[#153072577] Add UAA client for paas-admin app #1135
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
henrytk
changed the title
This client will eventually need more scopes for the various operations a user might want to do via the app, but for now we limit it to OAuth and read operations.
henrytk
force-pushed
the
uaa-auth-153072577
branch
3 times, most recently
from
72c47eb to
ada00c2
Compare
henrytk
changed the title
camelpunch
reviewed
Dec 8, 2017
| @@ -136,6 +137,13 @@ | |||
| ) | |||
| } | |||
|
|
|||
| it { | |||
| clients.each { |_, config| | |||
| expect(config.has_key?("override")).to be true | |||
There was a problem hiding this comment.
Because of rspec magic that translates have_xxx(foo) to has_xxx?(foo), you could also say expect(config).to have_key("override")
There was a problem hiding this comment.
That reads more gooder. Thanks.
According to the UAA docs[1] this property allows the configuration in the manifest to override client configurations saved if you have a persistent database. We set this because we always want our manifest to be the source of truth for configuration. Also, we remove the `id` fields because they are redundant. The UAA release uses the `properties.uaa.clients.*` key as the ID. [1] https://github.com/cloudfoundry/uaa/blob/391163ebad397b8f3eb5298aa01412dd94c9a176/docs/Sysadmin-Guide.rst#clients
These are the groups that can be requested by the admin user when authenticating via UAA. Each UAA client is configured to allow requests for a set of scopes. Currently, if the admin user authenticates via a UAA client with the `cloud_controller.admin_read_only` scope it will not have that scope in the token.
henrytk
force-pushed
the
uaa-auth-153072577
branch
from
ada00c2 to
4e87fde
Compare
dcarley
approved these changes
Dec 11, 2017
dcarley
added a commit
that referenced
this pull request
Dec 14, 2017
[#153072577] Add UAA client for paas-admin app
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
We need a UAA client configuration for the paas-admin app to use. It currently has limited permissions, because the app only lists orgs at the moment as proof the authentication works.
How to review
Review in conjunction with alphagov/paas-admin#1
There is little danger with this commit as the client is configured with much less scope than will eventually be required. This is on purpose.
Eyeball the code and deploy with passing tests should be enough.
Who can review
Anyone but me, @chrisfarms @camelpunch or @carolinegreen