Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🧹 refactor: change the way we control project and env permissions #452

Merged
merged 15 commits into from
Jul 16, 2023
Merged

🧹 refactor: change the way we control project and env permissions #452

merged 15 commits into from
Jul 16, 2023

Conversation

cosmos-explorer
Copy link
Contributor

@cosmos-explorer cosmos-explorer commented Jul 15, 2023
edited

The following changes:

  • Rename ListProjects to CanAccessProject: can be applied to both general and specific projects
    - if applied to general projects: can access to all projects
    - if applied to a specific project: can access to a specific project
    Projects without CanAccessProject action granted won't be displayed in the UI

  • Remove ListEnvironments: if a user can access a project, he can access to all its envs
    except the envs whose CanAccessEnv permission is explicitly denied

  • Rename AccessEnvs to CanAccessEnv

This PR brings a breaking change, need to update the MongoDb with the following scripts:

  • Rename the action ListProjects to CanAccessProject
db.Policies.updateMany(
  {
    "statements.actions": "ListProjects"
  },
  {
    $set: {
      "statements.$[elem].actions.$[action]": "CanAccessProject"
    }
  },
  {
    arrayFilters: [
      {
        "elem.actions": "ListProjects"
      },
      {
        "action": "ListProjects"
      }
    ]
  }
);
  • Rename the action AccessEnvs to CanAccessEnv
db.Policies.updateMany(
  {
    "statements.actions": "AccessEnvs"
  },
  {
    $set: {
      "statements.$[elem].actions.$[action]": "CanAccessEnv"
    }
  },
  {
    arrayFilters: [
      {
        "elem.actions": "AccessEnvs"
      },
      {
        "action": "AccessEnvs"
      }
    ]
  }
);
  • Remove the action ListEnvs
db.Policies.updateMany(
  {},
  {
    $pull: {
      "statements.$[].actions": "ListEnvs"
    }
  }
);

@cosmos-explorer cosmos-explorer self-assigned this Jul 15, 2023
@deleteLater deleteLater changed the title 🧹Refactor/iam project env 🧹 refactor: IAM project env Jul 15, 2023
@cosmos-explorer cosmos-explorer changed the title 🧹 refactor: IAM project env 🧹 refactored the way to set project and env permissions Jul 16, 2023
@deleteLater deleteLater changed the title 🧹 refactored the way to set project and env permissions 🧹 refactor: change the way to control project and env permissions Jul 16, 2023
deleteLater
deleteLater approved these changes Jul 16, 2023
View reviewed changes
Copy link
Contributor

@deleteLater deleteLater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@deleteLater deleteLater changed the title 🧹 refactor: change the way to control project and env permissions 🧹 refactor: change the way we control project and env permissions Jul 16, 2023
@deleteLater deleteLater merged commit 51f6341 into main Jul 16, 2023
1 check passed
@deleteLater deleteLater deleted the refactor/iam-project-env branch July 16, 2023 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deleteLater deleteLater deleteLater approved these changes

Assignees

@cosmos-explorer cosmos-explorer

Labels
breaking-change ui
Projects
FeatBit
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cosmos-explorer @deleteLater