Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow space application supporter to access specific process endpoints. #2211

Closed
MerricdeLauney opened this issue Apr 20, 2021 · 1 comment · Fixed by #2359
Closed

Allow space application supporter to access specific process endpoints. #2211

MerricdeLauney opened this issue Apr 20, 2021 · 1 comment · Fixed by #2359
Assignees
@MerricdeLauney
Labels
space-application-supporter https://github.com/cloudfoundry/cfar-proposals/issues/22
Projects
Space Supporter
Milestone
space-application...

Comments

@MerricdeLauney
Copy link
Member

MerricdeLauney commented Apr 20, 2021
edited by sweinstein22

Issue

Allow space application supporter to access specific process endpoints.

Context

We are introducing a new role and we want to make sure it has the right access.

Expected result

A space application support should be able access the following endpoints:

GET /v3/processes/:guid
GET /v3/processes/:guid/stats
GET /v3/apps/:guid/processes/:type
GET /v3/apps/:guid/processes/:type/stats
GET /v3/processes
GET /v3/apps/:guid/processes
PATCH /v3/processes/:guid
POST /v3/processes/:guid/actions/scale
POST /v3/apps/:guid/processes/:type/actions/scale
DELETE /v3/processes/:guid/instances/:index
DELETE /v3/apps/:guid/processes/:type/instances/:index

Acceptance

A space application supporter would see the same info as a space developer assigned to the same space for these and only these process endpoints.

Documentation

When I browse to any of these endpoints on v3 docs I can see the Space Application Supporter role in the list of permitted roles with an indication that this role is not fully implemented and the permissions will be changing.
@MerricdeLauney MerricdeLauney added the space-application-supporter https://github.com/cloudfoundry/cfar-proposals/issues/22 label Apr 20, 2021
@MerricdeLauney MerricdeLauney added this to To do in Space Supporter via automation Apr 20, 2021
@monamohebbi monamohebbi moved this from To do to In progress in Space Supporter Apr 21, 2021
@monamohebbi monamohebbi moved this from In progress to To do in Space Supporter Apr 21, 2021
@MerricdeLauney MerricdeLauney moved this from To do to In progress in Space Supporter Jun 7, 2021
@MerricdeLauney MerricdeLauney self-assigned this Jun 7, 2021
@belinda-liu
Copy link
Contributor

There's an existing pattern to redact the start command in process endpoint responses when the user is an auditor. For example, querying a process as a space auditor yields:

{                                                                                                                                                                                                                                                                            "guid": "01c2ec0c-dbbe-486c-8472-24668fe9397e",
         "created_at": "2021-06-08T00:02:57Z",                                                                                                                                                                                                                                      "updated_at": "2021-06-08T00:02:57Z",
         "type": "web",
         "command": "[PRIVATE DATA HIDDEN]",
         "instances": 2,
         "memory_in_mb": 1024,
         "disk_in_mb": 1024,
...
}

Should a space application support be able to see the start command, or should the response for that role also redact this information?

cc: @monamohebbi @MerricdeLauney

weymanf added a commit that referenced this issue Jun 10, 2021
@weymanf @MerricdeLauney
space application supporter can access specific "process" GET endpoints.
56c7e7f 
- add some information about redacted info in the docs

#2211

Co-authored-by: Weyman Fung <weymanf@vmware.com>
Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
monamohebbi pushed a commit that referenced this issue Jun 10, 2021
@weymanf @MerricdeLauney
space application supporter can access specific "process" GET endpoints.
c6fbc58 
- add some information about redacted info in the docs

#2211

Co-authored-by: Weyman Fung <weymanf@vmware.com>
Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
@weymanf weymanf mentioned this issue Jun 10, 2021
Closed
5 tasks
monamohebbi pushed a commit that referenced this issue Jun 11, 2021
@weymanf @MerricdeLauney
space application supporter can access specific "process" GET endpoints.
9711c69 
- add some information about redacted info in the docs

