diff --git a/.github/workflows/_docs_lint.yaml b/.github/workflows/_docs_lint.yaml index 538d55b6..6e9a653c 100644 --- a/.github/workflows/_docs_lint.yaml +++ b/.github/workflows/_docs_lint.yaml @@ -13,7 +13,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4.2.0 with: - node-version: 18 + node-version: 20 - name: Install Yarn dependencies uses: borales/actions-yarn@v5.0.0 diff --git a/bundler/src/bundle.rs b/bundler/src/bundle.rs index bb696a21..6d586938 100644 --- a/bundler/src/bundle.rs +++ b/bundler/src/bundle.rs @@ -237,6 +237,7 @@ async fn read_static_data( Ok(data) } +#[allow(dead_code)] /// Combination of possible errors when fetching data to create bundle #[derive(Debug, thiserror::Error)] pub enum BundleDataError { diff --git a/charts/bundler/Chart.yaml b/charts/bundler/Chart.yaml index 181179ce..8dd11459 100644 --- a/charts/bundler/Chart.yaml +++ b/charts/bundler/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: bundler description: A Open Policy Agent (OPA) Data Bundle Server providing permissionable data from ISPyB type: application -version: 0.5.2 -appVersion: 0.0.15 +version: 0.5.3 +appVersion: 0.0.16 maintainers: - name: garryod email: "garry.o'donnell@diamond.ac.uk" diff --git a/charts/bundler/static/admin.json b/charts/bundler/static/admin.json index cf048930..ee7f799b 100644 --- a/charts/bundler/static/admin.json +++ b/charts/bundler/static/admin.json @@ -9,6 +9,7 @@ "tomo_admin": [], "xpdf_admin": ["i15", "i15-1"], + "b01-1_admin": ["b01-1"], "b07_admin": ["b07"], "b16_admin": ["b16"], "b18_admin": ["b18"], diff --git a/charts/opa/Chart.yaml b/charts/opa/Chart.yaml index 399fea93..51de9c4f 100644 --- a/charts/opa/Chart.yaml +++ b/charts/opa/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: opa description: An OPA deployment to run alongside applications requiring authorization type: application -version: 0.6.4 +version: 0.6.5 appVersion: 0.59.0 maintainers: - name: garryod diff --git a/charts/opa/templates/opa-config.yaml b/charts/opa/templates/opa-config.yaml index 27a46f84..87c630e4 100644 --- a/charts/opa/templates/opa-config.yaml +++ b/charts/opa/templates/opa-config.yaml @@ -32,7 +32,7 @@ data: {{- if .Values.orgPolicy.enabled }} diamond-policies: service: ghcr - resource: ghcr.io/diamondlightsource/authz-policy:0.0.15 + resource: ghcr.io/diamondlightsource/authz-policy:0.0.16 polling: min_delay_seconds: 30 max_delay_seconds: 120 diff --git a/policy/diamond/policy/admin/admin.rego b/policy/diamond/policy/admin/admin.rego index 49b5ee42..b8ada554 100644 --- a/policy/diamond/policy/admin/admin.rego +++ b/policy/diamond/policy/admin/admin.rego @@ -5,10 +5,12 @@ import rego.v1 is_admin[subject] := "super_admin" in data.diamond.data.subjects[subject].permissions -beamline_admin_for_subject[subject] contains beamline if { - some subject - some role in data.diamond.data.subjects[subject].permissions - some beamline in data.diamond.data.admin[role] +beamline_admin_for_subject[subject_name] contains beamline if { + some subject_name, subject in data.diamond.data.subjects + some subject_role in subject.permissions + some role, role_beamlines in data.diamond.data.admin + subject_role == role + some beamline in role_beamlines } admin := is_admin[token.claims.fedid] # regal ignore:rule-name-repeats-package diff --git a/regal.yaml b/regal.yaml index 351ccfb1..66127a62 100644 --- a/regal.yaml +++ b/regal.yaml @@ -2,3 +2,10 @@ rules: idiomatic: no-defined-entrypoint: level: ignore + + imports: + unresolved-reference: + level: error + except-paths: + - data.diamond.data + - data.diamond.data.*