Skip to content

Role based access control / backend #2790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 35 commits into from
Dec 22, 2022
Merged

Role based access control / backend #2790

merged 35 commits into from
Dec 22, 2022

Conversation

Haarolean
Copy link
Contributor

  • Breaking change? (if so, please describe the impact and migration path for existing application instances)

What changes did you make? (Give an overview)

Is there anything you'd like reviewers to focus on?

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

  • No need to
  • Manually (please, describe, if necessary)
  • Unit checks
  • Integration checks
  • Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES)
  • My changes generate no new warnings (e.g. Sonar is happy)
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)

@Haarolean Haarolean requested a review from a team as a code owner October 20, 2022 17:57
@Haarolean Haarolean self-assigned this Oct 20, 2022
@Haarolean Haarolean requested a review from a team as a code owner October 20, 2022 17:57
@Haarolean Haarolean linked an issue Oct 20, 2022 that may be closed by this pull request
Role based access control #753
Closed
@Haarolean
Merge remote-tracking branch 'origin/master' into issues/753
16bd53d 
# Conflicts:
#	kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/KafkaConnectController.java
@Haarolean
Fix build + checkstyle
d194b4a
@Haarolean
Copy link
Contributor Author

Haarolean commented Oct 20, 2022
edited
Loading

Roles file example:

- name: "memelords"
  clusters:
    - dev
    - staging
    - prod
  subjects:
    - provider: oauth_google
      type: domain
      value: "memelord.lol"
    - provider: oauth_google
      type: user
      value: "[email protected]"

    - provider: oauth_github
      type: organization
      value: "memelords_team"
    - provider: oauth_github
      type: user
      value: "Haarolean"
  permissions:
    - resource: cluster
      name: ".*" 
      actions: [ "view", "create" ]

    - resource: topic
      actions: [ "view", "create", "edit" ]
      name: ".*" 

    - resource: connect
      actions: [ ".*" ]
      name: ".*" 

# not implemented yet
#      selector:
#        connector:
#          name: ".*"
#          class: 'com.provectus.connectorName'

- name: "admins"
  clusters:
    - dev
    - staging
    - prod
  subjects:
    - provider: ldap
      type: group
      value: "ou=devs,dc=planetexpress,dc=com"
    - provider: ldap
      type: user
      value: "cn=germanosin,dc=planetexpress,dc=com"
  permissions:
    - resource: cluster
      actions: [ "view" ]
      name: ".*"

API response example:

[
  {
    "resource": "cluster",
    "value": "local",
    "actions": [
      "view",
      "edit"
    ]
  },
  {
    "resource": "topic",
    "value": "first.messages",
    "actions": [
      "view",
      "create"
    ]
  }
]

image

iliax
iliax reviewed Oct 20, 2022
View reviewed changes
germanosin
germanosin previously requested changes Oct 21, 2022
View reviewed changes
vrnsky
vrnsky reviewed Oct 24, 2022
View reviewed changes
@Haarolean Haarolean requested review from vrnsky and germanosin and removed request for vrnsky October 29, 2022 21:19
@Haarolean Haarolean requested a review from iliax October 29, 2022 21:55
iliax
iliax approved these changes Oct 30, 2022
View reviewed changes
Copy link
Contributor

@iliax iliax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, minor comments left

@Haarolean Haarolean linked an issue Dec 15, 2022 that may be closed by this pull request
Add a topic list filtering (permission-based) #482
Closed
@Haarolean Haarolean removed a link to an issue Dec 15, 2022
Add a topic list filtering (permission-based) #482
Closed
iliax
iliax suggested changes Dec 21, 2022
View reviewed changes
@Haarolean Haarolean requested review from iliax and removed request for vrnsky December 21, 2022 19:09
@Haarolean
Add "ALL" action
5539128 
Get rid of unnecessary cache, save groups into spring auth
Review fixes
@Haarolean
Merge remote-tracking branch 'origin/master' into issues/753
6fb8119
Haarolean and others added 2 commits December 22, 2022 19:55
@Haarolean
Make "all" action case-insensitive
9839ccb
@Mgrdich @Haarolean @VladSenyuta
Role based access control / FrontEnd (#2933)
7d53ca2 
* Initial modifications and mocking the For the RoleAccess

* fix the Suspense issue in the components , comment the Tests to implement later

* minor test comment

* Roles and configuration and santization of data

* initialize RoleCheck hook

* make the App test file visible + minor modification in the permission hook

* Structure the data so the Burger header toggle does not rerender the whole application

* add tests to the NavBar and the Page container , add tests

* NavBar and PageContainer bug fixes

* Roles Testing code modification

* covering Topics create button Actions, and Schema create button Actions

* minor typescript code modifications for the cluster required parameter in the rolesHelper

* minor typescript code modifications for the cluster required parameter in the rolesHelper

* minor code modification to describe the Permission tests more clearly

* Produce message Permissions with Tests Suites for Topic

* Add Schema Edit Permission with tests

* Minor role changes

* Add ActionButton Component to handle the Button with tooltip

* Add ActionButton Component to handle the Button with tooltip

* Add Action Button to every Button create Action

* ActionButton add test suites

* usePermission code modification to include regular expressions

* Abstract Actions Component for code repetition, add Configs Edit button Permission + add the tests suites to it.

