Skip to content

Commit

Permalink
Introduce execute verb for check sensu#3458
Browse files Browse the repository at this point in the history
  • Loading branch information
Mattias Jiderhamn committed May 19, 2021
1 parent 745f38f commit 54eb0fe
Show file tree
Hide file tree
Showing 7 changed files with 18 additions and 6 deletions.
1 change: 1 addition & 0 deletions api/core/v2/rbac.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ var allowedVerbs = []string{
"create",
"update",
"delete",
"execute",
}

// FixtureSubject creates a Subject for testing
Expand Down
2 changes: 1 addition & 1 deletion api/core/v2/rbac.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion api/core/v2/rbac.proto
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ option (gogoproto.testgen_all) = true;
message Rule {
// Verbs is a list of verbs that apply to all of the listed resources for
// this rule. These include "get", "list", "watch", "create", "update",
// "delete".
// "delete", "execute".
// TODO: add support for "patch" (this is expensive and should be delayed
// until a further release). TODO: add support for "watch" (via websockets)
repeated string verbs = 1 [ (gogoproto.jsontag) = "verbs" ];
Expand Down
2 changes: 1 addition & 1 deletion api/core/v2/rbac_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ func Test_validateVerbs(t *testing.T) {
},
{
name: "explicit verbs",
verbs: []string{"get", "list", "create", "update", "delete"},
verbs: []string{"get", "list", "create", "update", "delete", "execute"},
wantErr: false,
},
}
Expand Down
13 changes: 12 additions & 1 deletion backend/api/check.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func (c *CheckClient) DeleteCheck(ctx context.Context, name string) error {

// ExecuteCheck queues an ahoc check request, if authorized.
func (c *CheckClient) ExecuteCheck(ctx context.Context, name string, req *corev2.AdhocRequest) error {
attrs := checkCreateAttributes(ctx, name)
attrs := checkExecuteAttributes(ctx, name)
if err := authorize(ctx, c.auth, attrs); err != nil {
return err
}
Expand Down Expand Up @@ -141,3 +141,14 @@ func checkDeleteAttributes(ctx context.Context, name string) *authorization.Attr
ResourceName: name,
}
}

func checkExecuteAttributes(ctx context.Context, name string) *authorization.Attributes {
return &authorization.Attributes{
APIGroup: "core",
APIVersion: "v2",
Namespace: corev2.ContextNamespace(ctx),
Resource: "checks",
Verb: "execute",
ResourceName: name,
}
}
2 changes: 1 addition & 1 deletion backend/api/check_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -794,7 +794,7 @@ func TestExecuteCheck(t *testing.T) {
Resource: "checks",
ResourceName: "default",
UserName: "legit",
Verb: "create",
Verb: "execute",
}: true,
},
}
Expand Down
2 changes: 1 addition & 1 deletion backend/apid/graphql/schema/rbac.graphql
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Rule holds information that describes an action that can be taken
type Rule {
"""
Verbs is a list of verbs that apply to all of the listed resources for this
rule. These include "get", "list", "watch", "create", "update", "delete".
rule. These include "get", "list", "watch", "create", "update", "delete", "execute".
TODO: add support for "patch" (this is expensive and should be delayed
until a further release). TODO: add support for "watch" (via websockets)
"""
Expand Down

0 comments on commit 54eb0fe

Please sign in to comment.