[AAD] Decouple PAI internal resource from external user/groups #3275

mzmssg · 2019-07-29T06:45:02Z

In current AAD, we have a strong requirement that every vc need a dedicated group, which means resource acl depends on external user/groups. This issue is to decouple them.

Design

Current user/group model:

New user/group model:

From implementation, basically, we will move virutal cluster out of user and into group schema: users belong to some groups, and groups define resource.

User schema(generated/updated from aad):

Key	Value	Description
username	String
email	String
group List	String array
password	String
extension	Map	~~virtualCluster: vc1, vc2~~

Group schema(maintained by admin):

Key	Value	Description
groupName	String
externalName	String
extension	Map	~~groupType: vc/admin/stroage~~ acls: { virtualClusters: vc1, vc2, storageConfigs: storageConfig1, storageConfig2, admin: true/false, etc }

Login: only groups with vc access could login.

Items:

mzmssg self-assigned this Jul 29, 2019

hzy46 mentioned this issue Jul 29, 2019

August 2019 Release Plan #3250

Closed

44 tasks

mzmssg changed the title ~~Mapping aad group to existing vc~~ [AAD] Decouple PAI internal resource from external user/groups Jul 31, 2019

mzmssg mentioned this issue Aug 8, 2019

Decouple resource acls from external group #3336

Merged

debuggy closed this as completed Aug 23, 2019

hzy46 mentioned this issue Apr 27, 2020

add release note #4452

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[AAD] Decouple PAI internal resource from external user/groups #3275

[AAD] Decouple PAI internal resource from external user/groups #3275

mzmssg commented Jul 29, 2019 •

edited

Loading

[AAD] Decouple PAI internal resource from external user/groups #3275

[AAD] Decouple PAI internal resource from external user/groups #3275

Comments

mzmssg commented Jul 29, 2019 • edited Loading

Design

Items:

mzmssg commented Jul 29, 2019 •

edited

Loading