Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow space application supporter to access specific droplet endpoints #2334

Merged
merged 1 commit into from
Jun 16, 2021

Conversation

weymanf
Copy link
Contributor

@weymanf weymanf commented Jun 11, 2021

We added documentation to reflect fields being redacted, and deleted duplicate controller specs.

Closes out #2220

  • I have reviewed the contributing guide

  • I have viewed, signed, and submitted the Contributor License Agreement

  • I have made this pull request to the main branch

  • I have run all the unit tests using bundle exec rake

  • I have run CF Acceptance Tests

* Decided to have some fields in v3/droplets/:guid be redacted (in a
similar fashion to every role except admin roles and space developers)
* Updated documentation
* Refactored some of the droplets request specs to use it_behaves_like

[#2220]

Co-authored-by: Weyman Fung <weymanf@vmware.com>
Co-authored-by: Carson Long <lcarson@vmware.com>
@sweinstein22 sweinstein22 added the space-application-supporter https://github.com/cloudfoundry/cfar-proposals/issues/22 label Jun 14, 2021
@sweinstein22 sweinstein22 self-requested a review June 16, 2021 22:23
Copy link
Contributor

@sweinstein22 sweinstein22 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Acceptance

Confirmed user only has space app supporter and organization user roles:

$ cf curl /v3/roles?user_guids="0776980f-9ea5-499a-9a23-ecc09d0d5b39"
{
  "pagination": {
    ...
  },
  "resources": [
    {
      "guid": "7555955f-5baf-4700-93e1-3952ef664a1f",
      "type": "organization_user",
      "relationships": {
        "user": {
          "data": {
            "guid": "0776980f-9ea5-499a-9a23-ecc09d0d5b39"
          }
        },
       ...
    },
    {
      "guid": "e158488c-2b95-4806-a6f1-68df9dde8fdc",
      "type": "space_application_supporter",
      "relationships": {
        "user": {
          "data": {
            "guid": "0776980f-9ea5-499a-9a23-ecc09d0d5b39"
          }
        },
      ...
    }
  ]
}

Ran cf curl against /v3/droplets/:guid, /v3/droplets, /v3/packages/:guid/droplets, and /v3/apps/:guid/droplets as a space dev and a space application supporter. Manually confirmed that output looked correct, and piped output to a file to diff them. All output was equivalent except for getting a single droplet, which has expected differences as the space application supporter cannot see the execution_metadata or the process_types.

$ diff space-app-supporter-droplets space-dev-droplets

$ diff space-app-supporter-droplet-guid space-dev-droplet-guid
27c27
<   "execution_metadata": "[PRIVATE DATA HIDDEN]",
---
>   "execution_metadata": "",
29c29,30
<     "redacted_message": "[PRIVATE DATA HIDDEN]"
---
>     "web": "bundle exec rackup config.ru -p $PORT",
>     "worker": "bundle exec rackup config.ru"
$ diff space-app-supporter-app-droplets space-dev-app-droplets

$ diff space-app-supporter-package-droplets space-dev-package-droplets

Did a pass over the code, noted that permissions checks have been added to request spec for all four endpoints.

Docs

Confirmed that /v3/droplets documentation already indicates that it's available to All Roles. All the other changes look good and render correctly.

Looks good, thanks for the PR!

@sweinstein22 sweinstein22 merged commit 79e145e into main Jun 16, 2021
@tjvman tjvman deleted the space-application-supporter-droplets branch August 24, 2021 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
space-application-supporter https://github.com/cloudfoundry/cfar-proposals/issues/22
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow space application supporter to access specific droplet endpoints.
4 participants