The Shipa Developer Hub

Welcome to the Shipa developer hub. You'll find comprehensive guides and documentation to help you start working with Shipa as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    Changelog

Teams, Roles and Permissions

Shipa offers a comprehensive Role-based access control system (RBAC) designed to provide users fine grained access to resources in your Shipa installation.

Admin users have the ability to list all available permissions using the command below:

shipa permission list

Administrators use permissions from the list to define roles and assign users to those roles to create an RBAC system satisfying their internal requirements.

As a quick start, we have created sample roles with a base set of permissions to allow Developers and Operators to use Shipa.

📘

Role Names

The roles listed below are intended to be used as a base. These role names and their permissions can be changed at any time to better address your requirements.

These roles are created in addition to the ones that are automatically created when Shipa is installed.

🚧

Team and Users

Create a dev team and two users, [email protected] and [email protected] to follow the subsequent examples.

Create the dev team:
$ shipa team create dev

Create the [email protected] and [email protected] users:
$ shipa user create [email protected]
$ shipa user create [email protected]

The goal of this example is to build a structure similar to the one below.

Ops Roles and Permissions

📘

User and Team Setup

The section below assumes that you:

  • Logged in as the install admin user and created an Ops user
  • Logged in as the install admin user and created a team named dev

Create the roles with permissions listed in the following table so that Ops users can:

  • Control and have administrator-level visibility of the teams they are assigned to
  • Create and manage frameworks for the team
  • Create and manage clusters for the team
shipa role list
+----------------------+------------------+----------------------+
| Role                 | Context          | Permissions          |
+----------------------+------------------+----------------------+
| OpsFW. Resources     | framework        | cluster              |
|                      |                  | node                 |
|                      |                  | framework            |
|                      |                  | volume               |
+----------------------+------------------+----------------------+
| OpsClusterResources  | cluster          | cluster              |
+----------------------+------------------+----------------------+
| OpsTeamResources     | team             | app                  |
|                      |                  | cluster              |
|                      |                  | plan                 |
|                      |                  | framework            |
|                      |                  | team                 |
|                      |                  | volume               |
|                      |                  | volume-plan          |
+----------------------+------------------+----------------------+

Create the roles listed above using the following commands:

shipa role add OpsFWResources framework
shipa role add OpsClusterResources cluster
shipa role add OpsTeamResources team

Assign permissions to the roles with the following commands:

OpsFWResources role

shipa role permission add OpsFWResources cluster node framework volume

OpsClusterResources role

shipa role permission add OpsClusterResources cluster

OpsTeamResources role

shipa role permission add OpsTeamResources app cluster plan framework team volume volume-plan

Assign the newly created roles to the ops user [email protected]:

shipa role assign OpsFWResources [email protected]
shipa role assign OpsClusterResources [email protected]
shipa role assign OpsTeamResources [email protected] dev

Devs Roles and Permissions

📘

Ops and Framework Setup

The section below assumes that you:

  • Already created an Ops user with the roles and permissions from the previous section
  • Logged in as the install admin user and created a team named dev
  • Logged in as the Ops user and created a framework named framework1

Create the roles and permissions in the table below so that development users can:

  • View the frameworks they can deploy their apps to
  • Create and manage applications
shipa role list
+----------------------+------------------+----------------------+
| Role                 | Context          | Permissions          |
+----------------------+------------------+----------------------+
| DevTeamResources     | team             | app                  |
|                      |                  | cluster.read         |
|                      |                  | framework.read       |
|                      |                  | framework.update     |
+----------------------+------------------+----------------------+
| DevFWResources       | framework        | app                  |
|                      |                  | node.read            |
+----------------------+------------------+----------------------+

Create the roles above using the following commands:

shipa role add DevTeamResources team
shipa role add DevFWResources framework

Assign permissions to roles listed above using the following commands:

DevTeamResources role

shipa role permission add DevTeamResources app cluster.read framework.read framework.update

DevFWResources role

shipa role permission add DevFWResources app node.read

Assign the newly added roles and permissions to the dev user:

shipa role assign DevTeamResources [email protected] dev
shipa role assign DevFWResources [email protected] framework1

Common Shared Roles and Permissions

Both Ops and Devs use shared permissions from Shipa's RBAC to perform common tasks such as:

  • See available platforms for deploying apps
  • See roles assigned to their users

Create the following role with dev and ops as members:

shipa role list
+----------------------+------------------+----------------------+
| Role                 | Context          | Permissions          |
+----------------------+------------------+----------------------+
| GlobalResources      | global           | platform.image       |
|                      |                  | platform.read        |
|                      |                  | role.read            |
+----------------------+------------------+----------------------+

Create the role above with the following command:

shipa role add GlobalResources global

Assign permissions to the role using the following command:

shipa role permission add GlobalResources platform.read platform.image role.read

Once the role is created and permissions are added, assign the roles to both Dev and Ops users:

shipa role assign GlobalResources [email protected]
shipa role assign GlobalResources [email protected]

Updated 2 days ago


What's Next

Learn more about teams, permissions, and roles

Users and Permissions
Team

Teams, Roles and Permissions


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.