Skip to content

Allow access to health endpoint as per defined roles #2632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 66 commits into from
Apr 4, 2025
Merged

Allow access to health endpoint as per defined roles #2632

merged 66 commits into from
Apr 4, 2025

Conversation

sezal98
Copy link
Contributor

@sezal98 sezal98 commented Mar 24, 2025
edited
Loading

Why make this change?

Closes #2531

What is this change?

This PR involves creating another parameter in the runtime config which defines the allowed roles for the health endpoint.

  • It created src/Config/Converters/RuntimeHealthOptionsConvertorFactory.cs which takes care of serialization and deserialization of runtime config custom way.
  • The incoming role and token are taken up to firct check if the role in the header is matching with the allowed roles in the runtime config.
  • Further this role and token are passed to execute the REST and GraphQL queries for DAB.

Scenarios

  1. Allowed Roles are not configured.
  • Mode is Development - we allow all requests
  • Mode is Production - we dont allow any requests. We show 403
  1. Allowed Roles are configured
  • Mode is Development or Production - we performt the role check in allowed roles.

How was this tested?

  • Integration Tests
  • Unit Tests

Sample Request(s)

Roles: ["authenticated"]
Mode: Development or Production
image
image

Roles: Not Configured
Mode: Development
image

Mode: Production
image

Roles: ["admin"]
Mode: Development or Production
image

sezalchug and others added 30 commits February 26, 2025 20:55
Modify Config Files according to health check endpoint
ee1561d
formatting
7a1734d
@sezal98
modify the if condition for comprehensive check
49daea3
Initial commit
95e4777
resolving comments
374ce72
Merge branch 'dev/sezalchug/healthConfigFiles' of https://github.com/…
e2b23c4 
…Azure/data-api-builder into dev/sezalchug/healthConfigFiles
formatting
ab2258b
Merge branch 'dev/sezalchug/healthConfigFiles' into dev/sezalchug/hea…
6125132 
…lthCheckExecution
merging into config changes
c7f0823
UTs
9b6de0b
nit changes and UTs and default value
e95d6ae
formatting
e8cd0b5
response file sample
74042e1
based on discussions in the meeting
e1d51aa
nits
8207dc5
snapshots
b7e7218
Merge branch 'main' of https://github.com/Azure/data-api-builder into…
521221f 
… dev/sezalchug/healthCheckExecution
remove value
b574648
format
cb95c11
build
9ae3150
tests
b7fbb77
nit comments
daa4742
revert add entity snapshots
80ab25c
module initializer
c5eb328
update entity tests revert
bc2adb8
end to end tests
5fc5cc6
serialization and deserialization changes
433010d
nits
4cb4fb0
Role changes in Health endpoint
2c20d1a
formatting
ed07ac0
Aniruddh25
Aniruddh25 reviewed Apr 2, 2025
View reviewed changes
Aniruddh25
Aniruddh25 reviewed Apr 2, 2025
View reviewed changes
Aniruddh25
Aniruddh25 requested changes Apr 2, 2025
View reviewed changes
Copy link
Collaborator

@Aniruddh25 Aniruddh25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need more tests/assertion on the Rest Query/GraphQL query execution.

@Aniruddh25
Copy link
Collaborator

nit: please provide a better title to the PR that explains what this PR is doing.

@sezal98 sezal98 requested a review from Aniruddh25 April 3, 2025 20:11
Aniruddh25
Aniruddh25 reviewed Apr 3, 2025
View reviewed changes
Aniruddh25
Aniruddh25 reviewed Apr 4, 2025
View reviewed changes
RubenCerna2079
RubenCerna2079 previously approved these changes Apr 4, 2025
View reviewed changes
Copy link
Contributor

@RubenCerna2079 RubenCerna2079 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Aniruddh25 Aniruddh25 changed the title Roles Health Check Allow access to health endpoint as per defined roles Apr 4, 2025
@Aniruddh25
Copy link
Collaborator

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 6 pipeline(s).

@RubenCerna2079
Copy link
Contributor

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 6 pipeline(s).

Aniruddh25
Aniruddh25 approved these changes Apr 4, 2025
View reviewed changes
Copy link
Collaborator

@Aniruddh25 Aniruddh25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks for addressing all the concerns specially about the role headers!

@RubenCerna2079
Copy link
Contributor

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 6 pipeline(s).

@RubenCerna2079 RubenCerna2079 merged commit ebbe989 into main Apr 4, 2025
11 checks passed
@RubenCerna2079 RubenCerna2079 deleted the dev/sezalchug/rolesHealthCheck branch April 4, 2025 22:09
@sezal98 sezal98 self-assigned this May 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aniruddh25 Aniruddh25 Aniruddh25 approved these changes

@RubenCerna2079 RubenCerna2079 RubenCerna2079 approved these changes

@aaronburtle aaronburtle Awaiting requested review from aaronburtle aaronburtle is a code owner

@ravishetye ravishetye Awaiting requested review from ravishetye

@rohkhann rohkhann Awaiting requested review from rohkhann

@neeraj-sharma2592 neeraj-sharma2592 Awaiting requested review from neeraj-sharma2592 neeraj-sharma2592 is a code owner

@sourabh1007 sourabh1007 Awaiting requested review from sourabh1007 sourabh1007 is a code owner

Assignees

@sezal98 sezal98

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[HealthEndpoint] Roles Support

3 participants

@sezal98 @Aniruddh25 @RubenCerna2079