Open LesterThomas opened 8 months ago
There are two things we need to figure before we complete this feature:
My suggestion to start the discussion is:
securityFunction
. My suggestion would be to extend it as follows:
securityFunction:
controllerRole:
- name: secConAdmin
description: Controller role for the canvas security controller
exposedAPIs:
- name: partyrole
specification: https://raw.githubusercontent.com/tmforum-apis/TMF669_PartyRole/master/TMF669-PartyRole-v4.0.0.swagger.json
implementation: {{.Release.Name}}-partyroleapi
apitype: openapi
path: /{{.Release.Name}}-{{.Values.component.name}}/tmf-api/partyRoleManagement/v4
developerUI: /{{.Release.Name}}-{{.Values.component.name}}/tmf-api/partyRoleManagement/v4/docs
port: 8080
- name: usersandroles
specification: https://raw.githubusercontent.com/tmforum-apis/TMF672_UserRolesPermissions/master/TMF672-UserRolePermission-v4.0.0.swagger.json
implementation: {{.Release.Name}}-usersandroles
apitype: openapi
path: /{{.Release.Name}}-{{.Values.component.name}}/tmf-api/usersAndRoles/v4
developerUI: /{{.Release.Name}}-{{.Values.component.name}}/tmf-api/usersAndRoles/v4/docs
port: 8080
dependantAPIs: []
componentRole:
- name: role1
description: role1 description
- name: role2
description: role2 description
This extends exposedAPIs
with a second option for User Roles and Permissions. It also extends securityFunction
with a componentRole
array that lists names and descriptions of roles. To make the componentRole
and controllerRole
fields uniform, it also introduces a breaking change to controllerRole
to make it an array the same format as componentRole
.
This change would require a change to the BDD, TDD, CRD definition, component design guidelines and security controller.
Note that usersandroles
/usersAndRoles
may not be correct because there's an error in the source for TMF672 for which I've raised another issue.
Description
Refactor the canvas implementation to conform to decision #2.
The feature definition for this is described in issue #81
This includes updating the use cases, BDD, TDD and source code for the identity operator. I propose for the implementation, the first step will be to support TMF672 User Roles and Permissions in addition to supporting TMF669 Party Role Management. We should deprecate TMF669 and warn about it and remove it in N+2 release. This will allow existing components to continue to work, and give component vendors a realistic timeline to update to use TMF672.