zuul/zuul
Code Issues Proposed changes
d1ffc204e4
zuul/releasenotes/notes/admin_web_api-1331c81070a3e67f.yaml
mhuin 19474fb62f Web: plug the authorization engine 
Add an "authorize_user" RPC call allowing to test a set of claims
against the rules of a given tenant. Make zuul-web use this call
to authorize access to tenant-scoped privileged actions.

Change-Id: I50575f25b6db06f56b231bb47f8ad675febb9d82
2019-07-30 15:32:31 +00:00

12 lines
589 B
YAML
Raw Blame History

---
features:
- |
Allow users to perform tenant-scoped, privileged actions either through
zuul-web's REST API or zuul's client, based on the JWT standard. The users
need a valid bearer token to perform such actions; the scope is set by matching
conditions on tokens' claims; these conditions can be defined in zuul's tenant
configuration file.
Zuul supports token signing and validation using the HS256 or RS256 algorithms.
External JWKS are also supported for token validation only.
Current tenant-scoped actions are "autohold", "enqueue" and "dequeue".
View Git Blame Copy Permalink