-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow space application supporter to access specific sidecar endpoints #2343
Conversation
f5f9b88
to
5b6916f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Acceptance
Setup
Confirmed user only has space application supporter and organization user roles:
$ cf curl /v3/roles?user_guids="0776980f-9ea5-499a-9a23-ecc09d0d5b39"
{
"pagination": {
...
},
"resources": [
{
"guid": "7555955f-5baf-4700-93e1-3952ef664a1f",
"type": "organization_user",
"relationships": {
"user": {
"data": {
"guid": "0776980f-9ea5-499a-9a23-ecc09d0d5b39"
}
},
...
},
{
"guid": "e158488c-2b95-4806-a6f1-68df9dde8fdc",
"type": "space_application_supporter",
"relationships": {
"user": {
"data": {
"guid": "0776980f-9ea5-499a-9a23-ecc09d0d5b39"
}
},
...
}
]
}
Pushed an app from the set of sample apps with sidecars
Behavior Check
Ran cf curl
against /v3/sidecars/:guid
, /v3/processes/:process_guid/sidecars
, and /v3/apps/:app_guid/sidecars
as both a space application supporter and space developer, piped output to files and checked for a diff. Also manually confirmed that output looked correct.
$ diff space-app-supporter-sidecar-guid space-dev-sidecar-guid
$ diff space-app-supporter-process-sidecars space-dev-process-sidecars
$ diff space-app-supporter-app-sidecars space-dev-app-sidecars
Code Check
I'm wondering if we should be collapsing down the context 'with a user'
and context 'permissions'
sections. Since the shared examples specs have a functionality for checking the response objects, and it allows us to check that the response is correct for each role, it feels like a good opportunity to condense some of the tests down. Plus it would more closely follow what's been done in previous space app supporter work. Let me know what y'all think, or if I'm missing a reason we've kept things separated, otherwise look good!
Docs
I'm noticing that we've left off the 'Experimental' indicator in the docs, was the thinking that sidecars are in the experimental section of the docs so we don't necessarily need to indicate that the role is also experimental? It feels a bit like we're conflating experimental indicators in leaving it off, since the rest of the roles aren't experimental.
allows access to: GET /v3/sidecars/:guid GET /v3/processes/:process_guid/sidecars GET /v3/apps/:app_guid/sidecars Finishes #2231 Co-authored-by: Maria Shaldybin <mariash@vmware.com>
5b6916f
to
a37eae4
Compare
We didn't collapse down the spec sections but we changed the context/describes to be more clear on what cases they're testing. The shared behaviors aren't testing the response format so the other test is serving a purpose. Updated the docs to include experimental. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Following a conversation with folks, we've agreed:
- the shared examples spec should include a guid check for list endpoints, as they'll always return a
200
but the list may not be populated - if the response body is different depending on the role, the shared example spec should include a full rundown of the response body for each role
- the shared examples spec for an individual resource doesn't necessarily need to include the guid check, as the error code will actually change based on permissions. This test would fail if someone throws an errant "if user has x role return a
200
without a response body", but that's a much less likely mistake to make - In the case where we've split out a content test from the permissions test, we're going to ensure that the context description does not reference a specific role, as it may be misleading for future contributors. Instead we're going to lean towards indicating that the test is meant to check the return body content.
Once changes have been made per the above these changes should be good to go!
- We used a more generic term rather than space dev so as not to imply that this behavior was specific to the space dev. - Small refactor to expected codes and responses Co-authored-by: Galen Hammond <galenh@vmware.com> Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, thanks for making the adjustments @galenhammond and @MerricdeLauney !
…s_spec.rb We renamed the role after the PR for the space supporter sidecar endpoints was made, this commit fixes the naming discrepancy. Original PR: #2343 Authored-by: Sarah Weinstein <sweinstein@pivotal.io>
#2343) * Allow space application supporter to access specific sidecar endpoints allows access to: GET /v3/sidecars/:guid GET /v3/processes/:process_guid/sidecars GET /v3/apps/:app_guid/sidecars * Refactor tests to match previous patterns. - We used a more generic term rather than space dev so as not to imply that this behavior was specific to the space dev. Finishes #2231 Co-authored-by: Maria Shaldybin <mariash@vmware.com> Co-authored-by: Galen Hammond <galenh@vmware.com> Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
…s_spec.rb We renamed the role after the PR for the space supporter sidecar endpoints was made, this commit fixes the naming discrepancy. Original PR: #2343 Authored-by: Sarah Weinstein <sweinstein@pivotal.io>
#2343) * Allow space application supporter to access specific sidecar endpoints allows access to: GET /v3/sidecars/:guid GET /v3/processes/:process_guid/sidecars GET /v3/apps/:app_guid/sidecars * Refactor tests to match previous patterns. - We used a more generic term rather than space dev so as not to imply that this behavior was specific to the space dev. Finishes #2231 Co-authored-by: Maria Shaldybin <mariash@vmware.com> Co-authored-by: Galen Hammond <galenh@vmware.com> Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
…s_spec.rb We renamed the role after the PR for the space supporter sidecar endpoints was made, this commit fixes the naming discrepancy. Original PR: #2343 Authored-by: Sarah Weinstein <sweinstein@pivotal.io>
#2343) * Allow space application supporter to access specific sidecar endpoints allows access to: GET /v3/sidecars/:guid GET /v3/processes/:process_guid/sidecars GET /v3/apps/:app_guid/sidecars * Refactor tests to match previous patterns. - We used a more generic term rather than space dev so as not to imply that this behavior was specific to the space dev. Finishes #2231 Co-authored-by: Maria Shaldybin <mariash@vmware.com> Co-authored-by: Galen Hammond <galenh@vmware.com> Co-authored-by: Merric de Launey <mdelauney@pivotal.io>
…s_spec.rb We renamed the role after the PR for the space supporter sidecar endpoints was made, this commit fixes the naming discrepancy. Original PR: #2343 Authored-by: Sarah Weinstein <sweinstein@pivotal.io>
allows access to:
GET /v3/sidecars/:guid
GET /v3/processes/:process_guid/sidecars
GET /v3/apps/:app_guid/sidecars
Finishes #2231
Co-authored-by: Maria Shaldybin mariash@vmware.com
Thanks for contributing to cloud_controller_ng. To speed up the process of reviewing your pull request please provide us with:
I have reviewed the contributing guide
I have viewed, signed, and submitted the Contributor License Agreement
I have made this pull request to the
main
branchI have run all the unit tests using
bundle exec rake
I have run CF Acceptance Tests