Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an ability to override ES index from a cluster scope #51

Merged
merged 1 commit into from Feb 16, 2021
Merged

Add an ability to override ES index from a cluster scope #51

merged 1 commit into from Feb 16, 2021

Conversation

kayrus
Copy link
Contributor

@kayrus kayrus commented Feb 14, 2021

Using the following policy it should be possible to override index IDs from a cluster (system) scope:

{
  "project_scope": "project_id:%(project_id)s",
  "domain_scope": "domain_id:%(domain_id)s",

  "cluster_viewer": "project_domain_name:cloud_domain and project_name:cloud_admin_project",
  "domain_viewer":  "rule:domain_scope and role:audit_viewer",
  "project_viewer": "rule:project_scope and role:audit_viewer",
  
  "event:list":     "rule:project_viewer or rule:domain_viewer or rule:cluster_viewer",
  "event:show":     "rule:project_viewer or rule:domain_viewer or rule:cluster_viewer"
}

Therefore a hermes client can list events in the whole region:

$ hermescli list -d --initiator-name user_name  --project-id '*'

Resolves #50

@coveralls
Copy link

Coverage Status

Coverage remained the same at 0.0% when pulling 607a58c on kayrus:advanced-policy-rules into 6255908 on sapcc:master.

@coveralls
Copy link

coveralls commented Feb 14, 2021
edited

Coverage Status

Coverage remained the same at 0.0% when pulling 16fbb48 on kayrus:advanced-policy-rules into 6255908 on sapcc:master.

@notque notque merged commit a501e1a into sapcc:master Feb 16, 2021
notque added a commit that referenced this pull request Feb 16, 2021
@notque
update based policy from pr #51
2b07649
@kayrus kayrus mentioned this pull request Feb 16, 2021
Merged
@kayrus kayrus deleted the advanced-policy-rules branch February 16, 2021 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow listing all events from a system (cloud admin) scope
3 participants
@kayrus @coveralls @notque