Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: fix groups in children scopes being filtered out by grants #5418

Merged
merged 28 commits into from
Jan 24, 2025
Merged

Bug: fix groups in children scopes being filtered out by grants #5418

merged 28 commits into from
Jan 24, 2025

Conversation

bosorawis
Copy link
Collaborator

@bosorawis bosorawis commented Jan 8, 2025
edited
Loading

Resources are being filtered out due to missing ParentScopeId when constructing Resource to pass into authResults.FetchActionSetForId. This PR includes adding utility functions to help with setting up proper authorization

@bosorawis bosorawis requested a review from a team as a code owner January 8, 2025 01:12
bosorawis added a commit that referenced this pull request Jan 8, 2025
@bosorawis
pull shared test utility code from PR #5418
56ca6f0
johanbrandhorst
johanbrandhorst previously approved these changes Jan 9, 2025
View reviewed changes
elimt
elimt reviewed Jan 9, 2025
View reviewed changes
Copy link
Member

@elimt elimt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need

internal/daemon/controller/handlers/groups/grants_test.go Show resolved Hide resolved
internal/daemon/controller/handlers/groups/group_service.go Show resolved Hide resolved
elimt
elimt previously approved these changes Jan 9, 2025
View reviewed changes
internal/daemon/controller/handlers/groups/grants_test.go Outdated Show resolved Hide resolved
@bosorawis bosorawis added this to the 0.19.x milestone Jan 10, 2025
@bosorawis bosorawis force-pushed the bosorawis-bug-fix-list-resource-filtering-out-children-scope branch from f3ade6c to d195247 Compare January 10, 2025 18:18
ddebko
ddebko previously approved these changes Jan 22, 2025
View reviewed changes
bosorawis and others added 19 commits January 23, 2025 14:36
@bosorawis
remove print
255c49a
@bosorawis
changelog
8ebe8ee
@elimt @bosorawis
fix(alias): set parent scope id for alias resource (#5434)
d7ce6f3 
set the `ParentScopeId` before fetching authorized actions for alias
@elimt @bosorawis
fix(worker): set parent scope id for worker resource (#5435)
b4060fb 
set the `ParentScopeId` before fetching authorized actions for worker
@elimt @bosorawis
fix(user): children scopes being filtered out by grants for user (#5436)
dd0c054 
* fix(user): children scopes being filtered out by grants for user

Resources are being filtered out due to missing ParentScopeId when constructing Resource to pass into authResults.FetchActionSetForId.
@elimt @bosorawis
fix(scope): set parent scope id for worker resource (#5439)
fafb367 
set the `ParentScopeId` before fetching authorized actions for worker
@elimt @bosorawis
fix(target): set parent scope id for target resource (#5447)
2cea6ea 
set the `ParentScopeId` before fetching authorized actions for target
@elimt @bosorawis
fix(roles): set parent scope id for roles resource (#5452)
3968bf9 
* fix(roles): set parent scope id for roles resource

set the `ParentScopeId` before fetching authorized actions for role resource
@elimt @bosorawis
test(managed-group): add grants test coverage (#5453)
4e48003 
* fix(managed-group): set parent scope id for managed-group resource

set the ParentScopeId before fetching authorized actions for managed resource
@elimt @bosorawis
fix(host): set parent scope id for host resource (#5455)
204d328 
set the `ParentScopeId` before fetching authorized actions for host resource
@elimt @bosorawis
fix(host-set): set parent scope id for host-set resource (#5456)
aa3bb04 
set the ParentScopeId before fetching authorized actions for host-set resource
@elimt @bosorawis
fix(host-catalog): set parent scope id for host-catalog resource (#5457)
5e74c69 
set the ParentScopeId before fetching authorized actions for host-catalog resource
@elimt @bosorawis
fix(credential-store): set parent scope id for credential-store resou…
65e9452 
…rce (#5458)

set the ParentScopeId before fetching authorized actions for credential-store resource
@bosorawis
fix(authmethods): set parent scope ID for auth methods resource (#5448)
64bd692 
* handlers/authmethods: fix children permission

* documentation

* formatting
@elimt @bosorawis
fix(credential): set parent scope id for credential resource (#5459)
537ed18 
set the `ParentScopeId` before fetching authorized actions for credential resource
@bosorawis
fix(accounts): bug grants filter children accounts (#5431)
8b75c1e 
* handlers/accounts: fix children grants filtering out results unexpectedly

* make gen
@bosorawis
fix(authtokens): set parent scope ID for auth token resource (#5451)
aa7f13d 
* fix authtokens not passing children scope ID

* make gen
@bosorawis
fix(credential-libraries): set parent scope ID (#5463)
aeaae55
@bosorawis
fix(common) set parent ID before fetching action setsparent ID before…
72892f2 
… fetching action sets (#5467)

* fix(common) set parent ID before fetching action sets

* make gen

* additional test

* rename test

* more tests

* remove duplicate test

* make gen
@bosorawis bosorawis force-pushed the bosorawis-bug-fix-list-resource-filtering-out-children-scope branch from bf4a4c3 to 72892f2 Compare January 23, 2025 22:39
tmessi
tmessi previously approved these changes Jan 24, 2025
View reviewed changes
johanbrandhorst
johanbrandhorst reviewed Jan 24, 2025
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@bosorawis @johanbrandhorst
Update CHANGELOG.md
09d75dc 
Co-authored-by: Johan Brandhorst-Satzkorn <[email protected]>
@bosorawis bosorawis merged commit 7c4451d into main Jan 24, 2025
61 of 63 checks passed
@bosorawis bosorawis deleted the bosorawis-bug-fix-list-resource-filtering-out-children-scope branch January 24, 2025 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johanbrandhorst johanbrandhorst johanbrandhorst approved these changes

@tmessi tmessi tmessi left review comments

@elimt elimt Awaiting requested review from elimt

@ddebko ddebko Awaiting requested review from ddebko

Assignees
No one assigned
Labels
core/daemon core/iam core
Projects
None yet
Milestone
0.19.x
Development

Successfully merging this pull request may close these issues.
5 participants
@bosorawis @tmessi @johanbrandhorst @elimt @ddebko