Refactor permissions functions #2468
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Now that space supporter implementation is complete we can collapse a bunch of functions in permissions.rb and finalize naming conventions that we're mostly happy with. * include space supporter in ALL_PERMISSIONS * removed space supporter specific mentions in permissions.rb Co-authored-by: Mona Mohebbi <[email protected]> Co-authored-by: Merric de Launey <[email protected]> Co-authored-by: Matthew Kocher <[email protected]>
|
I'm going to be OOO tomorrow but I'll plan to have a look at this on Wednesday. In the meantime just want to call out it looks like we've got some merge conflicts to resolve |
|
Thank you. We resolved the merge conflicts. /cc @MerricdeLauney |
lib/cloud_controller/permissions.rb
Outdated
| @@ -288,15 +262,15 @@ def can_read_system_environment_variables?(space_guid, org_guid) | |||
| membership.has_any_roles?(ROLES_FOR_SPACE_SECRETS_READING, space_guid, org_guid) | |||
| end | |||
|
|
|||
| def untrusted_can_read_route?(space_guid, org_guid) | |||
| return true if can_read_globally? | |||
| # def can_read_route?(space_guid, org_guid) | |||
There was a problem hiding this comment.
Is there a reason we've left this method commented out rather than removing it?
sweinstein22
suggested changes
Aug 18, 2021
There was a problem hiding this comment.
Code Review
I'm noticing that for the most part we were just removing supporter or untrusted from method names, and then making the adjustment to ALL_PERMISSIONS to include space_supporter. The exceptions seem to be:
untrusted_can_write_to_space => can_manage_apps_in_space
untrusted_can_read_from_space => can_download_droplet
Looks like we updated the tests as appropriate for those two.
Changes Requested
I did a quick search through the branch for untrusted and noticed we still seem to have mention of some of these methods in:
service_route_bindings_controller.rb
service_instances_controller.rb
I think addressing those would be part of the associated issue for this PR. I also left a comment on one section, looks like we left in a commented out method, just wondering if we left it for a specific reason.
4 tasks
Needed for #2462. Rubocop 1.19 includes changes to the ConditionalAssignment that cause it to flag some `case` statements as violations. We don't agree with the ConditionalAssignment cop's preferred style, so we're going to disable it.
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.18.3 to 1.19.0. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.18.3...v1.19.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
This commit goes alongside work to TPS and runtimeschema. Together they allow CF-for-VMs users to see when their app instances get evacuated from Diego Cells. As a user running a complex web service on top of Cloud Foundry, it can be confusing when apps seem to restart for no reason. Even once users understand this happens during Diego updates, they still have no automatic insight into when that happened. The audit event is called `audit.app.process.rescheduling` so that is quite generic to whatever container scheduler is used behind the scenes. For instance Eirini could talk to this endpoint and provide a different `reason` string to explain the rescheduling.
Co-authored-by: Matthew Kocher <[email protected]> Co-authored-by: Merric de Launey <[email protected]>
- this is a little odd because route destinations store http2 but don't store tcp as a version. This causes us to have to handle some edge cases so there are a lot of specs - noticed that internal routes are currently reported to be http though they do not logically have a protocol as they're just a DNS entry - not using this field yet. next we will use this to decorate the routing information of the LRPs. - this is a big commit. We regret that we cannot find a good way to make it smaller. Authored-by: Merric de Launey <[email protected]>
* Also refactored the routinginfo class Co-authored-by: Michael Oleske <[email protected]> Co-authored-by: Carson Long <[email protected]>
Co-authored-by: Michael Oleske <[email protected]> Co-authored-by: Carson Long <[email protected]>
Co-authored-by: Michael Oleske <[email protected]> Co-authored-by: Carson Long <[email protected]>
Co-authored-by: Michael Oleske <[email protected]> Co-authored-by: Carson Long <[email protected]>
Co-authored-by: Michael Oleske <[email protected]> Co-authored-by: Carson Long <[email protected]>
cloudfoundry/routing-release#200 Co-authored-by: Michael Oleske <[email protected]> Co-authored-by: Carson Long <[email protected]>
cloudfoundry/routing-release#200 Co-authored-by: Michael Oleske <[email protected]>
- clarify when http1/http2/tcp are valid based on route protocol - mention it could be null Co-authored-by: Michael Oleske <[email protected]>
Co-authored-by: Carson Long <[email protected]>
When adding route destination and it already exists with different protocol
Co-authored-by: Carson Long <[email protected]>
Co-authored-by: Weyman Fung <[email protected]> Co-authored-by: Carson Long <[email protected]>
* applies only to non root and info endpoints * applies only if the space supporter role is the only role assigned * applies only if the flag to enable usage of the space supporter is set to true * addresses #2434 Co-authored-by: Mona Mohebbi <[email protected]> Co-authored-by: Merric de Launey <[email protected]> Co-authored-by: Matthew Kocher <[email protected]> Co-authored-by: Weyman Fung <[email protected]>
Bumps [listen](https://github.com/guard/listen) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/guard/listen/releases) - [Commits](guard/listen@v3.6.0...v3.7.0) --- updated-dependencies: - dependency-name: listen dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.19.0 to 1.19.1. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.19.0...v1.19.1) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Matthew Kocher <[email protected]> Co-authored-by: Merric de Launey <[email protected]>
- this is a little odd because route destinations store http2 but don't store tcp as a version. This causes us to have to handle some edge cases so there are a lot of specs - noticed that internal routes are currently reported to be http though they do not logically have a protocol as they're just a DNS entry - not using this field yet. next we will use this to decorate the routing information of the LRPs. - this is a big commit. We regret that we cannot find a good way to make it smaller. Authored-by: Merric de Launey <[email protected]>
address #2468 Authored-by: Mona Mohebbi <[email protected]>
|
monamohebbi
added a commit
that referenced
this pull request
Aug 20, 2021
address #2468 Authored-by: Mona Mohebbi <[email protected]>
|
this branch has gotten a little too messy. Opening a new pr with the right commits cherry picked on top |
monamohebbi
added a commit
that referenced
this pull request
Aug 23, 2021
address #2468 Authored-by: Mona Mohebbi <[email protected]>
sweinstein22
pushed a commit
that referenced
this pull request
Aug 23, 2021
* Refactor permissions functions Now that space supporter implementation is complete we can collapse a bunch of functions in permissions.rb and finalize naming conventions that we're mostly happy with. * include space supporter in ALL_PERMISSIONS * removed space supporter specific mentions in permissions.rb address #2468 Co-authored-by: Mona Mohebbi <[email protected]> Co-authored-by: Merric de Launey <[email protected]> Co-authored-by: Matthew Kocher <[email protected]>
mkocher
added
the
space-application-supporter
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Now that space supporter implementation is complete we can collapse a
bunch of functions in permissions.rb and finalize naming conventions
that we're mostly happy with.
Co-authored-by: Mona Mohebbi [email protected]
Co-authored-by: Merric de Launey [email protected]
Co-authored-by: Matthew Kocher [email protected]
Thanks for contributing to cloud_controller_ng. To speed up the process of reviewing your pull request please provide us with:
A short explanation of the proposed change:
An explanation of the use cases your change solves
Links to any other associated PRs
I have reviewed the contributing guide
I have viewed, signed, and submitted the Contributor License Agreement
I have made this pull request to the
mainbranchI have run all the unit tests using
bundle exec rakeI have run CF Acceptance Tests