cyverse-de / terrain

DE's main API entry-point service
Other
4 stars 9 forks source link

Start on adding Keycloak service account support to terrain #244

Closed ianmcorvidae closed 2 years ago

ianmcorvidae commented 2 years ago

I think this is the basic stuff that's needed. It's not used anywhere yet, and I could use some recommendations if there's some endpoint I should add for testing or such.

Still, I think this is ready enough to be reviewed for the structure of the thing!

slr71 commented 2 years ago

I hit enter too soon on my last comment. I think that if you create a version of that endpoint that can be called by service accounts with the cyverse-subscription-updater role, then that will be all that we need.

One thing that I didn't think to check for was the ability to check for a specific role. It would be helpful to have middleware that checks for the presence of a specific role and returns a 403 if it's not present.

ianmcorvidae commented 2 years ago

Ah, that makes sense. It shouldn't be hard to add a middleware like that, and creating that extra endpoint sounds easy enough as well.

I'll probably do a second PR just to isolate things that you've already reviewed, maybe try to get it up later today since you're going on vacation soon.

slr71 commented 2 years ago

Sounds good 👍