search

ECSTeam / cloudfoundry-top-plugin

Cloud Foundry CF cli plugin - show top stats
Apache License 2.0
73 stars 21 forks source link

`cloud_controller.admin_read_only` role support #15

Closed kinjelom closed 4 years ago

kinjelom commented 4 years ago

There is no need to require the cloud_controller.admin role. In most cases cloud_controller.admin_read_only is enough: https://docs.cloudfoundry.org/concepts/roles.html#activeroles

Create an Admin Read-Only User: https://docs.cloudfoundry.org/uaa/uaa-user-management.html#admin-read-only

This PR gives cloud_controller.admin and cloud_controller.admin_read_only support. It was tested manually on our CF and it just works :)

kkellner commented 4 years ago

I see from the link you provided to the docs it says: "The admin read-only account cannot view process stats or logs". This plugin uses the stats API: https://github.com/ECSTeam/cloudfoundry-top-plugin/blob/master/metadata/appStatistics/appStatistics.go#L108

Am I misunderstanding what they are saying in the read-only account not able to call stats API and get data?

This is the stats API docs: https://apidocs.cloudfoundry.org/12.6.0/apps/get_detailed_stats_for_a_started_app.html

Have you tested the data in the app details view (application instances) with having only admin read-only?

kinjelom commented 4 years ago

It's working, tested using user adminro:

uaac member add cloud_controller.admin_read_only adminro
uaac member add scim.read adminro
uaac member add doppler.firehose adminro
kkellner commented 4 years ago

@wildloop Thanks for the pull request and helping to improve the plugin!