Add admin heal api and ui (#142)

2020-05-26 17:28:14 -07:00
parent a805a49662
commit fa068b6d4a
17 changed files with 5397 additions and 2158 deletions
--- a/pkg/acl/endpoints.go
+++ b/pkg/acl/endpoints.go
@@ -35,6 +35,7 @@ var (
 	serviceAccounts = "/service-accounts"
 	clusters        = "/clusters"
 	clustersDetail  = "/clusters/:clusterName"
+	heal            = "/heal"
 )

 type ConfigurationActionSet struct {
@@ -195,6 +196,16 @@ var clustersActionSet = ConfigurationActionSet{
 	actions:     iampolicy.NewActionSet(),
 }

+// healActionSet contains the list of admin actions required for this endpoint to work
+var healActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.HealAdminAction,
+	),
+}
+
 // endpointRules contains the mapping between endpoints and ActionSets, additional rules can be added here
 var endpointRules = map[string]ConfigurationActionSet{
 	configuration:   configurationActionSet,
@@ -212,6 +223,7 @@ var endpointRules = map[string]ConfigurationActionSet{
 	serviceAccounts: serviceAccountsActionSet,
 	clusters:        clustersActionSet,
 	clustersDetail:  clustersActionSet,
+	heal:            healActionSet,
 }

 // GetActionsStringFromPolicy extract the admin/s3 actions from a given policy and return them in []string format
--- a/pkg/acl/endpoints_test.go
+++ b/pkg/acl/endpoints_test.go
@@ -59,7 +59,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"admin:*",
 				},
 			},
-			want: 12,
+			want: 13,
 		},
 		{
 			name: "all s3 endpoints",
@@ -78,7 +78,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"s3:*",
 				},
 			},
-			want: 15,
+			want: 16,
 		},
 		{
 			name: "no endpoints",