Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request: add provisioning capabilities for permissions and resources creation #5966

Open
LBF38 opened this issue Jun 1, 2024 · 5 comments
Open

feature request: add provisioning capabilities for permissions and resources creation #5966

LBF38 opened this issue Jun 1, 2024 · 5 comments
Labels
feature Cool stuff stale

Comments

@LBF38
Copy link

LBF38 commented Jun 1, 2024
edited
Loading

What problem did you meet?

I have tried to create new resources and scopes (permissions) from the Admin console in Logto (OSS version).
And it is really heavy to define a lot of resources or permissions via UI or Management API. Therefore, I was thinking about a more efficient way to sync configurations between the project repo and the Logto instance.

Describe what you'd like Logto to have

To have a single source of truth for all permissions and resources definitions in Logto, it will be great if we could do provisioning from a configuration file that we define in our repo. Using the Management API or other methods, we can then update all configurations in a single request or update (w/ appropriate security checks: Auth headers, ...).

As an example, it could be a yaml, toml or json config file with the following patterns:

resources:
  - baseUrl: https://api.store.io
    /orders:
      - read:order
      - write:order
      - delete:order
    /products:
      - read:product
      - write:product
      - delete:product
roles:
  order_admin:
    # the resources/permissions attributions are autocompleted from above definition in resources.
    https://api.store.io/orders: 
      - read:order 
      - write:order
      - delete:order
    https://api.store.io/products:
      - read:product
  product_admin:
    https://api.store.io/products:
      - read:product
      - write:product
      - delete:product

An idea of a workflow could be to update it using the logto CLI with a command similar to logto cli permissions update <config_file.yml>.

What do you think ?
@fleuraly
Copy link
Contributor

fleuraly commented Jun 3, 2024

Hi @LBF38 this is a really good point. We are proposing similar product ideas. An additional idea, do you have similar needs for organization set up? Because in organization level it also have role-based access control

@LBF38
Copy link
Author

LBF38 commented Jun 3, 2024

Thanks for your reply @fleuraly , I haven't used yet the organisations and associated RBAC. Therefore, I don't have enough experience with it to provide insightful feedbacks.

I would imagine a similar config file with specific keys and helpers for defining it.

@wangsijie wangsijie added the feature Cool stuff label Jun 4, 2024
@fleuraly
Copy link
Contributor

fleuraly commented Jun 4, 2024

@LBF38 Thanks for providing some context! Your suggestion makes total sense. Navigating through the UI or management API isn’t efficient when you already have an RBAC design or need bulk management. I’m currently working on this feature, so please stay tuned. :)

@david1542
Copy link

I'm looking to migrate to Logto from auth0 and this feature is a game changer!
@fleuraly do you have an ETA maybe?

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Jun 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature Cool stuff stale
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wangsijie @david1542 @fleuraly @LBF38