Fix authz tests locally #3155
Merged
Fix authz tests locally #3155
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Tyler Cloke <tylercloke@gmail.com>
tylercloke
changed the title
bcmdarroch
approved these changes
Mar 19, 2020
susanev
added a commit
that referenced
this pull request
Mar 26, 2020
* Remove IAM V1 conditionals from the UI and Cypress (#2753) * UI unit test cleanup post-merge of master Signed-off-by: michael sorens <msorens@chef.io> * UI unit test cleanup post-merge of master Signed-off-by: michael sorens <msorens@chef.io> * [Automate-1890] gateway v1 scrub (#2796) * [automate-2857] Update user service to teams v2 client (#2860) * Add method for proto parity Adding PurgeUserMembership to allow replacing the v1 team client with a v2 version. Signed-off-by: michael sorens <msorens@chef.io> * Switch v1 team client to v2 team client Signed-off-by: michael sorens <msorens@chef.io> * Implement necessary method for the revised interface Signed-off-by: michael sorens <msorens@chef.io> * Update bldr.toml Removed dependency required rerunning `generate_bldr_config` Signed-off-by: michael sorens <msorens@chef.io> * Correct admins team name per feedback Signed-off-by: michael sorens <msorens@chef.io> * [automate-2720] IAM force upgrade migrations 🎉 (#2793) * Added general structure and TODOs for how to migrate up to the point of force upgrade Copied over code from migrator.go because we can't use the generic version anymore. Migrating up to the last SQL schema migration before we want to force upgrade. Started porting MigrateToV2 GRPC function over to the migration code. Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Remove ApplyV2DataMigrations db function and finish applying any data_migrations as part of the post-force-upgrade process Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Ported creation of default roles for v1 force upgrade Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Port defaultPolicies Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Port CreatePolicy Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Port code we might need for legacy migration Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * WIP Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Everything is compiling Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Added force_upgrade_status to only run force upgrade once Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Remove UpgradeToV2 from cli/gateway Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Remove auto-upgrade from studio Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Record migration status for versioning Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Rename constant Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Remove unused migration Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Use migration status to control migration logic Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Do TODOs Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Remove migration-related server code Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Updated our use of migration_status and cleaned up file layout Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Fixed variable name Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * It working Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Initial porting work for tests Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Working on db tests Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * It's passsssing Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Legacy Policy test Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Does not migrate legacy pols w/o subjs Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Legacy policies Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Migrates only valid v1 policies Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Simply log unmigrated policies These were already invalid in v1. No big deal if they aren't migrated. Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Add comment Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Renames/cleanup Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Remove ResetToV1 from gateway Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Updates bldr.toml Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Compilation errors from server change Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * remove resettov1 Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Fix :allthethings: Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Linting Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Trying to get CI happy Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Remove upgrade-to-v2 cmd Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Remove upgrade-to-v2 Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * No longer have PreconditionFailed to tell v1 requests the gateway is in v2 mode. Just always use v2. Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Hopefully tests pass now Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Bldr config Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Add deny for infra:ingest:* to default policy migration Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Delete extra comment Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * add clarity to func Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Only migrate v1 policies on upgrade Signed-off-by: Blake Johnson <bstier@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Review comments Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Update components/authz-service/storage/postgres/postgres.go Co-Authored-By: M Sorens <msorens@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Update components/authz-service/storage/postgres/migration/migration.go Co-Authored-By: M Sorens <msorens@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Update components/authz-service/storage/postgres/migration/migration.go Co-Authored-By: M Sorens <msorens@chef.io> Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Last review comments Signed-off-by: Tyler Cloke <tylercloke@gmail.com> Co-authored-by: Tyler Cloke <tylercloke@gmail.com> Co-authored-by: M Sorens <msorens@chef.io> * [automate-2930] Fix NATS gateway test errors related to v2 force upgrade (#2933) * Add some logging around forced migration (#2938) * [automate-2861] Update authn service to teams v2 client (#2875) * [automate-2876] Update automate-deployment to teams v2 client (#2877) * Change IAM docs to focus on IAM v2 (#2715) * combine iamv1 pages into 1 Signed-off-by: susanev <susan.ra.evans@gmail.com> * change users, teams, api tokens to iam v2 Signed-off-by: susanev <susan.ra.evans@gmail.com> * added pages for policies, projects, roles Signed-off-by: susanev <susan.ra.evans@gmail.com> * Copyedits and edits for clarity Signed-off-by: Mary Jinglewski <mjinglewski@chef.io> Co-authored-by: mjingle <mjinglewski@chef.io> Co-authored-by: susanev <susan.ra.evans@gmail.com> * Auth 2926/teams v2 migrations (#2934) * Move operator team rename into schema migs Signed-off-by: Blake Johnson <bstier@chef.io> * Integrate cli migration into schema migration Signed-off-by: Blake Johnson <bstier@chef.io> * Remove datamigrations Signed-off-by: Blake Johnson <bstier@chef.io> * Rename migration Signed-off-by: Blake Johnson <bstier@chef.io> * Remove refs to datamigration Signed-off-by: Blake Johnson <bstier@chef.io> * Remove refs to upgrade/reset iam * Cleanup after merge-from-master * Regenerate from protos after merge-from-master compile_go_protobuf_component automate-gateway && compile_go_protobuf_component api Signed-off-by: michael sorens <msorens@chef.io> * Auth 2867/remove v1 tokens gateway apis (#2970) * remove tokens (v1) proto Signed-off-by: Blake Johnson <bstier@chef.io> * Remove v1 tokens client Signed-off-by: Blake Johnson <bstier@chef.io> * Modify UI to only use tokens v2 path Signed-off-by: Blake Johnson <bstier@chef.io> * Update docs Signed-off-by: Blake Johnson <bstier@chef.io> * Bright more files up to v2 for tokens Signed-off-by: Blake Johnson <bstier@chef.io> * Update dev helper Signed-off-by: Blake Johnson <bstier@chef.io> * Update docs Signed-off-by: Blake Johnson <bstier@chef.io> * Remove v1 handler Signed-off-by: Blake Johnson <bstier@chef.io> * Update bldr config Signed-off-by: Blake Johnson <bstier@chef.io> * Remove v1 mock Signed-off-by: Blake Johnson <bstier@chef.io> * remove v2 allusions Signed-off-by: Blake Johnson <bstier@chef.io> * Revert docs change Signed-off-by: Blake Johnson <bstier@chef.io> * [AUTOMATE-2866] Remove v1 users APIs from gateway (#2922) Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Fix force-upgrade merge conflicts (#2981) * Regenerate from protos after merge hab studio: compile_all_protobuf_components components/automate-chef-io: make sync_swagger_files Signed-off-by: michael sorens <msorens@chef.io> * [automate-2868] Remove v1 policies (#2988) * [Automate-2950] Port introspection from v1 to v2 (#3032) * Relocate introspection protos to v2 Signed-off-by: michael sorens <msorens@chef.io> * Rewire proto files together Signed-off-by: michael sorens <msorens@chef.io> * Change exposed endpoints to v2 Signed-off-by: michael sorens <msorens@chef.io> * Regenerate from protos Signed-off-by: michael sorens <msorens@chef.io> * Relocate introspection endpoints to v2 Signed-off-by: michael sorens <msorens@chef.io> * Rewire go files together Signed-off-by: michael sorens <msorens@chef.io> * Change UI calls to v2 Signed-off-by: michael sorens <msorens@chef.io> * Convert v1 integration test to v2 Signed-off-by: michael sorens <msorens@chef.io> * Resolve path changes in cli component Starting with ` rebuild components/automate-cli/`, the error was: build github.com/chef/automate/components/automate-gateway/api/authz: cannot load github.com/chef/automate/components/automate-gateway/api/authz: no Go source files Traced that back to the same failure with just `make build` in the automate-cli directory, then to the same failure with just this: go build github.com/chef/automate/components/automate-cli/cmd/chef-automate Searching for api/authz in the cli directory led me to the files in this commit. Signed-off-by: michael sorens <msorens@chef.io> * Regenerate bldr.toml The "repo health" task in buildkite failed saying: ``` The bldr config appears to be out of date! To fix this, run: hab studio run "source .studiorc && generate_bldr_config" ``` Ran the fix: # install_if_missing core/go go # generate_bldr_config Signed-off-by: michael sorens <msorens@chef.io> * Delete v1 auth URL in UI Signed-off-by: michael sorens <msorens@chef.io> * Replace auth_v2_url with iam_url in UI Signed-off-by: michael sorens <msorens@chef.io> * Apply assorted review feedback Signed-off-by: michael sorens <msorens@chef.io> * remove v1 team APIs from gateway & update dependent integration tests (#2952) * gateway: delete v1 team protos * gateway: drop v1 team stuff wherever it's imported * cli: use v2 teams client everywhere Signed-off-by: Brenna Hewer-Darroch <brenna@chef.io> * [automate-2914] force-upgrade integration scenario: v1 -> v2 with migrated legacy policies (#2935) * v1 to force-upgrade v2 integration test reorganized all the IAM inspec tests Signed-off-by: Brenna Hewer-Darroch <brenna@chef.io> Co-authored-by: Blake Johnson <bstier@chef.io> Co-authored-by: M Sorens <msorens@chef.io> * [Automate-2987] legacy ingest policy fix (#3044) * migration: any "{infra:ingest:*}" action is now "{ingest:*}" * update force-upgrade delete the "deny users infra:ingest" statement in infra legacy policy swap "infra:ingest:*" for "ingest:*" in ingest legacy policy * legacy policy migration testing Co-authored-by: Blake Johnson <bstier@chef.io> Co-authored-by: Brenna Hewer-Darroch <brenna@chef.io> * Resync bldr.toml generate_bldr_config Signed-off-by: michael sorens <msorens@chef.io> * [automate-2916] v2 with no legacy policies -> force-upgrade to latest v2 integration test (#3009) * add v2 with no legacy force-upgrade to v2 we want to make sure that customers currently using v2 without v1 legacy policies are not disrupted by the force-upgrade. v1 legacy policies should not reappear. Signed-off-by: Brenna Hewer-Darroch <brenna@chef.io> * [automate-2917] v2 with legacy policies -> force-upgrade to latest v2 integration test (#3008) * add force-upgrade v2 from v2 with legacy integration test we want to ensure that customers currently using IAM v2 are not disrupted by the force-upgrade Signed-off-by: Brenna Hewer-Darroch <brenna@chef.io> * Vanished teams on force-upgrade (#3102) * Robust Deprecation of IAM v1 (#3104) * Robust Deprecation of v1 Signed-off-by: kagarmoe <kgarmoe@chef.io> * Deprecation on nav * Deprecation on nav Signed-off-by: kagarmoe <kgarmoe@chef.io> * Incorporates feedback Signed-off-by: kagarmoe <kgarmoe@chef.io> * Use feature branch iam-v2-overview.md Signed-off-by: kagarmoe <kgarmoe@chef.io> * Improve verb tense in IAM v2 Overview doc (#3033) * Improve verb tense in IAM v2 Overview doc Signed-off-by: Mary Jinglewski <mjinglewski@chef.io> * Edit progress so far Signed-off-by: Mary Jinglewski <mjinglewski@chef.io> * Incorporate Feedback Signed-off-by: Mary Jinglewski <mjinglewski@chef.io> * Active tense polishing Signed-off-by: Mary Jinglewski <mjinglewski@chef.io> * removes iam v2 from body Signed-off-by: kagarmoe <kgarmoe@chef.io> * Fix spaces Signed-off-by: kagarmoe <kgarmoe@chef.io> Co-authored-by: kagarmoe <kgarmoe@chef.io> * Revert "Improve verb tense in IAM v2 Overview doc (#3033)" (#3134) This reverts commit 746d6ea. * [automate-3065] Remove v1 authz storage (#3111) * fixes bad link Signed-off-by: kagarmoe <kgarmoe@chef.io> * Fix iam db migration tests to work locally (#3155) Signed-off-by: Tyler Cloke <tylercloke@gmail.com> * Revert "Revert "Improve verb tense in IAM v2 Overview doc (#303… (#3145) * Merge fix Signed-off-by: michael sorens <msorens@chef.io> * [automate-3066] Delete authz v1 server code (#3146) * [automate-1886] farewell chef-automate admin-token (#3188) * chef-automate admin-token is no more Co-authored-by: Brenna Hewer-Darroch <brenna@chef.io> Co-authored-by: Mary Jinglewski <mjinglewski@chef.io> * [automate-2710] Remove system:* perms, modify infra:* perms (#3148) * Update roles to have infra:nodes/nodeManagers over infra:* Signed-off-by: Blake Johnson <bstier@chef.io> * Update roles to not have system access Signed-off-by: Blake Johnson <bstier@chef.io> * Update docs with system change Signed-off-by: Blake Johnson <bstier@chef.io> * update sql readme Signed-off-by: Blake Johnson <bstier@chef.io> * Refactor query to work w/o policy Signed-off-by: Blake Johnson <bstier@chef.io> * Add telemetry perms into default system policies Signed-off-by: Blake Johnson <bstier@chef.io> * Update tests Signed-off-by: Blake Johnson <bstier@chef.io> * Remove non-existent action for telemetry Signed-off-by: Blake Johnson <bstier@chef.io> * remove (in tests) permission to request license to roles Signed-off-by: Blake Johnson <bstier@chef.io> * Modify integration script Signed-off-by: Blake Johnson <bstier@chef.io> * Add comments Signed-off-by: Blake Johnson <bstier@chef.io> * Adds applications to roles Signed-off-by: Blake Johnson <bstier@chef.io> * [Automate-2950] port introspection, wave two (#3050) * Update proto generation for v2-only Signed-off-by: michael sorens <msorens@chef.io> * Remove v2 distinction in the generated code Signed-off-by: michael sorens <msorens@chef.io> * Remove v1 protoc generation Signed-off-by: michael sorens <msorens@chef.io> * Remove v2 from the generated pb file name Signed-off-by: michael sorens <msorens@chef.io> * Correct path * Manual cleanup to get things building Not sure why these were not covered by the regeneration but was getting this error until I found and removed these: $ make build build github.com/chef/automate/components/automate-gateway/cmd/automate-gateway: cannot load github.com/chef/automate/components/automate-gateway/authz/policy_v2: open /Users/msorens/code/go/src/github.com/chef/automate/components/automate-gateway/authz/policy_v2: no such file or directory Signed-off-by: michael sorens <msorens@chef.io> * Regenerate bldr.toml Signed-off-by: michael sorens <msorens@chef.io> * Relocate pairs and policy under iam dir Signed-off-by: michael sorens <msorens@chef.io> * Minor cleanup Signed-off-by: michael sorens <msorens@chef.io> * Apply review feedback Signed-off-by: michael sorens <msorens@chef.io> * Regenerate v2-only pb files compile_all_protobuf_components Signed-off-by: michael sorens <msorens@chef.io> * Regenerate docs from protos make sync_swagger_files Signed-off-by: michael sorens <msorens@chef.io> * Empty commit to add missing DCO. Signed-off-by: michael sorens <msorens@chef.io> Co-authored-by: michael sorens <msorens@users.noreply.github.com> Co-authored-by: Brenna Hewer-Darroch <brenna@chef.io> Co-authored-by: M Sorens <msorens@chef.io> Co-authored-by: Blake Johnson <bstier@chef.io> Co-authored-by: susan evans <susan.ra.evans@gmail.com> Co-authored-by: mjingle <mjinglewski@chef.io> Co-authored-by: Kimberly Garmoe <kgarmoe@chef.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔩 Description: What code changed, and why?
Adds the fixes applied to master in this branch to the new iam force-upgrade tests
#3047
⛓️ Related Resources
👍 Definition of Done
👟 How to Build and Test the Change
✅ Checklist
📷 Screenshots, if applicable