search

treeverse / lakeFS

lakeFS - Data version control for your data lake | Git for data
https://docs.lakefs.io
Apache License 2.0
4.46k stars 359 forks source link

Update documentation of required RBAC permissions #8201

Open arielshaqed opened 2 months ago

arielshaqed commented 2 months ago

docs/security/rbac.md contains a description of required permissions but some calls are missing. AFAIK it is manually generated, so naturally it is out of date.

Update it to current state. If possible, refactor controller.go and somehow auto-generate it.

One way to refactor would be to use a map of permissions to pass to c.authorize. Then write code to generate a nice Markdown table from a new lakeFS command.

Crossbears commented 1 month ago

i would like to pick up this one.

itaiad200 commented 1 month ago

All yours @Crossbears - feel free to ask here if you need any guidance

itaiad200 commented 2 weeks ago

@Crossbears are you still on it?

tkalir commented 1 week ago

I can take it with some help. @arielshaqed what map did you have in mind?

If I understand correctly we need to extract the mapping between operation handler and the permissions they require, in a way that can be used by both code and documentation.

I thought of creating a map that maps operation handler (or operationId) to a structure like permission node, with Resource being an enum (for arn type) or function pointer that can be used to generate the arn according to input. Then this structure can be used to generate the permission node that authorize() requires.

Anyway, input will be appreciated.