it's currently creating a token scoped to a group with given permission targets.
we should have a capability to let a token scoped to multiple groups.
this is beneficial when it comes to sharing a common group. i.e. reader group or metadata write permission.
AC:
role accepts groups parameter which accepts existing groups
token is created against a created group and groups
validation:
it's possible to only pass groups but not permission targets at the time of role creation and it shouldn't error out
TBD:
non-existing group is attached to a role. it'll for sure throw out run time error at the time of token creation. should we also have a group existence check at the time of role creation?
it's currently creating a token scoped to a group with given permission targets. we should have a capability to let a token scoped to multiple groups.
this is beneficial when it comes to sharing a common group. i.e. reader group or metadata write permission.
AC:
groupsparameter which accepts existing groupsvalidation:
TBD: non-existing group is attached to a role. it'll for sure throw out run time error at the time of token creation. should we also have a group existence check at the time of role creation?