MG-1955 - Bootstrap service is not synced to the latest changes of access control #2199
+1,613
−962
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JeffMboya
changed the title
JeffMboya
force-pushed
the
MG-1955
branch
2 times, most recently
from
955c48b
to
36871a7
Compare
rodneyosodo
requested changes
Apr 30, 2024
JeffMboya
force-pushed
the
MG-1955
branch
3 times, most recently
from
a419da6
to
1fbba5b
Compare
JeffMboya
force-pushed
the
MG-1955
branch
2 times, most recently
from
1c41e02
to
d51ce36
Compare
rodneyosodo
requested changes
May 8, 2024
JeffMboya
force-pushed
the
MG-1955
branch
5 times, most recently
from
26959ac
to
2080e0a
Compare
JeffMboya
force-pushed
the
MG-1955
branch
2 times, most recently
from
c43e6eb
to
87c7b95
Compare
arvindh123
requested changes
May 20, 2024
bootstrap/service.go
Outdated
Comment on lines
141
to
145
| for _, channel := range cfg.Channels { | ||
| if channel.ID == "" || channel.ID == "invalid" { | ||
| return Config{}, svcerr.ErrMalformedEntity | ||
| } | ||
| } |
There was a problem hiding this comment.
This can be moved to API layer
bootstrap/service.go
Outdated
| return Config{}, errors.Wrap(svcerr.ErrViewEntity, err) | ||
| } | ||
|
|
||
| if thing.DomainID != user.GetDomainId() { |
There was a problem hiding this comment.
How this case will be possible?
Is there way to add to a thing which is not belongs same domain of user?
bootstrap/service.go
Outdated
| if err != nil { | ||
| return errors.Wrap(svcerr.ErrAuthentication, err) | ||
| } | ||
| _, err = bs.authorize(ctx, "", auth.UserType, auth.UsersKind, user.GetId(), auth.EditPermission, auth.DomainType, user.GetDomainId()) |
There was a problem hiding this comment.
@JeffMboya Why we are checking the user have edit access to Domain ?
rodneyosodo
requested changes
May 21, 2024
JeffMboya
force-pushed
the
MG-1955
branch
3 times, most recently
from
cf44a0a
to
7fb4b09
Compare
rodneyosodo
requested changes
May 23, 2024
bootstrap/service.go
Outdated
| if err != nil { | ||
| return Config{}, errors.Wrap(svcerr.ErrAuthentication, err) | ||
| } | ||
| cfg, err := bs.configs.RetrieveByID(ctx, owner, id) | ||
|
|
||
| // Retrieve the bootstrap configuration. |
There was a problem hiding this comment.
Same as things service we need to authorize the users has ViewPermission to the thing if the boostrap config has thingID
There was a problem hiding this comment.
This also applies to update operations EditPermission
JeffMboya
force-pushed
the
MG-1955
branch
5 times, most recently
from
e08a890
to
3a810ae
Compare
Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add authorization to identify method Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add authorize method Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add authorize method Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add authorize method Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add policies Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Remove policies Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorizaton Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: add error return value to identify function Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: add error return value to identify function Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace domain_id with domainID Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace domain_id with domainID Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace domain_id with domainID Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace 'Owner' with 'DomainID' Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace 'Owner' with 'DomainID' Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix (configs.go): remove unused context Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Feature: add configs with same name in different domains Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Feature: add configs with same name in different domains Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: failing test dues to renaming Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: rename domainid to domain_id Signed-off-by: JeffMboya <jangina.mboya@gmail.com> fix: handle malformed channel in addEndpoint Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: update authorization method parameters Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: failing tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: failing tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: failing tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add testsutil package for generating UUIDs in tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add empty channel tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add valid request Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove comment Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization to view method Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, and UpdateConnections methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
rodneyosodo
requested changes
May 27, 2024
bootstrap/service.go
Outdated
| if err != nil { | ||
| return errors.Wrap(svcerr.ErrAuthentication, err) | ||
| } | ||
|
|
||
| cfg.Owner = owner | ||
| cfg.DomainID = user.GetDomainId() | ||
| _, err = bs.authorize(ctx, "", auth.TokenKind, token, auth.EditPermission, auth.DomainType, cfg.DomainID) |
There was a problem hiding this comment.
Since we have userID from identify we can user usersKind and userID
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
… and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
… and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
rodneyosodo
requested changes
May 28, 2024
| @@ -36,6 +36,16 @@ func (req addReq) validate() error { | |||
| return apiutil.ErrBearerKey | |||
| } | |||
|
|
|||
| if len(req.Channels) == 0 { | |||
| return apiutil.ErrMissingID | |||
There was a problem hiding this comment.
Suggested change
| return apiutil.ErrMissingID | |
| return apiutil.ErrEmptyList |
| if err != nil { | ||
| return Config{}, errors.Wrap(svcerr.ErrAuthentication, err) | ||
| } | ||
| cfg, err := bs.configs.RetrieveByID(ctx, owner, id) | ||
| _, err = bs.authorize(ctx, user.GetDomainId(), auth.UsersKind, user.GetId(), auth.ViewPermission, auth.ThingType, id) |
There was a problem hiding this comment.
We should authorize if the bootstrap has a thingID
| if err != nil { | ||
| return Config{}, errors.Wrap(svcerr.ErrAuthentication, err) | ||
| } | ||
| cfg, err := bs.configs.UpdateCert(ctx, owner, thingID, clientCert, clientKey, caCert) | ||
| _, err = bs.authorize(ctx, user.GetDomainId(), auth.UsersKind, user.GetId(), auth.EditPermission, auth.ThingType, thingID) |
bootstrap/service.go
Outdated
|
|
||
| j := 0 | ||
| for _, config := range configsPage.Configs { | ||
| _, err := bs.authorize(ctx, user.GetDomainId(), auth.UsersKind, user.GetId(), auth.ViewPermission, auth.ThingType, config.ThingID) |
There was a problem hiding this comment.
This doesn't seem good since we will make n calls to auth depending on the list of configs. You can check something like this #2168. So if they aren't domain admins they get basic information. @arvindh123 what do you think?
There was a problem hiding this comment.
Yes, This should be like, first we need to get all thingIDs from spiceDB for user and then pass the thingIDs to config repo to retrieve the bootstrap config
arvindh123
requested changes
May 29, 2024
bootstrap/service.go
Outdated
|
|
||
| j := 0 | ||
| for _, config := range configsPage.Configs { | ||
| _, err := bs.authorize(ctx, user.GetDomainId(), auth.UsersKind, user.GetId(), auth.ViewPermission, auth.ThingType, config.ThingID) |
There was a problem hiding this comment.
Yes, This should be like, first we need to get all thingIDs from spiceDB for user and then pass the thingIDs to config repo to retrieve the bootstrap config
…meter Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
This PR is a bug fix.
What does this do?
This PR ensures that users can only view bootstrap configurations of the things within their current domain. It also allows domain members with appropriate permissions to view configurations for things within the domain, regardless of who created the configuration.
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Yes, tests have been included in this PR.
Did you document any new/modified feature?
No new features were documented in this PR.