Skip to content

feat: [UIE-8934, UIE-8935, UIE-8939] - IAM RBAC: fix permission check for sub-entities#12535

Merged
corya-akamai merged 6 commits intolinode:developfrom
aaleksee-akamai:UIE-8934-linodes-storage-fix
Jul 21, 2025
Merged

feat: [UIE-8934, UIE-8935, UIE-8939] - IAM RBAC: fix permission check for sub-entities#12535
corya-akamai merged 6 commits intolinode:developfrom
aaleksee-akamai:UIE-8934-linodes-storage-fix

Conversation

@aaleksee-akamai
Copy link
Contributor

@aaleksee-akamai aaleksee-akamai commented Jul 18, 2025
edited
Loading

Description 📝

RBAC permission hook: update checks for sub-entities in Linodes Storage, Configuration, and Settings tabs.

Changes 🔄

List any change(s) relevant to the reviewer.

  • Update permissions for sub-entities to check the parent entity instead
  • Update tests
  • Add an onOpen property to the action menu

Files Affected:

  • ConfigActionMenu.tsx + ConfigActionMenu.test.tsx
  • LinodeSettingsPasswordPanel.tsx + LinodeSettingsPasswordPanel.test.tsx
  • LinodeDiskActionMenu.tsx + LinodeDiskActionMenu.test.tsx

Target release date 🗓️

July 29th

How to test 🧪

Prerequisites

(How to setup test environment)

You can test using a DevCloud IAM account or local devenv setup or mock data (use the User Permissions presets);

Note: The unrestricted account has full access — permission checks are skipped.

To test permissions using presets:

  1. Enable MSW and use Legacy MSW Handlers.
  2. Use the Custom Profile preset with the restricted option selected.
  3. For account-related permissions (e.g. const { permissions } = usePermissions('account', ['create_firewall']) ), use the Custom User Account Permissions preset.
  4. For entity-related permissions, use the Custom User Entity Permissions preset.
  5. Click "Save" and "Apply".

Verification steps

(How to verify changes)

  • Confirm the buttons/inputs are disabled according the grant model with IAM is off, and according to the RBAC model when IAM is on.
Author Checklists

As an Author, to speed up the review process, I considered 🤔

👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support


  • I have read and considered all applicable items listed above.

As an Author, before moving this PR from Draft to Open, I confirmed ✅

  • All tests and CI checks are passing
  • TypeScript compilation succeeded without errors
  • Code passes all linting rules

@aaleksee-akamai aaleksee-akamai requested a review from a team as a code owner July 18, 2025 11:16
@aaleksee-akamai aaleksee-akamai requested review from harsh-akamai and mjac0bs and removed request for a team July 18, 2025 11:16
@aaleksee-akamai aaleksee-akamai self-assigned this Jul 18, 2025
@aaleksee-akamai aaleksee-akamai added Linodes Dealing with the Linodes section of the app IAM (Identity & Access Management) labels Jul 18, 2025
@aaleksee-akamai
Added changeset: RBAC permission hook: update checks for sub-entities…
0523567 
… in Linodes Storage, Configuration, and Settings tabs
jaalah-akamai
jaalah-akamai approved these changes Jul 18, 2025
View reviewed changes
Copy link
Contributor

@jaalah-akamai jaalah-akamai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Enabling/Disabling IAM Feature Flag works as intended
✅ Configs + Action Menu perms look good

✅ Linode Settings Password is enabled/disabled based on IAM perm
Image

@github-project-automation github-project-automation bot moved this from Review to Approved in Cloud Manager Jul 18, 2025
@jaalah-akamai jaalah-akamai added the Approved Multiple approvals and ready to merge! label Jul 18, 2025
@kwojtowiakamai
Copy link

kwojtowiakamai commented Jul 21, 2025
edited
Loading

✅ The buttons in the storage, configurations and settings tabs are correctly enabled/disabled based on the permissions/grants for both IAM and non-IAM users.

@linode linode deleted a comment from linode-gh-bot Jul 21, 2025
@linode-gh-bot
Copy link
Collaborator

linode-gh-bot commented Jul 21, 2025

Cloud Manager UI test results

🔺 2 failing tests on test run #3 ↗︎

❌ Failing✅ Passing↪️ Skipped🕐 Duration
2 Failing680 Passing5 Skipped125m 57s

Details

Failing Tests
SpecTest
object-storage-objects-multicluster.spec.tsCloud Manager Cypress Tests→Object Storage Multicluster objects » Object Storage Multicluster objects
access-key.e2e.spec.tsCloud Manager Cypress Tests→object storage access key end-to-end tests » object storage access key end-to-end tests

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/objectStorageMulticluster/object-storage-objects-multicluster.spec.ts,cypress/e2e/core/objectStorage/access-key.e2e.spec.ts"

@corya-akamai
Copy link
Contributor

corya-akamai commented Jul 21, 2025

Cloud Manager UI test results

🔺 2 failing tests on test run #3 ↗︎

❌ Failing ✅ Passing ↪️ Skipped 🕐 Duration
2 Failing 680 Passing 5 Skipped 125m 57s

Details

Failing Tests
Spec Test
object-storage-objects-multicluster.spec.ts Cloud Manager Cypress Tests→Object Storage Multicluster objects » Object Storage Multicluster objects
access-key.e2e.spec.ts Cloud Manager Cypress Tests→object storage access key end-to-end tests » object storage access key end-to-end tests

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/objectStorageMulticluster/object-storage-objects-multicluster.spec.ts,cypress/e2e/core/objectStorage/access-key.e2e.spec.ts"

@jdamore-linode We good to merge with the Object-storeage failures?

@jdamore-linode
Copy link
Contributor

jdamore-linode commented Jul 21, 2025

@corya-akamai yep, you're good to go! 👍 Sorry for the trouble with the OBJ tests!

@corya-akamai corya-akamai merged commit 97b734b into linode:develop Jul 21, 2025
34 of 35 checks passed
@github-project-automation github-project-automation bot moved this from Approved to Merged in Cloud Manager Jul 21, 2025
@corya-akamai corya-akamai deleted the UIE-8934-linodes-storage-fix branch July 21, 2025 15:41
@mjac0bs mjac0bs mentioned this pull request Jul 24, 2025
Merged
@mjac0bs mjac0bs mentioned this pull request Jul 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bnussman-akamai bnussman-akamai bnussman-akamai approved these changes

@harsh-akamai harsh-akamai Awaiting requested review from harsh-akamai harsh-akamai is a code owner automatically assigned from linode/cloud-manager-code-reviewers

+3 more reviewers

@mjac0bs mjac0bs mjac0bs approved these changes

@jaalah-akamai jaalah-akamai jaalah-akamai approved these changes

@kwojtowiakamai kwojtowiakamai kwojtowiakamai approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@aaleksee-akamai aaleksee-akamai

Labels

Approved Multiple approvals and ready to merge! IAM (Identity & Access Management) Linodes Dealing with the Linodes section of the app

Projects

Cloud Manager
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@aaleksee-akamai @kwojtowiakamai @linode-gh-bot @corya-akamai @jdamore-linode @mjac0bs @bnussman-akamai @jaalah-akamai