[apiman] Roles are hard-coded in BearerTokenFilter

fabric8io / fabric8-ipaas

This repository contains the iPaaS related apps that can be run as part of the fabric8 platform on any OpenShift v3 and Kubernetes environment

14 stars 33 forks source link

[apiman] Roles are hard-coded in BearerTokenFilter #180

Closed jpechane closed 8 years ago

jpechane commented 8 years ago

The code contains comment about linking roles to KeyCloak but it should also be based on OpenShift roles definition - for example link it to a project admin role.

KurtStam commented 8 years ago

Yeah, this needs further discussion, as there is no openshift api for 'get me the roles for this user'. I'd be in favor of using KeyCloak for all our SSO. I will report back if I have any news to report on this.

jimmidyson commented 8 years ago

On OpenShift you can't query what roles a user has but you can query "can do ?". Is that useful?

KurtStam commented 8 years ago

We can use that as a workaround if we have to.

KurtStam commented 8 years ago

We are now giving the apiman-admin role to users with cluster admin rights.

https://github.com/fabric8io/fabric8-ipaas/pull/212