Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a system_auditor role who has read on everything. #2157

Closed
wants to merge 5 commits into from
Closed

Add a system_auditor role who has read on everything. #2157

wants to merge 5 commits into from

Conversation

jctanner
Copy link
Collaborator

@jctanner jctanner commented Jun 6, 2024
edited
Loading

https://issues.redhat.com/browse/AAP-24730

jtanner@p1:~/workspace/github/jctanner.redhat/galaxy_ng.system_auditor$ curl -L -u bob:redhat1234 http://localhost:55001/api/galaxy/_ui/v1/users/ | jq .                                                                                                                                                                      
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   117  100   117    0     0    338      0 --:--:-- --:--:-- --:--:--   339
{
  "errors": [
    {
      "status": "403",
      "code": "permission_denied",
      "title": "You do not have permission to perform this action."
    }
  ]
}
jtanner@p1:~/workspace/github/jctanner.redhat/galaxy_ng.system_auditor$ curl -L -u sa:redhat1234 http://localhost:55001/api/galaxy/_ui/v1/users/ | jq .                                                                                                                                                                      
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   780  100   780    0     0   2090      0 --:--:-- --:--:-- --:--:--  2091
{
  "meta": {
    "count": 3
  },
  "links": {
    "first": "/api/galaxy/_ui/v1/users/?limit=10&offset=0",
    "previous": null,
    "next": null,
    "last": "/api/galaxy/_ui/v1/users/?limit=10&offset=0"
  },
  "data": [
    {
      "id": 1,
      "username": "admin",
      "first_name": "",
      "last_name": "",
      "email": "admin@example.com",
      "groups": [],
      "date_joined": "2024-06-06T19:46:09.181235Z",
      "is_superuser": true,
      "auth_provider": [
        "django"
      ]
    },
    {
      "id": 2,
      "username": "sa",
      "first_name": "system",
      "last_name": "auditor",
      "email": "sa@localhost",
      "groups": [
        {
          "id": 1,
          "name": "sa-group"
        }
      ],
      "date_joined": "2024-06-06T19:59:29.183763Z",
      "is_superuser": false,
      "auth_provider": [
        "django"
      ]
    },
    {
      "id": 3,
      "username": "bob",
      "first_name": "bob",
      "last_name": "barker",
      "email": "bob@localhost",
      "groups": [],
      "date_joined": "2024-06-06T20:12:02.936366Z",
      "is_superuser": false,
      "auth_provider": [
        "django"
      ]
    }
  ]
}
jtanner@p1:~/workspace/github/jctanner.redhat/galaxy_ng.system_auditor$ curl -X POST -H 'Content-Type:application/json' -d '{"username": "foo"}' -u sa:redhat1234 http://localhost:55001/api/galaxy/_ui/v1/users/ | jq .                                                                                                      
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   136  100   117  100    19    341     55 --:--:-- --:--:-- --:--:--   396
{
  "errors": [
    {
      "status": "403",
      "code": "permission_denied",
      "title": "You do not have permission to perform this action."
    }
  ]
}

@jctanner
Add a system_auditor role who has read on everything.
6e4121a 
No-Issue

Signed-off-by: James Tanner <tanner.jc@gmail.com>
@github-actions github-actions bot added backport-4.2 This PR should be backported to stable-4.2 (1.2) backport-4.4 This PR should be backported to stable-4.4 (2.1) backport-4.5 This PR should be backported to stable-4.5 (2.2) backport-4.6 This PR should be backported to stable-4.6 (2.3) backport-4.7 This PR should be backported to stable-4.7 (2.4) backport-4.8 This PR should be backported to stable-4.8 (2.4) backport-4.9 This PR should be backported to stable-4.9 (2.4) labels Jun 6, 2024
@jctanner jctanner removed backport-4.2 This PR should be backported to stable-4.2 (1.2) backport-4.4 This PR should be backported to stable-4.4 (2.1) backport-4.5 This PR should be backported to stable-4.5 (2.2) backport-4.6 This PR should be backported to stable-4.6 (2.3) backport-4.7 This PR should be backported to stable-4.7 (2.4) backport-4.8 This PR should be backported to stable-4.8 (2.4) backport-4.9 This PR should be backported to stable-4.9 (2.4) labels Jun 6, 2024
@jctanner
Add the rollback function name.
8c45cd8 
No-Issue

Signed-off-by: James Tanner <tanner.jc@gmail.com>
@jctanner
Lint fixes.
5bacffe 
No-Issue

Signed-off-by: James Tanner <tanner.jc@gmail.com>
@jctanner
Fixup test comment.
8fc787b 
No-Issue

Signed-off-by: James Tanner <tanner.jc@gmail.com>
@jctanner
Rename to galaxy.auditor.
cfb5909 
No-Issue

Signed-off-by: James Tanner <tanner.jc@gmail.com>
@AlanCoding AlanCoding mentioned this pull request Jun 10, 2024
Draft
newswangerd
newswangerd requested changes Jun 10, 2024
View reviewed changes
Copy link
Member

@newswangerd newswangerd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of our default role definition need to go in this file: https://github.com/ansible/galaxy_ng/blob/master/galaxy_ng/app/access_control/statements/roles.py

Pulp has a post migration script that picks up that file and creates or updates the default roles with it.

@jctanner jctanner mentioned this pull request Jun 10, 2024
Closed
@jctanner
Copy link
Collaborator Author

replaced by #2162

@jctanner jctanner closed this Jun 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@newswangerd newswangerd newswangerd requested changes

@AlanCoding AlanCoding AlanCoding approved these changes

@bmclaughlin bmclaughlin bmclaughlin approved these changes

@chr-stian chr-stian chr-stian approved these changes

@cutwater cutwater Awaiting requested review from cutwater

@rochacbruno rochacbruno Awaiting requested review from rochacbruno

@jerabekjiri jerabekjiri Awaiting requested review from jerabekjiri

@MilanPospisil MilanPospisil Awaiting requested review from MilanPospisil

@drodowic drodowic Awaiting requested review from drodowic

Assignees
No one assigned
Labels
multi-commit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jctanner @AlanCoding @bmclaughlin @newswangerd @chr-stian