b7e7d25308
This PS is created to : - roll back apache-airflow back to 1.10.5 - change default chart values from bionic to ubuntu_focal - save freshly generated config and policy files samples - in focal Dockerfile postgres client version is pubped up to v15 - change airflow docker image requirements from limited to fully frozen for shipyard-airflow project - adjusted requirements-direct.txt for shipyard_airflow - adjusted requirements-direct.txt for shipyard_client - regenerated requirements-frozen for both projects - fixed unit tests after upgrading click module - gen_all tox profile processing has been moved over to py8 gate because it requires focal zuul node to run - upgraded airskiff gate playbook to include latest treasuremap patchset with updated airskiff site admada manifests Change-Id: I47e44f5cfa19b2649697e7cc5a31557a6f4fcfea
110 lines
4.0 KiB
Plaintext
110 lines
4.0 KiB
Plaintext
# Actions requiring admin authority
|
|
#"admin_required": "role:admin"
|
|
|
|
# Rule to deny all access. Used for default denial
|
|
#"deny_all": "!"
|
|
|
|
# List workflow actions invoked by users
|
|
# GET /api/v1.0/actions
|
|
#"workflow_orchestrator:list_actions": "rule:admin_required"
|
|
|
|
# Create a workflow action
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:create_action": "rule:admin_required"
|
|
|
|
# Retrieve an action by its id
|
|
# GET /api/v1.0/actions/{action_id}
|
|
#"workflow_orchestrator:get_action": "rule:admin_required"
|
|
|
|
# Retrieve an action step by its id
|
|
# GET /api/v1.0/actions/{action_id}/steps/{step_id}
|
|
#"workflow_orchestrator:get_action_step": "rule:admin_required"
|
|
|
|
# Retrieve logs of an action step by its id
|
|
# GET /api/v1.0/actions/{action_id}/steps/{step_id}/logs
|
|
#"workflow_orchestrator:get_action_step_logs": "rule:admin_required"
|
|
|
|
# Retrieve an action validation by its id
|
|
# GET /api/v1.0/actions/{action_id}/validations/{validation_id}
|
|
#"workflow_orchestrator:get_action_validation": "rule:admin_required"
|
|
|
|
# Send a control to an action
|
|
# POST /api/v1.0/actions/{action_id}/control/{control_verb}
|
|
#"workflow_orchestrator:invoke_action_control": "rule:admin_required"
|
|
|
|
# Retrieve the status of the configdocs
|
|
# GET /api/v1.0/configdocs
|
|
#"workflow_orchestrator:get_configdocs_status": "rule:admin_required"
|
|
|
|
# Ingest configuration documents for the site design
|
|
# POST /api/v1.0/configdocs/{collection_id}
|
|
#"workflow_orchestrator:create_configdocs": "rule:admin_required"
|
|
|
|
# Retrieve a collection of configuration documents with redacted
|
|
# secrets
|
|
# GET /api/v1.0/configdocs/{collection_id}
|
|
#"workflow_orchestrator:get_configdocs": "rule:admin_required"
|
|
|
|
# Retrieve a collection of configuration documents with cleartext
|
|
# secrets.
|
|
# GET /api/v1.0/configdocs/{collection_id}
|
|
#"workflow_orchestrator:get_configdocs_cleartext": "rule:admin_required"
|
|
|
|
# Move documents from the Shipyard buffer to the committed documents
|
|
# POST /api/v1.0/commitconfigdocs
|
|
#"workflow_orchestrator:commit_configdocs": "rule:admin_required"
|
|
|
|
# Retrieve the configuration documents rendered by Deckhand into a
|
|
# complete design
|
|
# GET /api/v1.0/renderedconfigdocs
|
|
#"workflow_orchestrator:get_renderedconfigdocs": "rule:admin_required"
|
|
|
|
# Retrieve the configuration documents with cleartext secrets rendered
|
|
# by Deckhand into a complete design
|
|
# GET /api/v1.0/renderedconfigdocs
|
|
#"workflow_orchestrator:get_renderedconfigdocs_cleartext": "rule:admin_required"
|
|
|
|
# Retrieve the list of workflows (DAGs) that have been invoked in
|
|
# Airflow, whether via Shipyard or scheduled
|
|
# GET /api/v1.0/workflows
|
|
#"workflow_orchestrator:list_workflows": "rule:admin_required"
|
|
|
|
# Retrieve the detailed information for a workflow (DAG) from Airflow
|
|
# GET /api/v1.0/workflows/{id}
|
|
#"workflow_orchestrator:get_workflow": "rule:admin_required"
|
|
|
|
# Retrieve the details for a note. Further authorization is required
|
|
# depending on the topic of the note
|
|
# GET /api/v1.0/notedetails/{note_id}
|
|
#"workflow_orchestrator:get_notedetails": "rule:admin_required"
|
|
|
|
# Retrieve the statuses for the site
|
|
# GET /api/v1.0/site_statuses
|
|
#"workflow_orchestrator:get_site_statuses": "rule:admin_required"
|
|
|
|
# Create a workflow action to deploy the site
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_deploy_site": "rule:admin_required"
|
|
|
|
# Create a workflow action to update the site
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_update_site": "rule:admin_required"
|
|
|
|
# Create a workflow action to update the site software
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_update_software": "rule:admin_required"
|
|
|
|
# Create a workflow action to redeploy target servers
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_redeploy_server": "rule:admin_required"
|
|
|
|
# Create a workflow action to relabel target nodes
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_relabel_nodes": "rule:admin_required"
|
|
|
|
# Create a workflow action to invoke Helm tests on all releases or a
|
|
# targeted release
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_test_site": "rule:admin_required"
|
|
|