-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Fusillade is a service for managing user authentication and authorization.
How does it provide authentication? In the DCP it will be used by users to login using different trusted identity providers such as facebook, GitHub, google, or any other OpenID Connect compatible provider. It will also be the authentication point for service to service authentication using google service account credentials.
How does it provide authorization. Fusillade facilitates the ability for components of the DCP grant to restrict users' and services' access to specific resources. The permissions which a users or service has is managed by fusillade using a policy structure similar to AWS IAM policy documents. The various DCP components are responsible for asking Fusillade if a request is authorized and ensuring the correct permissions are created to answering the authorization question. By default if permissions is denied if not explicitly granted.
Fusillade will be managed by DCP admins who have the ability to grant additional permission and assign additional admins or create different roles for different actions such as granter users permission. Similar to AWS roles, group, resources, and users are used to manage permissions.
- Fusillade Setup/Deployment
As a fusillade developer, I need to gradually test and deploy changes before updating a production system, to prevent introducing breaking changes that affect multiple groups. https://github.com/HumanCellAtlas/fusillade/issues/8- As a fusillade operator, I would like to have a gitlab pipeline for fusillade, so that I can include it in the DCP release schedule. https://github.com/HumanCellAtlas/fusillade/issues/28
-
As a fusillade developer, I need to safely deploy a test environment of fusillade without disrupting my production deployment.Fusillade needs to be configurable to allow multiple deployments in the same AWS account.Each deployment needs its own secrets, stage name, and resource namesDefine deployment name
- Fusillade Configure
- As a fusillade admin, I want to know how to setup Fusillade with an OIDC provider, so I can add and remove providers as needed. https://github.com/HumanCellAtlas/fusillade/issues/30
As a fusillade admin, I would like to define default permissions assigned to all new users, to simplify the enrollment process of users.As a fusillade developer, I need to provide a default admin setup when deploying fusillade, to configure all other users and add additional admins.
- Updates
- As a fusillade developer, I need a process for non destructively updating the cloud directory schema, this will allow me to introduce new attributes and facets as the needs change. https://github.com/HumanCellAtlas/fusillade/issues/34
- Testing
- Ensure Fusillade availability by building a
- smoke test,
integration test
- Ensure Fusillade availability by building a
- Health - monitoring and alerting facilities in accordance with DCP production practices (GA tech requirements) https://github.com/HumanCellAtlas/fusillade/issues/35
- As a DCP operator, I need to know the status of Fusillade periodically, this will allow me to monitor and take action in the event service to Fusillade is disrupted.
Define the health check endpoint which returns 200 when the system is operational and 500 when the system has issues.- Implement periodic health checks on AWS cloud directory, auth0, AWS iam policy evaluation service
- As a DCP operator, I need to know the status of Fusillade periodically, this will allow me to monitor and take action in the event service to Fusillade is disrupted.
- Authentication
- As a user, I would like logout, to prevent misuse under my name.
- Revoke user credentials
- https://github.com/HumanCellAtlas/fusillade/issues/26
- Should fusillade also handle the verification of the users token?
- As a user, I would like logout, to prevent misuse under my name.
- Authorization
- As a policy writer, I want to know how to format my policy to restrict access accordingly.
Write the default user policy and the default fusillade admin policy
As an dcp admin, I want to know what permissions a users has.As a resource developer, I need to know how to represent the actions that can be performed by users, so policies can be written to grant users permission.As an admin, I need a way to modify user’s policies, to assign an remove permissions.As a user, I would like to see what permission I have.As a user, I would like to see what groups i belong to.- ~~As a resource provider, I want policy writers to know what actions can be performed on a resource. Here is an example how AWS s3 defines it’s resource actions. https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html
- As a policy writer, I want to know how to format my policy to restrict access accordingly.
- As a user of fusillade, I would like to know how to use the API, to integrate me my service with fusillade.
- Users
Evaluate policyCreate userUpdate userDisable userEnable user-
Add/remove user from group- Who determines who can be in a group
- Group admins
Create groupUpdate groupRemove group
- Add documentation on how to configure google and auth0
- How are users added to a group
- A group owner or Fusillade admin can add/remove users to a group
- A group must always have at least one member, and one owner. They can be the same user.
Cloud directory objects
-
Roles-
Is created by adminsSkipor resource owners Can be assigned to Users and groups
-
- User
Is created on demand-
Permissions-
View email, status, user policy, roles and groupsGet group returns all of the groups a user is aparts, and all of the groups a group is apart of.
Remove self from groups, and roles
-
Users can be assigned to multiple roles and groups
- Group
- Who can create a group?
- Must have at least one group admin during creating
- Skip
Can be nested in groups A group can be assigned to multiple rolesA group can have multiple roles- An owner of the group must be specified when the group is created.
- The owner must be an email that users can message to request access to the group
- The owner of the group can change and there can be multiple owners.
- Required Roles
-
Fusillade Admin Role- Permissions
Add remove rolesassign , unassign rolesEnable and disable usersCreate groupsRemove groupsAdd users to groupsAdd roles to users and groups- Add group admins
- Permissions
- Group Admin Role
- Permissions
add and remove users from group- assign new group admin
- Skip
view parent groups view roles attached to groupView group policy
- A group admin must be an admin of that group to perform actions.
- Permissions
- User Roles
- Permissions
- View email, status, user policy, roles and groups
- View user policy
- Permissions
- Resource Admin Role
-
- A resource shall define roles that can perform actions
- A resource shall define a document that outlines the actions, resource paths, context parameters and context parameter types.
- How and where are resource permissions stored?
- What authorization endpoints do we need?
- Do we need to store anything when a user logs in?
- How would we revoke a users authentication
- How do we restrict access by project?
- How do we restrict access for a query?
- How do we restrict downstream service?
- None access controlled can only handle public data
- Service that are aways need a away to determine user access permissions