Commit45ab265

authored

chore: add permissions to autobuilder & prebuilder to run wsbuild (#18527)

Read organization member and read files is now required for dynamicparam building.

1 parent403f1c3 commit45ab265Copy full SHA for 45ab265

File tree

-0

lines changed

-0

lines changed

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -228,6 +228,8 @@ var (`
`228`	`228`	`Identifier: rbac.RoleIdentifier{Name:"autostart"},`
`229`	`229`	`DisplayName:"Autostart Daemon",`
`230`	`230`	`Site:rbac.Permissions(map[string][]policy.Action{`
	`231`	`+rbac.ResourceOrganizationMember.Type: {policy.ActionRead},`
	`232`	`+rbac.ResourceFile.Type: {policy.ActionRead},// Required to read terraform files`
`231`	`233`	`rbac.ResourceNotificationMessage.Type: {policy.ActionCreate,policy.ActionRead},`
`232`	`234`	`rbac.ResourceSystem.Type: {policy.WildcardSymbol},`
`233`	`235`	`rbac.ResourceTemplate.Type: {policy.ActionRead,policy.ActionUpdate},`
`@@ -443,6 +445,7 @@ var (`
`443`	`445`	`},`
`444`	`446`	`// Should be able to add the prebuilds system user as a member to any organization that needs prebuilds.`
`445`	`447`	`rbac.ResourceOrganizationMember.Type: {`
	`448`	`+policy.ActionRead,`
`446`	`449`	`policy.ActionCreate,`
`447`	`450`	`},`
`448`	`451`	`// Needs to be able to assign roles to the system user in order to make it a member of an organization.`
`@@ -456,6 +459,10 @@ var (`
`456`	`459`	`rbac.ResourceOrganization.Type: {`
`457`	`460`	`policy.ActionRead,`
`458`	`461`	`},`
	`462`	`+// Required to read the terraform files of a template`
	`463`	`+rbac.ResourceFile.Type: {`
	`464`	`+policy.ActionRead,`
	`465`	`+},`
`459`	`466`	`}),`
`460`	`467`	`},`
`461`	`468`	`}),`

Comments

(0)