Skip to content

[ACTP] Retrieve the list of private actions dynamically #34635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dd-gplassard merged 2 commits into from
Feb 17, 2026
Merged

[ACTP] Retrieve the list of private actions dynamically #34635

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
29543e8
[ACTP] Retrieve the list of private actions dynamically
dd-gplassard Feb 17, 2026
d9796b0
permissions -> actions and group kubernetes / gitlab
dd-gplassard Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
175 changes: 4 additions & 171 deletions content/en/actions/private_actions/use_private_actions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,179 +262,12 @@ From the **Private Action Runner** page in [Actions Catalog][6], you can view al

To edit the allowlist for a Private Action Runner:

1. Edit the `actionsAllowlist` section of the `config.yaml` file in your runner's environment and add or remove the relevant permissions.
1. Edit the `actionsAllowlist` section of the `config.yaml` file in your runner's environment and add or remove the relevant actions.
1. Restart the runner by restarting your container or deployment.

{{% collapse-content title="Available permissions" level="p" %}}

<details>
<summary>Ansible</summary>
<pre>"com.datadoghq.ansible.invokePlaybook"</pre>
</details>

<details>
<summary>HTTP</summary>
<pre>"com.datadoghq.http.request"</pre>
</details>

<details>
<summary>Jenkins</summary>
<pre>"com.datadoghq.jenkins.buildJenkinsJob"
"com.datadoghq.jenkins.deleteJenkinsJob"
"com.datadoghq.jenkins.getJobStatus"</pre>
</details>

<details>
<summary>Kubernetes Apps</summary>
<pre>"com.datadoghq.kubernetes.apps.createControllerRevision"
"com.datadoghq.kubernetes.apps.createDaemonSet"
"com.datadoghq.kubernetes.apps.createDeployment"
"com.datadoghq.kubernetes.apps.createReplicaSet"
"com.datadoghq.kubernetes.apps.createStatefulSet"
"com.datadoghq.kubernetes.apps.deleteControllerRevision"
"com.datadoghq.kubernetes.apps.deleteDaemonSet"
"com.datadoghq.kubernetes.apps.deleteDeployment"
"com.datadoghq.kubernetes.apps.deleteMultipleControllerRevisions"
"com.datadoghq.kubernetes.apps.deleteMultipleDaemonSets"
"com.datadoghq.kubernetes.apps.deleteMultipleDeployments"
"com.datadoghq.kubernetes.apps.deleteMultipleReplicaSets"
"com.datadoghq.kubernetes.apps.deleteMultipleStatefulSets"
"com.datadoghq.kubernetes.apps.deleteReplicaSet"
"com.datadoghq.kubernetes.apps.deleteStatefulSet"
"com.datadoghq.kubernetes.apps.getControllerRevision"
"com.datadoghq.kubernetes.apps.getDaemonSet"
"com.datadoghq.kubernetes.apps.getDeployment"
"com.datadoghq.kubernetes.apps.getReplicaSet"
"com.datadoghq.kubernetes.apps.getStatefulSet"
"com.datadoghq.kubernetes.apps.listControllerRevision"
"com.datadoghq.kubernetes.apps.listDaemonSet"
"com.datadoghq.kubernetes.apps.listDeployment"
"com.datadoghq.kubernetes.apps.listReplicaSet"
"com.datadoghq.kubernetes.apps.listStatefulSet"
"com.datadoghq.kubernetes.apps.patchControllerRevision"
"com.datadoghq.kubernetes.apps.patchDaemonSet"
"com.datadoghq.kubernetes.apps.patchDeployment"
"com.datadoghq.kubernetes.apps.patchReplicaSet"
"com.datadoghq.kubernetes.apps.patchStatefulSet"
"com.datadoghq.kubernetes.apps.restartDeployment"
"com.datadoghq.kubernetes.apps.updateControllerRevision"
"com.datadoghq.kubernetes.apps.updateDaemonSet"
"com.datadoghq.kubernetes.apps.updateDeployment"
"com.datadoghq.kubernetes.apps.updateReplicaSet"
"com.datadoghq.kubernetes.apps.updateStatefulSet"</pre>
</details>

