Task Type: updateApplication

A policy call is made for this type anytime a user attmpts to edit an existing application.
  • Path: tasks
  • Method: Post
  • Package: spinnaker.http.authz

Example Payload

Click to expand
{
  "input": {
    "body": {
      "application": "aftest2",
      "description": "Update Application: aftest2",
      "job": [
        {
          "application": {
            "cloudProviders": "kubernetes",
            "dataSources": {
              "disabled": [],
              "enabled": []
            },
            "description": "description2",
            "email": "dasdasd@trest.com",
            "instancePort": 80,
            "lastModifiedBy": "myUserName",
            "name": "aftest2",
            "permissions": {
              "EXECUTE": [
                "productmanagers"
              ],
              "READ": [
                "productmanagers"
              ],
              "WRITE": [
                "productmanagers"
              ]
            },
            "repoProjectKey": "project",
            "repoSlug": "name",
            "repoType": "github",
            "trafficGuards": [],
            "updateTs": "1621444448000",
            "user": "myUserName"
          },
          "type": "updateApplication",
          "user": "myUserName"
        }
      ]
    },
    "method": "POST",
    "path": [
      "tasks"
    ],
    "user": {
      "isAdmin": false,
      "roles": [
        {
          "name": "armory-io",
          "source": "GITHUB_TEAMS"
        },
        {
          "name": "productmanagers",
          "source": "GITHUB_TEAMS"
        }
      ],
      "username": "myUserName"
    }
  }
}

Example Policy

This policy disables the ability to create new applications, or update existing applications unless the applications have specified at least 1 role with ‘write’ permissions.

Note: The UI is not currently able to display an error message when this policy denies the action.

package spinnaker.http.authz

allow = message==""

default message=""
message="You must provide at least 1 user with full execute permissions"{
  not(hasWritePermissions(input.body.job[0]))
  createsTaskOfType(["createApplication","updateApplication"][_])
}

hasWritePermissions(job) {
  count(job.application.permissions.WRITE)>0
}

createsTaskOfType(tasktype){
    input.method="POST"
    input.path=["tasks"]
    input.body.job[_].type=tasktype
}

Keys

KeyTypeDescription
input.body.applicationstringThe name of the application being created.
input.body.descriptionstringThe description of the application being created.
input.body.job[].application.cloudProvidersstringThe application’s allowed cloud providers.
input.body.job[].application.emailstringThe email address of the owner of the application.
input.body.job[].application.instancePortnumber
input.body.job[].application.namestringThe name of the application being created.
input.body.job[].typestringThe type of task being run, in this case “createApplication”.
input.body.job[].userstringThe ID of the user to run the job as.
input.methodstringThe HTTP method by which the API is being called. When creating a task this is POST
input.path[]stringThe API path of the job. When creating a new task this is the array ["tasks"]
input.user.isAdminboolean
input.user.roles[].namestring
input.user.roles[].sourcestring
input.user.usernamestring
input.body.job[].application.descriptionstringThe description of the application being created.
input.body.job[].application.permissions.EXECUTE[]stringThe list of roles that have execute permission to the application.
input.body.job[].application.permissions.READ[]stringThe list of roles that have read permission to the application.
input.body.job[].application.permissions.WRITE[]stringThe list of roles that have write permission to the application.
input.body.job[].application.repoProjectKeystringWhat is the unique ID of the project in source control.
input.body.job[].application.repoSlugstringWhat is the slug for the source code repo? Typically the repository’s owner or organization ID.
input.body.job[].application.repoTypestringWith what type of sourcecode repo is this application associated.

Last modified August 18, 2023: (02b163b7)