Skip to content

feat: [UIE-8934, UIE-8935, UIE-8939] - IAM RBAC: fix permission check for sub-entities#12535

Merged
corya-akamai merged 6 commits intolinode:developfrom
aaleksee-akamai:UIE-8934-linodes-storage-fix
Jul 21, 2025
Merged

feat: [UIE-8934, UIE-8935, UIE-8939] - IAM RBAC: fix permission check for sub-entities#12535
corya-akamai merged 6 commits intolinode:developfrom
aaleksee-akamai:UIE-8934-linodes-storage-fix

Conversation

@aaleksee-akamai
Copy link
Contributor

@aaleksee-akamai aaleksee-akamai commented Jul 18, 2025

Description 📝

RBAC permission hook: update checks for sub-entities in Linodes Storage, Configuration, and Settings tabs.

Changes 🔄

List any change(s) relevant to the reviewer.

  • Update permissions for sub-entities to check the parent entity instead
  • Update tests
  • Add an onOpen property to the action menu

Files Affected:

  • ConfigActionMenu.tsx + ConfigActionMenu.test.tsx
  • LinodeSettingsPasswordPanel.tsx + LinodeSettingsPasswordPanel.test.tsx
  • LinodeDiskActionMenu.tsx + LinodeDiskActionMenu.test.tsx

Target release date 🗓️

July 29th

How to test 🧪

Prerequisites

(How to setup test environment)

You can test using a DevCloud IAM account or local devenv setup or mock data (use the User Permissions presets);

Note: The unrestricted account has full access — permission checks are skipped.

To test permissions using presets:

  1. Enable MSW and use Legacy MSW Handlers.
  2. Use the Custom Profile preset with the restricted option selected.
  3. For account-related permissions (e.g. const { permissions } = usePermissions('account', ['create_firewall']) ), use the Custom User Account Permissions preset.
  4. For entity-related permissions, use the Custom User Entity Permissions preset.
  5. Click "Save" and "Apply".

Verification steps

(How to verify changes)

  • Confirm the buttons/inputs are disabled according the grant model with IAM is off, and according to the RBAC model when IAM is on.
Author Checklists

As an Author, to speed up the review process, I considered 🤔

👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support


  • I have read and considered all applicable items listed above.

As an Author, before moving this PR from Draft to Open, I confirmed ✅

  • All tests and CI checks are passing
  • TypeScript compilation succeeded without errors
  • Code passes all linting rules

@aaleksee-akamai aaleksee-akamai requested a review from a team as a code owner July 18, 2025 11:16
@aaleksee-akamai aaleksee-akamai requested review from harsh-akamai and mjac0bs and removed request for a team July 18, 2025 11:16
@aaleksee-akamai aaleksee-akamai self-assigned this Jul 18, 2025
@aaleksee-akamai aaleksee-akamai added Linodes Dealing with the Linodes section of the app IAM (Identity & Access Management) labels Jul 18, 2025
… in Linodes Storage, Configuration, and Settings tabs
Copy link
Contributor

@jaalah-akamai jaalah-akamai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Enabling/Disabling IAM Feature Flag works as intended
✅ Configs + Action Menu perms look good

✅ Linode Settings Password is enabled/disabled based on IAM perm
Image

@github-project-automation github-project-automation bot moved this from Review to Approved in Cloud Manager Jul 18, 2025
@jaalah-akamai jaalah-akamai added the Approved Multiple approvals and ready to merge! label Jul 18, 2025
@kwojtowiakamai
Copy link

kwojtowiakamai commented Jul 21, 2025

✅ The buttons in the storage, configurations and settings tabs are correctly enabled/disabled based on the permissions/grants for both IAM and non-IAM users.

@linode linode deleted a comment from linode-gh-bot Jul 21, 2025
@linode-gh-bot
Copy link
Collaborator

Cloud Manager UI test results

🔺 2 failing tests on test run #3 ↗︎

❌ Failing✅ Passing↪️ Skipped🕐 Duration
2 Failing680 Passing5 Skipped125m 57s

Details

Failing Tests
SpecTest
object-storage-objects-multicluster.spec.tsCloud Manager Cypress Tests→Object Storage Multicluster objects » Object Storage Multicluster objects
access-key.e2e.spec.tsCloud Manager Cypress Tests→object storage access key end-to-end tests » object storage access key end-to-end tests

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/objectStorageMulticluster/object-storage-objects-multicluster.spec.ts,cypress/e2e/core/objectStorage/access-key.e2e.spec.ts"

@corya-akamai
Copy link
Contributor

Cloud Manager UI test results

🔺 2 failing tests on test run #3 ↗︎

❌ Failing ✅ Passing ↪️ Skipped 🕐 Duration
2 Failing 680 Passing 5 Skipped 125m 57s

Details

Failing Tests
Spec Test
object-storage-objects-multicluster.spec.ts Cloud Manager Cypress Tests→Object Storage Multicluster objects » Object Storage Multicluster objects
access-key.e2e.spec.ts Cloud Manager Cypress Tests→object storage access key end-to-end tests » object storage access key end-to-end tests

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/objectStorageMulticluster/object-storage-objects-multicluster.spec.ts,cypress/e2e/core/objectStorage/access-key.e2e.spec.ts"

@jdamore-linode We good to merge with the Object-storeage failures?

@jdamore-linode
Copy link
Contributor

@corya-akamai yep, you're good to go! 👍 Sorry for the trouble with the OBJ tests!

@corya-akamai corya-akamai merged commit 97b734b into linode:develop Jul 21, 2025
34 of 35 checks passed
@github-project-automation github-project-automation bot moved this from Approved to Merged in Cloud Manager Jul 21, 2025
@corya-akamai corya-akamai deleted the UIE-8934-linodes-storage-fix branch July 21, 2025 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Approved Multiple approvals and ready to merge! IAM (Identity & Access Management) Linodes Dealing with the Linodes section of the app

Projects

Archived in project

Development

Successfully merging this pull request may close these issues.

8 participants