Skip to content
This repository was archived by the owner on Feb 1, 2024. It is now read-only.

Add support for group creation #18

Closed
wants to merge 1 commit into from
Closed

Add support for group creation #18

wants to merge 1 commit into from

Conversation

mnasiadka
Copy link
Member

No description provided.

markgoddard
markgoddard reviewed Sep 30, 2020
View reviewed changes
Copy link

@markgoddard markgoddard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like we might have this code at a client somewhere.

Anyway. Groups are not really a property of projects, don't they need to be a top level list?

@mnasiadka
Copy link
Member Author

Well, is a user property of a project? It might be created at project level, but you can assign roles in different projects to that user. According to keystone docs - both user and group are owned by a domain - https://docs.openstack.org/keystone/latest/getting-started/architecture.html.
More or less, you can assign roles to a user or group, so I don't think it should be a top level list.
I can move the code to groups.yml if you that feels better, I still need to add tasks to add project roles and domain roles to a group.

@markgoddard
Copy link

Well, is a user property of a project? It might be created at project level, but you can assign roles in different projects to that user. According to keystone docs - both user and group are owned by a domain - https://docs.openstack.org/keystone/latest/getting-started/architecture.html.
More or less, you can assign roles to a user or group, so I don't think it should be a top level list.
I can move the code to groups.yml if you that feels better, I still need to add tasks to add project roles and domain roles to a group.

You are right, and in hindsight I should have made users a top level resource too. They do generally have a default project though.

@oneswig
Copy link
Member

oneswig commented Jan 27, 2022

@markgoddard @mnasiadka Can we either progress this or move it somewhere else? Groups are useful for mapping users to projects in federated authentication like OIDC. They might be separate entities but groups projects and users link together.

@markgoddard
Copy link

@markgoddard @mnasiadka Can we either progress this or move it somewhere else? Groups are useful for mapping users to projects in federated authentication like OIDC. They might be separate entities but groups projects and users link together.

IMO groups need to be a separate top level list, outside of projects. I made the mistake of nesting users in projects, but we don't need to repeat it for groups.

@mnasiadka mnasiadka closed this Dec 8, 2022
@markgoddard markgoddard mentioned this pull request Aug 5, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@markgoddard markgoddard markgoddard left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mnasiadka @markgoddard @oneswig