<details>
<summary>Kubernetes Core</summary>
<pre>"com.datadoghq.kubernetes.core.createConfigMap"
"com.datadoghq.kubernetes.core.createEndpoints"
"com.datadoghq.kubernetes.core.createEvent"
"com.datadoghq.kubernetes.core.createLimitRange"
"com.datadoghq.kubernetes.core.createNamespace"
"com.datadoghq.kubernetes.core.createNode"
"com.datadoghq.kubernetes.core.createPersistentVolume"
"com.datadoghq.kubernetes.core.createPersistentVolumeClaim"
"com.datadoghq.kubernetes.core.createPod"
"com.datadoghq.kubernetes.core.createPodTemplate"
"com.datadoghq.kubernetes.core.createReplicationController"
"com.datadoghq.kubernetes.core.createResourceQuota"
"com.datadoghq.kubernetes.core.createService"
"com.datadoghq.kubernetes.core.createServiceAccount"
"com.datadoghq.kubernetes.core.deleteConfigMap"
"com.datadoghq.kubernetes.core.deleteEndpoints"
"com.datadoghq.kubernetes.core.deleteEvent"
"com.datadoghq.kubernetes.core.deleteLimitRange"
"com.datadoghq.kubernetes.core.deleteMultipleConfigMaps"
"com.datadoghq.kubernetes.core.deleteMultipleEndpoints"
"com.datadoghq.kubernetes.core.deleteMultipleEvents"
"com.datadoghq.kubernetes.core.deleteMultipleLimitRanges"
"com.datadoghq.kubernetes.core.deleteMultipleNodes"
"com.datadoghq.kubernetes.core.deleteMultiplePersistentVolumeClaims"
"com.datadoghq.kubernetes.core.deleteMultiplePersistentVolumes"
"com.datadoghq.kubernetes.core.deleteMultiplePodTemplates"
"com.datadoghq.kubernetes.core.deleteMultiplePods"
"com.datadoghq.kubernetes.core.deleteMultipleReplicationControllers"
"com.datadoghq.kubernetes.core.deleteMultipleResourceQuotas"
"com.datadoghq.kubernetes.core.deleteMultipleServiceAccounts"
"com.datadoghq.kubernetes.core.deleteNamespace"
"com.datadoghq.kubernetes.core.deleteNode"
"com.datadoghq.kubernetes.core.deletePersistentVolume"
"com.datadoghq.kubernetes.core.deletePersistentVolumeClaim"
"com.datadoghq.kubernetes.core.deletePod"
"com.datadoghq.kubernetes.core.deletePodTemplate"
"com.datadoghq.kubernetes.core.deleteReplicationController"
"com.datadoghq.kubernetes.core.deleteResourceQuota"
"com.datadoghq.kubernetes.core.deleteService"
"com.datadoghq.kubernetes.core.deleteServiceAccount"
"com.datadoghq.kubernetes.core.getConfigMap"
"com.datadoghq.kubernetes.core.getEndpoints"
"com.datadoghq.kubernetes.core.getEvent"
"com.datadoghq.kubernetes.core.getLimitRange"
"com.datadoghq.kubernetes.core.getNamespace"
"com.datadoghq.kubernetes.core.getNode"
"com.datadoghq.kubernetes.core.getPersistentVolume"
"com.datadoghq.kubernetes.core.getPersistentVolumeClaim"
"com.datadoghq.kubernetes.core.getPod"
"com.datadoghq.kubernetes.core.getPodTemplate"
"com.datadoghq.kubernetes.core.getReplicationController"
"com.datadoghq.kubernetes.core.getResourceQuota"
"com.datadoghq.kubernetes.core.getService"
"com.datadoghq.kubernetes.core.getServiceAccount"
"com.datadoghq.kubernetes.core.listConfigMap"
"com.datadoghq.kubernetes.core.listEndpoints"
"com.datadoghq.kubernetes.core.listEvent"
"com.datadoghq.kubernetes.core.listLimitRange"
"com.datadoghq.kubernetes.core.listNamespace"
"com.datadoghq.kubernetes.core.listNode"
"com.datadoghq.kubernetes.core.listPersistentVolume"
"com.datadoghq.kubernetes.core.listPersistentVolumeClaim"
"com.datadoghq.kubernetes.core.listPod"
"com.datadoghq.kubernetes.core.listPodTemplate"
"com.datadoghq.kubernetes.core.listReplicationController"
"com.datadoghq.kubernetes.core.listResourceQuota"
"com.datadoghq.kubernetes.core.listService"
"com.datadoghq.kubernetes.core.listServiceAccount"
"com.datadoghq.kubernetes.core.patchConfigMap"
"com.datadoghq.kubernetes.core.patchEndpoints"
"com.datadoghq.kubernetes.core.patchEvent"
"com.datadoghq.kubernetes.core.patchLimitRange"
"com.datadoghq.kubernetes.core.patchNamespace"
"com.datadoghq.kubernetes.core.patchNode"
"com.datadoghq.kubernetes.core.patchPersistentVolume"
"com.datadoghq.kubernetes.core.patchPersistentVolumeClaim"
"com.datadoghq.kubernetes.core.patchPod"
"com.datadoghq.kubernetes.core.patchPodTemplate"
"com.datadoghq.kubernetes.core.patchReplicationController"
"com.datadoghq.kubernetes.core.patchResourceQuota"
"com.datadoghq.kubernetes.core.patchService"
"com.datadoghq.kubernetes.core.patchServiceAccount"
"com.datadoghq.kubernetes.core.updateConfigMap"
"com.datadoghq.kubernetes.core.updateEndpoints"
"com.datadoghq.kubernetes.core.updateEvent"
"com.datadoghq.kubernetes.core.updateLimitRange"
"com.datadoghq.kubernetes.core.updateNamespace"
"com.datadoghq.kubernetes.core.updateNode"
"com.datadoghq.kubernetes.core.updatePersistentVolume"
"com.datadoghq.kubernetes.core.updatePersistentVolumeClaim"
"com.datadoghq.kubernetes.core.updatePod"
"com.datadoghq.kubernetes.core.updatePodTemplate"
"com.datadoghq.kubernetes.core.updateReplicationController"
"com.datadoghq.kubernetes.core.updateResourceQuota"
"com.datadoghq.kubernetes.core.updateService"
"com.datadoghq.kubernetes.core.updateServiceAccount"</pre>
</details>

