script/sureness.yml - hertzbeat - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 ## -- sureness.yml account source -- ##

 # config the resource restful api that need auth protection, base rbac
 # rule: api===method===role
 # eg: /api/v1/source1===get===[admin] means /api/v2/host===post support role[admin] access.
 # eg: /api/v1/source2===get===[] means /api/v1/source2===get can not access by any role.
 resourceRole:
   - /api/account/auth/refresh===post===[admin,user,guest]
   - /api/apps/**===get===[admin,user,guest]
   - /api/monitor/**===get===[admin,user,guest]
   - /api/monitor/**===post===[admin,user]
   - /api/monitor/**===put===[admin,user]
   - /api/monitor/**===delete==[admin]
   - /api/monitors/**===get===[admin,user,guest]
   - /api/monitors/**===post===[admin,user]
   - /api/monitors/**===put===[admin,user]
   - /api/monitors/**===delete===[admin]
   - /api/alert/**===get===[admin,user,guest]
   - /api/alert/**===post===[admin,user]
   - /api/alert/**===put===[admin,user]
   - /api/alert/**===delete===[admin]
   - /api/alerts/**===get===[admin,user,guest]
   - /api/alerts/**===post===[admin,user]
   - /api/alerts/**===put===[admin,user]
   - /api/alerts/**===delete===[admin]
   - /api/notice/**===get===[admin,user,guest]
   - /api/notice/**===post===[admin,user]
   - /api/notice/**===put===[admin,user]
   - /api/notice/**===delete===[admin]
   - /api/tag/**===get===[admin,user,guest]
   - /api/tag/**===post===[admin,user]
   - /api/tag/**===put===[admin,user]
   - /api/tag/**===delete===[admin]
   - /api/summary/**===get===[admin,user,guest]
   - /api/summary/**===post===[admin,user]
   - /api/summary/**===put===[admin,user]
   - /api/summary/**===delete===[admin]
   - /api/collector/**===get===[admin,user,guest]
   - /api/collector/**===post===[admin,user]
   - /api/collector/**===put===[admin,user]
   - /api/collector/**===delete===[admin]
   - /api/status/page/**===get===[admin,user,guest]
   - /api/status/page/**===post===[admin,user]
   - /api/status/page/**===put===[admin,user]
   - /api/status/page/**===delete===[admin]
   - /api/grafana/**===get===[admin,user,guest]
   - /api/grafana/**===post===[admin,user]
   - /api/grafana/**===put===[admin,user]
   - /api/grafana/**===delete===[admin]
   - /api/bulletin/**===get===[admin,user,guest]
   - /api/bulletin/**===post===[admin,user]
   - /api/bulletin/**===put===[admin,user]
   - /api/bulletin/**===delete===[admin]

 # config the resource restful api that need bypass auth protection
 # rule: api===method
 # eg: /api/v1/source3===get means /api/v1/source3===get can be access by anyone, no need auth.
 excludedResource:
   - /api/alerts/report/**===*
   - /api/account/auth/**===*
   - /api/i18n/**===get
   - /api/apps/hierarchy===get
   - /api/push/**===*
   - /api/status/page/public/**===*
   # web ui resource
   - /===get
   - /dashboard/**===get
   - /monitors/**===get
   - /alert/**===get
   - /account/**===get
   - /setting/**===get
   - /passport/**===get
   - /status/**===get
   - /**/*.html===get
   - /**/*.js===get
   - /**/*.css===get
   - /**/*.ico===get
   - /**/*.ttf===get
   - /**/*.png===get
   - /**/*.gif===get
   - /**/*.jpg===get
   - /**/*.svg===get
   - /**/*.json===get
   - /**/*.woff===get
   - /**/*.eot===get
   # swagger ui resource
   - /swagger-resources/**===get
   - /v2/api-docs===get
   - /v3/api-docs===get
   # h2 database
   - /h2-console/**===*

 # account info config
 # eg: admin has role [admin,user], password is hertzbeat
 # eg: tom has role [user], password is hertzbeat
 # eg: lili has role [guest], plain password is lili, salt is 123, salted password is 1A676730B0C7F54654B0E09184448289
 account:
   - appId: admin
     credential: hertzbeat
     role: [admin]
   - appId: tom
     credential: hertzbeat
     role: [user]
   - appId: guest
     credential: hertzbeat
     role: [guest]
   - appId: lili
     # credential = MD5(password + salt)
     # plain password: hertzbeat
     # attention: digest authentication does not support salted encrypted password accounts
     credential: 94C6B34E7A199A9F9D4E1F208093B489
     salt: 123
     role: [user]
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	## -- sureness.yml account source -- ##

	# config the resource restful api that need auth protection, base rbac
	# rule: api===method===role
	# eg: /api/v1/source1===get===[admin] means /api/v2/host===post support role[admin] access.
	# eg: /api/v1/source2===get===[] means /api/v1/source2===get can not access by any role.
	resourceRole:
	- /api/account/auth/refresh===post===[admin,user,guest]
	- /api/apps/**===get===[admin,user,guest]
	- /api/monitor/**===get===[admin,user,guest]
	- /api/monitor/**===post===[admin,user]
	- /api/monitor/**===put===[admin,user]
	- /api/monitor/**===delete==[admin]
	- /api/monitors/**===get===[admin,user,guest]
	- /api/monitors/**===post===[admin,user]
	- /api/monitors/**===put===[admin,user]
	- /api/monitors/**===delete===[admin]
	- /api/alert/**===get===[admin,user,guest]
	- /api/alert/**===post===[admin,user]
	- /api/alert/**===put===[admin,user]
	- /api/alert/**===delete===[admin]
	- /api/alerts/**===get===[admin,user,guest]
	- /api/alerts/**===post===[admin,user]
	- /api/alerts/**===put===[admin,user]
	- /api/alerts/**===delete===[admin]
	- /api/notice/**===get===[admin,user,guest]
	- /api/notice/**===post===[admin,user]
	- /api/notice/**===put===[admin,user]
	- /api/notice/**===delete===[admin]
	- /api/tag/**===get===[admin,user,guest]
	- /api/tag/**===post===[admin,user]
	- /api/tag/**===put===[admin,user]
	- /api/tag/**===delete===[admin]
	- /api/summary/**===get===[admin,user,guest]
	- /api/summary/**===post===[admin,user]
	- /api/summary/**===put===[admin,user]
	- /api/summary/**===delete===[admin]
	- /api/collector/**===get===[admin,user,guest]
	- /api/collector/**===post===[admin,user]
	- /api/collector/**===put===[admin,user]
	- /api/collector/**===delete===[admin]
	- /api/status/page/**===get===[admin,user,guest]
	- /api/status/page/**===post===[admin,user]
	- /api/status/page/**===put===[admin,user]
	- /api/status/page/**===delete===[admin]
	- /api/grafana/**===get===[admin,user,guest]
	- /api/grafana/**===post===[admin,user]
	- /api/grafana/**===put===[admin,user]
	- /api/grafana/**===delete===[admin]
	- /api/bulletin/**===get===[admin,user,guest]
	- /api/bulletin/**===post===[admin,user]
	- /api/bulletin/**===put===[admin,user]
	- /api/bulletin/**===delete===[admin]

	# config the resource restful api that need bypass auth protection
	# rule: api===method
	# eg: /api/v1/source3===get means /api/v1/source3===get can be access by anyone, no need auth.
	excludedResource:
	- /api/alerts/report/*===
	- /api/account/auth/*===
	- /api/i18n/**===get
	- /api/apps/hierarchy===get
	- /api/push/*===
	- /api/status/page/public/*===
	# web ui resource
	- /===get
	- /dashboard/**===get
	- /monitors/**===get
	- /alert/**===get
	- /account/**===get
	- /setting/**===get
	- /passport/**===get
	- /status/**===get
	- /*/.html===get
	- /*/.js===get
	- /*/.css===get
	- /*/.ico===get
	- /*/.ttf===get
	- /*/.png===get
	- /*/.gif===get
	- /*/.jpg===get
	- /*/.svg===get
	- /*/.json===get
	- /*/.woff===get
	- /*/.eot===get
	# swagger ui resource
	- /swagger-resources/**===get
	- /v2/api-docs===get
	- /v3/api-docs===get
	# h2 database
	- /h2-console/*===

	# account info config
	# eg: admin has role [admin,user], password is hertzbeat
	# eg: tom has role [user], password is hertzbeat
	# eg: lili has role [guest], plain password is lili, salt is 123, salted password is 1A676730B0C7F54654B0E09184448289
	account:
	- appId: admin
	credential: hertzbeat
	role: [admin]
	- appId: tom
	credential: hertzbeat
	role: [user]
	- appId: guest
	credential: hertzbeat
	role: [guest]
	- appId: lili
	# credential = MD5(password + salt)
	# plain password: hertzbeat
	# attention: digest authentication does not support salted encrypted password accounts
	credential: 94C6B34E7A199A9F9D4E1F208093B489
	salt: 123
	role: [user]