Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add user object to the filter namespace #10051

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add user object to the filter namespace #10051

wants to merge 1 commit into from

Conversation

wolneykien
Copy link

The current evaluation context of the filter function defined for an ApiUser doesn't provide any way to access the user object itself.

With the patch applied the problem of having an ApiUser per Host (see https://community.icinga.com/t/per-host-api-user-for-passive-check-submission/9053/3 , for instance) can be solved by first defining a template like this:

template ApiUser "usersync" {
  permissions = [{
    permission = "actions/process-check-result"
    filter = () => {
      return host.name == user.client_cn
    }
  }]
}

And then by creating an ApiUser that imports it, possibly using the REST API. I. e.:

curl ... -X PUT 'https://localhost:5665/v1/objects/apiusers/userforhost1' -d '{"attrs": {"client_cn": "host1"}, "templates": ["usersync"]}'

@wolneykien
Add user object to the filter namespace
c322a7c 
The current evaluation context of the `filter` function, defined for
an `ApiUser` doesn't provide any way to access the user object itself.

With the patch applied the problem of having an `ApiUser` per `Host`
(see https://community.icinga.com/t/per-host-api-user-for-passive-check-submission/9053/3 , for instance) can be solved by first defining a template like this:

    template ApiUser "usersync" {
      permissions = [{
        permission = "actions/process-check-result"
        filter = () => {
          return host.name == user.client_cn
        }
      }]
    }

And then by creating an `ApiUser` that imports it, possibly
using the REST API. I. e.:

    curl ... -X PUT 'https://localhost:5665/v1/objects/apiusers/userforhost1' -d '{"attrs": {"client_cn": "host1"}, "templates": ["usersync"]}'

Signed-off-by: Paul Wolneykien <manowar@altlinux.org>
@cla-bot cla-bot
Copy link

cla-bot bot commented Apr 26, 2024

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Paul Wolneykien.
This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email email@example.com
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

@Al2Klimov
Copy link
Member

Didn't test, but I could imagine that it also works like this:

  • At the beginning of the template get the user: var user = this
  • Capture that var in the filter closure: use(user)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wolneykien @Al2Klimov