Skip to content
代码片段 群组 项目
未验证 提交 5e8eef23 编辑于 作者: Arvind Thirunarayanan's avatar Arvind Thirunarayanan 提交者: GitHub
浏览文件

AUTHN-974: Separate identity provider and pool resource types (#6778)

上级 611666fc
No related branches found
No related tags found
无相关合并请求
......@@ -374,4 +374,4 @@ DescribeAccess is debatable, leaving it for now.
]
}
]
}
\ No newline at end of file
}
......@@ -227,9 +227,12 @@ ClusterApiKey are cluster api keys not owned by the principal in the authorize r
With https://confluentinc.atlassian.net/wiki/spaces/SECENG/pages/2797076636/RCCA-6760+KSQL+SR+Cluster+API+Keys+pre-RBAC-3,
it this is expanded to an resourceType for each cluster type.
- SecurityFederatedIdentity is a resource which enables an OrganizationAdmin to configure
- IdentityProvider is a resource which enables a principal to configure
trust relationship between their Confluent Cloud organization and an external identity provider.
- IdentityPool is a resource which enables a principal to setup a pool with an
attached trust policy to validate tokens issued by an external identity provider.
- NotificationSubscription is a resource which allows Confluent Cloud user to receive notifications
of a particular type. All roles that a customer can assign need the Describe operation so that
the user can view Cloud Notifications settings.
......@@ -395,6 +398,14 @@ trust relationship between their Confluent Cloud organization and an external id
"resourceType": "SecurityFederatedIdentity",
"operations": [ "Create", "Describe", "Alter", "Delete" ]
},
{
"resourceType": "IdentityProvider",
"operations": [ "Create", "Describe", "Alter", "Delete" ]
},
{
"resourceType": "IdentityPool",
"operations": [ "Create", "Describe", "Alter", "Delete" ]
},
{
"resourceType": "SupportPlan",
"operations": [ "Describe", "Alter", "DescribeAccess", "AlterAccess" ]
......
......@@ -270,7 +270,7 @@ public class RbacRolesTest {
assertFalse(orgAdmin.bindWithResource());
actualPolicy = accessPolicy(orgAdmin, "organization", false);
assertEquals(44, actualPolicy.allowedOperations().size());
assertEquals(46, actualPolicy.allowedOperations().size());
assertEquals(2, actualPolicy.allowedOperations(new ResourceType("SecurityMetadata")).size());
assertEquals(4, actualPolicy.allowedOperations(new ResourceType("NotificationSubscription")).size());
assertEquals(4, actualPolicy.allowedOperations(new ResourceType("NotificationIntegration")).size());
......@@ -1479,4 +1479,4 @@ public class RbacRolesTest {
}
}
}
\ No newline at end of file
}
0% 加载中 .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册