diff --git a/components/docs-chef-io/content/automate/iam_actions.md b/components/docs-chef-io/content/automate/iam_actions.md index f1c7dd19c9d..beb917a150e 100644 --- a/components/docs-chef-io/content/automate/iam_actions.md +++ b/components/docs-chef-io/content/automate/iam_actions.md @@ -42,3 +42,136 @@ Specify the action to restrict user access to the specific action. | Manage Roles | Settings | iam:roles:* | /iam/v2/roles | https://{{< example_fqdn "automate" >}}/settings/roles | | Manage Projects | Settings | iam:projects:* | /iam/v2/projects | https://{{< example_fqdn "automate" >}}/settings/projects | {{% /responsive-table %}} + +## Infra Server View Actions + +These are *IAM Actions* for different views and action in the **Infra Server View** tab in Automate. + +| Task | Method | IAM Action | API endpoint | URL | +| ------| ---------- | --------- | ------------- | --------- | +| List Infra Servers | GET | infra:infraServers:list | /api/v0/infra/servers | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers | +| Get Infra Server | GET | infra:infraServers:get | /api/v0/infra/servers/{id} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id} | +| Create Infra Server | POST | infra:infraServers:create | /api/v0/infra/servers | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers | +| Update Infra Server | PUT | infra:infraServers:update | /api/v0/infra/servers/{id} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id} | +| Delete Infra Server | DELETE | infra:infraServers:delete | /api/v0/infra/servers/{id} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id} | +| List Orgs | GET | infra:infraServersOrgs:list | /api/v0/infra/servers/{server_id}/orgs | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs | +| Get Org | GET | infra:infraServersOrgs:get | /api/v0/infra/servers/{server_id}/orgs/{id} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{id} | +| Create Org | POST | infra:infraServersOrgs:create,iam:projects:assign | /api/v0/infra/servers/{server_id}/orgs | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs | +| Update Org | PUT | infra:infraServersOrgs:update | /api/v0/infra/servers/{server_id}/orgs/{id} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{id} | +| Delete Org | DELETE | infra:infraServersOrgs:delete | /api/v0/infra/servers/{server_id}/orgs/{id} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{id} | +| List Cookbooks | GET | infra:infraServersOrgsCookbooks:list | /api/v0/infra/servers/{server_id}/orgs/{org_id}/cookbooks | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/cookbooks | +| Get Cookbooks | GET | infra:infraServersOrgsCookbooks:get | /api/v0/infra/servers/{server_id}/orgs/{org_id}/cookbooks/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/cookbooks/{name} | +| List Roles | GET | infra:infraServersOrgsRoles:list | /api/v0/infra/servers/{id}/orgs/{org_id}/roles | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/roles | +| Get Roles | GET | infra:infraServersOrgsRoles:get | /api/v0/infra/servers/{id}/orgs/{org_id}/roles/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/roles/{name} | +| Create Roles | POST | infra:infraServersOrgsRoles:create | /api/v0/infra/servers/{id}/orgs/{org_id}/roles | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/roles | +| Update Roles | PUT | infra:infraServersOrgsRoles:update | /api/v0/infra/servers/{id}/orgs/{org_id}/roles/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/roles/{name} | +| Delete Roles | DELETE | infra:infraServersOrgsRoles:delete | /api/v0/infra/servers/{id}/orgs/{org_id}/roles/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/roles/{name} | +| List Environments | GET | infra:infraServersOrgsEnvironments:list | /api/v0/infra/servers/{id}/orgs/{org_id}/environments | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/environments | +| Get Environments | GET | infra:infraServersOrgsEnvironments:get | /api/v0/infra/servers/{id}/orgs/{org_id}/environments/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/environments/{name} | +| Create Environments | POST | infra:infraServersOrgsEnvironments:create | /api/v0/infra/servers/{id}/orgs/{org_id}/environments | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/environments | +| Update Environments | PUT | infra:infraServersOrgsEnvironments:update | /api/v0/infra/servers/{id}/orgs/{org_id}/environments/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/environments/{name} | +| Delete Environments | DELETE | infra:infraServersOrgsEnvironments:delete | /api/v0/infra/servers/{id}/orgs/{org_id}/environments/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/environments/{name} | +| Get DataBags | GET | infra:infraServersOrgsDataBags:get | /api/v0/infra/servers/{id}/orgs/{org_id}/data_bags | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/data_bags | +| Create DataBags | POST | infra:infraServersOrgsDataBags:create | /api/v0/infra/servers/{id}/orgs/{org_id}/data_bags | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/data_bags | +| Delete DataBags | DELETE | infra:infraServersOrgsDataBags:delete | /api/v0/infra/servers/{id}/orgs/{org_id}/data_bags/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{id}/orgs/{org_id}/data_bags/{name} | +| Get DataBagItem | GET | infra:infraServersOrgsDataBagsItem:get | /api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name}/{item} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name}/{item} | +| Create DataBagItem | POST | infra:infraServersOrgsDataBagsItem:create | /api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name} | +| Update DataBagItem | PUT | infra:infraServersOrgsDataBagsItem:update | /api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name}/{item_id} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name}/{item_id} | +| Delete DataBagsItem | DELETE | infra:infraServersOrgsDataBagsItem:delete | /api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name}/{item} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name}/{item} | +| Delete DataBags | DELETE | infra:infraServersOrgsDataBags:delete | /api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name} | https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/data_bags/{name} | +| Get PolicyFiles | GET | infra:infraServersOrgsPolicyFiles:get | /api/v0/infra/servers/{server_id}/orgs/{org_id}/policyfiles| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/policyfiles | +| Delete PolicyFiles | DELETE | infra:infraServersOrgsPolicyFiles:delete | /api/v0/infra/servers/{server_id}/orgs/{org_id}/policyfiles/{name}| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/policyfiles/{name} | +| Get PolicyGroups | GET | infra:infraServersOrgsPolicyGroups:get | /api/v0/infra/servers/{server_id}/orgs/{org_id}/policygroups/{name}| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/policygroups/{name} | +| Get Client | GET | infra:infraServersOrgsClient:get | /api/v0/infra/servers/{server_id}/orgs/{org_id}/clients/{name}| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/clients/{name} | +| Create Client | POST | infra:infraServersOrgsClient:create | /api/v0/infra/servers/{server_id}/orgs/{org_id}/clients| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/clients | +| Reset Client Key | PUT | infra:infraServersOrgsClient:update | /api/v0/infra/servers/{server_id}/orgs/{org_id}/clients/{name}/reset| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/clients/{name}/reset | +| Delete Client | DELETE | infra:infraServersOrgsClient:delete | /api/v0/infra/servers/{server_id}/orgs/{org_id}/clients/{name}| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/clients/{name} | +| Get Node | GET | infra:infraServersOrgsNodes:get | /api/v0/infra/servers/{server_id}/orgs/{org_id}/nodes| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/nodes | +| Update Node | POST | infra:infraServersOrgsNodes:update | /api/v0/infra/servers/{server_id}/orgs/{org_id}/nodes| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/nodes | +| Delete Node | DELETE | infra:infraServersOrgsNodes:delete | /api/v0/infra/servers/{server_id}/orgs/{org_id}/nodes/{name}| https://{{< example_fqdn "automate" >}}/api/v0/infra/servers/{server_id}/orgs/{org_id}/nodes/{name} | + +Three types of user policies automatically gets created when a project is created. + +### Infra Viewer Policy Actions + +``` +secrets:*:get, +secrets:*:list, +infra:*:get, +infra:*:list, +compliance:*:get, +compliance:*:list, +event:*:get, +event:*:list, +ingest:*:get, +ingest:*:list, +iam:projects:list, +iam:projects:get, +applications:*:get, +applications:*:list +``` + +### Infra Editor Policy Actions + +``` +infra:*:list, +infra:*:get, +infra:infraServersOrgsRoles:create, +infra:infraServersOrgsRoles:update, +infra:infraServersOrgsClient:create, +infra:infraServersOrgsClient:update, +infra:infraServersOrgsDataBags:create, +infra:infraServersOrgsDataBagsItem:create, +infra:infraServersOrgsDataBagsItem:update, +infra:infraServersOrgsEnvironments:create, +infra:infraServersOrgsEnvironments:update, +infra:infraServersOrgsNodes:update, +compliance:*, +event:*, +ingest:*, +secrets:*, +iam:projects:list, +iam:projects:get, +iam:projects:assign, +applications:* +``` + +### Infra Project Owner Policy Actions + +``` +infra:*:list, +infra:*:get, +infra:infraServersOrgsRoles:create, +infra:infraServersOrgsRoles:update, +infra:infraServersOrgsRoles:delete, +infra:infraServersOrgsClient:create, +infra:infraServersOrgsClient:update, +infra:infraServersOrgsClient:delete, +infra:infraServersOrgsDataBags:create, +infra:infraServersOrgsDataBags:delete, +infra:infraServersOrgsDataBagsItem:create, +infra:infraServersOrgsDataBagsItem:update, +infra:infraServersOrgsDataBagsItem:delete, +infra:infraServersOrgsEnvironments:create, +infra:infraServersOrgsEnvironments:update, +infra:infraServersOrgsEnvironments:delete, +infra:infraServersOrgsNodes:update, +infra:infraServersOrgsNodes:delete, +infra:infraServersOrgsPolicyFiles:delete, +compliance:*, +event:*, +ingest:*, +secrets:*, +iam:projects:list, +iam:projects:get, +iam:projects:assign, +iam:policies:list, +iam:policies:get, +iam:policyMembers:*, +iam:teams:list, +iam:teams:get, +iam:teamUsers:*, +iam:users:get, +iam:users:list, +applications:* +```