White List Extension for Application Credentials
This spec describes a white list extension for application credentials that allows their creator to restrict their usage by specifying a white list of URL paths/ request methods any request using the application credential must match.
Blueprint information
- Status:
- Started
- Approver:
- Lance Bragstad
- Priority:
- High
- Drafter:
- Johannes Grassler
- Direction:
- Approved
- Assignee:
- Johannes Grassler
- Definition:
- Approved
- Series goal:
- Accepted for stein
- Implementation:
-
Started
- Milestone target:
-
stein-3
- Started by
- Lance Bragstad
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Migrations for application credential capabilities
Addressed by: https:/
[WIP] Add API changes for app cred capabilities
Addressed by: https:/
[WIP] Add manager support for app cred capabilities
Addressed by: https:/
[WIP] Add API for /v3/allowed-
Addressed by: https:/
[WIP] Add SQL migrations for app cred capabilities
Addressed by: https:/
[WIP] Add driver support for app cred capabilities
Addressed by: https:/
[WIP] Add capabilities to token validation
Addressed by: https:/
Add manager for access rules
Addressed by: https:/
Add API for /v3/access_rules
Addressed by: https:/
Add a permissive mode for access rules
Addressed by: https:/
Update app cred capabilities spec
Addressed by: https:/
WIP: Add role check to access rules
Gerrit topic: https:/
Addressed by: https:/
Add user_id to access rules table
Gerrit topic: https:/
Addressed by: https:/
Add manager support for app cred access rules
Addressed by: https:/
Add API changes for app cred access rules
Addressed by: https:/
Add access rules to token validation
Addressed by: https:/
Expose access rules as its own API
Addressed by: https:/
Update API version for access rules
