Skip to content

refactor!: remove role privilege rules#217

Merged
TylerGillson merged 18 commits intomainfrom
refactor/remove-role-privilege-rules
Sep 11, 2024
Merged

refactor!: remove role privilege rules#217
TylerGillson merged 18 commits intomainfrom
refactor/remove-role-privilege-rules

Conversation

@TylerGillson
Copy link
Member

@TylerGillson TylerGillson commented Sep 5, 2024
edited
Loading

Issue

N/A

Description

  • Remove RolePrivilegeRules
  • Add support for privilege rules on all entities
  • Configure GroupPrincipals and Propagated for privilege rules
  • Bump golangci-lint and fix import issues related to _validator

Requires:

@TylerGillson
refactor: remove role privilege rules
743cf13 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
chore: fix lints
8426d56 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
chore: Merge branch 'main' into refactor/remove-role-privilege-rules
cf40147
@TylerGillson
chore: bump vSphere plugin
908dca6 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson TylerGillson marked this pull request as ready for review September 9, 2024 15:21
@TylerGillson TylerGillson requested a review from a team as a code owner September 9, 2024 15:21
@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Sep 9, 2024
@TylerGillson TylerGillson mentioned this pull request Sep 9, 2024
Merged
@dosubot dosubot bot added the refactoring Refactoring / tech debt label Sep 9, 2024
ahmad-ibra
ahmad-ibra previously approved these changes Sep 9, 2024
View reviewed changes
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Sep 9, 2024
@TylerGillson
feat: handle privileges for all entities, propagation, and group prin…
446db57 
…cipals

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@dosubot dosubot bot added size:XL This PR changes 500-999 lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Sep 10, 2024
@TylerGillson
chore: Merge branch 'main' into refactor/remove-role-privilege-rules
2d99cfa
@TylerGillson
chore: fix typo
337e425 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
feat: handle propagation properly
cdf6550 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
chore: make reviewable
a43ee9f 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
chore: fix test
5afc989 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
chore: make reviewable
5349edf 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
test: fix integration test data
89a87f6 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
chore: ensure int. tests pass w/ if local AWS creds file exists; tidy…
e2e78d1 
… AWS code

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
fix: handle vSphere API changes
7908bfc 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@dosubot dosubot bot added size:XXL This PR changes 1000+ lines, ignoring generated files. and removed size:XL This PR changes 500-999 lines, ignoring generated files. labels Sep 10, 2024
@TylerGillson
fix: exit early if propagation disabled
ce5faa6 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
TylerGillson added a commit to validator-labs/validator-plugin-vsphere that referenced this pull request Sep 10, 2024
@TylerGillson
feat!: support additional vCenter entities for privilege rules (#362)
abe3a94 
## Issue
N/A

## Description
- Extend privilege rules to support datastores, the vCenter root object,
and all network types.
- Add `GroupPrincipals` and `Propagated` to the privilege rule spec.
- `GroupPrincipals` are used to identify permissions that grant
privileges to a user on a specific entity. They're required because
non-admin users cannot query the vCenter API to determine their own
group membership.
- `Propagated` is a new flag that further qualifies the assignment of
privileges to a user on a specific entity.
- Clean up some lingering Spectro-internal logic that was filtering
Datacenters and Clusters based on kubernetes tags.

Related:
- validator-labs/validatorctl#217

---------

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
chore: make reviewable
982560b 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
ci: fix update-versions.sh; make reviewable
4f3778b 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson
fix: bump vSphere plugin & address API changes; fix int. tests
8b506c2 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
TylerGillson
TylerGillson commented Sep 11, 2024
View reviewed changes
@codecov
Copy link

codecov bot commented Sep 11, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 46.32035% with 124 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
pkg/services/validator/vmware.go 38.01% 85 Missing and 21 partials ⚠️
pkg/services/validator/aws.go 18.18% 5 Missing and 4 partials ⚠️
pkg/services/clouds/aws_service.go 62.50% 3 Missing ⚠️
pkg/services/clouds/vmware_service.go 62.50% 2 Missing and 1 partial ⚠️
pkg/components/validator.go 66.66% 0 Missing and 2 partials ⚠️
...tegration/validatorctl/testcases/test_validator.go 95.65% 0 Missing and 1 partial ⚠️ 
@@            Coverage Diff             @@
##             main     #217      +/-   ##
==========================================
- Coverage   53.43%   53.30%   -0.13%     
==========================================
  Files          46       46              
  Lines        6367     6339      -28     
==========================================
- Hits         3402     3379      -23     
- Misses       2105     2114       +9     
+ Partials      860      846      -14
Files with missing lines Coverage Δ
pkg/cmd/validator/validator.go 60.07% <100.00%> (ø)
pkg/config/constants.go 100.00% <ø> (ø)
pkg/services/validator/rule_names.go 42.85% <ø> (ø)
tests/integration/validatorctl/executor.go 100.00% <ø> (ø)
tests/utils/file/directory.go 71.42% <100.00%> (ø)
...tegration/validatorctl/testcases/test_validator.go 93.35% <95.65%> (ø)
pkg/components/validator.go 56.44% <66.66%> (ø)
pkg/services/clouds/aws_service.go 60.49% <62.50%> (-1.16%) ⬇️
pkg/services/clouds/vmware_service.go 44.64% <62.50%> (ø)
pkg/services/validator/aws.go 50.22% <18.18%> (+<0.01%) ⬆️
... and 1 more

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c4ac163...8b506c2. Read the comment docs.

ahmad-ibra
ahmad-ibra reviewed Sep 11, 2024
View reviewed changes
ahmad-ibra
ahmad-ibra reviewed Sep 11, 2024
View reviewed changes
ahmad-ibra
ahmad-ibra approved these changes Sep 11, 2024
View reviewed changes
Copy link
Member

@ahmad-ibra ahmad-ibra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a question which may result in changes, but everything looks good to me

@TylerGillson TylerGillson merged commit b0976db into main Sep 11, 2024
@TylerGillson TylerGillson deleted the refactor/remove-role-privilege-rules branch September 11, 2024 16:38
@TylerGillson TylerGillson mentioned this pull request Sep 9, 2024
Merged
TylerGillson added a commit that referenced this pull request Sep 11, 2024
@TylerGillson
chore(main): release 0.2.0 (#213)
180f0e3 
🤖 I have created a release *beep* *boop*
---


##
[0.2.0](v0.1.4...v0.2.0)
(2024-09-11)


### ⚠ BREAKING CHANGES

* remove role privilege rules
([#217](#217))

### Features

* add --custom-resources flag to validator rules check as an alternate
to -f
([#218](#218))
([4aa14b6](4aa14b6))


### Bug Fixes

* add missing Host.Config.Storage privilege & document
([#212](#212))
([c7408a6](c7408a6))


### Docs

* remove subcommand docs from repo
([#205](#205))
([57ca6cb](57ca6cb))


### Dependency Updates

* **deps:** update golang.org/x/exp digest to e7e105d
([#214](#214))
([c4ac163](c4ac163))


### Refactoring

* remove role privilege rules
([#217](#217))
([b0976db](b0976db))
* update `executePlugins` function to operate on a slice of
`PluginSpec`'s
([#206](#206))
([97875f3](97875f3))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahmad-ibra ahmad-ibra ahmad-ibra approved these changes

Assignees

No one assigned

Labels

lgtm This PR has been approved by a maintainer refactoring Refactoring / tech debt size:XXL This PR changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TylerGillson @ahmad-ibra