fix(rbac): add additional validation for permission policies #1908
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dzemanov
requested review from
AndrienkoAleksandr,
PatAKnight and
a team
as code owners
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
dzemanov
force-pushed
the
rbac-policy-validation
branch
from
94556de to
e731798
Compare
There was a problem hiding this comment.
I tested this pr - works like expected. And I'm fine with current pr code. There is only one small minus - we have duplication permission policy action values. @dzemanov I can propose small improvements to fix that: https://github.com/janus-idp/backstage-plugins/compare/rbac-policy-validation...cloud-eda:backstage-plugins:rbac-policy-valivation-alternative?expand=1 . But it is optional and up to you and these changes require one more release of the common package. @PatAKnight what do you think?
|
@AndrienkoAleksandr yes, was thinking about this as well. If it is ok to release new version, I would go with your proposed changes. |
dzemanov
force-pushed
the
rbac-policy-validation
branch
3 times, most recently
from
d1b8fcc to
d5db112
Compare
Signed-off-by: Oleksandr Andriienko <[email protected]>
dzemanov
force-pushed
the
rbac-policy-validation
branch
from
d5db112 to
2383384
Compare
|
AndrienkoAleksandr
approved these changes
Aug 5, 2024
janus-idp bot
pushed a commit
that referenced
this pull request
Aug 5, 2024
## @janus-idp/backstage-plugin-rbac-common [1.8.1](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Bug Fixes * **rbac:** add additional validation for permission policies ([#1908](#1908)) ([592498f](592498f)), closes [#1939](#1939)
janus-idp bot
pushed a commit
that referenced
this pull request
Aug 5, 2024
## [1.17.2](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Bug Fixes * **rbac:** add additional validation for permission policies ([#1908](#1908)) ([592498f](592498f)), closes [#1939](#1939) * **topology:** bump shared-react dependency ([#2006](#2006)) ([5c939fb](5c939fb))
janus-idp bot
pushed a commit
that referenced
this pull request
Aug 5, 2024
## [1.26.1](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Bug Fixes * **rbac:** add additional validation for permission policies ([#1908](#1908)) ([592498f](592498f)), closes [#1939](#1939) * **topology:** bump shared-react dependency ([#2006](#2006)) ([5c939fb](5c939fb))
janus-idp bot
pushed a commit
that referenced
this pull request
Aug 5, 2024
## [4.7.2](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Bug Fixes * **rbac:** add additional validation for permission policies ([#1908](#1908)) ([592498f](592498f)), closes [#1939](#1939) * **topology:** bump shared-react dependency ([#2006](#2006)) ([5c939fb](5c939fb))
janus-idp bot
pushed a commit
that referenced
this pull request
Aug 5, 2024
## [1.25.0](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Features * **argocd:** add permission support for argocd ([#1855](#1855)) ([3b78237](3b78237)) * **kiali:** traffic graph ([#1606](#1606)) ([657fef9](657fef9)) * **lightspeed:** add a new lightspeed plugin with basic implementation of chat ([#1889](#1889)) ([cb80e38](cb80e38)) * **rbac:** show list of accessible plugins in roles list page ([#1894](#1894)) ([62d9d6c](62d9d6c)) * **tekton:** add permissions support for tekton plugin ([#1854](#1854)) ([f744896](f744896)) * **topology:** remove usage of k8s plugin from topology & tekton plugins ([#1869](#1869)) ([ae7d8ee](ae7d8ee)) ### Bug Fixes * argocd dependency package version ([#1992](#1992)) ([e3c4419](e3c4419)) * **argocd:** fix argocd naming ([#1990](#1990)) ([6b764a8](6b764a8)) * **argocd:** fix argocd-common plugin version ([#1987](#1987)) ([fb441fe](fb441fe)) * **deps:** downgrade shared-react in acr ([#1996](#1996)) ([3d669d2](3d669d2)) * **orchestrator:** remove default pagination on v2 endpoints ([#1983](#1983)) ([5e30274](5e30274)) * **rbac:** add additional validation for permission policies ([#1908](#1908)) ([592498f](592498f)), closes [#1939](#1939) * **rbac:** fix uncommited knex transaction in the addGroupingPolicies ([#1968](#1968)) ([24d5eef](24d5eef)) * **rbac:** log when plugin has no permissions ([#1917](#1917)) ([cc8752b](cc8752b)) * **topology:** bump shared-react dependency ([#2006](#2006)) ([5c939fb](5c939fb)) ### Documentation * **argocd:** update argocd configuration documentation ([#1875](#1875)) ([054ceec](054ceec)) * **quay:** add documentation for the new credential settings in proxy backend ([#1902](#1902)) ([e04d231](e04d231))
debsmita1
pushed a commit
to debsmita1/backstage-plugins
that referenced
this pull request
Aug 9, 2024
