diff options
author | mhuin <mhuin@redhat.com> | 2019-03-04 22:56:18 +0100 |
---|---|---|
committer | Matthieu Huin <mhuin@redhat.com> | 2019-07-30 15:32:31 +0000 |
commit | 19474fb62f9605b1fa536c941131572a729d72b3 (patch) | |
tree | 29b1760241b16fbbba6a21a317fd6d6967856c67 /releasenotes | |
parent | 7a622a5823893e1d255bbd0defb84f36c0f310d1 (diff) | |
download | zuul-19474fb62f9605b1fa536c941131572a729d72b3.tar.gz |
Web: plug the authorization engine
Add an "authorize_user" RPC call allowing to test a set of claims
against the rules of a given tenant. Make zuul-web use this call
to authorize access to tenant-scoped privileged actions.
Change-Id: I50575f25b6db06f56b231bb47f8ad675febb9d82
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml b/releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml index 786d5de1e..91631e097 100644 --- a/releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml +++ b/releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml @@ -3,8 +3,9 @@ features: - | Allow users to perform tenant-scoped, privileged actions either through zuul-web's REST API or zuul's client, based on the JWT standard. The users - need a valid bearer token to perform such actions; the scope is set via a - token claim. + need a valid bearer token to perform such actions; the scope is set by matching + conditions on tokens' claims; these conditions can be defined in zuul's tenant + configuration file. Zuul supports token signing and validation using the HS256 or RS256 algorithms. External JWKS are also supported for token validation only. Current tenant-scoped actions are "autohold", "enqueue" and "dequeue". |