Merge "Add viewer rule to armada API"
This commit is contained in:
Zuul
Gerrit Code Review
commit
8666342f8a
@ -18,13 +18,18 @@ RULE_ADMIN_REQUIRED = 'rule:admin_required'
|
||||
RULE_ADMIN_OR_TARGET_PROJECT = (
|
||||
'rule:admin_required or project_id:%(target.project.id)s')
|
||||
RULE_SERVICE_OR_ADMIN = 'rule:service_or_admin'
|
||||
RULE_ADMIN_VIEWER = 'rule:admin_viewer'
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault(name='admin_required', check_str='role:admin'),
|
||||
policy.RuleDefault(
|
||||
name='admin_required', check_str='role:admin or role:admin_ucp'),
|
||||
policy.RuleDefault(
|
||||
name='service_or_admin',
|
||||
check_str='rule:admin_required or rule:service_role'),
|
||||
policy.RuleDefault(name='service_role', check_str='role:service'),
|
||||
policy.RuleDefault(
|
||||
name='admin_viewer',
|
||||
check_str='role:admin_ucp_viewer or {}'.format(RULE_SERVICE_OR_ADMIN)),
|
||||
]
|
||||
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ armada_policies = [
|
||||
}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.ARMADA % 'validate_manifest',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
check_str=base.RULE_ADMIN_VIEWER,
|
||||
description='Validate manifest',
|
||||
operations=[{
|
||||
'path': '/api/v1.0/validatedesign/',
|
||||
|
||||
@ -17,7 +17,7 @@ from armada.common.policies import base
|
||||
tiller_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.TILLER % 'get_status',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
check_str=base.RULE_ADMIN_VIEWER,
|
||||
description='Get Tiller status',
|
||||
operations=[{
|
||||
'path': '/api/v1.0/status/',
|
||||
@ -25,7 +25,7 @@ tiller_policies = [
|
||||
}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.TILLER % 'get_release',
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
check_str=base.RULE_ADMIN_VIEWER,
|
||||
description='Get Tiller release',
|
||||
operations=[{
|
||||
'path': '/api/v1.0/releases/',
|
||||
|
||||
@ -184,16 +184,17 @@ conf:
|
||||
'pipeline:main':
|
||||
pipeline: authtoken armada-api
|
||||
policy:
|
||||
admin_required: 'role:admin'
|
||||
admin_required: 'role:admin or role:admin_ucp'
|
||||
service_or_admin: 'rule:admin_required or rule:service_role'
|
||||
service_role: 'role:service'
|
||||
admin_viewer: 'role:admin_ucp_viewer or rule:service_or_admin'
|
||||
'armada:create_endpoints': 'rule:admin_required'
|
||||
'armada:rollback_release': 'rule:admin_required'
|
||||
'armada:test_manifest': 'rule:admin_required'
|
||||
'armada:test_release': 'rule:admin_required'
|
||||
'armada:validate_manifest': 'rule:admin_required'
|
||||
service_or_admin: 'rule:admin_required or rule:service_role'
|
||||
service_role: 'role:service'
|
||||
'tiller:get_released': 'rule:admin_required'
|
||||
'tiller:get_status': 'rule:admin_required'
|
||||
'armada:validate_manifest': 'rule:admin_viewer'
|
||||
'tiller:get_release': 'rule:admin_viewer'
|
||||
'tiller:get_status': 'rule:admin_viewer'
|
||||
|
||||
pod:
|
||||
env:
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
#"admin_required": "role:admin"
|
||||
#"admin_required": "role:admin or role:admin_ucp"
|
||||
|
||||
#
|
||||
#"service_or_admin": "rule:admin_required or rule:service_role"
|
||||
@ -7,30 +7,33 @@
|
||||
#
|
||||
#"service_role": "role:service"
|
||||
|
||||
# install manifest charts
|
||||
# POST api/v1.0/apply/
|
||||
#
|
||||
#"admin_viewer": "role:admin_ucp_viewer or rule:service_or_admin"
|
||||
|
||||
# Install manifest charts
|
||||
# POST /api/v1.0/apply/
|
||||
#"armada:create_endpoints": "rule:admin_required"
|
||||
|
||||
# rollback release
|
||||
# POST api/v1.0/rollback/{release}
|
||||
#"armada:rollback_release": "rule:admin_required"
|
||||
# Validate manifest
|
||||
# POST /api/v1.0/validatedesign/
|
||||
#"armada:validate_manifest": "rule:admin_viewer"
|
||||
|
||||
# validate installed manifest
|
||||
# POST /api/v1.0/validate/
|
||||
#"armada:validate_manifest": "rule:admin_required"
|
||||
|
||||
# validate install manifest
|
||||
# Test release
|
||||
# GET /api/v1.0/test/{release}
|
||||
#"armada:test_release": "rule:admin_required"
|
||||
|
||||
# validate install manifest
|
||||
# Test manifest
|
||||
# POST /api/v1.0/tests/
|
||||
#"armada:test_manifest": "rule:admin_required"
|
||||
|
||||
# Get tiller status
|
||||
# GET /api/v1.0/status/
|
||||
#"tiller:get_status": "rule:admin_required"
|
||||
# Rollback release
|
||||
# POST /api/v1.0/rollback/{release}
|
||||
#"armada:rollback_release": "rule:admin_required"
|
||||
|
||||
# Get tiller release
|
||||
# Get Tiller status
|
||||
# GET /api/v1.0/status/
|
||||
#"tiller:get_status": "rule:admin_viewer"
|
||||
|
||||
# Get Tiller release
|
||||
# GET /api/v1.0/releases/
|
||||
#"tiller:get_release": "rule:admin_required"
|
||||
#"tiller:get_release": "rule:admin_viewer"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user