From 912033f223fda10ead340005a9bd6ded4f638fcd Mon Sep 17 00:00:00 2001 From: Alan Rominger Date: Fri, 13 Jan 2017 17:11:08 -0500 Subject: [PATCH 1/3] workflow doc RBAC rules audit --- docs/workflow.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/workflow.md b/docs/workflow.md index d7336bce08..5bb5c759b8 100644 --- a/docs/workflow.md +++ b/docs/workflow.md @@ -58,9 +58,12 @@ Workflow jobs cannot be copied directly, instead a workflow job is implicitly co * Verify that CRUD operations on all workflow resources are working properly. Note workflow job nodes cannot be created or deleted independently, but verifications are needed to make sure when a workflow job is deleted, all its related workflow job nodes are deleted. * Verify the RBAC property of workflow resources. In specific: * Workflow job templates can only be accessible by superusers ---- system admin, admin of the same organization and system auditor and auditor of the same organization with read permission only. - * Workflow jobs follows the permission rules of its associated workflow job template. - * Workflow job template nodes rely their permission rules on the permission rules of both their associated workflow job template and unified job template. - * Workflow job nodes follows the permission rules of both its associated workflow job and unified job. + * Workflow job read and delete permissions follow from its associated workflow job template. + * Workflow job relaunch permission consists of the union of execute permission to its associated workflow job template, and the permission to re-create all the nodes inside of the workflow job. + * Workflow job template nodes rely their permission rules on the permission rules of both their associated workflow job template and unified job template for creation and editing. + * Workflow job nodes can be deleted with only permission to their workflow job template. + * Workflow job nodes are viewable if its workflow job is viewable. + * No CRUD actions are possible on workflow job nodes by any user, and they may only be deleted by deleting their workflow job. * Verify that workflow job template nodes can be created under, or (dis)associated with workflow job templates. * Verify that only the permitted types of job template types can be associated with a workflow job template node. Currently the permitted types are *job templates, inventory sources and projects*. * Verify that workflow job template nodes under the same workflow job template can be associated to form parent-child relationship of decision trees. In specific, one node takes another as its child node by POSTing another node's id to one of the three endpoints: `/success_nodes/`, `/failure_nodes/` and `/always_nodes/`. From d88fa050097b107c5d289a2e2c1662715b084e70 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Sat, 14 Jan 2017 11:09:52 -0500 Subject: [PATCH 2/3] workflow RBAC docs feedback --- docs/workflow.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/workflow.md b/docs/workflow.md index 5bb5c759b8..0843dee289 100644 --- a/docs/workflow.md +++ b/docs/workflow.md @@ -61,9 +61,10 @@ Workflow jobs cannot be copied directly, instead a workflow job is implicitly co * Workflow job read and delete permissions follow from its associated workflow job template. * Workflow job relaunch permission consists of the union of execute permission to its associated workflow job template, and the permission to re-create all the nodes inside of the workflow job. * Workflow job template nodes rely their permission rules on the permission rules of both their associated workflow job template and unified job template for creation and editing. - * Workflow job nodes can be deleted with only permission to their workflow job template. + * Workflow job template nodes can be deleted with permission to their workflow job template (even lacking permission to its job template). * Workflow job nodes are viewable if its workflow job is viewable. * No CRUD actions are possible on workflow job nodes by any user, and they may only be deleted by deleting their workflow job. + * Workflow jobs can be deleted by superusers and org admins of the organization of its associated workflow job template, and no one else. * Verify that workflow job template nodes can be created under, or (dis)associated with workflow job templates. * Verify that only the permitted types of job template types can be associated with a workflow job template node. Currently the permitted types are *job templates, inventory sources and projects*. * Verify that workflow job template nodes under the same workflow job template can be associated to form parent-child relationship of decision trees. In specific, one node takes another as its child node by POSTing another node's id to one of the three endpoints: `/success_nodes/`, `/failure_nodes/` and `/always_nodes/`. From ad3ca9acf84a01114490b30c47eb97137ac89923 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Tue, 17 Jan 2017 09:40:31 -0500 Subject: [PATCH 3/3] Incorporate more feedback about RBAC logic regarding node deletion --- docs/workflow.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/workflow.md b/docs/workflow.md index 0843dee289..dee731264d 100644 --- a/docs/workflow.md +++ b/docs/workflow.md @@ -61,7 +61,7 @@ Workflow jobs cannot be copied directly, instead a workflow job is implicitly co * Workflow job read and delete permissions follow from its associated workflow job template. * Workflow job relaunch permission consists of the union of execute permission to its associated workflow job template, and the permission to re-create all the nodes inside of the workflow job. * Workflow job template nodes rely their permission rules on the permission rules of both their associated workflow job template and unified job template for creation and editing. - * Workflow job template nodes can be deleted with permission to their workflow job template (even lacking permission to its job template). + * Workflow job template nodes can be deleted with admin permission to their workflow job template (even lacking permission to the node's job template). * Workflow job nodes are viewable if its workflow job is viewable. * No CRUD actions are possible on workflow job nodes by any user, and they may only be deleted by deleting their workflow job. * Workflow jobs can be deleted by superusers and org admins of the organization of its associated workflow job template, and no one else.