New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(apiTokens): support configuring permissions #666

Open

migmartri opened this issue Apr 10, 2024 · 0 comments

Member

migmartri commented Apr 10, 2024

Currently, you can create API tokens [1] that can be used for automation for a limited set of tasks.

The permissions that this token has by default are hardcoded and set on the creation

chainloop/app/controlplane/internal/biz/apitoken.go

Lines 72 to 78 in a3d5456

 DefaultAuthzPolicies: []*authz.Policy{ 

 // Add permissions to workflow contract management 

 authz.PolicyWorkflowContractList, authz.PolicyWorkflowContractRead, authz.PolicyWorkflowContractUpdate, 

 // to download artifacts and list referrers 

 authz.PolicyArtifactDownload, authz.PolicyReferrerRead, 

 authz.PolicyOrganizationRead, 

 },

This tasks is about allowing the user to configure what specific permissions (ACL) the user wants from the list of supported ones, this will mean

Create API endpoint that exposes the list of available permissions. For now we can show the subset we have there, it's out of the scope of this task to add more policies, that will come in a follow up patch.
Update the create API endpoint / CLI action to support an array of permissions
Add an update API endpoint

[1] chainloop organization api-token create ...

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment