Skip to content

Commit

Permalink
[PLAT-16520][YBA CLI]RBAC commands don't run even if we have permissi…
Browse files Browse the repository at this point in the history 
…ons due to depending upon getting runtime config key.

Summary: Switch the GetConfigurationKey API with the ListFeatureFlags API which does not depend on user auth permission

Test Plan:
Same user is with ROLE.READ permission is used in the following commands:
```
yba runtime-config scope key get -u 00000000-0000-0000-0000-000000000000 -n yb.rbac.use_new_authz
Runtime Configuration Scope Key, Operation: Get - 401 Unauthorized
```

```
yba rbac role list
Name                 UUID                                   Role Type
ReadOnly             8c82c14d-b3ba-45aa-b7ff-f005689e8b9e   System
BackupAdmin          73f81706-4134-48f6-9db3-7f9f88eb5385   System
ConnectOnly          b0aa88a1-908e-4d86-bc75-e851b7f4e78a   System
Admin                cf0e81cd-1442-4ef8-aa95-7f59bc6ff1ca   System
SuperAdmin           f3619a4d-3ae4-45b4-81af-fbac8298a3fe   System
Access Manager       3c0d3992-7a29-4a70-8d12-2725657b5a62   Custom
User Admin           423fc23d-af1c-4b5d-b503-8a8df4b53d62   Custom
Sarthak              03cf79f0-ff86-4953-adb5-239683da4bf3   Custom
universe_create      430b1fce-20e6-4469-9ce2-aab6f203cb95   Custom
lingesh-readonly     55fd3743-78b2-4dcf-8930-4d45e036e26e   Custom
Universe Admin       45fe16f5-2f00-4c41-91f0-6e976dc42d46   Custom
custom_sample_role   77142296-6f6d-43a6-a095-efd76e38b92c   Custom
SelectRead           eda2d5dd-02d1-4f96-a959-e8c6b2b0ddbf   Custom
test2                cdcca230-e00b-4344-b74d-9de86ffee537   Custom
kkannan-role         520ba59f-5ed3-4ff0-80a9-f3c768ba6f98   Custom
test-cli-error       742e8f19-6e22-4b12-88ca-184449d153e9   Custom
```
Before RBAC is enabled:
```
yba rbac role list
RBAC is not enabled in YugabyteDB Anywhere. Please enable `yb.rbac.use_new_authz` runtime configuration
```

Reviewers: skurapati

Reviewed By: skurapati

Subscribers: yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D41400
  • Loading branch information
@Deepti-yb
Deepti-yb committed Jan 22, 2025
1 parent 4f5b411 commit 1e458c0
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 4 deletions.
12 changes: 9 additions & 3 deletions managed/yba-cli/cmd/rbac/rbacutil/rbacutil.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,22 @@ func RBACRuntimeConfigurationCheck(
authAPI *ybaAuthClient.AuthAPIClient,
commandCall, operation string,
) (bool, error) {
scopeUUID := "00000000-0000-0000-0000-000000000000" // global scope
key := "yb.rbac.use_new_authz"
rbacAllow, response, err := authAPI.GetConfigurationKey(scopeUUID, key).Execute()
configs, response, err := authAPI.ListFeatureFlags().Execute()
if err != nil {
errMessage := util.ErrorFromHTTPResponse(
response,
err,
commandCall, operation+" - Get Runtime Configuration Key")
commandCall, operation+" - List Feature Flags")
return false, errMessage
}
rbacAllow := ""
for _, config := range configs {
if strings.Compare(config.GetKey(), key) == 0 {
rbacAllow = config.GetValue()
break
}
}
rbacAllowBool, err := strconv.ParseBool(rbacAllow)
if err != nil {
return false, err
Expand Down
2 changes: 1 addition & 1 deletion managed/yba-cli/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ require (
github.com/spf13/cobra v1.8.0
github.com/spf13/viper v1.16.0
github.com/t-tomalak/logrus-easy-formatter v0.0.0-20190827215021-c074f06c5816
github.com/yugabyte/platform-go-client v0.0.0-20250108174345-2b77835c43dd
github.com/yugabyte/platform-go-client v0.0.0-20250122081443-8861dfbdba1f
golang.org/x/exp v0.0.0-20230905200255-921286631fa9
golang.org/x/term v0.16.0
gopkg.in/yaml.v2 v2.4.0
Expand Down
2 changes: 2 additions & 0 deletions managed/yba-cli/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,8 @@ github.com/yugabyte/platform-go-client v0.0.0-20241205095029-072895277ae1 h1:V4S
github.com/yugabyte/platform-go-client v0.0.0-20241205095029-072895277ae1/go.mod h1:ZErtCh7Ig1QkNpWuGQ5YtaEJvD4fKdDS+iQxJfIlGMQ=
github.com/yugabyte/platform-go-client v0.0.0-20250108174345-2b77835c43dd h1:kxiGlokT2Si/+gwsUNJwXtDDrTMCIyihLb/2H2SBdbk=
github.com/yugabyte/platform-go-client v0.0.0-20250108174345-2b77835c43dd/go.mod h1:ZErtCh7Ig1QkNpWuGQ5YtaEJvD4fKdDS+iQxJfIlGMQ=
github.com/yugabyte/platform-go-client v0.0.0-20250122081443-8861dfbdba1f h1:Hx79ImyZSm9Ya2+L/i7y3kWkfea2ACt9PBVhz7wlZUU=
github.com/yugabyte/platform-go-client v0.0.0-20250122081443-8861dfbdba1f/go.mod h1:ZErtCh7Ig1QkNpWuGQ5YtaEJvD4fKdDS+iQxJfIlGMQ=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
Expand Down
6 changes: 6 additions & 0 deletions managed/yba-cli/internal/client/runtimeconfiguration.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,3 +58,9 @@ func (a *AuthAPIClient) DeleteKey(scope, key string) (
a.CustomerUUID,
scope, key)
}

// ListFeatureFlags fetches list of feature flags
func (a *AuthAPIClient) ListFeatureFlags() (
ybaclient.RuntimeConfigurationApiApiListFeatureFlagsRequest) {
return a.APIClient.RuntimeConfigurationApi.ListFeatureFlags(a.ctx)
}

0 comments on commit 1e458c0

Please sign in to comment.