Add *.search ops to provision configs

cortezaproject · Jul 12, 2021 · 0a38838 · 0a38838
1 parent 0a241fa
commit 0a38838
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 8 deletions.
diff --git a/provision/000_base/compose_access_control.yaml b/provision/000_base/compose_access_control.yaml
@@ -1,5 +1,8 @@
 allow:
   authenticated:
+    corteza::compose/:
+      - namespaces.search
+
     corteza::compose:namespace/*:
       - read
 
@@ -12,36 +15,46 @@ allow:
     corteza::compose:chart/*/*:
       - read
 
+# @todo implement support for record resource import in Envoy
+#    corteza::compose:record/*/*/*:
+#      - read
+
   admins:
     corteza::compose/:
       - grant
       - settings.read
       - settings.manage
       - namespace.create
+      - namespaces.search
 
     corteza::compose:namespace/*/*:
       - read
       - update
       - delete
       - manage
       - page.create
+      - pages.search
       - module.create
+      - modules.search
       - chart.create
+      - charts.search
 
     corteza::compose:module/*/*:
       - read
       - update
       - delete
       - record.create
+      - records.search
 
     corteza::compose:module-field/*/*/*:
       - record.value.read
       - record.value.update
 
-    corteza::compose:record/*/*/*:
-      - read
-      - update
-      - delete
+# @todo implement support for record resource import in Envoy
+#    corteza::compose:record/*/*/*:
+#      - read
+#      - update
+#      - delete
 
     corteza::compose:chart/*/*:
       - read
@@ -59,30 +72,36 @@ allow:
       - settings.read
       - settings.manage
       - namespace.create
+      - namespaces.search
 
     corteza::compose:namespace/*/*:
       - read
       - update
       - delete
       - manage
       - page.create
+      - pages.search
       - module.create
+      - modules.search
       - chart.create
+      - charts.search
 
     corteza::compose:module/*/*:
       - read
       - update
       - delete
       - record.create
+      - records.search
 
     corteza::compose:module-field/*/*/*:
       - record.value.read
       - record.value.update
 
-    corteza::compose:record/*/*/*:
-      - read
-      - update
-      - delete
+# @todo implement support for record resource import in Envoy
+#    corteza::compose:record/*/*/*:
+#      - read
+#      - update
+#      - delete
 
     corteza::compose:chart/*/*:
       - read

diff --git a/provision/000_base/system_access_control.yaml b/provision/000_base/system_access_control.yaml
@@ -24,12 +24,18 @@ allow:
       - settings.read
       - settings.manage
       - application.create
+      - applications.search
       - auth-client.create
+      - auth-clients.search
       - user.create
+      - users.search
       - template.create
+      - templates.search
       - role.create
+      - roles.search
       - reminder.assign
       - queue.create
+      - queues.search
 
     corteza::system:application/*:
       - read
@@ -85,12 +91,18 @@ allow:
       - settings.read
       - settings.manage
       - application.create
+      - applications.search
       - auth-client.create
+      - auth-clients.search
       - user.create
+      - users.search
       - template.create
+      - templates.search
       - role.create
+      - roles.search
       - reminder.assign
       - queue.create
+      - queues.search
 
     corteza::system:application/*:
       - read

diff --git a/provision/200_federation/2000_access_control.yaml b/provision/200_federation/2000_access_control.yaml
@@ -6,6 +6,7 @@ allow:
       - settings.read
       - settings.manage
       - node.create
+      - nodes.search
 
     corteza::federation:node/*:
       - manage
@@ -24,6 +25,7 @@ allow:
       - settings.read
       - settings.manage
       - node.create
+      - nodes.search
 
     corteza::federation:node/*:
       - manage