Support disable permission check on workspace #228
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hailong-am
changed the title
Codecov Report
@@ Coverage Diff @@
## workspace #228 +/- ##
==============================================
- Coverage 66.22% 55.22% -11.00%
==============================================
Files 3422 3133 -289
Lines 65748 61758 -3990
Branches 10587 9974 -613
==============================================
- Hits 43542 34107 -9435
- Misses 19564 25576 +6012
+ Partials 2642 2075 -567
Flags with carried forward coverage won't be shown. Click here to find out more. see 700 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Hailong-am
force-pushed
the
backport/backport-216-to-workspace
branch
from
2b38868 to
e4557b7
Compare
Hailong-am
changed the title
SuZhou-Joe
reviewed
Oct 13, 2023
| @@ -49,7 +54,10 @@ describe('workspace service', () => { | |||
| .expect(200); | |||
| await Promise.all( | |||
| listResult.body.result.workspaces.map((item: WorkspaceAttribute) => | |||
| osdTestServer.request.delete(root, `/api/workspaces/${item.id}`).expect(200) | |||
| // this will delete reserved workspace | |||
There was a problem hiding this comment.
I am a little bit confused for this comment, shall we add more details?
There was a problem hiding this comment.
sure, use workspace delete api will not able to delete reserved workspace, that will not able clean up the test data. Use saved objects api will not have this issue.
There was a problem hiding this comment.
Get it, could we add this info to this comment? It would be much easier to understand after adding the context you provide.
There was a problem hiding this comment.
i have drop the testing related commit, will have separate PR to add test cases.
SuZhou-Joe
reviewed
Oct 13, 2023
SuZhou-Joe
approved these changes
Oct 13, 2023
SuZhou-Joe
reviewed
Oct 13, 2023
ruanyl
reviewed
Oct 13, 2023
src/plugins/workspace/public/components/workspace_creator/workspace_creator.tsx
Outdated
Show resolved
Hide resolved
|
Noticed that there are 3 unrelated commits in this PR, maybe should be dropped? |
xluo-aws
reviewed
Oct 13, 2023
xluo-aws
reviewed
Oct 13, 2023
src/plugins/workspace/public/components/workspace_creator/workspace_creator.tsx
Outdated
Show resolved
Hide resolved
xluo-aws
reviewed
Oct 13, 2023
src/plugins/workspace/public/components/workspace_creator/workspace_form.tsx
Outdated
Show resolved
Hide resolved
|
@Hailong-am , could you explain why we add this new flag? |
Signed-off-by: Hailong Cui <ihailong@amazon.com>
Hailong-am
force-pushed
the
backport/backport-216-to-workspace
branch
from
e4557b7 to
b77b497
Compare
good suggestion, i have drop the 3 unrelated commits. will raise separate PR for backporting test cases. |
update it in PR description |
If sets to false, all ACL check will be skipped including user level, right? |
Yes, that will disable ACL totally. |
ruanyl
approved these changes
Oct 16, 2023
wanglam
reviewed
Oct 16, 2023
wanglam
approved these changes
Oct 16, 2023
wanglam
added a commit
that referenced
this pull request
Mar 6, 2024
…objects client wrapper (#230) * feat: add basic workspace saved objects client wrapper Signed-off-by: Lin Wang <wonglam@amazon.com> * feat: add unit test (#2) Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: update client wrapper Signed-off-by: tygao <tygao@amazon.com> * feat: init permission control in workspace plugin Signed-off-by: Lin Wang <wonglam@amazon.com> * Support disable permission check on workspace (#228) * support disable permission check for workspace Signed-off-by: Hailong Cui <ihailong@amazon.com> * fix typos Signed-off-by: Hailong Cui <ihailong@amazon.com> --------- Signed-off-by: Hailong Cui <ihailong@amazon.com> * feat: add ACLSearchParams consumer in repository (#3) Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * fix: ACLSearchParams missing in search dsl Signed-off-by: Lin Wang <wonglam@amazon.com> * test: add integration test for workspace saved objects client wrapper Signed-off-by: Lin Wang <wonglam@amazon.com> * style: add empty line under license Signed-off-by: Lin Wang <wonglam@amazon.com> * test: enable workspace permission control for integration tests Signed-off-by: Lin Wang <wonglam@amazon.com> * feat: add workspace into includeHiddenTypes (#249) * feat: add workspace into includeHiddenTypes of client wrapper and permission control client Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * fix: hiddenType side effect Signed-off-by: SuZhou-Joe <suzhou@amazon.com> --------- Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * fix workspace client wrapper integration tests Signed-off-by: Lin Wang <wonglam@amazon.com> * add permissions fields to workspace CRUD APIs Signed-off-by: Lin Wang <wonglam@amazon.com> * Move WorkspacePermissionMode inside workspace plugin Signed-off-by: Lin Wang <wonglam@amazon.com> * Address pr comments Signed-off-by: Lin Wang <wonglam@amazon.com> * Remove ACLSearchParams in public SavedObjectsFindOptions Signed-off-by: Lin Wang <wonglam@amazon.com> * Remove lodash and Add default permissionModes Signed-off-by: Lin Wang <wonglam@amazon.com> * feat: address concerns on ensureRawRequest (#4) * feat: address concerns on ensureRawRequest Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: add check for empty array Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: make find api backward compatible Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: remove useless code Signed-off-by: SuZhou-Joe <suzhou@amazon.com> --------- Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * Update annotations and error Signed-off-by: Lin Wang <wonglam@amazon.com> * Add unit tests for worksapce saved objects client wrapper Signed-off-by: Lin Wang <wonglam@amazon.com> * Remove getPrincipalsOfObjects in permission Signed-off-by: Lin Wang <wonglam@amazon.com> * Fix permissionEnabled flag missed in workspace plugin setup test Signed-off-by: Lin Wang <wonglam@amazon.com> * Change back to Not Authorized error