Skip to content
Snippets Groups Projects

feat+refactor: filtering of assigned resource groups in entitlements, filtering of groups in access control filter, refactor PerunRPC Adapter

Merged Ghost User requested to merge dBucik/resource_tags_entitlements_groupcheck into main
  • Entitlements claim sources now support specifying a resource attribute, which, if set and non-null on the Resource object, groups from this resource will not be considered for producing group-based entitlements. Use option custom.claim.[claimName].source.groupEntitlementDisabledAttribute to configure the attribute name and add the attribute name mapping (to LDAP, RPC names) into the resource attribute mappings file.
  • AccessControl filter (PerunAuthorizationFilter) now supports specifying a resource attribute, which, if set and non-null on the Resource object, groups from this resource will not be considered for controlling access. Use option filter.[name].accessControlDisabledAttr to configure the attribute name and add the attribute name mapping (to LDAP, RPC names) into the resource attribute mappings file.
  • Refactor the PerunRPC Adapter and extract strings as constants (methods, parameters, etc.)

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply
Loading