#2211

Co-authored-by: Weyman Fung <weymanf@vmware.com>
Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
@sweinstein22 sweinstein22 linked a pull request Jun 11, 2021 that will close this issue
space application supporter can access specific "process" GET endpoints. #2331
Closed
5 tasks
belinda-liu added a commit that referenced this issue Jun 23, 2021
@galenhammond @belinda-liu
Space supporter can update processes
b949a99 
`PATCH /v3/processes/:guid`

[#178438207](https://www.pivotaltracker.com/story/show/178438207)
Github issue: #2211

Co-authored-by: Galen Hammond <galenh@vmware.com>
Co-authored-by: Belinda Liu <bliu@pivotal.io>
@belinda-liu belinda-liu mentioned this issue Jun 29, 2021
Merged
5 tasks
@sweinstein22 sweinstein22 linked a pull request Jun 29, 2021 that will close this issue
Space supporter process write permissions #2359
Merged
5 tasks
@sweinstein22 sweinstein22 removed a link to a pull request Jun 29, 2021
space application supporter can access specific "process" GET endpoints. #2331
Closed
5 tasks
Space Supporter automation moved this from In progress to Done Jul 1, 2021
sweinstein22 pushed a commit that referenced this issue Jul 1, 2021
@belinda-liu @weymanf
@MerricdeLauney @galenhammond @monamohebbi
Space supporter process write permissions (#2359)
301aeaf 
* space application supporter can access specific "process" GET endpoints.
- add some information about redacted info in the docs
* Space supporter can update processes

#2211

Co-authored-by: Weyman Fung <weymanf@vmware.com>
Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
Co-authored-by: Galen Hammond <galenh@vmware.com>
Co-authored-by: Belinda Liu <bliu@pivotal.io>
Co-authored-by: Mona Mohebbi <mmohebbi@pivotal.io>
will-gant pushed a commit to sap-contributions/cloud_controller_ng that referenced this issue Jul 12, 2021
@belinda-liu @weymanf
@MerricdeLauney @galenhammond @monamohebbi @will-gant
Space supporter process write permissions (cloudfoundry#2359)
01549a8 
* space application supporter can access specific "process" GET endpoints.
- add some information about redacted info in the docs
* Space supporter can update processes

cloudfoundry#2211

Co-authored-by: Weyman Fung <weymanf@vmware.com>
Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
Co-authored-by: Galen Hammond <galenh@vmware.com>
Co-authored-by: Belinda Liu <bliu@pivotal.io>
Co-authored-by: Mona Mohebbi <mmohebbi@pivotal.io>
bepotts pushed a commit that referenced this issue Jul 13, 2021
@belinda-liu @weymanf
@MerricdeLauney @galenhammond @monamohebbi @bepotts
Space supporter process write permissions (#2359)
12df254 
* space application supporter can access specific "process" GET endpoints.
- add some information about redacted info in the docs
* Space supporter can update processes

#2211

Co-authored-by: Weyman Fung <weymanf@vmware.com>
Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
Co-authored-by: Galen Hammond <galenh@vmware.com>
Co-authored-by: Belinda Liu <bliu@pivotal.io>
Co-authored-by: Mona Mohebbi <mmohebbi@pivotal.io>
bepotts pushed a commit that referenced this issue Jul 19, 2021
@belinda-liu @weymanf
@MerricdeLauney @galenhammond @monamohebbi @bepotts
Space supporter process write permissions (#2359)
e94cc5e 
* space application supporter can access specific "process" GET endpoints.
- add some information about redacted info in the docs
* Space supporter can update processes

#2211

Co-authored-by: Weyman Fung <weymanf@vmware.com>
Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
Co-authored-by: Galen Hammond <galenh@vmware.com>
Co-authored-by: Belinda Liu <bliu@pivotal.io>
Co-authored-by: Mona Mohebbi <mmohebbi@pivotal.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MerricdeLauney MerricdeLauney

Labels
space-application-supporter https://github.com/cloudfoundry/cfar-proposals/issues/22
Projects
Space Supporter
  
Done
Milestone
space-application-supporter
Development

Successfully merging a pull request may close this issue.

Space supporter process write permissions cloudfoundry/cloud_controller_ng
3 participants
@cf-gitbot @belinda-liu @MerricdeLauney