tingyuz
commented
5 years ago This is similar to issue #40 and #41, and will be addressed in the Delhi dot release.
Open anonymouse64 opened 5 years ago
tingyuz
commented
5 years ago This is similar to issue #40 and #41, and will be addressed in the Delhi dot release.
tingyuz
commented
5 years ago @anonymouse64 Currently we can use snis in the [secretservice] of configuration for the hard coded name as they serve the same purpose of separating the service domain. What do you think?
anonymouse64
commented
5 years ago This is a point I'm not sure about 100%... The name here is the name of the kong consumer, not the name of the token itself, so it might be okay to use the snis for this purpose, as even if multiple tokens are created, they will all live under the same Kong consumer, even if the tokens represent different access. That being said, the Kong docs seem to imply you should create different consumers for different semantic "consumers", so in that case an end user might want to have them be under different names. As such I think the setting should be configurable from the configuration.toml.
Ferriera
commented
5 years ago That is correct. Each unique consumer should have a unique consumer in kong. That said, kong may not be the ultimate repository for identities in edgex. So, we should have basics for now. I am note sure we will want to have hundreds or thousands of consumers in kong. But the ability to configure multiple (say <10) consumers makes sense.
The
Nameparameter in theKongConsumerOauth2struct is hard-coded when creating a new OAuth token here:https://github.com/edgexfoundry/security-api-gateway/blob/a1603d1c9a577cf3e8018701906c3cb1a7d5a40d/core/accounts.go#L143-L148
This should be configurable through the configuration.toml file if not a command line parameter.