Issue 1219 poc service accounts #1284
Draft
+325
−2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an evolving PR with draft status
Following lines MUST evolved across development
Context
This PR add an API as a first implementation of service accounts as defined in previous discussions. C.F. #579 #1115
Proposed solution
In evolution
Under the hood, Service account is a just a user account.
It can act exactly like a user account.
It has the same action as a user account.
It's differentiated by the following elements:
a type column in user table.
type=login|service
A table handling:
Label/key-name can stored in users.name
technicalId can be the logins.email or the email_username (part before the @)
An associative table linking Service account to its owners and to its associated user/personna.
Service accounts are not allowed to connect through web.
DB schema updates
The two previous features have to be implemented in the table.
API description
base endpoint :
/api/service-accounts
CREATE Service Account
POST /api/service-account
Request Body schema: application/json
endOfLife
is a String that can be parsed as a date. Following the date time string format specification.To be discussed Possibly a
-1
EndOf life will give never ending Service AccountResponse
200
An object containing :
400
on invalid endOfLife
UPDATE Service Account
UPDATE /api/serviceaccount/{saId}
path Parameters
required
Request Body schema: application/json
** Verify if ownership transfer is still a thing **
Response
200
READ Service Account
GET /api/serviceaccount/{saId}
path Parameters
required
Response
200
DELETE Service Account
DELETE /api/serviceaccount/{saId}
path Parameters
required
Response
200
The
200
instead of204
is chosen to be consistent with other DELETE routes in grist.READ Service Accounts by Owner/GroupOwner
GET /api/servicesccounts
path Parameters
required
Response
200
To be answered questions / decision to be made
A service account max right is its owner max right.
Can a service account be owner of another service account ?
Related issues
fixes #1219
Has this been tested?