Filter infra grants #4054
Filter infra grants #4054
Conversation
pdevine
force-pushed
the
system-grants-filter
branch
from
39c1e02
to
d66f365
Compare
| Destination string `form:"destination" example:"production" note:"name of the destination where a connector is installed"` | ||
| Privilege string `form:"privilege" example:"view" note:"a role or permission"` | ||
| ShowInherited bool `form:"showInherited" note:"if true, this field includes grants that the user inherits through groups" example:"true"` | ||
| ExcludeConnector bool `form:"-"` |
There was a problem hiding this comment.
It feels like it may make more sense to just filter the connector out on the client-side rather than adding a flag for it specifically. What was the use-case here, the UI?
There was a problem hiding this comment.
It makes it easier to filter in the UI. This flag is just for backwards compatibility to the old API.
| @@ -114,7 +117,7 @@ func TestAPI_ListGrants(t *testing.T) { | |||
| run := func(t *testing.T, tc testCase) { | |||
| req := httptest.NewRequest(http.MethodGet, tc.urlPath, nil) | |||
| req.Header.Set("Authorization", "Bearer "+accessKey) | |||
| req.Header.Add("Infra-Version", "0.18.2") | |||
| req.Header.Add("Infra-Version", "0.21.0") | |||
There was a problem hiding this comment.
If this should be testing against the latest API, it should use apiVersionLatest instead
| Privilege: "connector", | ||
| Resource: "res1.ns2", |
There was a problem hiding this comment.
Nit: this grant doesn't make sense. It's not possible to grant connector to a Kubernetes namespace
| urlPath: "/api/grants?showSystem=true", | ||
| setup: func(t *testing.T, req *http.Request) { | ||
| req.Header.Set("Authorization", "Bearer "+adminAccessKey(srv)) | ||
| req.Header.Set("Infra-Version", "0.19.0") |
There was a problem hiding this comment.
Why not set version to 0.20.0?
| @@ -1,6 +1,6 @@ | |||
| const fetch = global.fetch | |||
|
|
|||
| const base = '0.19.1' | |||
| const base = '0.21.0' | |||
There was a problem hiding this comment.
This isn't ideal. It's setting the API version to some version in the future which may cause problems down the road
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
1 similar comment
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
stale
bot
added
the
status/stale
Summary
This PR changes the
/api/grantsto filter both connector grants, and infra admin grants from the default grants listing. To display the infra and connector grants, you can append theshowSystem=trueargument to the query. This behaviour is different than howshowSystempreviously worked, which only filtered out the results for the connector grants. The API maintains backwards compatibility via theInfra-Versionheader.Checklist
Related Issues
Resolves #3800