Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relax access requests limitations and refactor AccessRequestsService state #41717

Merged
merged 15 commits into from
May 24, 2024
Merged

Relax access requests limitations and refactor AccessRequestsService state #41717

merged 15 commits into from
May 24, 2024

Conversation

gzdunek
Copy link
Contributor

@gzdunek gzdunek commented May 17, 2024
edited

As of now, we had two limitations when creating access requests:

  1. Resources from root and leaf clusters can't be added to a single request.
  2. Role and resource requests can't be mixed.

As it turned out, 1. was an artificial limitation. It's perfectly fine for the backend to have requests from many clusters in a single access request.
But why did I want to remove it? It's because in the search bar you have access to all resources, so we can't easily block adding resources from a different cluster (and tbh the previous check that was kept in the cluster switcher was really easy to bypass by simply opening multiple access requests tabs).

However, after I removed this limitation, another problem occurred: we don't store cluster URI for the resources.
To fix this, I had to refactor the access requests service (and its state in particular).
The {app: {}, node: {}, ...} was replaced by a Map key by resource URI. This ensures that resources are unique among clusters.
The map value is a request object, which keeps a resource kind, uri, and for servers their hostname.
Previously, the hostname was stored as kindIds[resourceId] = resourceName || resourceId. I must say that I didn't like it, mainly because it was up to the caller to set the name (and it was really easy to miss it). Now it is required by the types for the particular resource type.

As of 2: I moved the check to the access requests service level, because as above, we can't control what the user adds to the request: it may add a role and the go the search bar and add a resource.
I also changed the state shape, now it's roles | resources, not roles & resources` to better reflect the business logic.

TODO: show cluster name in the request checkout of there is more than one cluster in the request.

@gzdunek
Remove the check that prevented changing active cluster while making …
b63211d 
…an access request

This was an artificial limitation, we only need to pass the correct cluster name to each requested resource.
@gzdunek gzdunek added teleport-connect Issues related to Teleport Connect. no-changelog Indicates that a PR does not require a changelog entry labels May 17, 2024
@gzdunek
Refactor access requests state
f132de5 
The aim of this refactor is to disallow mixing resource and role access requests at the type level.
Another thing is that for resource access requests we need to store cluster name.
Because it's not needed for roles, we have to separate these two resource kinds.
@gzdunek
Detect mixing resource and role access request while adding an item i…
01ef8d3 
…nstead of when switching resource tab
@gzdunek
Rename getAddedResourceCount to getAddedItemsCount to avoid conne…
fdc25d8 
…ctions with resource access requests
@gzdunek gzdunek force-pushed the gzdunek/relax-access-requests-limitations branch from fd0574a to fdc25d8 Compare May 17, 2024 15:44
@gzdunek gzdunek marked this pull request as ready for review May 17, 2024 15:45
@gzdunek gzdunek requested review from ravicious and avatus May 17, 2024 15:45
ravicious
ravicious reviewed May 20, 2024
View reviewed changes
Copy link
Member

@ravicious ravicious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I finished midway through the second commit. The change with the types sounds pretty good.

web/packages/teleterm/src/ui/TopBar/Clusters/Clusters.tsx Show resolved Hide resolved
web/packages/teleterm/src/ui/services/workspacesService/accessRequestsService.ts Outdated Show resolved Hide resolved
web/packages/teleterm/src/ui/services/workspacesService/accessRequestsService.ts Outdated Show resolved Hide resolved
@ravicious ravicious self-requested a review May 20, 2024 14:40
ravicious
ravicious reviewed May 21, 2024
View reviewed changes
Copy link
Member

@ravicious ravicious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made it through the second commit, I'll continue the review tomorrow.

So far everything looks fine, my comments are mostly just tangents about keeping type safety of these changes in the future.

web/packages/teleterm/src/ui/AccessRequestCheckout/useAccessRequestCheckout.ts Outdated Show resolved Hide resolved
web/packages/teleterm/src/ui/DocumentAccessRequests/NewRequest/useNewRequest.ts Outdated Show resolved Hide resolved
web/packages/teleterm/src/ui/services/workspacesService/accessRequestsService.ts Show resolved Hide resolved
web/packages/teleterm/src/ui/services/workspacesService/accessRequestsService.ts Show resolved Hide resolved
web/packages/teleterm/src/ui/DocumentAccessRequests/NewRequest/useNewRequest.ts Outdated Show resolved Hide resolved
@ravicious ravicious self-requested a review May 21, 2024 13:51
ravicious
ravicious approved these changes May 22, 2024
View reviewed changes
Copy link
Member

@ravicious ravicious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

.../teleterm/src/ui/ModalsHost/modals/ChangeAccessRequestKind/ChangeAccessRequestKind.story.tsx Outdated Show resolved Hide resolved
...ckages/teleterm/src/ui/ModalsHost/modals/ChangeAccessRequestKind/ChangeAccessRequestKind.tsx Outdated Show resolved Hide resolved
web/packages/teleterm/src/ui/DocumentAccessRequests/NewRequest/useNewRequest.ts Outdated Show resolved Hide resolved
web/packages/teleterm/src/ui/TopBar/AdditionalActions.tsx Outdated Show resolved Hide resolved
web/packages/teleterm/src/ui/services/workspacesService/accessRequestsService.ts Show resolved Hide resolved
@gzdunek gzdunek added this pull request to the merge queue May 24, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks May 24, 2024
@gzdunek gzdunek enabled auto-merge May 24, 2024 07:03
@gzdunek gzdunek added this pull request to the merge queue May 24, 2024
Merged via the queue into master with commit bf38e0b May 24, 2024
37 checks passed
@gzdunek gzdunek deleted the gzdunek/relax-access-requests-limitations branch May 24, 2024 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ravicious ravicious ravicious approved these changes

@avatus avatus avatus approved these changes

Assignees
No one assigned
Labels
no-changelog Indicates that a PR does not require a changelog entry size/md teleport-connect Issues related to Teleport Connect. ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@gzdunek @ravicious @avatus