-
-
Notifications
You must be signed in to change notification settings - Fork 739
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implementation of RBAC for KeyValuePair #5354
Implementation of RBAC for KeyValuePair #5354
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where are the unit tests?
Clean up and simplify the put method of the key value pair API. Remove logic from the code that is redundant or no longer applies.
Clean up and simplify the delete method of the key value pair API. Remove logic from the code that is redundant or no longer applies.
2f410a6
to
77632eb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Refactor get_all_system_kvp_names_for_user to ensure there's no leakage of non key value pair resource type or resource uid of user scoped key value pair.
Refactor RBAC unit tests for the key value API to ensure get_all is working properly for different scopes and for admin/non-admin users.
Moving this feature to v3.7.0 to give more time for folks to soak this in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocking this temporary until post v3.6.0 release.
@ashwini-orchestral The PR needs a Changelog. Please add one. @m4dcoder Additionally, do we need documentation changes for this new feature as well? |
@armab Corresponding PR for docs at StackStorm/st2docs#1092 |
Implemented RBAC functionality and unit tests for key-value pairs for existing and new permission types. Previously, RBAC feature for key value pairs are not yet implemented.
RBAC is enabled in the st2.conf file. Access to a key value pair is checked in the KeyValuePair API controller.
This change requires RBAC backend support @ PR StackStorm/st2-rbac-backend#55.