Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automate rbac documentation 8201 draft #8634

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Automate rbac documentation 8201 draft #8634

wants to merge 3 commits into from

Conversation

tkalir
Copy link
Contributor

@tkalir tkalir commented Feb 10, 2025

This is related to issue #8201

This is a draft, to get feedback on this solution before doing the refactoring for the rest of the actions.
The idea is that every action will have a permissionFactory that returns a permission node (like the ones used in controller.go right now) but the "resource" string will be a template that can be

  1. filled before calling authorize() [which creates the node as used now] or
  2. used as-is in the documentation.

I chose the copy objects action for the test here to show the need for RenamePlaceholder, which otherwise will both have the base placeholder from ObjectArnTemplate.

Actions names, like "copy_objects" here, will be extracted to a variable.

@N-o-Z
Copy link
Member

N-o-Z commented Feb 10, 2025

@tkalir Thank you for this contribution! And you definitely made the right choice of feeling out the water before diving in!

I wanted to know, what did you have in mind regarding the doc generation in regards with this approach?

@tkalir
Copy link
Contributor Author

tkalir commented Feb 11, 2025

@tkalir Thank you for this contribution! And you definitely made the right choice of feeling out the water before diving in!

I wanted to know, what did you have in mind regarding the doc generation in regards with this approach?

My general plan is:

  1. fill the permission factory map so I can get the resource-action for every action by its name (some actions require permissions for multiple resources, so I keep the node structure and plan to reflect that in the generated docs). The "resource" column in the docs will show the pre filled arn template as it is in the permission node.

  2. create some mapping (in yaml file or code) which includes

  • action name
  • operationId (so I can get the api endpoint from swagger.yaml)
  • user friendly action name (there is no way to auto-generate a user-friendly name from ReadExternalPrincipal)
  • at least for the moment, also hard code the "S3 gateway operation" section
  1. create an endpoint that generates the markdown for the table from all that (I haven't looked into the specifics of how to integrate it yet)

As I mentioned here instead of writing the permission factories code manually it's also possible to have the permission node data in the yaml from point 2# and use code generation.

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tkalir @N-o-Z