Implementation of RBAC for KeyValuePair by ashwini-orchestral · Pull Request #5354 · StackStorm/st2

ashwini-orchestral · 2021-09-09T14:40:30Z

Implemented RBAC functionality and unit tests for key-value pairs for existing and new permission types. Previously, RBAC feature for key value pairs are not yet implemented.

Existing permission types - KEY_VALUE_VIEW, KEY_VALUE_SET, KEY_VALUE_DELETE
New permission types - KEY_VALUE_LIST, KEY_VALUE_ALL

RBAC is enabled in the st2.conf file. Access to a key value pair is checked in the KeyValuePair API controller.

SET and DELETE permissions will automatically grant LIST and VIEW permissions.
By default, user has access to his/her own user scoped KVPs without requiring specific permission grant.
A non-admin user can be explicitly granted permission to one or more system scoped KVPs.
A non-admin user cannot access another user's KVPs.
By default, admin and system_admin has ALL access to system scoped KVPs.
Admin has full access to another user's KVPs (behavior in current version).

This change requires RBAC backend support @ PR StackStorm/st2-rbac-backend#55.

st2api/st2api/controllers/v1/keyvalue.py

…ped kvps.

m4dcoder

Where are the unit tests?

Clean up and simplify the put method of the key value pair API. Remove logic from the code that is redundant or no longer applies.

Clean up and simplify the delete method of the key value pair API. Remove logic from the code that is redundant or no longer applies.

cognifloyd

LGTM

Refactor get_all_system_kvp_names_for_user to ensure there's no leakage of non key value pair resource type or resource uid of user scoped key value pair.

Refactor RBAC unit tests for the key value API to ensure get_all is working properly for different scopes and for admin/non-admin users.

m4dcoder · 2021-10-03T23:07:22Z

Moving this feature to v3.7.0 to give more time for folks to soak this in.

m4dcoder

Blocking this temporary until post v3.6.0 release.

st2client/st2client/commands/resource.py

arm4b · 2021-12-09T18:33:48Z

@ashwini-orchestral The PR needs a Changelog. Please add one.

@m4dcoder Additionally, do we need documentation changes for this new feature as well?

m4dcoder · 2021-12-10T17:23:15Z

@armab Corresponding PR for docs at StackStorm/st2docs#1092

Implementation of RBAC for KeyValuePair

306220d

pull-request-size bot added the size/M PR that changes 30-99 lines. Good size to review. label Sep 9, 2021

ashwini-orchestral added 2 commits September 9, 2021 14:44

Resolved formatting issue

09a0218

Added a comment

0627467

m4dcoder added this to the 3.6.0 milestone Sep 13, 2021

m4dcoder requested changes Sep 13, 2021

View reviewed changes

st2api/st2api/controllers/v1/keyvalue.py Outdated Show resolved Hide resolved

ashwini-orchestral and others added 11 commits September 16, 2021 20:17

Modifications done as per review comments

ed9c0d5

Fixed review changes

242f230

Minor fix

bd1adf3

Merge branch 'master' into rbac_keyvaluepair

1ae5b94

Modified the implementation for default user

faeb378

Merge branch 'master' into rbac_keyvaluepair

7bc6613

Fixed lint error

2f17754

Minor fix to handle system key permissions to user.

1c77ff7

Merge branch 'master' into rbac_keyvaluepair

a2e7178

Added a function to get the list keys of user for system scoped kvps

1a871d0

Modified get_all function to get the list of user assigned system sco…

57a7808

…ped kvps.

pull-request-size bot added size/L PR that changes 100-499 lines. Requires some effort to review. and removed size/M PR that changes 30-99 lines. Good size to review. labels Sep 24, 2021

ashwini-orchestral added 5 commits September 24, 2021 23:17

Minor fix to add imports

4dedb78

Minor fix to add import

691c7aa

Minor fix related to lint error

da1d6bd

Minor fix related to conflict

b39855d

Reformatted file with black tool

1d62db8

m4dcoder requested changes Sep 24, 2021

View reviewed changes

ashwini-orchestral added 5 commits September 27, 2021 20:40

Minor fix for users system scope key list

f244569

Added testcases for user permission with system scope kvps.

