Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • P Partition
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 7
    • Issues 7
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 4
    • Merge requests 4
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Open Subsurface Data Universe SoftwareOpen Subsurface Data Universe Software
  • Platform
  • System
  • Partition
  • Issues
  • #8
Closed
Open
Issue created Feb 02, 2021 by Jason@jsangiamoReporter

Partition Service Authorization

Overview: Currently, there is some ambiguity about how calls to partition service should be authorized. At a high level, there are two approaches being taken right now:

  1. Authorizing all calls that come to partition service from a service account. Currently only Azure takes the approach where it authorizes all requests to partition service from a service principal.
  2. Authorizing calls where the caller has the entitlements service.partition.admin. Currently IBM, GCP, and AWS seem to take this approach.

My understanding from reading the relevant issue in this repo here was that the Azure-style implementation was correct for partition service since it is an internal service that is needed before Entitlements is online in the system. Is this my misunderstanding? If not, could someone provide clarity about the correct approach to authorizing calls to partition service?

Reference:

AWS Auth Code

Azure Auth Code

IBM Auth Code

GCP Auth Code

Edited Feb 02, 2021 by Jason
Assignee
Assign to
Time tracking