…dp#1908) * fix(rbac): add additional validation for permission policies * fix(rbac): remove duplication permission action values (janus-idp#1939) Signed-off-by: Oleksandr Andriienko <[email protected]> --------- Signed-off-by: Oleksandr Andriienko <[email protected]> Co-authored-by: Oleksandr Andriienko <[email protected]>
debsmita1
pushed a commit
to debsmita1/backstage-plugins
that referenced
this pull request
Aug 9, 2024
## @janus-idp/backstage-plugin-rbac-common [1.8.1](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Bug Fixes * **rbac:** add additional validation for permission policies ([janus-idp#1908](janus-idp#1908)) ([592498f](janus-idp@592498f)), closes [janus-idp#1939](janus-idp#1939)
debsmita1
pushed a commit
to debsmita1/backstage-plugins
that referenced
this pull request
Aug 9, 2024
## [1.17.2](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Bug Fixes * **rbac:** add additional validation for permission policies ([janus-idp#1908](janus-idp#1908)) ([592498f](janus-idp@592498f)), closes [janus-idp#1939](janus-idp#1939) * **topology:** bump shared-react dependency ([janus-idp#2006](janus-idp#2006)) ([5c939fb](janus-idp@5c939fb))
debsmita1
pushed a commit
to debsmita1/backstage-plugins
that referenced
this pull request
Aug 9, 2024
## [1.26.1](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Bug Fixes * **rbac:** add additional validation for permission policies ([janus-idp#1908](janus-idp#1908)) ([592498f](janus-idp@592498f)), closes [janus-idp#1939](janus-idp#1939) * **topology:** bump shared-react dependency ([janus-idp#2006](janus-idp#2006)) ([5c939fb](janus-idp@5c939fb))
debsmita1
pushed a commit
to debsmita1/backstage-plugins
that referenced
this pull request
Aug 9, 2024
## [4.7.2](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Bug Fixes * **rbac:** add additional validation for permission policies ([janus-idp#1908](janus-idp#1908)) ([592498f](janus-idp@592498f)), closes [janus-idp#1939](janus-idp#1939) * **topology:** bump shared-react dependency ([janus-idp#2006](janus-idp#2006)) ([5c939fb](janus-idp@5c939fb))
debsmita1
pushed a commit
to debsmita1/backstage-plugins
that referenced
this pull request
Aug 9, 2024
## [1.25.0](https://github.com/janus-idp/backstage-plugins/compare/@janus-idp/[email protected]...@janus-idp/[email protected]) (2024-08-05) ### Features * **argocd:** add permission support for argocd ([janus-idp#1855](janus-idp#1855)) ([3b78237](janus-idp@3b78237)) * **kiali:** traffic graph ([janus-idp#1606](janus-idp#1606)) ([657fef9](janus-idp@657fef9)) * **lightspeed:** add a new lightspeed plugin with basic implementation of chat ([janus-idp#1889](janus-idp#1889)) ([cb80e38](janus-idp@cb80e38)) * **rbac:** show list of accessible plugins in roles list page ([janus-idp#1894](janus-idp#1894)) ([62d9d6c](janus-idp@62d9d6c)) * **tekton:** add permissions support for tekton plugin ([janus-idp#1854](janus-idp#1854)) ([f744896](janus-idp@f744896)) * **topology:** remove usage of k8s plugin from topology & tekton plugins ([janus-idp#1869](janus-idp#1869)) ([ae7d8ee](janus-idp@ae7d8ee)) ### Bug Fixes * argocd dependency package version ([janus-idp#1992](janus-idp#1992)) ([e3c4419](janus-idp@e3c4419)) * **argocd:** fix argocd naming ([janus-idp#1990](janus-idp#1990)) ([6b764a8](janus-idp@6b764a8)) * **argocd:** fix argocd-common plugin version ([janus-idp#1987](janus-idp#1987)) ([fb441fe](janus-idp@fb441fe)) * **deps:** downgrade shared-react in acr ([janus-idp#1996](janus-idp#1996)) ([3d669d2](janus-idp@3d669d2)) * **orchestrator:** remove default pagination on v2 endpoints ([janus-idp#1983](janus-idp#1983)) ([5e30274](janus-idp@5e30274)) * **rbac:** add additional validation for permission policies ([janus-idp#1908](janus-idp#1908)) ([592498f](janus-idp@592498f)), closes [janus-idp#1939](janus-idp#1939) * **rbac:** fix uncommited knex transaction in the addGroupingPolicies ([janus-idp#1968](janus-idp#1968)) ([24d5eef](janus-idp@24d5eef)) * **rbac:** log when plugin has no permissions ([janus-idp#1917](janus-idp#1917)) ([cc8752b](janus-idp@cc8752b)) * **topology:** bump shared-react dependency ([janus-idp#2006](janus-idp#2006)) ([5c939fb](janus-idp@5c939fb)) ### Documentation * **argocd:** update argocd configuration documentation ([janus-idp#1875](janus-idp#1875)) ([054ceec](janus-idp@054ceec)) * **quay:** add documentation for the new credential settings in proxy backend ([janus-idp#1902](janus-idp#1902)) ([e04d231](janus-idp@e04d231))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds validation to the policy section of permission policies. The only allowed terms that can be used are create, read, update, delete, and our RBAC specific keyword use.
Closes #996.