public_git
/
orchard
mirror of https://github.com/cirruslabs/orchard.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove worker role (#77)

This commit is contained in:
Nikolay Edigaryev 2023-04-12 12:03:24 +04:00 committed by GitHub
parent 77656517fd
commit 06de1094ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DeploymentGuide.md
View File

@ -64,7 +64,7 @@ orchard context default production
## Configuring Orchard Workers
```bash
orchard create service-account worker-pool-m1 --roles "worker" --roles "compute:write" --roles "compute:read"
orchard create service-account worker-pool-m1 --roles "compute:read" --roles "compute:write"
orchard get bootstrap-token worker-pool-m1
```

15
internal/controller/api_workers.go
View File

@ -11,8 +11,7 @@ import (
)
func (controller *Controller) createWorker(ctx *gin.Context) responder.Responder {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeWrite,
v1.ServiceAccountRoleWorker); responder != nil {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeWrite); responder != nil {
return responder
}
@ -55,8 +54,7 @@ func (controller *Controller) createWorker(ctx *gin.Context) responder.Responder
}
func (controller *Controller) updateWorker(ctx *gin.Context) responder.Responder {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeWrite,
v1.ServiceAccountRoleWorker); responder != nil {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeWrite); responder != nil {
return responder
}
@ -84,8 +82,7 @@ func (controller *Controller) updateWorker(ctx *gin.Context) responder.Responder
}
func (controller *Controller) getWorker(ctx *gin.Context) responder.Responder {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeRead,
v1.ServiceAccountRoleWorker); responder != nil {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeRead); responder != nil {
return responder
}
@ -102,8 +99,7 @@ func (controller *Controller) getWorker(ctx *gin.Context) responder.Responder {
}
func (controller *Controller) listWorkers(ctx *gin.Context) responder.Responder {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeRead,
v1.ServiceAccountRoleWorker); responder != nil {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeRead); responder != nil {
return responder
}
@ -118,8 +114,7 @@ func (controller *Controller) listWorkers(ctx *gin.Context) responder.Responder
}
func (controller *Controller) deleteWorker(ctx *gin.Context) responder.Responder {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeWrite,
v1.ServiceAccountRoleWorker); responder != nil {
if responder := controller.authorize(ctx, v1.ServiceAccountRoleComputeWrite); responder != nil {
return responder
}

4
internal/controller/rpc.go
View File

@ -14,7 +14,7 @@ import (
)
func (controller *Controller) Watch(_ *emptypb.Empty, stream rpc.Controller_WatchServer) error {
if !controller.authorizeGRPC(stream.Context(), v1pkg.ServiceAccountRoleWorker) {
if !controller.authorizeGRPC(stream.Context(), v1pkg.ServiceAccountRoleComputeWrite) {
return status.Errorf(codes.Unauthenticated, "auth failed")
}
@ -40,7 +40,7 @@ func (controller *Controller) Watch(_ *emptypb.Empty, stream rpc.Controller_Watc
}
func (controller *Controller) PortForward(stream rpc.Controller_PortForwardServer) error {
if !controller.authorizeGRPC(stream.Context(), v1pkg.ServiceAccountRoleWorker) {
if !controller.authorizeGRPC(stream.Context(), v1pkg.ServiceAccountRoleComputeWrite) {
return status.Errorf(codes.Unauthenticated, "auth failed")
}

4
pkg/resource/v1/service_account_role.go
View File

@ -10,7 +10,6 @@ var ErrUnsupportedServiceAccountRole = errors.New("unsupported service account r
type ServiceAccountRole string
const (
ServiceAccountRoleWorker ServiceAccountRole = "worker"
ServiceAccountRoleComputeRead ServiceAccountRole = "compute:read"
ServiceAccountRoleComputeWrite ServiceAccountRole = "compute:write"
ServiceAccountRoleAdminRead ServiceAccountRole = "admin:read"
@ -19,8 +18,6 @@ const (
func NewServiceAccountRole(name string) (ServiceAccountRole, error) {
switch name {
case string(ServiceAccountRoleWorker):
return ServiceAccountRoleWorker, nil
case string(ServiceAccountRoleComputeRead):
return ServiceAccountRoleComputeRead, nil
case string(ServiceAccountRoleComputeWrite):
@ -36,7 +33,6 @@ func NewServiceAccountRole(name string) (ServiceAccountRole, error) {
func AllServiceAccountRoles() []ServiceAccountRole {
return []ServiceAccountRole{
ServiceAccountRoleWorker,
ServiceAccountRoleComputeRead,
ServiceAccountRoleComputeWrite,
ServiceAccountRoleAdminRead,