auth: changes of managing roles and users #7524
Conversation
|
Is there a reason why roles should only be optionally revoked if deleted? |
|
@heyitsanthony yes... revoking the deleted roles unconditionally would be reasonable. I couldn't find or recall the discussion behind the current behavior, but it would have some reasons. If there's no motivations of keeping it, I agree with changing the behavior of the revoking. /cc @xiang90 |
Codecov Report
@@ Coverage Diff @@
## master #7524 +/- ##
=========================================
Coverage ? 70.28%
=========================================
Files ? 324
Lines ? 26387
Branches ? 0
=========================================
Hits ? 18545
Misses ? 6370
Partials ? 1472
Continue to review full report at Codecov.
|
This commit resolves a TODO of auth store: Current scheme of role deletion allows existing users to have the deleted roles. Assume a case like below: create a role r1 create a user u1 and grant r1 to u1 delete r1 After this sequence, u1 is still granted the role r1. So if admin create a new role with the name r1, The new r1 is automatically granted u1. In some cases, it would be confusing. So we need to revoke the deleted role from all users.
If auth is enabled, 1. deleting the user root 2. revoking the role root from the user root must not be allowed. This commit forbids them.
mitake
force-pushed
the
del-and-revoke-role
branch
from
76eb57b
to
8d0d942
Compare
|
@heyitsanthony I changed the default behaviour of the role deletion. Now it revokes the role from all users unconditionally. PTAL. |
|
lgtm. Thanks! Defer to @xiang90 on the new behavior. The old behavior seemed more like a bug than a desirable use case... |
|
lgtm |
--revoketoetcdctl role delete. If the flag is passed, the role will be revoked from all users. The 2nd commit adds an e2e test case for this.