diff options
author | James E. Blair <jim@acmegating.com> | 2022-09-22 14:14:57 -0700 |
---|---|---|
committer | James E. Blair <jim@acmegating.com> | 2022-10-06 15:38:24 -0700 |
commit | 3a0eaa1ffea1a32d4f11864485f2883194a99354 (patch) | |
tree | 0f5e9e0428e7e90cf9b16c87b868d0bb0906b36e /zuul/web/__init__.py | |
parent | 24d9076b765441a1813aa15af3ff7790fec2929d (diff) | |
download | zuul-3a0eaa1ffea1a32d4f11864485f2883194a99354.tar.gz |
Rename admin-rule to authorization-rule
This is a preparatory step to add access-control for read-level
access to the API and web UI. Because we will likely end up with
tenant config that looks like:
- tenant:
name: example
admin-rules: ['my-admin-rule']
access-rules: ['my-read-only-rule']
It does not make sense for 'my-read-only-rule' to be defined as:
- admin-rule:
name: read-only-rule
In other words, the current nomenclature conflates (new word:
nomenconflature) the idea of an abstract authorization rule and
what it authorizes. The new name makes it more clear than an
authorization-rule can be used to authorize more than just admin
access.
Change-Id: I44da8060a804bc789720bd207c34d802a52b6975
Diffstat (limited to 'zuul/web/__init__.py')
-rwxr-xr-x | zuul/web/__init__.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/zuul/web/__init__.py b/zuul/web/__init__.py index 09706057b..b62af00e5 100755 --- a/zuul/web/__init__.py +++ b/zuul/web/__init__.py @@ -871,8 +871,8 @@ class ZuulWebAPI(object): (isinstance(override, list) and tenant.name in override)): return True - for rule_name in tenant.authorization_rules: - rule = self.zuulweb.abide.admin_rules.get(rule_name) + for rule_name in tenant.admin_rules: + rule = self.zuulweb.abide.authz_rules.get(rule_name) if not rule: self.log.error('Undefined rule "%s"', rule_name) continue @@ -2170,7 +2170,7 @@ class ZuulWeb(object): for tenant_name in deleted_tenants: self.abide.clearTPCs(tenant_name) - loader.loadAdminRules(self.abide, self.unparsed_abide) + loader.loadAuthzRules(self.abide, self.unparsed_abide) loader.loadSemaphores(self.abide, self.unparsed_abide) loader.loadTPCs(self.abide, self.unparsed_abide) |