[CORE-211] Convert disk operations to new Sam permissions model #4822
Conversation
| samResourceId: SamResourceId, | ||
| action: RuntimeAction, | ||
| userEmail: Option[WorkbenchEmail] = None | ||
| object SamUtils { |
There was a problem hiding this comment.
I tried out switching this over to an object instead of a trait to reuse the code in the RuntimeServiceInterp object and found that I slightly prefer it to the trait, but I'm curious to hear what others think! The switchover is in the last commit if you'd like to compare
There was a problem hiding this comment.
I like it better too, it makes the code more readable IMO
marctalbott
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #4822 +/- ##
===========================================
- Coverage 74.62% 74.62% -0.01%
===========================================
Files 166 166
Lines 14692 14632 -60
Branches 1135 1170 +35
===========================================
- Hits 10964 10919 -45
+ Misses 3728 3713 -15
Continue to review full report in Codecov by Sentry.
|
| ) | ||
| _ <- F.raiseWhen(!hasProjectPermission.getOrElse(true))(ForbiddenError(userInfo.userEmail, Some(ctx.traceId))) | ||
|
|
||
| samDiskIds <- samService.listResources(userInfo.accessToken.token, SamResourceType.PersistentDisk) |
There was a problem hiding this comment.
Nice, so the new behavior is that is a user does not have permission (either on the project or list disk action), sam will return an empty list of IDs, and we won't be leaking any info to the user?
There was a problem hiding this comment.
Pretty much -- Sam will return all of the disks that the user has access to and then the query will filter out any disks that are in a different project if cloudContext is defined. Sam doesn't do an explicit permissions check on the project, but it will only return disks that the user has permission to see.
| paramMap <- F.fromEither(processListParameters(params)) | ||
| creatorOnly <- F.fromEither(processCreatorOnlyParameter(userInfo.userEmail, params, ctx.traceId)) | ||
| disks <- DiskServiceDbQueries.listDisks(paramMap._1, paramMap._2, creatorOnly, cloudContext).transaction |
There was a problem hiding this comment.
This is so nice to see this code being deleted, thank you!
| @@ -689,12 +720,22 @@ class DiskServiceInterpTest | |||
| .save() | |||
| diskSamResource3 <- IO(PersistentDiskSamResourceId(UUID.randomUUID.toString)) | |||
| disk3 <- makePersistentDisk(Some(DiskName("d3")), cloudContextOpt = Some(cloudContextGcp)) | |||
| .copy(samResource = diskSamResource1) | |||
| .copy(samResource = diskSamResource3) | |||
There was a problem hiding this comment.
Ouch, good catch, thanks!
| @@ -1126,6 +1110,32 @@ object RuntimeServiceInterp { | |||
| } | |||
| } yield disk | |||
|
|
|||
| private def checkAttachAction[F[_]](userInfo: UserInfo, | |||
There was a problem hiding this comment.
Nit, would it make sense to move this with the other checkAction function in SamUtils? Might not be in the scope for this PR, but disks can also be attached to apps and so it could make sense to move this logic out of the RuntimeServiceInterp file
| @@ -935,7 +949,14 @@ object RuntimeServiceInterp { | |||
| disk <- diskOpt match { | |||
| case Some(pd) => | |||
| for { | |||
| _ <- checkAttachAction(userInfo, samService, pd, cloudContext, req.name, ctx.traceId) | |||
| _ <- SamUtils.checkDiskAction(samService, | |||
There was a problem hiding this comment.
Nice, ignore my last comment then (I was reviewing commit by commit and did not see it yet sorry!
| samResourceId: SamResourceId, | ||
| action: RuntimeAction, | ||
| userEmail: Option[WorkbenchEmail] = None | ||
| object SamUtils { |
There was a problem hiding this comment.
I like it better too, it makes the code more readable IMO
Jira ticket: https://broadworkbench.atlassian.net/browse/CORE-211
Summary of changes
This PR may be easiest to review by stepping through the commits in order. Each commit contains a single operation authz conversion.
What
Why
Testing these changes
What to test
Who tested and where
jenkins retestorjenkins multi-test.