diff --git a/internal/iam/command_rbac.go b/internal/iam/command_rbac.go index 810084ce25..ba86fb855b 100644 --- a/internal/iam/command_rbac.go +++ b/internal/iam/command_rbac.go @@ -21,6 +21,7 @@ var ( workloadNamespace = optional.NewString("workload") flinkModelNamespace = optional.NewString("flinkmodel") usmNamespace = optional.NewString("usm") + clusterLinkNamespace = optional.NewString("cluster-link") ) func newRbacCommand(cfg *config.Config, prerunner pcmd.PreRunner) *cobra.Command { diff --git a/internal/iam/command_rbac_role_describe.go b/internal/iam/command_rbac_role_describe.go index d77af2ec23..806a254980 100644 --- a/internal/iam/command_rbac_role_describe.go +++ b/internal/iam/command_rbac_role_describe.go @@ -59,6 +59,7 @@ func (c *roleCommand) ccloudDescribe(cmd *cobra.Command, role string) error { publicNamespace.Value(), streamCatalogNamespace.Value(), usmNamespace.Value(), + clusterLinkNamespace.Value(), } ldClient := featureflags.GetCcloudLaunchDarklyClient(c.Context.PlatformName) diff --git a/internal/iam/command_rbac_role_list.go b/internal/iam/command_rbac_role_list.go index c683a49144..229d621189 100644 --- a/internal/iam/command_rbac_role_list.go +++ b/internal/iam/command_rbac_role_list.go @@ -47,6 +47,12 @@ func (c *roleCommand) ccloudList(cmd *cobra.Command) error { } roles = append(roles, usmRoles...) + clusterLinkRoles, err := c.namespaceRoles(optional.NewString(clusterLinkNamespace.Value())) + if err != nil { + return err + } + roles = append(roles, clusterLinkRoles...) + if output.GetFormat(cmd).IsSerialized() { return output.SerializedOutput(cmd, roles) } diff --git a/test/fixtures/output/iam/rbac/role/list-cloud.golden b/test/fixtures/output/iam/rbac/role/list-cloud.golden index 5453a7c904..3ca82dc84b 100644 --- a/test/fixtures/output/iam/rbac/role/list-cloud.golden +++ b/test/fixtures/output/iam/rbac/role/list-cloud.golden @@ -1,590 +1,607 @@ - Name | Access Policy ---------------------+----------------------------------------------- - CloudClusterAdmin | [ - | { - | "bindingScope": "cluster", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "Topic", - | "operations": ["All"] - | }, - | { - | "resourceType": "KsqlCluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "Subject", - | "operations": ["All"] - | }, - | { - | "resourceType": "Connector", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkAccess", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterMetric", - | "operations": ["All"] - | }, - | { - | "resourceType": "Cluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterApiKey", - | "operations": ["All"] - | }, - | { - | "resourceType": "SecurityMetadata", - | "operations": ["Describe", "Alter"] - | } - | ] - | }, - | { - | "bindingScope": "organization", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "SupportPlan", - | "operations": ["Describe"] - | }, - | { - | "resourceType": "User", - | "operations": ["Describe", "Invite"] - | }, - | { - | "resourceType": "ServiceAccount", - | "operations": ["Describe"] - | } - | ] - | } - | ] - | - CloudClusterAdmin | [ - | { - | "bindingScope": "cluster", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "Topic", - | "operations": ["All"] - | }, - | { - | "resourceType": "KsqlCluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "Subject", - | "operations": ["All"] - | }, - | { - | "resourceType": "Connector", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkAccess", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterMetric", - | "operations": ["All"] - | }, - | { - | "resourceType": "Cluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterApiKey", - | "operations": ["All"] - | }, - | { - | "resourceType": "SecurityMetadata", - | "operations": ["Describe", "Alter"] - | } - | ] - | }, - | { - | "bindingScope": "organization", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "SupportPlan", - | "operations": ["Describe"] - | }, - | { - | "resourceType": "User", - | "operations": ["Describe", "Invite"] - | }, - | { - | "resourceType": "ServiceAccount", - | "operations": ["Describe"] - | } - | ] - | } - | ] - | - EnvironmentAdmin | [ - | { - | "bindingScope": "ENVIRONMENT", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "SecurityMetadata", - | "operations": ["Describe", "Alter"] - | }, - | { - | "resourceType": "ClusterApiKey", - | "operations": ["All"] - | }, - | { - | "resourceType": "Connector", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkAccess", - | "operations": ["All"] - | }, - | { - | "resourceType": "KsqlCluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "Environment", - | "operations": [ - | "Alter", - | "Delete", - | "AlterAccess", - | "CreateKafkaCluster", - | "DescribeAccess" - | ] - | }, - | { - | "resourceType": "Subject", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkConfig", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterMetric", - | "operations": ["All"] - | }, - | { - | "resourceType": "Cluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "SchemaRegistry", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkRegion", - | "operations": ["All"] - | }, - | { - | "resourceType": "Deployment", - | "operations": ["All"] - | }, - | { - | "resourceType": "Topic", - | "operations": ["All"] - | } - | ] - | }, - | { - | "bindingScope": "organization", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "User", - | "operations": ["Describe", "Invite"] - | }, - | { - | "resourceType": "ServiceAccount", - | "operations": ["Describe"] - | }, - | { - | "resourceType": "SupportPlan", - | "operations": ["Describe"] - | } - | ] - | } - | ] - | - EnvironmentAdmin | [ - | { - | "bindingScope": "ENVIRONMENT", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "SecurityMetadata", - | "operations": ["Describe", "Alter"] - | }, - | { - | "resourceType": "ClusterApiKey", - | "operations": ["All"] - | }, - | { - | "resourceType": "Connector", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkAccess", - | "operations": ["All"] - | }, - | { - | "resourceType": "KsqlCluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "Environment", - | "operations": [ - | "Alter", - | "Delete", - | "AlterAccess", - | "CreateKafkaCluster", - | "DescribeAccess" - | ] - | }, - | { - | "resourceType": "Subject", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkConfig", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterMetric", - | "operations": ["All"] - | }, - | { - | "resourceType": "Cluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "SchemaRegistry", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkRegion", - | "operations": ["All"] - | }, - | { - | "resourceType": "Deployment", - | "operations": ["All"] - | }, - | { - | "resourceType": "Topic", - | "operations": ["All"] - | } - | ] - | }, - | { - | "bindingScope": "organization", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "User", - | "operations": ["Describe", "Invite"] - | }, - | { - | "resourceType": "ServiceAccount", - | "operations": ["Describe"] - | }, - | { - | "resourceType": "SupportPlan", - | "operations": ["Describe"] - | } - | ] - | } - | ] - | - OrganizationAdmin | [ - | { - | "bindingScope": "organization", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "Topic", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkConfig", - | "operations": ["All"] - | }, - | { - | "resourceType": "SecurityMetadata", - | "operations": ["Describe", "Alter"] - | }, - | { - | "resourceType": "Billing", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterApiKey", - | "operations": ["All"] - | }, - | { - | "resourceType": "Deployment", - | "operations": ["All"] - | }, - | { - | "resourceType": "SchemaRegistry", - | "operations": ["All"] - | }, - | { - | "resourceType": "KsqlCluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "CloudApiKey", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkAccess", - | "operations": ["All"] - | }, - | { - | "resourceType": "SecuritySSO", - | "operations": ["All"] - | }, - | { - | "resourceType": "SupportPlan", - | "operations": ["All"] - | }, - | { - | "resourceType": "Connector", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterMetric", - | "operations": ["All"] - | }, - | { - | "resourceType": "ServiceAccount", - | "operations": ["All"] - | }, - | { - | "resourceType": "Subject", - | "operations": ["All"] - | }, - | { - | "resourceType": "Cluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "Environment", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkRegion", - | "operations": ["All"] - | }, - | { - | "resourceType": "Organization", - | "operations": [ - | "Alter", - | "CreateEnvironment", - | "AlterAccess", - | "DescribeAccess" - | ] - | }, - | { - | "resourceType": "User", - | "operations": ["All"] - | } - | ] - | } - | ] - | - OrganizationAdmin | [ - | { - | "bindingScope": "organization", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "Topic", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkConfig", - | "operations": ["All"] - | }, - | { - | "resourceType": "SecurityMetadata", - | "operations": ["Describe", "Alter"] - | }, - | { - | "resourceType": "Billing", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterApiKey", - | "operations": ["All"] - | }, - | { - | "resourceType": "Deployment", - | "operations": ["All"] - | }, - | { - | "resourceType": "SchemaRegistry", - | "operations": ["All"] - | }, - | { - | "resourceType": "KsqlCluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "CloudApiKey", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkAccess", - | "operations": ["All"] - | }, - | { - | "resourceType": "SecuritySSO", - | "operations": ["All"] - | }, - | { - | "resourceType": "SupportPlan", - | "operations": ["All"] - | }, - | { - | "resourceType": "Connector", - | "operations": ["All"] - | }, - | { - | "resourceType": "ClusterMetric", - | "operations": ["All"] - | }, - | { - | "resourceType": "ServiceAccount", - | "operations": ["All"] - | }, - | { - | "resourceType": "Subject", - | "operations": ["All"] - | }, - | { - | "resourceType": "Cluster", - | "operations": ["All"] - | }, - | { - | "resourceType": "Environment", - | "operations": ["All"] - | }, - | { - | "resourceType": "NetworkRegion", - | "operations": ["All"] - | }, - | { - | "resourceType": "Organization", - | "operations": [ - | "Alter", - | "CreateEnvironment", - | "AlterAccess", - | "DescribeAccess" - | ] - | }, - | { - | "resourceType": "User", - | "operations": ["All"] - | } - | ] - | } - | ] - | - ResourceOwner | [ - | { - | "bindingScope": "cloud-cluster", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "CloudCluster", - | "operations": ["Describe"] - | } - | ] - | }, - | { - | "bindingScope": "cluster", - | "bindWithResource": true, - | "allowedOperations": [ - | { - | "resourceType": "Topic", - | "operations": [ - | "Create", - | "Delete", - | "Read", - | "Write", - | "Describe", - | "DescribeConfigs", - | "Alter", - | "AlterConfigs", - | "DescribeAccess", - | "AlterAccess" - | ] - | }, - | { - | "resourceType": "Group", - | "operations": [ - | "Read", - | "Describe", - | "Delete", - | "DescribeAccess", - | "AlterAccess" - | ] - | } - | ] - | } - | ] - | - ResourceOwner | [ - | { - | "bindingScope": "cloud-cluster", - | "bindWithResource": false, - | "allowedOperations": [ - | { - | "resourceType": "CloudCluster", - | "operations": ["Describe"] - | } - | ] - | }, - | { - | "bindingScope": "cluster", - | "bindWithResource": true, - | "allowedOperations": [ - | { - | "resourceType": "Topic", - | "operations": [ - | "Create", - | "Delete", - | "Read", - | "Write", - | "Describe", - | "DescribeConfigs", - | "Alter", - | "AlterConfigs", - | "DescribeAccess", - | "AlterAccess" - | ] - | }, - | { - | "resourceType": "Group", - | "operations": [ - | "Read", - | "Describe", - | "Delete", - | "DescribeAccess", - | "AlterAccess" - | ] - | } - | ] - | } - | ] - | + Name | Access Policy +------------------------+----------------------------------------------- + CloudClusterAdmin | [ + | { + | "bindingScope": "cluster", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "Topic", + | "operations": ["All"] + | }, + | { + | "resourceType": "KsqlCluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "Subject", + | "operations": ["All"] + | }, + | { + | "resourceType": "Connector", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkAccess", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterMetric", + | "operations": ["All"] + | }, + | { + | "resourceType": "Cluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterApiKey", + | "operations": ["All"] + | }, + | { + | "resourceType": "SecurityMetadata", + | "operations": ["Describe", "Alter"] + | } + | ] + | }, + | { + | "bindingScope": "organization", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "SupportPlan", + | "operations": ["Describe"] + | }, + | { + | "resourceType": "User", + | "operations": ["Describe", "Invite"] + | }, + | { + | "resourceType": "ServiceAccount", + | "operations": ["Describe"] + | } + | ] + | } + | ] + | + CloudClusterAdmin | [ + | { + | "bindingScope": "cluster", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "Topic", + | "operations": ["All"] + | }, + | { + | "resourceType": "KsqlCluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "Subject", + | "operations": ["All"] + | }, + | { + | "resourceType": "Connector", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkAccess", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterMetric", + | "operations": ["All"] + | }, + | { + | "resourceType": "Cluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterApiKey", + | "operations": ["All"] + | }, + | { + | "resourceType": "SecurityMetadata", + | "operations": ["Describe", "Alter"] + | } + | ] + | }, + | { + | "bindingScope": "organization", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "SupportPlan", + | "operations": ["Describe"] + | }, + | { + | "resourceType": "User", + | "operations": ["Describe", "Invite"] + | }, + | { + | "resourceType": "ServiceAccount", + | "operations": ["Describe"] + | } + | ] + | } + | ] + | + ClusterLinkConnection | [ + | { + | "bindingScope": "cluster-link", + | "bindWithResource": true, + | "allowedOperations": [ + | { + | "resourceType": "ClusterLink", + | "operations": [ + | "Describe", + | "AcceptInboundConnection", + | "StartOutboundConnection" + | ] + | } + | ] + | } + | ] + | + EnvironmentAdmin | [ + | { + | "bindingScope": "ENVIRONMENT", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "SecurityMetadata", + | "operations": ["Describe", "Alter"] + | }, + | { + | "resourceType": "ClusterApiKey", + | "operations": ["All"] + | }, + | { + | "resourceType": "Connector", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkAccess", + | "operations": ["All"] + | }, + | { + | "resourceType": "KsqlCluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "Environment", + | "operations": [ + | "Alter", + | "Delete", + | "AlterAccess", + | "CreateKafkaCluster", + | "DescribeAccess" + | ] + | }, + | { + | "resourceType": "Subject", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkConfig", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterMetric", + | "operations": ["All"] + | }, + | { + | "resourceType": "Cluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "SchemaRegistry", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkRegion", + | "operations": ["All"] + | }, + | { + | "resourceType": "Deployment", + | "operations": ["All"] + | }, + | { + | "resourceType": "Topic", + | "operations": ["All"] + | } + | ] + | }, + | { + | "bindingScope": "organization", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "User", + | "operations": ["Describe", "Invite"] + | }, + | { + | "resourceType": "ServiceAccount", + | "operations": ["Describe"] + | }, + | { + | "resourceType": "SupportPlan", + | "operations": ["Describe"] + | } + | ] + | } + | ] + | + EnvironmentAdmin | [ + | { + | "bindingScope": "ENVIRONMENT", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "SecurityMetadata", + | "operations": ["Describe", "Alter"] + | }, + | { + | "resourceType": "ClusterApiKey", + | "operations": ["All"] + | }, + | { + | "resourceType": "Connector", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkAccess", + | "operations": ["All"] + | }, + | { + | "resourceType": "KsqlCluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "Environment", + | "operations": [ + | "Alter", + | "Delete", + | "AlterAccess", + | "CreateKafkaCluster", + | "DescribeAccess" + | ] + | }, + | { + | "resourceType": "Subject", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkConfig", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterMetric", + | "operations": ["All"] + | }, + | { + | "resourceType": "Cluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "SchemaRegistry", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkRegion", + | "operations": ["All"] + | }, + | { + | "resourceType": "Deployment", + | "operations": ["All"] + | }, + | { + | "resourceType": "Topic", + | "operations": ["All"] + | } + | ] + | }, + | { + | "bindingScope": "organization", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "User", + | "operations": ["Describe", "Invite"] + | }, + | { + | "resourceType": "ServiceAccount", + | "operations": ["Describe"] + | }, + | { + | "resourceType": "SupportPlan", + | "operations": ["Describe"] + | } + | ] + | } + | ] + | + OrganizationAdmin | [ + | { + | "bindingScope": "organization", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "Topic", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkConfig", + | "operations": ["All"] + | }, + | { + | "resourceType": "SecurityMetadata", + | "operations": ["Describe", "Alter"] + | }, + | { + | "resourceType": "Billing", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterApiKey", + | "operations": ["All"] + | }, + | { + | "resourceType": "Deployment", + | "operations": ["All"] + | }, + | { + | "resourceType": "SchemaRegistry", + | "operations": ["All"] + | }, + | { + | "resourceType": "KsqlCluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "CloudApiKey", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkAccess", + | "operations": ["All"] + | }, + | { + | "resourceType": "SecuritySSO", + | "operations": ["All"] + | }, + | { + | "resourceType": "SupportPlan", + | "operations": ["All"] + | }, + | { + | "resourceType": "Connector", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterMetric", + | "operations": ["All"] + | }, + | { + | "resourceType": "ServiceAccount", + | "operations": ["All"] + | }, + | { + | "resourceType": "Subject", + | "operations": ["All"] + | }, + | { + | "resourceType": "Cluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "Environment", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkRegion", + | "operations": ["All"] + | }, + | { + | "resourceType": "Organization", + | "operations": [ + | "Alter", + | "CreateEnvironment", + | "AlterAccess", + | "DescribeAccess" + | ] + | }, + | { + | "resourceType": "User", + | "operations": ["All"] + | } + | ] + | } + | ] + | + OrganizationAdmin | [ + | { + | "bindingScope": "organization", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "Topic", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkConfig", + | "operations": ["All"] + | }, + | { + | "resourceType": "SecurityMetadata", + | "operations": ["Describe", "Alter"] + | }, + | { + | "resourceType": "Billing", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterApiKey", + | "operations": ["All"] + | }, + | { + | "resourceType": "Deployment", + | "operations": ["All"] + | }, + | { + | "resourceType": "SchemaRegistry", + | "operations": ["All"] + | }, + | { + | "resourceType": "KsqlCluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "CloudApiKey", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkAccess", + | "operations": ["All"] + | }, + | { + | "resourceType": "SecuritySSO", + | "operations": ["All"] + | }, + | { + | "resourceType": "SupportPlan", + | "operations": ["All"] + | }, + | { + | "resourceType": "Connector", + | "operations": ["All"] + | }, + | { + | "resourceType": "ClusterMetric", + | "operations": ["All"] + | }, + | { + | "resourceType": "ServiceAccount", + | "operations": ["All"] + | }, + | { + | "resourceType": "Subject", + | "operations": ["All"] + | }, + | { + | "resourceType": "Cluster", + | "operations": ["All"] + | }, + | { + | "resourceType": "Environment", + | "operations": ["All"] + | }, + | { + | "resourceType": "NetworkRegion", + | "operations": ["All"] + | }, + | { + | "resourceType": "Organization", + | "operations": [ + | "Alter", + | "CreateEnvironment", + | "AlterAccess", + | "DescribeAccess" + | ] + | }, + | { + | "resourceType": "User", + | "operations": ["All"] + | } + | ] + | } + | ] + | + ResourceOwner | [ + | { + | "bindingScope": "cloud-cluster", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "CloudCluster", + | "operations": ["Describe"] + | } + | ] + | }, + | { + | "bindingScope": "cluster", + | "bindWithResource": true, + | "allowedOperations": [ + | { + | "resourceType": "Topic", + | "operations": [ + | "Create", + | "Delete", + | "Read", + | "Write", + | "Describe", + | "DescribeConfigs", + | "Alter", + | "AlterConfigs", + | "DescribeAccess", + | "AlterAccess" + | ] + | }, + | { + | "resourceType": "Group", + | "operations": [ + | "Read", + | "Describe", + | "Delete", + | "DescribeAccess", + | "AlterAccess" + | ] + | } + | ] + | } + | ] + | + ResourceOwner | [ + | { + | "bindingScope": "cloud-cluster", + | "bindWithResource": false, + | "allowedOperations": [ + | { + | "resourceType": "CloudCluster", + | "operations": ["Describe"] + | } + | ] + | }, + | { + | "bindingScope": "cluster", + | "bindWithResource": true, + | "allowedOperations": [ + | { + | "resourceType": "Topic", + | "operations": [ + | "Create", + | "Delete", + | "Read", + | "Write", + | "Describe", + | "DescribeConfigs", + | "Alter", + | "AlterConfigs", + | "DescribeAccess", + | "AlterAccess" + | ] + | }, + | { + | "resourceType": "Group", + | "operations": [ + | "Read", + | "Describe", + | "Delete", + | "DescribeAccess", + | "AlterAccess" + | ] + | } + | ] + | } + | ] + | diff --git a/test/test-server/cloud_mds_handlers.go b/test/test-server/cloud_mds_handlers.go index dcbc292ec9..df4ca87e9e 100644 --- a/test/test-server/cloud_mds_handlers.go +++ b/test/test-server/cloud_mds_handlers.go @@ -12,7 +12,13 @@ import ( func (c *CloudRouter) HandleAllRolesRoute(t *testing.T) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - roles := rbacPublicRoles() + var roles []mdsv2alpha1.Role + switch r.URL.Query().Get("namespace") { + case "cluster-link": + roles = rbacClusterLinkRoles() + default: + roles = rbacPublicRoles() + } rolesResponse, _ := json.Marshal(roles) _, err := w.Write(rolesResponse) require.NoError(t, err) @@ -136,6 +142,23 @@ func rbacPublicRoles() []mdsv2alpha1.Role { return []mdsv2alpha1.Role{cloudClusterAdminRole, environmentAdminRole, organizationAdminRole, resourceOwnerRole} } +func rbacClusterLinkRoles() []mdsv2alpha1.Role { + clusterLinkConnectionRole := mdsv2alpha1.Role{ + Name: "ClusterLinkConnection", + Policies: []mdsv2alpha1.AccessPolicy{ + { + BindingScope: "cluster-link", + BindWithResource: true, + AllowedOperations: []mdsv2alpha1.Operation{ + {ResourceType: "ClusterLink", Operations: []string{"Describe", "AcceptInboundConnection", "StartOutboundConnection"}}, + }, + }, + }, + } + + return []mdsv2alpha1.Role{clusterLinkConnectionRole} +} + func rolesListToJsonMap(roles []mdsv2alpha1.Role) map[string]string { roleMap := make(map[string]string) for _, role := range roles {