Begin developing pki subscriber

2026-01-09 23:48:05 -05:00 · 2025-05-06 09:44:57 -07:00
parent d1122886fd
commit cf4f2ea6b1
44 changed files with 1996 additions and 6 deletions
--- a/backend/src/ee/services/permission/project-permission.ts
+++ b/backend/src/ee/services/permission/project-permission.ts
@@ -79,6 +79,15 @@ export enum ProjectPermissionSshHostActions {
  IssueHostCert = "issue-host-cert"
 }

+export enum ProjectPermissionPkiSubscriberActions {
+  Read = "read",
+  Create = "create",
+  Edit = "edit",
+  Delete = "delete",
+  IssueCert = "issue-cert",
+  SignCert = "sign-cert"
+}
+
 export enum ProjectPermissionSecretSyncActions {
  Read = "read",
  Create = "create",
@@ -135,6 +144,7 @@ export enum ProjectPermissionSub {
  SshCertificateTemplates = "ssh-certificate-templates",
  SshHosts = "ssh-hosts",
  SshHostGroups = "ssh-host-groups",
+  PkiSubscribers = "pki-subscribers",
  PkiAlerts = "pki-alerts",
  PkiCollections = "pki-collections",
  Kms = "kms",
@@ -241,6 +251,7 @@ export type ProjectPermissionSet =
      ProjectPermissionSshHostActions,
      ProjectPermissionSub.SshHosts | (ForcedSubject<ProjectPermissionSub.SshHosts> & SshHostSubjectFields)
    ]
+  | [ProjectPermissionPkiSubscriberActions, ProjectPermissionSub.PkiSubscribers] // (dangtony98): TODO: update
  | [ProjectPermissionActions, ProjectPermissionSub.SshHostGroups]
  | [ProjectPermissionActions, ProjectPermissionSub.PkiAlerts]
  | [ProjectPermissionActions, ProjectPermissionSub.PkiCollections]
@@ -719,6 +730,17 @@ const buildAdminPermissionRules = () => {
    ProjectPermissionSub.SshHosts
  );

+  can(
+    [
+      ProjectPermissionPkiSubscriberActions.Read,
+      ProjectPermissionPkiSubscriberActions.Create,
+      ProjectPermissionPkiSubscriberActions.Edit,
+      ProjectPermissionPkiSubscriberActions.Delete,
+      ProjectPermissionPkiSubscriberActions.IssueCert
+    ],
+    ProjectPermissionSub.PkiSubscribers
+  );
+
  can(
    [
      ProjectPermissionMemberActions.Create,
@@ -977,6 +999,7 @@ const buildMemberPermissionRules = () => {

  can([ProjectPermissionActions.Read], ProjectPermissionSub.PkiAlerts);
  can([ProjectPermissionActions.Read], ProjectPermissionSub.PkiCollections);
+  can([ProjectPermissionPkiSubscriberActions.Read], ProjectPermissionSub.PkiSubscribers);

  can([ProjectPermissionActions.Read], ProjectPermissionSub.SshCertificates);
  can([ProjectPermissionActions.Create], ProjectPermissionSub.SshCertificates);