Space Host Policy doesn't load when service broker is using admin user identity

[micahlee]

No description provided.

[jtuttle]

I believe this is due to the fact that we assume in the space host policy that the identity that the service broker uses to authenticate with Conjur is a host.

[micahlee]

Yes, that seems to be correct per:

conjur-service-broker/app/models/space_host_policy.rb

Line 48 in 4d56f76

role: !host /#{ConjurClient.login_host_id}

.

If we do decide to make this work with user as well as host, we do have the existing helper method here we can use:

conjur-service-broker/lib/conjur_client.rb

Lines 46 to 48 in 2e3e7cb

	def login_is_host?
	authn_login.include?("host\/")
	end

[izgeri]

@micahlee this is in the epic - is this still correct? or should this be left in the backlog?

[micahlee]

It's fine with me if it stays in the backlog for now. It's only an issue if the service broker is configured with a user role, and we don't suggest or demonstrate that anywhere.