Skip to content

Commit 9b5358c

Browse files
Johaney-sJohaney-s
authored
Merge pull request #3966 from Johaney-s/proxy_role
feat(core): add PROXY role
2 parents b393ed5 + 80bc612 commit 9b5358c

File tree

6 files changed

+278
-2
lines changed

6 files changed

+278
-2
lines changed

perun-base/src/main/java/cz/metacentrum/perun/core/api/Role.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,11 +36,12 @@ public class Role {
3636
public static final String PASSWORDRESETMANAGER = "PASSWORDRESETMANAGER";
3737
public static final String MEMBERSHIP = "MEMBERSHIP";
3838
public static final String MFA = "MFA";
39+
public static final String PROXY = "PROXY";
3940

4041
public static List<String> rolesAsList() {
4142
return Arrays.asList(AUDITCONSUMERADMIN, CABINETADMIN, ENGINE, FACILITYADMIN, FACILITYOBSERVER, TRUSTEDFACILITYADMIN, GROUPADMIN,
4243
GROUPOBSERVER, GROUPMEMBERSHIPMANAGER, MEMBERSHIP, NOTIFICATIONS, PASSWORDRESETMANAGER, PERUNADMIN, PERUNOBSERVER, REGISTRAR, RESOURCEADMIN, RESOURCEOBSERVER,
4344
RESOURCESELFSERVICE, RPC, SECURITYADMIN, SELF, SERVICEUSER, SPREGAPPLICATION, SPONSOR, TOPGROUPCREATOR, UNKNOWNROLENAME,
44-
VOADMIN, VOOBSERVER, SPONSORSHIP, MFA);
45+
VOADMIN, VOOBSERVER, SPONSORSHIP, MFA, PROXY);
4546
}
4647
}

perun-base/src/main/resources/perun-roles.yml

Lines changed: 61 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,8 @@
107107
# MEMBERSHIP role represents principal's membership in a group, VO or association with facility. This role is not
108108
## explicitly saved in DB!!
109109
#
110+
# PROXY role is dedicated to service account updating user extsources and working with facilities.
111+
#
110112
# UNKNOWN exists, but it is not used in Perun.
111113
#
112114

@@ -139,6 +141,7 @@ perun_roles:
139141
- SPONSORSHIP
140142
- PASSWORDRESETMANAGER
141143
- MEMBERSHIP
144+
- PROXY
142145
- UNKNOWN
143146

144147
# A list of Perun policies that are loaded to the PerunPoliciesContainer.
@@ -216,6 +219,7 @@ perun_policies:
216219
getEntitylessAttributes_String_policy:
217220
policy_roles:
218221
- PERUNOBSERVER:
222+
- PROXY:
219223
include_policies:
220224
- default_policy
221225

@@ -234,6 +238,7 @@ perun_policies:
234238
getEntitylessKeys_AttributeDefinition_policy:
235239
policy_roles:
236240
- PERUNOBSERVER:
241+
- PROXY:
237242
include_policies:
238243
- default_policy
239244

@@ -539,6 +544,7 @@ perun_policies:
539544
policy_roles:
540545
- RPC:
541546
- PERUNOBSERVER:
547+
- PROXY:
542548
include_policies:
543549
- default_policy
544550

@@ -711,6 +717,7 @@ perun_policies:
711717
- FACILITYOBSERVER:
712718
- PERUNOBSERVER:
713719
- SPREGAPPLICATION:
720+
- PROXY:
714721
include_policies:
715722
- default_policy
716723

@@ -719,6 +726,7 @@ perun_policies:
719726
- FACILITYADMIN:
720727
- FACILITYOBSERVER:
721728
- PERUNOBSERVER:
729+
- PROXY:
722730
include_policies:
723731
- default_policy
724732

@@ -727,6 +735,7 @@ perun_policies:
727735
- FACILITYADMIN: Facility
728736
- FACILITYOBSERVER: Facility
729737
- PERUNOBSERVER:
738+
- PROXY:
730739
include_policies:
731740
- default_policy
732741

@@ -825,6 +834,7 @@ perun_policies:
825834
- FACILITYADMIN: Facility
826835
- FACILITYOBSERVER: Facility
827836
- PERUNOBSERVER:
837+
- PROXY:
828838
include_policies:
829839
- default_policy
830840

@@ -858,6 +868,7 @@ perun_policies:
858868
- FACILITYADMIN: Facility
859869
- FACILITYOBSERVER: Facility
860870
- PERUNOBSERVER:
871+
- PROXY:
861872
include_policies:
862873
- default_policy
863874

@@ -875,6 +886,7 @@ perun_policies:
875886
- FACILITYADMIN: Facility
876887
- FACILITYOBSERVER: Facility
877888
- PERUNOBSERVER:
889+
- PROXY:
878890
include_policies:
879891
- default_policy
880892

@@ -890,13 +902,15 @@ perun_policies:
890902
policy_roles:
891903
- FACILITYADMIN:
892904
- SPREGAPPLICATION:
905+
- PROXY:
893906
include_policies:
894907
- default_policy
895908

