Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Membership approver groups #101

Merged
merged 3 commits into from
Feb 12, 2024
Merged

Conversation

jacobsee
Copy link
Contributor

Add approver group field to groups, allowing for the designation of group membership request approval to users that are not a member of the group itself. The use case is that a certain group may confer a high level of access to certain systems, which no users should have on a standing basis. This allows such a high-privileged group to remain 'normally empty', while still making it useful for break-glass access situations.

…roup membership request approval to users that are not a member of the group itself. The use case is that a certain group may confer a high level of access to certain systems, which no users should have on a standing basis. This allows such a high-privileged group to remain 'normally empty', while still making it useful for break-glass access situations.
@jacobsee jacobsee requested a review from a team as a code owner February 12, 2024 06:26
Copy link
Contributor

@fishnix fishnix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good - I'm wondering if we should allow multiple approver groups?

pkg/api/v1alpha1/auth.go Outdated Show resolved Hide resolved
pkg/api/v1alpha1/auth.go Outdated Show resolved Hide resolved
@jacobsee
Copy link
Contributor Author

jacobsee commented Feb 12, 2024

This looks good - I'm wondering if we should allow multiple approver groups?

I was thinking about that but landed on "we have group-of-groups functionality already and groups are cheap, so folks can create an x-approvers group and configure that as advanced they like". Otherwise we're adding a new table here and some more logic, particularly in the frontend. Thoughts?

@jacobsee jacobsee requested a review from fishnix February 12, 2024 21:33
fishnix
fishnix previously approved these changes Feb 12, 2024
pkg/api/v1alpha1/auth.go Outdated Show resolved Hide resolved
Copy link
Contributor

@fishnix fishnix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@jacobsee jacobsee merged commit 0e66a01 into metal-toolbox:main Feb 12, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants