Stratos provides a way for users to create endpoints without the need to be an administrator.
Note: Admin endpoint-ID's are generated through a SHA-1 encryption of the URL. Personal endpoints will differ in their ID, by using the URL + user-ID for encryption. This should pose no problem in the usual Stratos workflow, but if you depend on the ID to be based solely on the URL, then use this feature with caution.
In order to enable User Endpoints support in Stratos:
- The environment variable
USER_ENDPOINTS_ENABLEDor helm chart value
console.userEndpointsEnabledmust be set
- The UAA client used by Stratos needs an additional scope
- Users need to have the
stratos.endpointadmingroup attached to them
Once all steps have been completed, user within the
stratos.endpointadmin group are allowed to create personal user endpoints. Endpoints created that way are only visible to their respective user and all admins. Admins will be able to create personal user endpoints after step 1 has been completed.
USER_ENDPOINTS_ENABLED or helm chart value
console.userEndpointsEnabled can be set to three different states:
disabled(default) will disable this feature. Neither admins nor users will see user endpoints.
admin_onlywill hide user endpoints from users. Admins can create and see all user endpoints.
enabledwill allow users within the
stratos.endpointadmingroup and admins to create personal user endpoints. These endpoints will only be visible to them or admins.
Adding scopes to the UAA client
To add the scope to a client, modify the following UAA CLI command:
CLIENT_NAME with the used client and
OTHER_SCOPES with the current configured scopes.
To add the group and add users to it, use: