Prevent orphan ACl without service user being created #2442
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…cl, Also if acl is created on server, then continue and ensure the service user is also created Signed-off-by: Aindriu Lavelle <aindriu.lavelle@aiven.io>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
cluster-api/src/main/java/io/aiven/klaw/clusterapi/services/AivenApiService.java
Dismissed
Show dismissed
Hide dismissed
cluster-api/src/main/java/io/aiven/klaw/clusterapi/services/AivenApiService.java
Dismissed
Show dismissed
Hide dismissed
muralibasani
reviewed
May 3, 2024
| @@ -55,14 +55,6 @@ public ResponseEntity<ClusterStatus> getApiStatus() { | |||
| return new ResponseEntity<>(ClusterStatus.ONLINE, HttpStatus.OK); | |||
| } | |||
|
|
|||
| // @RequestMapping(value = "/reloadTruststore/{protocol}/{clusterName}", method = | |||
muralibasani
reviewed
May 3, 2024
cluster-api/src/main/java/io/aiven/klaw/clusterapi/services/AivenApiService.java
Show resolved
Hide resolved
muralibasani
reviewed
May 3, 2024
| extractAcl(clusterAclRequest, aclResponse.getBody()); | ||
| if (aivenAclStructOptional.isEmpty()) { | ||
| aclResponse = restTemplate.postForEntity(uri, request, AivenAclResponse.class); | ||
| aivenAclStructOptional = extractAcl(clusterAclRequest, aclResponse.getBody()); |
There was a problem hiding this comment.
also here a null check ?
There was a problem hiding this comment.
I've added a null check into extractAcl. which returns an empty optional.
muralibasani
reviewed
May 3, 2024
| @@ -133,7 +143,7 @@ private void handleAclCreationResponse( | |||
| projectName, | |||
| serviceName, | |||
| clusterAclRequest.getTopicName()); | |||
| resultMap.put("result", "Failure in adding acls" + response.getBody()); | |||
| resultMap.put("result", "Failure in adding acls" + response.getBody().getMessage()); | |||
There was a problem hiding this comment.
also here a null check ?
| @@ -145,12 +142,12 @@ public void createAclsServiceAccountExists() throws Exception { | |||
| + "/acl"; | |||
|
|
|||
| AivenAclResponse aivenAclResponse = utilMethods.getAivenAclResponse(); | |||
| String aivenAclResponseString = OBJECT_MAPPER.writeValueAsString(aivenAclResponse); | |||
| // String aivenAclResponseString = OBJECT_MAPPER.writeValueAsString(aivenAclResponse); | |||
…null pointers Signed-off-by: Aindriu Lavelle <aindriu.lavelle@aiven.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add check if acl already exists in Klaw before allowing creation of acl, Also if acl is created on server, then continue and ensure the service user is also created
Linked issue
Resolves: #2412
What kind of change does this PR introduce?
What is the current behavior?
When creating an ACL, klaw created the ACL and then creates the related service users.
If the service user limit is hit the acl is left but the service user is not.
Re-approving the request does not create the service user and the acl needs to be manually removed before re-approving the ACL.
What is the new behavior?
When creating an ACL, klaw created the ACL and then creates the related service users.
If the service user limit is hit the acl is left but the service user is not.
Re-approving the request does creates the service user.
We also check if an ACL already exists in Klaw before allowing a new Klaw ACL Request to be created
Describe the state of the application after this PR. Illustrations appreciated (videos, gifs, screenshots).
Other information
Additional changes, explanations of the approach taken, unresolved issues, necessary follow ups, etc.
Requirements (all must be checked before review)
mainbranch have been pulledpnpm linthas been run successfullyA follow up PR is required to ensure that if a delete request is created for an acl that was deleted on the cluster that it passes.
This means sync functionality should be used when things get out of sync but requests won't be left failing if they have already been removed.