentication and session limit

Aleksey Zalesov #465 Hello! 1. Does BOSH has role-based authentication? The case is single bosh director managing multiple deployments. Some of deployments are in prod state, and some are PoC. I want to limit user for only specific deployment or group of deployments. 2. How can I limit session time for bosh director login? For example, ask bosh director password during 15 min of inactivity. -- Alex Zalesov, DevOps @ Altoros -- View this message in context: http://cf-bosh.70367.x6.nabble.com/BOSH-role-based-authentication-and-session-limit-tp409.html Sent from the CF BOSH mailing list archive at Nabble.com.
More All Messages By This Member
Dmitriy Kalinin #491 inline On Wed, Jul 8, 2015 at 1:20 AM, lexsys <aleksey.zalesov(a)altoros.com> wrote: Hello! 1. Does BOSH has role-based authentication? The case is single bosh director managing multiple deployments. Some of deployments are in prod state, and some are PoC. I want to limit user for only specific deployment or group of deployments. currently bosh users are managed by the director. we just finished implementing uaa integration in the director which will move user management into uaa. we are waiting for uaa team to finish creating an official uaa release so it can be collocated with the director. once that's done you will be able to configure director to use uaa and will be able to limit users to be an admin or a readonly user. so that's a start in terms of permissions. we did discuss deployment permissions before; however, have not scheduled to implement it yet. with uaa it will be possible to add certain checks to the director to limit deployment visibility based on scopes. see https://github.com/cloudfoundry/bosh-notes/blob/master/uaa.md for more info: * Users can modify certain deployments that already exist and new ones that they create (i.e. tagged deployments) - covered by `bosh.<DIRECTOR-UUID>.deployments-tag.<TAG>.admin` - Example: service broker is given a client id/secret and a tag. service broker will create deployments with tag X and would like to view and update it. 2. How can I limit session time for bosh director login? For example, ask bosh director password during 15 min of inactivity. when director is configured to use uaa it uses uaa tokens for auth. tokens in uaa expire after certain period of time and then bosh cli asks to re-login. so this is also pending release of uaa release. -- Alex Zalesov, DevOps @ Altoros -- View this message in context: http://cf-bosh.70367.x6.nabble.com/BOSH-role-based-authentication-and-session-limit-tp409.html Sent from the CF BOSH mailing list archive at Nabble.com. _______________________________________________ cf-bosh mailing list cf-bosh(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh attachment.html attachment.html
More All Messages By This Member
Aleksey Zalesov #493 Thank you for your answer, Dmitry! So waiting for UAA integration. Alex Z. DevOps @ Altoros -- View this message in context: http://cf-bosh.70367.x6.nabble.com/BOSH-role-based-authentication-and-session-limit-tp409p437.html Sent from the CF BOSH mailing list archive at Nabble.com.
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms