From db8730849aae4f0dbbb8aef2eeb493f156e11e7c Mon Sep 17 00:00:00 2001
From: "Yauheni  Rykhter (EPAM)" <yauheni_rykhter@epam.com>
Date: Wed, 27 Apr 2022 12:57:51 +0000
Subject: [PATCH] GONRG-4778: Reconfigure authorization policy for Partition

---
 .../partition-authorization-policy.yml        | 38 +++++++++++--------
 devops/gcp/deploy/values.yaml                 |  2 -
 2 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/devops/gcp/deploy/templates/partition-authorization-policy.yml b/devops/gcp/deploy/templates/partition-authorization-policy.yml
index 8b7d4e9fe..0d305dcaa 100644
--- a/devops/gcp/deploy/templates/partition-authorization-policy.yml
+++ b/devops/gcp/deploy/templates/partition-authorization-policy.yml
@@ -14,22 +14,27 @@ spec:
 {{- toYaml $spec.matchLabels | nindent 6 }}
   action: ALLOW
   rules:
-  {{- range $rule := $spec.rules }}
   - from:
     - source:
-        principals: 
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/entitlements-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/search-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/storage-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/register-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/notification-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-queue-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/schema-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/file-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/dataset-k8s
-        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal-k8s
+        principals:
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/crs-catalog
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/crs-conversion
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/dataset
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/entitlements
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/file
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/indexer-queue
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/legal
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/notification
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/register
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/schema
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/search
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/seismic-store
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/storage
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/unit
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/well-delivery
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/wks
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/workflow
     to:
     - operation:
         methods:
@@ -39,14 +44,15 @@ spec:
   - from:
     - source:
         principals: 
-         - cluster.local/ns/{{ $rule.bootstrap_namespace }}/sa/workload-gke-bootstrap-sa
+        - cluster.local/ns/{{ $.Release.Namespace }}/sa/bootstrap-sa
     to:
     - operation:
         methods:
         - POST
+        - PUT
         - PATCH
+        - GET
         paths:
         - /api/partition/v1/*
 {{- end }}
 {{- end }}
-{{- end }}
diff --git a/devops/gcp/deploy/values.yaml b/devops/gcp/deploy/values.yaml
index b69b3a639..3b61511bd 100644
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -25,5 +25,3 @@ authorizations:
   partitionPolicy:
     matchLabels:
       app: partition
-    rules:
-      - bootstrap_namespace: config
-- 
GitLab