Finishing manual merge

.secrets.baseline

@@ -493,7 +493,7 @@
         "filename": "openapi/fleet-manager-private.yaml",
         "hashed_secret": "2774b5ad0fae1c8b8dc897b89db85529d45cb5cf",
         "is_verified": false,
-        "line_number": 472,
+        "line_number": 474,
         "is_secret": false
       }
     ],
@@ -503,7 +503,7 @@
         "filename": "openapi/fleet-manager.yaml",
         "hashed_secret": "a5f0056c7d0ca4ed78e2f3b551554daaf4721934",
         "is_verified": false,
-        "line_number": 1037,
+        "line_number": 1094,
         "is_secret": false
       }
     ],
@@ -834,5 +834,5 @@
       }
     ]
   },
-  "generated_at": "2022-08-05T01:18:11Z"
+  "generated_at": "2022-08-08T08:04:27Z"
 }

dev/env/manifests/shared/03-configmap-config.yaml

@@ -232,6 +232,11 @@ data:
       roles:
         - "acs-general-engineering"           # Will include all of ACS engineering. Available also within staging environment.
         - "acs-fleet-manager-admin-full"      # Prod rover group, will only include selected members + SREs.
+    - method: POST
+      roles:
+        - "acs-general-engineering"           # Will include all of ACS engineering. Available also within staging environment.
+        - "acs-fleet-manager-admin-full"      # Prod rover group, will only include selected members + SREs.
+        - "acs-fleet-manager-admin-write"     # Prod rover group, will only include selected members + SREs.
   admin-authz-roles-prod.yaml: |-
     ---
     - method: GET
@@ -246,6 +251,10 @@ data:
     - method: DELETE
       roles:
         - "acs-fleet-manager-admin-full"      # Prod rover group, will only include selected members + SREs.
+    - method: POST
+      roles:
+        - "acs-fleet-manager-admin-full"      # Prod rover group, will only include selected members + SREs.
+        - "acs-fleet-manager-admin-write"     # Prod rover group, will only include selected members + SREs.
 kind: ConfigMap
 metadata:
   name: config

internal/dinosaur/pkg/routes/route_loader.go

@@ -211,13 +211,6 @@ func (s *options) buildAPIBaseRouter(mainRouter *mux.Router, basePath string, op
 
 	adminDinosaurHandler := handlers.NewAdminDinosaurHandler(s.Dinosaur, s.AccountService, s.ProviderConfig)
 	adminRouter := apiV1Router.PathPrefix("/admin").Subrouter()
-	// TODO(ROX-11683): For now using RH SSO issuer for the admin API, but needs to be re-visited within this ticket.
-	// rolesMapping := map[string][]string{
-	// 	http.MethodGet:    {auth.FleetManagerAdminReadRole, auth.FleetManagerAdminWriteRole, auth.FleetManagerAdminFullRole},
-	// 	http.MethodPost:   {auth.FleetManagerAdminWriteRole, auth.FleetManagerAdminFullRole},
-	// 	http.MethodPatch:  {auth.FleetManagerAdminWriteRole, auth.FleetManagerAdminFullRole},
-	// 	http.MethodDelete: {auth.FleetManagerAdminFullRole},
-	// }
 
 	// TODO(ROX-11683): For now using RH SSO issuer for the admin API, but needs to be re-visited within this ticket.
 	adminRouter.Use(auth.NewRequireIssuerMiddleware().RequireIssuer(

openapi/fleet-manager.yaml

@@ -197,62 +197,6 @@ paths:
       summary: Deletes a Central request by ID
       security:
         - Bearer: []
-    patch:
-      summary: Update a Central instance by id
-      description: |
-        The only users authorized for this operation are:
-        1) The administrator of the owner organisation of the specified Central.
-        2) The owner user, and only if it is also part of the owner organisation of the specified Central.
-      security:
-        - Bearer: []
-      operationId: updateCentralById
-      requestBody:
-        description: Update owner of Cental
-        content:
-          application/json:
-            schema:
-              $ref: "#/components/schemas/CentralUpdateRequest"
-        required: true
-      responses:
-        "200":
-          description: Cental updated by ID
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/CentralRequest"
-              examples:
-                CentralRequestPostResponseExample:
-                  $ref: "#/components/examples/CentralRequestExample"
-        "400":
-          description: Bad request
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/Error"
-        "401":
-          description: Auth token is invalid
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/Error"
-        "403":
-          description: User is not authorised to access the service
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/Error"
-        "404":
-          description: No Central found with the specified ID
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/Error"
-        "500":
-          description: Unexpected error occurred
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/Error"
     parameters:
       - $ref: "#/components/parameters/id"
   /api/rhacs/v1/centrals:

pkg/auth/roles_authz.go

@@ -81,7 +81,7 @@ func readRoleAuthZConfigFile(file string, val *RoleConfig) error {
 	return nil
 }
 
-var allowedHTTPMethods = []string{http.MethodGet, http.MethodPatch, http.MethodDelete}
+var allowedHTTPMethods = []string{http.MethodGet, http.MethodPatch, http.MethodDelete, http.MethodPost}
 
 func validateRolesConfiguration(configs []RolesConfiguration) error {
 	for _, config := range configs {