[katello-devel] [foreman-dev] Signo and shared user management
Dmitri Dolguikh
dmitri at redhat.com
Tue Jul 2 08:23:55 UTC 2013
On 2013-07-02 9:04 AM, Ivan Necas wrote:
> Let me suggest one more option:)
>
> Unifying permissions model in Katello & Foreman through a shared engine
> (let's call it rails-rbac - the name is still available on rubygems :).
>
> rails-rbac will define models User, Role, Permission, Context
> (or whatever would work for us), their
> associations and API in a way, that would fit into both Katello & Foreman.
>
> Katello & Foreman team would update their code to use this shared engine
> instead of what we have right now.
>
> Benefits:
>
> Using the same schema means simple distribution of the permissions:
> we could have the UI for modifying the roles in Signo and the changes
> would distribute both to Katello & Foreman. Or we could say Katello
> will be the one to set the permissions for both systems, and the
> changes would get reflected into Foreman.
>
> This would be the first step for sharing the common code, making it possible
> to merge the users and permissions if we wanted to go though the Katello/Foreman
> as an engine model.
>
> -- Ivan
>
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel
Depending on the approach to integrating of foreman and katello, either
a common authentication module, or an abstraction layers in both
projects to allow for use of a common authentication is in order.
To decide on the approach, we need to figure out what authentication
model to use, as they are quite different. I still think that for as
long as we have two applications they shouldn't touch each other rights
and roles however (after a user has been created), much less reuse them.
-d
More information about the katello-devel
mailing list