From: Ricardo Dias Date: Thu, 29 Aug 2019 09:26:48 +0000 (+0100) Subject: mgr/dashboard: access_control: add grafana scope read access to *-manager roles X-Git-Tag: v15.1.0~1727^2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=ea4236550eb141d8ec1483aa11ec17e2c7dddea3;p=ceph-ci.git mgr/dashboard: access_control: add grafana scope read access to *-manager roles Fixes: https://tracker.ceph.com/issues/41572 Signed-off-by: Ricardo Dias --- diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py index 506aeb27fbe..a63c749a47a 100644 --- a/src/pybind/mgr/dashboard/services/access_control.py +++ b/src/pybind/mgr/dashboard/services/access_control.py @@ -112,6 +112,7 @@ BLOCK_MGR_ROLE = Role('block-manager', 'Block Manager', { Scope.POOL: [_P.READ], Scope.ISCSI: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], Scope.RBD_MIRRORING: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], + Scope.GRAFANA: [_P.READ], }) @@ -119,6 +120,7 @@ BLOCK_MGR_ROLE = Role('block-manager', 'Block Manager', { RGW_MGR_ROLE = Role('rgw-manager', 'RGW Manager', { Scope.RGW: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], Scope.CONFIG_OPT: [_P.READ], + Scope.GRAFANA: [_P.READ], }) @@ -131,6 +133,7 @@ CLUSTER_MGR_ROLE = Role('cluster-manager', 'Cluster Manager', { Scope.MANAGER: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], Scope.CONFIG_OPT: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], Scope.LOG: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], + Scope.GRAFANA: [_P.READ], }) @@ -138,12 +141,14 @@ CLUSTER_MGR_ROLE = Role('cluster-manager', 'Cluster Manager', { POOL_MGR_ROLE = Role('pool-manager', 'Pool Manager', { Scope.POOL: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], Scope.CONFIG_OPT: [_P.READ], + Scope.GRAFANA: [_P.READ], }) # Pool manager role provides all permissions for CephFS related scopes CEPHFS_MGR_ROLE = Role('cephfs-manager', 'CephFS Manager', { Scope.CEPHFS: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], Scope.CONFIG_OPT: [_P.READ], + Scope.GRAFANA: [_P.READ], }) GANESHA_MGR_ROLE = Role('ganesha-manager', 'NFS Ganesha Manager', { @@ -151,6 +156,7 @@ GANESHA_MGR_ROLE = Role('ganesha-manager', 'NFS Ganesha Manager', { Scope.CEPHFS: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], Scope.RGW: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE], Scope.CONFIG_OPT: [_P.READ], + Scope.GRAFANA: [_P.READ], })