Signed-off-by: Lin Wang <wonglam@amazon.com> * Fix unit tests for query_params and plugin setup Signed-off-by: Lin Wang <wonglam@amazon.com> * Fix unittests in workspace server utils Signed-off-by: Lin Wang <wonglam@amazon.com> * feat: add workspacesSearchOperators to decouple ACLSearchParams Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: update test cases Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: optimize test cases Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: optimize comment Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: omit defaultSearchOperator in public savedobjetcs client Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: omit workspacesSearchOperator field Signed-off-by: SuZhou-Joe <suzhou@amazon.com> --------- Signed-off-by: Lin Wang <wonglam@amazon.com> Signed-off-by: SuZhou-Joe <suzhou@amazon.com> Signed-off-by: tygao <tygao@amazon.com> Signed-off-by: Hailong Cui <ihailong@amazon.com> Co-authored-by: Lin Wang <wonglam@amazon.com> Co-authored-by: SuZhou-Joe <suzhou@amazon.com> Co-authored-by: Hailong Cui <ihailong@amazon.com>
SuZhou-Joe
added a commit
that referenced
this pull request
Mar 18, 2024
…objects client wrapper (#230) * feat: add basic workspace saved objects client wrapper Signed-off-by: Lin Wang <wonglam@amazon.com> * feat: add unit test (#2) Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: update client wrapper Signed-off-by: tygao <tygao@amazon.com> * feat: init permission control in workspace plugin Signed-off-by: Lin Wang <wonglam@amazon.com> * Support disable permission check on workspace (#228) * support disable permission check for workspace Signed-off-by: Hailong Cui <ihailong@amazon.com> * fix typos Signed-off-by: Hailong Cui <ihailong@amazon.com> --------- Signed-off-by: Hailong Cui <ihailong@amazon.com> * feat: add ACLSearchParams consumer in repository (#3) Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * fix: ACLSearchParams missing in search dsl Signed-off-by: Lin Wang <wonglam@amazon.com> * test: add integration test for workspace saved objects client wrapper Signed-off-by: Lin Wang <wonglam@amazon.com> * style: add empty line under license Signed-off-by: Lin Wang <wonglam@amazon.com> * test: enable workspace permission control for integration tests Signed-off-by: Lin Wang <wonglam@amazon.com> * feat: add workspace into includeHiddenTypes (#249) * feat: add workspace into includeHiddenTypes of client wrapper and permission control client Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * fix: hiddenType side effect Signed-off-by: SuZhou-Joe <suzhou@amazon.com> --------- Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * fix workspace client wrapper integration tests Signed-off-by: Lin Wang <wonglam@amazon.com> * add permissions fields to workspace CRUD APIs Signed-off-by: Lin Wang <wonglam@amazon.com> * Move WorkspacePermissionMode inside workspace plugin Signed-off-by: Lin Wang <wonglam@amazon.com> * Address pr comments Signed-off-by: Lin Wang <wonglam@amazon.com> * Remove ACLSearchParams in public SavedObjectsFindOptions Signed-off-by: Lin Wang <wonglam@amazon.com> * Remove lodash and Add default permissionModes Signed-off-by: Lin Wang <wonglam@amazon.com> * feat: address concerns on ensureRawRequest (#4) * feat: address concerns on ensureRawRequest Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: add check for empty array Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: make find api backward compatible Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: remove useless code Signed-off-by: SuZhou-Joe <suzhou@amazon.com> --------- Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * Update annotations and error Signed-off-by: Lin Wang <wonglam@amazon.com> * Add unit tests for worksapce saved objects client wrapper Signed-off-by: Lin Wang <wonglam@amazon.com> * Remove getPrincipalsOfObjects in permission Signed-off-by: Lin Wang <wonglam@amazon.com> * Fix permissionEnabled flag missed in workspace plugin setup test Signed-off-by: Lin Wang <wonglam@amazon.com> * Change back to Not Authorized error Signed-off-by: Lin Wang <wonglam@amazon.com> * Fix unit tests for query_params and plugin setup Signed-off-by: Lin Wang <wonglam@amazon.com> * Fix unittests in workspace server utils Signed-off-by: Lin Wang <wonglam@amazon.com> * feat: add workspacesSearchOperators to decouple ACLSearchParams Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: update test cases Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: optimize test cases Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: optimize comment Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: omit defaultSearchOperator in public savedobjetcs client Signed-off-by: SuZhou-Joe <suzhou@amazon.com> * feat: omit workspacesSearchOperator field Signed-off-by: SuZhou-Joe <suzhou@amazon.com> --------- Signed-off-by: Lin Wang <wonglam@amazon.com> Signed-off-by: SuZhou-Joe <suzhou@amazon.com> Signed-off-by: tygao <tygao@amazon.com> Signed-off-by: Hailong Cui <ihailong@amazon.com> Co-authored-by: Lin Wang <wonglam@amazon.com> Co-authored-by: SuZhou-Joe <suzhou@amazon.com> Co-authored-by: Hailong Cui <ihailong@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When OSD don't have authentication enabled, there is no user/role. In this case, permission check for workspace need to be disabled, otherwise it will block the access to saved objects belongs to workspaces.
To support this we could check whether authentication has configured, but it lose the flexibility to turn on/off based on user's need.
By adding a new flag in yml file, it is more flexible, user could turn permission check off even if authentication is enabled.
This flag will skip permission check totally. However, for creating/updating workspace, it will still persistent the ACL related information, that info could be reuse when permission check turned on.
Issues Resolved
Screenshot
Testing the changes
Check List
yarn test:jestyarn test:jest_integrationyarn test:ftr