Skip to content

Commit

Permalink
Abdul/infra editor actions (#6508)
Browse files Browse the repository at this point in the history 
* editor actions added

Signed-off-by: Abdul-Az <aazeez@progress.com>

* infra_editor test cases

Signed-off-by: Abdul-Az <aazeez@progress.com>

* test cases fix

Signed-off-by: Abdul-Az <aazeez@progress.com>

* infra editor actions update

Signed-off-by: Abdul-Az <aazeez@progress.com>

* editor role fix

Signed-off-by: Abdul-Az <aazeez@progress.com>

* test cases fix

Signed-off-by: Abdul-Az <aazeez@progress.com>
  • Loading branch information
@iamazzeez @kalroy
iamazzeez authored and kalroy committed Apr 28, 2022
1 parent 20690f5 commit 5e7d75b
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 10 deletions.
12 changes: 10 additions & 2 deletions components/authz-service/storage/postgres/migration/sql/79_infra_editor_update.up.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,16 @@ UPDATE iam_roles
actions = '{
infra:*:list,
infra:*:get,
infra:*:create,
infra:*:update,
infra:infraServersOrgsRoles:create,
infra:infraServersOrgsRoles:update,
infra:infraServersOrgsClient:create,
infra:infraServersOrgsClient:update,
infra:infraServersOrgsDataBags:create,
infra:infraServersOrgsDataBagsItem:create,
infra:infraServersOrgsDataBagsItem:update,
infra:infraServersOrgsEnvironments:create,
infra:infraServersOrgsEnvironments:update,
infra:infraServersOrgsNodes:update,
compliance:*,
event:*,
ingest:*,
Expand Down
6 changes: 5 additions & 1 deletion components/authz-service/storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ func DefaultPolicies() ([]Policy, error) {
return nil, err
}

// editor policy statements
// editor allow policy statements
s3, err := NewStatement(Allow, constants.EditorRoleID, []string{}, []string{"*"}, []string{})
if err != nil {
return nil, err
Expand All @@ -110,6 +110,10 @@ func DefaultPolicies() ([]Policy, error) {
return nil, err
}

if err != nil {
return nil, err
}

typeManaged, err := NewType("chef-managed")
if err != nil {
return nil, err
Expand Down
74 changes: 67 additions & 7 deletions e2e/cypress/integration/api/iam/infra_editor_actions.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,16 @@ describe('Infra Editor Policy', () => {
actions: [
'infra:*:list',
'infra:*:get',
'infra:*:create',
'infra:*:update',
'infra:infraServersOrgsRoles:create',
'infra:infraServersOrgsRoles:update',
'infra:infraServersOrgsClient:create',
'infra:infraServersOrgsClient:update',
'infra:infraServersOrgsDataBags:create',
'infra:infraServersOrgsDataBagsItem:create',
'infra:infraServersOrgsDataBagsItem:update',
'infra:infraServersOrgsEnvironments:create',
'infra:infraServersOrgsEnvironments:update',
'infra:infraServersOrgsNodes:update',
'compliance:*',
'event:*',
'ingest:*',
Expand All @@ -32,7 +40,8 @@ describe('Infra Editor Policy', () => {
'applications:*'
],
projects: ['*']
}]
}
]
};


Expand All @@ -47,8 +56,16 @@ describe('Infra Editor Policy', () => {
actions: [
'infra:*:list',
'infra:*:get',
'infra:*:create',
'infra:*:update',
'infra:infraServersOrgsRoles:create',
'infra:infraServersOrgsRoles:update',
'infra:infraServersOrgsClient:create',
'infra:infraServersOrgsClient:update',
'infra:infraServersOrgsDataBags:create',
'infra:infraServersOrgsDataBagsItem:create',
'infra:infraServersOrgsDataBagsItem:update',
'infra:infraServersOrgsEnvironments:create',
'infra:infraServersOrgsEnvironments:update',
'infra:infraServersOrgsNodes:update',
'compliance:*',
'event:*',
'ingest:*',
Expand All @@ -59,7 +76,8 @@ describe('Infra Editor Policy', () => {
'applications:*'
],
projects: ['*']
}]
}
]
};

before(() => {
Expand Down Expand Up @@ -180,4 +198,46 @@ describe('Infra Editor Policy', () => {
assert.equal(resp.status, 403);
});
});
});

it('create infra server post returns 403 when infraServers create actions is denied', () => {
cy.request({
headers: { 'api-token': withInfraEditorActionToken },
method: 'POST',
url: '/api/v0/infra/servers',
body: {
fqdn: 'a2-dev.test',
id: `${cypressPrefix}-test-${Cypress.moment().format('MMDDYYhhmm')}`,
ip_address: '127.0.0.1',
name: 'test4'
},
failOnStatusCode: false
}).then((resp) => {
assert.equal(resp.status, 403);
});
});

it('infra server orgs post returns 403 when infraServers orgs create actions is denied', () => {
const serverID = `chef-server-dev-test-${Cypress.moment().format('MMDDYYhhmm')}`;
const orgID = `chef-org-dev-${Cypress.moment().format('MMDDYYhhmm')}`;
const orgName = '4thcoffee';
const adminUser = 'chefadmin';
// using dummy admin key value for creating the org
const adminKey = 'Dummy--admin--key';
cy.request({
headers: { 'api-token': withInfraEditorActionToken,
'content-type': 'application/json+lax' },
method: 'POST',
body: {
id: `${orgID}-test-1`,
server_id: serverID,
name: orgName,
admin_user: adminUser,
admin_key: adminKey
},
failOnStatusCode: false,
url: `/api/v0/infra/servers/${serverID}/orgs`
}).then((resp) => {
assert.equal(resp.status, 403);
});
})
});

0 comments on commit 5e7d75b

Please sign in to comment.