Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Adds utils for access checks #3724

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

WIP: Adds utils for access checks #3724

wants to merge 9 commits into from

Conversation

andrewballantyne
Copy link
Member

@andrewballantyne andrewballantyne commented Feb 4, 2025
edited
Loading

https://issues.redhat.com/browse/RHOAIENG-18732

Description

Adds support for SelfSubjectAccessReviews (SSAR) on resources for admins to help with more granular flows/permissions out of the "admin".

Applies this logic to the Hardware Profiles screen.

Examples of granular permissions:
Screenshot 2025-01-28 at 10 55 06 AM
Screenshot 2025-01-28 at 10 56 11 AM

How Has This Been Tested?

There is a readme in the code that helps with setup for RBAC values on cluster.

Tested around using cluster-admin and impersonating another user with granted permissions.

Test Impact

??

Request review criteria:

Self checklist (all need to be checked):

  • The developer has manually tested the changes and verified that the changes work
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has added tests or explained why testing cannot be added (unit or cypress tests for related changes)

If you have UI changes:

  • Included any necessary screenshots or gifs if it was a UI change.
  • Included tags to the UX team if it was a UI/UX change.

After the PR is posted & before it merges:

  • The developer has tested their solution on a cluster by using the image produced by the PR to main

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Feb 4, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from andrewballantyne. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@andrewballantyne andrewballantyne changed the title Adds utils for access checks WIP: Adds utils for access checks Feb 4, 2025
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress This PR is in WIP state label Feb 4, 2025
@andrewballantyne andrewballantyne requested review from Gkrumbach07 and Griffin-Sullivan and removed request for alexcreasy and DaoDaoNoCode February 4, 2025 21:32
andrewballantyne
andrewballantyne commented Feb 4, 2025
View reviewed changes
Copy link
Member Author

@andrewballantyne andrewballantyne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some WIP thoughts...

frontend/src/api/useAccessReview.ts Show resolved Hide resolved
frontend/src/app/AppRoutes.tsx Show resolved Hide resolved
frontend/src/concepts/userSSAR/useAccessAllowed.ts Show resolved Hide resolved
Gkrumbach07
Gkrumbach07 reviewed Feb 4, 2025
View reviewed changes
Copy link
Member

@Gkrumbach07 Gkrumbach07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, just a few things

Gkrumbach07
Gkrumbach07 reviewed Feb 5, 2025
View reviewed changes
Copy link
Member

@Gkrumbach07 Gkrumbach07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

i will wait for you to resolve griffins comments before we push it through. im fine with adding tests in a later jira

@openshift-ci openshift-ci bot added lgtm and removed lgtm labels Feb 5, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Feb 6, 2025

New changes are detected. LGTM label has been removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Griffin-Sullivan Griffin-Sullivan Awaiting requested review from Griffin-Sullivan

@Gkrumbach07 Gkrumbach07 Awaiting requested review from Gkrumbach07

Assignees

@Gkrumbach07 Gkrumbach07

Labels
do-not-merge/work-in-progress This PR is in WIP state
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewballantyne @Gkrumbach07 @Griffin-Sullivan