feat: remove RBAC middleware checks on playbook controllers

rely on ABAC check [skip ci]
flanksource · Jan 1, 2025 · 01c02f3 · 01c02f3
1 parent 4499703
commit 01c02f3
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 10 deletions.
diff --git a/playbook/controllers.go b/playbook/controllers.go
@@ -43,9 +43,9 @@ func RegisterRoutes(e *echo.Echo) {
 	}, rbac.Authorization(policy.ObjectMonitor, policy.ActionRead))
 
 	runGroup := playbookGroup.Group("/run")
-	runGroup.POST("", HandlePlaybookRun, rbac.Playbook(policy.ActionPlaybookRun))
+	runGroup.POST("", HandlePlaybookRun)
 	runGroup.GET("/:id", HandleGetPlaybookRun, rbac.Playbook(policy.ActionRead))
-	runGroup.POST("/approve/:run_id", HandlePlaybookRunApproval, rbac.Playbook(policy.ActionPlaybookApprove))
+	runGroup.POST("/approve/:run_id", HandlePlaybookRunApproval)
 }
 
 type RunResponse struct {

diff --git a/rbac/policies.yaml b/rbac/policies.yaml
@@ -1,14 +1,14 @@
 - principal: everyone
   acl:
     - objects: database.kratos
-      actions: '!*'
+      actions: "!*"
     # Activate after UI update
     # - objects: connection
     #   actions: "!read"
 - principal: admin
   acl:
-    - objects: '*'
-      actions: '*'
+    - objects: "*"
+      actions: "*"
   inherit:
     - everyone
 - principal: viewer
@@ -32,13 +32,9 @@
     - objects: canaries,catalog,topology,playbooks,kubernetes-proxy,notification
       actions: create,read,update,delete
     - objects: connection
-      actions: 'create,read,update,delete'
+      actions: "create,read,update,delete"
     - objects: connection-detail
       actions: read
-    - objects: playbooks
-      actions: playbook:run
-    - objects: playbooks
-      actions: playbook:approve
   inherit:
     - viewer
 - principal: agent