Closed dhenry123 closed 8 months ago
I was wondering if using a SQL(ite) database wouldn't be easier than a flat file, especially with permissions etc. A "true" db like pgsql is way overkill but sqlite might okay?
Initially, this product was just a shell translation, I wanted a simple product with an in-memory base so as not to use an RDBMS. The design of the data model is extremely simple. In my experience, using Sqlite in a kubernetes environment increases the difficulty. This is because the volumes are NFS volumes and Sqlite has poor support for locking on this type of file system. I therefore chose instead to keep the database in memory and to make a dump each time a change is made. And this change can also be stored in an S3 volume. So I won't be implementing SQLite. Or at worst, via a system of hooks. I'll think about an interface when I implement S3. Thanks again for your contributions
That does makes sense. I don't really use K8s, but I remember the storage struggles ahah. Would you prefer a role system (admin, user that can onlycheck/no CI) or a more granular permission model (per control seems a bit overkill, but maybe something similar)?
I would also be interesed in LDAP support, maybe by synchronising the users' logins (using a filter, like memberOf=cn=users_utdon,cn=groups,cn=accounts,dc=yourdomain,dc=com
) and then checking their password via LDAP. Would that work for you, or would you prefer not to have to synchronize users "manually"?
If by roles, permissions could be easily managed by the user's groups. The last point of the roadmap is LDAP support, but I figured LDAP with only one user would be a bit weird.
the POC is in progress
https://github.com/dhenry123/utdon/blob/Groups_And_LDAP/README-LDAP.fr.md
I'm going to take a break for about ten days
Thanks
That's a pretty good first step. Take care!
see #15 : Add support MULTI ADMIN users purposed by @luclu7
The introduction of this functionality now requires the study of authorizations in the application. Not everyone can be an administrator. The implementation of authorizations in the application will also include connection to an LDAP directory (users/Groups).