Use notion of principals instead of groups
leplatrem opened this issue · comments
Mathieu Leplatre commented
In the settings we define group names:
kinto.signer.staging_certificates.editors_group = certificates-editors
kinto.signer.staging_certificates.reviewers_group = certificates-reviewers
Instead we could define principals, because in the end this is what we do:
kinto-signer/kinto_signer/listeners.py
Line 175 in 6831083
kinto.signer.staging_certificates.editors_principals = group:/buckets/blocklists/groups/certificates-editors
kinto.signer.staging_certificates.reviewers_principals = group:/buckets/blocklists/groups/certificates-reviewers
Defining principals in the settings instead of group names would give us more flexibility if we move out from kinto internal groups to manage permissions etc.
Mathieu Leplatre commented
Not a goal anymore