Added permission check - is tenant to update SSM parameters API #1714
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,6 +9,8 @@ | |
| from dataall.core.permissions.services.permission_service import PermissionService | ||
| from dataall.core.permissions.db.tenant.tenant_models import Tenant | ||
| from dataall.base.services.service_provider_factory import ServiceProviderFactory | ||
| from dataall.base.aws.sts import SessionHelper | ||
| from dataall.base.aws.parameter_store import ParameterStoreManager | ||
| import logging | ||
| import os | ||
| from functools import wraps | ||
|
|
@@ -121,6 +123,26 @@ def validate_permissions(session, tenant_name, g_permissions, group): | |
| return tenant_group_permissions | ||
|
|
||
|
|
||
| class TenantActionsService: | ||
| @staticmethod | ||
| def update_monitoring_ssm_parameter(name, value): | ||
| # raises UnauthorizedOperation exception, if there is no admin access | ||
| context = get_context() | ||
| TenantPolicyValidationService.validate_admin_access( | ||
| context.username, context.groups, 'UPDATE_SSM_PARAMETER_MONITORING' | ||
| ) | ||
|
|
||
| current_account = SessionHelper.get_account() | ||
| region = os.getenv('AWS_REGION', 'eu-west-1') | ||
| response = ParameterStoreManager.update_parameter( | ||
| AwsAccountId=current_account, | ||
| region=region, | ||
| parameter_name=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/{name}', | ||
| parameter_value=value, | ||
| ) | ||
|
Comment on lines
+137
to
+142
There was a problem hiding this comment. I know this is carry over from resolver code - but this does not work... All of the following use ParameterStore and try to assume into pivotRole in infra account to get SSM (pivot role DNE in infra account) Will approve this PR but leave this comment in https://github.com/data-dot-all/dataall/pull/1712/files where I think more focus is on QuickSight Monitoring View |
||
| return response | ||
|
|
||
|
|
||
| class TenantPolicyService: | ||
| TENANT_NAME = 'dataall' | ||
|
|
||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are we keeping this API or removing this along with other Admin Dashboard ones?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see what you did in https://github.com/data-dot-all/dataall/pull/1712/files