* Schema Remove functionality Permission and Test Suites + creation of the ActionDropdownItem for Actions

* Topic Edit Clear and delete Topic , Permissions with test suites

* ActionsCell For Topic Message Overview for permissions with tests suites

* Connector Delete , Consumer Groups Permission + writing test suites

* Add Permissions to the Topics ActionCell

* Topic Table Permissions Tests Suites

* Headless Logic for the Permission Part

* add documentation for the headless Part of the permission + add modification of the data version 2 for efficient algorithmic lookup

* replace modify data logic and isPermitted function to have faster access to the data

* Add Permission helpers tests suites

* usePermission hook test suites

* BatchActionsBar add Permissions + minor modification in TopicTable tests suites

* Statistics and Metrics code Permission + add test suites

* Recreate Topic Permissions in the Topic page, add tests suites

* Actions for the Connector components

* Messages NavLink View Permission

* Test suites messages code modifications

* Permissions comment code modifications

* Replacing the Mock Data With the actual code

* Add ActionNavLink test suites

* BatchActionsBar code smell modifications

* maximizing the permissions tests suites

* maximizing the permissions tests suites

* maximizing the permissions tests suites

* Tooltip code refactoring and fix the positions issue

* permissions increase the tests coverage

* add user info at the navigation header and tests suites

* Add Global Schema Selector Permissions with test suites

* Roles minor code removal

* Change the Action Component form hook mixin approach to declarative props approach

* add isPermitted function for multiple Actions , adding tests suites for this particular case

* remove redundant Permissions test blocks from the components

* remove redundant Permissions test blocks from the components

* Action Buttons test suites' coverage + generalizing the code of the Actions

* add invalid Permission check in Action Components tests suites

* Modularization of Actions Components

* Modularization of Actions Components by adding DropDownAction to it.

* Reflect the BE Changes to the UI , by changing the default behavior or the testing of roles.

* Reflect the BE Changes to the UI , by changing the default behavior or the testing of roles.

* Get rid of not necessary usePermission mocks

* Modifications in the UserInfo data , to consider the UI without any login functionality

* minor code modifications in the BatchActionBar component

* change the Query key for the user info

* change the default message for the tooltip

* Fix the Create Role Access for Topics and Schemas

* ListPage Connector create permissions

* add Headless logic for Create Permission with test suites. + add react hook render-er

* Create Button ActionButton logic implementation

* Remove Code smells , by removing the duplications

* increase the test suites for isPermittedToCreate logic

* increase the test suites for isPermittedToCreate logic

* Change the UserResourceType Enum with the new value

* Apply New Resource Creation validation, for Topic, Schema, Connector

* Apply New Resource Creation validation, for Topic, Schema, Connector

* minor code refactor modifications

* minor code modification in the topics useCreate hook

* Async Validation for all the Create Pages

* caching test for optimal performance in async validation schemas

* Reverting the Front End Validation

* Reverting the Front End Validation

* Authorization API minor syntax modifications

* fix SmokeTests

Co-authored-by: Roman Zabaluev <[email protected]>
Co-authored-by: VladSenyuta <[email protected]>
@Haarolean Haarolean requested a review from a team as a code owner December 22, 2022 12:50
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 11 Code Smells

89.8% 89.8% Coverage
0.0% 0.0% Duplication

@Haarolean Haarolean merged commit 5c723d9 into master Dec 22, 2022
@Haarolean Haarolean deleted the issues/753 branch December 22, 2022 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@germanosin germanosin germanosin left review comments

@vrnsky vrnsky vrnsky left review comments

@iliax iliax iliax approved these changes

@Mgrdich Mgrdich Mgrdich approved these changes

@VladSenyuta VladSenyuta VladSenyuta approved these changes

Assignees

@Haarolean Haarolean

Labels
hacktoberfest-accepted scope/backend type/feature A new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Restrict github organizations via OAuth Restrict domains with SSO via google Role based access control
6 participants
@Haarolean @iliax @germanosin @vrnsky @Mgrdich @VladSenyuta