New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth: Add GET /1.0/auth/identities/current
.
#13045
Conversation
aedb00f
to
f84056b
Compare
What about "lxc auth identity info" ? |
Yeah that's better I'll change it tomorrow. |
f84056b
to
03ccc8a
Compare
Changed to |
03ccc8a
to
a534e76
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Lets move the queries out of the API handler functions.
And can you add a test for lxc auth identity info
?
Also I updated the PR description to reflect the new command.
I can add a test that calls it fairly easily, checking that the effective permissions and groups are correct is a bit more involved as we'll have to update |
Lets just check the endpoint works for now. |
Changes the field to a map[string][]string to make the API responses less circular. Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
… group names. Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
Signed-off-by: Mark Laing <mark.laing@canonical.com>
a534e76
to
6a622a5
Compare
I've addressed the feedback when you're ready @tomponline. |
1 similar comment
I've addressed the feedback when you're ready @tomponline. |
This PR:
Identities
field of theGroup
API type to amap[string][]string
(authentication method to list of identifiers).Identity
type to includeIdentityPut
(the list of group names).recursion=2
fromGET /1.0/identities
and always returns the groups for each identity.IdentityInfo
to includeIdentity
and two new fields:EffectiveGroups
andEffectivePermissions
.GET /1.0/auth/identities/current
that resolves all of the requestors groups and permissions in the context of any group mappings that may have been set by the IdP.lxc auth identity info [remote:]
to show permissions for the current user.See #12976 (comment) for more details.
#13042 should be merged first.