896909
deleteFacility_Facility_Boolean_policy:
897910
policy_roles:
898911
- FACILITYADMIN: Facility
899912
- SPREGAPPLICATION:
913+
- PROXY:
900914
include_policies:
901915
- default_policy
902916
mfa_rules:
@@ -1061,6 +1075,7 @@ perun_policies:
10611075
- PERUNOBSERVER:
10621076
- FACILITYADMIN: Facility
10631077
- FACILITYOBSERVER: Facility
1078+
- PROXY:
10641079
include_policies:
10651080
- default_policy
10661081

@@ -1325,6 +1340,7 @@ perun_policies:
13251340
- GROUPADMIN: Group
13261341
- VOADMIN: Vo
13271342
- SPREGAPPLICATION:
1343+
- PROXY:
13281344
include_policies:
13291345
- default_policy
13301346
mfa_rules:
@@ -1336,6 +1352,7 @@ perun_policies:
13361352
- GROUPADMIN: Group
13371353
- VOADMIN: Vo
13381354
- SPREGAPPLICATION:
1355+
- PROXY:
13391356
include_policies:
13401357
- default_policy
13411358
mfa_rules:
@@ -1416,6 +1433,7 @@ perun_policies:
14161433
- VOOBSERVER: Vo
14171434
- VOADMIN: Vo
14181435
- TRUSTEDFACILITYADMIN: Vo
1436+
- PROXY:
14191437
include_policies:
14201438
- default_policy
14211439

@@ -1431,6 +1449,7 @@ perun_policies:
14311449
- GROUPOBSERVER: Group
14321450
- VOADMIN: Vo
14331451
- TRUSTEDFACILITYADMIN: Vo
1452+
- PROXY:
14341453
include_policies:
14351454
- default_policy
14361455

@@ -1716,6 +1735,7 @@ perun_policies:
17161735
- GROUPOBSERVER: Group
17171736
- GROUPMEMBERSHIPMANAGER: Group
17181737
- VOADMIN: Vo
1738+
- PROXY:
17191739
include_policies:
17201740
- default_policy
17211741

@@ -2120,6 +2140,7 @@ perun_policies:
21202140
- GROUPOBSERVER: Vo
21212141
- GROUPMEMBERSHIPMANAGER: Vo
21222142
- VOADMIN: Vo
2143+
- PROXY:
21232144
include_policies:
21242145
- default_policy
21252146

@@ -2132,6 +2153,7 @@ perun_policies:
21322153
- GROUPOBSERVER: Group
21332154
- GROUPMEMBERSHIPMANAGER: Group
21342155
- VOADMIN: Vo
2156+
- PROXY:
21352157
include_policies:
21362158
- default_policy
21372159

@@ -2152,6 +2174,7 @@ perun_policies:
21522174
- PERUNOBSERVER:
21532175
- VOOBSERVER: Vo
21542176
- VOADMIN: Vo
2177+
- PROXY:
21552178
include_policies:
21562179
- default_policy
21572180

@@ -2161,6 +2184,7 @@ perun_policies:
21612184
- PERUNOBSERVER:
21622185
- VOOBSERVER: Vo
21632186
- VOADMIN: Vo
2187+
- PROXY:
21642188
include_policies:
21652189
- default_policy
21662190

@@ -2713,6 +2737,7 @@ perun_policies:
27132737
- GROUPADMIN: Group
27142738
- GROUPMEMBERSHIPMANAGER: Group
27152739
- VOADMIN: Vo
2740+
- PROXY:
27162741
include_policies:
27172742
- default_policy
27182743
mfa_rules:
@@ -2777,13 +2802,15 @@ perun_policies:
27772802
- VOADMIN: Vo
27782803
- SPREGAPPLICATION:
27792804
- PASSWORDRESETMANAGER:
2805+
- PROXY:
27802806
include_policies:
27812807
- default_policy
27822808

27832809
getMembersByUser_User_policy:
27842810
policy_roles:
27852811
- SELF: User
27862812
- PERUNOBSERVER:
2813+
- PROXY:
27872814
include_policies:
27882815
- default_policy
27892816

@@ -3305,6 +3332,7 @@ perun_policies:
33053332
- VOADMIN: Vo
33063333
- SPONSORSHIP: Member
33073334
- PASSWORDRESETMANAGER:
3335+
- PROXY:
33083336
include_policies:
33093337
- default_policy
33103338
mfa_rules:
@@ -4097,6 +4125,7 @@ perun_policies:
40974125
- VOADMIN: Vo
40984126
- VOOBSERVER: Vo
40994127
- PERUNOBSERVER:
4128+
- PROXY:
41004129
include_policies:
41014130
- default_policy
41024131

@@ -4113,6 +4142,7 @@ perun_policies:
41134142
- VOADMIN: Vo
41144143
- VOOBSERVER: Vo
41154144
- PERUNOBSERVER:
4145+
- PROXY:
41164146
include_policies:
41174147
- default_policy
41184148

