Ensure that oauth root client can perform all API actions #1852
Comments
|
Thanks for writing this up @adamsachs - this is a footgun that'll sneak up on us in other places too, so I'd like to understand how difficult this would be to tackle |
|
wanted to bump this for prioritization as it's come up multiple times in the wild, most recently for @nicolas-ethyca on a presales effort. specifically - updating policies and rules is table-stakes functionality for our app, we currently tend to use the oauth root user for most of our setup, and the workaround is pretty cumbersome. so this has a pretty big impact. |
35 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a specific problem?
While the root oauth client is technically able to invoke all API endpoints, there are some db constraints/oddities that prevent the client from effectively being able to perform the API actions. The root client should be able to effectively use all of our APIs.
One notable instance of this is that the root client is unable to update the default DSR access policy (or any policy?) rule, i.e. using the
PATCH /api/v1/dsr/poilcy/default_accesss_policy/ruleendpoint. In this case, a 500 is returned with this underlying exception:ForeignKeyViolation('insert or update on table "rule" violates foreign key constraint "rule_client_id_fkey"\nDETAIL: Key (client_id)=(fidesadmin) is not present in table "client".\n')#1698 was another instance of the problem that has already been resolved.
There may be (likely are) more instances of this problem, so we should try to identify and fix them all.
Describe the solution you'd like
Describe alternatives you've considered, if any
Additional context
The text was updated successfully, but these errors were encountered: