Viewer ACL (#26)

Provide ACLs (together with general improvements) for the viewer conlet.
2024-06-01 11:12:15 +02:00 · 2024-06-01 11:12:15 +02:00 · 659463b3b4
commit 659463b3b4
parent a6525a2289
42 changed files with 1664 additions and 679 deletions
--- a/dev-example/config.yaml
+++ b/dev-example/config.yaml
@ -28,6 +28,8 @@
            # User admin has role admin
            admin:
            - admin
+            test:
+            - user
            # All users have role other
            "*":
            - other
@ -37,11 +39,14 @@
            # Admins can use all conlets
            admin:
            - "*"
+            user:
+            - org.jdrupes.vmoperator.vmviewer.VmViewer
            # Others cannot use any conlet (except login conlet to log out)
            other:
-            - --org.jdrupes.vmoperator.vmconlet.VmConlet
            - org.jgrapes.webconlet.oidclogin.LoginConlet
        "/ComponentCollector":
          "/VmViewer":
            displayResource:
              preferredIpVersion: ipv4
+            syncPreviewsFor:
+            - role: user
--- a/dev-example/kustomization.yaml
+++ b/dev-example/kustomization.yaml
@ -54,6 +54,8 @@ patches:
                    # User admin has role admin
                    admin:
                    - admin
+                    test:
+                    - user
                    # All users have role other
                    "*":
                    - other
@ -63,6 +65,8 @@ patches:
                    # Admins can use all conlets
                    admin:
                    - "*"
+                    user:
+                    - org.jdrupes.vmoperator.vmviewer.VmViewer
                    # Others cannot use any conlet (except login conlet to log out)
                    other:
                    - org.jgrapes.webconlet.locallogin.LoginConlet
@ -70,6 +74,8 @@ patches:
                  "/VmViewer":
                    displayResource:
                      preferredIpVersion: ipv4
+                    syncPreviewsFor:
+                    - role: user
 - target:
    group: apps
    version: v1
--- a/dev-example/test-vm.yaml
+++ b/dev-example/test-vm.yaml
@ -7,8 +7,17 @@ spec:
  image:
    repository: docker-registry.lan.mnl.de
    path: vmoperator/org.jdrupes.vmoperator.runner.qemu-alpine
+    version: latest
    pullPolicy: Always

+  permissions:
+    - user: admin
+      may: 
+      - "*"
+    - user: test
+      may:
+      - "accessConsole"
+
  resources:
    requests:
      cpu: 1
@ -52,3 +61,4 @@ spec:
    display:
      spice:
        port: 5810
+        generateSecret: true