API : update a namespace's metadata and role mappings #508
Conversation
| @@ -34,6 +34,7 @@ class Permissions(enum.Enum): | |||
| BUILD_DELETE = "build::delete" | |||
| NAMESPACE_CREATE = "namespace::create" | |||
| NAMESPACE_READ = "namespace::read" | |||
| NAMESPACE_UPDATE = "namespace::update" | |||
There was a problem hiding this comment.
@pierrotsmnrd this PR looks great to me. No real issues. My questions is on the granularity of permissions:
Should we have one permission namespace::update or should we have more? I think it is always easier to join permissions than to split them later on. Roles already provide an easy way to group them. To me having the ability to change a namespaces metadata and giving users permissions to a namespace are at much different permission levels.
So for example:
namespace::updateupdate the metadata for a namespacenamespace-role-mapping::readnamespace-role-mapping::createnamespace-role-mapping::delete
I'm not entirely sure on the naming. This would allow us to give people viewer access to namespaces but not see who else is a member etc. Not sure if there is an exact use case for now but it could be useful to give people view access to a namespace but not see who is there.
| def update_namespace( | ||
| db, | ||
| name: str, | ||
| metadata_: Optional[Dict] | None = None, |
There was a problem hiding this comment.
Let's not use | since this isn't backwards compatible with 3.9. Use typing.Union
pierrotsmnrd
changed the title
This PR adds a new API endpoint to update a namespace's role mappings and metadata.
the
PUT /conda-store/api/v1/namespace/{namespace}/endpoint takes a JSON payload to update the metadata, the role mappings, or both.{ "metadata": {"my_key":"my_value"} }{ "role_mappings": { "admin/admin": ["admin", "viewer", "developer"], "admin/*": ["viewer"], "demo/*": ["developer"] } }{ "metadata": {"my_key":"my_value"}, "role_mappings": { "admin/admin": ["admin"], "admin/*": ["viewer"], "demo/*": ["developer"] } }@costrouc tell me if that works for you or if you'd see another approach or pattern.
According to the original issue #491 :
We now need to add an endpoint to list the role mappings.