Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(core): Add account manager roles config #928

Merged
merged 4 commits into from
Apr 1, 2022
Merged

feat(core): Add account manager roles config #928

merged 4 commits into from
Apr 1, 2022

Conversation

jvz
Copy link
Contributor

@jvz jvz commented Mar 16, 2022

This adds a Fiat configuration option for the Account Management API in Clouddriver for listing which roles are allowed to manage accounts in the API.

This option was requested during the initial phase of development for the API. We'll need a Fiat release cut in order to use the changes in Clouddriver, however.

@jvz jvz requested review from cfieber and jonsie as code owners March 16, 2022 16:55
@mattgogerly
Copy link
Member

mattgogerly commented Mar 16, 2022
edited

Is this an "on/off" kinda role? i.e. does having an account management role allow you to manipulate all accounts, or only those for which you have WRITE permission on for example?

edit: I see from the Gate PR you need WRITE to update an account once it's created. Is there scope for more granularity on this account management role? I think I'm correct in saying this role is just a base level check in front of the WRITE permission check. Like an account management admin, who can manipulate all accounts, even if they don't have WRITE?

@jvz
Copy link
Contributor Author

jvz commented Mar 16, 2022

This is in addition to the write permissions specified. Basically, instead of allowing all authenticated users to use the API, this allows for limiting that. Permissions are still otherwise enforced by the permissions specified in the account definition.

@jvz jvz mentioned this pull request Mar 17, 2022
Merged
@jvz
feat(core): Add account manager roles config
1765f9c 
This adds a Fiat configuration option for the Account Management API in Clouddriver for listing which roles are allowed to manage accounts in the API.
@dbyron-sf
Copy link
Contributor

@Mergifyio update

@mergify
Copy link
Contributor

mergify bot commented Mar 23, 2022

update

✅ Branch has been successfully updated

@dbyron-sf dbyron-sf added the ready to merge Approved and ready for merge label Apr 1, 2022
@mergify mergify bot added the auto merged label Apr 1, 2022
@mergify mergify bot merged commit dd191f0 into spinnaker:master Apr 1, 2022
@jvz jvz deleted the account-manager-config branch April 1, 2022 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@link108 link108 link108 approved these changes

@german-muzquiz german-muzquiz german-muzquiz approved these changes

@dbyron-sf dbyron-sf dbyron-sf approved these changes

@cfieber cfieber Awaiting requested review from cfieber cfieber is a code owner

@jonsie jonsie Awaiting requested review from jonsie jonsie is a code owner

Assignees
No one assigned
Labels
auto merged ready to merge Approved and ready for merge target-release/1.28
Projects
None yet
Milestone
No milestone
6 participants
@jvz @mattgogerly @dbyron-sf @link108 @german-muzquiz @spinnakerbot