forked from bf2fc6cc711aee1a0c2a/kas-fleet-manager
-
Notifications
You must be signed in to change notification settings - Fork 0
/
admin-authz-configuration.yaml
39 lines (39 loc) · 1.54 KB
/
admin-authz-configuration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
---
# This file contains the role mapping for the admin API based on the HTTP methods.
# Each HTTP method allows configuring an arbitrary amount of roles
# that authorize requests to the API. Any arbitrary role names can be configured.
# When a request is performed to a Fleet Manager admin API endpoint, Fleet
# Manager checks if any of the role names specified for the used
# HTTP method matches with any element in the `.realm_access.roles`
# array, part of the JWT claims in the JWT token received.
# If an HTTP method is not specified, or no roles are specified for a given
# HTTP method, then the requests made to it will always be unauthorized.
# The configuration presented below is only used for testing purposes. The
# actual configuration deployed in production and stage environments will be
# provided in the saas template in app-interface.
- method: GET
roles:
- "kas-fleet-manager-admin-full"
- "kas-fleet-manager-admin-read"
- "kas-fleet-manager-admin-write"
- "cos-fleet-manager-admin-read"
- "cos-fleet-manager-admin-write"
- "cos-fleet-manager-admin-full"
- method: PATCH
roles:
- "kas-fleet-manager-admin-full"
- "kas-fleet-manager-admin-write"
- "cos-fleet-manager-admin-write"
- "cos-fleet-manager-admin-full"
- method: PUT
roles:
- "cos-fleet-manager-admin-write"
- "cos-fleet-manager-admin-full"
- method: POST
roles:
- "cos-fleet-manager-admin-full"
- "kas-fleet-manager-admin-full"
- method: DELETE
roles:
- "kas-fleet-manager-admin-full"
- "cos-fleet-manager-admin-full"