Support disable permission check on workspace #228
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hailong-am
changed the title
Codecov Report
@@ Coverage Diff @@
## workspace #228 +/- ##
==============================================
- Coverage 66.22% 55.22% -11.00%
==============================================
Files 3422 3133 -289
Lines 65748 61758 -3990
Branches 10587 9974 -613
==============================================
- Hits 43542 34107 -9435
- Misses 19564 25576 +6012
+ Partials 2642 2075 -567
Flags with carried forward coverage won't be shown. Click here to find out more. see 700 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Hailong-am
force-pushed
the
backport/backport-216-to-workspace
branch
from
2b38868 to
e4557b7
Compare
Hailong-am
changed the title
SuZhou-Joe
reviewed
Oct 13, 2023
| @@ -49,7 +54,10 @@ describe('workspace service', () => { | |||
| .expect(200); | |||
| await Promise.all( | |||
| listResult.body.result.workspaces.map((item: WorkspaceAttribute) => | |||
| osdTestServer.request.delete(root, `/api/workspaces/${item.id}`).expect(200) | |||
| // this will delete reserved workspace | |||
There was a problem hiding this comment.
I am a little bit confused for this comment, shall we add more details?
There was a problem hiding this comment.
sure, use workspace delete api will not able to delete reserved workspace, that will not able clean up the test data. Use saved objects api will not have this issue.
There was a problem hiding this comment.
Get it, could we add this info to this comment? It would be much easier to understand after adding the context you provide.
There was a problem hiding this comment.
i have drop the testing related commit, will have separate PR to add test cases.
SuZhou-Joe
reviewed
Oct 13, 2023
SuZhou-Joe
approved these changes
Oct 13, 2023
SuZhou-Joe
reviewed
Oct 13, 2023
ruanyl
reviewed
Oct 13, 2023
src/plugins/workspace/public/components/workspace_creator/workspace_creator.tsx
Outdated
Show resolved
Hide resolved
|
Noticed that there are 3 unrelated commits in this PR, maybe should be dropped? |
xluo-aws
reviewed
Oct 13, 2023
xluo-aws
reviewed
Oct 13, 2023
src/plugins/workspace/public/components/workspace_creator/workspace_creator.tsx
Outdated
Show resolved
Hide resolved
xluo-aws
reviewed
Oct 13, 2023
src/plugins/workspace/public/components/workspace_creator/workspace_form.tsx
Outdated
Show resolved
Hide resolved
|
@Hailong-am , could you explain why we add this new flag? |
Signed-off-by: Hailong Cui <[email protected]>
Signed-off-by: Hailong Cui <[email protected]>
Hailong-am
force-pushed
the
backport/backport-216-to-workspace
branch
from
e4557b7 to
b77b497
Compare
good suggestion, i have drop the 3 unrelated commits. will raise separate PR for backporting test cases. |
update it in PR description |
If sets to false, all ACL check will be skipped including user level, right? |
Yes, that will disable ACL totally. |
ruanyl
approved these changes
Oct 16, 2023
wanglam
reviewed
Oct 16, 2023
wanglam
approved these changes
Oct 16, 2023
wanglam
added a commit
that referenced
this pull request
Mar 6, 2024
…objects client wrapper (#230) * feat: add basic workspace saved objects client wrapper Signed-off-by: Lin Wang <[email protected]> * feat: add unit test (#2) Signed-off-by: SuZhou-Joe <[email protected]> * feat: update client wrapper Signed-off-by: tygao <[email protected]> * feat: init permission control in workspace plugin Signed-off-by: Lin Wang <[email protected]> * Support disable permission check on workspace (#228) * support disable permission check for workspace Signed-off-by: Hailong Cui <[email protected]> * fix typos Signed-off-by: Hailong Cui <[email protected]> --------- Signed-off-by: Hailong Cui <[email protected]> * feat: add ACLSearchParams consumer in repository (#3) Signed-off-by: SuZhou-Joe <[email protected]> * fix: ACLSearchParams missing in search dsl Signed-off-by: Lin Wang <[email protected]> * test: add integration