Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor scopes for instance services #9155

Merged
merged 5 commits into from Nov 1, 2023
Merged

refactor scopes for instance services #9155

merged 5 commits into from Nov 1, 2023

Conversation

aditya-mitra
Copy link
Collaborator

@aditya-mitra aditya-mitra commented Oct 27, 2023
edited

Summary

馃 Generated by Copilot at c491093

This pull request adds scope-based authorization to various services related to instances, such as instance-active, instance-attendance, instance, instanceserver-load, and instanceserver-provision. It introduces the instance:read and instance:write scopes to control the access to the instance data and the server load and provisioning data. It also updates the queries and hooks to use the new scope types.

References

refs #9161

Explanation

馃 Generated by Copilot at c491093

  • Restrict access to instance-related services based on scopes (link, link, link, link, link, link, link, link, link, link)
  • Require instance:read scope for external requests to find method of instance-active, instance-attendance, and instance services (link, link, link)
  • Require instance:write scope for external requests to create, patch, and remove methods of instance-attendance service (link, link)
  • Require instance:write scope for external requests to create, update, patch, and remove methods of instance service (link)
  • Require instance:write scope for external requests to patch method of instanceserver-load and instanceserver-provision services (link, link)
  • Use iff and isProvider functions to conditionally apply scope verification hooks based on the provider of the request (link)
  • Change the query for adminScopes variable in addLocationSearchToQuery hook to match instance:read type instead of admin:admin type (link)
  • Remove unnecessary scope verification hooks from all hooks of instanceserver-load and instanceserver-provision services (link, link)

馃 Generated by Copilot at c491093

Sing, O Muse, of the mighty pull request
That changed the scopes of the instance service
And added security to many a hook
To guard the data of the cloud from harm.

QA Steps

List any additional steps required to QA the changes of this PR, as well as any supplemental images or videos.

Checklist

  • If this PR is still a WIP, convert to a draft
  • When this PR is ready, mark it as "Ready for review"
  • ensure all checks pass
  • Changes have been manually QA'd
  • Changes reviewed by at least 2 approved reviewers

@aditya-mitra aditya-mitra marked this pull request as ready for review October 30, 2023 06:33
@barankyle barankyle added this pull request to the merge queue Nov 1, 2023
Merged via the queue into dev with commit e3c6963 Nov 1, 2023
13 checks passed
@barankyle barankyle deleted the refactor/instance-scoping branch November 1, 2023 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@barankyle barankyle barankyle approved these changes

@hanzlamateen hanzlamateen Awaiting requested review from hanzlamateen

Assignees
No one assigned
Labels
verified-contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aditya-mitra @barankyle