derega
commented
8 years ago This PR is becoming huge. I changed the first comment to include list of stuff we've been doing so far. We'll merge this soon and continue development in smaller chunks.
Closed derega closed 8 years ago
derega
commented
8 years ago This PR is becoming huge. I changed the first comment to include list of stuff we've been doing so far. We'll merge this soon and continue development in smaller chunks.
jussih
commented
8 years ago External users without an OID are provided with a generated one for consistency reasons.
This PR contains huge changes in one big blob. Sorry about that. These were made during MPASS development.
Module name change #2
As a minor change the module name was changed to "authdata" as it still was "roledb" :)
Timestamped models #3
All objects in the database contain "created" and "modified" fields. The API has new filter "changed_at" which can be used to filter the query to include only objects which are changed after the specified time.
changed_at API query #4
API was changed to allow services to query the contents of the database. The query can be made with "?changed_at=123124" filter.
Services can store their own attributes
Major new restriction is that only attributes which are written by the caller are returned when querying user data. Only /query endpoint returns all attributes and it is meant for Auth Proxy to use as Auth Proxy needs all attributes. Permissions checks are still not done. Only authentication is done when querying the API and everybody can use the full API.
Test data
Test data generation script was created.
External data concept #6
The concept of Auth Data service was changed slightly. Before it behaved like a cache for data. The cache could be updated with an API and changes were always made from outside. This is still the case but now Auth Data can also act as a proxy for external data sources. In this case Auth Data can redirect API query to external service if the query is made with parameters which are attached to external sources. This attachment is known as External Data Mapping. There is runtime config which defines the mapping between municipalities and external data sources.
LDAP support #7
Auth Data can use LDAP as external data source. Each LDAP needs an adapter which knows how the data in LDAP is interpreted. These adapters are implemented as python modules and then added to the External Data Mapping runtime config.
Oulu municipality was the first LDAP, and first External Data Source.
Dream support #8
Dreamschool is based on Dream Platform. Dream UserDB was added as external data source. Mäntymäki school in Kauniainen uses Dreamschool and it was added to External Data Mapping.