Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Current »

Breaking changes

The permission rework changed the schema of permissions and roles and the relation between the two.

For newly created spaces with this version of the application, the roles and permissions are correctly set up:

  • The new space is automatically set up correctly with the new permission and role structure and comes with a built-in Role admin role (role key: “roleAdmin”).

For existing spaces, you need to reset the roles and permissions:

  • Delete all permissions and roles in the DB:

    • db.getSiblingDB("{space-ID}")
      .getCollection("cdcm.permissions").deleteMany({});
    • db.getSiblingDB("{space-ID}")
      .getCollection("cdcm.roles").deleteMany({});
  • (Re)start the CDCM application with this version.

Helm Chart v 0.1.8

  • Cleaned up MongoDB values:

    • “replicaCount” was moved up one tier and is no longer under “hidden”.

    • “useStatefulSet” now defaults to “true”.

  • added proxy and resource options to JAVA_OPTS

  • added more comments to the values.yaml

Single Page Application V 0.1.8 - New Features

All UI initiated database transactions provide feedback to the user now showing a work progress indicator and putting the application to modal mode as long as the transaction needs to finish.

UI changes

  • Storage location UI

    • Added “Storage Location” section in the UI

    • Removed “Friends” section from the UI

    • Removed “Consumers” section from the UI

Storage locations are a generalized approach to manage the storage of configurations. This includes OSLC Configuration Providers, which were formally managed by “Friends”, as well as other software applications or even physical locations. Also, OAuth1.0a consumer are now also managed by storage locations instead of the “Consumers” section.

  • Added Delegated UI definition in concept type editor for configuration and component

  • Added Delegated UI preview feature to test the CDCM delegated UI as it would appear in other applications

  • Configuration Browser

    • Full view option

    • CI browser was brought more in line with the agreed upon concept (e.g. config item title instead of configuration title as the first column)

Where-Used

  • Where-used can be started from anywhere in the platform

  • Where-used can have one search object and the following options can be applied for the result:

    • Direct usage or usage along the path

    • Selection of the target concept (configuration or component)

    • Selection of a target concept type

    • Selection of a target concept instance (result will only include concepts of this instance)

    • Selection of target property filters

      • Only properties that have “Where-Used can be filtered by this Attribute" enabled are selectable here

  • Circular reference check was added

    • prevents existing circular references from breaking the where used with full path

    • prevents creation of circular references for new configuration items

Known issue: components cannot be selected as a target concept instance at the moment. A bug ticket was already created.

Permission rework

Permission rework was implemented according to the agreed upon concept.

Key parts include:

  • Simplified READ access: Read Permission for space mean read access to everything except confidential config areas and their content

  • Roles are identified via role key: makes it clearer what roles the user has in the auth provider

  • Differentiation between space and configuration area scoped roles and permissions

  • Maintain (create, update, delete) Permissions specific for each concept type

Caveat:

  • Concept Type based permissions and some other permissions (e.g. permissions regarding storage location) are not always visible in the UI (e.g Create button is not disabled even when the user does not have the permission) but the backend always handles the permission correctly

General Info:

  • There are now two types of roles: space-scoped and configuration area scoped

  • There are now two types of permissions: space-scoped and configuration area scoped

  • Permissions can only be added to roles of the same scope

  • There are 4 types of permissions: MAINTAIN (contains create, modify and delete), modify (only update, no create), READ (see explanation below) and DELETE

  • The association of a role to a scope (meaning a specific instance of a space or a configuration area) happens in the auth provider and works like this:

    • Space scoped role

      • Two terms: <space id>.<role key>

    • Configuration area scoped role

      • Three terms: <space id>.<configuration area id>.<role key>

      • <configuration area id> == “*” means all non-confidential configuration areas

  • Read access works like this:

    • there are only two levels of read access

    • READ Space permission (space scoped permission) → read all content of the space (where you have a role with this permission of course) except the content of confidential configuration areas

    • READ configuration area (configuration area scoped permission) → read content of confidential configuration areas (where you have a role with this permission of course)

  • Role administration: All spaces come with a built in role that has the key “roleAdmin”

    • space scoped role

    • has two permissions: READ for this space, MAINTAIN roles

    • this means you can give a user in the auth provider this role by giving them this role string: “<space id>.roleAdmin”

  • Concept type specific permissions:

    • for each concept type there are specific permissions to allow fine control

    • configuration area scoped

    • three permissions for each concept type:

      • MAINTAIN concepts with type

      • DELETE concepts with type

      • MODIFY protected state transition: state transitions can be marked as protected, this means the user needs this permission to do those transitions

Viability tests with Atlas

Some tests were done where CDCM was connected to a Atlas. An initial smoke test revealed no issues.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.