authz: Initial implementation of Bitbucket Server ACLs (!4403) · Merge requests · Warren Gifford / sourcegraph

Warren Gifford requested to merge core/bitbucket-server-authz into master Jun 06, 2019

Created by: tsenart

This PR introduces an initial implementation of Bitbucket Server ACLs. It is bare-bones and unoptimised, but it works. I'm putting it out so that I can get early feedback before starting to measure and optimise things (i.e. caching) and possibly writing some E2E tests once we have the #4253 (closed) done (cc @sourcegraph/distribution).

As we learned by talking to interested customers, authentication with Bitbucket Server isn't necessary since they use SAML for the same purpose against LDAP or Active Directory. Authorization, then, relies on the constraint that the usernames in Sourcegraph user accounts are identical to those in Bitbucket Server, as they origin from the same central directory (LDAP / AD).

Part of #1108 (closed)

authz: Initial implementation of Bitbucket Server ACLs

Merge request reports