[CORE-211] Convert disk operations to new Sam permissions model#4822
[CORE-211] Convert disk operations to new Sam permissions model#4822marctalbott wants to merge 11 commits intodevelopfrom
Conversation
| samResourceId: SamResourceId, | ||
| action: RuntimeAction, | ||
| userEmail: Option[WorkbenchEmail] = None | ||
| object SamUtils { |
There was a problem hiding this comment.
I tried out switching this over to an object instead of a trait to reuse the code in the RuntimeServiceInterp object and found that I slightly prefer it to the trait, but I'm curious to hear what others think! The switchover is in the last commit if you'd like to compare
There was a problem hiding this comment.
I like it better too, it makes the code more readable IMO
marctalbott
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #4822 +/- ##
===========================================
- Coverage 74.62% 74.62% -0.01%
===========================================
Files 166 166
Lines 14692 14632 -60
Branches 1135 1170 +35
===========================================
- Hits 10964 10919 -45
+ Misses 3728 3713 -15
Continue to review full report in Codecov by Sentry.
|
LizBaldo
left a comment
LizBaldo
left a comment
There was a problem hiding this comment.
Looks amazing! I only have a few comments / nits that should not be a blocker for merging. I really appreciate the logical organization by commit, it made it very easy to review, thanks a bunch!
| ) | ||
| _ <- F.raiseWhen(!hasProjectPermission.getOrElse(true))(ForbiddenError(userInfo.userEmail, Some(ctx.traceId))) | ||
|
|
||
| samDiskIds <- samService.listResources(userInfo.accessToken.token, SamResourceType.PersistentDisk) |
There was a problem hiding this comment.
Nice, so the new behavior is that is a user does not have permission (either on the project or list disk action), sam will return an empty list of IDs, and we won't be leaking any info to the user?
There was a problem hiding this comment.
Pretty much -- Sam will return all of the disks that the user has access to and then the query will filter out any disks that are in a different project if cloudContext is defined. Sam doesn't do an explicit permissions check on the project, but it will only return disks that the user has permission to see.
| samDiskIds <- samService.listResources(userInfo.accessToken.token, SamResourceType.PersistentDisk) | ||
| paramMap <- F.fromEither(processListParameters(params)) | ||
| creatorOnly <- F.fromEither(processCreatorOnlyParameter(userInfo.userEmail, params, ctx.traceId)) | ||
| disks <- DiskServiceDbQueries.listDisks(paramMap._1, paramMap._2, creatorOnly, cloudContext).transaction |
There was a problem hiding this comment.
This is so nice to see this code being deleted, thank you!
| diskSamResource3 <- IO(PersistentDiskSamResourceId(UUID.randomUUID.toString)) | ||
| disk3 <- makePersistentDisk(Some(DiskName("d3")), cloudContextOpt = Some(cloudContextGcp)) | ||
| .copy(samResource = diskSamResource1) | ||
| .copy(samResource = diskSamResource3) |
There was a problem hiding this comment.
Ouch, good catch, thanks!
| } | ||
| } yield disk | ||
|
|
||
| private def checkAttachAction[F[_]](userInfo: UserInfo, |
There was a problem hiding this comment.
Nit, would it make sense to move this with the other checkAction function in SamUtils? Might not be in the scope for this PR, but disks can also be attached to apps and so it could make sense to move this logic out of the RuntimeServiceInterp file
| case Some(pd) => | ||
| for { | ||
| _ <- checkAttachAction(userInfo, samService, pd, cloudContext, req.name, ctx.traceId) | ||
| _ <- SamUtils.checkDiskAction(samService, |
There was a problem hiding this comment.
Nice, ignore my last comment then (I was reviewing commit by commit and did not see it yet sorry!
| samResourceId: SamResourceId, | ||
| action: RuntimeAction, | ||
| userEmail: Option[WorkbenchEmail] = None | ||
| object SamUtils { |
There was a problem hiding this comment.
I like it better too, it makes the code more readable IMO
LizBaldo
changed the base branch from
develop
to
revert-4823-mtalbott-revert-listRuntimes
LizBaldo
changed the base branch from
revert-4823-mtalbott-revert-listRuntimes
to
develop
|
Arg, develop had the revert from the runtime changes so I messed this PR a bit sorry! Will likely open a new one to make things clearer, building on top of #4827 |
|
Closing this as I moved over the changes to this PR instead: #4828 |
3 participants
Jira ticket: https://broadworkbench.atlassian.net/browse/CORE-211
Summary of changes
This PR may be easiest to review by stepping through the commits in order. Each commit contains a single operation authz conversion.
What
Why
Testing these changes
What to test
Who tested and where
jenkins retestorjenkins multi-test.