Skip to main content

Revoke Access Template

By using this kind of template, you are revoking access for a resource to one or more users. The template looks like the following one:

apiVersion: witboost.com/v1
kind: AccessControlRequestTemplate
metadata:
  name: revoke-request-template
  title: Revoke Request
  description: Template definition for revoking access
spec:
  type: revoke
  owner: datameshplatform
  parameters:
    - title: Revoke Request
      required:
        - identities
        - motivation
      properties:
        identities:
          title: Identities
          type: array
          description: Select users/groups that you are requesting a revoke
          ui:field: AccessControlListPicker
          ui:options:
            allowedKinds:
              - user
              - group
        motivation:
          title: Motivation
          type: string
          description: Motivate your request
          ui:options:
            multiline: true
            rows: 6

  steps:
    - id: send_request
      name: Send Request
      action: revoke-request:send
      input:
        identities: '${{ parameters.identities }}'
        fields:
          identities: '${{ parameters.identities }}'
          motivation: '${{ parameters.motivation }}'
        displayFields:
          - title: Motivation
            text: '${{ parameters.motivation }}'

It has the same structure of a standard template, so any picker can be used in the parameters section. The main differences are the following:

  • the kind must be AccessControlRequestTemplate
  • the spec.type must be revoke
  • the spec.steps part is mandatory, and follows the above schema. For an Access Control Request Template to work properly, the action with value revoke-request:send must be defined.
  • the spec.steps.input.fields object allows you to define all the fields that you want to attach to the request and that will be sent to an external service, if configured.
info

The identities field is required by witboost in order to know which are the subjects interested in this access request or revoke request.

How to use it

In order to access the revoke template, you must enable the configuration in your values.yaml in order to unlock the revoke button. In particular, you must enable the following value:

mesh:
  marketplace:
    ui:
      accessControl:
        enableRevokeRequest: true
info

Remember that you can navigate to the access control panel only if you are the owner of the resource.