diff options
author | Matthieu Huin <mhuin@redhat.com> | 2019-06-21 12:38:19 +0200 |
---|---|---|
committer | Matthieu Huin <mhuin@redhat.com> | 2019-07-10 12:11:14 +0200 |
commit | 6a7235fb506480dd2df7d712f441a5dd663c0da7 (patch) | |
tree | 547016261af9758286a33cba550fcb47de6bb494 /releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml | |
parent | 86f071464dafd584c995790dce30e2e3ca98f5ac (diff) | |
download | zuul-6a7235fb506480dd2df7d712f441a5dd663c0da7.tar.gz |
web: add tenant and project scoped, JWT-protected actions
A user with the right JSON Web Token (JWT) can trigger a autohold,
reenqueue or dequeue a buildset from the web API.
The Token is expected to include a key called "zuul.admin" that
contains a list of the tenants the user is allowed to perform
these actions on.
The Token must be passed as a bearer token in an Authorization header.
The Token is validated thanks to authenticator declarations in Zuul's
configuration file.
Change-Id: Ief9088812f44368f14234ddfa25ba872526b8735
Diffstat (limited to 'releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml')
-rw-r--r-- | releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml b/releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml new file mode 100644 index 000000000..de6f96a59 --- /dev/null +++ b/releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Add an endpoint protection mechanism to zuul-web's REST API, based on the JWT + standard. A user can access protected endpoints with a valid bearer token. + The actions associated to these endpoints are tenant-scoped via a token claim. + Zuul supports token signatures using the HS256 or RS256 algorithms. External + JWKS are also supported. + Current protected endpoints are "autohold", "enqueue" and "dequeue". |