New issue
Advanced search Search tips

Issue 746557 link

Starred by 2 users
Status: Fixed
Owner:
mar...@chromium.org
Closed: Jul 2017
Cc:
seanmccullough@chromium.org
kjlubick@chromium.org
vadimsh@chromium.org
friedman@chromium.org
mar...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Feature



Sign in to add a comment

Add ready-only group in Swarming

Project Member Reported by mar...@chromium.org, Jul 19 2017 
For use for dashboards and other services that do no need write access.

Right now there's no way to have pure read-only access.

AIs:
- Add AuthSettings.viewer_group
- Add acl.is_viewer() or something like that and will update the relevant ACLs in handlers_endpoints.py


Side note:
I thought about having two separate groups, one "view all tasks" and the other "view all bots". It's not that much more work so I may implement this instead.

Comment 1 by mar...@chromium.org, Jul 19 2017 

Issue 736546 has been merged into this issue.
Project Member

Comment 3 by bugdroid1@chromium.org, Jul 26 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/external/github.com/luci/luci-py.git/+/35f786195171478c029b17cf1a0841ac2723ec57

commit 35f786195171478c029b17cf1a0841ac2723ec57
Author: maruel <maruel@chromium.org>
Date: Wed Jul 26 14:23:36 2017

swarming: switch to a 'capability focused' ACL system

The main visible ACL change is that privileged_users cannot get the config
anymore.

R=vadimsh@chromium.org,kjlubick@chromium.org
BUG= 746557 

Review-Url: https://codereview.chromium.org/2984843002

[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/handlers_bot.py
[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/handlers_endpoints.py
[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/handlers_endpoints_test.py
[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/handlers_frontend.py
[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/proto/config.proto
[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/proto/config_pb2.py
[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/server/acl.py
[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/server/acl_test.py
[modify] https://crrev.com/35f786195171478c029b17cf1a0841ac2723ec57/appengine/swarming/server/task_request.py
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 27 2017 

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/infradata/config/+/717e13f63514a364220fe7c811422eedea622ef6

commit 717e13f63514a364220fe7c811422eedea622ef6
Author: Marc-Antoine Ruel <maruel@chromium.org>
Date: Thu Jul 27 17:21:33 2017
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 27 2017 

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/infradata/config/+/2b26fd9731b3e301bfc91838cc933d6e44e67cd9

commit 2b26fd9731b3e301bfc91838cc933d6e44e67cd9
Author: Marc-Antoine Ruel <maruel@chromium.org>
Date: Thu Jul 27 17:51:18 2017

Comment 6 by mar...@chromium.org, Jul 27 2017

Status: Fixed (was: Assigned)
It's live and a few services (luci-milo, sheriff-o-matic) have already been migrated.

Sign in to add a comment