Uploaded image for project: 'Repose'
  1. REP-7386

Valkyrie filter should support the "upgrade_account" permission

    Details

    • Type: Story
    • Status: Resolved (View workflow)
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 9.0.0.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      Sprint 183 (Jan 17 – Jan 30), Sprint 182 (Dec 6 – Jan 16)
    • Story Points:
      3
    • Capitalizable:
      True

      Description

      Baremetal needs the ability for users with the account level 'upgrade account' permission to be able to delete a device. They also need to be able to post (not to a specific device), but I believe that's already supported. We should hide this ability behind a configuration flag, because we haven't heard from any other teams that they need this additional permission.

      https://github.com/rackerlabs/repose/blob/master/repose-aggregator/components/filters/valkyrie-authorization-filter/src/main/scala/org/openrepose/filters/valkyrieauthorization/ValkyrieAuthorizationFilter.scala#L213-L216

      Acceptance Criteria

      • There should be a config option to turn on "upgrade_account" permission consideration.
        • Verify with John Wood on the exact wording of the permission.
      • When this feature is enabled in config:
        • If the user has the "upgrade_account" permission, the user is allowed to DELETE (iff a deviceID is specified).
      • We should continue looking for any permissions that would allow the user to perform the desired action (i.e. users might have multiple permissions for the same device, some that allow the action and some that don't; in those cases, they should be allowed to perform the action).

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                damien.johnson Damien Johnson
                Reporter:
                mario.lopez Mario Lopez
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: