commit bb2edbe8a69a04b0d72c5a565bdead5040959125
author Mateusz Zalega <mateusz@monogon.tech> Wed Jun 08 11:57:09 2022 +0200
committer Mateusz Zalega <mateusz@monogon.tech> Tue Jun 21 11:19:32 2022 +0000
tree 3d9286bd95757222431a279db7e9fcb1b6238dfb
parent 83e8b6c897aaabb4230ae73a28bba0ed0aca039c

m/n/c/curator: add Management.UpdateNodeRoles

This provides an API for node role adjustments.

While changes to KubernetesWorker role are registered, not all side
effects are accounted for as of now. Specifically, disabling this role
within a node won't lead to its removal from the Kubernetes cluster.

Change-Id: Ie8e65990108b8cf82afecf3374f40f2e857fa776
Reviewed-on: https://review.monogon.dev/c/monogon/+/767
Tested-by: Jenkins CI
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

metropolis/proto/ext/authorization.proto

diff --git a/metropolis/proto/ext/authorization.proto b/metropolis/proto/ext/authorization.proto
index 60ad68a..0275bba 100644
--- a/metropolis/proto/ext/authorization.proto
+++ b/metropolis/proto/ext/authorization.proto
@@ -23,6 +23,7 @@
     PERMISSION_READ_CLUSTER_STATUS = 2;
     PERMISSION_UPDATE_NODE_SELF = 3;
     PERMISSION_APPROVE_NODE = 4;
+    PERMISSION_UPDATE_NODE_ROLES = 5;
 }
 
 // Authorization policy for an RPC method. This message/API does not have the