Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Improve managed group admin assignment and synchronization #209

Closed
3 tasks done
shurwit opened this issue Jul 28, 2022 · 2 comments · Fixed by #215 or #217
Closed
3 tasks done

[FEATURE] Improve managed group admin assignment and synchronization #209

shurwit opened this issue Jul 28, 2022 · 2 comments · Fixed by #215 or #217
Assignees
@shurwit
Labels
enhancement New feature or request

Comments

@shurwit
Copy link
Collaborator

shurwit commented Jul 28, 2022
edited
Loading

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Currently we use a combination of admin UINs defined in environment variables and in Authman group descriptions to determine which members should be admins. We would like to make this system more flexible to allow these admins to be managed independently for each set of groups and updated at any point.

We would also like to have the Groups BB manage periodically synchronizing the groups with Authman internally rather than relying on an external task to call an API.

We would also like to ensure that when these admins are updated, the changes are reflected the next time the group is synchronized.

Describe the solution you'd like
A clear and concise description of what you want to happen.

  • We should create a new collection of Authman group stems that will be synchronized which include any admins for these groups. We should expose admin APIs to add/update/delete documents in this collection.
  • When group synchronization occurs, we should check for any changes to the documents in this collection and ensure that the group admins are updated appropriately to match any added or removed admins.
  • We should also create a timer that calls the SynchronizeAuthman function periodically so we can remove the external task calling the API to trigger synchronization.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

One alternative discussed was to create an admin API which allows the admins of each group to be set. This is somewhat less convenient as it would require this data to be manually added to each group rather than automatically set when the group is created and first synchronized. Note that we may still want a similar API in the future to allow the default admins created by this process to add other admins to specific groups.
@shurwit shurwit added the enhancement New feature or request label Jul 28, 2022
@shurwit shurwit self-assigned this Jul 28, 2022
@shurwit
Copy link
Collaborator Author

shurwit commented Aug 3, 2022

I have opened #213 to address the removal of admins, so that is no longer in scope for this issue

@shurwit
Copy link
Collaborator Author

shurwit commented Aug 3, 2022

Related additional feature described in #214

@shurwit shurwit mentioned this issue Aug 3, 2022
Merged
18 tasks
@shurwit shurwit linked a pull request Aug 3, 2022 that will close this issue
[#209] Improve managed group admin assignment and synchronization #215
Merged
18 tasks
mdryankov pushed a commit that referenced this issue Aug 5, 2022
@shurwit
[#209] Improve managed group admin assignment and synchronization (#215)
1fced85 
* add managed group config collection/apis

* fix docs

* add timer for managed group sync

* add admins defined in config to existing groups

* update docs

* fix timer period (minutes)

* debug

* use managed group configs for sync authman APIs

* update secrets baseline

* standardize success responses
@shurwit shurwit mentioned this issue Aug 8, 2022
Merged
18 tasks
@shurwit shurwit reopened this Aug 8, 2022
shurwit added a commit that referenced this issue Aug 8, 2022
@shurwit
[#209] Improve managed group admin assignment and synchronization (#217)
3305797 
* add sync configs

* add sync times

* fix lint issues
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shurwit shurwit

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
1 participant
@shurwit