Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OSS] Add new peering ACL rule #13848

Merged
merged 2 commits into from Jul 22, 2022
Merged

[OSS] Add new peering ACL rule #13848

merged 2 commits into from Jul 22, 2022

Conversation

freddygv
Copy link
Contributor

OSS Backport of ENT-2281

Description

This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.

The "peering" rule has several key properties:

  • It is scoped to a partition, and MUST be defined in the default
    namespace.

  • Its access level must be "read', "write", or "deny".

  • Granting an access level will apply to all peerings. This ACL rule
    cannot be used to selective grant access to some peerings but not
    others.

  • If the peering rule is not specified, we fall back to the "operator"
    rule and then the default ACL rule.

Testing & Reproduction steps

  • Tested with unit tests

PR Checklist

  • updated test coverage
  • external facing docs updated Deferred
  • not a security concern

TODO for upcoming PR:

@freddygv
Add new peering ACL rule
4ce35c4 
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.

The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
  namespace.

- Its access level must be "read', "write", or "deny".

- Granting an access level will apply to all peerings. This ACL rule
  cannot be used to selective grant access to some peerings but not
  others.

- If the peering rule is not specified, we fall back to the "operator"
  rule and then the default ACL rule.
@freddygv
PR comments
c9c69ce
@freddygv freddygv requested review from a team and mkeeler and removed request for a team July 21, 2022 20:46
@freddygv freddygv added the pr/no-changelog PR does not need a corresponding .changelog entry label Jul 21, 2022
@github-actions github-actions bot added the theme/acls ACL and token generation label Jul 21, 2022
@freddygv freddygv merged commit f99df57 into main Jul 22, 2022
@freddygv freddygv deleted the peering/acl-rule branch July 22, 2022 20:42
@freddygv freddygv mentioned this pull request Jul 25, 2022
Merged
3 tasks
jkirschner-hashicorp pushed a commit that referenced this pull request Jul 26, 2022
@freddygv @jkirschner-hashicorp
[OSS] Add new peering ACL rule (#13848)
a8228fb 
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.

The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
  namespace.

- Its access level must be "read', "write", or "deny".

- Granting an access level will apply to all peerings. This ACL rule
  cannot be used to selective grant access to some peerings but not
  others.

- If the peering rule is not specified, we fall back to the "operator"
  rule and then the default ACL rule.
@arturo-aparicio arturo-aparicio mentioned this pull request Aug 31, 2022
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkeeler mkeeler mkeeler approved these changes

Assignees
No one assigned
Labels
pr/no-changelog PR does not need a corresponding .changelog entry theme/acls ACL and token generation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@freddygv @mkeeler