Skip to content

Commit

Permalink
fix(common): remove service default policy (#17334)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ioito
ioito authored Oct 13, 2023
1 parent 8320cf5 commit c59a9ac
Show file tree
Hide file tree
Showing 8 changed files with 657 additions and 673 deletions.
133 changes: 66 additions & 67 deletions pkg/cloudid/policy/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,6 @@
package policy

import (
"yunion.io/x/pkg/util/rbacscope"

api "yunion.io/x/onecloud/pkg/apis/cloudid"
common_policy "yunion.io/x/onecloud/pkg/cloudcommon/policy"
"yunion.io/x/onecloud/pkg/util/rbacutils"
)
Expand All @@ -33,78 +30,80 @@ const (

var (
predefinedDefaultPolicies = []rbacutils.SRbacPolicy{
{
Auth: true,
Scope: rbacscope.ScopeSystem,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudpolicies",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudpolicies",
Action: PolicyActionGet,
Result: rbacutils.Allow,
/*
{
Auth: true,
Scope: rbacscope.ScopeSystem,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudpolicies",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudpolicies",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
},
},
{
Auth: true,
Scope: rbacscope.ScopeDomain,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudgroups",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudgroups",
Action: PolicyActionGet,
Result: rbacutils.Allow,
{
Auth: true,
Scope: rbacscope.ScopeDomain,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudgroups",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudgroups",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
},
},
{
Auth: true,
Scope: rbacscope.ScopeUser,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudusers",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudusers",
Action: PolicyActionGet,
Result: rbacutils.Allow,
{
Auth: true,
Scope: rbacscope.ScopeUser,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudusers",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudusers",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
},
},
{
Auth: true,
Scope: rbacscope.ScopeUser,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "samlusers",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "samlusers",
Action: PolicyActionGet,
Result: rbacutils.Allow,
{
Auth: true,
Scope: rbacscope.ScopeUser,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "samlusers",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "samlusers",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
},
},
*/
}
)

Expand Down
Loading

0 comments on commit c59a9ac

Please sign in to comment.