Promote Changes to QA - 2/11/2020 #202
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Chris Mitchell <[email protected]>
When proxy returns error, it was not considered. e.g. when the threre is connection error, the program just shows 200 to customer.
Shows error when proxy encounter exception
Signed-off-by: Chris Mitchell <[email protected]>
Update testing to allow for nonadmin and start RonR removal
Signed-off-by: Chris Mitchell <[email protected]>
Signed-off-by: Chris Mitchell <[email protected]>
Add migration aimed at removing RBAC on RBAC roles
In order to not make system and/or platform_default roles available or enforced for applications not integrating with the GA rollout of RBAC, we need to remove these roles from the seed files for the following apps: - ansible-automation - ansible-hub - catalog - remediations - sources - subscriptions Other apps not needing default roles are: - inventory - approval - sources - cost-management However at the time, we don't have default roles for those apps, so we don't need to take any action. A dependent PR has been added to the [RBAC config repo](RedHatInsights/rbac-config#17) to remove these roles from the seed files. That will need to be merged and rolled out before this PR can be merged.
Add data migration to remove default seeded roles
In order to prevent default enforcement of pagination on the `/access/` endpoint,
this will remove the default limit (currently 10) from `/access/` requests, while
keeping it on all other endpoints.
When we get the paginator for the request, we'll now check to see if the `?limit`
query parameter is sent in the request. If so, we'll continue to respect pagination
on the request, and return a paginated response. If `?limit` does not exist in
the request, we will not set a paginator, which in tern will supply the raw
queryset to the serializer.
In order to keep a consistent API payload with and without pagination, we need to
explicitly return the serialized data nested under a `data` object.
**With Pagination:**
_/api/rbac/v1/access/?application=ansible-automation&limit=20_
```
{
"meta": {
"count": 1,
"limit": 20,
"offset": 0
},
"links": {
"first": "/api/rbac/v1/access/?application=ansible-automation&limit=20&offset=0",
"next": null,
"previous": null,
"last": "/api/rbac/v1/access/?application=ansible-automation&limit=20&offset=0"
},
"data": [
{
"permission": "ansible-automation:*:*",
"resourceDefinitions": []
}
]
}
```
**Without Pagination:**
_/api/rbac/v1/access/?application=ansible-automation_
```
{
"data": [
{
"permission": "ansible-automation:*:*",
"resourceDefinitions": []
}
]
}
```
We now have two different possible 200 responses for `/access/`, one with pagination, and one without. OpenAPI 3 supports the use of `anyOf` and `oneOf` for response body schemas [1]. This updates the spec to reflect those possible responses (with and without pagination), and includes examples of each. [1] https://swagger.io/docs/specification/describing-responses/
…cess Remove default `limit` on `/access/` requests
…oles-endpoint Add access count to `/roles/` and `/roles/<uuid>/` endpoints
To support the front-end RBAC efforts, we're adding an endpoint which returns the
serialized access objects for a given role.
The response for a valid role will return a paginated payload such as:
```
{
"meta": {
"count": 2,
"limit": 10,
"offset": 0
},
"links": {
"first": "/api/rbac/v1/roles/3ecac858-4f48-4393-a26b-914ba73477aa/access/?limit=10&offset=0",
"next": null,
"previous": null,
"last": "/api/rbac/v1/roles/3ecac858-4f48-4393-a26b-914ba73477aa/access/?limit=10&offset=0"
},
"data": [
{
"permission": "inventory:*:*",
"resourceDefinitions": []
},
{
"permission": "ansible-automation:*:*",
"resourceDefinitions": []
}
]
}
```
The response for an invalid/non-existent role will return a 404.
Add role access GET endpoint: /roles/<uuid>/access/
astrozzc
previously approved these changes
Feb 11, 2020
…ttings Add settings for smoke test run
coderbydesign
dismissed stale reviews from wcmitchell and astrozzc
via
f64985f
astrozzc
approved these changes
Feb 12, 2020
lpichler
pushed a commit
that referenced
this pull request
Nov 8, 2023
Add Malware Detection application
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Brings the following PRs into stable to move from CI to QA:
#190 - Update testing to allow for nonadmin and start RonR removal
#191 - Shows error when proxy encounter exception
#192 - Add migration aimed at removing RBAC on RBAC roles
#193 - Add data migration to remove default seeded roles
#195 - Remove default
limiton/access/requests#197 - Add access count to
/roles/and/roles/<uuid>/endpoints#198 - Add role access GET endpoint: /roles//access/
#205 - Add settings for smoke test run