Skip to content

feat: Feat/service accounts#91

Merged
St4NNi merged 13 commits intodevfrom
feat/service_accounts
Jul 3, 2023
Merged

feat: Feat/service accounts#91
St4NNi merged 13 commits intodevfrom
feat/service_accounts

Conversation

@St4NNi
Copy link
Copy Markdown
Member

@St4NNi St4NNi commented Jun 30, 2023
edited
Loading

This PR builds on top of PR #90 . It adds the long awaited ServiceAccount feature.

Service accounts are similar to regular users but have some restrictions:

  • Service accounts are always bound to exactly one project and cannot be added to other projects
  • SAs are managed via a separate API that has a similar interface as the user equivalent but can be called as Project::ADMIN
  • Service accounts can do the same things as regular users with the exception user management requests, these are (for now) "real" user only.

This PR implements all necessary API and DB requests that make it possible to create, update and manage service accounts by Project Admins. The API should be treated as BETA for now.

The PR also adds some optimizations in the ApiToken <-> gRPC Token handling by introducing a TryFrom implementation, this allows us to remove some token conversion boilerplate from crud/user.rs

Fixes: #38

St4NNi added 12 commits June 30, 2023 12:33
@St4NNi St4NNi requested a review from das-Abroxas June 30, 2023 15:56
@St4NNi St4NNi changed the title [feat] Feat/service accounts feat: Feat/service accounts Jun 30, 2023
@codecov
Copy link
Copy Markdown

codecov Bot commented Jul 3, 2023

Codecov Report

Patch coverage: 12.50% and project coverage change: -2.02 ⚠️

Comparison is base (dd56ae6) 54.19% compared to head (077edbe) 52.18%.

Additional details and impacted files 
@@            Coverage Diff             @@
##              dev      #91      +/-   ##
==========================================
- Coverage   54.19%   52.18%   -2.02%     
==========================================
  Files          48       49       +1     
  Lines       10566    10950     +384     
==========================================
- Hits         5726     5714      -12     
- Misses       4840     5236     +396
Impacted Files Coverage Δ
src/database/crud/object.rs 55.74% <ø> (ø)
src/database/crud/service_accounts.rs 0.00% <0.00%> (ø)
src/error.rs 24.53% <0.00%> (ø)
src/server/services/internal_proxy_notifier.rs 0.00% <ø> (ø)
src/server/services/object.rs 44.16% <ø> (ø)
src/server/services/service_account.rs 0.00% <0.00%> (ø)
src/server/services/user.rs 36.47% <ø> (ø)
src/server/services/authz.rs 54.30% <8.33%> (-1.38%) ⬇️
src/database/crud/authz.rs 76.21% <17.85%> (-11.01%) ⬇️
src/server/services/internal_authorize.rs 27.08% <33.33%> (ø)
... and 5 more

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

das-Abroxas
das-Abroxas approved these changes Jul 3, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@das-Abroxas das-Abroxas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For me, it seems that the most important things have been taken into account, that service accounts cannot be abused. However, there is now a possibility for users that services can work with the AOS independently of personal accounts ✔️

@St4NNi St4NNi merged commit 6f7a873 into dev Jul 3, 2023
@St4NNi St4NNi deleted the feat/service_accounts branch July 3, 2023 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@das-Abroxas das-Abroxas das-Abroxas approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@St4NNi @das-Abroxas