From 1cce4614904c6798ea39e5655318a67cd68fe898 Mon Sep 17 00:00:00 2001 From: Kamakshee Samant Date: Mon, 4 Dec 2023 17:42:10 +1100 Subject: [PATCH 1/2] chore: update poco policy fr ghe basic critical polli test --- etc/poco/bundle/extras-prod-test.json | 20 ++++++++++++++++++++ etc/poco/bundle/extras-prod.json | 1 + 2 files changed, 21 insertions(+) diff --git a/etc/poco/bundle/extras-prod-test.json b/etc/poco/bundle/extras-prod-test.json index a9551314d..971febfce 100644 --- a/etc/poco/bundle/extras-prod-test.json +++ b/etc/poco/bundle/extras-prod-test.json @@ -90,6 +90,16 @@ ], "allowed": true }, + { + "name": "Allow pollinator GHE basic critical test to call Delete Installation endpoints", + "path": "/api/deleteInstallation/510/https%3A%2F%2Ffusion-arc-pollinator-staging-app.atlassian.net/github-app-id/123", + "method": "DELETE", + "mechanism": "asap", + "principals": [ + "pollinator-check/42166522-a00b-4c93-858c-bda16bbf7aba" + ], + "allowed": true + }, { "name": "Allow pollinator GHE backfill test to call Delete Installation endpoints", "path": "/api/deleteInstallation/21266506/https%3A%2F%2Ffusion-arc-pollinator-staging-app.atlassian.net/github-app-id/123", @@ -140,6 +150,16 @@ ], "allowed": false }, + { + "name": "Not allow Pollinator GHE basic critical tests to call other Admin endpoints", + "path": "/api/jira/13453453/verify", + "method": "DELETE", + "mechanism": "asap", + "principals": [ + "pollinator-check/42166522-a00b-4c93-858c-bda16bbf7aba" + ], + "allowed": false + }, { "name": "Not allow Pollinator GHE backfill tests to call other Admin endpoints", "path": "/api/jira/13453453/verify", diff --git a/etc/poco/bundle/extras-prod.json b/etc/poco/bundle/extras-prod.json index 3cb5a1d69..83a7b3b4c 100644 --- a/etc/poco/bundle/extras-prod.json +++ b/etc/poco/bundle/extras-prod.json @@ -12,6 +12,7 @@ "asap": { "issuers": [ "pollinator-check/9d09aa37-c3e7-4b85-b86d-4d299ad54954", + "pollinator-check/42166522-a00b-4c93-858c-bda16bbf7aba", "pollinator-check/d99d882f-74a9-4093-822a-9ddf38b5e523", "pollinator-check/713bec45-18fb-48c7-b6c2-46e6e824caec", "pollinator-check/b33f33a7-c308-468e-a2a2-06c1f2443bfb", From a5e935b149991e4902ecb889a4f6eb916000f02b Mon Sep 17 00:00:00 2001 From: Kamakshee Samant Date: Thu, 7 Dec 2023 08:39:26 +1100 Subject: [PATCH 2/2] chore: add missing poco policies fr audit log --- etc/poco/bundle/extras-prod-test.json | 12 +++++++++++- etc/poco/bundle/extras-prod.json | 3 ++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/etc/poco/bundle/extras-prod-test.json b/etc/poco/bundle/extras-prod-test.json index 971febfce..a90ca3c1d 100644 --- a/etc/poco/bundle/extras-prod-test.json +++ b/etc/poco/bundle/extras-prod-test.json @@ -41,7 +41,7 @@ "allowed": true }, { - "name": "Allow Prod Basic Check Critical Pollinator Test to call Get Audit Log endpoints", + "name": "Allow Prod Basic Check Critical Pollinator Test to call Get Audit Log endpoints for cloud", "path": "/api/audit-log/subscription/255625", "method": "GET", "mechanism": "asap", @@ -50,6 +50,16 @@ ], "allowed": true }, + { + "name": "Allow Prod Basic Check Critical Pollinator Test to call Get Audit Log endpoints for ghe", + "path": "/api/audit-log/subscription/256125", + "method": "GET", + "mechanism": "asap", + "principals": [ + "pollinator-check/d4f03d07-12fe-4a69-9d68-c1841066772e" + ], + "allowed": true + }, { "name": "Allow pollinator test to call Delete Installation endpoints", "path": "/api/deleteInstallation/21266506/https%3A%2F%2Ffusion-arc-pollinator-staging-app.atlassian.net", diff --git a/etc/poco/bundle/extras-prod.json b/etc/poco/bundle/extras-prod.json index 83a7b3b4c..d201b96cd 100644 --- a/etc/poco/bundle/extras-prod.json +++ b/etc/poco/bundle/extras-prod.json @@ -36,7 +36,8 @@ "issuers": [ "pollinator-check/f24ec1a9-d03d-45c7-bbd8-f2094543eaba", "pollinator-check/8692803e-287a-48e3-bad1-49a60a7a4f9d", - "pollinator-check/d4f03d07-12fe-4a69-9d68-c1841066772e" + "pollinator-check/d4f03d07-12fe-4a69-9d68-c1841066772e", + "pollinator-check/42166522-a00b-4c93-858c-bda16bbf7aba" ] } }