| CPC G06F 21/31 (2013.01) [G06F 21/604 (2013.01); G06F 21/606 (2013.01); G06F 2221/2141 (2013.01); G06F 2221/2145 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for defining cluster role bindings for accessing computing clusters in a multi-cluster environment, the computer-implemented method comprising:
receiving at a primary computing cluster a first request to bind one or more cluster roles associated with a user to each of one or more secondary computing clusters, wherein the first request comprises the user's credentials;
binding the user's credentials with the one or more cluster roles corresponding to each of one or more secondary computing clusters;
receiving a second request for providing the user access to the primary computing cluster, wherein the second request comprises the user's credentials;
causing display of a user interface in response to an authentication of the user's credentials for the primary computing cluster;
receiving a third request from the user interface intended for at least one secondary computing cluster of the one or more secondary computing clusters;
identifying the one or more cluster roles corresponding to the at least one secondary computing cluster based on the user's credentials;
generating a computing cluster token that indicates user permissions for the at least one secondary computing cluster based on a union of user permissions according to a cluster role of the primary computing cluster and user permissions according to a cluster role of the one or more cluster roles corresponding to the at least one secondary computing cluster; and
forwarding the third request to the at least one secondary computing cluster, wherein the third request includes the computing cluster token to facilitate an impersonation of at least one cluster role of the one or more cluster roles corresponding to the at least one secondary computing cluster.
|