Skip to content

Commit

Permalink
Update identities in publisher rules to be more scoped
Browse files Browse the repository at this point in the history 
This set of changes realigns the permissions granted to LDAP and
DinoPark with the capabilities present and used in production today.
(For example, DinoPark has no UI to modify SSH or PGP keys.)

These were prepared in #523 to allow LDAP to update LDAP keys that can't
be set by any other CIS integration, and this commit contains that work.
  • Loading branch information
@floatingatoll
floatingatoll committed Jul 27, 2021
1 parent 7090e79 commit ca6d7d7
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 4 deletions.
19 changes: 18 additions & 1 deletion python-modules/cis_profile/cis_profile/data/well-known/mozilla-iam-publisher-rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,24 @@
"last_name": "mozilliansorg",
"alternative_name": "mozilliansorg",
"primary_email": "access_provider",
"identities": "mozilliansorg",
"identities": {
"github_id_v3": "mozilliansorg",
"github_id_v4": "mozilliansorg",
"github_primary_email": "mozilliansorg",
"mozilliansorg_id": "mozilliansorg",
"bugzilla_mozilla_org_id": "mozilliansorg",
"bugzilla_mozilla_org_primary_email": "mozilliansorg",
"mozilla_ldap_id": "ldap",
"mozilla_ldap_primary_email": "ldap",
"mozilla_posix_id": "ldap",
"google_oauth2_id": "mozilliansorg",
"google_primary_email": "mozilliansorg",
"firefox_accounts_id": "mozilliansorg",
"firefox_accounts_primary_email": "mozilliansorg",
"custom_1_primary_email": "mozilliansorg",
"custom_2_primary_email": "mozilliansorg",
"custom_3_primary_email": "mozilliansorg"
},
"ssh_public_keys": "ldap",
"pgp_public_keys": "ldap",
"access_information": {
Expand Down
23 changes: 20 additions & 3 deletions well-known-endpoint/tpl/mozilla-iam-publisher-rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@
"custom_2_primary_email": [ "ldap", "hris", "access_provider", "mozilliansorg" ],
"custom_3_primary_email": [ "ldap", "hris", "access_provider", "mozilliansorg" ]
},
"ssh_public_keys": [ "ldap", "mozilliansorg" ],
"pgp_public_keys": [ "ldap", "mozilliansorg" ],
"ssh_public_keys": [ "ldap" ],
"pgp_public_keys": [ "ldap" ],
"access_information": {
"access_provider": [ "access_provider" ],
"ldap": [ "ldap" ],
Expand Down Expand Up @@ -74,7 +74,24 @@
"last_name": "mozilliansorg",
"alternative_name": "mozilliansorg",
"primary_email": "access_provider",
"identities": "mozilliansorg",
"identities": {
"github_id_v3": "mozilliansorg",
"github_id_v4": "mozilliansorg",
"github_primary_email": "mozilliansorg",
"mozilliansorg_id": "mozilliansorg",
"bugzilla_mozilla_org_id": "mozilliansorg",
"bugzilla_mozilla_org_primary_email": "mozilliansorg",
"mozilla_ldap_id": "ldap",
"mozilla_ldap_primary_email": "ldap",
"mozilla_posix_id": "ldap",
"google_oauth2_id": "mozilliansorg",
"google_primary_email": "mozilliansorg",
"firefox_accounts_id": "mozilliansorg",
"firefox_accounts_primary_email": "mozilliansorg",
"custom_1_primary_email": "mozilliansorg",
"custom_2_primary_email": "mozilliansorg",
"custom_3_primary_email": "mozilliansorg"
},
"ssh_public_keys": "ldap",
"pgp_public_keys": "ldap",
"access_information": {
Expand Down

0 comments on commit ca6d7d7

Please sign in to comment.