fix: updated rbac for devtron apps/helm pipeline #3227
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kripanshdevtron
approved these changes
Apr 3, 2023
|
Kudos, SonarCloud Quality Gate passed!
|
gireesh-naidu
pushed a commit
that referenced
this pull request
Jun 16, 2023
* handled nil pointer in imagePullSecret service when asserting k8s error type (#3208) * fix: rbac optimisation for creation of policies for devtron app, helm app and cluster (#2948) * change1 * "RBAC Refactoring and Policy Creation Optimisation" * "Removing ClusterType" * "ReFactoring the changes" * removed redundant method * "Changes After Reviews" * "Changes After Reviews 2" * "Changes After Reviews 3" * "Changes After Reviews 4" * "Changes After Reviews 5" * "Changes After Reviews 6" * "Changes After Reviews 6" * "Changes based on entity" * Code Cleaning * Code change 8 * Code change 9 * Code change 9 * Code change 10 * Code change 11 * Code change 12 * Code change 13 * fixed transaction error for creating roles * refactoring - 1 * refactoring * Changes after Resolving conflicts * Changes after Resolving conflicts 2 * Changes after Resolving conflicts 3 * Changes after Resolving access_type to accessType and queries * Final changes * Rbac-Optimimisation Change * Rbac-Optimimisation Final Change * refactoring * Fixing Legacy Bug * Fixing Visiblity issues all pods * Merge with main * Intialisation with capacity and adding logs * Intialisation with capacity and adding logs * Refactoring the changes * Adding logs * Adding logs 1 * Updating the audit logs for create Role * Handling from code instead of script * Merge Main * Deleting Commented Code and adding role group view * Fixing issues caught in Dev-Testing * Removing script queries * Fixing Issues of entity empty * Dev-Testing Changes * Final Changes * Reducing duplication * Reducing duplication * Adding audit logs for superAdmin for user role mappings * Visibility of permissions * Visibility of permissions for devtron-apps * Fixing Legacy issue for deleting roleGroup permissions * deleting group and role mapping from casbin * updated sql script no. --------- Co-authored-by: kartik-579 <kartik@devtron.ai> * fix: user/role group sql lock fix (#3206) * change1 * "RBAC Refactoring and Policy Creation Optimisation" * "Removing ClusterType" * "ReFactoring the changes" * removed redundant method * "Changes After Reviews" * "Changes After Reviews 2" * "Changes After Reviews 3" * "Changes After Reviews 4" * "Changes After Reviews 5" * "Changes After Reviews 6" * "Changes After Reviews 6" * "Changes based on entity" * Code Cleaning * Code change 8 * Code change 9 * Code change 9 * Code change 10 * Code change 11 * Code change 12 * Code change 13 * fixed transaction error for creating roles * refactoring - 1 * refactoring * Changes after Resolving conflicts * Changes after Resolving conflicts 2 * Changes after Resolving conflicts 3 * Changes after Resolving access_type to accessType and queries * Final changes * Rbac-Optimimisation Change * Rbac-Optimimisation Final Change * refactoring * Fixing Legacy Bug * Fixing Visiblity issues all pods * Merge with main * Intialisation with capacity and adding logs * Intialisation with capacity and adding logs * Refactoring the changes * Adding logs * Adding logs 1 * Updating the audit logs for create Role * Handling from code instead of script * Merge Main * Deleting Commented Code and adding role group view * Fixing issues caught in Dev-Testing * Removing script queries * Fixing Issues of entity empty * Dev-Testing Changes * Final Changes * Reducing duplication * Reducing duplication * Adding audit logs for superAdmin for user role mappings * Visibility of permissions * Visibility of permissions for devtron-apps * Fixing Legacy issue for deleting roleGroup permissions * deleting group and role mapping from casbin * fix deadlock condition for user/role group update * updated sql script no. --------- Co-authored-by: shivam-nagar23 <shivam@devtron.ai> * fix: label key can be saved without value if saved without propagation (#3190) * fix: length of key increased in global tag * fix: not validating label value required tag as tags can be supplied without value if saved without propagation * sql file renamed * Fix: App grouping optimisation on ci pipelines (#3219) * optimize ci pipeline grouping * fix * fix * optimized ci pipelines fetch for app grouping - removed scripts and parent app id * added observability for ci pipeline in app grouping * fixed query for getting workflow runner by appId and envId, re-added ci trigger metrics (#3222) * fix: updated rbac for devtron apps/helm pipeline (#3227) * commented wrong rbac for devtron apps - helm pipeline * updated comments: * remove redundant files --------- Co-authored-by: Shivam-nagar23 <124123645+Shivam-nagar23@users.noreply.github.com> Co-authored-by: shivam-nagar23 <shivam@devtron.ai> Co-authored-by: Manish Agrawal <85211469+manish-agrawal-ai@users.noreply.github.com> Co-authored-by: Vikram <73224103+vikramdevtron@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Rbac for getting k8s resource, listing events and getting pod logs was checking rbac on helm apps which was making the request unauthorized even when the user have permissions.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
Checklist:
Does this PR introduce a user-facing change?