Feature branch for IAM V2 force upgrade #2783
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Brenna Hewer-Darroch <[email protected]>
Signed-off-by: michael sorens <[email protected]>
Signed-off-by: michael sorens <[email protected]>
* Add method for proto parity Adding PurgeUserMembership to allow replacing the v1 team client with a v2 version. Signed-off-by: michael sorens <[email protected]> * Switch v1 team client to v2 team client Signed-off-by: michael sorens <[email protected]> * Implement necessary method for the revised interface Signed-off-by: michael sorens <[email protected]> * Update bldr.toml Removed dependency required rerunning `generate_bldr_config` Signed-off-by: michael sorens <[email protected]> * Correct admins team name per feedback Signed-off-by: michael sorens <[email protected]>
* Added general structure and TODOs for how to migrate up to the point of force upgrade Copied over code from migrator.go because we can't use the generic version anymore. Migrating up to the last SQL schema migration before we want to force upgrade. Started porting MigrateToV2 GRPC function over to the migration code. Signed-off-by: Tyler Cloke <[email protected]> * Remove ApplyV2DataMigrations db function and finish applying any data_migrations as part of the post-force-upgrade process Signed-off-by: Tyler Cloke <[email protected]> * Ported creation of default roles for v1 force upgrade Signed-off-by: Tyler Cloke <[email protected]> * Port defaultPolicies Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Port CreatePolicy Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Port code we might need for legacy migration Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * WIP Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Everything is compiling Signed-off-by: Tyler Cloke <[email protected]> * Added force_upgrade_status to only run force upgrade once Signed-off-by: Tyler Cloke <[email protected]> * Remove UpgradeToV2 from cli/gateway Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Remove auto-upgrade from studio Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Record migration status for versioning Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Rename constant Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Remove unused migration Signed-off-by: Tyler Cloke <[email protected]> * Use migration status to control migration logic Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Do TODOs Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Remove migration-related server code Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Updated our use of migration_status and cleaned up file layout Signed-off-by: Tyler Cloke <[email protected]> * Fixed variable name Signed-off-by: Tyler Cloke <[email protected]> * It working Signed-off-by: Tyler Cloke <[email protected]> * Initial porting work for tests Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Working on db tests Signed-off-by: Tyler Cloke <[email protected]> * It's passsssing Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Legacy Policy test Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Does not migrate legacy pols w/o subjs Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Legacy policies Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Migrates only valid v1 policies Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Simply log unmigrated policies These were already invalid in v1. No big deal if they aren't migrated. Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Add comment Signed-off-by: Tyler Cloke <[email protected]> * Renames/cleanup Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Remove ResetToV1 from gateway Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Updates bldr.toml Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Compilation errors from server change Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * remove resettov1 Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Fix :allthethings: Signed-off-by: Tyler Cloke <[email protected]> * Linting Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Trying to get CI happy Signed-off-by: Tyler Cloke <[email protected]> * Remove upgrade-to-v2 cmd Signed-off-by: Tyler Cloke <[email protected]> * Remove upgrade-to-v2 Signed-off-by: Tyler Cloke <[email protected]> * No longer have PreconditionFailed to tell v1 requests the gateway is in v2 mode. Just always use v2. Signed-off-by: Tyler Cloke <[email protected]> * Hopefully tests pass now Signed-off-by: Tyler Cloke <[email protected]> * Bldr config Signed-off-by: Tyler Cloke <[email protected]> * Add deny for infra:ingest:* to default policy migration Signed-off-by: Tyler Cloke <[email protected]> * Delete extra comment Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * add clarity to func Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Only migrate v1 policies on upgrade Signed-off-by: Blake Johnson <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Review comments Signed-off-by: Tyler Cloke <[email protected]> * Update components/authz-service/storage/postgres/postgres.go Co-Authored-By: M Sorens <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Update components/authz-service/storage/postgres/migration/migration.go Co-Authored-By: M Sorens <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Update components/authz-service/storage/postgres/migration/migration.go Co-Authored-By: M Sorens <[email protected]> Signed-off-by: Tyler Cloke <[email protected]> * Last review comments Signed-off-by: Tyler Cloke <[email protected]> Co-authored-by: Tyler Cloke <[email protected]> Co-authored-by: M Sorens <[email protected]>
