For [Doc] Alerting plugin RBAC - backend roles usage #1866
Conversation
Signed-off-by: alicejw <alicejw@amazon.com>
Signed-off-by: alicejw <alicejw@amazon.com>
Signed-off-by: alicejw <alicejw@amazon.com>
Signed-off-by: alicejw <alicejw@amazon.com>
alicejw1
changed the title
alicejw1
added
3 - Tech review
Signed-off-by: alicejw <alicejw@amazon.com>
Signed-off-by: alicejw <alicejw@amazon.com>
…ckend roles section Signed-off-by: alicejw <alicejw@amazon.com>
Signed-off-by: alicejw <alicejw@amazon.com>
|
thanks @lezzago ! Would you please take another look to verify the changes are correct? best regards |
Signed-off-by: alicejw <alicejw@amazon.com>
|
Hi @lezzago , i've made the updates. Please take a look and verify. thanks |
alicejw1
added
4 - Doc review
_monitoring-plugins/alerting/api.md
Outdated
| } | ||
| ``` | ||
|
|
||
| To learn more about using backend roles to limit access, see [\(Advanced\) Limit access by backend role]({{site.url}}{{site.baseurl}}/monitoring-plugins/alerting/security/#advanced-limit-access-by-backend-role). |
There was a problem hiding this comment.
Are the backslashes here intentional?
There was a problem hiding this comment.
i thought it wouldn't render the link properly with the title in parenthesis. but tested it without, and it's fine. thanks!
|
|
||
| - For admin users, an empty list is considered the same as removing all permissions that the user possesses. If a non-admin user passes in an empty list, that will throw an exception, because that is not allowed by non-admin users. | ||
| - If the user tries to associate roles that they don't have permission to use, it will throw an exception. | ||
| {: .note } |
There was a problem hiding this comment.
Does the above unordered list format correctly in your local jekyll build?
There was a problem hiding this comment.
yes. i used asterisks before, but got MDLint error: expected dashes.
the bullets render within the callout like this:
_monitoring-plugins/alerting/api.md
Outdated
|
|
||
| #### Sample request | ||
|
|
||
| The following request creates a query-level monitor and provides two backend roles `role1` and `role2`. The section at the bottom of the request shows the line that specifies the roles with this syntax: `"rbac_roles": ["role1", "role2"]`. |
There was a problem hiding this comment.
"... and provides two backend roles, role1 and role2."
just a comma.
|
|
||
| ### Specify RBAC backend roles | ||
|
|
||
| You can specify RBAC backend roles when you create or update a monitor with the Alerting API. |
There was a problem hiding this comment.
might be worthwhile spelling out Rule Based Access Control here. I don't think it appears before this on the page.
There was a problem hiding this comment.
thanks. adding "role-based access control" with acronym in parentheses
|
|
||
| User type | Role is specified by user or not (Y/N) | How to use the RBAC roles | ||
| :--- | :--- | :--- | ||
| Admin user | Yes | Remove all the backend roles associate to the monitor and then use all the specified backend roles to associate to the monitor. |
There was a problem hiding this comment.
"Remove all the backend roles associated to the monitor ..."
"associated" correct?
Signed-off-by: alicejw <alicejw@amazon.com>
…site/issues/1810
Signed-off-by: alicejw alicejw@amazon.com
Description
How to use new RBAC role parameter to create a monitor and specify a role.
Issues Resolved
Alerting plugin RBAC
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.