test for workspace saved objects client wrapper Signed-off-by: Lin Wang <[email protected]> * style: add empty line under license Signed-off-by: Lin Wang <[email protected]> * test: enable workspace permission control for integration tests Signed-off-by: Lin Wang <[email protected]> * feat: add workspace into includeHiddenTypes (#249) * feat: add workspace into includeHiddenTypes of client wrapper and permission control client Signed-off-by: SuZhou-Joe <[email protected]> * fix: hiddenType side effect Signed-off-by: SuZhou-Joe <[email protected]> --------- Signed-off-by: SuZhou-Joe <[email protected]> * fix workspace client wrapper integration tests Signed-off-by: Lin Wang <[email protected]> * add permissions fields to workspace CRUD APIs Signed-off-by: Lin Wang <[email protected]> * Move WorkspacePermissionMode inside workspace plugin Signed-off-by: Lin Wang <[email protected]> * Address pr comments Signed-off-by: Lin Wang <[email protected]> * Remove ACLSearchParams in public SavedObjectsFindOptions Signed-off-by: Lin Wang <[email protected]> * Remove lodash and Add default permissionModes Signed-off-by: Lin Wang <[email protected]> * feat: address concerns on ensureRawRequest (#4) * feat: address concerns on ensureRawRequest Signed-off-by: SuZhou-Joe <[email protected]> * feat: add check for empty array Signed-off-by: SuZhou-Joe <[email protected]> * feat: make find api backward compatible Signed-off-by: SuZhou-Joe <[email protected]> * feat: remove useless code Signed-off-by: SuZhou-Joe <[email protected]> --------- Signed-off-by: SuZhou-Joe <[email protected]> * Update annotations and error Signed-off-by: Lin Wang <[email protected]> * Add unit tests for worksapce saved objects client wrapper Signed-off-by: Lin Wang <[email protected]> * Remove getPrincipalsOfObjects in permission Signed-off-by: Lin Wang <[email protected]> * Fix permissionEnabled flag missed in workspace plugin setup test Signed-off-by: Lin Wang <[email protected]> * Change back to Not Authorized error Signed-off-by: Lin Wang <[email protected]> * Fix unit tests for query_params and plugin setup Signed-off-by: Lin Wang <[email protected]> * Fix unittests in workspace server utils Signed-off-by: Lin Wang <[email protected]> * feat: add workspacesSearchOperators to decouple ACLSearchParams Signed-off-by: SuZhou-Joe <[email protected]> * feat: update test cases Signed-off-by: SuZhou-Joe <[email protected]> * feat: optimize test cases Signed-off-by: SuZhou-Joe <[email protected]> * feat: optimize comment Signed-off-by: SuZhou-Joe <[email protected]> * feat: omit defaultSearchOperator in public savedobjetcs client Signed-off-by: SuZhou-Joe <[email protected]> * feat: omit workspacesSearchOperator field Signed-off-by: SuZhou-Joe <[email protected]> --------- Signed-off-by: Lin Wang <[email protected]> Signed-off-by: SuZhou-Joe <[email protected]> Signed-off-by: tygao <[email protected]> Signed-off-by: Hailong Cui <[email protected]> Co-authored-by: Lin Wang <[email protected]> Co-authored-by: SuZhou-Joe <[email protected]> Co-authored-by: Hailong Cui <[email protected]>
SuZhou-Joe
added a commit
that referenced
this pull request
Mar 18, 2024
…objects client wrapper (#230) * feat: add basic workspace saved objects client wrapper Signed-off-by: Lin Wang <[email protected]> * feat: add unit test (#2) Signed-off-by: SuZhou-Joe <[email protected]> * feat: update client wrapper Signed-off-by: tygao <[email protected]> * feat: init permission control in workspace plugin Signed-off-by: Lin Wang <[email protected]> * Support disable permission check on workspace (#228) * support disable permission check for workspace Signed-off-by: Hailong Cui <[email protected]> * fix typos Signed-off-by: Hailong Cui <[email protected]> --------- Signed-off-by: Hailong Cui <[email protected]> * feat: add ACLSearchParams consumer in repository (#3) Signed-off-by: SuZhou-Joe <[email protected]> * fix: ACLSearchParams missing in search dsl Signed-off-by: Lin Wang <[email protected]> * test: add integration test for workspace saved objects client wrapper Signed-off-by: Lin Wang <[email protected]> * style: add empty line under license Signed-off-by: Lin Wang <[email protected]> * test: enable workspace permission control for integration tests Signed-off-by: Lin Wang <[email protected]> * feat: add workspace into includeHiddenTypes (#249) * feat: add workspace into includeHiddenTypes of client wrapper and permission control client Signed-off-by: SuZhou-Joe <[email protected]> * fix: hiddenType side effect Signed-off-by: SuZhou-Joe <[email protected]> --------- Signed-off-by: SuZhou-Joe <[email protected]> * fix workspace client wrapper integration tests Signed-off-by: Lin Wang <[email protected]> * add permissions fields to workspace CRUD APIs Signed-off-by: Lin Wang <[email protected]> * Move WorkspacePermissionMode inside workspace plugin Signed-off-by: Lin Wang <[email protected]> * Address pr comments Signed-off-by: Lin Wang <[email protected]> * Remove ACLSearchParams in public SavedObjectsFindOptions Signed-off-by: Lin Wang <[email protected]> * Remove lodash and Add default permissionModes Signed-off-by: Lin Wang <[email protected]> * feat: address concerns on ensureRawRequest (#4) * feat: address concerns on ensureRawRequest Signed-off-by: SuZhou-Joe <[email protected]> * feat: add check for empty array Signed-off-by: SuZhou-Joe <[email protected]> * feat: make find api backward compatible Signed-off-by: SuZhou-Joe <[email protected]> * feat: remove useless code Signed-off-by: SuZhou-Joe <[email protected]> --------- Signed-off-by: SuZhou-Joe <[email protected]> * Update annotations and error Signed-off-by: Lin Wang <[email protected]> * Add unit tests for worksapce saved objects client wrapper Signed-off-by: Lin Wang <[email protected]> * Remove getPrincipalsOfObjects in permission Signed-off-by: Lin Wang <[email protected]> * Fix permissionEnabled flag missed in workspace plugin setup test Signed-off-by: Lin Wang <[email protected]> * Change back to Not Authorized error Signed-off-by: Lin Wang <[email protected]> * Fix unit tests for query_params and plugin setup Signed-off-by: Lin Wang <[email protected]> * Fix unittests in workspace server utils Signed-off-by: Lin Wang <[email protected]> * feat: add workspacesSearchOperators to decouple ACLSearchParams Signed-off-by: SuZhou-Joe <[email protected]> * feat: update test cases Signed-off-by: SuZhou-Joe <[email protected]> * feat: optimize test cases Signed-off-by: SuZhou-Joe <[email protected]> * feat: optimize comment Signed-off-by: SuZhou-Joe <[email protected]> * feat: omit defaultSearchOperator in public savedobjetcs client Signed-off-by: SuZhou-Joe <[email protected]> * feat: omit workspacesSearchOperator field Signed-off-by: SuZhou-Joe <[email protected]> --------- Signed-off-by: Lin Wang <[email protected]> Signed-off-by: SuZhou-Joe <[email protected]> Signed-off-by: tygao <[email protected]> Signed-off-by: Hailong Cui <[email protected]> Co-authored-by: Lin Wang <[email protected]> Co-authored-by: SuZhou-Joe <[email protected]> Co-authored-by: Hailong Cui <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When OSD don't have authentication enabled, there is no user/role. In this case, permission check for workspace need to be disabled, otherwise it will block the access to saved objects belongs to workspaces.
To support this we could check whether authentication has configured, but it lose the flexibility to turn on/off based on user's need.
By adding a new flag in yml file, it is more flexible, user could turn permission check off even if authentication is enabled.
This flag will skip permission check totally. However, for creating/updating workspace, it will still persistent the ACL related information, that info could be reuse when permission check turned on.
Issues Resolved
Screenshot
Testing the changes
Check List
yarn test:jestyarn test:jest_integrationyarn test:ftr