@@ -4155,6 +4185,7 @@ perun_policies:
41554185
FACILITYADMIN: Facility
41564186
- TRUSTEDFACILITYADMIN: Vo
41574187
FACILITYOBSERVER: Facility
4188+
- PROXY:
41584189
include_policies:
41594190
- default_policy
41604191

@@ -4976,6 +5007,7 @@ perun_policies:
49765007
policy_roles:
49775008
- PERUNOBSERVER:
49785009
- SPREGAPPLICATION:
5010+
- PROXY:
49795011
include_policies:
49805012
- default_policy
49815013

@@ -5709,6 +5741,7 @@ perun_policies:
57095741
- SELF: User
57105742
- PERUNOBSERVER:
57115743
- SPREGAPPLICATION:
5744+
- PROXY:
57125745
include_policies:
57135746
- default_policy
57145747

@@ -5794,6 +5827,7 @@ perun_policies:
57945827
- PERUNOBSERVER:
57955828
- SPREGAPPLICATION:
57965829
- PASSWORDRESETMANAGER:
5830+
- PROXY:
57975831
include_policies:
57985832
- default_policy
57995833

@@ -5979,6 +6013,7 @@ perun_policies:
59796013
- VOADMIN:
59806014
- SELF: User
59816015
- PERUNOBSERVER:
6016+
- PROXY:
59826017
include_policies:
59836018
- default_policy
59846019

@@ -6029,6 +6064,7 @@ perun_policies:
60296064
- VOOBSERVER:
60306065
- VOADMIN:
60316066
- PERUNOBSERVER:
6067+
- PROXY:
60326068
include_policies:
60336069
- default_policy
60346070

@@ -6073,6 +6109,7 @@ perun_policies:
60736109
- VOOBSERVER:
60746110
- VOADMIN:
60756111
- PERUNOBSERVER:
6112+
- PROXY:
60766113
include_policies:
60776114
- default_policy
60786115

@@ -6524,7 +6561,8 @@ perun_policies:
65246561
- default_policy
65256562

65266563
updateUserExtSourceLastAccess_UserExtSource_policy:
6527-
policy_roles: []
6564+
policy_roles:
6565+
- PROXY:
65286566
include_policies:
65296567
- default_policy
65306568
mfa_rules:
@@ -6568,6 +6606,7 @@ perun_policies:
65686606
- FACILITYOBSERVER: Facility
65696607
- VOADMIN: Vo
65706608
- PERUNOBSERVER:
6609+
- PROXY:
65716610
include_policies:
65726611
- default_policy
65736612

@@ -6586,6 +6625,7 @@ perun_policies:
65866625
- FACILITYADMIN: Facility
65876626
- FACILITYOBSERVER: Facility
65886627
- PERUNOBSERVER:
6628+
- PROXY:
65896629
include_policies:
65906630
- default_policy
65916631

@@ -6594,6 +6634,7 @@ perun_policies:
65946634
- FACILITYADMIN: Facility
65956635
- FACILITYOBSERVER: Facility
65966636
- PERUNOBSERVER:
6637+
- PROXY:
65976638
include_policies:
65986639
- default_policy
65996640

@@ -6758,6 +6799,7 @@ perun_policies:
67586799
- TRUSTEDFACILITYADMIN: Vo
67596800
- SPONSOR: Vo
67606801
- PASSWORDRESETMANAGER:
6802+
- PROXY:
67616803
include_policies:
67626804
- default_policy
67636805

@@ -6778,6 +6820,7 @@ perun_policies:
67786820
- TOPGROUPCREATOR: Vo
67796821
- TRUSTEDFACILITYADMIN: Vo
67806822
- SPONSOR: Vo
6823+
- PROXY:
67816824
include_policies:
67826825
- default_policy
67836826

@@ -8663,6 +8706,23 @@ perun_roles_management:
86638706
assignable_to_attributes: false
86648707
display_name: "MFA"
86658708

8709+
PROXY:
8710+
primary_object:
8711+
assign_to_objects: {}
8712+
assignment_check:
8713+
- MFA:
8714+
entities_to_manage:
8715+
User: user_id
8716+
privileged_roles_to_manage:
8717+
- PERUNADMIN:
8718+
privileged_roles_to_read:
8719+
- PERUNADMIN:
8720+
- PERUNOBSERVER:
8721+
associated_read_roles: []
8722+
assignable_to_attributes: true
8723+
skip_mfa: true
8724+
display_name: "Proxy"
8725+
86668726
UNKNOWN:
86678727
primary_object:
86688728
assign_to_objects: {}

perun-base/src/test/resources/test-roles.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -200,5 +200,10 @@ perun_policies:
200200
- PASSWORDRESETMANAGER:
201201
include_policies: [ ]
202202

203+
test_proxy_role:
204+
policy_roles:
205+
- PROXY:
206+
include_policies: []
207+
203208
perun_roles_management: {}
204209
...

0 commit comments

Comments
 (0)