Homec4science

Apply namespace locking rules in Almanac

Authored by epriestley <git@epriestley.com> on Feb 21 2016, 23:34.

Description

Apply namespace locking rules in Almanac

Summary:
Ref T10246. Ref T6741.

When you have a namespace like "phacility.net", require users creating services and devices within it to have edit permission on the namespace.

This primarily allows us to lock down future device names in the cluster, so instances can't break themselves once they get access to Almanac.

Test Plan:

  • Configured a phacility.net namespace, locked myself out of it.
  • Could not create new stuff.phacility.net services/devices.
  • Could still edit existing devices I had permission for.
  • Configured a free.phacility.net namespace with more liberal policies.
  • Could create me.free.phacility.net.
  • Still could not create other.phacility.net.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6741, T10246

Differential Revision: https://secure.phabricator.com/D15325

Details

Committed
epriestley <git@epriestley.com>Feb 22 2016, 13:58
Pushed
aubortJan 31 2017, 17:16
Parents
rPHdb50d0fb11e2: Rough-in Almanac namespaces
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH411331469af4: Apply namespace locking rules in Almanac (authored by epriestley <git@epriestley.com>).Feb 22 2016, 13:58