5270fcb

Fixed lint error

7f7635f

Fixed minor variable issue

eef5655

Added unit tests for user permission

092723a

m4dcoder added 3 commits October 3, 2021 01:45

Refactor and simplify put method of key value API

0dbae40

Clean up and simplify the put method of the key value pair API. Remove logic from the code that is redundant or no longer applies.

Minor black formatting changes

f9b2c3c

Refactor and simplify delete method of key value API

77632eb

Clean up and simplify the delete method of the key value pair API. Remove logic from the code that is redundant or no longer applies.

m4dcoder force-pushed the rbac_keyvaluepair branch from 2f410a6 to 77632eb Compare October 3, 2021 18:56

cognifloyd approved these changes Oct 3, 2021

View reviewed changes

m4dcoder added 3 commits October 3, 2021 22:28

Refactor get_all_system_kvp_names_for_user with more restriction

9189455

Refactor get_all_system_kvp_names_for_user to ensure there's no leakage of non key value pair resource type or resource uid of user scoped key value pair.

Refactor RBAC unit tests for the key value API

66989cc

Refactor RBAC unit tests for the key value API to ensure get_all is working properly for different scopes and for admin/non-admin users.

Merge remote-tracking branch 'origin' into rbac_keyvaluepair

fa38953

m4dcoder modified the milestones: 3.6.0, 3.7.0 Oct 3, 2021

m4dcoder approved these changes Oct 3, 2021

View reviewed changes

m4dcoder requested changes Oct 3, 2021

View reviewed changes

m4dcoder mentioned this pull request Oct 3, 2021

RBAC implementation for key value pair StackStorm/st2-rbac-backend#55

Merged

Fixed minor issue of CLI command

ec3a184

m4dcoder requested changes Oct 4, 2021

View reviewed changes

st2client/st2client/commands/resource.py Outdated Show resolved Hide resolved

ashwini-orchestral added 2 commits October 5, 2021 12:30

Removed commented line

b9309e5

Merge branch 'master' into rbac_keyvaluepair

51b580c

cognifloyd added feature security RBAC labels Oct 5, 2021

ashwini-orchestral and others added 2 commits October 28, 2021 12:06

Merge branch 'master' into rbac_keyvaluepair

a2e51f4

Merge branch 'master' into rbac_keyvaluepair

816e6ba

m4dcoder approved these changes Dec 9, 2021

View reviewed changes

ashwini-orchestral added 2 commits December 10, 2021 12:14

Merge branch 'master' into rbac_keyvaluepair

1747eee

Updated changelog for RBAC keyvaluepair

d32a7f3

m4dcoder merged commit d71b157 into StackStorm:master Dec 10, 2021

m4dcoder deleted the rbac_keyvaluepair branch December 10, 2021 17:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Implementation of RBAC for KeyValuePair#5354

Implementation of RBAC for KeyValuePair#5354
m4dcoder merged 51 commits intoStackStorm:masterfrom
ashwini-orchestral:rbac_keyvaluepair

ashwini-orchestral commented Sep 9, 2021 •

edited by m4dcoder

Loading

Uh oh!

Uh oh!

m4dcoder left a comment

Uh oh!

cognifloyd left a comment

Uh oh!

m4dcoder commented Oct 3, 2021

Uh oh!

m4dcoder left a comment

Uh oh!

Uh oh!

arm4b commented Dec 9, 2021

Uh oh!

m4dcoder commented Dec 10, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Uh oh!

Conversation

ashwini-orchestral commented Sep 9, 2021 • edited by m4dcoder Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

m4dcoder left a comment

Choose a reason for hiding this comment

Uh oh!

cognifloyd left a comment

Choose a reason for hiding this comment

Uh oh!

m4dcoder commented Oct 3, 2021

Uh oh!

m4dcoder left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

arm4b commented Dec 9, 2021

Uh oh!

m4dcoder commented Dec 10, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

ashwini-orchestral commented Sep 9, 2021 •

edited by m4dcoder

Loading