Select Page
by

Sanjeev

|
last updated on September 14, 2021
Share

Before spinnaker 1.17.1, there were no restrictions in creating applications by users. It is important now to restrict creating applications for enterprises to enforce enterprise policies in onboarding applications.

From 1.17.x, users can restrict application creation by setting the flag ‘fiat.restrictApplicationCreation’ to true. Permissions provided in the application will be ignored now and permissions provided in the external source are applied.

Fiat now accepts permissions from external sources for creating applications. By default, application permissions are stored in the front50. This article will help you create applications from external sources.

Below mentioned fields are explained in detail which help in creating applications from external sources.

Field Values Explanation
fiat.restrictApplicationCreation true/false

false: Default legacy application permissions are applied.

true: User can restrict application creation. This field value(true) is mandatory for creating applications through external sources.

auth.permissions.provider.application default/aggregate

default: Default legacy application permissions are applied.

aggregate: Adds permissions from external sources.

auth.permissions.source.application.prefix.resolutionStrategy AGGREGATE/MOST_SPECIFIC

AGGREGATE: Permissions will be aggregated from all matching prefixes.

MOST_SPECIFIC: Permissions will be applied from the most specific prefix.

User Roles
opsmxemp1 dev,qa,emp,mgr


Sample Configuration:

				
					.hal/default/profiles/fiat-local.yml
fiat.restrictApplicationCreation: true
auth.permissions.provider.application: aggregate
auth.permissions.source.application.prefix.resolutionStrategy: AGGREGATE 
auth.permissions.source.application.prefix:
enabled: true
 prefixes:
  - prefix: "fooapp"
  permissions:
READ: 
   - "dev"
    WRITE:
   - "qa"
    EXECUTE:
   - "emp"
 - prefix: "fooapp12"
 permissions:
  CREATE:
  - "dev"
 - prefix: "testapp"
   permissions:
CREATE:
   - "finance"
  - prefix: "bar*"
  permissions:
CREATE:
 - "mgr"
   - prefix: "barapp*"
permissions:
   READ:
  - "dev"
				
			

Test cases:

*fiat.restrictApplicationCreation: true
*auth.permissions.provider.application: aggregate

FieldApplication nameComments
auth.permissions.source.application.prefix.resolutionStrategy: AGGREGATE barApplication created successfully.
barappApplication created successfully.
barapApplication created successfully.
barapp001Application created successfully.
fooapp12Application created successfully.
fooappCould not create application
testappCould not create application
auth.permissions.source.application.prefix.resolutionStrategy: MOST_SPECIFIC barApplication created successfully.
barappCould not create application
barapApplication created successfully.
barapp001Could not create application
fooapp12Application created successfully.
fooappCould not create application
testappCould not create application

* mandatory configuration fields

 

Tags : Spinnaker

0 Comments

Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.