Giters

Kinto / kinto-signer

Digital signatures to guarantee integrity and authenticity of collections of records.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Use notion of principals instead of groups

leplatrem opened this issue · comments

commented

In the settings we define group names:

kinto.signer.staging_certificates.editors_group = certificates-editors
kinto.signer.staging_certificates.reviewers_group = certificates-reviewers

Instead we could define principals, because in the end this is what we do:

kinto-signer/kinto_signer/listeners.py

Line 175 in 6831083

if editors_group_uri not in user_principals and _group_check_enabled: 

kinto.signer.staging_certificates.editors_principals = group:/buckets/blocklists/groups/certificates-editors
kinto.signer.staging_certificates.reviewers_principals = group:/buckets/blocklists/groups/certificates-reviewers

Defining principals in the settings instead of group names would give us more flexibility if we move out from kinto internal groups to manage permissions etc.

commented

Not a goal anymore