Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI gating of commands and options by tier #882

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

CLI gating of commands and options by tier #882

wants to merge 4 commits into from
+583 −36

Conversation

nullfunc
Copy link
Contributor

Description

Add permission checking in CLI to give user's early feedback on whether they can execute certain commands or not.

This is an in-progress DRAFT.

  • need to create a common store to globally access account information
  • checks for GPU and managed data stores.

Linked Issues

#874

Checklist

  • I have performed a self-review of my code
  • I have added appropriate tests
  • I have updated the Defang CLI docs and/or README to reflect my changes, if necessary

lionello
lionello reviewed Nov 22, 2024
View reviewed changes
src/pkg/clouds/aws/secrets.go
GetParametersByPath(ctx context.Context, params *ssm.GetParametersByPathInput, optFns ...func(*ssm.Options)) (*ssm.GetParametersByPathOutput, error)
}

var longRetryCfg = PanicOnError(config.LoadDefaultConfig(context.Background(),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect this might remove all the nice error messages we've added when region etc. are not set and cause a panic instead.

src/cmd/cli/command/commands.go Outdated
@@ -49,6 +50,7 @@ var (
nonInteractive = !hasTty
providerID = cliClient.ProviderID(pkg.Getenv("DEFANG_PROVIDER", "auto"))
verbose = false
whoami *defangv1.WhoAmIResponse
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feels like this could be something that's inside the GrpcClient

src/pkg/cli/client/byoc/aws/byoc.go

if StsClient == nil {
cfg := aws.PanicOnError(b.driver.LoadConfig(ctx))
StsClient = sts.NewFromConfig(cfg)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not liking the panic. What would it look like if we'd add the stsClient pointer to the ByocAws structure? And change the old code to "create if not initialized"?

src/pkg/cli/permissions/permissions_test.go
{
name: "no permission for gpu",
action: ActionRequest{
role: defangv1.SubscriptionTier_PERSONAL,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

naming. tier <> role

src/pkg/cli/permissions/permissions_test.go
role: defangv1.SubscriptionTier_PRO,
action: "compose-up",
resource: "gpu",
detail: "1",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have a quota structure, so kinda expected us to leverage, extend, or replace that one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, this is redundant and easily lead to inconsistency. Will make this reference the quota struct then.

src/pkg/cli/permissions/permissions_test.go
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure "permission" is the right term, since it feels like it's an auth issue.

@nullfunc
create a global store for user whoami information to it may be access…
52e27ae 
…ible everywhere permissions need to be checked.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lionello lionello lionello left review comments

@jordanstephens jordanstephens Awaiting requested review from jordanstephens

@acote88 acote88 Awaiting requested review from acote88

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nullfunc @lionello