125 lines
4.6 KiB
YAML
125 lines
4.6 KiB
YAML
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership.
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## -- sureness.yml account source -- ##
|
|
|
|
# config the resource restful api that need auth protection, base rbac
|
|
# rule: api===method===role
|
|
# eg: /api/v1/source1===get===[admin] means /api/v2/host===post support role[admin] access.
|
|
# eg: /api/v1/source2===get===[] means /api/v1/source2===get can not access by any role.
|
|
resourceRole:
|
|
- /api/account/auth/refresh===post===[admin,user,guest]
|
|
- /api/apps/**===get===[admin,user,guest]
|
|
- /api/monitor/**===get===[admin,user,guest]
|
|
- /api/monitor/**===post===[admin,user]
|
|
- /api/monitor/**===put===[admin,user]
|
|
- /api/monitor/**===delete==[admin]
|
|
- /api/monitors/**===get===[admin,user,guest]
|
|
- /api/monitors/**===post===[admin,user]
|
|
- /api/monitors/**===put===[admin,user]
|
|
- /api/monitors/**===delete===[admin]
|
|
- /api/alert/**===get===[admin,user,guest]
|
|
- /api/alert/**===post===[admin,user]
|
|
- /api/alert/**===put===[admin,user]
|
|
- /api/alert/**===delete===[admin]
|
|
- /api/alerts/**===get===[admin,user,guest]
|
|
- /api/alerts/**===post===[admin,user]
|
|
- /api/alerts/**===put===[admin,user]
|
|
- /api/alerts/**===delete===[admin]
|
|
- /api/notice/**===get===[admin,user,guest]
|
|
- /api/notice/**===post===[admin,user]
|
|
- /api/notice/**===put===[admin,user]
|
|
- /api/notice/**===delete===[admin]
|
|
- /api/tag/**===get===[admin,user,guest]
|
|
- /api/tag/**===post===[admin,user]
|
|
- /api/tag/**===put===[admin,user]
|
|
- /api/tag/**===delete===[admin]
|
|
- /api/summary/**===get===[admin,user,guest]
|
|
- /api/summary/**===post===[admin,user]
|
|
- /api/summary/**===put===[admin,user]
|
|
- /api/summary/**===delete===[admin]
|
|
- /api/collector/**===get===[admin,user,guest]
|
|
- /api/collector/**===post===[admin,user]
|
|
- /api/collector/**===put===[admin,user]
|
|
- /api/collector/**===delete===[admin]
|
|
- /api/status/page/**===get===[admin,user,guest]
|
|
- /api/status/page/**===post===[admin,user]
|
|
- /api/status/page/**===put===[admin,user]
|
|
- /api/status/page/**===delete===[admin]
|
|
- /api/grafana/**===get===[admin,user,guest]
|
|
- /api/grafana/**===post===[admin,user]
|
|
- /api/grafana/**===put===[admin,user]
|
|
- /api/grafana/**===delete===[admin]
|
|
- /api/bulletin/**===get===[admin,user,guest]
|
|
- /api/bulletin/**===post===[admin,user]
|
|
- /api/bulletin/**===put===[admin,user]
|
|
- /api/bulletin/**===delete===[admin]
|
|
- /api/mcp/**===get===[admin]
|
|
- /api/mcp/**===post===[admin]
|
|
- /api/chat/**===get===[admin,user]
|
|
- /api/chat/**===post===[admin]
|
|
- /api/logs/ingest/**===post===[admin,user]
|
|
|
|
# config the resource restful api that need bypass auth protection
|
|
# rule: api===method
|
|
# eg: /api/v1/source3===get means /api/v1/source3===get can be access by anyone, no need auth.
|
|
excludedResource:
|
|
- /api/alert/sse/**===*
|
|
- /api/logs/sse/**===*
|
|
- /api/account/auth/**===*
|
|
- /api/i18n/**===get
|
|
- /api/apps/hierarchy===get
|
|
- /api/push/**===*
|
|
- /api/status/page/public/**===*
|
|
- /api/manager/sse/**===*
|
|
# web ui resource
|
|
- /===get
|
|
- /assets/**===get
|
|
- /dashboard/**===get
|
|
- /monitors/**===get
|
|
- /alert/**===get
|
|
- /account/**===get
|
|
- /setting/**===get
|
|
- /passport/**===get
|
|
- /status/**===get
|
|
- /log/**===get
|
|
- /**/*.html===get
|
|
- /**/*.js===get
|
|
- /**/*.css===get
|
|
- /**/*.ico===get
|
|
- /**/*.ttf===get
|
|
- /**/*.png===get
|
|
- /**/*.gif===get
|
|
- /**/*.jpg===get
|
|
- /**/*.svg===get
|
|
- /**/*.json===get
|
|
- /**/*.woff===get
|
|
- /**/*.eot===get
|
|
# swagger ui resource
|
|
- /swagger-resources/**===get
|
|
- /v2/api-docs===get
|
|
- /v3/api-docs===get
|
|
# h2 database
|
|
- /h2-console/**===*
|
|
|
|
# account info config refer the https://hertzbeat.apache.org/docs/start/account-modify
|
|
# eg: admin has role [admin,user], password is hertzbeat
|
|
# eg: tom has role [user], password is hertzbeat
|
|
# eg: lili has role [guest], plain password is lili, salt is 123, salted password is 1A676730B0C7F54654B0E09184448289
|
|
account:
|
|
- appId: admin
|
|
credential: hertzbeat
|
|
role: [admin]
|