From 84b67c4deff19009010f1db9e45424a2dab71963 Mon Sep 17 00:00:00 2001 From: Christian Coffield Date: Tue, 21 Feb 2023 20:53:10 +0530 Subject: [PATCH] =?UTF-8?q?added=20new=20policy=20in=20authorization=20to?= =?UTF-8?q?=20support=20powerflex=20Pre-approved=20g=E2=80=A6=20(#170)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../authorization/v1.6.0/policies.yaml | 38 ++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/operatorconfig/moduleconfig/authorization/v1.6.0/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.6.0/policies.yaml index ea9427a4a..8265dcc00 100644 --- a/operatorconfig/moduleconfig/authorization/v1.6.0/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.6.0/policies.yaml @@ -111,7 +111,9 @@ data: "GET /api/instances/StoragePool::[a-f0-9]+/relationships/Statistics/", "POST /api/instances/Volume::[a-f0-9]+/action/addMappedSdc/", "POST /api/instances/Volume::[a-f0-9]+/action/removeMappedSdc/", - "POST /api/instances/Volume::[a-f0-9]+/action/removeVolume/" + "POST /api/instances/Volume::[a-f0-9]+/action/removeVolume/", + "POST /api/instances/Sdc::[a-f0-9]+/action/setSdcName/", + "POST /api/instances/System::[a-f0-9]/action/approveSdc/" ] default allow = true @@ -343,6 +345,40 @@ data: msg := sprintf("no role data found", []) } + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sdc-approve + namespace: +data: + sdc-approve.rego: | + package karavi.sdc.approve + + import data.karavi.common + + # Allow requests by default. + default allow = true + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + default claims = {} claims = input.claims deny[msg] {