Merge pull request #899 from cloudfoundry/setting-for-alias-entities

Specification for "login.aliasEntitiesEnabled" Setting
cloudfoundry · Jun 6, 2024 · 637e913 · 637e913
2 parents a24945b + 7c94542
commit 637e913
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 0 deletions.
diff --git a/jobs/uaa/spec b/jobs/uaa/spec
@@ -438,6 +438,16 @@ properties:
     description: "This value can be set to the origin key of an identity provider. If set, the user will be directed to this identity provider automatically if no other identity provider is discovered or selected via login_hint. When not set, legacy chained authentication (where uaa is attempted first followed by ldap) is used."
     example: uaa
     default: null
+  login.aliasEntitiesEnabled:
+    description: |
+      Enable the creation, update and deletion of identity providers and users with an alias. The alias feature enables
+      the synchronization of an identity provider or user entity between a custom identity zone and the "uaa" zone (its
+      "alias"). By this, the entity can be managed in an isolated custom identity zone while still being effective for
+      other components that only operate on the "uaa" zone, e.g. the CF Cloud Controller. An entity and its alias
+      reference each other through the properties "aliasId" (ID of the alias) and "aliasZid" (ID of the zone containing
+      the alias). Note that existing entities with an alias will not be removed when deactivating the flag. Instead, the
+      creation, update and deletion of identity providers and users with an alias is prohibited.
+    default: false
 
   # Email
   login.notifications.url:

diff --git a/jobs/uaa/templates/config/uaa.yml.erb b/jobs/uaa/templates/config/uaa.yml.erb
@@ -670,6 +670,7 @@
       'url' => login_url,
       'idpDiscoveryEnabled' => p('login.idpDiscoveryEnabled'),
       'accountChooserEnabled' => p('login.accountChooserEnabled'),
+      'aliasEntitiesEnabled' => p('login.aliasEntitiesEnabled'),
       'entityBaseURL' => login_entityBaseUrl,
       'entityID' => login_entityId,
       'prompt' => {

diff --git a/spec/compare/all-properties-set-uaa.yml b/spec/compare/all-properties-set-uaa.yml
@@ -346,6 +346,7 @@ login:
   defaultIdentityProvider: uaa
   idpDiscoveryEnabled: true
   accountChooserEnabled: true
+  aliasEntitiesEnabled: true
   entityBaseURL: http://all-properties-set:8888/uaa
   entityID: all-properties-set:8888/uaa
   prompt:

diff --git a/spec/compare/bosh-lite-uaa.yml b/spec/compare/bosh-lite-uaa.yml
@@ -264,6 +264,7 @@ login:
   defaultIdentityProvider: uaa
   idpDiscoveryEnabled: false
   accountChooserEnabled: false
+  aliasEntitiesEnabled: false
   entityBaseURL: https://login.bosh-lite.com
   entityID: login.bosh-lite.com
   prompt:

diff --git a/spec/compare/deprecated-properties-still-work-uaa.yml b/spec/compare/deprecated-properties-still-work-uaa.yml
@@ -218,6 +218,7 @@ login:
   defaultIdentityProvider: uaa
   idpDiscoveryEnabled: false
   accountChooserEnabled: false
+  aliasEntitiesEnabled: false
   entityBaseURL: http://test.uaa.url
   entityID: test.uaa.url
   prompt:

diff --git a/spec/compare/test-defaults-uaa.yml b/spec/compare/test-defaults-uaa.yml
@@ -169,6 +169,7 @@ login:
   defaultIdentityProvider: uaa
   idpDiscoveryEnabled: false
   accountChooserEnabled: false
+  aliasEntitiesEnabled: false
   entityBaseURL: http://test.uaa.url
   entityID: test.uaa.url
   prompt:

diff --git a/spec/input/all-properties-set.yml b/spec/input/all-properties-set.yml
@@ -38,6 +38,7 @@ properties:
     defaultIdentityProvider: uaa
     idpDiscoveryEnabled: true
     accountChooserEnabled: true
+    aliasEntitiesEnabled: true
     links:
       global:
         passwd: "https://{zone.subdomain}.myaccountmanager.domain.com/z/{zone.id}/forgot_password"