Signed-off-by: Brenna Hewer-Darroch <[email protected]>
* combine iamv1 pages into 1 Signed-off-by: susanev <[email protected]> * change users, teams, api tokens to iam v2 Signed-off-by: susanev <[email protected]> * added pages for policies, projects, roles Signed-off-by: susanev <[email protected]> * Copyedits and edits for clarity Signed-off-by: Mary Jinglewski <[email protected]> Co-authored-by: mjingle <[email protected]> Co-authored-by: susanev <[email protected]>
* Move operator team rename into schema migs Signed-off-by: Blake Johnson <[email protected]> * Integrate cli migration into schema migration Signed-off-by: Blake Johnson <[email protected]> * Remove datamigrations Signed-off-by: Blake Johnson <[email protected]> * Rename migration Signed-off-by: Blake Johnson <[email protected]> * Remove refs to datamigration Signed-off-by: Blake Johnson <[email protected]> * Remove refs to upgrade/reset iam
Signed-off-by: kagarmoe <[email protected]>
Signed-off-by: Tyler Cloke <[email protected]>
Signed-off-by: michael sorens <[email protected]>
Signed-off-by: Blake Johnson <[email protected]>
blakestier
force-pushed
the
force-upgrade
branch
from
44d85c6 to
af485b2
Compare
* chef-automate admin-token is no more Co-authored-by: Brenna Hewer-Darroch <[email protected]> Co-authored-by: Mary Jinglewski <[email protected]>
* Update roles to have infra:nodes/nodeManagers over infra:* Signed-off-by: Blake Johnson <[email protected]> * Update roles to not have system access Signed-off-by: Blake Johnson <[email protected]> * Update docs with system change Signed-off-by: Blake Johnson <[email protected]> * update sql readme Signed-off-by: Blake Johnson <[email protected]> * Refactor query to work w/o policy Signed-off-by: Blake Johnson <[email protected]> * Add telemetry perms into default system policies Signed-off-by: Blake Johnson <[email protected]> * Update tests Signed-off-by: Blake Johnson <[email protected]> * Remove non-existent action for telemetry Signed-off-by: Blake Johnson <[email protected]> * remove (in tests) permission to request license to roles Signed-off-by: Blake Johnson <[email protected]> * Modify integration script Signed-off-by: Blake Johnson <[email protected]> * Add comments Signed-off-by: Blake Johnson <[email protected]> * Adds applications to roles Signed-off-by: Blake Johnson <[email protected]>
* Update proto generation for v2-only Signed-off-by: michael sorens <[email protected]> * Remove v2 distinction in the generated code Signed-off-by: michael sorens <[email protected]> * Remove v1 protoc generation Signed-off-by: michael sorens <[email protected]> * Remove v2 from the generated pb file name Signed-off-by: michael sorens <[email protected]> * Correct path * Manual cleanup to get things building Not sure why these were not covered by the regeneration but was getting this error until I found and removed these: $ make build build github.com/chef/automate/components/automate-gateway/cmd/automate-gateway: cannot load github.com/chef/automate/components/automate-gateway/authz/policy_v2: open /Users/msorens/code/go/src/github.com/chef/automate/components/automate-gateway/authz/policy_v2: no such file or directory Signed-off-by: michael sorens <[email protected]> * Regenerate bldr.toml Signed-off-by: michael sorens <[email protected]> * Relocate pairs and policy under iam dir Signed-off-by: michael sorens <[email protected]> * Minor cleanup Signed-off-by: michael sorens <[email protected]> * Apply review feedback Signed-off-by: michael sorens <[email protected]> * Regenerate v2-only pb files compile_all_protobuf_components Signed-off-by: michael sorens <[email protected]> * Regenerate docs from protos make sync_swagger_files Signed-off-by: michael sorens <[email protected]>
susanev
changed the title
susanev
approved these changes
Mar 26, 2020
Signed-off-by: michael sorens <[email protected]>
msorens
approved these changes
Mar 26, 2020
bcmdarroch
approved these changes
Mar 26, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔩 Description: What code changed, and why?
this feature branch contains all the work outlined in these issues #2978
⛓️ Related Resources
force upgrade release
👟 How to Build and Test the Change
rebuild all the things
✅ Checklist