Reconcile API server permissions list

jkatz · Jonathan S. Katz · commit 3dd7045f605c · 2021-01-13T18:25:30.000-05:00
Of note is the "Restart" permission which was not added to the validation list, and removing some permissions for calls that are no longer available. Issue: #2203 Issue: #2201
diff --git a/docs/content/Security/configure-postgres-operator-rbac.md b/docs/content/Security/configure-postgres-operator-rbac.md
@@ -74,6 +74,7 @@ The following list shows the current complete list of possible pgo permissions t
 |Label | allow *pgo label*|
 |Load | allow *pgo load*|
 |Reload | allow *pgo reload*|
+|Restart | allow *pgo restart*|
 |Restore | allow *pgo restore*|
 |RestoreDump | allow *pgo restore* for pgdumps|
 |ShowBackup | allow *pgo show backup*|
diff --git a/internal/apiserver/perms.go b/internal/apiserver/perms.go
@@ -42,7 +42,6 @@ const (
 	CREATE_CLUSTER_PERM   = "CreateCluster"
 	CREATE_DUMP_PERM      = "CreateDump"
 	CREATE_FAILOVER_PERM  = "CreateFailover"
-	CREATE_INGEST_PERM    = "CreateIngest"
 	CREATE_NAMESPACE_PERM = "CreateNamespace"
 	CREATE_PGADMIN_PERM   = "CreatePgAdmin"
 	CREATE_PGBOUNCER_PERM = "CreatePgbouncer"
@@ -59,7 +58,6 @@ const (
 	// DELETE
 	DELETE_BACKUP_PERM    = "DeleteBackup"
 	DELETE_CLUSTER_PERM   = "DeleteCluster"
-	DELETE_INGEST_PERM    = "DeleteIngest"
 	DELETE_NAMESPACE_PERM = "DeleteNamespace"
 	DELETE_PGADMIN_PERM   = "DeletePgAdmin"
 	DELETE_PGBOUNCER_PERM = "DeletePgbouncer"
@@ -73,7 +71,6 @@ const (
 	SHOW_BACKUP_PERM          = "ShowBackup"
 	SHOW_CLUSTER_PERM         = "ShowCluster"
 	SHOW_CONFIG_PERM          = "ShowConfig"
-	SHOW_INGEST_PERM          = "ShowIngest"
 	SHOW_NAMESPACE_PERM       = "ShowNamespace"
 	SHOW_PGADMIN_PERM         = "ShowPgAdmin"
 	SHOW_PGBOUNCER_PERM       = "ShowPgBouncer"
@@ -119,6 +116,7 @@ func InitializePerms() {
 		LABEL_PERM:        "yes",
 		LOAD_PERM:         "yes",
 		RELOAD_PERM:       "yes",
+		RESTART_PERM:      "yes",
 		RESTORE_PERM:      "yes",
 		STATUS_PERM:       "yes",
 		TEST_CLUSTER_PERM: "yes",
@@ -129,7 +127,6 @@ func InitializePerms() {
 		CREATE_DUMP_PERM:      "yes",
 		CREATE_CLUSTER_PERM:   "yes",
 		CREATE_FAILOVER_PERM:  "yes",
-		CREATE_INGEST_PERM:    "yes",
 		CREATE_NAMESPACE_PERM: "yes",
 		CREATE_PGADMIN_PERM:   "yes",
 		CREATE_PGBOUNCER_PERM: "yes",
@@ -146,7 +143,6 @@ func InitializePerms() {
 		// DELETE
 		DELETE_BACKUP_PERM:    "yes",
 		DELETE_CLUSTER_PERM:   "yes",
-		DELETE_INGEST_PERM:    "yes",
 		DELETE_NAMESPACE_PERM: "yes",
 		DELETE_PGADMIN_PERM:   "yes",
 		DELETE_PGBOUNCER_PERM: "yes",
@@ -160,7 +156,6 @@ func InitializePerms() {
 		SHOW_BACKUP_PERM:          "yes",
 		SHOW_CLUSTER_PERM:         "yes",
 		SHOW_CONFIG_PERM:          "yes",
-		SHOW_INGEST_PERM:          "yes",
 		SHOW_NAMESPACE_PERM:       "yes",
 		SHOW_PGADMIN_PERM:         "yes",
 		SHOW_PGBOUNCER_PERM:       "yes",
