Web: plug the authorization engine

Add an "authorize_user" RPC call allowing to test a set of claims against the rules of a given tenant. Make zuul-web use this call to authorize access to tenant-scoped privileged actions. Change-Id: I50575f25b6db06f56b231bb47f8ad675febb9d82
2019-03-04 22:56:18 +01:00
parent 7a622a5823
commit 19474fb62f
18 changed files with 446 additions and 104 deletions
--- a/etc/zuul.conf-sample
+++ b/etc/zuul.conf-sample
@@ -39,7 +39,6 @@ listen_address=127.0.0.1
 port=9000
 static_cache_expiry=0
 status_url=https://zuul.example.com/status
-authorizations_config=/etc/zuul/authorizations.yaml

 [webclient]
 url=https://zuul.example.com