New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter infra grants #4054
Filter infra grants #4054
Conversation
39c1e02
to
d66f365
Compare
Destination string `form:"destination" example:"production" note:"name of the destination where a connector is installed"` | ||
Privilege string `form:"privilege" example:"view" note:"a role or permission"` | ||
ShowInherited bool `form:"showInherited" note:"if true, this field includes grants that the user inherits through groups" example:"true"` | ||
ExcludeConnector bool `form:"-"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It feels like it may make more sense to just filter the connector out on the client-side rather than adding a flag for it specifically. What was the use-case here, the UI?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It makes it easier to filter in the UI. This flag is just for backwards compatibility to the old API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, will approve once tests pass
@@ -114,7 +117,7 @@ func TestAPI_ListGrants(t *testing.T) { | |||
run := func(t *testing.T, tc testCase) { | |||
req := httptest.NewRequest(http.MethodGet, tc.urlPath, nil) | |||
req.Header.Set("Authorization", "Bearer "+accessKey) | |||
req.Header.Add("Infra-Version", "0.18.2") | |||
req.Header.Add("Infra-Version", "0.21.0") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this should be testing against the latest API, it should use apiVersionLatest
instead
Privilege: "connector", | ||
Resource: "res1.ns2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: this grant doesn't make sense. It's not possible to grant connector
to a Kubernetes namespace
urlPath: "/api/grants?showSystem=true", | ||
setup: func(t *testing.T, req *http.Request) { | ||
req.Header.Set("Authorization", "Bearer "+adminAccessKey(srv)) | ||
req.Header.Set("Infra-Version", "0.19.0") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not set version to 0.20.0?
@@ -1,6 +1,6 @@ | |||
const fetch = global.fetch | |||
|
|||
const base = '0.19.1' | |||
const base = '0.21.0' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't ideal. It's setting the API version to some version in the future which may cause problems down the road
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
1 similar comment
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Summary
This PR changes the
/api/grants
to filter both connector grants, and infra admin grants from the default grants listing. To display the infra and connector grants, you can append theshowSystem=true
argument to the query. This behaviour is different than howshowSystem
previously worked, which only filtered out the results for the connector grants. The API maintains backwards compatibility via theInfra-Version
header.Checklist
Related Issues
Resolves #3800