feat: add BPDM authentication configuration for 24.08. release #155
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nicoprow
force-pushed
the
feat/bpdm-auth-config-24-08
branch
2 times, most recently
from
9497374 to
3939b79
Compare
nicoprow
force-pushed
the
feat/bpdm-auth-config-24-08
branch
from
3939b79 to
046c066
Compare
|
evegufy
requested changes
Aug 7, 2024
There was a problem hiding this comment.
Looks good!
Could you please also update the R&Rs and list of clients/service-accounts
7 tasks
evegufy
requested changes
Sep 13, 2024
evegufy
reviewed
Sep 19, 2024
evegufy
requested changes
Sep 19, 2024
- add an Orchestrator client - add Orchestrator client roles - add technical roles into technical role management client - add client scope role mappings - add Orchestrator Admin role to BPDM admin service accounts
…lden record process - add technical user for the Pool to access the Orchestrator component - add technical user for the Cleaning Dummy to access the Orchestrator component - add technical user for the Portal Gate to access the Orchestrator component - add technical user for the Portal Gate to access the Pool component
- making sure that the Portal Data Manager has read and writing access to the Portal Gate - giving the BPDM Pool Sharing Consumer role the permissions to read all Pool data - restricting the BPDM Pool Consumer reading access to Pool member data only - removing outdated write permission for the Cl16-CX-BPDMGate
…lients - add rights and roles documentation of BPDM Orchestrator - adapt documentation to rights and roles of BPDM Pool and Gate - add Orchestrator client and new fine-granular BPDM service accounts to list of initial clients
nicoprow
force-pushed
the
feat/bpdm-auth-config-24-08
branch
from
f355960 to
69d5620
Compare
|
2 tasks
evegufy
approved these changes
Sep 20, 2024
|
Hi @typecastcloud would you like to review still or should I go head with the merge? |
I'm not able to find anything that is wrong. Go ahead. |
typecastcloud
approved these changes
Sep 20, 2024
8 tasks
5 tasks
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This pull request adjusts the Central-IDP realm configuration to be more align with the BPDM default authentication configuration for the release 24.08. / BPDM version 6.1.0 as described here
All changes were tested with BPDM to setup the golden record process successfully.
Why
Currently, the configuration between the Central-IDP and BPDM is not completely aligned. This leads to more complexity and configuration overhead for operators. Also, currently Central-IDP is missing some technical users/service accounts which is needed by an authenticated golden record process. By providing these initial service accounts an operator does not need to adapt the keycloak realm when setting up the the basic golden record process.
Issue
#154
eclipse-tractusx/bpdm#994
eclipse-tractusx/sig-release#751
Checklist
Please delete options that are not relevant.