Proposal: Fine Grained Permissions

[Cryptophobia]

From @Joshua-Anderson on July 30, 2015 20:52

Right now, there are two permission levels in deis:

administrators
    full access
normal users
    full access to create apps and manage their own apps.

This proposal would overhaul the permission system by allowing much more finer controller over which users can do.
Cluster Permissions

certs
    add or remove certs from the cluster
apps
    create/destroy
    app management: view, modify, share, and transfer other user's apps.

App permissions

config
    read or modify config
push
    can push code or create a release
domains
    add or remove domains
scale
    scale an app up or down

Default Permissions

Administrators have all permissions granted.

An ETCD setting would set the default permissions for new users:

Example key layout:

/deis/controller/permissions/apps true
/deis/controller/permissions/certs true
...

Example Usage

an admin shares user cert permission with user foo

$ deis perms:create foo --cert --apps

an app owner removes config permission from user tester

$ deis perms:delete tester --config

users can view what permissions they have

$ deis perms:view
Cluster Wide Permissions

certs

App epic-app Permissions

config
push
scale

admins and app owners can also view a users permissions

$ deis perm:list --username=foo
App epic-app Permissions

config
push
scale

Testing

Almost all of this code resides in the controller, so it would mostly involve lots of tests in the controller to make sure all the edge cases are covered.
Migration

Migration should be pretty simple, admins would still have all access, and a migration script would grant all existing users their current permissions.

The same would apply for apps, the app owner would have all access and users who had the app shared would get the subset of permissions they already had.

Copied from original issue: deis/deis#4150

deis/controller#1226