Revoke Access Template
By using this kind of template, you are revoking access for a resource to one or more users. The template looks like the following one:
apiVersion: witboost.com/v1
kind: AccessControlRequestTemplate
metadata:
name: revoke-request-template
title: Revoke Request
description: Template definition for revoking access
spec:
type: revoke
owner: datameshplatform
parameters:
- title: Revoke Request
required:
- identities
- motivation
properties:
identities:
title: Identities
type: array
description: Select users/groups that you are requesting a revoke
ui:field: AccessControlListPicker
ui:options:
allowedKinds:
- user
- group
motivation:
title: Motivation
type: string
description: Motivate your request
ui:options:
multiline: true
rows: 6
steps:
- id: send_request
name: Send Request
action: revoke-request:send
input:
identities: '${{ parameters.identities }}'
fields:
identities: '${{ parameters.identities }}'
motivation: '${{ parameters.motivation }}'
displayFields:
- title: Motivation
text: '${{ parameters.motivation }}'
It has the same structure of a standard template, so any picker can be used in the parameters section. The main differences are the following:
- the
kind
must be AccessControlRequestTemplate - the
spec.type
must berevoke
- the
spec.steps
part is mandatory, and follows the above schema. For an Access Control Request Template to work properly, theaction
with valuerevoke-request:send
must be defined. - the
spec.steps.input.fields
object allows you to define all the fields that you want to attach to the request and that will be sent to an external service, if configured.
info
The identities
field is required by witboost in order to know which are the subjects interested in this access request or revoke request.
How to use it
In order to access the revoke template, you must enable the configuration in your values.yaml
in order to unlock the revoke button.
In particular, you must enable the following value:
mesh:
marketplace:
ui:
accessControl:
enableRevokeRequest: true
info
Remember that you can navigate to the access control panel only if you are the owner of the resource.