10 Commits

Author	SHA1	Message	Date
Min RK	7e22614a4e	[squash me] token progress ... tokens have scopes instead of roles, which allow tokens to change permissions over time This is mostly a low-level change, with little outward-facing effects. - on upgrade, evaluate all token role assignments to their current scopes, and store those scopes on the tokens - assigning roles to tokens still works, but scopes are evaluated and validated immediately, rather than lazily stored as roles - no longer need to check for role permission changes on startup, because token permissions aren't affected - move a few scope utilities from roles to scopes - oauth allows specifying scopes, not just roles. But these are still at the level specified in roles, not fully-resolved scopes. - more granular APIs for working with scopes and roles Still to do later: - expose scopes config for Spawner/service - compute 'full' intersection of requested scopes, rather than on the 'raw' scope list in roles	2022-03-24 15:05:50 +01:00
IvanaH8	8764f6493b	Add scope variable nomenclature and update tech implementation	2021-06-23 11:33:48 +02:00
IvanaH8	a137134d3a	Update roles.md for rbac docs with role creation/deletion and assignment changes	2021-06-18 12:28:30 +02:00
Min RK	a2b76bceb9	minor copy-editing, TODOs in rbac docs	2021-04-22 13:39:36 +02:00
IvanaH8	f5bbe78dbd	Resolve merge conflicts with rbac	2021-04-08 11:32:41 +02:00
IvanaH8	949ec5cc75	Add and update scopes, roles, charts and text in docs/source/rbac docs	2021-04-08 09:39:01 +02:00
IvanaH8	8064cda47a	Update RBAC docs implementing review suggestions	2021-03-17 17:13:09 +01:00
IvanaH8	bc1e370d7d	updated tech implementation section	2021-02-19 12:37:20 +01:00
IvanaH8	45a0945a6b	updated requirements.txt	2021-02-17 15:46:10 +01:00
IvanaH8	7d1b6a2021	split the docs in docs/source/rbac folder	2021-02-15 16:19:13 +01:00