Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(fiat): Fix access denied for new apps with no roles #597

Merged
merged 3 commits into from
Oct 18, 2019
Merged

fix(fiat): Fix access denied for new apps with no roles #597

merged 3 commits into from
Oct 18, 2019

Conversation

costimuraru
Copy link
Contributor

@costimuraru costimuraru commented Sep 23, 2019
edited
Loading

Fixes spinnaker/spinnaker#1930

Previous behavior (with LDAP enabled):

  1. User creates Spinnaker app and specifies no roles.
  2. Front50 does not make call to Fiat to sync permissions (this is because the roles list is empty).
  3. User tries to view app.
  4. Front50 makes call to Fiat to get permissions for the new app.
  5. Fiat doesn't have any entry for the app (in Redis) and as such AccessDeniedException: Access is denied is thrown.
  6. After 10 minutes Fiat will sync permissions for all apps (it has a service to sync these periodically) and the Access denied error will be resolved.

Behavior after this PR:

  1. User creates Spinnaker app and specifies no roles.
  2. Front50 makes call to Fiat to sync permissions (even though permission list is empty).
  3. Fiat generates entry for the new app (in Redis).
  4. User tries to view app.
  5. Front50 makes call to Fiat to get permissions for the new app.
  6. Fiat is able to read the entry for the new app (from Redis) and the Access denied is no longer thrown.

@costimuraru costimuraru mentioned this pull request Sep 23, 2019
Closed
@costimuraru
Copy link
Contributor Author

ping @robfletcher @ttomsu @ajordens @robzienert @asher

Relates to 8250c54#diff-3d176880bdd6eb3033f247b7792c7508

@costimuraru costimuraru changed the title feat(authorization): Fix access denied for new apps with no roles fix(fiat): Fix access denied for new apps with no roles Sep 23, 2019
robzienert
robzienert reviewed Sep 23, 2019
View reviewed changes
Copy link
Member

@robzienert robzienert left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely the type of change that should have a test along with it. If / when we get to refactoring this away from Groovy, we would be likely introduce a regression with this conditional due to incorrectly translating Groovy Truth. :(

ed: Change itself seems legit, though.

@costimuraru
Copy link
Contributor Author

Good point, @robzienert!
I've added the tests now.

fix(fiat): Fix access denied for new apps with no roles
6664eac 
Signed-off-by: Constantin Muraru <cmuraru@adobe.com>
@cfieber cfieber added the ready to merge Approved and ready for merge label Oct 18, 2019
@mergify mergify bot merged commit 156c6ea into spinnaker:master Oct 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robzienert robzienert robzienert left review comments

@cfieber cfieber cfieber approved these changes

Assignees
No one assigned
Labels
auto merged ready to merge Approved and ready for merge target-release/1.17
Projects
None yet
Milestone
No milestone
5 participants
@costimuraru @robzienert @cfieber @marchello2000 @spinnakerbot