Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add compliance:reports:export to both viewer roles #3622

Closed
wants to merge 1 commit into from
Closed

Add compliance:reports:export to both viewer roles #3622

wants to merge 1 commit into from

Conversation

tylercloke
Copy link
Contributor 

     3 | viewer            | Viewer            | chef-managed | {compliance:reports:export,infra:infraServers:list,infra:infraServers:get,secrets:*:get,secrets:*:list,infra:nodes:get,infra:nodes:list,infra:nodeManagers:get,infra:nodeManagers:list,compliance:*:get,compliance:*:list,event:*:get,event:*:list,ingest:*:get,ingest:*:list,iam:projects:list,iam:projects:get,applications:*:get,applications:*:list}
     7 | compliance-viewer | Compliance Viewer | custom       | {compliance:reports:export,compliance:*:get,compliance:*:list}

msorens
msorens approved these changes May 8, 2020
View reviewed changes
...nts/authz-service/storage/postgres/migration/sql/78_update_viewer_role_for_compliance.up.sql
SET actions = '{compliance:reports:export}' || actions
WHERE
(id='compliance-viewer' or id='viewer') AND
NOT actions @> '{compliance:reports:export}';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just need a carriage return at the end of the file.

@tylercloke
Add compliance:reports:export to both viewer roles
bde677f 
Signed-off-by: Tyler Cloke <tylercloke@gmail.com>
@tylercloke tylercloke requested a review from a team as a code owner May 8, 2020 17:36
@susanev susanev added auth-team anything that needs to be on the auth team board documentation Anything related to the Automate docs. emergent bug 🐛 Something isn't working labels May 8, 2020
mjingle
mjingle approved these changes May 8, 2020
View reviewed changes
Copy link
Contributor

@mjingle mjingle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go from docs perspective! Thanks!

@susanev susanev requested a review from vjeffrey May 8, 2020 17:51
@blakestier
Copy link

Ok so here's the problem: if compliance-viewer is not a chef-managed role, we should not be touching it after we've created it. We only created it conditionally on the role not already existing, so we're also potentially updating a role that a customer created but we didn't know about.

@susanev
Copy link
Contributor

susanev commented May 8, 2020

added do not merge, cause we are trying to figure out if we can change the action instead

@tylercloke tylercloke closed this May 8, 2020
@susanev
Copy link
Contributor

susanev commented May 13, 2020

fixed in #3623

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjingle mjingle mjingle approved these changes

@msorens msorens msorens approved these changes

@bcmdarroch bcmdarroch bcmdarroch approved these changes

@vjeffrey vjeffrey Awaiting requested review from vjeffrey

Assignees

@tylercloke tylercloke

Labels
auth-team anything that needs to be on the auth team board bug 🐛 Something isn't working DO-NOT-MERGE documentation Anything related to the Automate docs. emergent
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@tylercloke @blakestier @susanev @mjingle @msorens @bcmdarroch