<details>
<summary>PostgreSQL</summary>
<pre>"com.datadoghq.postgresql.select"</pre>
</details>

<details>
<summary>Temporal</summary>
<pre>"com.datadoghq.temporal.getWorkflowResult"
"com.datadoghq.temporal.listWorkflows"
"com.datadoghq.temporal.runWorkflow"</pre>
</details>
{{% collapse-content title="Available actions" level="p" %}}

{{< partial name="actions/private_actions_allowlist.html" >}}

{{% /collapse-content %}}

Expand Down
83 changes: 83 additions & 0 deletions layouts/partials/actions/private_actions_allowlist.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
{{ $workflow_bundles := site.Data.workflow_bundles | default slice }}

{{ if lt (len $workflow_bundles) 1 }}
{{ $err_msg := "Could not load workflow bundles data" }}

{{ if eq hugo.Environment "development" -}}
{{ warnf $err_msg }}
{{ else }}
{{ errorf $err_msg }}
{{ end }}
{{ end }}

{{/* Build a dict of title -> slice of FQNs for actions that can run on premises */}}
{{ $allowlist := dict }}

{{ range sort $workflow_bundles "title" }}
{{ $workflow_title := .title }}
{{ $workflow_name := .name }}
{{ range $action_name, $action_data := .actions }}
{{ if $action_data.canRunOnPremises }}
{{ $fqn := print $workflow_name "." $action_name }}
{{ $existing := index $allowlist $workflow_title | default slice }}
{{ $allowlist = merge $allowlist (dict $workflow_title (sort ($existing | append $fqn))) }}
{{ end }}
{{ end }}
{{ end }}

{{ if lt (len $allowlist) 1 }}
{{ $err_msg := "On prem allowlist is empty" }}

{{ if eq hugo.Environment "development" -}}
{{ warnf $err_msg }}
{{ else }}
{{ errorf $err_msg }}
{{ end }}
{{ end }}

{{/* Prefixes whose sub-integrations get nested under a parent accordion */}}
{{ $grouped_prefixes := slice "Kubernetes" "GitLab" }}

{{/* Separate entries into grouped vs standalone */}}
{{ $grouped := dict }}
{{ $standalone := dict }}

{{ range $title, $fqns := $allowlist }}
{{ $matched := false }}
{{ range $grouped_prefixes }}
{{ if hasPrefix $title . }}
{{ $existing := index $grouped . | default dict }}
{{ $grouped = merge $grouped (dict . (merge $existing (dict $title $fqns))) }}
{{ $matched = true }}
{{ end }}
{{ end }}
{{ if not $matched }}
{{ $standalone = merge $standalone (dict $title $fqns) }}
{{ end }}
{{ end }}

{{/* Output standalone integrations */}}
{{ range $title, $fqns := $standalone }}
<details>
<summary>{{ $title }}</summary>
<pre>{{ range $i, $fqn := $fqns }}{{ if $i }}
{{ end }}"{{ $fqn }}"{{ end }}</pre>
</details>
{{ end }}

{{/* Output grouped integrations under a parent accordion */}}
{{ range $grouped_prefixes }}
{{ $children := index $grouped . }}
{{ if $children }}
<details>
<summary>{{ . }}</summary>
{{ range $title, $fqns := $children }}
<details>
<summary>{{ $title }}</summary>
<pre>{{ range $i, $fqn := $fqns }}{{ if $i }}
{{ end }}"{{ $fqn }}"{{ end }}</pre>
</details>
{{ end }}
</details>
{{ end }}
{{ end }}
Loading