Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Space Application Supporter can access specific app GET endpoints #2209

Closed
6 tasks done
MerricdeLauney opened this issue Apr 20, 2021 · 5 comments · Fixed by #2282
Closed
6 tasks done

Space Application Supporter can access specific app GET endpoints #2209

MerricdeLauney opened this issue Apr 20, 2021 · 5 comments · Fixed by #2282
Labels
space-application-supporter https://github.com/cloudfoundry/cfar-proposals/issues/22
Projects
Space Supporter
Milestone
space-application...

Comments

@MerricdeLauney
Copy link
Member

MerricdeLauney commented Apr 20, 2021
edited by monamohebbi

Issue

Allow space application supporter to access specific app endpoints.

Context

We are introducing a new role and we want to make sure it has the right access.

Expected result

A space application support should be able access the following endpoints:

  • GET /v3/apps/:guid
  • GET /v3/apps
  • GET /v3/apps/:guid/builds
  • GET /v3/apps/:guid/droplets/current
  • GET /v3/apps/:guid/relationships/current_droplet
  • GET /v3/apps/:guid/permissions

Acceptance

A space application supporter would see the same info as a space developer assigned to the same space for these and only these endpoints.

Documentation

When I browse to any of these endpoints on v3 docs I can see the Space Application Supporter role in the list of permitted roles with an indication that this role is not fully implemented and the permissions will be changing.
@MerricdeLauney MerricdeLauney added the space-application-supporter https://github.com/cloudfoundry/cfar-proposals/issues/22 label Apr 20, 2021
@MerricdeLauney MerricdeLauney added this to To do in Space Supporter via automation Apr 20, 2021
@MerricdeLauney MerricdeLauney self-assigned this Apr 20, 2021
@MerricdeLauney MerricdeLauney moved this from To do to In progress in Space Supporter Apr 20, 2021
@ctlong ctlong moved this from In progress to To do in Space Supporter Apr 21, 2021
@ctlong ctlong moved this from To do to In progress in Space Supporter Apr 21, 2021
@ctlong ctlong moved this from In progress to To do in Space Supporter Apr 21, 2021
@monamohebbi monamohebbi moved this from To do to In progress in Space Supporter Apr 21, 2021
belinda-liu added a commit that referenced this issue May 10, 2021
@belinda-liu @mkocher
Implements space_application_supporter role for viewing app droplets
0dcb9ab 
`GET /v3/apps/:guid/droplets/current`
`GET /v3/apps/:guid/relationships/current_droplet`

Github issue: #2209

Co-authored-by: Belinda Liu <bliu@pivotal.io>
Co-authored-by: Matthew Kocher <mkocher@pivotal.io>
@monamohebbi
Copy link
Contributor

For GET /v3/apps/:guid/permissions we are responding with the basic response:

{
  "read_basic_data": true,
  "read_sensitive_data": false
}

@monamohebbi
Copy link
Contributor

monamohebbi commented May 11, 2021
edited

Running into some questions around the env endpoints:

GET /v3/apps/:guid/env is apparently protected behind this endpoint, so we would have to create a new feature flag in addition to unblocking the running_env_json, staging_env_json, and environment_variables fields. Given the information in these fields can be discovered through different endpoints, is it worth introducing a new flag and creating a bulkier API?

cc @piyalibanerjee

EDIT: env vars will be moved to a separate issue and only partially unblocked

weymanf pushed a commit that referenced this issue May 12, 2021
@belinda-liu @mkocher @weymanf
Implements space_application_supporter role for viewing app droplets
2fb647f 
`GET /v3/apps/:guid/droplets/current`
`GET /v3/apps/:guid/relationships/current_droplet`

Github issue: #2209

Co-authored-by: Belinda Liu <bliu@pivotal.io>
Co-authored-by: Matthew Kocher <mkocher@pivotal.io>
@monamohebbi monamohebbi changed the title Space Application Supporter can access specific app endpoints Space Application Supporter can access specific app GET endpoints May 18, 2021
@monamohebbi monamohebbi mentioned this issue May 18, 2021
Merged
5 tasks
@monamohebbi monamohebbi linked a pull request May 18, 2021 that will close this issue
Space application supporter apps permissions #2282
Merged
5 tasks
@monamohebbi monamohebbi moved this from In progress to Acceptance in Space Supporter May 18, 2021
Space Supporter automation moved this from Acceptance to Done May 19, 2021
@MerricdeLauney
Copy link
Member Author

@ctlong and I aren't finding the requested documentation changes despite this issue being closed. Was this missed in the PR?

@MerricdeLauney MerricdeLauney reopened this Jun 2, 2021
Space Supporter automation moved this from Done to Acceptance Jun 2, 2021
sweinstein22 added a commit that referenced this issue Jun 2, 2021
@sweinstein22
Add docs for Space Application Supporter access to app GET endpoints
8afc9c9 
#2209

Authored-by: Sarah Weinstein <sweinstein@pivotal.io>
@sweinstein22
Copy link
Contributor

Good catch, thanks @MerricdeLauney ! Looks like we did miss it, as it's just docs changes I've added them in this commit. and confirmed that the changes load correctly when running the docs locally. We'll do a second round of acceptance just on the docs once the changes get through the pipeline before closing out the issue again.

@sweinstein22
Copy link
Contributor

The commit made it through the pipeline and I've double checked that the role is indicated on the endpoints included in this issue

Space Supporter automation moved this from Acceptance to Done Jun 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
space-application-supporter https://github.com/cloudfoundry/cfar-proposals/issues/22
Projects
Space Supporter
  
Done
Milestone
space-application-supporter
Development

Successfully merging a pull request may close this issue.

Space application supporter apps permissions cloudfoundry/cloud_controller_ng
5 participants
@cf-gitbot @monamohebbi @ctlong @sweinstein22 @MerricdeLauney