Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: API client can assign a space role to a user with POST /v3/roles #160

Closed
gcapizzi opened this issue Sep 17, 2021 · 0 comments · Fixed by #215
Closed

[Feature]: API client can assign a space role to a user with POST /v3/roles #160

gcapizzi opened this issue Sep 17, 2021 · 0 comments · Fixed by #215
Assignees
@mnitchev @kieron-dev
Labels
Authorization
Milestone
v0.1

Comments

@gcapizzi
Copy link
Contributor

Background

As an admin
I want to assign space roles to users
So that I can control permissions in the space

Acceptance Criteria

GIVEN a space exists
AND a user other than the admin exists
AND a ClusterRole exists
WHEN I make the following request:

curl "https://api.example.org/v3/roles" \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{
      "type": "<the ClusterRole name>",
      "relationships": {
        "user": {
          "data": {
            "guid": "<the username>"
          }
        },
        "space": {
          "data": {
            "guid": "<the space GUID>"
          }
        }
      }
    }'

THEN I get the following response:

HTTP/1.1 201 Created
Content-Type: application/json

{
   "guid": "40557c70-d1bd-4976-a2ab-a85f5e882418",
   "created_at": "2019-10-10T17:19:12Z",
   "updated_at": "2019-10-10T17:19:12Z",
   "type": "<the ClusterRole name>",
   "relationships": {
      "user": {
         "data": {
            "guid": "<the username>"
         }
      },
      "space": {
         "data": {
            "guid": "<the space GUID>"
         }
      },
      "organization": {
         "data": null
      }
   },
   "links": {
      "self": {
         "href": "https://api.example.org/v3/roles/40557c70-d1bd-4976-a2ab-a85f5e882418"
      },
      "space": {
         "href": "https://api.example.org/v3/spaces/05c5da3b-6cbc-421c-87c3-20bb3c41ab7c"
      }
   }
}

AND I see a RoleBinding in the space namespace for the specified user

Dev Notes
@gcapizzi gcapizzi changed the title [Feature]: Admin can assign a space role to a user with cf set-space-role [Feature]: API client can assign a space role to a user with POST /v3/roles Sep 30, 2021
@akrishna90 akrishna90 transferred this issue from cloudfoundry/cf-k8s-api Nov 2, 2021
@kieron-dev kieron-dev assigned mnitchev and unassigned kieron-dev Nov 3, 2021
mnitchev added a commit that referenced this issue Nov 4, 2021
@danail-branekov @mnitchev
Introduce create role endpoint
90336c7 
* Currently supports only creating space roles
* Generate predictable role binding names by doing a sha256sum on the
  role name and user. The name is also prefixed with `cf-` to ensure it
  starts witha lowercase letter.
* The role will fail to create if the user does not have a role in the
  parent org namespace (as per the docs for POST /v3/roles)

Issue: #160

Co-authored-by: Mario Nitchev <marionitchev@gmail.com>
Co-authored-by: Kieron Browne <kbrowne@vmware.com>
@danail-branekov danail-branekov mentioned this issue Nov 5, 2021
Merged
danail-branekov added a commit that referenced this issue Nov 5, 2021
@danail-branekov @mnitchev
Introduce create role endpoint
1707c4f 
* Currently supports only creating space roles
* Generate predictable role binding names by doing a sha256sum on the
  role name and user. The name is also prefixed with `cf-` to ensure it
  starts witha lowercase letter.
* The role will fail to create if the user does not have a role in the
  parent org namespace (as per the docs for POST /v3/roles)

Issue: #160

Co-authored-by: Mario Nitchev <marionitchev@gmail.com>
Co-authored-by: Kieron Browne <kbrowne@vmware.com>
danail-branekov added a commit that referenced this issue Nov 5, 2021
@danail-branekov @mnitchev
Introduce create role endpoint
ed12d2d 
* Currently supports only creating space roles
* Generate predictable role binding names by doing a sha256sum on the
  role name and user. The name is also prefixed with `cf-` to ensure it
  starts witha lowercase letter.
* The role will fail to create if the user does not have a role in the
  parent org namespace (as per the docs for POST /v3/roles)

Issue: #160

Co-authored-by: Mario Nitchev <marionitchev@gmail.com>
Co-authored-by: Kieron Browne <kbrowne@vmware.com>
@gcapizzi gcapizzi mentioned this issue Nov 8, 2021
Closed
@mnitchev mnitchev linked a pull request Nov 8, 2021 that will close this issue
Introduce POST /v3/roles endpoint to create space roles #215
Merged
kieron-dev pushed a commit that referenced this issue Nov 9, 2021
@danail-branekov @mnitchev
Introduce create role endpoint
76a4265 
* Currently supports only creating space roles
* Generate predictable role binding names by doing a sha256sum on the
  role name and user. The name is also prefixed with `cf-` to ensure it
  starts witha lowercase letter.
* The role will fail to create if the user does not have a role in the
  parent org namespace (as per the docs for POST /v3/roles)

Issue: #160

Co-authored-by: Mario Nitchev <marionitchev@gmail.com>
Co-authored-by: Kieron Browne <kbrowne@vmware.com>
@gcapizzi gcapizzi added this to the v0.1 milestone Mar 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mnitchev mnitchev

@kieron-dev kieron-dev

Labels
Authorization
Projects
Korifi - Backlog
Archived in project
Milestone
v0.1
Development

Successfully merging a pull request may close this issue.

Introduce POST /v3/roles endpoint to create space roles cloudfoundry/korifi
4 participants
@gcapizzi @danail-branekov @mnitchev @kieron-dev